HP ProCurve - Management and Configuration Guide W.14.03

Management and
Configuration Guide
ProCurve Switches
W.14.03
2910al
www.procurve.com
HPProCurve2910alSwitch
February 2009
W.14.03
ManagementandConfiguration
Guide
Copyright2009Hewlett-PackardDevelopmentCompany,
L.P.Theinformationcontainedhereinissubjecttochangewith-
outnotice.AllRightsReserved.
Thisdocumentcontainsproprietaryinformation,whichis
protectedbycopyright.Nopartofthisdocumentmaybe
photocopied,reproduced,ortranslatedintoanother
languagewithoutthepriorwrittenconsentofHewlett-
Packard.
PublicationNumber
5992-5437
February2009
ApplicableProducts
HPProCurve2910al-24GSwitch J9145A
HPProCurve2910al-48GSwitch J9147A
HPProCurve2910al-24G-PoE+Switch J9146A
HPProCurve2910al-48G-PoE+Switch J9148A
HPProCurve2-Port10-GbESFP+alModule J9008A
HPProCurve2-Port10-GbECX4alModule J9149A
HPProCurve10-GbEalInterconnectKit J9165A
TrademarkCredits
Microsoft,Windows,andMicrosoftWindowsNTareUS
registeredtrademarksofMicrosoftCorporation.Javaisa
UStrademarkofSunMicrosystems,Inc.
Disclaimer
Theinformationcontainedinthisdocumentissubjectto
changewithoutnotice.
HEWLETT-PACKARDCOMPANYMAKESNOWARRANTY
OFANYKINDWITHREGARDTOTHISMATERIAL,
INCLUDING,BUTNOTLIMITEDTO,THEIMPLIED
WARRANTIESOFMERCHANTABILITYANDFITNESS
FORAPARTICULARPURPOSE.Hewlett-Packardshallnot
beliableforerrorscontainedhereinorforincidentalor
consequentialdamagesinconnectionwiththefurnishing,
performance,oruseofthismaterial.
TheonlywarrantiesforHPproductsandservicesareset
forthintheexpresswarrantystatementsaccompanying
suchproductsandservices.Nothinghereinshouldbe
construedasconstitutinganadditionalwarranty.HPshall
notbeliablefortechnicaloreditorialerrorsoromissions
containedherein.
Hewlett-Packardassumesnoresponsibilityfortheuseor
reliabilityofitssoftwareonequipmentthatisnotfurnished
byHewlett-Packard.
Warranty
SeetheCustomerSupport/Warrantybookletincludedwith
theproduct.
Acopyofthespecificwarrantytermsapplicabletoyour
Hewlett-Packardproductsandreplacementpartscanbe
obtainedfromyourHPSalesandServiceOfficeor
authorizeddealer.
Hewlett-PackardCompany
8000FoothillsBoulevard,m/s5551
Roseville,California95747-5551
http://www.procurve.com
Contents
ProductDocumentation
AboutYourSwitchManualSet............................ xxi
PrintedPublications..........................................xxi
ElectronicPublications .......................................xxi
SoftwareFeatureIndex..................................xxii
1 GettingStarted
Contents...................................................... 1-1
Introduction .................................................. 1-2
Conventions .................................................. 1-2
ConfigurationandOperationExamples......................... 1-2
ProtocolAcronyms .......................................... 1-2
CommandSyntaxandDisplayedInformation.................... 1-2
CommandSyntaxStatements ............................. 1-2
CommandPrompts ...................................... 1-3
ScreenSimulations ...................................... 1-3
Keys ................................................... 1-4
SourcesforMoreInformation ................................. 1-4
Getting DocumentationFromtheWeb ......................... 1-6
OnlineHelp ................................................ 1-6
MenuInterface .......................................... 1-6
CommandLineInterface.................................. 1-7
WebBrowserInterface................................... 1-7
NeedOnlyaQuickStart? ...................................... 1-8
IPAddressing ............................................... 1-8
ToSetUpandInstalltheSwitchinYourNetwork............... 1-8
PhysicalInstallation ... ... ................................... 1-8
iii
2 SelectingaManagementInterface
Contents...................................................... 2-1
AdvantagesofUsingProCurveManager
CustomLoginBannersfortheConsoleand
Overview ..................................................... 2-2
UnderstandingManagementInterfaces ......................... 2-2
AdvantagesofUsingtheMenuInterface........................ 2-3
AdvantagesofUsingtheCLI ................................... 2-4
GeneralBenefits......................................... 2-4
InformationonUsingtheCLI .............................. 2-4
AdvantagesofUsingtheWebBrowserInterface ................ 2-5
orProCurveManagerPlus ..................................... 2-6
WebBrowserInterfaces ...................................... 2-7
BannerOperationwithTelnet,Serial,orSSHv2Access........ 2-8
BannerOperationwith WebBrowserAccess ................ 2-8
ConfiguringandDisplayingaNon-DefaultBanner ............ 2-8
ExampleofConfiguringandDisplayingaBanner............. 2-9
OperatingNotes ........................................ 2-11
3 UsingtheMenuInterface
Contents...................................................... 3-1
Overview ..................................................... 3-2
StartingandEndingaMenuSession ........................... 3-3
HowToStartaMenuInterfaceSession .... ..................... 3-4
HowToEndaMenuSessionandExitfromtheConsole: .......... 3-5
MainMenuFeatures .......................................... 3-7
ScreenStructureandNavigation............................... 3-9
RebootingtheSwitch......................................... 3-12
MenuFeaturesList........................................... 3-14
WhereToGoFromHere ...................................... 3-15
iv
4 UsingtheCommandLineInterface(CLI)
Contents...................................................... 4-1
Overview ..................................................... 4-2
AccessingtheCLI ............................................. 4-2
UsingtheCLI ................................................. 4-2
PrivilegeLevelsatLogon ..................................... 4-3
PrivilegeLevelOperation ..................................... 4-4
OperatorPrivileges ...................................... 4-4
ManagerPrivileges....................................... 4-5
HowToMoveBetweenLevels ................................ 4-7
ListingCommandsandCommandOptions ...................... 4-8
ListingCommandsAvailableatAnyPrivilegeLevel ........... 4-8
ListingCommandOptions ............................... 4-10
DisplayingCLIHelp ....................................... 4-11
ConfigurationCommandsandtheContextConfigurationModes .. 4-13
CLIControlandEditing ...................................... 4-16
ExecutingaPriorCommandRedo .......................... 4-16
RepeatingExecutionofaCommand .......................... 4-16
CLIEditingShortcuts ........................................ 4-18
5 UsingtheProCurveWebBrowserInterface
Contents...................................................... 5-1
StartingaWebBrowser
UsingProCurveManager(PCM)or
Security:CreatingUsernamesandPasswords
Overview ..................................................... 5-3
GeneralFeatures.............................................. 5-4
InterfaceSessionwiththeSwitch .............................. 5-5
UsingaStandaloneWebBrowserinaPCorUNIXWorkstation .... 5-5
ProCurveManagerPlus(PCM+) ............................... 5-6
TasksforYourFirstProCurveWebBrowserInterfaceSession .. 5-8
ViewingtheFirstTime Install Window ........................ 5-8
intheBrowserInterface...................................... 5-9
v
6
EnteringaUserNameandPassword ...................... 5-11
UsingaUserName...................................... 5-11
IfYouLosethePassword ................................ 5-11
OnlineHelpfortheWebBrowserInterface .................... 5-12
Support/MgmtURLsFeature .................................. 5-13
SupportURL .............................................. 5-14
Helpandthe ManagementServerURL ........................ 5-14
UsingthePCMServerforSwitchWebHelp .................... 5-15
StatusReportingFeatures .................................... 5-17
TheOverviewWindow ............... ....................... 5-17
ThePort Utilization andStatusDisplays ....................... 5-18
PortUtilization ......................................... 5-18
PortStatus............................................. 5-20
TheAlertLog .............................................. 5-21
SortingtheAlertLogEntries ............................. 5-21
AlertTypesandDetailedViews ........................... 5-22
SettingFaultDetectionPolicy ................................ 5-24
SwitchMemoryandConfiguration
Contents...................................................... 6-1
Overview ..................................................... 6-3
ConfigurationFileManagement................................ 6-3
UsingtheCLIToImplementConfigurationChanges ............ 6-6
UsingtheMenuandWebBrowserInterfacesToImplement
ConfigurationChanges ........................................ 6-9
Menu:ImplementingConfigurationChanges ................... 6-10
UsingSaveandCancelintheMenuInterface ............... 6-10
RebootingfromtheMenuInterface ....................... 6-11
Web:ImplementingConfigurationChanges .................... 6-12
UsingPrimaryandSecondaryFlashImageOptions............. 6-13
DisplayingtheCurrentFlashImageData ...................... 6-13
SwitchSoftwareDownloads................................. 6-15
LocalSwitchSoftwareReplacementandRemoval .............. 6-16
RebootingtheSwitch .. ... .................................. 6-18
vi
OperatingNotesaboutBooting........................... 6-18
ViewingtheStartup-ConfigFileStatuswithMultiple
UsingtheClear+ResetButtonCombinationToResetthe
Xmodem:CopyingaConfigurationFiletoaSerially
Xmodem:CopyingaConfigurationfromaSerially
BootandReloadCommand Comparison................... 6-19
SettingtheDefaultFlash................................. 6-20
BootingfromtheDefaultFlash(PrimaryorSecondary) ...... 6-20
BootingfromaSpecifiedFlash ........................... 6-20
UsingReload........................................... 6-21
MultipleConfigurationFiles .................................. 6-23
GeneralOperation . ......................................... 6-24
TransitioningtoMultipleConfigurationFiles ................... 6-25
ListingandDisplayingStartup-ConfigFiles..................... 6-27
ConfigurationEnabled .................................. 6-27
DisplayingtheContentofASpecificStartup-ConfigFile...... 6-28
ChangingorOverridingtheRebootConfigurationPolicy ......... 6-28
ManagingStartup-Config FilesintheSwitch ................... 6-30
RenaminganExistingStartup-ConfigFile .................. 6-31
CreatingaNewStartup-ConfigFile ........................ 6-31
ErasingaStartup-ConfigFile ............................. 6-32
Switch to ItsDefaultConfiguration ........................ 6-34
TransferringStartup-ConfigFilesToorFromaRemoteServer.... 6-35
TFTP:CopyingaConfigurationFiletoaRemoteHost........ 6-35
TFTP:CopyingaConfigurationFilefromaRemoteHost ..... 6-36
ConnectedHost ........................................ 6-36
ConnectedHost ........................................ 6-37
OperatingNotesforMultipleConfigurationFiles ............ 6-37
7 InterfaceAccessandSystemInformation
Contents...................................................... 7-1
Overview ..................................................... 7-2
InterfaceAccess:Console/SerialLink,Web,andInboundTelnet . 7-3
Menu:Modifying the InterfaceAccess .......................... 7-4
CLI:ModifyingtheInterface Access ............................ 7-5
vii
DenyingInterfaceAccessbyTerminatingRemoteManagement
Sessions ...................................................... 7-9
SystemInformation .......................................... 7-11
Menu:ViewingandConfiguringSystemInformation............. 7-12
CLI:ViewingandConfiguringSystemInformation .............. 7-13
Web:ConfiguringSystemParameters ......................... 7-17
8 ConfiguringIPAddressing
Contents...................................................... 8-1
Overview ..................................................... 8-2
IPConfiguration .............................................. 8-2
JustWantaQuickStartwith IPAddressing? .................... 8-3
IPAddressingwithMultipleVLANs............................ 8-4
Menu:ConfiguringIPAddress,Gateway,andTime-To-Live(TTL) .. 8-5
CLI:ConfiguringIPAddress,Gateway,andTime-To-Live(TTL) .... 8-6
Web:ConfiguringIPAddressing .............................. 8-10
HowIPAddressingAffectsSwitch Operation................... 8-11
DHCP/BootpOperation.................................. 8-12
NetworkPreparationsforConfiguringDHCP/Bootp ......... 8-14
LoopbackInterfaces.......................................... 8-15
Introduction ............................................... 8-15
ConfiguringaLoopbackInterface ............................ 8-16
DisplayingLoopbackInterfaceConfigurations.................. 8-17
IPPreserve:RetainingVLAN-1IP
AddressingAcrossConfigurationFileDownloads .............. 8-20
OperatingRulesforIPPreserve .............................. 8-20
EnablingIPPreserve........................................ 8-20
9 TimeProtocols
Contents...................................................... 9-1
Overview ..................................................... 9-2
TimePTimeSynchronization ... ............................... 9-2
SNTPTimeSynchronization .................................. 9-2
viii
SelectingaTimeSynchronizationProtocolorTurningOffTime
ProtocolOperation ............................................ 9-3
GeneralStepsforRunningaTimeProtocolontheSwitch: ........ 9-3
DisablingTimeSynchronization ............................... 9-3
SNTP:Viewing,Selecting,andConfiguring ..................... 9-4
Menu:ViewingandConfiguringSNTP . . ... ..................... 9-5
CLI:ViewingandConfiguringSNTP ... . ... ..................... 9-8
ViewingtheCurrentSNTPConfiguration.................... 9-8
Configuring(EnablingorDisabling)theSNTPMode ......... 9-10
TimeP:Viewing,Selecting,andConfiguring.................... 9-16
Menu:ViewingandConfiguringTimeP . ... .................... 9-17
CLI:ViewingandConfiguringTimeP .. . ....................... 9-18
ViewingtheCurrentTimePConfiguration .................. 9-19
Configuring(EnablingorDisabling)theTimePMode ........ 9-20
SNTPUnicastTimePollingwithMultipleSNTPServers ........ 9-25
DisplayingAllSNTPServerAddressesConfiguredontheSwitch .. 9-25
Addingand DeletingSNTPServerAddresses ................... 9-26
Menu:OperationwithMultipleSNTPServerAddresses
Configured................................................ 9-26
SNTPMessagesintheEventLog .............................. 9-26
10 PortStatusandConfiguration
Contents..................................................... 10-1
Overview .................................................... 10-3
ViewingPortStatusandConfiguringPortParameters.......... 10-3
Menu:PortStatusandConfiguration .......................... 10-4
PortType.............................................. 10-4
StatusofPorts ......................................... 10-5
FlowControl........................................... 10-5
BroadcastLimit ........................................ 10-5
Modes ................................................ 10-6
ConfiguringPorts ....................................... 10-7
CLI:ViewingPortStatusandConfiguringPortParameters ....... 10-8
ViewingPortStatusandConfiguration ..................... 10-9
ix
11
ViewingPortUtilizationStatistics ........................... 10-11
ViewingTransceiverStatus.......... ....................... 10-12
EnablingorDisablingPortsandConfiguringPortMode......... 10-13
EnablingorDisablingFlowControl .......................... 10-15
ConfiguringaBroadcastLimitontheSwitch .................. 10-17
ConfiguringProCurveAuto-MDIX ........................... 10-18
Web:ViewingPortStatusandConfiguringPortParameters ..... 10-21
UsingFriendly(Optional)PortNames ....................... 10-22
ConfiguringandOperatingRulesforFriendlyPortNames....... 10-22
ConfiguringFriendlyPortNames ............................ 10-23
DisplayingFriendlyPortNameswithOtherPortData .......... 10-24
ConfiguringTransceiversandModulesThatHavent
BeenInserted ............................................. 10-27
Transceivers .......................................... 10-27
Modules .............................................. 10-27
Uni-DirectionalLinkDetection(UDLD) ...................... 10-29
ConfiguringUDLD......................................... 10-30
EnablingUDLD........................................ 10-31
ChangingtheKeepaliveInterval ......................... 10-32
ChangingtheKeepaliveRetries .......................... 10-32
ConfiguringUDLDforTaggedPorts ...................... 10-32
ViewingUDLDInformation ................................. 10-33
ConfigurationWarningsandEventLogMessages .............. 10-36
PowerOverEthernet(PoE+)Operation
Contents..................................................... 11-1
IntroductiontoPoE+ ......................................... 11-3
RelatedPublications ........................................ 11-3
PoETerminology........................................... 11-4
PoEOperation ............................................... 11-5
ConfigurationOptions ...................................... 11-5
PDSupport ................................................ 11-6
PowerPriorityOperation ............. ....................... 11-7
ConfiguringPoEOperation ................................... 11-7
x
DisablingorRe-EnablingPoEPortOperation .................. 11-8
ConfiguringthePoEPortPriorityLevel ....................... 11-8
EnablingSupportforPre-StandardDevices ................... 11-10
ControllingPoEAllocation ................................. 11-10
ManuallyConfiguringPoEPowerLevels...................... 11-11
ChangingtheThresholdforGeneratingaPowerNotice ......... 11-13
PoEwithLLDP .............................................. 11-14
Overview................................................. 11-14
PoEAllocation ............................................ 11-14
EnablingAdvertisementofPoeTLVs ......................... 11-15
DisplayingPoEWhenUsingLLDPInformation................ 11-16
DisplayingLLDPPortConfiguration ...................... 11-16
DisplayingLocalDevicePowerInformation ............... 11-16
DisplayingRemotePowerInformation .................... 11-17
DisplayingtheGlobalPoEStatus ............................ 11-20
DisplayingPoEStatusonAllPorts ........................... 11-21
DisplayingthePoEStatusonSpecificPorts ................... 11-23
PlanningandImplementingaPoEConfiguration.............. 11-26
AssigningPoEPortstoVLANs .............................. 11-26
ApplyingSecurityFeaturestoPoEConfigurations ............. 11-26
AssigningPriorityPoliciestoPoETraffic ..................... 11-27
PoEEventLogMessages ................................... 11-28
InformationalPoEEvent-LogMessages ................. 11-28
Warning PoEEvent-LogMessages ...................... 11-28
12 PortTrunking
Contents..................................................... 12-1
Overview .................................................... 12-2
PortTrunkFeaturesandOperation ........................... 12-4
TrunkConfigurationMethods ................................ 12-4
Menu:ViewingandConfiguringaStaticTrunkGroup.......... 12-9
CLI:ViewingandConfiguringPortTrunkGroups ............. 12-11
UsingtheCLIToViewPortTrunks .......................... 12-11
xi
UsingtheCLIToConfigureaStaticorDynamicTrunkGroup ... 12-14
Web:ViewingExistingPortTrunkGroups .................... 12-17
TrunkGroupOperationUsingLACP ......................... 12-18
DefaultPort Operation . .................................... 12-21
LACPNotesandRestrictions ......... ...................... 12-22
TrunkGroupOperationUsingtheTrunkOption ............ 12-26
HowtheSwitchListsTrunkData ............................ 12-27
OutboundTrafficDistributionAcrossTrunkedLinks ......... 12-27
13 PortTrafficControls
Contents..................................................... 13-1
Overview .................................................... 13-2
Rate-Limiting ................................................ 13-3
AllTrafficRate-Limiting ... .................................. 13-3
ConfiguringRate-Limiting................................ 13-3
DisplayingtheCurrentRate-LimitConfiguration ............ 13-5
OperatingNotesforRate-Limiting ..... .................... 13-5
JumboFrames ............................................... 13-8
Terminology ............................................... 13-8
OperatingRules ............................................ 13-9
ConfiguringJumboFrameOperation ......................... 13-10
Overview ............................................. 13-10
ViewingtheCurrentJumboConfiguration ................. 13-11
EnablingorDisablingJumboTrafficonaVLAN ............ 13-13
ConfiguringaMaximumFrameSize.......................... 13-13
ConfiguringIPMTU .................................... 13-14
SNMPImplementation ................................. 13-14
DisplayingtheMaximumFrame Size ..................... 13-15
OperatingNotesforMaximumFrameSize ................ 13-15
OperatingNotesforJumboTraffic-Handling .................. 13-15
Troubleshooting .......................................... 13-18
xii
14 ConfiguringforNetworkManagementApplications
Contents..................................................... 14-1
UsingSNMPToolsToManagetheSwitch...................... 14-3
Overview.................................................. 14-3
SNMPManagementFeatures................................. 14-4
ConfiguringforSNMPversion1and2cAccesstotheSwitch ..... 14-4
ConfiguringforSNMPVersion3AccesstotheSwitch ........... 14-5
SNMPVersion3Commands ................................. 14-6
EnablingSNMPv3....................................... 14-7
SNMPv3Users ......................................... 14-7
GroupAccessLevels ................................... 14-11
SNMPv3Communities .................................. 14-11
Menu:ViewingandConfiguringnon-SNMPversion3
Communities.......................................... 14-13
CLI:ViewingandConfiguringSNMPCommunityNames .... 14-15
SNMPNotifications........................................ 14-17
SupportedNotifications ................................ 14-17
GeneralStepsforConfiguringSNMPNotifications ......... 14-18
SNMPv1andSNMPv2cTraps............................ 14-19
ConfiguringanSNMPTrapReceiver...................... 14-19
EnablingSNMPv2cInforms ............................. 14-21
ConfiguringSNMPv3Notifications....................... 14-23
ManagingNetworkSecurityNotifications................. 14-26
EnablingLink-ChangeTraps ............................ 14-28
ConfiguringtheSourceIPAddressforSNMPNotifications .. 14-29
DisplayingSNMPNotificationConfiguration............... 14-31
AdvancedManagement:RMON.............................. 14-33
CLI-ConfiguredsFlowwithMultipleInstances................. 14-33
Terminology .......................................... 14-33
ConfiguringsFlow..................................... 14-34
ViewingsFlowConfigurationandStatus .................. 14-34
LLDP(Link-LayerDiscoveryProtocol) ....................... 14-37
Terminology .............................................. 14-38
GeneralLLDPOperation .. ................................. 14-40
LLDP-MED ........................................... 14-40
xiii
PacketBoundariesinaNetworkTopology . ................... 14-40
ConfiguringSupportforPortSpeedandDuplex
AdvertisingDeviceCapability,NetworkPolicy,PoEStatus
DisplayingSwitchInformationAvailableforOutbound
ConfigurationOptions ..................................... 14-41
OptionsforReadingLLDPInformationCollectedbytheSwitch .. 14-43
LLDPandLLDP-MEDStandardsCompatibility ................ 14-44
LLDPOperatingRules ..................................... 14-44
ConfiguringLLDPOperation ................................ 14-45
ViewingtheCurrentConfiguration....................... 14-46
ConfiguringGlobalLLDPPacketControls ................. 14-47
ConfiguringSNMPNotificationSupport................... 14-51
ConfiguringPer-PortTransmitandReceiveModes ......... 14-52
ConfiguringBasicLLDPPer-PortAdvertisementContent.... 14-53
Advertisements........................................ 14-55
LLDP-MED(Media-Endpoint-Discovery) ..................... 14-56
LLDP-MEDTopologyChangeNotification................. 14-59
LLDP-MEDFastStartControl ........................... 14-61
andLocationData ..................................... 14-61
ConfiguringLocationDataforLLDP-MEDDevices ......... 14-65
DisplayingAdvertisementData ........ ...................... 14-70
Advertisements........................................ 14-71
DisplayingLLDPStatistics.............................. 14-75
LLDPOperatingNotes ..................................... 14-77
LLDPandCDPDataManagement ........................... 14-79
LLDPandCDPNeighborData ........................... 14-79
CDPOperationandCommands .......................... 14-81
A FileTransfers
Contents..................................................... A-1
Overview .................................................... A-3
DownloadingSwitchSoftware ................................ A-3
GeneralSoftwareDownload Rules ............................ A-4
UsingTFTPToDownloadSwitchSoftwarefromaServer ........ A-4
Menu:TFTPDownloadfromaServertoPrimaryFlash....... A-5
xiv
CLI: TFTPDownloadfromaServertoFlash ................ A-7
UsingSecureCopyandSFTP ................................ A-9
HowItWorks......................................... A-10
TheSCP/SFTPProcess..................................... A-10
DisableTFTPandAuto-TFTPforEnhancedSecurity ....... A-11
CommandOptions ..................................... A-13
Authentication ........................................ A-14
SCP/SFTPOperatingNotes ............................. A-14
TroubleshootingSSH,SFTP,andSCPOperations .......... A-16
UsingXmodemtoDownloadSwitchSoftwareFrom
aPCorUNIXWorkstation .................................. A-17
Menu:XmodemDownload to PrimaryFlash ............... A-17
CLI:XmodemDownloadfromaPCorUNIXWorkstationto
PrimaryorSecondaryFlash ............................. A-18
UsingUSBtoTransferFilestoandfromtheSwitch............ A-19
UsingUSBto DownloadSwitchSoftware ................. A-20
Switch-to-SwitchDownload .......... ...................... A-21
Menu:Switch-to-SwitchDownloadtoPrimaryFlash ........ A-22
CLI:Switch-To-SwitchDownloads ....................... A-23
Xmodem:CopyingaSoftwareImagefromtheSwitchtoa
Xmodem:CopyingaConfigurationFilefromaSerially
UsingPCM+toUpdateSwitchSoftware ...................... A-24
CopyingSoftwareImages .................................... A-24
TFTP:CopyingaSoftwareImagetoaRemoteHost ......... A-24
SeriallyConnectedPCorUNIXWorkstation............... A-25
USB:CopyingaSoftwareImagetoaUSBDevice ........... A-25
TransferringSwitchConfigurations .......................... A-26
TFTP:CopyingaConfigurationFiletoaRemoteHost....... A-26
TFTP:CopyingaConfigurationFilefromaRemoteHost .... A-27
TFTP:CopyingaCustomizedCommandFiletoaSwitch .... A-27
ConnectedPCorUNIXWorkstation ...................... A-28
USB:CopyingaConfigurationFiletoaUSBDevice......... A-30
USB:CopyingaConfigurationFilefromaUSBDevice...... A-31
TransferringACLCommandFiles ............................ A-31
xv
TFTP:UploadinganACLCommandFilefromaTFTPServer A-31
Xmodem:UploadinganACLCommandFilefromaSerially
USB:UploadinganACLCommandFilefromaUSBDevice.. A-33
CopyingDiagnosticDatatoaRemote
Host,USBDevice,PCorUNIXWorkstation................... A-35
CopyingCommandOutputtoaDestinationDevice......... A-35
CopyingEventLogOutputtoaDestinationDevice ......... A-36
CopyingCrashDataContenttoaDestinationDevice ....... A-36
CopyingCrashLogDataContenttoaDestinationDevice .... A-37
UsingUSBAutorun.......................................... A-39
HowItWorks ............................................. A-39
SecurityConsiderations ................................ A-40
TroubleshootingAutorunOperations ..................... A-41
ConfiguringAutorunontheSwitch .......................... A-42
EnablingSecure Mode.................................. A-42
OperatingNotesandRestrictions ........................ A-43
AutorunandConfiguringPasswords... ................... A-43
ViewingAutorunConfigurationInformation................... A-44
B MonitoringandAnalyzingSwitchOperation
Contents..................................................... B-1
Overview .................................................... B-3
StatusandCountersData .................................... B-4
MenuAccessToStatusandCounters ..... .................... B-5
GeneralSystemInformation ................................. B-6
MenuAccess ........................................... B-6
CLIAccesstoSystemInformation ........................ B-7
TaskMonitorCollectingProcessorData ..................... B-8
SwitchManagementAddressInformation...................... B-9
MenuAccess ........................................... B-9
CLIAccess............................................ B-10
PortStatus............................................... B-10
Menu:DisplayingPortStatus ............................ B-10
CLIAccess............................................ B-11
xvi
WebAccess ........................................... B-11
ViewingPortandTrunkGroupStatisticsandFlowControlStatus B-11
MenuAccesstoPort andTrunkStatistics................. B-13
CLIAccessToPortandTrunkGroupStatistics ............ B-14
WebBrowserAccessToViewPortandTrunk
GroupStatistics ....................................... B-14
ViewingtheSwitchsMACAddressTables.................... B-15
MenuAccesstotheMACAddressViewsandSearches ...... B-15
CLIAccessforMACAddressViewsandSearches .......... B-18
SpanningTreeProtocol(MSTP)Information .................. B-19
CLIAccesstoMSTPData ............................... B-19
InternetGroupManagementProtocol(IGMP)Status ........... B-20
VLANInformation ......................................... B-21
WebBrowserInterfaceStatusInformation .................... B-23
InterfaceMonitoringFeatures .............................. B-24
Menu:ConfiguringPortandStaticTrunkMonitoring ........... B-25
CLI:ConfiguringPortandStaticTrunkMonitoring ............. B-27
Web:ConfiguringPortMonitoring ........................... B-30
LocatingaDevice ........................................... B-31
C Troubleshooting
Contents..................................................... C-1
Overview .................................................... C-4
TroubleshootingApproaches.................................. C-5
BrowserorTelnetAccessProblems ........................... C-6
UnusualNetworkActivity .................................... C-8
GeneralProblems.......................................... C-8
802.1QPrioritizationProblems............................... C-9
ACLProblems ............................................. C-9
IGMP-RelatedProblems .................................... C-13
LACP-RelatedProblems .................................... C-14
Mesh-RelatedProblems.................................... C-14
Port-BasedAccessControl(802.1X)-RelatedProblems ......... C-14
QoS-RelatedProblems..................................... C-17
xvii
Radius-RelatedProblems ................................... C-17
Spanning-TreeProtocol(MSTP)andFast-UplinkProblems...... C-18
SSH-RelatedProblems..................................... C-19
TACACS-RelatedProblems................................. C-21
TimeP,SNTP,orGatewayProblems ......................... C-23
VLAN-RelatedProblems .............. ...................... C-23
FanFailure ............................................... C-25
UsingtheEventLogforTroubleshootingSwitchProblems .... C-26
EventLogEntries ......................................... C-26
Menu:DisplayingandNavigatingintheEventLog ............. C-34
CLI:DisplayingtheEventLog ............................... C-35
CLI:ClearingEventLogEntries ............................. C-35
CLI:TurningEventNumberingOn ........................... C-36
UsingLogThrottlingtoReduceDuplicate
ConfiguringtheSeverityLevelforEventLog
ConfiguringtheSystemModuleUsedtoSelecttheEventLog
EventLogandSNMPMessages.............................. C-36
LogThrottlePeriods ............. ...................... C-37
ExampleofLogThrottling .............................. C-37
ExampleofEventCounterOperation ..................... C-39
Debug/SyslogOperation ..................................... C-40
Debug/SyslogMessaging ................................... C-40
Debug/SyslogDestinationDevices ........................... C-40
Debug/SyslogConfigurationCommands ...................... C-41
ConfiguringDebug/SyslogOperation ......................... C-43
DisplayingaDebug/SyslogConfiguration.................. C-45
DebugCommand ................... ....................... C-49
DebugMessages ....................................... C-49
DebugDestinations.............. ...................... C-51
LoggingCommand ........................................ C-52
ConfiguringaSyslogServer ............................. C-53
MessagesSenttoaSyslogServer ...... ...................... C-56
MessagesSenttoaSyslogServer ........................ C-57
OperatingNotesforDebugandSyslog ....................... C-57
DiagnosticTools ............................................ C-59
xviii
PortAuto-Negotiation...................................... C-60
PingandLinkTests ........................................ C-60
Web:ExecutingPingorLinkTests....................... C-61
CLI:PingTest ......................................... C-62
LinkTests ............................................ C-63
TracerouteCommand ...................................... C-64
ViewingSwitchConfigurationandOperation ................. C-68
CLI:ViewingtheStartuporRunningConfigurationFile ......... C-68
Web: ViewingtheConfigurationFile ......................... C-68
CLI:ViewingaSummaryofSwitchOperationalData ........... C-68
SavingshowtechCommandOutputtoaTextFile .......... C-70
CustomizingshowtechCommandOutput ................. C-71
CLI:ViewingMoreInformationonSwitchOperation ........... C-75
PatternMatchingWhenUsingtheShowCommand......... C-75
CLI:UsefulCommandsforTroubleshootingSessions........... C-79
SystemFailures:CoreDumpUtility .......................... C-79
CLI:Enabling/DisablingCoreDump ...................... C-80
CLI:TransferringCoreDumpFiles .... ................... C-80
CLI:DisplayingCoreDump Information .................. C-81
CLI: DeletingCore Dump Files.. .... . .................... C-81
Web:Enabling/DisablingCoreDump .. ................... C-81
WebUI:DownloadingCoreDumpFiles ................... C-83
RestoringtheFactory-DefaultConfiguration ................. C-84
CLI:ResettingtotheFactory-DefaultConfiguration............ C-84
Clear/Reset:ResettingtotheFactory-DefaultConfiguration..... C-85
RestoringaFlashImage ..................................... C-85
DNSResolver ............................................... C-88
Terminology .......................................... C-88
BasicOperation ........................................... C-89
ConfiguringandUsingDNSResolution
withDNS-CompatibleCommands ........................... C-90
ConfiguringaDNSEntry ................................... C-91
ExampleUsingDNSNameswithPingandTraceroute .......... C-92
ViewingtheCurrentDNSConfiguration ...................... C-94
OperatingNotes........................................... C-95
xix
EventLogMessages ....................................... C-96
D MACAddressManagement
Contents..................................................... D-1
Overview .................................................... D-2
DeterminingMACAddresses.................................. D-3
Menu:ViewingtheSwitchs MACAddresses.................... D-4
CLI:ViewingthePort andVLANMACAddresses................ D-5
ViewingtheMACAddressesofConnectedDevices ............. D-7
E MonitoringResources
Contents..................................................... E-1
ViewingInformationonResourceUsage ....................... E-2
PolicyEnforcementEngine .................................. E-2
DisplayingCurrentResourceUsage ........................... E-3
WhenInsufficientResourcesAreAvailable .................... E-6
F DaylightSavingsTimeonProCurveSwitches
Index
xx
ProductDocumentation
AboutYourSwitchManualSet
Not e ForthelatestversionofallProCurveswitchdocumentation,including
ReleaseNotescoveringrecentlyaddedfeatures,pleasevisittheProCurve
NetworkingWebsiteatwww.procurve.com,clickonCustomerCare,andthen
clickonManuals.
PrintedPublications
Thepublicationslistedbelowareprintedandshippedwithyourswitch.The
latestversionisalsoavailableinPDFformatontheProCurveWebsite,as
describedintheNoteatthetopofthispage.
ReadMeFirstProvidessoftwareupdateinformation,productnotes,
andotherinformation.
HPProCurveSwitchQuickSetupProvidesquickstartinstallation
instructions.SeetheInstallationandGettingStartedGuideformore
detailedinformation.
ElectronicPublications
ThelatestversionofeachofthepublicationslistedbelowisavailableinPDF
formatontheProCurveWebsite,asdescribedintheNoteatthetopofthis
page.
InstallationandGettingStartedGuideExplainshowtopreparefor
andperformthephysicalinstallationandconnecttheswitchtoyour
network.
ManagementandConfigurationGuideDescribeshowtoconfigure,
manage,andmonitorbasicswitchoperation.
AdvancedTrafficManagementGuideExplainshowtoconfiguretraffic
managementfeaturessuchasVLANs,MSTP,QoS,andMeshing.
MulticastandRoutingGuideExplainshowtoconfigureIGMP,PIM,IP
routing,andVRRPfeatures.
AccessSecurityGuideExplainshowtoconfigureaccesssecurityfea-
turesanduserauthenticationontheswitch.
IPv6ConfigurationGuideDescribestheIPv6protocoloperationsthat
aresupportedontheswitch.
ReleaseNotesDescribenewfeatures,fixes,andenhancementsthat
becomeavailablebetweenrevisionsofthemainproductguide.
xxi
SoftwareFeatureIndex
Forthesoftwaremanualsetsupportingyour2910alswitchmodel,thisfeature
indexindicateswhichmanualtoconsultforinformationonagivensoftware
feature.
Not e ThisIndexdoesnotcoverIPv6capablesoftwarefeatures.Forinformationon
IPv6protocoloperationsandfeatures(suchasDHCPv6,DNSforIPv6,Ping6,
andMLDSnooping),refertotheIPv6ConfigurationGuide.
IntelligentEdgeSoftware
Features
Manual
Management
and
Configuration
Advanced
Traffic
Management
Multicastand
Routing
Access
Security
Guide
802.1QVLANTagging X
802.1XPort-BasedPriority X
802.1XMultipleAuthenticatedClientsPerPort X
AccessControlLists(ACLs) X
AAAAuthentication X
AuthorizedIPManagers X
AuthorizedManagerList(Web,Telnet,TFTP) X
AutoMDIXConfiguration X
BOOTP X
ConfigFile X
ConsoleAccess X
CopyCommand X
CoS(ClassofService) X
Debug X
DHCPConfiguration X
DHCPOption82 X
DHCPSnooping X
xxii
Features
Manual
Management
and
Configuration
Advanced
Traffic
Management
Multicastand
Routing
Access
Security
Guide
DHCP/BootpOperation
DiagnosticTools
DownloadingSoftware
X
X
X
DynamicARPProtection
DynamicConfigurationArbiter
EavesdropProtection
EventLog X
X
X
X
FactoryDefaultSettings
FlowControl(802.3x)
FileManagement
FileTransfers
X
X
X
X
FriendlyPortNames
GuaranteedMinimumBandwidth(GMB)
GVRP
Identity-DrivenManagement(IDM)
X
X
X
X
IGMP
InterfaceAccess(Telnet,Console/Serial,Web)
IPAddressing
IPRouting
X
X
X
X
JumboPackets
LACP
Link
LLDP
X
X
X
X
LLDP-MED
LoopProtection
MACAddressManagement
X
X
X
xxiii
Features
Manual
Management
and
Configuration
Advanced
Traffic
Management
Multicastand
Routing
Access
Security
Guide
MACLockdown X
MACLockout
MAC-basedAuthentication
ManagementVLAN
MonitoringandAnalysis
MulticastFiltering
MultipleConfigurationFiles
NetworkManagementApplications(SNMP)
OpenViewDeviceManagement
X
X
X
X
X
X
X
X
PasswordsandPasswordClearProtection
ProCurveManager(PCM)
Ping
PortConfiguration
X
X
X
X
PortMonitoring
PortSecurity
PortStatus
PortTrunking(LACP)
X
X
X
X
Port-BasedAccessControl(802.1X)
PoweroverEthernet(PoE+)
ProtocolFilters
ProtocolVLANS
X
X
X
X
QualityofService(QoS)
RADIUSAuthenticationandAccounting
RADIUS-BasedConfiguration
Rate-Limiting X
X
X
X
RIP X
xxiv
Features
Manual
Management
and
Configuration
Advanced
Traffic
Management
Multicastand
Routing
Access
Security
Guide
RMON1,2,3,9
Routing
Routing-IPStatic
X
X
X
SecureCopy
sFlow
SFTP
SNMPv3
X
X
X
X
SoftwareDownloads(SCP/SFTP,TFPT,Xmodem)
Source-PortFilters
SpanningTree(STP,RSTP,MSTP)
SSHv2(SecureShell)Encryption
X
X
X
X
SSL(SecureSocketLayer)
StackManagement(3500yl/6200ylswitchesonly)
Syslog
SystemInformation
X
X
X
X
TACACS+Authentication
TelnetAccess
TFTP
TimeProtocols(TimeP,SNTP)
X
X
X
X
TrafficMirroring
Traffic/SecurityFilters
Troubleshooting
Uni-DirectionalLinkDetection(UDLD)
X
X
X
X
UDPForwarder
USBDeviceSupport
VLANs
X
X
X
xxv
Features
Manual
Management
and
Configuration
Advanced
Traffic
Management
Multicastand
Routing
Access
Security
Guide
VoiceVLAN
WebAuthenticationRADIUSSupport
Web-basedAuthentication
WebUI
Xmodem
X
X
X
X
X
xxvi
1
GettingStarted
Contents
Introduction .................................................. 1-2
Conventions .................................................. 1-2
CommandSyntaxStatements ................................. 1-2
CommandPrompts .......................................... 1-3
ScreenSimulations.......................................... 1-3
ConfigurationandOperationExamples......................... 1-3
Keys....................................................... 1-3
SourcesforMoreInformation ................................. 1-4
Getting DocumentationFromtheWeb ......................... 1-6
OnlineHelp ................................................ 1-6
MenuInterface .......................................... 1-6
CommandLineInterface.................................. 1-7
WebBrowserInterface................................... 1-7
NeedOnlyaQuickStart? ...................................... 1-8
IPAddressing ............................................... 1-8
ToSetUpandInstalltheSwitchinYourNetwork............... 1-8
PhysicalInstallation ... ... ................................... 1-8
1-1
GettingStarted
Introduction
Introduction
Thisguideisintendedforusewiththefollowingswitches:
HPProCurve2910alSwitch
Itdescribeshowtousethecommandlineinterface(CLI),Menuinterface,and
webbrowsertoconfigure,manage,monitor,andtroubleshootswitchopera-
tion.Foranoverviewofotherproductdocumentationfortheaboveswitches,
refertoProductDocumentationonpagexi.Youcandownloaddocumenta-
tionfromtheProCurveNetworkingwebsite,www.procurve.com.
Conventions
ConfigurationandOperationExamples
Unlessotherwisenoted,examplesusingaparticularswitchmodelapplytoall
switchmodelscoveredbythisguide.
ProtocolAcronyms
IP ReferstotheIPv4protocolunlessotherwisenoted.
IPv6 ReferstotheIPv6protocol.
CommandSyntaxandDisplayedInformation
CommandSyntaxStatements
Syntax:ip<default-gateway<ip-addr>>|routing>
Syntax:showinterfaces[port-list]
Verticalbars(|)separatealternative,mutuallyexclusiveelements.
Squarebrackets([])indicateoptionalelements.
Braces(<>)encloserequiredelements.
Braceswithinsquarebrackets([<>])indicatearequiredelementwithin
anoptionalchoice.
1-2
GettingStarted
Conventions
BoldfaceindicatesuseofaCLIcommand,partofaCLIcommandsyntax,
orotherdisplayedelementingeneraltext.Forexample:
UsethecopytftpcommandtodownloadthekeyfromaTFTPserver.
Italicsindicatevariablesforwhichyoumustsupplyavaluewhenexecut-
ingthecommand.Forexample,inthiscommandsyntax,youmustprovide
oneormoreportnumbers:
Syntax:aaaport-accessauthenticator<port-list>
CommandPrompts
Inthedefaultconfiguration,yourswitchdisplaysaCLIpromptsimilartothe
followingexample:
ProCurve 2910al#
Tosimplifyrecognition,thisguideusesProCurvetorepresentcommand
promptsforallswitchmodels.Forexample:
ProCurve#
(YoucanusethehostnamecommandtochangethetextintheCLIprompt.)
ScreenSimulations
DisplayedText. Figurescontainingsimulatedscreentextandcommand
outputlooklikethis:
Pr oCur ve> show ver si on
I mage st amp:
Boot I mage:
/ sw/ code/ bui l d/ i nf o
November 6, 2008 13: 43: 13
W. 14. 01
139
Pr i mar y
Pr oCur ve>
Figure1-1. ExampleofaFigureShowingaSimulatedScreen
Insomecases,briefcommand-outputsequencesappearwithoutfigureiden-
tification.Forexample:
ProCurve(config)# clear public-key
ProCurve(config)# show ip client-public-key
show_client_public_key: cannot stat keyfile
1-3
GettingStarted
SourcesforMoreInformation
Keys
Simulationsofactualkeysuseabold,sans-seriftypefacewithsquarebrackets.
Forexample,theTabkeyappearsas[Tab]andtheYkeyappearsas[Y].
Forinformationaboutswitchoperationandfeaturesnotcoveredinthisguide,
consultthefollowingsources:
FeatureIndexForinformationonwhichmanualtoconsultforagiven
softwarefeature,refertotheSoftwareFeatureIndexonpagexii.
Not e ForthelatestversionofallProCurveswitchdocumentationreferredtobelow,
includingReleaseNotescoveringrecentlyaddedfeatures,visittheProCurve
Networkingwebsiteatwww.procurve.com,clickonCustomerCare,and
thenclickonManuals.
SoftwareReleaseNotesReleaseNotesarepostedontheProCurve
Networkingwebsiteandprovideinformationonnewsoftwareupdates:
newfeaturesandhowtoconfigureandusethem
softwaremanagement,includingdownloadingsoftwaretotheswitch
softwarefixesaddressedincurrentandpreviousreleases
ProductNotesandSoftwareUpdateInformationTheprintedReadMe
Firstshippedwithyourswitchprovidessoftwareupdateinformation,
productnotes,andotherinformation.
InstallationandGettingStartedGuideUsetheInstallationandGet-
tingStartedGuidetoprepareforandperformthephysicalinstallation.
Thisguidealsostepsyouthroughconnectingtheswitchtoyournetwork
andassigningIPaddressing,aswellasdescribingtheLEDindicationsfor
correctoperationandtroubleanalysis.
ManagementandConfigurationGuideUsethisguideforinformation
ontopicssuchas:
variousinterfacesavailableontheswitch
memoryandconfigurationoperation
interfaceaccess
IPaddressing
timeprotocols
1-4
GettingStarted
portconfiguration,trunking,trafficcontrol,andPoEoperation
SNMP,LLDP,andothernetworkmanagementtopics
filetransfers,switchmonitoring,troubleshooting,andMACaddress
management
AdvancedTrafficManagementGuideUsethisguideforinformationon
topicssuchas:
VLANs:Staticport-basedandprotocolVLANs,anddynamicGVRP
VLANs
spanning-Tree:802.1D(STP),802.1w(RSTP),and802.1s(MSTP)
Quality-of-Service(QoS)
AccessControlLists(ACLs)
MulticastandRoutingGuideUsethisguideforinformationontopics
suchas:
IGMP
IProuting
AccessSecurityGuideUsethisguideforinformationontopicssuchas:
Localusernameandpasswordsecurity
Web-BasedandMAC-basedauthentication
RADIUSandTACACS+authentication
SSH(SecureShell)andSSL(SecureSocketLayer)operation
802.1Xaccesscontrol
PortsecurityoperationwithMAC-basedcontrol
AuthorizedIPManagersecurity
KeyManagementSystem(KMS)
IPv6ConfigurationGuideUsethisguideforinformationontopics
suchas:
OverviewofIPv6operationandfeatures
ConfiguringIPv6addressing
UsingIPv6management,security,andtroubleshootingfeatures
1-5
GettingStarted
GettingDocumentationFromtheWeb
Toobtainthelatestversionsofdocumentationandreleasenotesforyour
switch:
1. GototheProCurveNetworkingwebsiteat
www.procurve.com
2. ClickonCustomerCare.
3. ClickonManuals.
4. Clickontheproductforwhichyouwanttoviewordownloadamanual.
IfyouneedfurtherinformationonProCurveswitchtechnology,visitthe
ProCurveNetworkingwebsiteat:
www.procurve.com
OnlineHelp
MenuInterface
Ifyouneedinformationonspecificparametersinthemenuinterface,referto
theonlinehelpprovidedintheinterface.Forexample:
OnlineHelp
forMenu
Figure1-2. OnlineHelpforMenuInterface
1-6
GettingStarted
CommandLineInterface
IfyouneedinformationonaspecificcommandintheCLI,typethecommand
namefollowedbyhelp.Forexample:
Figure1-3. ExampleofCLIHelp
WebBrowserInterface
IfyouneedinformationonspecificfeaturesintheProCurveWebBrowser
Interface(hereafterreferredtoasthewebbrowserinterface),usetheonline
Help.YoucanaccesstheHelpbyclickingontheHelptextontoprightsideof
anyofthewebbrowserinterfacescreens.
Figure1-4. HelpforWebBrowserInterface
Not e ToaccesstheonlineHelpfortheProCurvewebbrowserinterface,youneed
eitherProCurveManager(version1.5orgreater)installedonyournetwork
oranactiveconnectiontotheWorldWideWeb.Otherwise,Onlinehelpforthe
webbrowserinterfacewillnotbeavailable.
1-7
1
GettingStarted
NeedOnlyaQuickStart?
NeedOnlyaQuickStart?
IPAddressing
IfyoujustwanttogivetheswitchanIPaddresssothatitcancommunicate
onyournetwork,orifyouarenotusingVLANs,ProCurverecommendsthat
youusetheSwitchSetupscreentoquicklyconfigureIPaddressing.Todoso,
dooneofthefollowing:
EntersetupattheCLIManagerlevelprompt.
Procurve# setup
IntheMainMenuoftheMenuinterface,select
8.RunSetup
FormoreonusingtheSwitchSetupscreen,seetheInstallationandGetting
StartedGuideyoureceivedwiththeswitch.
ToSetUpandInstalltheSwitchinYour
Network
PhysicalInstallation
UsetheProCurveInstallationandGettingStartedGuideforthefollowing:
Notes,cautions,andwarningsrelatedtoinstallingandusingtheswitch
anditsrelatedmodules
Instructionsforphysicallyinstallingtheswitchinyournetwork
QuicklyassigninganIPaddressandsubnetmask,setaManagerpass-
word,and(optionally)configureotherbasicfeatures.
InterpretingLEDbehavior.
ForthelatestversionoftheInstallationandGettingStartedGuideforyour
switch,refertoGettingDocumentationFromtheWebonpage1-6.
1-8
2
SelectingaManagementInterface
Contents
Contents
Overview ..................................................... 2-2
Overview ..................................................... 2-2
UnderstandingManagementInterfaces ......................... 2-2
AdvantagesofUsingtheMenuInterface........................ 2-3
AdvantagesofUsingtheCLI ................................... 2-4
GeneralBenefits......................................... 2-4
InformationonUsingtheCLI .............................. 2-4
AdvantagesofUsingtheWebBrowserInterface ................ 2-5
orProCurveManagerPlus ..................................... 2-6
WebBrowserInterfaces ...................................... 2-7
BannerOperationwithTelnet,Serial,orSSHv2Access........ 2-8
BannerOperationwith WebBrowserAccess ................ 2-8
ConfiguringandDisplayingaNon-DefaultBanner ............ 2-8
ExampleofConfiguringandDisplayingaBanner............. 2-9
OperatingNotes ........................................ 2-11
2-1
Overview
Overview
Thischapterdescribesthefollowing:
Managementinterfacesfortheswitchescoveredinthisguide
Advantagesofusingeachinterface
UnderstandingManagementInterfaces
Managementinterfacesenableyoutoreconfiguretheswitchandtomonitor
switchstatusandperformance.Theswitchoffersthefollowinginterfaces:
Menuinterfaceamenu-driveninterfaceofferingasubsetofswitch
commandsthroughthebuilt-inVT-100/ANSIconsole2-3
CLIacommandlineinterfaceofferingthefullsetofswitchcommands
throughtheVT-100/ANSIconsolebuiltintotheswitch2-4
Webbrowserinterface--aswitchinterfaceofferingstatusinformation
andasubsetofswitchcommandsthroughastandardwebbrowser(such
asNetscapeNavigatororMicrosoftInternetExplorer)2-5
ProCurveManager(PCM)awindows-basednetworkmanagement
solutionincludedin-boxwithallmanageableProCurvedevices.Features
includeautomaticdevicediscovery,networkstatussummary,topology
andmapping,anddevicemanagement.
ProCurveManagerPlus(PCM+)acompletewindows-based
networkmanagementsolutionthatprovidesboththebasicfeatures
offeredwithPCM,aswellasmoreadvancedmanagementfeatures,
includingin-depthtrafficanalysis,groupandpolicymanagement,config-
urationmanagement,devicesoftwareupdates,andadvancedVLAN
management.(ProCurveincludesacopyofPCM+in-boxfora30-day
trial.)
Thismanualdescribeshowtousethemenuinterface(Chapter3),theCLI
(Chapter4),thewebbrowserinterface(Chapter5),andhowtousethese
interfacestoconfigureandmonitortheswitch.
ForinformationonhowtoaccessthewebbrowserinterfaceHelp,seeOnline
HelpfortheWebBrowserInterfaceonpage5-12.
2-2
AdvantagesofUsingtheMenuInterface
TouseProCurveManagerorProCurveManagerPlus,refertotheGetting
StartedGuideandtheAdministratorsGuide,whichareavailableelectron-
icallywiththesoftwarefortheseapplications.Formoreinformation,visitthe
ProCurveNetworkingwebsiteatwww.procurve.com.
AdvantagesofUsingtheMenuInterface
Figure2-1. ExampleoftheConsoleInterfaceDisplay
Providesquick,easymanagementaccesstoamenu-drivensubsetof
switchconfigurationandperformancefeatures:
IPaddressing Systeminformation
VLANsandGVRP Localpasswords
PortSecurity SNMPcommunities
PortandStaticTrunkGroup Timeprotocols
SpanningTree
Themenuinterfacealsoprovidesaccessfor:
Setupscreen Switchandportstatisticandcounterdisplays
EventLogdisplay Reboots
Switchandport Softwaredownloads
statusdisplays
Offersout-of-bandaccess(throughtheRS-232connection)tothe
switch,sonetworkbottlenecks,crashes,lackofconfiguredorcorrectIP
address,andnetworkdowntimedonotsloworpreventaccess
2-3
AdvantagesofUsingtheCLI
EnablesTelnet(in-band)accesstothemenufunctionality.
Allowsfasternavigation,avoidingdelaysthatoccurwithslower
displayofgraphicalobjectsoverawebbrowserinterface.
Providesmoresecurity;configurationinformationandpasswordsare
notseenonthenetwork.
AdvantagesofUsingtheCLI
ProCurve> PromptforOperatorLevel
ProCurve# PromptforManagerLevel
ProCurve(config)# PromptforGlobalConfiguration
Level
ProCurve(<context>)# PromptforContext
ConfigurationLevels
Forexample:
ProCurve( et h- 1- 5) #
ProCurve( vl an- 1) #
ProCurve( r i p) #
Figure2-2. CommandPromptExamples
GeneralBenefits
Providesaccesstothecompletesetoftheswitchconfiguration,perfor-
mance,anddiagnosticfeatures.
Offersout-of-bandaccess(throughtheRS-232connection)orTelnet(in-
band)access.
Enablesquick,detailedsystemconfigurationandmanagementaccessto
systemoperatorsandadministratorsexperiencedincommandprompt
interfaces.
Provideshelpateachlevelfordeterminingavailableoptionsandvari-
ables.
InformationonUsingtheCLI
ForinformationonhowtousetheCLI,refertoChapter4.Usingthe
CommandLineInterface(CLI).
2-4
AdvantagesofUsingtheWebBrowserInterface
Toperformspecificprocedures(suchasconfiguringIPaddressingor
VLANs),usetheContentslistingatthefrontofthemanualtolocatethe
informationyouneed.
Formonitoringandanalyzingswitchoperation,refertoAppendixB.
ForinformationonindividualCLIcommands,refertotheIndexortothe
onlineHelpprovidedintheCLIinterface.
AdvantagesofUsingtheWebBrowser
Interface
Figure2-3.ExampleoftheWebBrowserInterface
Easyaccesstotheswitchfromanywhereonthenetwork
Familiarbrowserinterface--locationsofwindowobjectsconsistent
withcommonlyusedbrowsers,usesmouseclickingfornavigation,no
terminalsetup
Manyfeatureshavealltheirfieldsinonescreensoyoucanviewall
valuesatonce
2-5
AdvantagesofUsingProCurveManagerorProCurveManagerPlus
Morevisualcues,usingcolors,statusbars,deviceicons,andother
graphicalobjectsinsteadofrelyingsolelyonalphanumericvalues
Displayofacceptablerangesofvaluesavailableinconfigurationlist
boxes
orProCurveManagerPlus
YoucanoperateProCurveManagerandProCurveManagerPlus(PCMand
PCM+)fromaPConthenetworktomonitortraffic,manageyourhubsand
switches,andproactivelyrecommendnetworkchangestoincreasenetwork
uptimeandoptimizeperformance.Easytoinstallanduse,PCMandPCM+are
theanswerstoyourmanagementchallenges.
PCMandPCM+enablegreatercontrol,uptime,andperformanceinyour
network:
FeaturesandbenefitsofProCurveManager:
NetworkStatusSummary:Uponboot-up,anetworkstatusscreen
displayshigh-levelinformationonnetworkdevices,endnodes,
events,andtrafficlevels.Fromhere,userscanresearchanyoneof
theseareastogetmoredetails.
AlertsandTroubleshooting:Aneventssummaryscreendisplays
alertstotheuserandcategorizesthembyseverity,makingiteasier
totrackwherebottlenecksandissuesexistinthenetwork.Alerts
presentdetailedinformationontheproblem,evendowntothespe-
cificport.
AutomaticDeviceDiscovery:Thisfeatureiscustomizedforfast
discoveryofallProCurvemanageablenetworkdevices.Theusercan
definewhichIPsubnetstodiscover.
TopologyandMapping:Thisfeatureautomaticallycreatesamapof
discoverednetworkdevices.Mapsarecolor-codedtoreflectdevice
statusandcanbeviewedatmultiplelevels(physicalview,subnet
view,orVLANview).
DeviceManagement:Manydevice-focusedtaskscanbeperformed
directlybythesoftware,ortheusercanaccessweb-browserand
command-lineinterfaceswiththeclickofabuttontomanageindivid-
ualdevicesfrominsidethetool.
FeaturesandbenefitsofProCurveManagerPlus:
AlloftheFeaturesofProCurveManager:Refertotheabove
listing.
2-6
In-DepthTrafficAnalysis:Anintegrated,low-overheadtrafficmon-
itorinterfaceshowsdetailedinformationontrafficthroughoutthe
network.UsingenhancedtrafficanalysisprotocolssuchasExtended
RMONandsFlow,userscanmonitoroveralltrafficlevels,segments
withthehighesttraffic,oreventhetopuserswithinanetwork
segment.
GroupandPolicyManagement:Changesinconfigurationare
trackedandlogged,andarchivedconfigurationscanbeappliedtoone
ormanydevices.Configurationscanbecomparedovertimeor
betweentwodevices,withthedifferenceshighlightedforusers.
AdvancedVLANManagement:Anew,easy-to-useVLANmanage-
mentinterfaceallowsuserstocreateandassignVLANsacrossthe
entirenetwork,withouthavingtoaccesseachnetworkdeviceindi-
vidually.
DeviceSoftwareUpdates:Thisfeatureautomaticallyobtainsnew
devicesoftwareimagesfromProCurveandupdatesdevices,allowing
userstodownloadthelatestversionorchoosethedesiredversion.
Updatescanbescheduledeasilyacrosslargegroupsofdevices,allat
user-specifiedtimes.
InvestmentProtection:ThemodularsoftwarearchitectureofPro-
CurveManagerPluswillallowProCurvetooffernetworkadministra-
torsadd-onsoftwaresolutionsthatcomplementtheirneeds.
WebBrowserInterfaces
Youcannowconfiguretheswitchtodisplayaloginbannerofupto3070
characterswhenanoperatorinitiatesamanagementsessionwiththeswitch
throughanyofthefollowingmethods:
Telnet
serialconnection
SSHv2
Webbrowser
Thedefaultbannerdisplaysproductregistrationinformation;thecopyright
splashisnolongerdisplayed.
2-7
Ifabannerisconfigured,thebannerpageisdisplayedwhenyouaccessthe
Webuserinterface.Thedefaultproductregistrationinformationisnot
displayedasthereisalreadyaproductregistrationpromptdisplayedinthe
Webuserinterface.
BannerOperationwithTelnet,Serial,orSSHv2Access
Whenasystemoperatorbeginsaloginsession,theswitchdisplaysthebanner
abovethelocalpasswordpromptor,ifnopasswordisconfigured,abovethe
Pressanykeytocontinueprompt.Enteringacorrectpasswordor,ifnopassword
isconfigured,pressinganykeyclearsthebannerfromtheCLIanddisplays
theCLIprompt.(RefertoFigure2-5onpage2-10.)
BannerOperationwithWebBrowserAccess
WhenasystemoperatorusesaWebbrowsertoaccesstheswitch,thetextof
anon-defaultbannerconfiguredontheswitchappearsinadedicatedbanner
windowwithalinktotheWebagenthomepage.ClickingonToHomePage
clearsthebannerwindowandpromptstheuserforapassword(ifconfigured).
Followingentryofthecorrectusername/passwordinformation(orifno
username/passwordisrequired),theswitchthendisplayseithertheRegistra-
tionpageortheswitchshomepage.Notethatifthebannerfeatureisdisabled
oriftheswitchisusingthefactory-defaultbannershowninfigure2-5,then
thebannerpagedoesnotappearintheWebbrowserwhenanoperator
initiatesaloginsessionwiththeswitch.
ConfiguringandDisplayingaNon-DefaultBanner
YoucanenableordisablebanneroperationusingeithertheswitchsCLIor
anSNMPapplication.Thestepsinclude:
1. Enablenon-defaultbanneroperationanddefinetheendpointdelimiter
forthebanner.
2. Enterthedesiredbannertext,includinganyspecificlinebreaksyou
want.
3. Entertheendpointdelimiter.
2-8
Useshowbannermotdtodisplaythecurrentbannerstatus.
Syntax: bannermotd<delimiter>
nobannermotd
Thiscommanddefinesthesinglecharacterusedtotermi-
natethebannertextandenablesbannertextinput.You
canuseanycharacterexceptablankspaceasadelimiter.
Thenoformofthecommanddisablestheloginbanner
feature.
<banner-text-string>
Theswitchallowsupto3070bannercharacters,
includingblankspacesandCR-LF([Enter]).(Thetilde~
andthedelimiterdefinedbybannermotd<delimiter>are
notallowedaspartofthebannertext.)Whileentering
bannertext,youcanbackspacetoeditthecurrentline
(thatis,alinethathasnotbeenterminatedbyaCR-LF.)
However,terminatingalineinabannerbyenteringa
CR-LFpreventsanyfurthereditingofthatline.Toedita
lineinabannerentryafterterminatingthelinewitha
CR-LFrequiresenteringthedelimiterdescribedabove
andthenre-configuringnewbannertext.
Thebannertextstringmustterminatewiththecharacter
definedbybannermotd<delimiter>.
ExampleofConfiguringandDisplayingaBanner
Supposeasystemoperatorwantedtoconfigurethefollowingbannermessage
onhercompanysswitches:
Thi s i s a pr i vat e syst emmai nt ai ned by t he
Al l i ed Wi dget Cor por at i on.
Unaut hor i zed use of t hi s syst emcan r esul t i n
ci vi l and cr i mi nal penal t i es!
Inthiscase,theoperatorwillusethe[Enter]keytocreatelinebreaks,blank
spacesforlinecentering,andthe%symboltoterminatethebannermessage.
2-9
Figure2-4. ExampleofConfiguringaLoginBanner
Toviewthecurrentbannerconfiguration,useeithertheshowbannermotdor
showrunningcommand.
Pr oCur ve( conf i g) # show banner mot d
Banner I nf or mat i on
Banner st at us: Enabl ed
Conf i gur ed Banner :
Thi s i s a pr i vat e syst emmai nt ai ned by t he
Al l i ed Wi dget Cor por at i on.
Unaut hor i zed use of t hi s syst emcan r esul t i n
ci vi l and cr i mi nal penal t i es!
Figure2-5. ExampleofshowbannermotdOutput
Pr oCur ve( conf i g) # show r unni ng
Runni ng conf i gur at i on:
; J 9146A Conf i gur at i on Edi t or ; Cr eat ed on r el ease #W. 14. XX
host name " Pr oCur ve Swi t ch 2910al - 24G- PWR"
consol e baud- r at e 9600
modul e 1 t ype J XXXXA
snmp- ser ver communi t y " publ i c" Oper at or
vl an 1
name " DEFAULT_VLAN"
unt agged 1- 5, 9- 24, Tr k2
i p addr ess 15. 255. 128. 86 255. 255. 248. 0
no unt agged 6
exi t
banner mot d Thi s i s a pr i vat e syst emmai nt ai ned by t he
Al l i ed Wi dget Cor por at i on. Showsthecurrentbanner
Unaut hor i zed use of t hi s syst emcan r esul t i n configuration.
ci vi l and cr i mi nal penal i t es!
Figure2-6. TheCurrentBannerAppearsintheSwitchsRunning-ConfigFile
2-10
ThenexttimesomeonelogsontotheswitchsmanagementCLI,thefollowing
appears:
Theloginscreendisplaysthe
configuredbanner.
Enteringacorrectpassword
clearsthebanneranddisplays
theCLIprompt.
Figure2-7. ExampleofCLIResultoftheLoginBannerConfiguration
IfsomeoneusesaWebbrowsertologintotheswitchinterface,thefollowing
messageappears:
Figure2-8. ExampleofWebBrowserInterfaceResultoftheLoginBanner
Configuration
OperatingNotes
Thedefaultbannerappearsonlywhentheswitchisinthefactory
defaultconfiguration.Usingnobannermotddeletesthecurrently
configuredbannertextandblocksdisplayofthedefaultbanner.The
defaultbannerisrestoredonlyiftheswitchisresettoitsfactory-
defaultconfiguration.
Theswitchsupportsonebanneratanytime.Configuringanew
bannerreplacesanyformerbannerconfiguredontheswitch.
2-11
Iftheswitchisconfiguredwithsshversion1orsshversion1-or-2,
configuringthebannersetstheSSHconfigurationtosshversion2
anddisplaysthefollowingmessageintheCLI:
War ni ng: SSH ver si on has been set t o v2.
Ifabannerisconfigured,theswitchdoesnotallowconfigurationwith
sshversion1orsshversion1-or-2.Attemptingtodosoproducesthe
followingerrormessageintheCLI:
Banner has t o be di sabl ed f i r st .
Ifabannerisenabledontheswitch,theWebbrowserinterface
displaysthefollowinglinktothebannerpage:
Noticetoallusers
2-12
3
UsingtheMenuInterface
Contents
Overview ..................................................... 3-2
StartingandEndingaMenuSession ........................... 3-3
HowToStartaMenuInterfaceSession .... ..................... 3-4
HowToEndaMenuSessionandExitfromtheConsole: .......... 3-5
MainMenuFeatures .......................................... 3-7
ScreenStructureandNavigation............................... 3-9
RebootingtheSwitch......................................... 3-12
MenuFeaturesList........................................... 3-14
WhereToGoFromHere ...................................... 3-15
3-1
Overview
Overview
Thischapterdescribesthefollowingfeatures:
OverviewoftheMenuInterface(page3-2)
StartingandendingaMenusession(page3-3)
TheMainMenu(page3-7)
Screenstructureandnavigation(page3-9)
Rebootingtheswitch(page3-12)
Themenuinterfaceoperatesthroughtheswitchconsoletoprovideyouwith
asubsetofswitchcommandsinaneasy-to-usemenuformatenablingyouto:
Performaquickconfigurationofbasicparameters,suchastheIP
addressingneededtoprovidemanagementaccessthroughyournetwork
Configurethesefeatures:
ManagerandOperator Anetworkmonitoringport
passwords
SNMPcommunitynames
Systemparameters
IPauthorizedmanagers
IPaddressing
VLANs(VirtualLANs)andGVRP
Timeprotocol
Ports
Trunkgroups
Viewstatus,counters,andEventLoginformation
Updateswitchsoftware
Reboottheswitch
Foradetailedlistofmenufeatures,seetheMenuFeaturesListonpage3-14.
PrivilegeLevelsandPasswordSecurity.ProCurvestronglyrecom-
mendsthatyouconfigureaManagerpasswordtohelppreventunauthorized
accesstoyournetwork.AManagerpasswordgrantsfullread-writeaccessto
theswitch.AnOperatorpassword,ifconfigured,grantsaccesstostatusand
counter,EventLog,andtheOperatorlevelintheCLI.Afteryouconfigure
passwordsontheswitchandlogoffoftheinterface,accesstothemenu
interface(andtheCLIandwebbrowserinterface)willrequireentryofeither
theManagerorOperatorpassword.(IftheswitchhasonlyaManagerpass-
word,thensomeonewithoutapasswordcanstillgainread-onlyaccess.)
3-2
StartingandEndingaMenuSession
Not e IftheswitchhasneitheraManagernoranOperatorpassword,anyone
havingaccesstotheconsoleinterfacecanoperatetheconsolewithfull
managerprivileges.Also,ifyouconfigureonlyanOperatorpassword,
enteringtheOperatorpasswordenablesfullmanagerprivileges.
Formoreinformationonpasswords,refertotheAccessSecurityGuidefor
yourswitch.
MenuInteractionwithOtherInterfaces.
Themenuinterfacedisplaysthecurrentrunning-configparameterset-
tings.Youcanusethemenuinterfacetosaveconfigurationchangesmade
intheCLIonlyiftheCLIchangesareintherunningconfigwhenyousave
changesmadeinthemenuinterface.(Formoreonhowswitchmemory
managesconfigurationchanges,seeChapter6,SwitchMemoryand
Configuration.)
Aconfigurationchangemadethroughanyswitchinterfaceoverwrites
earlierchangesmadethroughanyotherinterface.
TheMenuInterfaceandtheCLI(CommandLineInterface)bothusethe
switchconsole.ToenterthemenufromtheCLI,usethemenucommand.
ToentertheCLIfromtheMenuinterface,selectCommandLine(CLI)option.)
Youcanaccessthemenuinterfaceusinganyofthefollowing:
Adirectserialconnectiontotheswitchsconsoleport,asdescribedinthe
installationguideyoureceivedwiththeswitch
ATelnetconnectiontotheswitchconsolefromanetworkedPCorthe
switchswebbrowserinterface.TelnetrequiresthatanIPaddressand
subnetmaskcompatiblewithyournetworkhavealreadybeenconfigured
ontheswitch.
Not e Thissectionassumesthateitheraterminaldeviceisalreadyconfiguredand
connectedtotheswitch(seetheInstallationandGettingStartedGuide
shippedwithyourswitch)orthatyouhavealreadyconfiguredanIPaddress
ontheswitch(requiredforTelnetaccess).
3-3
HowToStartaMenuInterfaceSession
Initsfactorydefaultconfiguration,theswitchconsolestartswiththeCLI
prompt.TousethemenuinterfacewithManagerprivileges,gototheManager
levelpromptandenterthemenucommand.
1. Useoneofthesemethodstoconnecttotheswitch:
APCterminalemulatororterminal
Telnet
2. Dooneofthefollowing:
IfyouareusingTelnet,gotostep3.
IfyouareusingaPCterminalemulatororaterminal,press[Enter]one
ormoretimesuntilapromptappears.
3. Whentheswitchscreenappears,dooneofthefollowing:
Ifapasswordhasbeenconfigured,thepasswordpromptappears.
Password: _
TypetheManagerpasswordandpress[Enter].EnteringtheManager
passwordgivesyoumanager-levelaccesstotheswitch.(Enteringthe
Operatorpasswordgivesyouoperator-levelaccesstotheswitch.
RefertotheAccessSecurityGuideforyourswitch.)
Ifnopasswordhasbeenconfigured,theCLIpromptappears.Goto
thenextstep.
4. WhentheCLIpromptappears,displaytheMenuinterfacebyenteringthe
menucommand.Forexample:
ProCurve# menu [Enter]
resultsinthefollowingdisplay:
3-4
Figure3-1. ExampleoftheMainMenuwithManagerPrivileges
ForadescriptionofMainMenufeatures,seeMainMenuFeaturesonpage3-
7.
Not e ToconfiguretheswitchtostartwiththemenuinterfaceinsteadoftheCLI,go
totheManagerlevelpromptintheCLI,enterthesetupcommand,andinthe
resultingdisplay,changetheLogonDefaultparametertoMenu.Formore
information,seetheInstallationandGettingStartedGuideyoureceived
withtheswitch.
HowToEndaMenuSessionandExitfromtheConsole:
Themethodforendingamenusessionandexitingfromtheconsoledepends
onwhether,duringthesession,youmadeanychangestotheswitchconfigu-
rationthatrequireaswitchreboottoactivate.(Mostchangesviathemenu
interfaceneedonlyaSave,anddonotrequireaswitchreboot.)Configuration
changesneedingarebootaremarkedwithanasterisk(*)nexttotheconfig-
urediteminthemenuandalsonexttotheSwitchConfigurationiteminthe
MainMenu.
3-5
Asteriskindicatesa
configurationchange
thatrequiresareboot
toactivate.
Figure3-2. ExampleIndicationofaConfigurationChangeRequiringaReboot
1. Inthecurrentsession,ifyouhavenotmadeconfigurationchangesthat
requireaswitchreboottoactivate,returntotheMainMenuandpress[0]
(zero)tologout.Thenjustexitfromtheterminalprogram,turnoffthe
terminal,orquittheTelnetsession.
2. Ifyouhavemadeconfigurationchangesthatrequireaswitchreboot
thatis,ifanasterisk(*)appearsnexttoaconfigureditemornexttoSwitch
ConfigurationintheMainMenu:
a. ReturntotheMainMenu.
b. Press[6]toselectRebootSwitchandfollowtheinstructionsonthe
rebootscreen.
Rebootingtheswitchterminatesthemenusession,and,ifyouareusing
Telnet,disconnectstheTelnetsession.
(SeeRebootingToActivateConfigurationChangesonpage3-13.)
3. Exitfromtheterminalprogram,turnofftheterminal,orclosetheTelnet
applicationprogram.
3-6
MainMenuFeatures
MainMenuFeatures
Pr oCur ve Swi t ch 2- J an- 1990 0: 00: 44
===========================- TELNET - MANAGER MODE - =========================
Mai n Menu
1. St at us and Count er s. . .
2. Swi t ch Conf i gur at i on. . .
3. Consol e Passwor ds. . .
4. Event Log
5. Command Li ne ( CLI )
6. Reboot Swi t ch
7. Downl oad OS
8. Run Set up
9. St acki ng. . .
0. Logout
Pr ovi des t he menu t o di spl ay conf i gur at i on, st at us, and count er s.
To sel ect menu i t em, pr ess i t emnumber , or hi ghl i ght i t emand pr ess <Ent er >.
Figure3-3. TheMainMenuViewwithManagerPrivileges
TheMainMenugivesyouaccesstotheseMenuinterfacefeatures:
StatusandCounters: Providesaccesstodisplayscreensshowing
switchinformation,portstatusandcounters,andportandVLANaddress
tables.(RefertoAppendixB,MonitoringandAnalyzingSwitchOpera-
tion.)
SwitchConfiguration: Providesaccesstoconfigurationscreensfor
displayingandchangingthecurrentconfigurationsettings.(SeetheCon-
tentslistingatthefrontofthismanual.)Foralistingoffeaturesand
parametersconfigurablethroughthemenuinterface,seetheMenuFea-
turesListonpage3-14.Foranindexofthefeaturescoveredinthe
softwaremanualsforyourswitch,refertotheSoftwareFeatureIndex
onpage-xxii.
ConsolePasswords:Providesaccesstothescreenusedtosetorchange
Manager-levelandOperator-levelpasswords,andtodeleteManagerand
Operatorpasswordprotection.(Refertothechapteronconfiguringuser-
namesandpasswordsintheAccessSecurityGuideforyourswitch.)
EventLog: Enablesyoutoreadprogressanderrormessagesthatare
usefulforcheckingandtroubleshootingswitchoperation.(SeeUsingthe
EventLogforTroubleshootingSwitchProblemsonpageC-26.)
3-7
MainMenuFeatures
CommandLine(CLI):SelectstheCommandLineInterfaceatthesame
level(ManagerorOperator)thatyouareaccessingintheMenuinterface.
(RefertoChapter4,UsingtheCommandLineInterface(CLI).)
RebootSwitch: Performsawarmrebootoftheswitch,whichclears
mosttemporaryerrorconditions,resetsthenetworkactivitycountersto
zero,andresetsthesystemup-timetozero.Arebootisrequiredtoactivate
achangeintheVLANSupportparameter.(SeeRebootingfromtheMenu
Interfaceonpage6-11.)
DownloadOS:Enablesyoutodownloadanewswitchsoftwareversion
totheswitch.(SeeAppendixA,FileTransfers.)
RunSetup:DisplaystheSwitchSetupscreenforquicklyconfiguring
basicswitchparameterssuchasIPaddressing,defaultgateway,logon
defaultinterface,andothers.(RefertotheInstallationandGetting
StartedGuideforyourswitch.)
Logout:ClosestheMenuinterfaceandconsolesession,anddisconnects
Telnetaccesstotheswitch.(SeeHowtoEndaMenuSessionandExit
fromtheConsoleonpage3-5.)
3-8
ScreenStructureandNavigation
Menuinterfacescreensincludethesethreeelements:
Parameterfieldsand/orread-onlyinformationsuchasstatistics
Navigationandconfigurationactions,suchasSave,Edit,andCancel
Helplinetodescribenavigationoptions,individualparameters,andread-
onlydata
Forexample,inthefollowingSystemInformationscreen:
Helpline
describingthe
selectedaction
orselected
parameterfield
Parameterfields
Helpdescribingeachofthe
itemsintheparameterfields
Navigationinstructions
Actionsline
Screentitleidentifies
thelocationwithinthe
menustructure
Figure3-4. ElementsoftheScreenStructure
FormsDesign.Theconfigurationscreens,inparticular,operatesimilarly
toanumberofPCapplicationsthatuseformsfordataentry.Whenyoufirst
enterthesescreens,youseethecurrentconfigurationfortheitemyouhave
selected.Tochangetheconfiguration,thebasicoperationisto:
1. Press[E]toselecttheEditaction.
2. Navigatethroughthescreenmakingallthenecessaryconfiguration
changes.(SeeTable3-5onpage3-10.)
3. Press[Enter]toreturntotheActionsline.Fromthereyoucansavethe
configurationchangesorcancelthechanges.Cancelreturnstheconfigu-
rationtothevaluesyousawwhenyoufirstenteredthescreen.
3-9
Table3-5. HowToNavigateintheMenuInterface
Task: Actions:
Executeanaction
fromtheActions>
listatthebottomof
thescreen:
Useeitherofthefollowingmethods:
Usethearrowkeys([<],or[>])tohighlighttheactionyouwant
toexecute,thenpress[Enter].
Pressthekeycorrespondingtothecapitalletterintheaction
name.Forexample,inaconfigurationmenu,press[E]toselect
Editandbegineditingparametervalues.
Reconfigure(edit)a
parametersettingora
field:
1. Selectaconfigurationitem,suchasSystemName.(Seefigure
3-4.)
2. Press[E](forEditontheActionsline).
3. Use[Tab]orthearrowkeys([<],[>],[^],or[v])tohighlightthe
itemorfield.
Iftheparameterhaspreconfiguredvalues,eitherusethe
Spacebartoselectanewoptionortypethefirstpartofyour
selectionandtherestoftheselectionappears
automatically.(ThehelplineinstructsyoutoSelecta
value.)
Iftherearenopreconfiguredvalues,typeinavalue(theHelp
lineinstructsyoutoEnteravalue).
5. Ifyouwanttochangeanotherparametervalue,returntostep3.
6. Ifyouarefinishededitingparametersinthedisplayedscreen,
press[Enter]toreturntotheActionslineanddooneofthe
following:
Tosaveandactivateconfigurationchanges,press[S](forthe
Saveaction).Thissavesthechangesinthestartup
configurationandalsoimplementsthechangeinthe
currentlyrunningconfiguration.(SeeChapter6,Switch
MemoryandConfiguration.)
Toexitfromthescreenwithoutsavinganychangesthatyou
havemade(orifyouhavenotmadechanges),press[C](for
theCancelaction).
Note:Inthemenuinterface,executingSaveactivatesmost
parameterchangesandsavestheminthestartupconfiguration
(orflash)memory,anditisthereforenotnecessarytorebootthe
switchaftermakingthesechanges.Butifanasteriskappears
nexttoanymenuitemyoureconfigure,theswitchwillnot
activateorsavethechangeforthatitemuntilyourebootthe
switch.Inthiscase,rebootingshouldbedoneafteryouhave
madealldesiredchangesandthenreturnedtotheMainMenu.
7. Whenyoufinisheditingparameters,returntotheMainMenu.
8. Ifnecessary,reboottheswitchbyhighlightingRebootSwitch
intheMainMenuandpressing[Enter].(SeetheNote,above.)
Exitfromaread-only Press[B](fortheBackaction).
screen.
3-10
TogetHelponindividualparameterdescriptions.Inmostscreens
thereisaHelpoptionintheActionsline.Wheneveranyoftheitemsinthe
Actionslineishighlighted,press[H],andaseparatehelpscreenisdisplayed.
Forexample:
Pressing[H]orhighlightingHelpand
pressing[Enter]displaysHelpforthe
parameterslistedintheupperpartof
thescreen
Highlightonanyitemin
theActionsline
indicatesthatthe
Actionslineisactive.
TheHelplineprovides
abriefdescriptorof
thehighlightedAction
itemorparameter.
Figure3-6. ExampleShowingHowToDisplayHelp
TogetHelpontheactionsordatafieldsineachscreen:Usethearrow
keys([<],[>],[^],or[v])toselectanactionordatafield.Thehelplineunderthe
Actionsitemsdescribesthecurrentlyselectedactionordatafield.
Forguidanceonhowtonavigateinascreen:Seetheinstructionsprovided
atthebottomofthescreen,orrefertoScreenStructureandNavigationon
page3-9.)
3-11
RebootingtheSwitch
RebootingtheSwitch
Rebootingtheswitchfromthemenuinterface
Terminatesallcurrentsessionsandperformsaresetoftheoperating
system
Activatesanymenuinterfaceconfigurationchangesthatrequireareboot
Resetsstatisticalcounterstozero
(Notethatstatisticalcounterscanberesettozerowithoutrebootingthe
switch.)
ToReboottheswitch,usetheRebootSwitchoptionintheMainMenu.(Note
thatRebootSwitchisnotavailableifyoulogoninOperatormode;thatis,if
youenteranOperatorpasswordinsteadofamanagerpasswordatthe
passwordprompt.)
RebootSwitchoption
Figure3-7. TheRebootSwitchOptionintheMainMenu
3-12
RebootingtheSwitch
RebootingToActivateConfigurationChanges.Configurationchanges
formostparametersinthemenuinterfacebecomeeffectiveassoonasyou
savethem.However,youmustreboottheswitchinordertoimplementa
changeintheMaximumVLANstosupportparameter.(Toaccessthisparameter,go
totheMainMenuandselect:
2.SwitchConfiguration
8.VLANMenu
1.VLANSupport.
Ifyoumakeconfigurationchangesinthemenuinterfacethatrequireareboot,
theswitchdisplaysanasterisk(*)nexttothemenuiteminwhichthechange
hasbeenmade.Forexample,ifyouchangeandsavethevaluefortheMaximum
VLANstosupportparameter,anasteriskappearsnexttotheVLANSupportentry
intheVLANMenuscreen,andalsonexttotheSwitchConfigurationentryin
theMainMenu.
Reminderto
rebootthe
switchto
activate
configuration
changes.
Asterisk
indicatesa
configuration
changethat
requiresa
rebootinorder
totakeeffect.
Figure3-8. IndicationofaConfigurationChangeRequiringaReboot
Toactivatechangesindicatedbytheasterisk,gototheMainMenuandselect
theRebootSwitchoption.
Not e ExecutingthewritememorycommandintheCLIdoesnotaffectpending
configurationchangesindicatedbyanasteriskinthemenuinterface.Thatis,
onlyarebootfromthemenuinterfaceorabootorreloadcommandfromthe
CLIwillactivateapendingconfigurationchangeindicatedbyanasterisk.
3-13
MenuFeaturesList
MenuFeaturesList
StatusandCounters
GeneralSystemInformation
SwitchManagementAddressInformation
PortStatus
PortCounters
VLANAddressTable
PortAddressTable
SwitchConfiguration
SystemInformation
Port/TrunkSettings
NetworkMonitoringPort
IPConfiguration
SNMPCommunityNames
IPauthorizedManagers
VLANMenu
ConsolePasswords
EventLog
CommandLine(CLI)
RebootSwitch
DownloadOS(DownloadSwitchSoftware)
RunSetup
Stacking
Logout
3-14
WhereToGoFromHere
WhereToGoFromHere
Thischapterprovidesanoverviewofthemenuinterfaceandhowtouseit.
Thefollowingtableindicateswheretoturnfordetailedinformationonhow
tousetheindividualfeaturesavailablethroughthemenuinterface.
Option: Turnto:
TousetheRunSetupoption RefertotheInstallationandGettingStartedGuide
foryourswitch,availableontheProcurveweb
siteatwww.procurve.com.
Toviewandmonitorswitchstatusand AppendixB,MonitoringandAnalyzingSwitch
counters Operation
Tolearnhowtoconfigureanduse RefertotheAccessSecurityGuideforyour
passwordsandothersecurityfeatures switch.
TolearnhowtousetheEventLog UsingtheEventLogforTroubleshootingSwitch
ProblemsonpageC-26
TolearnhowtheCLIoperates Chapter4,UsingtheCommandLineInterface
(CLI)
Todownloadswitchsoftware AppendixA,FileTransfers
Foradescriptionofhowswitch Chapter6,SwitchMemoryandConfiguration
memoryhandlesconfiguration
changes
Forinformationonotherswitch RefertotheFeatureIndexatthefrontofthis
featuresandhowtoconfigurethem guide,andtoSourcesforMoreInformationon
page1-4.
3-15
WhereToGoFromHere
3-16
4
UsingtheCommandLineInterface(CLI)
Contents
Overview ..................................................... 4-2
AccessingtheCLI ............................................. 4-2
UsingtheCLI ................................................. 4-2
PrivilegeLevelsatLogon ..................................... 4-3
PrivilegeLevelOperation ..................................... 4-4
OperatorPrivileges ...................................... 4-4
ManagerPrivileges....................................... 4-5
HowToMoveBetweenLevels ................................ 4-7
ListingCommandsandCommandOptions ...................... 4-8
ListingCommandsAvailableatAnyPrivilegeLevel ........... 4-8
ListingCommandOptions ............................... 4-10
DisplayingCLIHelp ....................................... 4-11
ConfigurationCommandsandtheContextConfigurationModes .. 4-13
CLIControlandEditing ...................................... 4-16
ExecutingaPriorCommandRedo .......................... 4-16
RepeatingExecutionofaCommand .......................... 4-16
CLIEditingShortcuts ........................................ 4-18
4-1
Overview
Overview
TheCLIisatext-basedcommandinterfaceforconfiguringandmonitoringthe
switch.TheCLIgivesyouaccesstotheswitchsfullsetofcommandswhile
providingthesamepasswordprotectionthatisusedinthewebbrowser
interfaceandthemenuinterface.
AccessingtheCLI
Likethemenuinterface,theCLIisaccessedthroughtheswitchconsole,and
intheswitchsfactorydefaultstate,isthedefaultinterfacewhenyoustarta
consolesession.Youcanaccesstheconsoleout-of-bandbydirectlyconnect-
ingaterminaldevicetotheswitch,orin-bandbyusingTelneteitherfroma
terminaldeviceorthroughthewebbrowserinterface.
Also,ifyouareusingthemenuinterface,youcanaccesstheCLIbyselecting
theCommandLine(CLI)optionintheMainMenu.
UsingtheCLI
TheCLIofferstheseprivilegelevelstohelpprotecttheswitchfromunauthor-
izedaccess:
1. Operator
2. Manager
3. GlobalConfiguration
4. ContextConfiguration
Not e CLIcommandsarenotcase-sensitive.
4-2
UsingtheCLI
WhenyouusetheCLItomakeaconfigurationchange,theswitchwritesthe
changetotheRunning-Configfileinvolatilememory.Thisallowsyoutotest
yourconfigurationchangesbeforemakingthempermanent.Tomakechanges
permanent,youmustusethewritememorycommandtosavethemtothe
Startup-Configfileinnon-volatilememory.Ifyoureboottheswitchwithout
firstusingwritememory,allchangesmadesincethelastrebootorwritememory
(whicheverislater)willbelost.Formoreonswitchmemoryandsaving
configurationchanges,seeChapter6,SwitchMemoryandConfiguration.
PrivilegeLevelsatLogon
PrivilegelevelscontrolthetypeofaccesstotheCLI.Toimplementthis
control,youmustsetatleastaManagerpassword.WithoutaManager
passwordconfigured,anyonehavingserialport,Telnet,orwebbrowser
accesstotheswitchcanreachallCLIlevels.(Formoreonsettingpasswords,
refertothechapteronusernamesandpasswordsintheAccessSecurityGuide
foryourswitch.)
WhenyouusetheCLItologontotheswitch,andpasswordsareset,youwill
bepromptedtoenterapassword.Forexample:
PasswordPrompt
Figure4-1. ExampleofCLILog-OnScreenwithPassword(s)Set
Intheabovecase,youwillentertheCLIatthelevelcorrespondingtothe
passwordyouprovide(operatorormanager).
IfnopasswordsaresetwhenyoulogontotheCLI,youwillenteratthe
Managerlevel.Forexample:
ProCurve# _
4-3
UsingtheCLI
Ca u t i o n ProCurvestronglyrecommendsthatyouconfigureaManagerpassword.Ifa
Managerpasswordisnotconfigured,thentheManagerlevelisnotpassword-
protected,andanyonehavingin-bandorout-of-bandaccesstotheswitchmay
beabletoreachtheManagerlevelandcompromiseswitchandnetwork
security.NotethatconfiguringonlyanOperatorpassworddoesnotprevent
accesstotheManagerlevelbyintruderswhohavetheOperatorpassword.
PressingtheClearbuttononthefrontoftheswitchremovespassword
protection.Forthisreason,itisrecommendedthatyouprotecttheswitch
fromphysicalaccessbyunauthorizedpersons.Ifyouareconcernedabout
switchsecurityandoperation,youshouldinstalltheswitchinasecure
location,suchasalockedwiringcloset.
PrivilegeLevelOperation
2.ManagerLevel
3.GlobalConfiguration
OperatorPrivileges
ManagerPrivileges
1.OperatorLevel
4.ContextConfigurationLevel
Figure4-2. AccessSequenceforPrivilegeLevels
OperatorPrivileges
AttheOperatorlevelyoucanexaminethecurrentconfigurationandmove
betweeninterfaceswithoutbeingabletochangetheconfiguration.A>
characterdelimitstheOperator-levelprompt.Forexample:
ProCurve> _ (ExampleoftheOperatorprompt.)
WhenusingenabletomovetotheManagerlevel,theswitchpromptsyoufor
theManagerpasswordifonehasalreadybeenconfigured.
4-4
UsingtheCLI
ManagerPrivileges
Managerprivilegesgiveyouthreeadditionallevelsofaccess:Manager,Global
Configuration,andContextConfiguration.A#characterdelimitsanyMan-
agerprompt.Forexample:
ProCurve#_ ExampleoftheManagerprompt.
Managerlevel:ProvidesallOperatorlevelprivilegesplustheabilityto
performsystem-levelactionsthatdonotrequiresavingchangestothe
systemconfigurationfile.ThepromptfortheManagerlevelcontainsonly
thesystemnameandthe#delimiter,asshownabove.Toselectthis
level,entertheenablecommandattheOperatorpromptandenterthe
Managerpassword,whenprompted.Forexample:
ProCurve> enabl e EnterenableattheOperatorprompt.
Passwor d: CLIpromptfortheManagerpassword.
ProCurve# _ TheManagerpromptappearsafterthe
correctManagerpasswordisentered.
GlobalConfigurationlevel:ProvidesallOperatorandManagerlevel
privileges,andenablesyoutomakeconfigurationchangestoanyofthe
switchssoftwarefeatures.ThepromptfortheGlobalConfigurationlevel
includesthesystemnameand(config).Toselectthislevel,enterthe
configcommandattheManagerprompt.Forexample:
Pr oCur ve# conf i g EnterconfigattheManagerprompt.
Pr oCur ve( conf i g) #_ TheGlobalConfigprompt.
ContextConfigurationlevel:ProvidesallOperatorandManagerpriv-
ileges,andenablesyoutomakeconfigurationchangesinaspecific
context,suchasoneormoreportsoraVLAN.ThepromptfortheContext
Configurationlevelincludesthesystemnameandtheselectedcontext.
Forexample:
ProCurve( et h- 1) #
TheContextlevelisuseful,forexample,forexecutingseveralcommands
directedatthesameportorVLAN,orifyouwanttoshortenthecommand
stringsforaspecificcontextarea.Toselectthislevel,enterthespecific
contextattheGlobalConfigurationlevelprompt.Forexample,toselect
thecontextlevelforanexistingVLANwiththeVLANIDof10,youwould
enterthefollowingcommandandseetheindicatedresult:
ProCurve( conf i g) # vl an 10
4-5
UsingtheCLI
Table4-1. PrivilegeLevelHierarchy
Privilege
Level
ExampleofPromptandPermittedOperations
OperatorPrivilege
OperatorLevel ProCurve> show<command>
setup
ping<argument>
link-test<argument>
enable
menu
logout
exit
Viewstatusandconfigurationinformation.
Performconnectivitytests.
MovefromtheOperatorleveltotheManager
level.
MovefromtheCLIinterfacetothemenuinterface.
ExitfromtheCLIinterfaceandterminatethe
consolesession.
Terminatethecurrentsession(sameaslogout).
ManagerPrivilege
ManagerLevel ProCurve# Performsystem-levelactionssuchassystem
control,monitoring,anddiagnosticcommands,
plusanyoftheOperator-levelcommands.Foralist
ofavailablecommands,enter?attheprompt.
Global ProCurve(config)# Executeconfigurationcommands,plusall
Configuration OperatorandManagercommands.Foralistof
Level availablecommands,enter?attheprompt.
Context ProCurve(eth-5)# Executecontext-specificconfiguration
Configuration ProCurve(vlan- commands,suchasaparticularVLANorswitch
Level 100)# port.Thisisusefulforshorteningthecommand
stringsyoutype,andforenteringaseriesof
commandsforthesamecontext.Foralistof
availablecommands,enter?attheprompt.
4-6
UsingtheCLI
HowToMoveBetweenLevels
ChangeinLevels ExampleofPrompt,Command,andResult
Operatorlevel
to
Managerlevel
Managerlevel
to
Globalconfiguration
level
Globalconfiguration
level
toa
Contextconfiguration
level
level
toanother
level
Movefromanylevel
totheprecedinglevel
Movefromanylevel
totheManagerlevel
ProCurve> enabl e
Passwor d: _
Afteryouenterenable,thePassword
promptappears.Afteryouenterthe
Managerpassword,thesystemprompt
appearswiththe#symbol:
ProCurve#_
ProCurve# conf i g
ProCurve( conf i g) #
ProCurve( conf i g) # vl an 10
ProCurve( vl an- 10) # i nt er f ace e 3
ProCurve( i nt - 3) #
TheCLIacceptseastheabbreviated
formofethernet.
ProCurve( i nt - 3) # exi t
ProCurve( conf i g) # exi t
ProCurve# exi t
ProCurve>
ProCurve( i nt - 3) # end
ProCurve#
or
ProCurve( conf i g) # end
ProCurve#
MovingBetweentheCLIandtheMenuInterface.Whenmoving
betweeninterfaces,theswitchretainsthecurrentprivilegelevel(Manageror
Operator).Thatis,ifyouareattheOperatorlevelinthemenuandselectthe
CommandLineInterface(CLI)optionfromtheMainMenu,theCLIprompt
appearsattheOperatorlevel.
ChangingParameterSettings.Regardlessofwhichinterfaceisused(CLI,
menuinterface,orwebbrowserinterface),themostrecentlyconfigured
versionofaparametersettingoverridesanyearliersettingsforthatparameter.
4-7
UsingtheCLI
Forexample,ifyouusethemenuinterfacetoconfigureanIPaddressofX
forVLAN1andlaterusetheCLItoconfigureadifferentIPaddressofYfor
VLAN1,thenYreplacesXastheIPaddressforVLAN1intherunning-
configfile.IfyousubsequentlyexecutewritememoryintheCLI,thenthe
switchalsostoresYastheIPaddressforVLAN1inthestartup-configfile.
(Formoreonthestartup-configandrunningconfigfiles,seeChapter6,
SwitchMemoryandConfiguration.)
ListingCommandsandCommandOptions
Atanyprivilegelevelyoucan:
Listallofthecommandsavailableatthatlevel
Listtheoptionsforaspecificcommand
ListingCommandsAvailableatAnyPrivilegeLevel
Atagivenprivilegelevelyoucanlistandexecutethecommandsthatlevel
offers,plusallofthecommandsavailableatprecedinglevels.Forexample,
attheOperatorlevel,youcanlistandexecuteonlytheOperatorlevelcom-
mands.However,attheManagerlevel,youcanlistandexecutethecommands
availableatboththeOperatorandManagerlevels.
Type?ToListAvailableCommands. 1.Typingthe?symbolliststhe
commandsyoucanexecuteatthecurrentprivilegelevel.Forexample,
typing?attheOperatorlevelproducesthislisting:
Figure4-3. ExampleoftheOperatorLevelCommandListing
4-8
UsingtheCLI
Typing?attheManagerlevelproducesthislisting:
When--MORE--appears,usetheSpace
baror[Return]tolistadditionalcommands.
Figure4-4.ExampleoftheManager-LevelCommandListing
When --MORE-- appears,therearemorecommandsinthelisting.Tolistthe
nextscreenfullofcommands,presstheSpacebar.Tolisttheremaining
commandsone-by-one,repeatedlypress[Enter].
Typing?attheGlobalConfigurationlevelortheContextConfigurationlevel
producessimilarresults.
Use[Tab] ToSearchfororCompleteaCommandWord.Youcanuse
[Tab]tohelpyoufindCLIcommandsortoquicklycompletethecurrentword
inacommand.Todoso,typeoneormoreconsecutivecharactersina
commandandthenpress[Tab](withnospacesallowed).Forexample,atthe
GlobalConfigurationlevel,ifyoupress[Tab]immediatelyaftertypingt,the
CLIdisplaystheavailablecommandoptionsthatbeginwitht.Forexample:
ProCurve( conf i g) # t [Tab]
t acacs- ser ver
t el net - ser ver
t i me
t i mesync
t r unk
t el net
t er mi nal
t r acer out e
ProCurve( conf i g) # t
4-9
UsingtheCLI
Asmentionedabove,ifyoutypepartofacommandwordandpress[Tab],the
CLIcompletesthecurrentword(ifyouhavetypedenoughofthewordforthe
CLItodistinguishitfromotherpossibilities),includinghyphenatedexten-
sions.Forexample:
ProCurve( conf i g) # por t - [Tab]
ProCurve( conf i g) # por t - secur i t y _
Pressing[Tab]afteracompletedcommandwordliststhefurtheroptionsfor
thatcommand.
Pr oCur ve( conf i g) # qos [Tab]
udp- por t Set UDP por t based pr i or i t y.
t cp- por t Set TCP por t based pr i or i t y.
devi ce- pr i or i t yConf i gur e devi ce- based pr i or i t y.
dscp- mapDef i ne mappi ng bet ween a DSCP
( Di f f er ent i at ed- Ser vi ces Codepoi nt )
val ue and 802. 1p pr i or i t y.
t ype- of - ser vi ceConf i gur e t he Type- of - Ser vi ce
met hod t he devi ce uses t o
pr i or i t i ze I P t r af f i c.
ListingCommandOptions
YoucanusetheCLItoremindyouoftheoptionsavailableforacommandby
enteringcommandkeywordsfollowedby?.Forexample,supposeyouwant
toseethecommandoptionsforconfiguringtheconsolesettings:
Thisexampledisplaysthecommandoptions
forconfiguringtheswitchsconsolesettings.
Figure4-5. ExampleofHowToListtheOptionsforaSpecificCommand
4-10
UsingtheCLI
DisplayingCLIHelp
CLIHelpprovidestwotypesofcontext-sensitiveinformation:
Commandlistwithabriefsummaryofeachcommandspurpose
Detailedinformationonhowtouseindividualcommands
DisplayingCommand-ListHelp.
Syntax: help
DisplaysalistingofcommandHelpsummariesforall
commandsavailableatthecurrentprivilegelevel.Thatis,at
theOperatorlevel,executinghelpdisplaystheHelpsummaries
onlyforOperator-Levelcommands.AttheManagerlevel,
executinghelpdisplaystheHelpsummariesforboththe
OperatorandManagerlevels,andsoon.
Forexample,tolisttheOperator-Levelcommandswiththeirpurposes:
Figure4-6. ExampleofContext-SensitiveCommand-ListHelp
DisplayingHelpforanIndividualCommand.
Syntax: <command-string>help
ThisoptiondisplaysHelpforanycommand availableatthe
currentcontextlevel.
Forexample,tolisttheHelpfortheinterfacecommandintheGlobalConfig-
urationprivilegelevel:
4-11
UsingtheCLI
Figure4-7.ExampleofHowToDisplayHelpforaSpecificCommand
Notethattryingtolistthehelpforanindividualcommandfromaprivilege
levelthatdoesnotincludethatcommandresultsinanerrormessage.For
example,tryingtolistthehelpfortheinterfacecommandwhileattheglobal
configurationlevelproducesthisresult:
Pr oCur ve# speed- dupl ex hel p
I nval i d i nput : speed- dupl ex
4-12
UsingtheCLI
ConfigurationCommandsandtheContext
ConfigurationModes
Youcanexecuteanyconfigurationcommandintheglobalconfigurationmode
orinselectedcontextmodes.However,usingacontextmodeenablesyouto
executecontext-specificcommandsfaster,withshortercommandstrings.
Theswitchoffersinterface(portortrunkgroup)andVLANcontextconfigu-
rationmodes:
PortorTrunk-GroupContext.Includesport-or trunk-specificcommands
thatapplyonlytotheselectedport(s)ortrunkgroup,plustheglobalconfig-
uration,Manager,andOperatorcommands.Thepromptforthismode
includestheidentityoftheselectedport(s):
ProCurve( conf i g) # i nt er f ace c3- c6
ProCurve( et h- C5- C8) #
ProCurve( conf i g) # i nt er f ace t r k1
ProCurve( et h- Tr k1) #
Commandsexecutedatconfigurationlevelforenteringportand
trk1statictrunk-groupcontexts,andresultingpromptsshowing
portorstatictrunkcontexts..
ProCurve( et h- C5- C8) #
ProCurve( et h- Tr k1) #
ProCurve( et h- C5- C8) # ?
ProCurve( et h- C5- C8) # ?
Liststhecommandsyoucanuseintheportorstatictrunkcontext,
plustheManager,Operator,andcontextcommandsyoucanexe-
cuteatthislevel.
4-13
UsingtheCLI
Intheportcontext,thefirstblockofcommandsinthe?
listingshowthecontext-specificcommandsthatwillaffect
onlyportsC3-C6.
TheremainingcommandsinthelistingareManager,
Operator,andcontextcommands.
Figure4-8. Context-SpecificCommandsAffectingPortContext
4-14
UsingtheCLI
VLANContext. IncludesVLAN-specificcommandsthatapplyonlytothe
selectedVLAN,plusManagerandOperatorcommands.Thepromptforthis
modeincludestheVLANIDoftheselectedVLAN.Forexample,ifyouhad
alreadyconfiguredaVLANwithanIDof100intheswitch:
ProCurve(config)# vlan 100
CommandexecutedatconfigurationleveltoenterVLAN100context.
ProCurve(vlan-100)#
ResultingpromptshowingVLAN100context.
ProCurve(vlan-100)# ?
ListscommandsyoucanuseintheVLANcontext,plusManager,
Operator,andcontextcommandsyoucanexecuteatthislevel.
IntheVLAN
context,the
firstblockof
commandsin
the?listing
showthe
commandsthat
willaffectonly
vlan-100.
Theremaining
commandsin
thelistingare
Manager,
Operator,and
context
commands.
Figure4-9. Context-SpecificCommandsAffectingVLANContext
4-15
CLIControlandEditing
ExecutingaPriorCommandRedo
Theredocommandexecutesapriorcommandinthehistorylist.
Syntax: redo[number|command-str]
Re-executesacommandfromhistory.Executesthelast
commandbydefault.
number:Thepositionofthecommandtoexecuteinthehistory
list.Whennumberisspecified,then
th
commandstartingfrom
themostrecentcommandinthehistoryisexecuted.
command-str:Whencommand-strisspecified,themostrecent
commandwhosenamematchesthespecifiedstringis
executed.
Pr oCur ve( conf i g) # show hi st or y
2 show ar p
1 show f l ash
Pr oCur ve( conf i g) # r edo 2
Executestheshowarpcommandagain.
I P ARP t abl e
I P Addr ess MAC Addr ess Type Por t
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15. 255. 128. 1 00000c- 07ac00 dynami c A11
Figure4-10. ExampleoftheredoCommand
RepeatingExecutionofaCommand
Therepeatcommandexecutesapreviouscommandinthehistorylist.
4-16

Syntax: repeat[cmdlist][count][delay]
Repeatsexecutionofapreviouscommand.Repeatsthelast
commandbydefaultuntilakeyispressed.
cmdlist:Ifanumberorrangeofnumbersisspecified,the
commandrepeatsthen
th
mostrecentcommands(wheren
isthepositioninthehistorylist).
count:Repeatsthecommandforthenumberoftimesspecified.
delay:Thecommandrepeatsexecutionafteradelayforthe
numberofsecondsspecified.
For example:
Pr oCur ve( conf i g) # r epeat 1- 4, 7- 8, 10 count 2 del ay 3
Pr oCur ve( conf i g) # show hi st or y
3 show ver
2 show i p
1 show ar p
Pr oCur ve( conf i g) # r epeat 1- 2 Repeatstheshowarpandshowipcommands.
I P ARP t abl e
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15. 255. 128. 1 000000- 000000 dynami c
I nt er net ( I P) Ser vi ce
I P Rout i ng : Di sabl ed
Def aul t Gat eway :
Def aul t TTL
Ar p Age
Domai n Suf f i x
DNS ser ver
: 64
: 20
:
:
VLAN | I P Conf i g I P Addr ess Subnet Mask Pr oxy ARP
- - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DEFAULT_VLAN | DHCP/ Boot p 15. 255. 131. 90 255. 255. 248. 0 No No
Figure4-11. ExampleofrepeatCommandUsingaRange
4-17
CLIEditingShortcuts
CLIEditingShortcuts
Keystrokes Function
[Ctrl][A] Jumpstothefirstcharacterofthecommandline.
[Ctrl][B]or[<] Movesthecursorbackonecharacter.
[Ctrl][C] Terminatesataskanddisplaysthecommandprompt.
[Ctrl][D] Deletesthecharacteratthecursor.
[Ctrl][E] Jumpstotheendofthecurrentcommandline.
[Ctrl][F]or[>] Movesthecursorforwardonecharacter.
[Ctrl][K] Deletesfromthecursortotheendofthecommandline.
[Ctrl][L]or[Ctrl][R] Repeatscurrentcommandlineonanewline.
[Ctrl][N]or [v] Entersthenextcommandlineinthehistorybuffer.
[Ctrl][P]or [^] Entersthepreviouscommandlineinthehistorybuffer.
[Ctrl][U]or [Ctrl][X] Deletesfromthecursortothebeginningofthecommandline.
[Ctrl][W] Deletesthelastwordtyped.
[Esc][B] Movesthecursorbackwardoneword.
[Esc][D] Deletesfromthecursortotheendoftheword.
[Esc][F] Movesthecursorforwardoneword.
[Backspace] Deletesthefirstcharactertotheleftofthecursorinthecommand
line.
[Spacebar] Movesthecursorforwardonecharacter.
4-18
5
UsingtheProCurveWebBrowserInterface
Contents
Overview ..................................................... 5-2
StartingaWebBrowser
GeneralFeatures.............................................. 5-3
InterfaceSessionwiththeSwitch .............................. 5-4
UsingaStandaloneWebBrowserinaPCorUNIXWorkstation .... 5-4
ProCurveManagerPlus(PCM+) ............................... 5-5
TasksforYourFirstProCurveWebBrowserInterfaceSession .. 5-7
ViewingtheFirstTime Install Window ........................ 5-7
intheBrowserInterface...................................... 5-8
EnteringaUserNameandPassword ...................... 5-10
UsingaUserName...................................... 5-10
IfYouLosethePassword ................................ 5-10
OnlineHelpfortheWebBrowserInterface .................... 5-11
Support/MgmtURLsFeature .................................. 5-12
SupportURL .............................................. 5-13
Helpandthe ManagementServerURL ........................ 5-13
UsingthePCMServerforSwitchWebHelp .................... 5-14
StatusReportingFeatures .................................... 5-16
TheOverviewWindow ............... ....................... 5-16
ThePort Utilization andStatusDisplays ....................... 5-17
PortUtilization ......................................... 5-17
PortStatus............................................. 5-19
TheAlertLog .............................................. 5-20
SortingtheAlertLogEntries ............................. 5-20
AlertTypesandDetailedViews ........................... 5-21
SettingFaultDetectionPolicy ................................ 5-23
5-1
Contents
5-2
Overview
Overview
TheProCurvewebbrowserinterfacebuiltintotheswitchletsyoueasily
accesstheswitchfromabrowser-basedPConyournetwork.Thisletsyoudo
thefollowing:
OptimizeyournetworkuptimebyusingtheAlertLogandotherdiagnostic
tools
Makeconfigurationchangestotheswitch
Maintainsecuritybyconfiguringusernamesandpasswords
Thischaptercoversthefollowing:
Generalfeatures(page5-4).
Startingawebbrowserinterfacesession(page5-5)
Tasksforyourfirstwebbrowserinterfacesession(page5-8):
Creatingusernamesandpasswordsinthewebbrowserinterface
(page5-9)
SelectingthefaultdetectionconfigurationfortheAlertLogoperation
(page5-24)
Gettingaccesstoonlinehelpforthewebbrowserinterface(page
5-12)
Descriptionofthewebbrowserinterface:
Overviewwindowandtabs(page5-17)
PortUtilizationandStatusdisplays(page5-18)
AlertLogandAlerttypes(page5-21)
SettingtheFaultDetectionPolicy(page5-24)
Not e Youcandisableaccesstothewebbrowserinterfacebyeitherexecutingno
web-managementattheCommandPromptorchangingtheWebAgentEnabled
parametersettingtoNo(page7-4).
Forinformationonoperatingsystem,browser,andJavaversionsforthe
switchescoveredinthisguide,gototheProCurveNetworkingwebsiteat
www.procurve.comand:
Clickon:Technicalsupport
Clickon:FAQs(all)
Selectaswitchseries
ScrolltoGeneralProductInformation.
5-3
GeneralFeatures
GeneralFeatures
Thewebbrowserinterfaceincludesthesefeatures:
SwitchIdentityandStatus:
Generalsystemdata
Softwareversion
RedundantManagementModulesoftwareversion
IPaddress
StatusOverview
Portutilization
Portcounters
Portstatus
Alertlog
SwitchConfiguration:
Deviceview
Portconfiguration
VLANconfiguration
Faultdetection
Qualityofservice(QoS)
Portmonitoring(mirroring)
Systeminformation
IPconfiguration
SupportandmanagementserverURLs
Devicefeatures(SpanningTreeOn/Off,VLANselection,andIGMP)
SwitchSecurity:
Usernamesandpasswords
AuthorizedAddresses
IntrusionLog
SSL
RADIUSauthentication(RefertotheAccessSecurityGuide.)
SwitchDiagnostics:
Ping/LinkTest
Devicereset
Configurationreport
5-4
StartingaWebBrowserInterfaceSessionwiththeSwitch
StartingaWebBrowser
InterfaceSessionwiththeSwitch
Youcanstartawebbrowsersessioninthefollowingways:
UsingastandalonewebbrowseronanetworkconnectionfromaPCor
UNIXworkstation:
Directlyconnectedtoyournetwork
Connectedthroughremoteaccesstoyournetwork
UsinganetworkmanagementstationrunningProCurveManageronyour
network
UsingaStandaloneWebBrowserinaPCorUNIX
Workstation
Thisprocedureassumesthatyouareusingacompatiblewebbrowserandthat
theswitchisconfiguredwithanIPaddressaccessiblefromyourPCor
workstation.(FormoreonassigninganIPaddress,refertoIPConfiguration
onpage8-2.)
1. EnsurethattheJava
TM
appletsareenabledforyourbrowser.Formore
informationonthistopic,refertoyourbrowsersonlineHelp.
2. Usethewebbrowsertoaccesstheswitch.Ifyournetworkincludesa
DomainNameServer(DNS),yourswitchsIPaddressmayhaveaname
associatedwithit(forexample,switch8212)thatyoucantypeinthe
LocationorAddressfieldinsteadoftheIPaddress.UsingDNSnames
typicallyimprovesbrowserperformance.Contactyournetworkadminis-
tratortoenquireaboutDNSnamesassociatedwithyourProCurveswitch.
TypetheIPaddress(orDNSname)oftheswitchinthebrowserLocation
orAddress(URL)fieldandpress[Enter]. (Itisnotnecessarytoinclude
http://.)
switch5308 [Enter] (exampleofaDNS-typename)
10.11.12.195 [Enter] (exampleofanIPaddress)
5-5
ProCurveManagerPlus(PCM+)
ProCurveManagerandProCurveManagerPlusaredesignedforinstallation
onanetworkmanagementworkstation.Forthisreason,thesystemrequire-
mentsaredifferentfromthesystemrequirementsforaccessingtheswitchs
webbrowserinterfacefromanon-managementPCorworkstation.ForPCM
andPCM+requirements,refertotheinformationprovidedwiththesoftware.
Thisprocedureassumesthat:
YouhaveinstalledtherecommendedwebbrowseronaPCorworkstation
thatservesasyournetworkmanagementstation.
ThenetworkeddeviceyouwanttoaccesshasbeenassignedanIPaddress
and(optionally)aDNSname,andhasbeendiscoveredbyPCMorPCM+.
(FormoreonassigninganIPaddress,refertoIPConfigurationonpage
8-2.)
ToestablishawebbrowsersessionwithPCMorPCM+running,dothe
followingonthenetworkmanagementstation:
1. MakesuretheJava
TM
appletsareenabledforyourwebbrowser.Ifthey
arenot,refertothewebbrowseronlineHelpforspecificinformationon
enablingtheJavaapplets.
2. IntheInterconnectedDeviceslistingunderNetworkManagerHome(inthe
PCM/PCM+sidebar),right-clickonthemodelnumberofthedeviceyou
wanttoaccess.
3. ThewebbrowserinterfaceautomaticallystartswiththeStatusOverview
windowdisplayedfortheselecteddevice,asshowninFigure5-1.
Not e IftheRegistrationwindowappears,clickontheStatustab.
5-6
Firsttimeinstall
alert
Figure5-1. ExampleofStatusOverviewScreen
5-7
TasksforYourFirstProCurveWebBrowserInterfaceSession
TasksforYourFirstProCurveWeb
BrowserInterfaceSession
Thefirsttimeyouaccessthewebbrowserinterface,therearethreetasksyou
shouldperform:
ReviewtheFirstTimeInstallwindow
SetManagerandOperatorpasswords
Setaccesstothewebbrowserinterfaceonlinehelp
ViewingtheFirstTimeInstallWindow
Whenyouaccesstheswitchswebbrowserinterfaceforthefirsttime,the
AlertlogcontainsaFirstTimeInstallalert,asshowninfigure5-2.Thisgives
youinformationaboutfirsttimeinstallations,andprovidesanimmediate
opportunitytosetpasswordsforsecurityandtospecifyaFaultDetection
policy,whichdeterminesthetypesofmessagesthatwillbedisplayedinthe
AlertLog.
DoubleclickonFirstTimeInstallintheAlertlog(figure5-1onpage5-7).The
webbrowserinterfacethendisplaystheFirstTimeInstallwindow,below.
Figure5-2. First-TimeInstallWindow
5-8
Thiswindowisthelaunchingpointforthebasicconfigurationyouneedto
performtosetwebbrowserinterfacepasswordsformaintainingsecurityand
afaultdetectionpolicy,whichdeterminesthetypesofmessagesthattheAlert
Logdisplays.
Tosetwebbrowserinterfacepasswords,clickonsecureaccesstothedevice
todisplaytheDevicePasswordsscreen,andthengotothenextpage.(You
canalsoaccessthepasswordscreenbyclickingontheSecuritytab.)
TosetFaultDetectionpolicy,clickonselectthefaultdetectionconfigurationin
thesecondbulletinthewindowandgotothesection,SettingFaultDetection
Policyonpage5-24.(Youcanalsoaccessthepasswordscreenbyclickingon
theConfigurationtab,andthenthe[FaultDetection]key.)
intheBrowserInterface
Not e OntheswitchescoveredinthisguideyoucanalsoconfigureRADIUSauthen-
ticationforwebbrowserinterfaceaccess.Formoreinformation,refertothe
chaptertitledRADIUSAuthenticationandAccountingintheAccessSecu-
rityGuideforyourswitch.
Youmaywanttocreatebothausernameandapasswordtocreateaccess
securityforyourswitch.Therearetwolevelsofaccesstotheinterfacethat
canbecontrolledbysettingusernamesandpasswords:
OperatorSetting.AnOperator-levelusernameandpasswordallows
read-onlyaccesstomostofthewebbrowserinterface,butprevents
accesstotheSecuritywindow.
ManagerSetting.AManager-levelusernameandpasswordallowsfull
read/writeaccesstothewebbrowserinterface.
5-9
Figure5-3.TheDevicePasswordsWindow
Tosetthepasswords:
1. AccesstheDevicePasswordsscreenbyoneofthefollowingmethods:
IftheAlertLogincludesaFirstTimeInstallevententry,double
clickonthisevent,then,intheresultingdisplay,clickonthe
secureaccesstothedevicelink.
SelecttheSecuritytab.
2. ClickintheappropriateboxintheDevicePasswordswindowandenter
usernamesandpasswords.Youwillberequiredtorepeatthepassword
stringsintheconfirmationboxes.
Boththeusernamesandpasswordscanbeupto16printableASCII
characters.
3. Clickon[ApplyChanges]toactivatetheusernamesandpasswords.
Not e Passwordsyouassigninthewebbrowserinterfacewilloverwriteprevious
passwordsassignedineitherthewebbrowserinterface,theCLI,orthemenu
interface.Thatis,themostrecentlyassignedpasswordsaretheswitchs
passwords,regardlessofwhichinterfacewasusedtoassignthestring.
5-10
EnteringaUserNameandPassword
Figure5-4. ExampleofthePasswordPromptintheWebBrowserInterface
Themanagerandoperatorpasswordsareusedtocontrolaccesstoallswitch
interfaces.Onceset,youwillbepromptedtosupplythepasswordeverytime
youtrytoaccesstheswitchthroughanyofitsinterfaces.Thepasswordyou
enterdeterminesthecapabilityyouhaveduringthatsession:
Enteringthemanagerpasswordgivesyoufullread/write/troubleshooting
capabilities
Enteringtheoperatorpasswordgivesyoureadandlimitedtrouble-
shootingcapabilities.
UsingaUserName
Ifyoualsosetusernamesinthewebbrowserinterfacescreen,youmust
supplythecorrectusernameforwebbrowserinterfaceaccess.Ifausername
hasnotbeenset,thenleavetheUserNamefieldinthepasswordwindow
blank.
NotethattheCommandPromptandswitchconsoleinterfacesuseonlythe
password,anddonotpromptyoufortheUserName.
IfYouLosethePassword
Ifyoulosethepasswords,youcanclearthembypressingtheClearbuttonon
thefrontoftheswitch.Thisactiondeletesallpasswordandusername
protectionfromalloftheswitchsinterfaces.
5-11
TheClearbuttonisprovidedforyourconvenience,butitspresencemeans
thatifyouareconcernedwiththesecurityoftheswitchconfigurationand
operation,youshouldmakesuretheswitchisinstalledinasecurelocation,
suchasalockedwiringcloset.(Formoreinformation,refertoFrontPanel
SecurityinthechaptertitledConfiguringUsernameandPasswordSecu-
rityintheAccessSecurityGuideforyourswitch.)
OnlineHelpfortheWebBrowserInterface
OnlineHelpisavailableforthewebbrowserinterface.Youcanuseitby
clickingontheHelptextinthetoprightcornerofanyofthewebbrowser
interfacescreens.
Figure5-5. OnlineHelpfortheWebBrowserInterface
Context-sensitivehelpisprovidedforthescreenyouareon.
Not e ToaccesstheonlineHelpfortheProCurvewebbrowserinterface,youneed
eitherProCurveManager(version1.5orgreater)installedonyournetwork
oranactiveconnectiontotheWorldWideWeb.Otherwise,Onlinehelpforthe
webbrowserinterfacewillnotbeavailable.
FormoreonHelpaccessandoperation,refertoHelpandtheManagement
ServerURLonpage5-14.
5-12
Support/MgmtURLsFeature
TheSupport/MgmtURLswindowenablesyoutochangetheWorldWideWeb
UniversalResourceLocator(URL)fortwofunctions:
SupportURLAsupportinformationsiteforyourswitch
ManagementServerURLThewebsiteforwebbrowseronlineHelp
1.ClickHere
2.ClickHere
4.ClickonApplyChanges
3.Enteroneofthefollowing(orusethedefaultsetting):
TheURLforthesupportinformationsourceyouwanttheswitchtoaccess
whenyouclickonthewebbrowserinterfaceSupporttab.Thedefaultisthe
URLfortheProCurveNetworkinghomepage.
TheURLofaPCM(ProCurveNetworkManager)workstationorotherserver
fortheonlineHelpfilesforthiswebbrowserinterface.(Thedefaultsetting
accessestheswitchsbrowser-basedHelpontheProCurveWorldWide
Website.)NotethatifyouinstallPCMinyournetwork,thePCM
managementstationactsasthewebbrowserHelpserverandautomatically
insertsthenecessaryURLinthisfield.)
Figure5-6. TheDefaultSupport/MgmtURLsWindow
5-13
SupportURL
ThisisthesitetheswitchaccesseswhenyouclickontheSupporttabonthe
webbrowserinterface.ThedefaultURLis:
www.procurve.com
whichistheWorldWideWebsiteforProCurvenetworkingproducts.Clickon
technicalsupportonthatpagetogetsupportinformationregardingyour
switch,includingwhitepapers,softwareupdates,andmore.
Asanalternative,youcanreplacetheProCurveURLwiththeURLforalocal
siteusedforloggingreportsonnetworkperformanceorothersupportactiv-
ities.
HelpandtheManagementServerURL
TheManagementServerURLfieldspecifiestheURLtheswitchusestofind
onlineHelpforthewebbrowserinterface.
IfyouinstallPCM(ProCurveManager)inyournetwork,thePCMmanage-
mentstationactsasthewebbrowserHelpserverfortheswitchand
automaticallyinsertsthenecessaryURLinthisfield.Formoreonthe
option,seeUsingthePCMServerforSwitchWebHelponpage5-15.)
Inthedefaultconfiguration(andifPCMisnotrunningonyournetwork)
thisfieldissettotheURLforaccessingonlineHelpfromtheProCurve
Networkingwebsite:
www.hp.com/rnd/device_help
Usingthisoption,theHelpfilesareautomaticallyavailableifyourwork-
stationcanaccesstheWorldWideWeb.Inthiscase,ifOnlineHelpfails
tooperate,ensurethattheaboveURLappearsintheManagementServer
URLfieldshowninFigure5-7:
5-14
Inthedefaultconfiguration,theswitchusestheURLfor
accessingthewebbrowserinterfacehelpfilesonthe
ProCurveWorldWideWebsite.
Figure5-7.HowToAccessWebBrowserInterfaceOnlineHelp
UsingthePCMServerforSwitchWebHelp
ForProCurvedevicesthatsupporttheWebHelpfeature,youcanusethe
PCMservertohosttheswitchhelpfilesfordevicesthatdonothaveHTTP
accesstotheProCurveSupportWebsite.
1. GototheProCurveSupportwebsitetogettheDeviceHelpfiles:
www.hp.com//rnd/device_help/
2. CopytheWebhelpfilestothePCMserver,under:
C:\\programfiles\hewlett-packard\pnm\server\webroot\
rnd\sevice_help\help\hpwnd\webhelp
5-15
3. Addanentry,oredittheexistingentryintheDiscoveryportionofthe
globalproperties(globalprops.prp)inPCMtoredirecttheswitchestothe
helpfilesonthePCMserver.Forexample:
Global{
TempDir=data/temp
...
Discovery{
...
...
DeviceHelpUrlRedirect=http://15.29.37.12.8040/rnd/device_help
...
}
}
YouwillentertheIPaddressforyourPCMserver.8040isthestandardport
numbertouse.
4. RestarttheDiscoveryprocessforthechangetobeapplied.
Not e ChangingtheDiscoverysGlobalpropertiesfilewillredirecttheDeviceHelp
URLforalldevices.
IfyoujustwanttochangetheDeviceHelpURLforaparticulardevice,then
gototheConfigurationtabontheWebUIforthatdeviceandselectthe
Support/MgmtURLbutton.EdittheentryintheManagementServerURL
fieldforthedevicetopointtothePCMserver;forexample:
http://15.29.37.12.8040/rnd/device_help
5-16
StatusReportingFeatures
Browserelementscoveredinthissectioninclude:
TheOverviewwindow(below)
Portutilizationandstatus(page5-18)
TheAlertlog(page5-21)
TheOverviewWindow
TheOverviewWindowisthehomescreenforanyentryintothewebbrowser
interface.Thefollowingfigureidentifiesthevariouspartsofthescreen.
ActiveButton
ActiveTab
AlertLog
ControlBar
PortUtiliza-
tionGraphs
(page5-18)
AlertLog
(page5-21)
PortStatus
Indicators
(page5-20)
ButtonBar
TabBar
Figure5-8. TheStatusOverviewWindow
PolicyManagementandConfiguration. PCMcanperformnetwork-wide
policymanagementandconfigurationofyourswitch.TheManagementServer
URLfield(page5-14)showstheURLforthemanagementstationperforming
thatfunction.Formoreinformation,refertothedocumentationprovidedwith
thePCMsoftware.
5-17
ThePortUtilizationandStatusDisplays
ThePortUtilizationandStatusdisplaysshowanoverviewofthestatusofthe
switchandtheamountofnetworkactivityoneachport.Thefollowingfigure
showsasamplereadingofthePortUtilizationandPortStatus.
PortStatusIndicators
PortUtilizationBarGraphs BandwidthDisplayControl
Legend
Figure5-9. TheGraphsArea
PortUtilization
ThePortUtilizationbargraphsshowthenetworktrafficontheportwitha
breakdownofthepackettypesthathavebeendetected(unicastpackets,non-
unicastpackets,anderrorpackets).TheLegendidentifiestraffictypesand
theirassociatedcolorsonthebargraph:
%UnicastRx&AllTx:Thisisallunicasttrafficreceivedandall
transmittedtrafficofanytype.Thisindicator(abluecoloronmany
systems)cansignifyeithertransmittedorreceivedtraffic.
%Non-UnicastPktsRx:Allmulticastandbroadcasttrafficreceivedby
theport.Thisindicator(agoldcoloronmanysystems)enablesyouto
knowat-a-glancethesourceofanynon-unicasttrafficthatiscausing
highutilizationoftheswitch.Forexample,ifoneportisreceivingheavy
broadcastormulticasttraffic,allportswillbecomehighlyutilized.By
color-codingthereceivedbroadcastandmulticastutilization,thebar
graphquicklyandeasilyidentifiestheoffendingport.Thismakesitfaster
andeasiertodiscovertheexactsourceoftheheavytrafficbecauseyou
donthavetoexamineportcounterdatafromseveralports.
%ErrorPktsRx:Allerrorpacketsreceivedbytheport.(Thisindicator
isareddishcoloronmanysystems.)Althougherrorsreceivedonaport
arenotpropagatedtotherestofthenetwork,aconsistentlyhighnumber
oferrorsonaspecificportmayindicateaproblemonthedeviceor
networksegmentconnectedtotheindicatedport.
5-18
MaximumActivityIndicator:Asthebarsinthegraphareachange
heighttoreflectthelevelofnetworkactivityonthecorrespondingport,
theyleaveanoutlinetoidentifythemaximumactivitylevelthathasbeen
observedontheport.
UtilizationGuideline. Anetworkutilizationof40%isconsideredthe
maximumthatatypicalEthernet-typenetworkcanexperiencebeforeencoun-
teringperformancedifficulties.Ifyouobserveutilizationthatisconsistently
higherthan40%onanyport,clickonthePortCountersbuttontogetadetailed
setofcountersfortheport.
TochangetheamountofbandwidththePortUtilizationbargraph
shows. Clickonthebandwidthdisplaycontrolbuttonintheupperleftcorner
ofthegraph.(Thebuttonshowsthecurrentscalesetting,suchas40%.)Inthe
resultingmenu,selectthebandwidthscaleyouwantthegraphtoshow(3%,
10%,25%,40%,75%,or100%),asshowninfigurefigure5-10.
Notethatwhenviewingactivityonagigabitport,youmaywanttoselecta
lowervalue(suchas3%or10%).Thisisbecausethebandwidthutilizationof
currentnetworkapplicationsongigabitlinksistypicallyminimal,andmay
notappearonthegraphifthescaleissettoshowhighbandwidthutilization.
Figure5-10. ChangingtheGraphAreaScale
Todisplayvaluesforeachgraphbar. Holdthemousecursoroveranyof
thebarsinthegraph,andapop-updisplayisactivatedshowingtheport
identificationandnumericalvaluesforeachofthesectionsofthebar,as
showninfigure5-11(next).
Figure5-11. DisplayofNumericalValuesfortheBar
5-19
PortStatus
PortStatusIndicators
Legend
Figure5-12. ThePortStatusIndicatorsandLegend
ThePortStatusindicatorsshowasymbolforeachportthatindicatesthe
generalstatusoftheport.Therearefourpossiblestatuses:
PortConnectedtheportisenabledandisproperlyconnectedtoan
activenetworkdevice.
PortNotConnectedtheportisenabledbutisnotconnectedtoan
activenetworkdevice.Acablemaynotbeconnectedtotheport,orthe
deviceattheotherendmaybepoweredofforinoperable,orthecableor
connecteddevicecouldbefaulty.
PortDisabledtheporthasbeenconfiguredasdisabledthroughthe
webbrowserinterface,theswitchconsole,orSNMPnetworkmanage-
ment.
PortFault-Disabledafaultconditionhasoccurredontheportthat
hascausedittobeauto-disabled.NotethatthePortFault-Disabled
symbolwillbedisplayedinthelegendonlyifoneormoreoftheportsis
inthatstatus.SeeAppendixB,MonitoringandAnalyzingSwitchOpera-
tionformoreinformation.
5-20
TheAlertLog
ThewebbrowserinterfaceAlertLog,showninthelowerhalfofthescreen,
showsalistofnetworkoccurrences,oralerts,thatweredetectedbythe
switch.TypicalalertsareBroadcastStorm,indicatinganexcessivenumberof
broadcastsreceivedonaport,andProblemCable,indicatingafaultycable.A
fulllistofalertsisshowninthetableonpage5-22.
Figure5-13.ExampleoftheAlertLog
Eachalerthasthefollowingfieldsofinformation:
StatusThelevelofseverityoftheeventgenerated.Severitylevelscan
beInformation,Normal,Warning,andCritical.Ifthealertisnew(hasnot
yetbeenacknowledged),theNewsymbolisalsointheStatuscolumn.
AlertThespecificeventidentification.
Date/TimeThedateandtimetheeventwasreceivedbytheweb
browserinterface.Thisvalueisshownintheformat:DD-MM-YY
HH:MM:SSAM/PM,forexample,16-Sep-997:58:44AM.
DescriptionAshortnarrativestatementthatdescribestheevent.For
example,ExcessiveCRC/Alignmenterrorsonport:8.
SortingtheAlertLogEntries
Thealertsaresorted,bydefault,bytheDate/Timefieldwiththemostrecent
alertlistedatthetopofthelist.Thesecondmostrecentalertisdisplayed
belowthetopalertandsoon.Ifalertsoccurredatthesametime,the
simultaneousalertsaresortedbyorderinwhichtheyappearintheMIB.
Boldcharactersinacolumnheadingindicatethatthealertfieldalertlog
entries.Youcansortbyanyoftheothercolumnsbyclickingonthecolumn
heading.TheAlertandDescriptioncolumnsaresortedalphabetically,whilethe
Statuscolumnissortedbyseveritytype,withmorecriticalseverityindicators
appearingabovelesscriticalindicators.
5-21
AlertTypesandDetailedViews
AsofJune,2007,thewebbrowserinterfacegeneratesthefollowingalert
types:
AutoPartition Highcollisionordroprate
BackupTransition LossofLink
Excessivebroadcasts Mis-ConfiguredSQE
ExcessiveCRC/alignmenterrors NetworkLoop
Excessivejabbering PolarityReversal
Excessivelatecollisions SecurityViolation
FirstTimeInstall Stuck10BaseTPort
Full-DuplexMismatch Toomanyundersized(runt)/giant
Half-DuplexMismatch
packets
TransceiverHotSwap
Not e Whentroubleshootingthesourcesofalerts,itmaybehelpfultocheckthe
switchsPortStatusandPortCounterwindows,orusetheCLIormenu
interfacetoviewtheswitchsEventLog.
WhenyoudoubleclickonanAlertEntry,thewebbrowserinterfacedisplays
aseparatewindowshowinginformationabouttheevent.Thisviewincludes
adescriptionoftheproblemandapossiblesolution.Italsoprovidesthree
managementbuttons:
AcknowledgeEventremovestheNewsymbolfromthelogentry
DeleteEventremovesthealertfromtheAlertLog
Cancelclosesthedetailviewwithnochangetothestatusofthealert
andreturnsyoutotheOverviewscreen.
Forexample,figure5-14showsasampledetailviewdescribinganExcessive
CRC/AlignmentErroralert.
5-22
Figure5-14.ExampleofAlertLogDetailView
5-23
SettingFaultDetectionPolicy
OneofthepowerfulfeaturesinthewebbrowserinterfaceistheFault
Detectionfacility.Foryourswitch,thisfeaturecontrolsthetypesofalerts
reportedtotheAlertLogbasedontheirlevelofseverity.
SetthispolicyintheFaultDetectionwindow(figure5-15).
Figure5-15.TheFaultDetectionWindow
TheFaultDetectionscreencontainsalistboxforsettingfaultdetectionand
responsepolicy,andenablesyoutosetthesensitivitylevelatwhichanetwork
problemshouldgenerateanalertandsendittotheAlertLog.
5-24
ToprovidethemostinformationonnetworkproblemsintheAlertLog,the
recommendedsensitivitylevelforLogNetworkProblemsisHighSensitivity.The
FaultDetectionsettingsare:
HighSensitivity.Thispolicydirectstheswitchtosendallalertstothe
AlertLog.Thissettingismosteffectiveonnetworksthathavenoneor
fewproblems.
MediumSensitivity.Thispolicydirectstheswitchtosendalertsrelated
tonetworkproblemstotheAlertLog.Ifyouwanttobenotifiedof
problemswhichcauseanoticeableslowdownonthenetwork,usethis
setting.
LowSensitivity.Thispolicydirectstheswitchtosendonlythemost
severealertstotheAlertLog.Thispolicyismosteffectiveonanetwork
wheretherearenormallyalotofproblemsandyouwanttobeinformed
ofonlythemostsevereones.
Never. DisablestheAlertLogandtransmissionofalerts(traps)tothe
managementserver(incaseswhereanetworkmanagementtoolsuchas
ProCurveManagerisinuse).Usethisoptionwhenyoudontwanttouse
theAlertLog.
TheFaultDetectionWindowalsocontainsthreeChangeControlButtons:
ApplyChanges.Thisbuttonstoresthesettingsyouhaveselectedforall
futuresessionswiththewebbrowserinterfaceuntilyoudecidetochange
them.
ClearChanges.Thisbuttonremovesyoursettingsandreturnsthe
settingsforthelistboxtothelevelitwasatinthelastsaveddetection-
settingsession.
ResettoDefaultSettings.Thisbuttonrevertsthepolicysettingto
MediumSensitivityforLogNetworkProblems.
5-25
5-26
6
Contents
Overview ..................................................... 6-3
UsingtheMenuandWebBrowserInterfacesToImplement
ConfigurationFileManagement................................ 6-3
UsingtheCLIToImplementConfigurationChanges ............ 6-6
ConfigurationChanges ........................................ 6-9
Menu:ImplementingConfigurationChanges ................... 6-10
UsingSaveandCancelintheMenuInterface ............... 6-10
RebootingfromtheMenuInterface ....................... 6-11
Web:ImplementingConfigurationChanges .................... 6-12
UsingPrimaryandSecondaryFlashImageOptions............. 6-13
DisplayingtheCurrentFlashImageData ...................... 6-13
SwitchSoftwareDownloads................................. 6-15
LocalSwitchSoftwareReplacementandRemoval .............. 6-16
RebootingtheSwitch .. ... .................................. 6-18
OperatingNotesaboutBooting........................... 6-18
BootandReloadCommand Comparison................... 6-19
SettingtheDefaultFlash................................. 6-20
BootingfromtheDefaultFlash(PrimaryorSecondary) ...... 6-20
BootingfromaSpecifiedFlash ........................... 6-20
UsingReload........................................... 6-21
MultipleConfigurationFiles .................................. 6-23
GeneralOperation . ......................................... 6-24
TransitioningtoMultipleConfigurationFiles ................... 6-25
ListingandDisplayingStartup-ConfigFiles..................... 6-27
ConfigurationEnabled .................................. 6-27
DisplayingtheContentofASpecificStartup-ConfigFile...... 6-28
6-1
Contents
ChangingorOverridingtheRebootConfigurationPolicy ......... 6-28
ManagingStartup-Config FilesintheSwitch ................... 6-30
RenaminganExistingStartup-ConfigFile .................. 6-31
CreatingaNewStartup-ConfigFile ........................ 6-31
ErasingaStartup-ConfigFile ............................. 6-32
Switch to ItsDefaultConfiguration ........................ 6-34
TransferringStartup-ConfigFilesToorFromaRemoteServer.... 6-35
TFTP:CopyingaConfigurationFiletoaRemoteHost........ 6-35
TFTP:CopyingaConfigurationFilefromaRemoteHost ..... 6-36
ConnectedHost ........................................ 6-36
ConnectedHost ........................................ 6-37
OperatingNotesforMultipleConfigurationFiles ............ 6-37
6-2
Overview
Overview
Thischapterdescribes:
Howswitchmemorymanagesconfigurationchanges
HowtheCLIimplementsconfigurationchanges
Howthemenuinterfaceandwebbrowserinterfaceimplementconfigu-
rationchanges
Howtheswitchprovidessoftwareoptionsthroughprimary/secondary
flashimages
Howtousetheswitchsprimaryandsecondaryflashoptions,including
displayingflashinformation,bootingorrestartingtheswitch,andother
topics
ConfigurationFileManagement
Theswitchmaintainstwoconfigurationfiles,therunning-configfileandthe
startup-configfile.
Volatile Memory
Running-ConfigFile
(Controlsswitchoperation.Whentheswitchboots,the
contentsofthisfileareerasedandreplacedbythe
contentsofthestartup-configfile.)
Flash (Non-Volatile) Memory
Startup-ConfigFile
(Preservesthemostrecentlysavedconfiguration
throughanysubsequentreboot.)
CLIconfiguration
changesarewrittento
thisfile.TousetheCLIto
savethelatestversionof
thisfiletothestartup-
configfile,youmust
executethewrite
memorycommand.
Menuinterfaceconfigu-
rationchangesaresimul-
taneouslywrittentoboth
ofthesefiles.
Figure6-1. ConceptualIllustrationofSwitchMemoryOperation
RunningConfigFile:Existsinvolatilememoryandcontrolsswitch
operation.IfnoconfigurationchangeshavebeenmadeintheCLIsince
theswitchwaslastbooted,therunning-configfileisidenticaltothe
startup-configfile.
6-3
Startup-configFile:Existsinflash(non-volatile)memoryandisused
topreservethemostrecently-savedconfigurationasthepermanent
configuration.
Bootingtheswitchreplacesthecurrentrunning-configfilewithanewrun-
ning-configfilethatisanexactcopyofthecurrentstartup-configfile.
Not e Anyofthefollowingactionsbootstheswitch:
ExecutingthebootorthereloadcommandintheCLI
Executingthebootcommandinthemenuinterface
PressingtheResetbuttononthefrontoftheswitch
Removing,thenrestoringpowertotheswitch
Formoreonrebootsandtheswitchsdual-flashimages,refertoUsing
PrimaryandSecondaryFlashImageOptionsonpage6-13.
OptionsforSavingaNewConfiguration. Makingoneormorechanges
totherunning-configfilecreatesanewoperatingconfiguration.Savinganew
configurationmeanstooverwrite(replace)thecurrentstartup-configfilewith
thecurrentrunning-configfile.Thismeansthatiftheswitchsubsequently
rebootsforanyreason,itwillresumeoperationusingthenewconfiguration
insteadoftheconfigurationpreviouslydefinedinthestartup-configfile.There
arethreewaystosaveanewconfiguration:
IntheCLI:Usethewritememorycommand.Thisoverwritesthecurrent
startup-configfilewiththecontentsofthecurrentrunning-configfile.
Inthemenuinterface:UsetheSavecommand.Thisoverwritesboththe
running-configfileandthestartup-configfilewiththechangesyouhave
specifiedinthemenuinterfacescreen.
Inthewebbrowserinterface:Usethe[ApplyChanges]buttonorother
appropriatebutton.Thisoverwritesboththerunning-configfileandthe
startup-configfilewiththechangesyouhavespecifiedinthewebbrowser
interfacewindow.
NotethatusingtheCLIinsteadofthemenuorwebbrowserinterfacegives
youtheoptionofchangingtherunningconfigurationwithoutaffectingthe
startupconfiguration.Thisallowsyoutotestthechangewithoutmakingit
permanent.Whenyouaresatisfiedthatthechangeissatisfactory,youcan
makeitpermanentbyexecutingthewritememorycommand.Forexample,
supposeyouusethefollowingcommandtodisableport5:
ProCurve(config)# interface ethernet 5 disable
6-4
Theabovecommanddisablesport5intherunning-configfile,butnotinthe
startup-configfile.Port5remainsdisabledonlyuntiltheswitchreboots.If
youwantport5toremaindisabledthroughthenextreboot,usewritememory
tosavethecurrentrunning-configfiletothestartup-configfileinflash
memory.
ProCurve(config)# write memory
IfyouusetheCLItomakeaconfigurationchangeandthenchangefromthe
CLItotheMenuinterfacewithoutfirstusingwritememorytosavethechange
tothestartup-configfile,thentheswitchpromptsyoutosavethechange.For
example,ifyouusetheCLItocreateVLAN20,andthenselectthemenu
interface,VLAN20isconfiguredintherunning-configfile,butnotinthe
startup-configfile.Inthiscaseyouwillsee:
ProCurve(config)# vlan 20
ProCurve(config)# menu
Do you want to save current configuration [y/n]?
Ifyoutype[Y],theswitchoverwritesthestartup-configfilewiththerunning-
configfile,andyourconfigurationchange(s)willbepreservedacrossreboots.
Ifyoutype[N],yourconfigurationchange(s)willremainonlyintherunning-
configfile.Inthiscase,ifyoudonotsubsequentlysavetherunning-configfile,
yourunsavedconfigurationchangeswillbelostiftheswitchrebootsforany
reason.
StoringandRetrievingConfigurationFiles.Youcanstoreorretrievea
backupcopyofthestartup-configfileonanotherdevice.Formore
information,refertothesectiononTransferringSwitchConfigurationson
pageA-26inAppendixAonFileTransfers.
USBAutorun. ThisfeaturesupportstheabilitytoautoexecuteCLIcom-
mandsstoredonaUSBflashdrive(forexample,toconfiguretheswitch,
updatesoftware,retrievediagnostics,etc.).Formoreinformation,refertothe
sectionononpageA-39.
6-5
UsingtheCLIToImplementConfigurationChanges
UsingtheCLIToImplement
ConfigurationChanges
TheCLIoffersthesecapabilities:
Accesstothefullsetofswitchconfigurationfeatures
Theoptionoftestingconfigurationchangesbeforemakingthemperma-
nent
HowToUsetheCLIToViewtheCurrentConfigurationFiles. Use
showcommandstoviewtheconfigurationforindividualfeatures,suchasport
statusorSpanningTreeProtocol.However,tovieweithertheentirestartup-
configfileortheentirerunning-configfile,usethefollowingcommands:
showconfigDisplaysalistingofthecurrentstartup-configfile.
showrunning-configDisplaysalistingofthecurrentrunning-configfile.
writeterminalDisplaysalistingofthecurrentrunning-configfile.
showconfigstatusComparesthestartup-configfiletotherunning-
configfileandlistsoneofthefollowingresults:
Ifthetwoconfigurationsarethesameyouwillsee:
Running configuration is the same as the startup
configuration.
Ifthetwoconfigurationsaredifferent,youwillsee:
Running configuration has been changed and needs
to be saved.
Not e Showconfig,showrunning-config,andwriteterminalcommandsdisplaythe
configurationsettingsthatdifferfromtheswitchsfactory-defaultconfigura-
tion.
HowToUsetheCLIToReconfigureSwitchFeatures.Usethisproce-
duretopermanentlychangetheswitchconfiguration(thatis,toenterachange
inthestartup-configfile).
1. UsetheappropriateCLIcommandstoreconfigurethedesiredswitch
parameters.Thisupdatestheselectedparametersintherunning-config
file.
2. Usetheappropriateshowcommandstoverifythatyouhavecorrectly
madethedesiredchanges.
6-6
3. Observetheswitchsperformancewiththenewparametersettingsto
verifytheeffectofyourchanges.
4. Whenyouaresatisfiedthatyouhavethecorrectparametersettings,use
thewritememorycommandtocopythechangestothestartup-configfile.
Syntax: writememory
Savestherunningconfigurationfiletothestartup-config.
Thesavedconfigurationbecomestheboot-upconfiguration
oftheswitchonthenextboot.
Forexample,thedefaultportmodesettingisauto.Supposethatyournetwork
usesCat3wiringandyouwanttoconnecttheswitchtoanotherautosensing
devicecapableof100Mbpsoperation.Because100MbpsoverCat3wiring
canintroducetransmissionproblems,therecommendedportmodeisauto-10,
whichallowstheporttonegotiatefull-orhalf-duplex,butrestrictsspeedto
10Mbps.ThefollowingcommandconfiguresportA5toauto-10modeinthe
running-configfile,allowingyoutoobserveperformanceonthelinkwithout
makingthemodechangepermanent.
ProCurve(config)# interface e a5 speed-duplex auto-10
Afteryouaresatisfiedthatthelinkisoperatingproperly,youcansavethe
changetotheswitchspermanentconfiguration(thestartup-configfile)by
executingthefollowingcommand:
ProCurve(config)# write memory
Thenewmode(auto-10)onportA5isnowsavedinthestartup-configfile,and
thestartup-configandrunning-configfilesareidentical.Ifyousubsequently
reboottheswitch,theauto-10modeconfigurationonportA5willremain
becauseitisincludedinthestartup-configfile.
HowToCancelChangesYouHaveMadetotheRunning-ConfigFile.
IfyouusetheCLItochangeparametersettingsintherunning-configfile,and
thendecidethatyoudontwantthosechangestoremain,youcanuseeither
ofthefollowingmethodstoremovethem:
Manuallyentertheearliervaluesyouhadforthechangedsettings.(This
isrecommendedifyouwanttorestoreasmallnumberofparameter
settingstotheirpreviousboot-upvalues.)
Updatetherunning-configfiletomatchthestartup-configfilebyreboot-
ingtheswitch.(Thisisrecommendedifyouwanttorestorealarger
numberofparametersettingstotheirpreviousboot-upvalues.)
6-7
IfyouusetheCLItochangeaparametersetting,andthenexecutetheboot
commandwithoutfirstexecutingthewritememorycommandtosavethe
change,theswitchpromptsyoutospecifywhethertosavethechangesinthe
currentrunning-configfile.Forexample:
ProCurve(config)# interface e 1 disable
Disablesport1intherunningconfiguration,whichcausesport1toblockalltraffic.
ProCurve(config)# boot
Device will be rebooted, do you want to continue [y/n]? y
Do you want to save current configuration [y/n]?
Press[Y]tocontinuetherebootingprocess.
Youwillthenseethisprompt.
Figure6-2.BootPromptforanUnsavedConfiguration
Theabovepromptmeansthatoneormoreparametersettingsintherunning-
configfiledifferfromtheircounterpartsinthestartup-configfileandyouneed
tochoosewhichconfigfiletoretainandwhichtodiscard.
Ifyouwanttoupdatethestartup-configfiletomatchtherunning-config
file,press[Y]foryes.(Thismeansthatthechangesyouenteredinthe
running-configfilewillbesavedinthestartup-configfile.)
Ifyouwanttodiscardthechangesyoumadetotherunning-configfileso
thatitwillmatchthestartup-configfile,thenpress[N]forno.(This
meansthattheswitchwilldiscardthechangesyouenteredintherunning-
configfileandwillupdatetherunning-configfiletomatchthestartup-
configfile.)
Not e IfyouusetheCLItomakeachangetotherunning-configfile,youshould
eitherusethewritememorycommandorselectthesaveoptionallowedduring
areboot(figure6-6-2,above)tosavethechangetothestartup-configfile.That
is,ifyouusetheCLItochangeaparametersetting,butthenreboottheswitch
fromeithertheCLIorthemenuinterfacewithoutfirstexecutingthewrite
memorycommandintheCLI,thecurrentstartup-configfilewillreplacethe
running-configfile,andanychangesintherunning-configfilewillbelost.
UsingtheSavecommandinthemenuinterfacedoesnotsaveachangemade
totherunningconfigbytheCLIunlessyouhavealsomadeaconfiguration
changeinthemenuinterface.Also,themenuinterfacedisplaysthecurrent
running-configvalues.Thus,whereaparametersettingisaccessiblefromboth
theCLIandthemenuinterface,ifyouchangethesettingintheCLI,thenew
6-8
UsingtheMenuandWebBrowserInterfacesToImplementConfigurationChanges
valuewillappearinthemenuinterfacedisplayforthatparameter.However,
asindicatedabove,unlessyoualsomakeaconfigurationchangeinthe
menuinterface,onlythewritememorycommandintheCLIwillactuallysave
thechangetothestartup-configfile.
HowToResetthestartup-configandrunning-configFilestothe
FactoryDefaultConfiguration. Thiscommandrebootstheswitch,
replacingthecontentsofthecurrentstartup-configandrunning-configfiles
withthefactory-defaultstartupconfiguration.
Syntax: erasestartup-config
Forexample:
ProCurve(config)# erase startup-config
Configuration will be deleted and device rebooted, continue [y/n]?
Figure6-3.Exampleoferasestartup-configCommand
Press[y]toreplacethecurrentconfigurationwiththefactorydefaultconfig-
urationandreboottheswitch.Press[n]toretainthecurrentconfigurationand
preventareboot.
UsingtheMenuandWebBrowser
InterfacesToImplementConfiguration
Changes
Themenuandwebbrowserinterfacesoffertheseadvantages:
Quick,easymenuorwindowaccesstoasubsetofswitchconfiguration
features
Viewingseveralrelatedconfigurationparametersinthesamescreen,with
theirdefaultandcurrentsettings
Immediatelychangingboththerunning-configfileandthestartup-config
filewithasinglecommand
6-9
Menu:ImplementingConfigurationChanges
Youcanusethemenuinterfacetosimultaneouslysaveandimplementasubset
ofswitchconfigurationchangeswithouthavingtoreboottheswitch.Thatis,
whenyousaveaconfigurationchangeinthemenuinterface,yousimultane-
ouslychangeboththerunning-configfileandthestartup-configfile.
Not e TheonlyexceptiontothisoperationaretwoVLAN-relatedparameterchanges
thatrequirearebootdescribedunderRebootingToActivateConfiguration
Changesonpage6-11.
UsingSaveandCancelintheMenuInterface
Foranyconfigurationscreeninthemenuinterface,theSavecommand:
1. Implementsthechangesintherunning-configfile
2. Savesyourchangestothestartup-configfile
Ifyoudecidenottosaveandimplementthechangesinthescreen,select
Canceltodiscardthemandcontinueswitchoperationwiththecurrentoper-
ation.Forexample,supposeyouhavemadethechangesshownbelowinthe
SystemInformationscreen:
Tosaveand
implementthe
changesforall
parametersinthis
screen,pressthe
[Enter]key,then
press[S](forSave).
Tocancelall
changes, pressthe
[Enter]key,then
press[C](forCancel)
Figure6-4. ExampleofPendingConfigurationChangesYouCanSaveorCancel
Not e IfyoureconfigureaparameterintheCLIandthengotothemenuinterface
withoutexecutingawritememorycommand,thosechangesarestoredonlyin
therunningconfiguration(evenifyouexecuteaSaveoperationinthemenu
interface).Ifyouthenexecuteaswitchbootcommandinthemenuinterface,
6-10

theswitchdiscardstheconfigurationchangesmadewhileusingtheCLI.To
ensurethatchangesmadewhileusingtheCLIaresaved,executewritememory
intheCLIbeforerebootingtheswitch.
RebootingfromtheMenuInterface
Terminatesthecurrentsessionandperformsaresetoftheoperating
system
Activatesanyconfigurationchangesthatrequireareboot
Resetsstatisticalcounterstozero
(Notethatstatisticalcounterscanberesettozerowithoutrebootingthe
switch.
ToReboottheswitch,usetheRebootSwitchoptionintheMainMenu.(Note
thattheRebootSwitchoptionisnotavailableifyoulogoninOperatormode;
thatis,ifyouenteranOperatorpasswordinsteadofamanagerpasswordat
thepasswordprompt.)
===========================- TELNET - MANAGER MODE - ===========================
Mai n Menu
1. St at us and Count er s. . .
2. Swi t ch Conf i gur at i on. . .
3. Consol e Passwor ds. . .
4. Event Log
5. Command Li ne ( CLI )
6. Reboot Swi t ch OptionalReboot
7. Downl oad OS SwitchCommand
8. Run Set up
9. St acki ng. . .
0. Logout
Pr ovi des t he menu t o di spl ay conf i gur at i on, st at us, and count er s.
To sel ect menu i t em, pr ess i t emnumber , or hi ghl i ght i t emand pr ess <Ent er >.
Figure6-5. TheRebootSwitchOptionintheMainMenu
RebootingToActivateConfigurationChanges.Configurationchanges
formostparametersbecomeeffectiveassoonasyousavethem.However,
youmustreboottheswitchinordertoimplementachangeintheMaximum
VLANstosupportparameter.
(Toaccesstheseparameters,gototheMainmenuandselect2.Switch
Configuration,then8.VLANMenu,then1.VLANSupport.)
6-11
Ifconfigurationchangesrequiringareboothavebeenmade,theswitch
displaysanasterisk(*)nexttothemenuiteminwhichthechangehasbeen
made.Forexample,ifyouchangeandsaveparametervaluesfortheMaximum
VLANstosupportparameter,anasteriskappearsnexttotheVLANSupportentryin
theVLANMenuscreen,andalsonexttotheSwitchConfigurationentryinthe
Mainmenu,asshowninFigure6-6:
Reminderto
reboottheswitch
toactivate
configuration
changes.
Asteriskindicates
aconfiguration
changethat
requiresareboot
inordertotake
effect.
Figure6-6. IndicationofaConfigurationChangeRequiringaReboot
Web:ImplementingConfigurationChanges
Youcanusethewebbrowserinterfacetosimultaneouslysaveandimplement
asubsetofswitchconfigurationchangeswithouthavingtoreboottheswitch.
Thatis,whenyousaveaconfigurationchange(inmostcases,byclickingon
[ApplyChanges]or[ApplySettings],yousimultaneouslychangeboththerunning-
configfileandthestartup-configfile.
Not e IfyoureconfigureaparameterintheCLIandthengotothebrowserinterface
withoutexecutingawritememorycommand,thosechangeswillbesavedto
thestartup-configfileifyouclickon[ApplyChanges]or[ApplySettings]intheweb
browserinterface.
6-12
UsingPrimaryandSecondaryFlashImageOptions
UsingPrimaryandSecondaryFlash
ImageOptions
Theswitchescoveredinthisguidefeaturetwoflashmemorylocationsfor
storingswitchsoftwareimagefiles:
PrimaryFlash:Thedefaultstorageforaswitchsoftwareimage.
SecondaryFlash:Theadditionalstorageforanalternateswitchsoftware
image.
WiththePrimary/Secondaryflashoptionyoucantestanewimageinyour
systemwithouthavingtoreplaceapreviouslyexistingimage.Youcanalso
usetheimageoptionsfortroubleshooting.Forexample,youcancopya
problemimageintoSecondaryflashforlateranalysisandplaceanother,
provenimageinPrimaryflashtorunyoursystem.Theswitchcanuseonly
oneimageatatime.
Thefollowingtasksinvolveprimary/secondaryflashoptions:
Displayingthecurrentflashimagedataanddeterminingwhichswitch
softwareversionsareavailable
Switchsoftwaredownloads
Replacingandremoving(erasing)alocalswitchsoftwareversion
Systembooting
DisplayingtheCurrentFlashImageData
Usethecommandsinthissectionto:
Determinewhetherthereareflashimagesinbothprimaryandsecondary
flash
Determinewhethertheimagesinprimaryandsecondaryflasharethe
same
Identifywhichswitchsoftwareversioniscurrentlyrunning
ViewingtheCurrentlyActiveFlashImageVersion.Thiscommand
identifiesthesoftwareversiononwhichtheswitchiscurrentlyrunning,and
whethertheactiveversionwasbootedfromtheprimaryorsecondaryflash
image.
Syntax:showversion
6-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Forexample,iftheswitchisusingasoftwareversionofW.14.XXstoredin
Primaryflash,showversionproducesthefollowing:
Pr oCur ve( conf i g) # show ver si on
I mage st amp: / su/ code/ bui l d/ i nf o( s01)
J un 01 2008 10: 50: 26
W. 14. XX
1223
Boot I mage: Pr i mar y
Figure6-7. ExampleShowingtheIdentityoftheCurrentFlashImage
DeterminingWhethertheFlashImagesAreDifferentVersions. Ifthe
flashimagesizesinprimaryandsecondaryarethesame,theninalmostevery
case,theprimaryandsecondaryimagesareidentical.Thiscommandprovides
acomparisonofflashimagesizes,plusthebootROMversionandfromwhich
flashimagetheswitchbooted.Forexample,inthefollowingcase,theimages
aredifferentversionsoftheswitchsoftware,andtheswitchisrunningonthe
versionstoredinthesecondaryflashimage:
Pr oCur ve( conf i g) # show f l ash
I mage Si ze( Byt es) Dat e Ver si on Bui l d #
Pr i mar y I mage : 7493854 03/ 21/ 07 W. 14. 29 1617
Secondar y I mage : 7463821 03/ 23/ 07 W. 14. 30 1700
Boot RomVer si on: W. 14. 01
Def aul t Boot : Pr i mar y
Willbootfromprimaryflash
onthenextboot.
Figure6-8. ExampleShowingDifferentFlashImageVersions
DeterminingWhichFlashImageVersionsAreInstalled.Theshowver-
sioncommanddisplayswhichsoftwareversiontheswitchiscurrentlyrunning
andwhetherthatversionbootedfromprimaryorsecondaryflash.Thus,ifthe
switchbootedfromprimaryflash,youwillseetheversionnumberofthe
softwareversionstoredinprimaryflash,andiftheswitchbootedfrom
secondaryflash,youwillseetheversionnumberofthesoftwareversion
storedinsecondaryflash.Thus,byusingshowversion,thenrebootingthe
switchfromtheoppositeflashimageandusingshowversionagain,youcan
determinetheversion(s)ofswitchsoftwareinbothflashsources.Forexam-
ple:
6-14

I mage st amp: / sw/ code/ bui l d/ i nf o( s02)
Sept 01 2008 14. 03. 06
W. 14. 02
45
Boot I mage: Pr i mar y
Pr oCur ve( conf i g) # boot syst emf l ash secondar y
Devi ce wi l l be r eboot ed, do you want t o cont i nue [ y/ n] ? y
.
.
.
Pr oCur ve> show ver si on
I mage st amp: / sw/ code/ bui l d/ i nf o( s01)
1. Inthisexampleshow
versionindicatesthe
switchhasversion
W.14.02inprimaryflash.
2. Afterthebootsystem
command,showversion
indicatesthatversion
W.14.01isinsecondary
flash.
Pr oCur ve( conf i g) # show ver si on
Sept 01 2008 11. 14. 33
W. 14. 01
56
Boot I mage: Secondar y
Figure6-9. DeterminingtheSoftwareVersioninPrimaryandSecondaryFlash
SwitchSoftwareDownloads
Thefollowingtableshowstheswitchsoptionsfordownloadingasoftware
versiontoflashandbootingtheswitchfromflash
Table6-1. Primary/SecondaryMemoryAccess
Action Menu CLI Web
Browser
SNMP
DownloadtoPrimary Yes Yes Yes Yes
DownloadtoSecondary No Yes No Yes
BootfromPrimary Yes Yes Yes Yes
BootfromSecondary No Yes No Yes
Thedifferentsoftwaredownloadoptionsinvolvedifferentcopycommands,
plusxmodem,usb,andtftp.ThesetopicsarecoveredinAppendixA,File
Transfers.
DownloadInterruptions.Inmostcases,ifapowerfailureorothercause
interruptsaflashimagedownload,theswitchrebootswiththeimageprevi-
ouslystoredinprimaryflash.Intheunlikelyeventthattheprimaryimageis
corrupted,asaresultofaninterruption,theswitchwillrebootfromsecondary
6-15
flashandyoucaneithercopythesecondaryimageintoprimaryordownload
anotherimagetoprimaryfromanexternalsource.RefertoAppendixA,File
Transfers.
LocalSwitchSoftwareReplacementandRemoval
Thissectiondescribescommandsforerasingasoftwareversionandcopying
anexistingsoftwareversionbetweenprimaryandsecondaryflash.
Not e Itisnotnecessarytoerasethecontentofaflashlocationbeforedownloading
anothersoftwarefile.Theprocessautomaticallyoverwritesthepreviousfile
withthenewfile.Ifyouwanttoremoveanunwantedsoftwareversionfrom
flash,ProCurverecommendsthatyoudosobyoverwritingitwiththesame
softwareversionthatyouareusingtooperatetheswitch,orwithanother
acceptablesoftwareversion.Tocopyasoftwarefilebetweentheprimaryand
secondaryflashlocations,refertoCopyingaSwitchSoftwareImagefrom
OneFlashLocationtoAnother,below.
Thelocalcommandsdescribedhereareforflashimagemanagementwithin
theswitch.Todownloadasoftwareimagefilefromanexternalsource,refer
toAppendixA,FileTransfers.
CopyingaSwitchSoftwareImagefromOneFlashLocationto
Another. Whenyoucopytheflashimagefromprimarytosecondaryorthe
reverse,theswitchoverwritesthefileinthedestinationlocationwithacopy
ofthefilefromthesourcelocation.Thismeansyoudonothavetoerasethe
currentimageatthedestinationlocationbeforecopyinginanewimage.
Ca u t i o n Verifythatthereisanacceptablesoftwareversioninthesourceflashlocation
fromwhichyouaregoingtocopy.Usetheshowflashcommandor,ifnecessary,
theprocedureunderDeterminingWhichFlashImageVersionsAreInstalled
onpage6-14toverifyanacceptablesoftwareversion.Attemptingtocopyfrom
asourceimagelocationthathasacorruptedflashimageoverwritestheimage
inthedestinationflashlocation.Inthiscase,theswitchwillnothaveavalid
flashimageineitherflashlocation,butwillcontinuerunningonatemporary
flashimageinRAM.Donotreboottheswitch.Instead,immediatelydownload
anothervalidflashimagetoprimaryorsecondaryflash.Otherwise,ifthe
switchisrebootedwithoutasoftwareimageineitherprimaryorsecondary
flash,thetemporaryflashimageinRAMwillbeclearedandtheswitchwillgo
down.Torecover,refertoRestoringaFlashImageonpageC-85(inthe
TroubleshootingAppendix).
6-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Syntax: copyflashflash<destinationflash>
where:destinationflash=primaryorsecondary:
Forexample,tocopytheimageinsecondaryflashtoprimaryflash:
1. Verifythatthereisavalidflashimageinthesecondaryflashlocation.The
followingfigureindicatesthatasoftwareimageispresentinsecondary
flash.(Ifyouareunsurewhethertheimageissecondaryflashisvalid,try
bootingfromitbeforeyouproceed,byusingbootsystemflashsecondary.)
I mage Si ze( Byt es) Dat e Ver si on Bui l d #
Pr i mar y I mage : 7856393 07/ 29/ 08 W. 14. XX 1033
Secondar y I mage : 9012168 09/ 16/ 08 W. 14. XX 972
Boot RomVer si on: W. 14. 01
Def aul t Boot : Secondar y
Theunequalcode
size,differingdates,
anddiffering
versionnumbers
indicatestwo
differentversionsof
thesoftware.
Figure610. ExampleIndicatingTwoDifferentSoftwareVersionsinPrimaryandSecondaryFlash
Executethecopycommandasfollows:
ProCurve(config)# copy flash flash primary
ErasingtheContentsofPrimaryorSecondaryFlash. Thiscommand
deletesthesoftwareimagefilefromthespecifiedflashlocation.
Caution: Beforeusingthiscommandinoneflashimagelocation(primaryorsecond-
ary),ensurethatyouhaveavalidsoftwarefileintheotherflashimagelocation
NoUndo! (secondaryorprimary).Iftheswitchhasonlyoneflashimageloaded(ineither
primaryorsecondaryflash)andyouerasethatimage,thentheswitchdoes
nothaveasoftwareimagestoredinflash.Inthiscase,ifyoudonotrebootor
powercycletheswitch,youcanrecoverbyusingxmodemortftptodownload
anothersoftwareimage.
Syntax: eraseflash<primary|secondary>
Forexample,toerasethesoftwareimageinprimaryflash,dothefollowing:
1. Firstverifythatausableflashimageexistsinsecondaryflash.Themost
reliablewaytoensurethisistoreboottheswitchfromtheflashimage
youwanttoretain.Forexample,ifyouareplanningtoerasetheprimary
image,thenfirstrebootfromthesecondaryimagetoverifythatthe
secondaryimageispresentandacceptableforyoursystem:
ProCurve# boot system flash secondary
6-17
2. Thenerasethesoftwareimageintheselectedflash(inthiscase,primary):
Thepromptshowswhichflash
locationwillbeerased.
Figure6-11. ExampleofEraseFlashPrompt
3. Typeyattheprompttocompletetheflasherase.
4. Useshowflashtoverifyerasureoftheselectedsoftwareflashimage
Compr essed Pr i mar y Code si ze = 0
Compr essed Secondr y Code si ze = 1555803
Boot RomVer si on:
Cur r ent Boot :
W. 14. 01
Secondar y
The0here
showsthat
primaryflashhas
beenerased.
Figure6-12. ExampleofShowFlashListingAfterErasingPrimaryFlash
RebootingtheSwitch
OperatingNotesaboutBooting
DefaultBootSource.Theswitchrebootsfromprimaryflashbydefault
unlessyouspecifythesecondaryflashbyenteringeitherthebootsystemflash
[primary|secondary]orbootset-defaultflash[primary|secondary]command.
Boththebootcommandandthereloadcommandwillrebootbasedonhow
theseoptionshavebeenselected.
BootAttemptsfromanEmptyFlashLocation.Inthiscase,theswitch
abortstheattemptanddisplays
Image does not exist
Operation aborted.
InteractionofPrimaryandSecondaryFlashImageswiththeCurrent
Configuration.Theswitchhasonestartup-configfile(page6-3),whichit
alwaysusesforreboots,regardlessofwhethertherebootisfromprimaryor
secondaryflash.Also,forrebootingpurposes,itisnotnecessaryforthe
softwareimageandthestartup-configfiletosupportidenticalsoftwarefea-
tures.Forexample,supposeyouhavejustdownloadedasoftwareupgrade
thatincludesnewfeaturesthatarenotsupportedinthesoftwareyouusedto
createthecurrentstartup-configfile.Inthiscase,thesoftwaresimplyassigns
6-18
factory-defaultvaluestotheparameterscontrollingthenewfeatures.Simi-
larly,Ifyoucreateastartup-configfilewhileusingaversionYoftheswitch
software,andthenreboottheswitchwithanearliersoftwareversionXthat
doesnotincludeallofthefeaturesfoundinY,thesoftwaresimplyignores
theparametersforanyfeaturesthatitdoesnotsupport.
ScheduledReload.Ifnoparametersareenteredafterthereloadcommand,
animmediaterebootisexecuted.Thereloadatandreloadaftercommand
informationisnotsavedacrossreboots.Iftheswitchisrebootedbeforea
scheduledreloadcommandisexecuted,thecommandiseffectivelycancelled.
Whenenteringareloadatorreloadaftercommand,apromptwillappearto
confirmthecommandbeforeitcanbeprocessedbytheswitch.Forthereload
atcommand,ifmm/dd/yyareleftblank,thecurrentdayisassumed.
Thescheduledreloadfeatureremovestherequirementtophysicallyreboot
theswitchatinconvenienttimes(forexample,at1:00inthemorning).Instead,
areloadat1:00mm/ddcommandcanbeexecuted(wheremm/ddisthedate
theswitchisscheduledtoreboot).
BootandReloadCommandComparison
Theswitchoffersrebootoptionsthroughthebootandreloadcommands,plus
theoptionsinherentinadual-flashimagesystem.Generally,usingboot
providesmorecomprehensiveself-testing;usingreloadgivesyouafaster
reboottime.
Table6-2. ComparingtheBootandReloadCommands
Actions IncludedIn
Boot?
IncludedInReload Note
Saveall Optional, Optionalwithreload Configchangessavedto
configuration
changessincethe
lastbootorreload
withprompt <cr>,whenprompt
displays.
Notsavedwithreload
at/aftercommands;
Nopromptisdisplayed.
thestartup-configfileif
yisselected(reload
command).
Performallsystem
self-tests
Yes No Thereloadcommand
providesafastersystem
reboot.
Choiceofprimaryor
secondaryflash
image
Yes NoUsesthecurrent
flashimage.
Performascheduled
reboot
No Yes Usethereloadcommand
withafter/atparameters
(seepage6-22fordetails).
6-19
SettingtheDefaultFlash
Youcanspecifythedefaultflashtobootfromonthenextbootbyenteringthe
bootset-defaultflashcommand.
Syntax: bootset-defaultflash[primary|secondary]
Uponbooting,setthedefaultflashforthenextboottoprimary
orsecondary.
BootingfromtheDefaultFlash(PrimaryorSecondary)
Thebootcommandbootstheswitchfromtheflashimagethatyouare
currentlybootedon,ortheflashimagethatwasseteitherbythebootset-
defaultcommandorbythelastexecutedbootsystemflash<primary|secondary>
command.Thiscommandalsoexecutesthecompletesetofsubsystemself-
tests.Youhavetheoptionofspecifyingaconfigurationfile.
Syntax: boot[system[flash<primary|secondary>][configFILENAME]
Rebootstheswitchfromtheflashthatyouarecurrentlybooted
on(primaryorsecondary).Youcanselectwhichimageto
bootfromduringthebootprocessitself.
Note:Thisischangedfromalwaysbootingfromprimary
flash.Youarepromptedwithamessagewhichwillindicate
theflashbeingbootedfrom.
system:Bootstheswitch.Youcanspecifytheflashimageto
bootfrom.
config:Youcanoptionallyselectaconfigurationfilefrom
whichtoboot.
BootingfromaSpecifiedFlash
Thisversionofthebootcommandgivesyoutheoptionofspecifyingwhether
torebootfromprimaryorsecondaryflash,andistherequiredcommandfor
rebootingfromsecondaryflash.Thisoptionalsoexecutesthecompleteset
ofsubsystemself-tests.
Syntax:bootsystemflash<primary|secondary>
Forexample,toreboottheswitchfromsecondaryflashwhenthereareno
pendingconfigurationchangesintherunning-configfile:
6-20
Pr oCur ve( conf i g) # boot syst emf l ash secondar y
Syst emwi l l be r eboot ed f r omsecondar y i mage. Do you want t o cont i nue [ y/ n] ?
Figure6-13. ExampleofBootCommandwithSecondaryFlashOption
Intheaboveexample,typingeitherayornatthesecondpromptinitiatesthe
rebootoperation.
UsingtheFastbootfeature. Thefastbootcommandallowsaboot
sequencethatskipstheinternalpower-onself-tests,resultinginafasterboot
time.
Syntax: [no]fastboot
Enablesthefastbootoption
Thenooptiondisablesthefeature.
Syntax: showfastboot
Showsthestatusofthefastbootfeature,eitherenabledor
disabled.
Thefastbootcommandisshownbelow.
Pr oCur ve( conf i g) # f ast boot
UsingReload
TheReloadcommandrebootstheswitchfromtheflashimagethatyouare
currentlybootedon(primaryorsecondary)ortheflashimagethatwasset
eitherbythebootset-defaultcommandorbythelastexecutedbootsystemflash
<primary|secondary>command.Becausereloadbypassessomesubsystem
self-tests,theswitchrebootsfasterthanifyouuseeitherofthebootcommand
options.
Syntax:reload
Forexample,ifyouchangethenumberofVLANstheswitchsupports,you
mustreboottheswitchinordertoimplementthechange.Thereloadcommand
promptsyoutosaveordiscardtheconfigurationchanges.
6-21
ScheduledReload. Additionalparametershavebeenaddedtothereload
commandtoallowforascheduledrebootoftheswitchviatheCLI.
Syntax:[no]reload[after<[dd:]hh:]mm>|at<hh:mm[:ss]>[<mm/dd[/[yy]yy]>]]
Enablesascheduledwarmrebootoftheswitch.Theswitchboots
upwiththesamestartupconfigfileandusingthesameflash
imageasbeforethereload.
Parametersinclude:
after:Schedulesa warmrebootoftheswitchafteragiven
amountoftimehaspassed.
at:Schedulesawarmrebootoftheswitchatagiventime.
Thenoformofthecommandremovesapendingrebootrequest.
Formoredetailsandexamples,seebelow.
Thescheduledreloadfeatureremovestherequirementtophysicallyreboot
theswitchatinconvenienttimes(forexample,at1:00inthemorning).Instead,
areloadat1:00mm/ddcommandcanbeexecuted(wheremm/ddisthedate
theswitchisscheduledtoreboot).
Not e Configurationchangesarenotsavedwithreloadatorreloadaftercommands.
Noprompttosaveconfigurationfilechangesisdisplayed.SeeTable6-2on
page6-19.
Examplesofscheduledreloadcommands:
Toscheduleareloadin15minutes:
Pr oCur ve# r el oad af t er 15
Toscheduleareloadin3hours:
Pr oCur ve# r el oad af t er 03: 00
Toscheduleareloadforthesametimethefollowingday:
Pr oCur ve# r el oad af t er 01: 00: 00
Toscheduleareloadforthesamedayat12:05:
Pr oCur ve# r el oad at 12: 05
Toscheduleareloadonsomefuturedate:
Pr oCur ve# r el oad at 12: 05 01/ 01/ 2008
6-22
Action Page
ListingandDisplayingStartup-ConfigFiles 6-27
ChangingorOverridingtheRebootConfigurationPolicy 6-28
ManagingStartup-ConfigFiles
RenamingStartup-ConfigFiles 6-31
CopyingStartup-ConfigFiles 6-31
ErasingStartup-ConfigFiles 6-32
EffectofUsingtheClear+ResetButtons 6-34
CopyingStartup-ConfigFilestoorfromaRemoteServer 6-35
Thismethodofoperationmeansthatyoucannotpreservedifferentstartup-
configfilesacrossarebootwithoutusingremotestorage.
Theswitchallowsuptothreestartup-configfileswithoptionsforselecting
whichstartup-configfiletousefor:
Afixedrebootpolicyusingaspecificstartup-configfileforaspecificboot
path(primaryorsecondaryflash)
Overridingthecurrentrebootpolicyonaper-instancebasis
BootCommand
SecondaryBootPath
PrimaryBootPath
Startup-Config
Options:
File1
File2
File3
Running-Config
Figure6-14. OptionalRebootProcess
Whileyoucanstilluseremotestorageforstartup-configfiles,youcannow
maintainmultiplestartup-configfilesontheswitchandchoosewhichversion
touseforarebootpolicyoranindividualreboot.
Thischoiceofwhichconfigurationfiletouseforthestartup-configatreboot
providesthefollowingnewoptions:
Theswitchcanrebootwithdifferentconfigurationoptionswithouthaving
toexchangeoneconfigurationfileforanotherfromaremotestorage
location.
6-23
Transitionsfromonesoftwarereleasetoanothercanbeperformedwhile
maintainingaseparateconfigurationforthedifferentsoftwarerelease
versions.
Bysettingarebootpolicyusingaknowngoodconfigurationandthen
overridingthepolicyonaper-instancebasis,youcantestanewconfigu-
rationwiththeprovisionthatifanunattendedrebootoccurs,theswitch
willcomeupwiththeknown,goodconfigurationinsteadofrepeatinga
rebootwithamisconfiguration.
GeneralOperation
MultipleConfigurationStorageintheSwitch.Theswitchusesthree
memoryslots,withidentity(id)numbersof1,2,and3.
MemorySlots
forDifferent
Startup-Config
Files
Astartup-configfilestoredinamemoryslothasaunique,changeablefile
name.Theswitchescoveredinthisguidecanusethestartup-configinanyof
thememoryslots(ifthesoftwareversionsupportstheconfiguredfeatures).
BootOptions. Withmultiplestartup-configfilesintheswitchyoucanspec-
ifyapolicyfortheswitchtouseuponreboot.Theoptionsinclude:
Usethedesignatedstartup-configfilewitheitherorbothrebootpaths
(primaryorsecondaryflash)
Overridethecurrentrebootpolicyforonerebootinstancebyspecifying
abootpath(primaryorsecondaryflash)andthestartup-configfiletouse.
ChangingtheStartup-ConfigFile.Whentheswitchreboots,thestartup-
configfilesuppliestheconfigurationfortherunning-configfiletheswitchuses
tooperate.Makingchangestotherunning-configfileandthenexecutinga
write-memcommand(or,intheMenuinterface,theSavecommand)are
writtenbacktothestartup-configfileusedatthelastreboot.Forexample,
supposethatasystemadministratorperformsthefollowingonaswitchthat
hastwostartup-configfiles(workingConfigandbackupConfig):
1. ReboottheswitchthroughthePrimarybootpathusingthestartup-config
filenamedbackupConfig.
6-24
2. UsetheCLItomakeconfigurationchangesintherunning-configfile,and
thenexecutewritemem.
Theresultisthatthestartup-configfileusedtoreboottheswitchismodified
bytheactionsinstep2.
BootCommand
PrimaryBootPath
ActiveStartup-ConfigFile:
backupConfig
IdleStartup-ConfigFile:
workingConfig
GeneratedRunning-ConfigFile
UseCLIToChangeRunning-Config
ExecutewritememToSaveChangesto
SourceStartup-ConfigFile
Figure6-15. ExampleofRebootProcessandMakingChangestotheStartup-
ConfigFile
CreatinganAlternateStartup-ConfigFile. Therearetwomethodsfor
creatinganewconfigurationfile:
Copyanexistingstartup-configfiletoanewfilename,thenrebootthe
switch,makethedesiredchangestotherunning-configfile,thenexecute
writememory.(Refertofigure6-6-15,above.)
Erasetheactivestartup-configfile.Thisgeneratesanew,defaultstartup-
configfilethatalwaysresultswhentheswitchautomaticallyrebootsafter
deletionofthecurrentlyactivestartup-configfile.(RefertoErasinga
Startup-ConfigFileonpage6-32.)
TransitioningtoMultipleConfigurationFiles
Atthefirstrebootwithasoftwarereleasesupportingmultipleconfiguration,
theswitch:
AssignsthefilenameoldConfigtotheexistingstartup-configfile(whichis
storedinmemoryslot1).
6-25
Savesacopyoftheexistingstartup-configfileinmemoryslot2withthe
filenameworkingConfig.
AssignstheworkingConfigfileastheactiveconfigurationandthedefault
configurationforallsubsequentrebootsusingeitherprimaryorsecond-
aryflash.
Figure6-16. SwitchMemoryAssignmentsAftertheFirstRebootfromSoftware
SupportingMultipleConfiguration
Intheabovestate,theswitchalways:
UsestheworkingConfigfiletoreboot
Thecommandsdescribedlaterinthissectionenableyoutoviewthecurrent
multipleconfigurationstatus,managemultiplestartup-configfiles,configure
rebootpolicies,andoverriderebootpoliciesonaper-instancebasis.
6-26
ListingandDisplayingStartup-ConfigFiles
Command Page
showconfigfiles Below
showconfig<filename> 6-28
ConfigurationEnabled
Rebootingtheswitchautomaticallyenablesthemultipleconfigurationfea-
ture.
Syntax: showconfigfiles
Thiscommanddisplaystheavailablestartup-configfileson
theswitchandthecurrentuseofeachfile.
id:Identifiesthememoryslotforeachstartup-configfile
availableontheswitch.
act:Anasterisk(*)inthiscolumnindicatesthatthe
correspondingstartup-configfileiscurrentlyinuse.
pri:Anasterisk(*)inthiscolumnindicatesthatthe
correspondingstartup-configfileiscurrentlyassignedtothe
primarybootpath.
sec:Anasterisk(*)inthiscolumnindicatesthatthe
correspondingstartup-configfileiscurrentlyassignedtothe
secondarybootpath.
name:Showsthefilenameforeachlistedstartup-configfilein
theswitch.RefertoRenaminganExistingStartup-Config
Fileonpage6-31forthecommandyoucanusetochange
existingstartup-configfilenames.
Inthedefaultconfiguration,iftheswitchwasshippedfrom
thefactorywithsoftwareinstalledinboththeprimaryand
secondarybootpaths,thenonestartup-configfilenamed
config1isusedforbothpathsandisstoredinmemoryslot1.
Memoryslots2and3areemptyinthisdefaultconfiguration.
6-27
DisplayingtheContentofASpecificStartup-ConfigFile
WithMultipleConfigurationenabled,theswitchcanhaveuptothreestartup-
configfiles.Becausetheshowconfigcommandalwaysdisplaysthecontentof
thecurrentlyactivestartup-configfile,thecommandextensionshownbelow
isneededtoallowviewingthecontentsofanyotherstartup-configfilesstored
intheswitch.
Syntax: showconfig<filename>
Thiscommanddisplaysthecontentofthespecifiedstartup-
configfileinthesamewaythattheshowconfigcommand
displaysthecontentofthedefault(currentlyactive)startup-
configfile.
ChangingorOverridingtheRebootConfiguration
Policy
Command Page
startup-default[primary|secondary]config<filename> Below
bootsystemflash<primary|secondary>config<filename> 6-30
Youcanboottheswitchusinganyavailablestartup-configfile.
ChangingtheRebootConfigurationPolicy. Foragivenreboot,the
switchautomaticallyrebootsfromthestartup-configfileassignedtotheflash
location(primaryorsecondary)beingusedforthecurrentreboot.Forexam-
ple,whenyoufirstdownloadasoftwareversionthatsupportsmultiple
configurationfilesandbootfromtheflashlocationofthisversion,theswitch
copiestheexistingstartup-configfile(namedoldConfig)intomemoryslot2,
renamesthisfiletoworkingConfig,andassignsworkingConfigas:
Theactiveconfigurationfile
Theconfigurationfiletousewhenbootingfromeitherprimaryorsecond-
aryflash.
Inthiscase,theswitchisconfiguredtoautomaticallyusetheworkingConfig
fileinmemoryslot2forallreboots.
Youcanusethefollowingcommandtochangethecurrentpolicysothatthe
switchautomaticallybootsusingadifferentstartup-configfile.
6-28
Syntax: startup-default[primary|secondary]config<filename>
Specifiesabootconfigurationpolicyoption:
[primary|secondary]config<filename>:Designatesthe
startup-configfiletouseinarebootwiththesoftware
versionstoredinaspecificflashlocation.Usethisoption
tochangetherebootpolicyforeitherprimaryor
secondaryflash,orboth.
config<filename>:Designatesthestartup-configfiletouse
forallreboots,regardlessoftheflashversionused.Use
thisoptionwhenyouwanttoautomaticallyusethesame
startup-configfileforallreboots,regardlessoftheflash
sourceused.
Forredundantmanagementsystems,thiscommandaffects
boththeactivemanagementmoduleandthestandbymanage-
mentmodule.Theconfigfileiscopiedimmediatelytothe
standbymanagementmoduleandbecomesthedefaultonthat
modulewhenthenextbootupoccurs,unlessredundancyis
disabledorthestandbymodulehasfailedselftest.
Note:Tooverridethecurrentrebootconfigurationpolicyfor
asinglerebootinstance,usethebootsystemflashcommand
withtheoptionsdescribedunderOverridingtheDefault
RebootConfigurationPolicyonpage6-30.
Forexample,suppose:
SoftwarereleaseAisstoredinprimaryflashandalatersoftwarerelease
isstoredinsecondaryflash.
Thesystemoperatorisusingmemoryslot1forareliable,minimal
configuration(namedminconfig)forthesoftwareversionintheprimary
flash,andslot2foramodifiedstartup-configfile(namednewconfig)that
includesuntestedchangesforimprovednetworkoperationwiththe
softwareversioninsecondaryflash.
Theoperatorwantstoensurethatincaseofaneedtorebootbypressingthe
Resetbutton,orifapowerfailureoccurs,theswitchwillautomaticallyreboot
withtheminimalstartup-configfileinmemoryslot1.Sincearebootdueto
pressingtheResetbuttonortoapowercyclealwaysusesthesoftwareversion
inprimaryflash,theoperatorneedstoconfiguretheswitchtoalwaysboot
fromprimaryflashwiththestartup-configfilenamedminconfig(inmemory
slot1).Also,whenevertheswitchbootsfromsecondaryflash,theoperator
alsowantsthestartup-confignamednewconfigtobeused.Thefollowingtwo
commandsconfigurethedesiredbehavior.
6-29
Pr oCur ve( conf i g) # st ar t up- def aul t pr i conf i g mi nconf i g
Pr oCur ve( conf i g) # st ar t up- def aul t sec conf i g newconf i g.
OverridingtheDefaultRebootConfigurationPolicy.Thiscommand
providesamethodformanuallyrebootingwithaspecificstartup-configfile
otherthanthefilespecifiedinthedefaultrebootconfigurationpolicy.
Syntax: bootsystemflash<primary|secondary>config<filename>
Specifiesthenameofthestartup-configfiletoapplyforthe
immediatebootinstanceonly.Thiscommandoverridesthe
currentrebootpolicy.
UsingReloadToRebootFromtheCurrentFlashImageandStartup-
ConfigFile.
Syntax: reload
Thiscommandbootstheswitchfromthecurrentlyactiveflash
imageandstartup-configfile.Becausereloadbypassessome
subsystemself-tests,theswitchbootsfasterthanifyouusea
bootcommand.
Note: Toidentifythecurrentlyactivestartup-configfile,use
theshowconfigfilescommand.
ManagingStartup-ConfigFilesintheSwitch
Command Page
renameconfig<current-filename ><newname-str> 6-31
copyconfig<source-filename>config<dest-filename> 6-31
eraseconfig<filename>|startup-config 6-32
Erasestartup-configusingthefront-panelClear+ResetButtons 6-34
6-30
RenaminganExistingStartup-ConfigFile
Syntax: renameconfig<current-filename ><newname-str>
Thiscommandchangesthenameofanexistingstartup-
configfile.Afilenamecanincludeupto63,alphanumeric
characters.Blanksareallowedinafilenameenclosedin
quotes(or).(Filenamesarenotcase-sensitive.)
CreatingaNewStartup-ConfigFile
Theswitchallowsuptothreestartup-configfiles.Youcancreateanew
startup-configfileifthereisanemptymemoryslotorifyouwanttoreplace
onestartup-configfilewithanother.
Syntax: copyconfig<source-filename>config<target-filename>
Thiscommandmakesalocalcopyofanexistingstartup-
configfilebycopyingthecontentsofanexistingstartup-
configfileinonememoryslottoanewstartup-configfilein
another,emptymemoryslot.Thisenablesyoutouseasepa-
rateconfigurationfiletoexperimentwithconfiguration
changes,whilepreservingthesourcefileunchanged.Italso
simplifiesatransitionfromonesoftwareversiontoanother
byenablingyoutopreservethestartup-configfileforthe
earliersoftwareversionwhilecreatingaseparatestartup-
configfileforthelatersoftwareversion.Withtwosuch
versionsinplace,youcaneasilyreboottheswitchwiththe
correctstartup-configfileforeithersoftwareversion.
Ifthedestinationstartup-configfilealreadyexists,itis
overwrittenbythecontentofthesourcestartup-configfile.
Ifthedestinationstartup-configfiledoesnotalreadyexist,
itwillbecreatedinthefirstemptyconfigurationmemory
slotontheswitch.
Ifthedestinationstartup-configfiledoesnotalreadyexist,
buttherearenoemptyconfigurationmemoryslotsonthe
switch,thenanewstartup-configfileisnotcreatedand
instead,theCLIdisplaysthefollowingerrormessage:
Unabletocopyconfigurationto<target-filename>.
Forexample,supposebothprimaryandsecondaryflashmemorycontain
softwarereleaseAanduseastartup-configfilenamedconfig1:
6-31
Figure6-17. ExampleofUsingOneStartup-ConfigFileforBothPrimaryand
SecondaryFlash
Ifyouwantedtoexperimentwithconfigurationchangestothesoftware
versioninsecondaryflash,youcouldcreateandassignaseparatestartup-
configfileforthispurpose.
Thefirsttwocommandscopytheconfig1
startup-configfiletoconfig2,andthen
makeconfig2thedefaultstartup-config
fileforbootingfromsecondaryflash.
Figure6-18. ExampleofCreatingandAssigningaNewStartup-ConfigFile
Not e Youcanalsogenerateanewstartup-configfilebybootingtheswitchfroma
flashmemorylocationfromwhichyouhaveerasedthecurrentlyassigned
startup-configfile.RefertoErasingaStartup-ConfigFileinthenextsection.
ErasingaStartup-ConfigFile
Youcaneraseanyofthestartup-configfilesintheswitchsmemoryslots.In
somecases,erasingafilecausestheswitchtogenerateanew,default-
configurationfilefortheaffectedmemoryslot.
6-32
Syntax: erase<config<filename>>|startup-config>
config<filename>:Thisoptionerasesthespecifiedstartup-
configfile.Ifthespecifiedfileisnotthecurrentlyactive
startup-configfile,thenthefileissimplydeletedfromthe
memoryslotitoccupies.Ifthespecifiedfileisthecurrently
activestartup-configfile,thentheswitchcreatesanew,
defaultstartup-configfilewiththesamenameastheerased
file,andbootsusingthisfile.(Thisnewstartup-configfile
containsonlythedefaultconfigurationforthesoftware
versionusedinthereboot.)
Note: Whereafileisassignedtoeithertheprimaryorthe
secondaryflash,butisnotthecurrentlyactivestartup-
configfile,erasingthefiledoesnotremovetheflash
assignmentfromthememoryslotforthatfile.Thus,ifthe
switchbootsusingaflashlocationthatdoesnothavean
assignedstartup-config,thentheswitchcreatesanew,
defaultstartup-configfileandusesthisfileinthereboot.
(Thisnewstartup-configfilecontainsonlythedefault
configurationforthesoftwareversionusedinthereboot.)
Executingwritememoryaftertherebootcausesaswitch-
generatedfilenameofconfigxtoappearintheshowconfig
filesdisplayforthenewfile,wherexcorrespondstothe
memoryslotnumber.
startup-config:Thisoptionerasesthecurrentlyactivestartup-
configfileandrebootstheswitchfromthecurrentlyactive
flashmemorylocation.Theerasedstartup-configfileis
replacedwithanewstartup-configfile.Thenewfilehas
thesamefilenameastheerasedfile,butcontainsonlythe
defaultconfigurationforthesoftwareversionintheflash
location(primaryorsecondary)usedforthereboot.For
example,supposethelastrebootwasfromprimaryflash
usingaconfigurationfilenamedminconfig.Executing
erasestartup-configreplacesthecurrentcontentofminconfig
withadefaultconfigurationandrebootstheswitchfrom
primaryflash.
6-33
Figure6-19illustratesusingeraseconfig<filename>toremoveastartup-config
file.
Figure6-19. ExampleofErasingaNon-ActiveStartup-ConfigFile
Withthesamememoryconfigurationasisshowninthebottomportionof
figure6-19,executingerasestartup-configbootstheswitchfromprimaryflash,
resultinginanewfilenamedminconfiginthesamememoryslot.Thenewfile
containsthedefaultconfigurationforthesoftwareversioncurrentlyinpri-
maryflash.
SwitchtoItsDefaultConfiguration
TheClear+ResetbuttoncombinationdescribedintheInstallationand
GettingStartedGuideproducestheseresults.Thatis,whenyoupressthe
Clear+Resetbuttoncombination,theswitch:
Overwritesthecontentofthestartup-configfilecurrentlyinmemory
slot1withthedefaultconfigurationforthesoftwareversionin
primaryflash,andrenamesthisfiletoconfig1.
Erasesanyotherstartup-configfilescurrentlyinmemory.
Configuresthenewfileinmemoryslot1asthedefaultforboth
primaryandsecondaryflashlocations(regardlessofthesoftware
versioncurrentlyinsecondaryflash).
Bootstheswitchfromprimaryflashusingthenewstartup-configfile.
6-34

Pr oCur ve( conf i g) # show conf i g f i l es
PressingClear+Reset:
Conf i gur at i on f i l es: Replacesallstartup-configfileswithasingle
filenamedconfig1thatcontainsthedefault
i d | act pr i sec | name
configurationforthesoftwareversionin
primaryflash.
- - - +- - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 | * * * | conf i g1
ResetstheActive,Primary,andSecondary
assignmentsasshownhere.
2 | |
3 | |
Figure6-20. ExampleofClear+ResetResult
TransferringStartup-ConfigFilesToorFromaRemote
Server
Command Page
copyconfig<src-file>tftp<ip-addr><remote-file><pc|unix> below
copytftpconfig<dest-file><ip-addr><remote-file ><pc|unix> below
copyconfig<src-file>xmodem<pc|unix> 6-36
copyxmodemconfig<dest-file><pc|unix> 6-37
TFTP:CopyingaConfigurationFiletoaRemoteHost
Syntax: copyconfig<src-file>tftp<ip-addr><remote-file ><pc|unix>
Thisisanadditiontothecopytftpcommandoptions.Use
thiscommandtouploadaconfigurationfilefromtheswitch
toaTFTPserver.
FormoreonusingTFTPtocopyafiletoaremoteserver,refer
toTFTP:CopyingaConfigurationFiletoaRemoteHoston
pageA-26.
Forexample,thefollowingcommandcopiesastartup-configfilenamedtest-
01fromtheswitchtoa(UNIX)TFTPserveratIPaddress10.10.28.14:
Pr oCur ve( conf i g) # copy conf i g t est - 01 t f t p 10. 10. 28. 14
t est - 01. t xt uni x
6-35
TFTP:CopyingaConfigurationFilefromaRemoteHost
Syntax: copytftpconfig<dest-file><ip-addr><remote-file><pc|unix>
Thisisanadditiontothecopytftpcommandoptions.Use
thiscommandtodownloadaconfigurationfilefromaTFTP
servertotheswitch.
Note:Thiscommandrequiresanemptymemoryslotinthe
switch.Iftherearenoemptymemoryslots,theCLIdisplays
thefollowingmessage:
Unabletocopyconfigurationto"<filename>".
FormoreonusingTFTPtocopyafilefromaremotehost,
refertoTFTP:CopyingaConfigurationFilefromaRemote
HostonpageA-27.
Forexample,thefollowingcommandcopiesastartup-configfilenamedtest-
01.txtfroma(UNIX)TFTPserveratIPaddress10.10.28.14tothefirstempty
memoryslotintheswitch:
Pr oCur ve( conf i g) # copy t f t p conf i g t est - 01 10. 10. 28. 14
t est - 01. t xt uni x
ConnectedHost
Syntax: copyconfig<filename>xmodem<pc|unix>
Thisisanadditiontothecopy<config>xmodemcommand
options.Usethiscommandtouploadaconfigurationfile
fromtheswitchtoanXmodemhost.
FormoreonusingXmodemtocopyafiletoaserially
connectedhost,refertoXmodem:CopyingaConfiguration
FiletoaSeriallyConnectedPCorUNIXWorkstationon
pageA-28.
6-36
ConnectedHost
Syntax: copyxmodemconfig<dest-file><pc|unix>
Thisisanadditiontothecopyxmodemcommandoptions.Use
thiscommandtodownloadaconfigurationfilefroman
Xmodemhosttotheswitch.
FormoreonusingXmodemtocopyafilefromaserially
connectedhost,refertoXmodem:CopyingaConfiguration
FilefromaSeriallyConnectedPCorUNIXWorkstationon
pageA-29.
OperatingNotesforMultipleConfigurationFiles
SFTP/SCP:Theconfigurationfilesareavailableforsftp/scptransferas
/cfg/<filename>.
6-37
6-38
7
InterfaceAccessandSystemInformation
Contents
Overview ..................................................... 7-2
InterfaceAccess:Console/SerialLink,Web,andInboundTelnet . 7-3
Menu:Modifying the InterfaceAccess .......................... 7-4
CLI:ModifyingtheInterface Access ............................ 7-5
DenyingInterfaceAccessbyTerminatingRemoteManagement
Sessions ...................................................... 7-9
SystemInformation .......................................... 7-11
Menu:ViewingandConfiguringSystemInformation............. 7-12
CLI:ViewingandConfiguringSystemInformation .............. 7-13
Web:ConfiguringSystemParameters ......................... 7-17
7-1
Overview
Overview
Thischapterdescribeshowto:
Viewandmodifytheconfigurationforswitchinterfaceaccess
UsetheCLIkillcommandtoterminatearemotesession
Viewandmodifyswitchsysteminformation
Forhelponhowtoactuallyusetheinterfacesbuiltintotheswitch,referto:
Chapter3,UsingtheMenuInterface
Chapter4,UsingtheCommandLineInterface(CLI)
Chapter5,UsingtheProCurveWebBrowserInterface
WhyConfigureInterfaceAccessandSystemInformation? Theinter-
faceaccessfeaturesintheswitchoperateproperlybydefault.However,you
canmodifyordisableaccessfeaturestosuityourparticularneeds.Similarly,
youcanchoosetoleavethesysteminformationparametersattheirdefault
settings.However,modifyingtheseparameterscanhelpyoutomoreeasily
distinguishonedevicefromanotherinyournetwork.
7-2
InterfaceAccess:Console/SerialLink,Web,andInboundTelnet
InterfaceAccess:Console/SerialLink,
Web,andInboundTelnet
InterfaceAccessFeatures
Feature Default Menu CLI Web
InactivityTime 0Minutes
(disabled)
page7-4 page7-7
InboundTelnetAccess Enabled page7-4 page7-5
OutboundTelnetAccess n/a page7-6
WebBrowserInterfaceAccess Enabled page7-4 page7-7
Terminaltype VT-100 page7-7
EventLogeventtypestolist All page7-7
(DisplayedEvents)
BaudRate SpeedSense page7-7
FlowControl XON/XOFF page7-7
Inmostcases,thedefaultconfigurationisacceptableforstandardoperation.
Not e Basicswitchsecurityisthroughpasswords.Youcangainadditionalsecurity
byusingthesecurityfeaturesdescribedintheAccessSecurityGuideforyour
switch.Youcanalsosimplyblockunauthorizedaccessviathewebbrowser
interfaceorTelnet(asdescribedinthissection)andinstallingtheswitchina
lockedenvironment.
7-3
Menu:ModifyingtheInterfaceAccess
Themenuinterfaceenablesyoutomodifytheseparameters:
InactivityTimeout
InboundTelnetEnabled
WebAgentEnabled
ToAccesstheInterfaceAccessParameters:
1. FromtheMainMenu,Select...
2.SwitchConfiguration...
1.SystemInformation
InterfaceAccess
Parameters
Figure7-1. TheDefaultInterfaceAccessParametersAvailableintheMenuInterface
2. Press[E](forEdit).ThecursormovestotheSystemNamefield.
3. Usethearrowkeys([v],[^],[<],[>])tomovetotheparametersyouwantto
change.
Refertotheonlinehelpprovidedwiththisscreenforfurtherinformation
onconfigurationoptionsforthesefeatures.
7-4
4. Whenyouhavefinishedmakingchangestotheaboveparameters,press
[Enter],thenpress[S](forSave).
CLI:ModifyingtheInterfaceAccess
InterfaceAccessCommandsUsedinThisSection
showconsole below
[no]telnet-server below
[no]web-management page7-7
console page7-7
ListingtheCurrentConsole/SerialLinkConfiguration.This
commandliststhecurrentinterfaceaccessparametersettings.
Syntax: showconsole
Thisexampleshowstheswitchsdefaultconsole/serialconfiguration.
InterfaceAccess
Enable/Disable
ConsoleControl
Options
EventLogEvent
TypesToList
Figure7-2. ListingofShowConsoleCommand
ReconfigureInboundTelnetAccess.Inthedefaultconfiguration,
inboundTelnetaccessisenabled.
Syntax: [no]telnet-server
TodisableinboundTelnetaccess:
Pr oCur ve( conf i g) # no t el net - ser ver
Tore-enableinboundTelnetaccess:
7-5
Pr oCur ve( conf i g) # t el net - ser ver
OutboundTelnettoAnotherDevice. Thisfeatureoperatesindepen-
dentlyofthetelnet-serverstatusandenablesyoutoTelnettoanotherdevice
thathasanIPaddress.
Syntax: telnet<ipv4-addr|ipv6-addr|hostname|switch-num>
Initiatesanoutboundtelnetsessiontoanothernetwork
device.Thedestinationcanbespecifiedas:
IPv4address
IPv6address
Hostname
Stacknumberofamemberswitch(1-16)ifthe
switchisacommanderinastackandstackingis
enabled
Forexample,ifthehostLabswitchisinthedomainabc.com,youcanenter
thefollowingcommandandthedestinationisresolvedto
Labswitch.abc.com.
ProCurve(config)#telnetLabswitch
Youcanalsoenterthefulldomainnameinthecommand:
ProCurve(config)#telnetLabswitch.abc.com
YoucanusetheshowtelnetcommandtodisplaytheresolvedIPaddress.
7-6
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Pr oCur ve( conf i g) # show t el net
Tel net Act i vi t y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Sessi on : ** 1
Pr i vi l ege: Manager
Fr om : Consol e
To :
Sessi on : ** 2
Pr i vi l ege: Manager
Fr om : 12. 13. 14. 10
To : 15. 33. 66. 20
Sessi on : ** 3
Pr i vi l ege: Oper at or
Fr om : 2001: db7: 5: 0: 203: 4f f : f e0a: 251
To : 2001: db7: 5: 0: 203: 4f f 1: f ddd: 12
Figure7-3. ExampleofshowtelnetCommandDisplayingResolvedIPAddresses
ReconfigureWebBrowserAccess.Inthedefaultconfiguration,web
browseraccessisenabled.
Syntax: [no]web-management
Todisablewebbrowseraccess:
Pr oCur ve( conf i g) # no web- management
Tore-enablewebbrowseraccess:
Pr oCur ve( conf i g) # web- management
ReconfiguretheConsole/SerialLinkSettings.Youcanreconfigureone
ormoreconsoleparameterswithoneconsolecommand.
Syntax: console
[terminal<vt100|ansi|none>]
[screen-refresh<1|3|5|10|20|30|45|60>]
[baud-rate
<speed-sense|1200|2400|4800|9600|19200|38400|57600|
1155200>]
[flow-control<xon/xoff|none>]
7-7
[inactivity-timer<0|1| 5|10|15|20|30|60|120>]
[events<none|all|non-info|critical|debug]
[local-terminal<vt100|none|ansi>]
Not e IfyouchangetheBaudRateorFlowControlsettingsfortheswitch,you
shouldmakethecorrespondingchangesinyourconsoleaccessdevice.Other-
wise,youmayloseconnectivitybetweentheswitchandyourterminal
emulatorduetodifferencesbetweentheterminalandswitchsettingsforthese
twoparameters.
Allconsoleparameterchangesexcepteventsandinactivity-timerrequirethat
yousavetheconfigurationwithwritememoryandthenexecutebootbeforethe
newconsoleconfigurationwilltakeeffect.
Forexample,touseonecommandtoconfiguretheswitchwiththefollowing:
VT100operation
19,200baud
Noflowcontrol
Criticallogevents
youwouldusethefollowingcommandsequence:
Pr oCur ve( conf i g) # consol e t er mi nal vt 100 baud- r at e 19200 f l ow- cont r ol none
event s cr i t i cal
Command wi l l t ake ef f ect af t er savi ng conf i gur at i on and r eboot
Pr oCur ve( conf i g) # wr i t e memor y
Pr oCur ve( conf i g) # r el oad
TheswitchimplementstheEventLogchangeimmediately.Theswitchimplements
theotherconsolechangesafterexecutingwritememoryandreload.
Figure7-4. ExampleofExecutingtheConsoleCommandwithMultipleParameters
7-8
DenyingInterfaceAccessbyTerminatingRemoteManagementSessions
Youcanalsoexecuteaseriesofconsolecommandsandthensavethe
configurationandboottheswitch.Forexample:
Pr oCur ve( conf i g) # consol e baud- r at e speedsense
Command wi l l t ake ef f ect af t er savi ng conf i gur at i on and r eboot
Pr oCur ve( conf i g) # consol e f l ow- cont r ol xon/ xof f
Command wi l l t ake ef f ect af t er savi ng conf i gur at i on and r eboot parameters.
Pr oCur ve( conf i g) # r el oad
Savethe
changes.
Bootthe
switch.
Configure
the
individual
Figure7-5. ExampleofExecutingaSeriesofConsoleCommands
DenyingInterfaceAccessbyTerminating
RemoteManagementSessions
Theswitchsupportsuptofivemanagementsessions.Youcanuseshowipssh
tolistthecurrentmanagementsessions,andkilltoterminateacurrently
runningremotesession.(KilldoesnotterminateaConsolesessiononthe
serialport,eitherthroughadirectconnectionorviaamodem.Itdoesnot
affecttheconsoleonthestandbymodule.)
Syntax: kill[<session-number>]
Forexample,ifyouareusingtheswitchsserialportforaconsolesessionand
wanttoterminateacurrentlyactiveTelnetsession,youwoulddothe
following:
7-9
Session2isanactive
Telnetsession.
DenyingInterfaceAccessbyTerminatingRemoteManagementSessions
Thekill2command
terminatessession2.
Session2isanactive
Telnetsession.
Figure7-6. ExampleofUsingtheKillCommandToTerminateaRemoteSession
7-10
SystemInformation
SystemInformation
SystemInformationFeatures
SystemName switchproduct
name
page
7-12
page
7-14
page
7-17
SystemContact n/a page
7-12
page
7-14
page
7-17
SystemLocation n/a page
7-12
page
7-14
page
7-17
MACAgeTime 300seconds page
7-12
page
7-16
TimeSyncMethod None SeeChapter9,TimeProtocols.

TimeZone 0 page
7-12
page
7-16
DaylightTimeRule None page

7-12
page
7-16
Time January1,1990at
00:00:00atlast
powerreset
page
7-16
Configuringsysteminformationisoptional,butrecommended.
SystemName:Usingauniquenamehelpsyoutoidentifyindividualdevices
whereyouareusinganSNMPnetworkmanagementtoolsuchasProCurve
Manager.
SystemContactandLocation:Thisinformationishelpfulforidentifying
thepersonadministrativelyresponsiblefortheswitchandforidentifyingthe
locationsofindividualswitches.
MACAgeTime:ThenumberofsecondsaMACaddresstheswitchhas
learnedremainsintheswitchsaddresstablebeforebeingagedout(deleted).
Agingoutoccurswhentherehasbeennotrafficfromthedevicebelongingto
thatMACaddressfortheconfiguredinterval.
TimeSyncMethod:Selectsthemethod(TimePorSNTP)theswitchwilluse
fortimesynchronization.Formoreonthistopic,refertoChapter9,Time
Protocols.
7-11
SystemInformation
TimeZone:ThenumberofminutesyourtimezonelocationistotheWest(+)
orEast(-)ofCoordinatedUniversalTime(formerlyGMT).Thedefault0
meansnotimezoneisconfigured.Forexample,thetimezoneforBerlin,
Germanyis+60(minutes)andthetimezoneforVancouver,Canadais-480
(minutes).
DaylightTimeRule:Specifiesthedaylightsavingstimeruletoapplyforyour
location.ThedefaultisNone.(Formoreonthistopic,refertoAppendixD,
DaylightSavingsTimeonProCurveSwitches.)
Time:UsedintheCLItospecifythetimeofday,thedate,andothersystem
parameters.
Menu:ViewingandConfiguringSystemInformation
Toaccessthesysteminformationparameters:
1. FromtheMainMenu,Select...
1.SystemInformation
SystemInformation
Figure7-7. TheSystemInformationConfigurationScreen(DefaultValues)
Not e Tohelpsimplifyadministration,itisrecommendedthatyouconfigure
SystemNametoacharacterstringthatismeaningfulwithinyoursystem.
7-12

SystemInformation
3. Refertotheonlinehelpprovidedwiththisscreenforfurtherinformation
[Enter],thenpress[S](forSave)andreturntotheMainMenu.
CLI:ViewingandConfiguringSystemInformation
SystemInformationCommandsUsedinThisSection
showsysteminformation below
hostname below
snmp-server below
[contact][location]
mac-age-time page7-16
time
timezone page7-16
daylight-time-rule page7-16
date page7-16
time
ListingtheCurrentSystemInformation.Thiscommandliststhecurrent
systeminformationsettings.
Syntax: showsysteminformation
Thisexampleshowstheswitchsdefaultconsoleconfiguration.
Pr oCur ve# show syst emi nf or mat i on
St at us and Count er s - Gener al Syst emI nf or mat i on
Syst emName : Pr oCur ve
Syst emCont act :
Syst emLocat i on :
MAC Age Ti me ( sec) : 300
Ti me Zone : 0
Dayl i ght Ti me Rul e : None
Figure7-8. ExampleofCLISystemInformationListing
7-13
SystemInformation
ConfigureaSystemName,Contact,andLocationfortheSwitch.To
helpdistinguishoneswitchfromanother,configureaplain-languageidentity
fortheswitch.
Syntax: hostname<name-string>
snmp-server[contact<system-contact>][location<system-location>]
Eachfieldallowsupto255characters.
Forexample,tonametheswitchBluewithNext-4474asthesystem
contact,andNorth-Data-Roomasthelocation:
Newhostname,contact,
andlocationdatafrom
previouscommands.
AdditionalSystem
Information
Figure7-9. SystemInformationListingAfterExecutingthePrecedingCommands
Themenuinterfacewillonlydisplayupto47charactersalthoughyoucan
specifyanameupto255charactersinlength.Amessagebeginningwith+
displaysifthenameexceeds47characters.YoucanusetheCLIshowrunning,
showconfig,orshowsysteminformationcommandstoseethecompletetext.
ThemenuinterfaceisshowninFigure7-10.
7-14

SystemInformation
MENU
Pr oCur ve Swi t ch 2910al 24- Oct - 2006 12: 41: 47
===========================- TELNET - MANAGER MODE ===========================
Swi t ch Conf i gur at i on - Syst emI nf or mat i on
Syst emName : Bl ue Swi t ch
Syst emCont act : Bi l l _Smi t h
Syst emLocat i on : + char act er s of t he l ocat i on ar e mi ssi ng. I t s t oo l ong.
I nact i vi t y Ti meout ( mi n) [ 0] : 0 MAC Age Ti me ( sec) [ 300] : 300
I nbound Tel net Enabl ed [ Yes] : Yes Web Agent Enabl ed [ Yes] : Yes
Ti me Sync Met hod [ None] : TI MEP
Ti meP Mode [ Di sabl ed] : Di sabl ed
Tf t p- enabl e [ Yes] : Yes
Ti me Zone [ 0] : 0
Dayl i ght Ti me Rul e [ None] : None
Act i ons- > Cancel Edi t Save Hel p
Cancel changes and r et ur n t o pr evi ous scr een.
Use ar r ow keys t o change act i on sel ect i on and <Ent er > t o execut e act i on.
Figure7-10. MenuScreenShowingSystemInformation
TheWebBrowserinterfacealsoallowsyoutoenteramaximumof255
characters.Youcanviewallthecharactersbyusingthecursortoscroll
throughthefield.
Figure7-11. SystemLocationandSystemContactintheWebBrowser
7-15
SystemInformation
ReconfiguretheMACAgeTimeforLearnedMACAddresses.This
commandcorrespondstotheMACAgeIntervalinthemenuinterface,andis
expressedinseconds.
Syntax: mac-age-time<10-1000000>(seconds)
AllowsyoutosettheMACaddresstablesage-outinterval.An
addressisagedoutiftheswitchdoesnotreceivetrafficfromthat
MACaddressfortheage-outinterval,measuredinseconds.
Default:300seconds.
Forexample,toconfiguretheagetimetosevenminutes:
ProCurve(config)# mac-age-time 420
ConfiguretheTimeZoneandDaylightTimeRule. Thesecommands:
Setthetimezoneyouwanttouse
Definethedaylighttimeruleforkeepingthecorrecttimewhendaylight-
saving-timeshiftsoccur.
Syntax: time timezone<-720-840>
timedaylight-time-rule<none|alaska|continental-us-and-canada|
middle-europe-and-portugal|southern-hemisphere|western-europe|
user-defined>
Eastofthe0meridian,thesignis+.Westofthe0meridian,thesignis-.
Forexample,thetimezonesettingforBerlin,Germanyis+60(zone+1,or60
minutes),andthetimezonesettingforVancouver,Canadais-480(zone-8,or
-480minutes).ToconfigurethetimezoneanddaylighttimeruleforVancouver,
Canada:
Pr oCur ve(config)# time timezone -480
daylight-time-rule continental-us-and-canada
ConfiguretheTimeandDate.Theswitchusesthetimecommandto
configureboththetimeofdayandthedate.Also,executingtimewithout
parametersliststheswitchstimeofdayanddate.NotethattheCLIusesa24-
hourclockscheme;thatis,hour(hh)valuesfrom1p.m.tomidnightareinput
as13-24,respectively.
Syntax: time[hh:mm[:ss]][mm/dd/[yy]yy]
Forexample,tosettheswitchto9:45a.m.onNovember17,2002:
Pr oCur ve(config)# time 9:45 11/17/02
7-16
SystemInformation
Not e Executingreloadorbootresetsthetimeanddatetotheirdefaultstartupvalues.
Web:ConfiguringSystemParameters
Inthewebbrowserinterface,youcanenterthefollowingsysteminformation:
SystemName
SystemLocation
SystemContact
ForaccesstotheMACAgeIntervalandtheTimeparameters,usethemenu
interfaceortheCLI.
ConfigureSystemParametersintheWebBrowserInterface.
1. ClickontheConfigurationtab.
2. Clickon[SystemInfo].
3. Enterthedatayouwantinthedisplayedfields.
4. Implementyournewdatabyclickingon[ApplyChanges].
Toaccesstheweb-basedhelpprovidedfortheswitch,clickon[?]intheweb
browserscreen.
7-17
SystemInformation
7-18
8
ConfiguringIPAddressing
Contents
Overview ..................................................... 8-2
IPConfiguration .............................................. 8-2
JustWantaQuickStartwith IPAddressing? .................... 8-3
IPAddressingwithMultipleVLANs............................ 8-4
Menu:ConfiguringIPAddress,Gateway,andTime-To-Live(TTL) .. 8-5
CLI:ConfiguringIPAddress,Gateway,andTime-To-Live(TTL) .... 8-6
Web:ConfiguringIPAddressing .............................. 8-10
HowIPAddressingAffectsSwitch Operation................... 8-11
DHCP/BootpOperation.................................. 8-12
NetworkPreparationsforConfiguringDHCP/Bootp ......... 8-14
LoopbackInterfaces.......................................... 8-15
Introduction ............................................... 8-15
ConfiguringaLoopbackInterface ............................ 8-16
DisplayingLoopbackInterfaceConfigurations.................. 8-17
AddressingAcrossConfigurationFileDownloads .............. 8-20
OperatingRulesforIPPreserve .............................. 8-20
EnablingIPPreserve........................................ 8-20
8-1
Overview
Overview
YoucanconfigureIPaddressingthroughalloftheswitchsinterfaces.Youcan
also:
Easilyeditaswitchconfigurationfiletoallowdownloadingthefileto
multipleswitcheswithoutoverwritingeachswitchsuniquegatewayand
VLAN1IPaddressing.
Assignupto32IPaddressestoaVLAN(multinetting).
WhyConfigureIPAddressing?Initsfactorydefaultconfiguration,the
switchoperatesasamultiportlearningbridgewithnetworkconnectivity
providedbytheportsontheswitch.However,toenablespecificmanagement
accessandcontrolthroughyournetwork,youwillneedIPaddressing.Table
8-1onpage8-11showstheswitchfeaturesthatdependonIPaddressingto
operate.
IPConfiguration
IPConfigurationFeatures
IPAddressandSubnetMask DHCP/Bootp page8-5 page8-6 page8-10
MultipleIPAddressesonaVLAN n/a page8-8
DefaultGatewayAddress none page8-5 page8-6 page8-10
PacketTime-To-Live(TTL) 64seconds page8-5 page8-6
TimeServer(Timep) DHCP page8-5 page8-6
IPAddressandSubnetMask. ConfiguringtheswitchwithanIPaddress
expandsyourabilitytomanagetheswitchanduseitsfeatures.Bydefault,the
switchisconfiguredtoautomaticallyreceiveIPaddressingonthedefault
VLANfromaDHCP/Bootpserverthathasbeenconfiguredcorrectlywith
informationtosupporttheswitch.(RefertoDHCP/BootpOperationonpage
8-12forinformationonsettingupautomaticconfigurationfromaserver.)
However,ifyouarenotusingaDHCP/BootpservertoconfigureIPaddressing,
8-2
IPConfiguration
usethemenuinterfaceortheCLItomanuallyconfiguretheinitialIPvalues.
Afteryouhavenetworkaccesstoadevice,youcanusethewebbrowser
interfacetomodifytheinitialIPconfigurationifneeded.
ForinformationonhowIPaddressingaffectsswitchoperation,refertoHow
IPAddressingAffectsSwitchOperationonpage8-11.
Multinetting:AssigningMultipleIPAddressestoaVLAN. Foragiven
VLANyoucanassignupto32IPaddresses.Thisallowsyoutocombinetwo
ormoresubnetsonthesameVLAN,whichenablesdevicesinthecombined
subnetstocommunicatenormallythroughthenetworkwithoutneedingto
reconfiguretheIPaddressinginanyofthecombinedsubnets.
DefaultGatewayOperation.Thedefaultgatewayisrequiredwhena
routerisneededfortaskssuchasreachingoff-subnetdestinationsorforward-
ingtrafficacrossmultipleVLANs.ThegatewayvalueistheIPaddressofthe
next-hopgatewaynodefortheswitch,whichisusediftherequesteddestina-
tionaddressisnotonalocalsubnet/VLAN.Iftheswitchdoesnothavea
manually-configureddefaultgatewayandDHCP/Bootpisconfiguredonthe
primaryVLAN,thenthedefaultgatewayvalueprovidedbytheDHCPorBootp
serverwillbeused.Iftheswitchhasamanuallyconfigureddefaultgateway,
thentheswitchuseshisgateway,evenifadifferentgatewayisreceivedvia
DHCPorBootpontheprimaryVLAN.Thisisalsotrueformanuallyconfigured
TimeP,SNTP,andTime-To-Live(TTL).(Inthedefaultconfiguration,VLAN1
isthePrimaryVLAN.)RefertotheinformationonPrimaryVLANsinthe
AdvancedTrafficManagementGuideforyourswitch.
PacketTime-To-Live(TTL).Thisparameterspecifiesthemaximumnum-
berofrouters(hops)throughwhichapacketcanpassbeforebeingdiscarded.
EachrouterdecreasesapacketsTTLby1beforeforwardingthepacket.If
decreasingtheTTLcausestheTTLtobe0,therouterdropsthepacketinstead
offorwardingit.Inmostcases,thedefaultsetting(64)isadequate.
JustWantaQuickStartwithIPAddressing?
IfyoujustwanttogivetheswitchanIPaddresssothatitcancommunicate
onyournetwork,orifyouarenotusingVLANs,ProCurverecommendsthat
youusetheSwitchSetupscreentoquicklyconfigureIPaddressing.Todoso,
dooneofthefollowing:
EntersetupattheCLIManagerlevelprompt.
Pr oCur ve# setup
Select8.RunSetupintheMainMenuofthemenuinterface.
8-3
IPConfiguration
Not es
FormoreonusingtheSwitchSetupscreen,refertotheInstallationand
GettingStartedGuideyoureceivedwiththeswitch.
IPAddressingwithMultipleVLANs
Inthefactory-defaultconfiguration,theswitchhasone,permanentdefault
VLAN(namedDEFAULT_VLAN)thatincludesallportsontheswitch.Thus,
whenonlythedefaultVLANexistsintheswitch,ifyouassignanIPaddress
andsubnetmasktotheswitch,youareactuallyassigningtheIPaddressing
totheDEFAULT_VLAN.
IfmultipleVLANsareconfigured,theneachVLANcanhaveitsownIP
address.ThisisbecauseeachVLANoperatesasaseparatebroadcast
domainandrequiresauniqueIPaddressandsubnetmask.Adefault
gateway(IP)addressfortheswitchisoptional,butrecommended.
Inthefactory-defaultconfiguration,thedefaultVLAN(named
DEFAULT_VLAN)istheswitchsprimaryVLAN.Theswitchusesthe
primaryVLANforlearningthedefaultgatewayaddress.Theswitchcan
alsolearnothersettingsfromaDHCPorBootpserver,suchas(packet)
Time-To-Live(TTL),andTimeporSNMPsettings.(OtherVLANscanalso
useDHCPorBootPtoacquireIPaddressing.However,theswitchs
gateway,TTL,andTimePorSNTPvalues,whichareappliedglobally,and
notper-VLAN,willbeacquiredthroughtheprimaryVLANonly,unless
manuallysetbyusingtheCLI,Menu,orwebbrowserinterface.(Ifthese
parametersaremanuallyset,theywillnotbeoverwrittenbyalternate
valuesreceivedfromaDHCPorBootpserver.)FormoreonVLANs,refer
tothechaptertitledStaticVirtualLANsintheAdvancedTrafficMan-
agementGuideforyourswitch.
TheIPaddressingusedintheswitchshouldbecompatiblewithyour
network.Thatis,theIPaddressmustbeuniqueandthesubnetmaskmust
beappropriateforyourIPnetwork.
IfyouchangetheIPaddressthrougheitherTelnetaccessortheweb
browserinterface,theconnectiontotheswitchwillbelost.Youcan
reconnectbyeitherrestartingTelnetwiththenewIPaddressorentering
thenewaddressastheURLinyourwebbrowser.
8-4
IPConfiguration
Menu:ConfiguringIPAddress,Gateway,andTime-To-
Live(TTL)
Dooneofthefollowing:
TomanuallyenteranIPaddress,subnetmask,settheIPConfigparameter
toManualandthenmanuallyentertheIPaddressandsubnetmaskvalues
youwantfortheswitch.
TouseDHCPorBootp,usethemenuinterfacetoensurethattheIPConfig
parameterissettoDHCP/Bootp,thenrefertoDHCP/BootpOperationon
page8-12.
ToConfigureIPAddressing.
1. FromtheMainMenu,Select.
5.IPConfiguration
Not es IfmultipleVLANsareconfigured,ascreenshowingallVLANsappearsinstead
ofthefollowingscreen.
TheMenuinterfacedisplaystheIPaddressforanyVLAN.IfyouusetheCLI
toconfiguretheIPaddressonaVLAN,usetheCLIshowipcommandtolist
them.(RefertoViewingtheCurrentIPConfigurationonpage8-6.)
Fordescriptionsofthese
parameters,seethe
onlineHelpforthis
screen.
BeforeusingtheDHCP/
Bootpoption,referto
DHCP/Bootp
Operationonpage8-12.
Figure8-1.ExampleoftheIPServiceConfigurationScreenwithoutMultiple
VLANsConfigured
2. Press[E](forEdit).
8-5
IPConfiguration
3. Iftheswitchneedstoaccessarouter,forexample,toreachoff-subnet
destinations,selecttheDefaultGatewayfieldandentertheIPaddressof
thegatewayrouter.
4. IfyouneedtochangethepacketTime-To-Live(TTL)setting,selectDefault
TTLandtypeinavaluebetween2and255.
5. ToconfigureIPaddressing,selectIPConfiganddooneofthefollowing:
IfyouwanttohavetheswitchretrieveitsIPconfigurationfroma
DHCPorBootpserver,attheIPConfigfield,keepthevalueasDHCP/
Bootpandgotostep8.
IfyouwanttomanuallyconfiguretheIPinformation,usetheSpace
bartoselectManualandusethe[Tab]keytomovetotheotherIP
configurationfields.
6. SelecttheIPAddressfieldandentertheIPaddressfortheswitch.
7. SelecttheSubnetMaskfieldandenterthesubnetmaskfortheIPaddress.
8. Press[Enter],then[S](forSave).
CLI:ConfiguringIPAddress,Gateway,andTime-To-
Live(TTL)
IPCommandsUsedinThisSection Page
showip 8-6
ipaddress<mask-length> 8-7,8-8
ipaddress/<mask-bits> 8-7,8-8
ipdefault-gateway 8-10
ipttl 8-10
ViewingtheCurrentIPConfiguration.
Syntax:showip
ThiscommanddisplaystheIPaddressingforeachVLAN
configuredintheswitch.IfonlytheDEFAULT_VLANexists,
thenitsIPconfigurationappliestoallportsintheswitch.
WheremultipleVLANsareconfigured,theIPaddressingis
listedperVLAN.Thedisplayincludesswitch-widepacket
time-to-live,and(ifconfigured)theswitchsdefaultgateway
andTimepconfiguration.
8-6
IPConfiguration
(YoucanalsousetheshowmanagementcommandtodisplaytheIPaddressing
andtimeserverIPaddressingconfiguredontheswitch.Refertofigure
9-6onpage9-10.)
Forexample,inthefactory-defaultconfiguration(noIPaddressingassigned),
theswitchsIPaddressingappearsas:
TheDefaultIP
Configuration
Figure8-2.ExampleoftheSwitchsDefaultIPAddressing
WithmultipleVLANsandsomeotherfeaturesconfigured,showipprovides
additionalinformation:
ASwitchwithIP
Addressingand
VLANsConfigured
Figure8-3.ExampleofShowIPListingwithNon-DefaultIPAddressingConfigured
ConfigureanIPAddressandSubnetMask.Thefollowingcommand
includesboththeIPaddressandthesubnetmask.Youmusteitherincludethe
IDoftheVLANforwhichyouareconfiguringIPaddressingorgotothe
contextconfigurationlevelforthatVLAN.(IfyouarenotusingVLANsonthe
switchthatis,iftheonlyVLANisthedefaultVLANthentheVLANIDis
always1.)
8-7
IPConfiguration
Not e ThedefaultIPaddresssettingfortheDEFAULT_VLANisDHCP/Bootp.On
additionalVLANsyoucreate,thedefaultIPaddresssettingisDisabled.
Syntax: [no]vlan<vlan-id>ipaddress<ip-address/mask-length>
or
[no]vlan<vlan-id>ipaddress<ip-address><mask-bits>
or
vlan<vlan-id>ipaddressdhcp-bootp
ThisexampleconfiguresIPaddressingonthedefaultVLANwiththesubnet
maskspecifiedinmaskbits.
ProCurve(config)# vlan 1 ip address 10.28.227.103 255.255.255.0
ThisexampleconfiguresthesameIPaddressingastheprecedingexample,
butspecifiesthesubnetmaskbymasklength.
Pr oCur ve( conf i g) # vl an 1 i p addr ess 10. 28. 227. 103/ 24
ThisexampledeletesanIPaddressconfiguredinVLAN1.
ProCurve (config) no vlan 1 ip address 10.28.227.103/24
ConfigureMultipleIPAddressesonaVLAN(Multinetting).Thefol-
lowingissupported:
Upto2048IPaddressesfortheswitch
Upto32IPaddressesforthesameVLAN
Upto256IPVLANs,thatis,VLANsonwhichyoucanconfigureIP
addresses
EachIPaddressonaVLANmustbeforaseparatesubnet,whetheronthe
sameVLANordifferentVLANs.
Syntax: [no]vlan<vlan-id>ipaddress<ip-address/mask-length>
[no]vlan<vlan-id>ipaddress<ip-address><mask-bits>
Forexample,ifyouwantedtomultinetVLAN_20(VID=20)withtheIP
addressesshownbelow,youwouldperformstepssimilartothefollowing.
(Forthisexample,assumethatthefirstIPaddressisalreadyconfigured.)
IPAddress VID IPAddress SubnetMask
1staddress 20 10.25.33.101 255.255.240.0
2ndaddress 20 10.26.33.101 255.255.240.0
3rdaddress 20 10.27.33.101 255.255.240.0
8-8
IPConfiguration
1.GotoVLAN20.
2.Configuretwoadditional
IPaddressesonVLAN
20.
3.DisplayIPaddressing.
Figure8-4.ExampleofConfiguringandDisplayingaMultinettedVLAN
IfyouthenwantedtomultinetthedefaultVLAN,youwoulddothefollowing:
Figure8-5.ExampleofMultinettingontheDefaultVLAN
Not e TheInternet(IP)ServicescreenintheMenuinterface(figure8-1onpage8-5)
displaysthefirstIPaddressforeachVLAN.YoumustusetheCLIshowip
commandtodisplaythefullIPaddresslistingformultinettedVLANs.
8-9
IPConfiguration
Note
RemovingorReplacingIPAddressesinaMultinettedVLAN. To
removeanIPaddressfromamultinettedVLAN,usethenoformoftheIP
addresscommandshownonpage8-8.Generally,toreplaceoneIPaddress
withanother,youshouldfirstremovetheaddressyouwanttoreplace,and
thenenterthenewaddress.
ConfiguretheOptionalDefaultGateway. UsingtheGlobalconfigura-
tionlevel,youcanmanuallyassignonedefaultgatewaytotheswitch.(The
switchdoesnotallowIPaddressingreceivedfromaDHCPorBootpserver
toreplaceamanuallyconfigureddefaultgateway.)
Syntax: ipdefault-gateway<ip-address>
Forexample:
Pr oCur ve( conf i g) # i p def aul t - gat eway 10. 28. 227. 115
TheswitchusestheIPdefaultgatewayonlywhileoperatingasaLayer2
device.Whileroutingisenabledontheswitch,theIPdefaultgatewayisnot
used.Thus,toavoidlossofTelnetaccesstooff-subnetmanagementstations,
youshouldusetheiproutecommandtoconfigureastatic(default)route
beforeenablingrouting.Formoreinformation,refertothechaptertitledIP
RoutingFeaturesintheMulticastandRoutingGuideforyourswitch.
ConfigureTime-To-Live(TTL).Themaximumnumberofrouters(hops)
throughwhichapacketcanpassbeforebeingdiscarded.(Thedefaultis64.)
EachrouterdecreasesapacketsTTLby1beforeforwardingthepacket.Ifa
routerdecreasestheTTLto0,therouterdropsthepacketinsteadofforward-
ingit.
Syntax: ipttl<number-of-hops>
Pr oCur ve( conf i g) # i p t t l 60
IntheCLI,youcanexecutethiscommandonlyfromtheglobalconfiguration
level.TheTTLdefaultis64,andtherangeis2-255.
Web:ConfiguringIPAddressing
YoucanusethewebbrowserinterfacetoaccessIPaddressingonlyifthe
switchalreadyhasanIPaddressthatisreachablethroughyournetwork.
2. Clickon[IPConfiguration].
8-10
IPConfiguration
3. Ifyouneedfurtherinformationonusingthewebbrowserinterface,click
on[?]toaccesstheweb-basedhelpavailablefortheswitch.
HowIPAddressingAffectsSwitchOperation
WithoutanIPaddressandsubnetmaskcompatiblewithyournetwork,the
switchcanbemanagedonlythroughadirectterminaldeviceconnectionto
theConsoleRS-232port.Youcanusedirect-connectconsoleaccesstotake
advantageoffeaturesthatdonotdependonIPaddressing.However,torealize
thefullcapabilitiesProCurveproactivenetworkingoffersthroughtheswitch,
configuretheswitchwithanIPaddressandsubnetmaskcompatiblewith
yournetwork.Thefollowingtableliststhegeneralfeaturesavailablewithand
withoutanetwork-compatibleIPaddressconfigured.
Table8-1. FeaturesAvailableWithandWithoutIPAddressingontheSwitch
FeaturesAvailableWithoutanIPAddress AdditionalFeaturesAvailablewithanIPAddressand
SubnetMask
Direct-connectaccesstotheCLIandthemenuinterface.
DHCPorBootpsupportforautomaticIPaddress
configuration,andDHCPsupportforautomaticTimep
serverIPaddressconfiguration
MultipleSpanningTreeProtocol
Portsettingsandporttrunking
Console-basedstatusandcountersinformationfor
monitoringswitchoperationanddiagnosingproblems
throughtheCLIormenuinterface.
VLANsandGVRP
Serialdownloadsofsoftwareupdatesandconfiguration
files(Xmodem)
Linktest
Portmonitoring
Passwordauthentication
QualityofService(QoS)
AuthorizedIPmanagersecurity
Webbrowserinterfaceaccess,withconfiguration,
security,anddiagnostictools,plustheAlertLogfor
discoveringproblemsdetectedintheswitchalong
withsuggestedsolutions
SNMPnetworkmanagementaccesssuchas
ProCurveManagerfornetworkconfiguration,
monitoring,problem-findingandreporting,analysis,
andrecommendationsforchangestoincreasecontrol
anduptime
TACACS+,RADIUS,SSH,SSL,and802.1X
authentication
MultinettingonVLANs
TelnetaccesstotheCLIorthemenuinterface
IGMP
TimePandSNTPserverconfiguration
TFTPdownloadofconfigurationsandsoftware
updates
IProuting,MulticastRouting
Radius
Pingtest
8-11
IPConfiguration
Not e
Not e
DHCP/BootpOperation
Overview.DHCP/BootpisusedtoprovideconfigurationdatafromaDHCP
orBootpservertotheswitch.ThisdatacanbetheIPaddress,subnetmask,
defaultgateway,TimepServeraddress,andTFTPserveraddress.IfaTFTP
serveraddressisprovided,thisallowstheswitchtoTFTPapreviouslysaved
configurationfilefromtheTFTPservertotheswitch.WitheitherDHCPor
Bootp,theserversmustbeconfiguredpriortotheswitchbeingconnectedto
thenetwork.
TheswitchescoveredinthisguidearecompatiblewithbothDHCPandBootp
servers.
TheDHCP/BootpProcess.WhenevertheIPConfigparameterintheswitch
orinanindividualVLANintheswitchisconfiguredtoDHCP/Bootp(the
default),orwhentheswitchisrebootedwiththisconfiguration:
1. DHCP/Bootprequestsareautomaticallybroadcastonthelocalnetwork.
(TheswitchsendsonetypeofrequesttowhicheitheraDHCPorBootp
servercanrespond.)
2. WhenaDHCPorBootpserverreceivestherequest,itreplieswitha
previouslyconfiguredIPaddressandsubnetmaskfortheswitch.The
switchalsoreceivesanIPGatewayaddressiftheserverhasbeenconfig-
uredtoprovideone.InthecaseofBootp,theservermustfirstbe
configuredwithanentrythathastheswitchsMACaddress.(Todetermine
theswitchsMACaddress,refertoAppendixD,MACAddressManage-
ment.)Theswitchproperlyhandlesrepliesfromeithertypeofserver.If
multiplerepliesarereturned,theswitchtriestousethefirstreply.)
Ifyoumanuallyconfiguredefaultgateway,TTL,TimeP,and/orSNTPparam-
etersontheswitch,itignoresanyvaluesreceivedforthesameparametersvia
DHCPorBootp.
IftheswitchisinitiallyconfiguredforDHCP/Bootpoperation(thedefault),
orifitrebootswiththisconfiguration,itbeginssendingrequestpacketson
thenetwork.IftheswitchdoesnotreceiveareplytoitsDHCP/Bootprequests,
itcontinuestoperiodicallysendrequestpackets,butwithdecreasingfre-
quency.Thus,ifaDHCPorBootpserverisnotavailableoraccessibletothe
switchwhenDHCP/Bootpisfirstconfigured,theswitchmaynotimmediately
receivethedesiredconfiguration.Afterverifyingthattheserverhasbecome
accessibletotheswitch,reboottheswitchtore-starttheprocessimmediately.
8-12
IPConfiguration
DHCPOperation. AsignificantdifferencebetweenaDHCPconfiguration
andaBootpconfigurationisthatanIPaddressassignmentfromaDHCP
serverisautomatic.DependingonhowtheDHCPserverisconfigured,the
switchmayreceiveanIPaddressthatistemporarilyleased.Periodicallythe
switchmayberequiredtorenewitsleaseoftheIPconfiguration.Thus,theIP
addressingprovidedbytheservermaybedifferenteachtimetheswitch
rebootsorrenewsitsconfigurationfromtheserver.However,youcanfixthe
addressassignmentfortheswitchbydoingeitherofthefollowing:
Configuretheservertoissueaninfinitelease.
UsingtheswitchsMACaddressasanidentifier,configuretheserverwith
aReservationsothatitwillalwaysassignthesameIPaddresstothe
switch.(ForMACaddressinformation,refertoAppendixD,MAC
AddressManagement.)
Formoreinformationoneitheroftheseprocedures,refertothedocumenta-
tionprovidedwiththeDHCPserver.
BootpOperation.WhenaBootpserverreceivesarequestitsearchesits
BootpdatabaseforarecordentrythatmatchestheMACaddressintheBootp
requestfromtheswitch.Ifamatchisfound,theconfigurationdatainthe
associateddatabaserecordisreturnedtotheswitch.FormanyUnixsystems,
theBootpdatabaseiscontainedinthe/etc/bootptab file.IncontrasttoDHCP
operation,Bootpconfigurationsarealwaysthesameforaspecificreceiving
device.Thatis,theBootpserverrepliestoarequestwithaconfiguration
previouslystoredintheserveranddesignatedfortherequestingdevice.
BootpDatabaseRecordEntries.AminimalentryintheBootptablefile
/etc/bootptab toupdateanIPaddressandsubnetmasktotheswitchoraVLAN
configuredintheswitchwouldbesimilartothisentry:
8212swi t ch: \
ht =et her : \
ha=0030c1123456: \
i p=10. 66. 77. 88: \
sm=255. 255. 248. 0: \
gw=10. 66. 77. 1: \
hn: \
vm=r f c1048
AnentryintheBootptablefile / et c/ boot pt ab totelltheswitchorVLAN
wheretoobtainaconfigurationfiledownloadwouldbesimilartothisentry:
8212swi t ch: \
ht =et her : \
ha=0030c1123456: \
i p=10. 66. 77. 88: \
sm=255. 255. 248. 0: \
8-13
IPConfiguration
gw=10. 66. 77. 1: \
l g=10. 22. 33. 44: \
T144=swi t ch. cf g: \
vm=r f c1048
where:
8212switch isauser-definedsymbolicnametohelpyoufindthecorrectsectionofthe
bootptabfile.IfyouhavemultipleswitchesthatwillbeusingBootptogettheir
IPconfiguration,youshoulduseauniquesymbolicnameforeachswitch.
ht isthehardwaretype.Fortheswitchescoveredinthisguide,enterether(for
Ethernet).Thistagmustprecedethehatag.
ha isthehardwareaddress.Usetheswitch's(orVLAN's)12-digitMACaddress.
ip istheIPaddresstobeassignedtotheswitch(orVLAN).
sm isthesubnetmaskofthesubnetinwhichtheswitch(orVLAN)isinstalled.
gw istheIPaddressofthedefaultgateway.
lg TFTPserveraddress(sourceoffinalconfigurationfile)
T144 isthevendor-specifictagidentifyingtheconfigurationfiletodownload.
vm isarequiredentrythatspecifiestheBootpreportformat.Userfc1048forthe
switchescoveredinthisguide.
Not e TheaboveBootptableentryisasamplethatwillworkfortheswitchwhen
theappropriateaddressesandfilenamesareused.
NetworkPreparationsforConfiguringDHCP/Bootp
Initsdefaultconfiguration,theswitchisconfiguredforDHCP/Bootpopera-
tion.However,theDHCP/BootpfeaturewillnotacquireIPaddressingforthe
switchunlessthefollowingtaskshavealreadybeencompleted:
ForBootpoperation:
ABootpdatabaserecordhasalreadybeenenteredintoanappropriate
Bootpserver.
Thenecessarynetworkconnectionsareinplace
TheBootpserverisaccessiblefromtheswitch
ForDHCPoperation:
ADHCPscopehasbeenconfiguredontheappropriateDHCPserver.
Thenecessarynetworkconnectionsareinplace
ADHCPserverisaccessiblefromtheswitch
8-14
LoopbackInterfaces
Not e DesignatingaprimaryVLANotherthanthedefaultVLANaffectstheswitchs
useofinformationreceivedviaDHCP/Bootp.Formoreonthistopic,referto
thechapterdescribingVLANsintheAdvancedTrafficManagementGuide
foryourswitch.
AfteryoureconfigureorreboottheswitchwithDHCP/Bootpenabledina
networkprovidingDHCP/Bootpservice,theswitchdoesthefollowing:
ReceivesanIPaddressandsubnetmaskand,ifconfiguredintheserver,
agatewayIPaddressandtheaddressofaTimepserver.
IftheDHCP/Bootpreplyprovidesinformationfordownloadingaconfig-
urationfile,theswitchusesTFTPtodownloadthefilefromthedesignated
source,thenrebootsitself.(ThisassumesthattheswitchorVLANhas
connectivitytotheTFTPfileserverspecifiedinthereply,thattheconfig-
urationfileiscorrectlynamed,andthattheconfigurationfileexistsinthe
TFTPdirectory.)
LoopbackInterfaces
Thissectiondescribeshowtoconfigureanduseuser-definedloopbackinter-
facesontheswitch.
Introduction
Bydefault,eachswitchhasaninternalloopbackinterface(lo0)withtheIP
address127.0.0.1.ThisIPaddressisusedonlyforinternaltraffictransmitted
withintheswitchandisnotusedinpacketheadersinegresstrafficsentto
networkdevices.
Youcanconfigureuptosevenotherloopbackinterfaces(lo1,lo2,lo3,andso
on)ontheswitchtousetotransmitnetworktrafficacrossthenetwork.Each
loopbackinterfacecanhavemultipleIPaddresses.Routingprotocols,such
asRIP,advertisetheconfiguredloopbackaddressesthroughoutanetworkor
autonomoussystem.
User-definedloopbackaddressesprovidethefollowingbenefits:
Aloopbackinterfaceisavirtualinterfacethatisalwaysupandreachable
aslongasatleastoneoftheIPinterfacesontheswitchisoperational.As
aresult,aloopbackinterfaceisusefulfordebuggingtaskssinceitsIP
addresscanalwaysbepingedifanyotherswitchinterfaceisup.
8-15
LoopbackInterfaces
YoucanusealoopbackinterfacetoestablishaTelnetsession,pingthe
switch,andaccesstheswitchthroughSNMP,SSH,andHTTP(web
interface).
AloopbackIPaddresscanbeusedbyroutingprotocols.
ConfiguringaLoopbackInterface
Toconfigurealoopbackinterface,entertheinterfaceloopbackcommandat
theglobalconfigurationleveloftheCLI:
Syntax: [no]interfaceloopback<number>
Createsaloopbackinterface,where<number>isavaluefrom
1to7.Usethenoformofthecommandtoremovetheloopback
interface.
Note: Youcannotremovethedefaultloopbackinterface
(number0)withIPaddress127.0.0.1.
Youcanconfigureuptothirty-twoIPaddressesonaloopbackinterface.To
configureanIPaddressfortheloopbackinterface,entertheipaddress<ip-
address>commandattheloopbackinterfaceconfigurationlevelasshownin
thefollowingexample.
NotethatwhenyouconfigureanIPaddressforaloopbackinterface,youdo
notspecifyanetworkmask.Thedefaultsubnetmask255.255.255.255isused.
Pr oCur ve( conf i g) # i nt er f ace l oopback 1
Pr oCur ve ( l o1) # i p addr ess 10. 1. 1. 1
Figure8-6.ExampleofaLoopbackInterfaceConfiguration
Not es YoucanconfigurealoopbackinterfaceonlyfromtheCLI;youcannot
configurealoopbackinterfacefromthewebmanagementorMenuinter-
face.
LoopbackinterfacessharethesameIPaddressspacewithVLANconfig-
urations.ThemaximumnumberofIPaddressessupportedonaswitchis
2048,whichincludesallIPaddressesconfiguredforbothVLANsand
loopbackinterfaces(exceptforthedefaultloopbackIPaddress
127.0.0.1).
EachIPaddressthatyouconfigureonaloopbackinterfacemustbe
uniqueintheswitch.Thismeansthattheaddresscannotbeusedbya
VLANinterfaceoranotherloopbackinterface.
8-16
LoopbackInterfaces
Forexample,ifyouconfigureaVLANwithIPaddress172.16.100.8/24,you
cannotconfigurealoopbackinterfacewithIPaddress172.16.100.8.Inthe
sameway,ifyouconfigurealoopbackinterface(lo1)withIPaddress
172.16.101.8,youcannotconfigureanotherloopbackinterface(lo2)with
IPaddress172.16.101.8.
YoucanconfiguremultipleIPaddressesonaloopbackinterface(lo0to
lo7).Uptothirty-twoIPaddressesaresupportedonaloopbackinterface.
ThefollowingexampleshowsvalidIPaddressconfigurationsontwo
loopbackinterfaces.
Pr oCur ve( conf i g) # i nt er f ace l oopback 0
Pr oCur ve ( l o0) # exi t
Pr oCur ve ( conf i g) # i nt er f ace l oopback 1
DisplayingLoopbackInterfaceConfigurations
TodisplaythelistofloopbackinterfaceswhichhavebeenassignedIP
addresses,entertheshowipcommand.
Intheshowipcommandoutput,informationaboutconfiguredloopback
interfacesisdisplayedbelowotherIPconfigurationparameters,suchas
packettime-to-live(TTL)andARPage-outvalues,andVLANIPconfigura-
tions.ThefollowingexampledisplaystheIPaddressesconfiguredfortwo
user-definedloopbackinterfaces(lo1andlo2).
8-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
LoopbackInterfaces
Pr oCur ve> show i p
I P Rout i ng : Enabl ed
Def aul t TTL : 64
ARP Age : 20
VLAN I P Conf i g I P Addr ess Subnet Mask Pr oxy ARP
DEFAULT_VLAN Manual 10. 0. 8. 121 255. 255. 0. 0 No
VLAN2 Manual 192. 168. 12. 1 255. 255. 255. 0 No
VLAN3 Di sabl ed
Loopback Addr esses
Loopback I P Conf i g I P Addr ess Subnet Mask
l o1 Manual 172. 16. 110. 2 255. 255. 255. 255
l o2 Manual 172. 16. 112. 2 255. 255. 255. 255
l o2 Manual 172. 16. 114. 1 255. 255. 255. 255
Figure8-7.ExampleofshowipCommandOutput
Not e Thedefaultloopbackinterface(lo0)withIPaddress127.0.0.1isnotdisplayed
intheshowipcommandoutputbecauseitispermanentlyconfiguredonthe
switch.Todisplaythedefaultloopbackaddress,entertheshowiproute
commandasshowninFigure8-8.
8-18

LoopbackInterfaces
TodisplaytheloopbackinterfacesconfiguredontheswitchinalistofIP
routingentriesdisplayedaccordingtodestinationIPaddress,entertheshow
iproutecommand.
Thefollowingexampledisplaystheconfigurationofthedefaultloopback
interface(lo0)andoneuser-definedloopbackinterface(lo2).
Pr oCur ve> show i p r out e
I P Rout e Ent r i es
I P Rout i ng : Enabl ed
Def aul t TTL : 64
ARP Age : 20
Dest i nat i on Gat eway VLAN Type Met r i c Di st
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
10. 0. 0. 0/ 16 DEFAULT_VLAN 1 connect ed 1 0
127. 0. 0. 0/ 8 r ej ect st at i c 0 0
127. 0. 0. 1/ 32 l o0 connect ed 1 0
172. 16. 10. 121/ 32 l o2 st at i c 1 0
172. 16. 102. 0/ 24 VLAN2 2 connect ed 1 0
Figure8-8.ExampleofshowiprouteCommandOutput
8-19
IPPreserve:RetainingVLAN-1IPAddressingAcrossConfigurationFileDownloads
AddressingAcrossConfigurationFile
Downloads
Fortheswitchescoveredinthisguide,IPPreserveenablesyoutocopya
configurationfiletomultipleswitcheswhileretainingtheindividualIP
addressandsubnetmaskonVLAN1ineachswitch,andtheGatewayIP
addressassignedtotheswitch.Thisenablesyoutodistributethesame
configurationfiletomultipleswitcheswithoutoverwritingtheirindividualIP
addresses.
OperatingRulesforIPPreserve
Whenippreserveisenteredasthelastlineinaconfigurationfilestoredona
TFTPserver:
IftheswitchscurrentIPaddressforVLAN1wasnotconfiguredbyDHCP/
Bootp,IPPreserveretainstheswitchscurrentIPaddress,subnetmask,
andIPgatewayaddresswhentheswitchdownloadsthefileandreboots.
Theswitchadoptsallotherconfigurationparametersintheconfiguration
fileintothestartup-configfile.
IftheswitchscurrentIPaddressingforVLAN1isfromaDHCPserver,
IPPreserveissuspended.Inthiscase,whateverIPaddressingtheconfig-
urationfilespecifiesisimplementedwhentheswitchdownloadsthefile
andreboots.IfthefileincludesDHCP/BootpastheIPaddressingsource
forVLAN1,theswitchwillconfigureitselfaccordinglyanduseDHCP/
Bootp.Ifinstead,thefileincludesadedicatedIPaddressandsubnetmask
forVLAN1andaspecificgatewayIPaddress,thentheswitchwill
implementthesesettingsinthestartup-configfile.
Theippreservestatementdoesnotappearinshowconfiglistings.Toverify
IPPreserveinaconfigurationfile,openthefileinatexteditorandview
thelastline.ForanexampleofimplementingIPPreserveinaconfigura-
tionfile,seefigure8-9,below.
EnablingIPPreserve
TosetupIPPreserve,entertheippreservestatementattheendofaconfigu-
rationfile.(NotethatyoudonotexecuteIPPreservebyenteringacommand
fromtheCLI).
8-20
; J 9146A Conf i gur at i on Edi t or ; Cr eat ed on r el ease #W. 14. 01
host name Pr oCur ve
t i me dayl i ght - t i me- r ul e None
.
.
Enteringippreserveinthelastlineofaconfiguration
.
fileimplementsIPPreservewhenthefileis
passwor d manager
passwor d oper at or
downloadedtotheswitchandtheswitchreboots.
i p pr eser ve
Figure8-9.ExampleofImplementingIPPreserveinaConfigurationFile
Forexample,considerFigure8-10:
Switch4
VLAN1:DHCP
Switch3
VLAN1:
10.31.22.103
Switch1
VLAN1:
10.31.22.101
DHCP
Server
Switch2
VLAN1:
10.31.22.102
config. IP
Address
Switches1through3copyandimplementtheconfig.txtfile
fromtheTFTPserver(figure8-11),butretaintheircurrentIP
Switch4alsocopiesandimplementsthe
config.txtfilefromtheTFTPserver(figure8-11),
butacquiresnewIPaddressingfromtheDHCP
TFTP
Server
Management
Station
Figure8-10.ExampleofIPPreserveOperationwithMultipleSeriesSwitches
Ifyouapplythefollowingconfigurationfiletofigure8-10,switches1-3will
retaintheirmanuallyassignedIPaddressingandswitch4willbeconfigured
toacquireitsIPaddressingfromaDHCPserver.
8-21
Pr oCur ve( conf i g) # show r un
host name " Pr oCur ve"
modul e 1 t ype J 8702A
t r unk A11- A12 Tr k1 Tr unk
i p def aul t - gat eway 10. 10. 10. 1
Usingfigure8-10,above,switches1-3ignorethese
entriesbecausethefileimplementsIPPreserveand
theircurrentIPaddressingwasnotacquiredthrough
DHCP/Bootp.
vl an 1
unt agged A1- A10, A13- A24, B1- B24, Tr k1
i p addr ess dhcp- boot p
Switch4ignoresIPPreserveandimplementsthe
exi t DHCP/BootpaddressingandIPGatewayspecifiedin
spanni ng- t r ee Tr k1 pr i or i t y 4
thisfile(becauseitslastIPaddressingwasacquired
passwor d manager
fromaDHCP/Bootpserver).
snmp- ser ver communi t y " publ i c" Unr est r i ct ed
Figure8-11.ConfigurationFileinTFTPServer,withDHCP/BootpSpecifiedastheIPAddressingSource
Ifyouapplythisconfigurationfiletofigure8-10,switches1-3willstillretain
theirmanuallyassignedIPaddressing.However,switch4willbeconfigured
withtheIPaddressingincludedinthefile.
8-22
Pr oCur ve# show r un
t r unk A11- A12 Tr k1 Tr unk
Becauseswitch4(figure8-10)
i p def aul t - gat eway 10. 10. 10. 1
receiveditsmostrecentIPaddressing
snmp- ser ver communi t y " publ i c" Unr est r i ct ed fromaDHCP/Bootpserver,theswitch
ignorestheippreservecommandand
vl an 1
implementstheIPaddressing
includedinthisfile.
unt agged A1, A7- A10, A13- A24, B1- B24, Tr k1
i p addr ess 10. 10. 10. 5 255. 255. 255. 0
t agged A4- A6
no unt agged A2- A3
exi t
vl an 2
name " VLAN2"
unt agged A2- A3
no i p addr ess
exi t
spanni ng- t r ee Tr k1 pr i or i t y 4
passwor d manager
Figure8-12.ConfigurationFileinTFTPServer,withDedicatedIPAddressingInsteadofDHCP/Bootp
TosummarizetheIPPreserveeffectonIPaddressing:
IftheswitchreceiveditsmostrecentVLAN1IPaddressingfromaDHCP/
Bootpserver,itignorestheIPPreservecommandwhenitdownloadsthe
configurationfile,andimplementswhateverIPaddressinginstructions
areintheconfigurationfile.
IftheswitchdidnotreceiveitsmostrecentVLAN1IPaddressingfroma
DHCP/Bootpserver,itretainsitscurrentIPaddressingwhenitdownloads
theconfigurationfile.
ThecontentofthedownloadedconfigurationfiledeterminestheIP
addressesandsubnetmasksforotherVLANs.
8-23
8-24
9
TimeProtocols
Contents
Overview ..................................................... 9-2
TimePTimeSynchronization ... ............................... 9-2
SNTPTimeSynchronization .................................. 9-2
SelectingaTimeSynchronizationProtocolorTurningOffTime
ProtocolOperation ............................................ 9-3
GeneralStepsforRunningaTimeProtocolontheSwitch: ........ 9-3
DisablingTimeSynchronization ............................... 9-3
SNTP:Viewing,Selecting,andConfiguring ..................... 9-4
Menu:ViewingandConfiguringSNTP . . ... ..................... 9-5
CLI:ViewingandConfiguringSNTP ... . ... ..................... 9-8
ViewingtheCurrentSNTPConfiguration.................... 9-8
Configuring(EnablingorDisabling)theSNTPMode ......... 9-10
TimeP:Viewing,Selecting,andConfiguring.................... 9-16
Menu:ViewingandConfiguringTimeP . ... .................... 9-17
CLI:ViewingandConfiguringTimeP .. . ....................... 9-18
ViewingtheCurrentTimePConfiguration .................. 9-19
Configuring(EnablingorDisabling)theTimePMode ........ 9-20
SNTPUnicastTimePollingwithMultipleSNTPServers ........ 9-25
DisplayingAllSNTPServerAddressesConfiguredontheSwitch .. 9-25
Addingand DeletingSNTPServerAddresses ................... 9-26
Configured................................................ 9-26
SNTPMessagesintheEventLog .............................. 9-26
9-1
TimeProtocols
Overview
Overview
Thischapterdescribes:
SNTPTimeProtocolOperation
TimepTimeProtocolOperation
Usingtimesynchronizationensuresauniformtimeamonginteroperating
devices.Thishelpsyoutomanageandtroubleshootswitchoperationby
attachingmeaningfultimedatatoeventanderrormessages.
TheswitchoffersTimePandSNTP(SimpleNetworkTimeProtocol)anda
timesynccommandforchangingthetimeprotocolselection(orturningoff
timeprotocoloperation).
Not es Althoughyoucancreateandsaveconfigurationsforbothtimeproto-
colswithoutconflicts,theswitchallowsonlyoneactivetimeprotocol
atanytime.
Inthefactory-defaultconfiguration,thetimesynchronizationoption
issettoTimeP,withtheTimePmodeitselfsettoDisabled.
TimePTimeSynchronization
YoucaneithermanuallyassigntheswitchtouseaTimePserveroruseDHCP
toassigntheTimePserver.Ineithercase,theswitchcangetitstimesynchro-
nizationupdatesfromonlyone,designatedTimepserver.Thisoption
enhancessecuritybyspecifyingwhichtimeservertouse.
SNTPTimeSynchronization
SNTPprovidestwooperatingmodes:
BroadcastMode:Theswitchacquirestimeupdatesbyacceptingthe
timevaluefromthefirstSNTPtimebroadcastdetected.(Inthiscase,
theSNTPservermustbeconfiguredtobroadcasttimeupdatestothe
networkbroadcastaddress.Refertothedocumentationprovided
withyourSNTPserverapplication.)Oncetheswitchdetectsapartic-
ularserver,itignorestimebroadcastsfromotherSNTPserversunless
theconfigurablePollIntervalexpiresthreeconsecutivetimeswithout
anupdatereceivedfromthefirst-detectedserver.
9-2
TimeProtocols
SelectingaTimeSynchronizationProtocolorTurningOffTimeProtocolOperation
Not e TouseBroadcastmode,theswitchandtheSNTPservermustbeinthesame
subnet.
UnicastMode:Theswitchrequestsatimeupdatefromtheconfig-
uredSNTPserver.(Youcanconfigureoneserverusingthemenu
interface,oruptothreeserversusingtheCLIsntpservercommand.)
ThisoptionprovidesincreasedsecurityovertheBroadcastmodeby
specifyingwhichtimeservertouseinsteadofusingthefirstone
detectedthroughabroadcast.
SelectingaTimeSynchronization
ProtocolorTurningOffTimeProtocol
Operation
GeneralStepsforRunningaTimeProtocolontheSwitch:
1. Selectthetimesynchronizationprotocol:SNTPorTimeP(thedefault).
2. Enabletheprotocol.Thechoicesare:
SNTP:Broadcast orUnicast
TimeP: DHCP orManual
3. Configuretheremainingparametersforthetimeprotocolyouselected.
Theswitchretainstheparametersettingsforbothtimeprotocolsevenif
youchangefromoneprotocoltotheother.Thus,ifyouselectatime
protocol,theswitchusestheparametersyoulastconfiguredforthe
selectedprotocol.
Notethatsimplyselectingatimesynchronizationprotocoldoesnotenable
thatprotocolontheswitchunlessyoualsoenabletheprotocolitself(step2,
above).Forexample,inthefactory-defaultconfiguration,TimePisthe
selectedtimesynchronizationmethod.However,becauseTimePisdisabled
inthefactory-defaultconfiguration,notimesynchronizationprotocolis
running.
DisablingTimeSynchronization
Youcanuseeitherofthefollowingmethodstodisabletimesynchronization
withoutchangingtheTimeporSNTPconfiguration:
9-3
TimeProtocols
SNTP:Viewing,Selecting,andConfiguring
IntheSystemInformationscreenoftheMenuinterface,settheTime
SynchMethodparametertoNone,thenpress[Enter],then[S](forSave).
IntheGlobalconfigleveloftheCLI,executenotimesync.
SNTP:Viewing,Selecting,and
Configuring
SNTPFeature Default Menu CLI Web
viewtheSNTPtimesynchronizationconfiguration n/a page9-5 page9-8
selectSNTPasthetimesynchronizationmethod timep page9-6 page9-10ff.
disabletimesynchronization timep page9-6 page9-14
enabletheSNTPmode(Broadcast,Unicast,orDisabled) disabled
broadcast n/a page9-6 page9-11
unicast n/a page9-6 page9-12
none/disabled n/a page9-6 page9-15
configureanSNTPserveraddress(forUnicastmodeonly) none page9-6 page9-12ff.
changetheSNTPserverversion(forUnicastmodeonly) 3 page9-7 page9-13
changetheSNTPpollinterval 720seconds page9-7 page9-14
changetheserverpriority n/a page9-12
9-4
TimeProtocols
Table9-1.SNTPParameters
SNTPParameter Operation
TimeSync
Method
UsedtoselecteitherSNTP,TIMEP,orNoneasthetimesynchronizationmethod.
SNTPMode
Disabled TheDefault.SNTPdoesnotoperate,evenifspecifiedbytheMenuinterfaceTimeSyncMethod
parameterortheCLItimesynccommand.
Unicast DirectstheswitchtopollaspecificserverforSNTPtimesynchronization.Requiresatleastoneserver
address.
Broadcast DirectstheswitchtoacquireitstimesynchronizationfromdatabroadcastbyanySNTPservertothe
networkbroadcastaddress.Theswitchusesthefirstserverdetectedandignoresanyothers.
However,ifthePollIntervalexpiresthreetimeswithouttheswitchdetectingatimeupdatefromthe
originalserver,ittheswitchacceptsabroadcasttimeupdatefromthenextserveritdetects.
PollInterval
(seconds)
InUnicastMode:SpecifieshowoftentheswitchpollsthedesignatedSNTPserverforatimeupdate.
InBroadcastMode:Specifieshowoftentheswitchpollsthenetworkbroadcastaddressforatime
update.
Valuebetween30-720seconds.
ServerAddress UsedonlywhentheSNTPModeissettoUnicast.SpecifiestheIPaddressoftheSNTPserverthat
theswitchaccessesfortimesynchronizationupdates.Youcanconfigureuptothreeservers;one
usingthemenuorCLI,andtwomoreusingtheCLI.RefertoSNTPUnicastTimePollingwithMultiple
SNTPServersonpage9-25.
ServerVersion Default:3;range:1-7.SpecifiestheSNTPsoftwareversiontouse,andisassignedonaper-server
basis.Theversionsettingisbackwards-compatible.Forexample,usingversion3meansthatthe
switchacceptsversions1through3.
Priority Specifiestheorderinwhichtheconfiguredserversarepolledforgettingthetime.Valueisbetween
1and3.
Menu:ViewingandConfiguringSNTP
ToView,Enable,andModifySNTPTimeProtocol:
1. FromtheMainMenu,select:
1.SystemInformation
9-5
TimeProtocols
==========================- CONSOLE - MANAGER MODE - ========================
Syst emCont act :
Syst emLocat i on :
Ti meP Mode [ Di sabl ed] : Di sabl ed Ser ver Addr ess :
Tf t p- enabl e [ Yes] : Yes J umbo Max Fr ame Si ze [ 9216] : 9216
Ti me Zone [ 0] : 0 J umbo I P MTU [ 9198] : 9198
TimeProtocolSelectionParameter
TIMEP
SNTP
Act i ons- > Cancel Edi t Save Hel p None
Figure9-1. TheSystemInformationScreen(DefaultValues)
3. Use[v]tomovethecursortotheTimeSyncMethodfield.
4. UsetheSpacebartoselectSNTP,thenpress[v]oncetodisplayandmove
totheSNTPModefield.
UsetheSpacebartoselecttheBroadcastmode,thenpress[v]to
movethecursortothePollIntervalfield,andgotostep6.(For
Broadcastmodedetails,refertoSNTPOperatingModeson
page9-2.)
Ti me Sync Met hod [ None] : SNTP
SNTP Mode [ Di sabl ed] : Br oadcast
Pol l I nt er val ( sec) [ 720] : 720
Ti me Zone [ 0] : 0
Figure9-2. TimeConfigurationFieldsforSNTPwithBroadcastMode
UsetheSpacebartoselecttheUnicastmode,thendothe
following:
i. Press[>]tomovethecursortotheServerAddressfield.
ii. EntertheIPaddressoftheSNTPserveryouwanttheswitchto
usefortimesynchronization.
9-6
TimeProtocols
Note:ThisstepreplacesanypreviouslyconfiguredserverIP
address.IfyouwillbeusingbackupSNTPservers(requiresuse
oftheCLI),thenrefertoSNTPUnicastTimePollingwith
MultipleSNTPServersonpage9-25.
iii. Press[v]tomovethecursortotheServerVersionfield.Enterthe
valuethatmatchestheSNTPserverversionrunningonthedevice
youspecifiedintheprecedingstep(stepii).Ifyouareunsure
whichversiontouse,ProCurverecommendsleavingthisvalue
atthedefaultsettingof3andtestingSNTPoperationtodetermine
whetheranychangeisnecessary.
Note:UsingthemenutoentertheIPaddressforanSNTPserver
whentheswitchalreadyhasoneormoreSNTPserversconfig-
uredcausestheswitchtodeletetheprimarySNTPserverfrom
theserverlistandtoselectanewprimarySNTPserverfromthe
IPaddress(es)intheupdatedlist.Formoreonthistopic,referto
SNTPUnicastTimePollingwithMultipleSNTPServersonpage
9-25.
iv. Press[>]tomovethecursortothePollIntervalfield,thengoto
step6.
Ti me Sync Met hod [ None] : SNTP
SNTP Mode [ Di sabl ed] : Uni cast Ser ver Addr ess : 10. 28. 227. 15
Pol l I nt er val ( sec) [ 720] : 720 Ser ver Ver si on [ 3] : 3
Ti me Zone [ 0] : 0
Note:TheMenuinterfacelistsonlythehighestprioritySNTPserver,evenifothersareconfigured.ToviewallSNTPserversconfigured
ontheswitch,usetheCLIshowmanagementcommand.RefertoSNTPUnicastTimePollingwithMultipleSNTPServersonpage
9-25.
Figure9-3. SNTPConfigurationFieldsforSNTPConfiguredwithUnicastMode
6. InthePollIntervalfield,enterthetimeinsecondsthatyouwantforaPoll
Interval.(ForPollIntervaloperation,seetable9-1,SNTPParameters,
onpage9-5.)
7. Press[Enter]toreturntotheActionsline,then[S](forSave)toenterthe
newtimeprotocolconfigurationinboththestartup-configandrunning-
configfiles.
9-7
TimeProtocols
CLI:ViewingandConfiguringSNTP
CLICommandsDescribedinthisSection
SNTPCommand Page
showsntp 9-8
[no]timesync 9-10andff.,
9-14
sntpbroadcast 9-11
sntpunicast 9-12
sntpserver 9-12andff.
ProtocolVersion 9-10
9-12
Priority 9-10
9-12
poll-interval 9-14
nosntp 9-15
ThissectiondescribeshowtousetheCLItoview,enable,andconfigureSNTP
parameters.
ViewingtheCurrentSNTPConfiguration
Syntax:showsntp
Thiscommandlistsboththetimesynchronizationmethod
(TimeP,SNTP,orNone)andtheSNTPconfiguration,evenif
SNTPisnottheselectedtimeprotocol.
Forexample,ifyouconfiguredtheswitchwithSNTPasthetime
synchronizationmethod,thenenabledSNTPinbroadcastmodewiththe
defaultpollinterval,showsntpliststhefollowing:
9-8
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TimeProtocols
Pr oCur ve( conf i g) # show snt p
SNTP Conf i gur at i on
Ti me Sync Mode: Snt p
SNTP Mode : Uni cast
Pr i or i t y SNTP Ser ver Addr ess Pr ot ocol Ver si on
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 2001: db8: : 215: 60f f : f e79: 8980 7
2 10. 255. 5. 24 3
3 f e80: : 123%vl an10 3
Figure9-4. ExampleofSNTPConfigurationWhenSNTPIstheSelectedTimeSynchronizationMethod
Inthefactory-defaultconfiguration(whereTimePistheselectedtime
synchronizationmethod),showsntpstillliststheSNTPconfigurationeven
thoughitisnotcurrentlyinuse.Forexample:
Ti me Sync Mode: Ti mep
Eventhough,inthisexample,TimePisthe
currenttimesynchronousmethod,the
switchmaintainstheSNTPconfiguration.
1 2001: db8: : 215: 60f f : f e79: 8980 7
2 10. 255. 5. 24 3
3 f e80: : 123%vl an10 3
Figure9-5. ExampleofSNTPConfigurationWhenSNTPIsNottheSelectedTimeSynchronizationMethod
Syntax:showmanagement
Thiscommandcanhelpyoutoeasilyexamineandcompare
theIPaddressingontheswitch.ItliststheIPaddressesfor
alltimeserversconfiguredontheswitch,plustheIPaddresses
anddefaultgatewayforallVLANsconfiguredontheswitch.
9-9
TimeProtocols
Pr oCur ve( conf i g) # show management
St at us and Count er s - Management Addr ess I nf or mat i on
Ti me Ser ver Addr ess : f e80: : 215: 60f f : f e7a: adc0%vl an10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 2001: db8: : 215: 60f f : f e79: 8980 7
2 10. 255. 5. 24 3
3 f e80: : 123%vl an10 3
Def aul t Gat eway : 10. 0. 9. 80
VLAN Name MAC Addr ess | I P Addr ess
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - -
DEFAULT_VLAN 001279- 88a100 | Di sabl ed
VLAN10 001279- 88a100 | 10. 0. 10. 17
Figure9-6. ExampleofDisplayShowingIPAddressingforAllConfiguredTimeServersandVLANs
Configuring(EnablingorDisabling)theSNTPMode
EnablingtheSNTPmodemeanstoconfigureitforeitherbroadcastorunicast
mode.RememberthattorunSNTPastheswitchstimesynchronization
protocol,youmustalsoselectSNTPasthetimesynchronizationmethodby
usingtheCLItimesynccommand(ortheMenuinterfaceTimeSyncMethod
parameter).
Syntax: timesyncsntp
SelectsSNTPasthetimeprotocol.
sntp<broadcast|unicast>
EnablestheSNTPmode(belowandpage9-12).
Syntax: sntpserverpriority<1-3><ip-addr|ipv6-addr>[1-7]
Requiredonlyforunicastmodepage9-12).ProvidesSNTP
serveraddress,priority,and(optionally)theserverversion.
Theprioritysettingspecifiestheorderinwhichtheconfigured
serversarepolledforgettingthetime.Theserverversionrange
is1-7andthedefaultis3.(page9-12ff.).
Note:FormoreinformationaboutIPv6addresses,refertotheIPv6
ConfigurationGuideforyourswitch.
Syntax: sntp<30-720>
EnablingtheSNTPmodealsoenablestheSNTPpollinterval
(default:720seconds;page9-14).
9-10
4
TimeProtocols
EnablingSNTPinBroadcastMode.BecausetheswitchprovidesanSNTP
pollinginterval(default:720seconds),youneedonlythesetwocommands
forminimalSNTPbroadcastconfiguration:
SelectsSNTPasthetimesynchronizationmethod.
Syntax: sntpbroadcast
ConfiguresbroadcastastheSNTPmode.
Forexample,suppose:
Timesynchronizationisinthefactory-defaultconfiguration(TimeP
isthecurrentlyselectedtimesynchronizationmethod).
Youwantto:
1. Viewthecurrenttimesynchronization.
2. SelectSNTPasthetimesynchronizationmode.
3. EnableSNTPforBroadcastmode.
4. ViewtheSNTPconfigurationagaintoverifytheconfiguration.
Thecommandsandoutputwouldappearasfollows:
1
showsntpdisplaystheSNTPconfigurationandalsoshowsthat
TimePisthecurrentlyactivetimesynchronizationmode.
Ti me Sync Mode: Ti mep
SNTP Mode : di sabl ed
Pr oCur ve( conf i g) # t i mesync snt p
Pr oCur ve( conf i g) # snt p br oadcast
2
3
5406_1( conf i g) # show snt p 4 showsntpagaindisplaystheSNTPconfigurationandshowsthat
SNTPisnowthecurrentlyactivetimesynchronizationmodeand
isconfiguredforbroadcastoperation.
SNTP Mode : Br oadcast
Note:TheProtocolVersionparameterwillalsoappearinshowsntplistingsiftheIPaddressofanSNTPserver(used
inUnicastmode)isconfiguredintheswitch.However,theprotocolversionisusedonlywhenSNTPisconfigured
forUnicastoperation.SeeEnablingSNTPinUnicastModeonpage12.
Figure9-7. ExampleofEnablingSNTPOperationinBroadcastMode
9-11
TimeProtocols
EnablingSNTPinUnicastMode.Likebroadcastmode,configuringSNTP
forunicastmodeenablesSNTP.However,forUnicastoperation,youmust
alsospecifytheIPv4orIPv6addressandpriority(1- 3)ofatleastoneSNTP
server.Theswitchallowsuptothreeunicastservers.YoucanusetheMenu
interfaceortheCLItoconfigureoneIPv4serveraddressortoreplacean
existingIPv4Unicastserveraddresswithanother.ToaddanIPv6server
addressoranysecondorthirdserveraddress,youmustusetheCLI.Formore
onSNTPoperationwithmultipleservers,refertoSNTPUnicastTimePolling
withMultipleSNTPServersonpage9-25.
SelectsSNTPasthetimesynchronizationmethod.
Syntax: sntpunicast
ConfigurestheSNTPmodeforUnicastoperation.
Syntax: sntpserverpriority<1-3><ip-addr|ipv6-addr>[1-7]
SpecifiestheSNTPserveraddress,serverpriority,and
(optionally)theserverversion.Theprioritysetting(1-3)
specifiestheorderinwhichtheconfiguredserversarepolled
forgettingthetime.Theserverversionrangeis1-7andthe
defaultis3.
Syntax: nosntpserver<ip-addr|ipv6-addr>
DeletesthespecifiedSNTPserver.
Not e DeletinganSNTPserverwhenonlyoneisconfigureddisablesSNTPunicast
operation.
Forexample,toselectSNTPandconfigureitwithunicastmodeandanSNTP
serverat10.28.227.141withaserverpriorityof2,defaultserverversion(3),
anddefaultpollinterval(720seconds):
Pr oCur ve( conf i g) # t i mesync snt p
SelectsSNTP.
Pr oCur ve( conf i g) # snt p uni cast
ActivatesSNTPinUnicastmode.
Pr oCur ve( conf i g) # snt p ser ver pr i or i t y 2 10. 28. 227. 141
SpecifiestheSNTPserverwithapriorityof2andacceptsthe
currentSNTPserverversion(default:3).
9-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TimeProtocols
.
Inthisexample,thePollIntervalandtheProtocol
SNTP Conf i gur at i on Versionappearattheirdefaultsettings.
BothIPv4andIPv6addressesaredisplayed.
SNTP Mode : Uni cast Note:ProtocolVersionappearsonlywhenthereisan
Pol l I nt er val ( sec) [ 720] : 720 IPaddressconfiguredforanSNTPserver.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 2001: db8: : 215: 60f f : f e79: 8980 7
2 10. 28. 227. 141 3
3 f e80: : 123%vl an10 3
Figure9-8. ExampleofConfiguringSNTPforUnicastOperation
IftheSNTPserveryouspecifyusesSNTPversion4orlater,usethesntpserver
commandtospecifythecorrectversionnumber.Forexample,supposeyou
learnedthatSNTPversion4wasinuseonaserveryouspecifiedabove(IP
address10.28.227.141)withversion3.Youwouldusethefollowingcommands
todeletetheserverIPaddressandthenre-enteritwiththecorrectversion
numberforthatserver:
Pr oCur ve( conf i g) # no snt p ser ver pr i or i t y 2 10. 28. 227. 141
Pr oCur ve( conf i g) # snt p ser ver pr i or i t y 2 10. 28. 227. 141 4
5406_1( conf i g) # show snt p
showsntpdisplaysthe
DeletesunicastSNTP
serverentry.
Re-enterstheunicast
serverwithanon-default
protocolversion.
changedserverprotocol
version.
1 2001: db8: : 215: 60f f : f e79: 8980 7
2 10. 28. 227. 141 4
3 f e80: : 123%vl an10 3
Figure9-9. ExampleofSpecifyingtheSNTPProtocolVersionNumber
9-13
TimeProtocols
ChangingtheSNTPPollInterval.
Syntax: sntp<30..720>
Specifieshowlongtheswitchwaitsbetweentimepolling
intervals.Thedefaultis720secondsandtherangeis30to
720seconds.(Thisparameterisseparatefromthepollinter-
valparameterusedforTimepoperation.)
Forexample,tochangethepollintervalto300seconds:
Pr oCur ve( conf i g) # snt p pol l - i nt er val 300
DisablingTimeSynchronizationWithoutChangingtheSNTP
Configuration.Therecommendedmethodfordisablingtimesynchroniza-
tionistousethetimesynccommand.
Syntax: notimesync
HaltstimesynchronizationwithoutchangingyourSNTP
configuration.
Forexample,supposeSNTPisrunningastheswitchstimesynchronization
protocol,withBroadcastastheSNTPmodeandthefactory-defaultpolling
interval.Youwouldhalttimesynchronizationwiththiscommand:
Pr oCur ve( conf i g) # no t i mesync
IfyouthenviewedtheSNTPconfiguration,youwouldseethefollowing:
Ti me Sync Mode: Di sabl ed
SNTP Mode : Br oadcast
Figure9-10. ExampleofSNTPwithTimeSychronizationDisabled
9-14
TimeProtocols
DisablingtheSNTPMode.IfyouwanttopreventSNTPfrombeingused
evenifselectedbytimesync(ortheMenuinterfacesTimeSyncMethodparam-
eter),configuretheSNTPmodeasdisabled.
Syntax: nosntp
DisablesSNTPbychangingtheSNTPmodeconfigurationto
Disabled.
Forexample,iftheswitchisrunningSNTPinUnicastmodewithanSNTP
serversasshowninfigure9-9,nosntpchangestheSNTPconfigurationas
shownbelow,anddisablestimesynchronizationontheswitch.
Pr oCur ve( conf i g) # no snt p
EventhoughtheTimeSyncModeissettoSntp,
timesynchronizationisdisabledbecauseno
sntphasdisabledtheSNTPModeparameter.
SNTP Mode : di sabl ed
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 2001: db8: : 215: 60f f : f e79: 8980 7
2 10. 28. 227. 141 4
3 f e80: : 123%vl an10 3
Figure9-11. ExampleofDisablingTimeSynchronizationbyDisablingtheSNTPMode
9-15
TimeProtocols
TimeP:Viewing,Selecting,andConfiguring
TimeP:Viewing,Selecting,and
Configuring
TimePFeature Default Menu CLI Web
viewtheTimeptimesynchronizationconfiguration n/a page9-17 page9-19
selectTimepasthetimesynchronizationmethod TIMEP page9-15 pages9-21ff.
disabletimesynchronization timep page9-17 page9-23
enabletheTimepmode Disabled
DHCP page9-17 page9-21
manual page9-17 page9-22
none/disabled page9-17 page9-23
changetheSNTPpollinterval 720minutes page9-18 page9-23
Table9-2.TimepParameters
SNTPParameter Operation
TimeSync
Method
UsedtoselecteitherTIMEP(thedefault),SNTP,orNoneasthetimesynchronizationmethod.
TimepMode
Disabled TheDefault.Timepdoesnotoperate,evenifspecifiedbytheMenuinterfaceTimeSyncMethod
parameterortheCLItimesynccommand.
DHCP WhenTimepisselectedasthetimesynchronizationmethod,theswitchattemptstoacquireaTimep
serverIPaddressviaDHCP.Iftheswitchreceivesaserveraddress,itpollstheserverforupdates
accordingtotheTimeppollinterval.IftheswitchdoesnotreceiveaTimepserverIPaddress,itcannot
performtimesynchronizationupdates.
Manual WhenTimepisselectedasthetimesynchronizationmethod,theswitchattemptstopollthespecified
serverforupdatesaccordingtotheTimeppollinterval.Iftheswitchfailstoreceiveupdatesfromthe
server,timesynchronizationupdatesdonotoccur.
Server
Address
UsedonlywhentheTimePModeissettoManual.SpecifiestheIPaddressoftheTimePserverthat
theswitchaccessesfortimesynchronizationupdates.Youcanconfigureoneserver.
9-16

TimeProtocols
Menu:ViewingandConfiguringTimeP
ToView,Enable,andModifytheTimePProtocol:
1.SystemInformation
==========================- CONSOLE - MANAGER MODE - ==========================
Syst emCont act :
Syst emLocat i on :
Ti meP Mode [ Di sabl ed] : Di sabl ed
TimeProtocolSelectionParameter
TIMEP(thedefault)
Ti me Zone [ 0] : 0
SNTP
None
Figure9-12. TheSystemInformationScreen(DefaultValues)
Press[E](forEdit).ThecursormovestotheSystemNamefield.
2. Use[v]tomovethecursortotheTimeSyncMethodfield.
3. IfTIMEPisnotalreadyselected,usetheSpacebartoselectTIMEP,then
press[v]oncetodisplayandmovetotheTimePModefield.
UsetheSpacebartoselecttheDHCPmode,thenpress[v]tomove
thecursortothePollIntervalfield,andgotostep6.
UsetheSpacebartoselecttheManualmode.
i. Press[>]tomovethecursortotheServerAddressfield.
9-17
TimeProtocols
ii. EntertheIPaddressoftheTimePserveryouwanttheswitchto
usefortimesynchronization.
Note:ThisstepreplacesanypreviouslyconfiguredTimePserver
IPaddress.
iii. Press[>]tomovethecursortothePollIntervalfield,thengoto
step6.
5. InthePollIntervalfield,enterthetimeinminutesthatyouwantfora
TimePPollInterval.
Press[Enter]toreturntotheActionsline,then[S](forSave)toenterthenew
timeprotocolconfigurationinboththestartup-configandrunning-config
files.
CLI:ViewingandConfiguringTimeP
CLICommandsDescribedinthisSection
Command Page
showtimep 9-19
[no]timesync 9-20ff.,9-23
iptimep
dhcp 9-21
manual 9-22
server<ip-addr> 9-22
interval 9-23
noiptimep 9-23
ThissectiondescribeshowtousetheCLItoview,enable,andconfigureTimeP
parameters.
9-18
TimeProtocols
ViewingtheCurrentTimePConfiguration
Usingdifferentshowcommands,youcandisplayeitherthefullTimePconfig-
urationoracombinedlistingofallTimeP,SNTP,andVLANIPaddresses
configuredontheswitch.
Syntax:showtimep
Thiscommandlistsboththetimesynchronizationmethod
(TimeP,SNTP,orNone)andtheTimePconfiguration,evenif
SNTPisnottheselectedtimeprotocol.(IftheTimePModeis
settoDisabledorDHCP,thentheServerfielddoesnotappear.)
Forexample,ifyouconfiguretheswitchwithTimePasthetimesynchroniza-
tionmethod,thenenableTimePinDHCPmodewiththedefaultpollinterval,
showtimepliststhefollowing:
Figure9-13. ExampleofTimePConfigurationWhenTimePIstheSelectedTime
SynchronizationMethod
IfSNTPistheselectedtimesynchronizationmethod,showtimepstillliststhe
TimePconfigurationeventhoughitisnotcurrentlyinuse:
Eventhough,inthisexample,SNTPisthe
currenttimesynchronizationmethod,the
switchmaintainstheTimeP
configuration.
Figure9-14. ExampleofTimePConfigurationWhenTimePIsNottheSelectedTimeSynchronization
Method
Syntax:showmanagement
Thiscommandcanhelpyoutoeasilyexamineandcompare
theIPaddressingontheswitch.ItliststheIPaddressesfor
alltimeserversconfiguredontheswitch,plustheIPaddresses
anddefaultgatewayforallVLANsconfiguredontheswitch.
9-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TimeProtocols
Ti me Ser ver Addr ess : 10. 10. 28. 100
1 10. 10. . 28. 101 3
2 10. 255. 5. 24 3
3 f e80: : 123%vl an10 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - -
DEFAULT_VLAN 001279- 88a100 | 10. 30. 248. 184
VLAN10 001279- 88a100 | 10. 0. 10. 17
Figure9-15. ExampleofDisplayShowingIPAddressingforAllConfiguredTimeServersandVLANs
Configuring(EnablingorDisabling)theTimePMode
EnablingtheTimePmodemeanstoconfigureitforeitherbroadcastorunicast
mode.RememberthattorunTimePastheswitchstimesynchronization
protocol,youmustalsoselectTimePasthetimesynchronizationmethodby
usingtheCLItimesynccommand(ortheMenuinterfaceTimeSyncMethod
parameter).
Syntax: timesynctimep
SelectsTimePasthetimeprotocol.
Syntax: iptimep<dhcp|manual>
EnablestheselectedTimePmode.
Syntax: noiptimep
DisablestheTimePmode.
Syntax: notimesync
Disablesthetimeprotocol.
9-20
TimeProtocols
EnablingTimePinDHCPMode.BecausetheswitchprovidesaTimeP
pollinginterval(default:720minutes),youneedonlythesetwocommandsfor
aminimalTimePDHCPconfiguration:
SelectsTimePasthetimesynchronizationmethod.
Syntax: iptimepdhcp
ConfiguresDHCPastheTimePmode.
Forexample,suppose:
TimesynchronizationisconfiguredforSNTP.
Youwantto:
1. Viewthecurrenttimesynchronization.
2. SelectTimePasthetimesynchronizationmode.
3. EnableTimePforDHCPmode.
4. ViewtheTimePconfiguration.
Thecommandsandoutputwouldappearasfollows:
1 showtimepdisplaystheTimePconfigurationandalsoshows
thatSNTPisthecurrentlyactivetimesynchronizationmode.
2
3
4
showtimepagaindisplaystheTimePconfigurationandshowsthatTimePis
nowthecurrentlyactivetimesynchronizationmode.
Figure9-16. ExampleofEnablingTimePOperationinDHCPMode
9-21
TimeProtocols
EnablingTimepinManualMode.LikeDHCPmode,configuringTimePfor
ManualmodeenablesTimeP.However,formanualoperation,youmustalso
specifytheIPaddressoftheTimePserver.(TheswitchallowsonlyoneTimeP
server.)ToenabletheTimePprotocol:
SelectsTimep.
Syntax: iptimepmanual<ip-addr>
ActivatesTimePinManualmodewithaspecifiedTimeP
server.
Syntax: noiptimep
DisablesTimeP.
Not e TochangefromoneTimePservertoanother,youmust(1)usethenoiptimep
commandtodisableTimePmode,andthenreconfigureTimePinManual
modewiththenewserverIPaddress.
Forexample,toselectTimePandconfigureitformanualoperationusinga
TimePserveraddressof10.28.227.141andthedefaultpollinterval(720
minutes,assumingtheTimePpollintervalisalreadysettothedefault):
Pr oCur ve( conf i g) # t i mesync t i mep
SelectsTimeP.
Pr oCur ve( conf i g) # i p t i mep manual 10. 28. 227. 141
ActivatesTimePinManualmode.
Figure9-17. ExampleofConfiguringTimepforManualOperation
9-22
TimeProtocols
ChangingtheTimePPollInterval.Thiscommandletsyouspecifyhow
longtheswitchwaitsbetweentimepollingintervals.Thedefaultis720
minutesandtherangeis1to9999minutes.(Thisparameterisseparatefrom
thepollintervalparameterusedforSNTPoperation.)
Syntax: iptimep<dhcp|manual>interval<1-9999>
Forexample,tochangethepollintervalto60minutes:
Pr oCur ve( conf i g) # i p t i mep i nt er val 60
DisablingTimeSynchronizationWithoutChangingtheTimeP
Configuration.Therecommendedmethodfordisablingtimesynchroniza-
tionistousethetimesynccommand.Thishaltstimesynchronizationwithout
changingyourTimePconfiguration.
Syntax: notimesync
DisablestimesynchronizationbychangingtheTimeSync
ModeconfigurationtoDisabled.
Forexample,supposeTimePisrunningastheswitchstimesynchronization
protocol,withDHCPastheTimePmode,andthefactory-defaultpolling
interval.Youwouldhalttimesynchronizationwiththiscommand:
ProCurve(config)# no timesync
IfyouthenviewedtheTimePconfiguration,youwouldseethefollowing:
Figure9-18. ExampleofTimePwithTimeSychronizationDisabled
DisablingtheTimePMode.DisablingtheTimePmodemeanstoconfigure
itasdisabled.(DisablingTimePpreventstheswitchfromusingitasthetime
synchronizationprotocol,evenifitistheselectedTimeSyncMethodoption.)
Syntax: noiptimep
DisablesTimePbychangingtheTimePmodeconfiguration
toDisabled.
9-23
TimeProtocols
Forexample,iftheswitchisrunningTimePinDHCPmode,noiptimepchanges
theTimePconfigurationasshownbelow,anddisablestimesynchronization.
EventhoughtheTimeSyncModeissettoTimep,
timesynchronizationisdisabledbecausenoip
timephasdisabledtheTimePModeparameter.
Figure9-19.ExampleofDisablingTimeSynchronizationbyDisablingtheTimePMode
Parameter
9-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TimeProtocols
SNTPUnicastTimePollingwithMultipleSNTPServers
SNTPUnicastTimePollingwithMultiple
SNTPServers
WhenrunningSNTPunicasttimepollingasthetimesynchronizationmethod,
theswitchrequestsatimeupdatefromtheserveryouconfiguredwitheither
theServerAddressparameterinthemenuinterface,ortheprimaryserverin
alistofuptothreeSNTPserversconfiguredusingtheCLI.Iftheswitchdoes
notreceivearesponsefromtheprimaryserverafterthreeconsecutivepolling
intervals,theswitchtriesthenextserver(ifany)inthelist.Iftheswitchtries
allserversinthelistwithoutsuccess,itsendsanerrormessagetotheEvent
LogandreschedulestotrytheaddresslistagainaftertheconfiguredPoll
Intervaltimehasexpired.
DisplayingAllSNTPServerAddressesConfiguredon
theSwitch
TheSystemInformationscreeninthemenuinterfacedisplaysonlyoneSNTP
serveraddress,eveniftheswitchisconfiguredfortwoorthreeservers.The
CLIshowmanagementcommanddisplaysallconfiguredSNTPserversonthe
switch.
Ti me Ser ver Addr ess : f e80: : 215: 60f f : f e7a: adc0%vl an10
1 2001: db8: : 215: 60f f : f e79: 8980 7
2 10. 255. 5. 24 3
3 f e80: : 123%vl an10 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - -
DEFAULT_VLAN 001279- 88a100 | Di sabl ed
VLAN10 001279- 88a100 | 10. 0. 10. 17
Figure9-20. ExampleofHowToListAllSNTPServersConfiguredontheSwitch
9-25
TimeProtocols
SNTPMessagesintheEventLog
AddingandDeletingSNTPServerAddresses
AddingAddresses.Asmentionedearlier,youcanconfigureoneSNTP
serveraddressusingeithertheMenuinterfaceortheCLI.Toconfigurea
secondandthirdaddress,youmustusetheCLI.Toconfiguretheremaining
twoaddresses,youwoulddothefollowing:
Pr oCur ve( conf i g) # snt p ser ver 2001: db8: : 215: 60f f : f e79: 8980
Pr oCur ve( conf i g) # snt p ser ver 10. 255. 5. 24
Figure9-21. ExampleofCreatingAdditionalSNTPServerAddresseswiththeCLI
Not e IftherearealreadythreeSNTPserveraddressesconfiguredontheswitch,
andyouwanttousetheCLItoreplaceoneoftheexistingaddresseswitha
newone,youmustdeletetheunwantedaddressbeforeyouconfigurethenew
one.
DeletingAddresses.Todeleteanaddress,youmustusetheCLI.Ifthereare
multipleaddressesandyoudeleteoneofthem,theswitchre-ordersthe
addresspriority.
Syntax: nosntpserver<ip-addr>
Forexample,todeletetheprimaryaddressintheaboveexample(and
automaticallyconvertthesecondaryaddresstoprimary):
Pr oCur ve( conf i g) # no snt p ser ver 10. 28. 227. 141
Configured
WhenyouusetheMenuinterfacetoconfigureanSNTPserverIPaddress,the
newaddresswritesoverthecurrentprimaryaddress,ifoneisconfigured.
SNTPMessagesintheEventLog
IfanSNTPtimechangeofmorethanthreesecondsoccurs,theswitchsevent
logrecordsthechange.SNTPtimechangesoflessthanthreesecondsdonot
appearintheEventLog.
9-26
10
PortStatusandConfiguration
Contents
Overview .................................................... 10-3
ViewingPortStatusandConfiguringPortParameters.......... 10-3
Menu:PortStatusandConfiguration .......................... 10-4
PortType.............................................. 10-4
StatusofPorts ......................................... 10-5
FlowControl........................................... 10-5
BroadcastLimit ........................................ 10-5
Modes ................................................ 10-6
ConfiguringPorts ....................................... 10-7
CLI:ViewingPortStatusandConfiguringPortParameters ....... 10-8
ViewingPortStatusandConfiguration ..................... 10-9
ViewingPortUtilizationStatistics ........................... 10-11
ViewingTransceiverStatus.......... ....................... 10-12
EnablingorDisablingPortsandConfiguringPortMode......... 10-13
EnablingorDisablingFlowControl .......................... 10-15
ConfiguringaBroadcastLimitontheSwitch .................. 10-17
ConfiguringProCurveAuto-MDIX ........................... 10-18
Web:ViewingPortStatusandConfiguringPortParameters ..... 10-21
UsingFriendly(Optional)PortNames ....................... 10-22
ConfiguringandOperatingRulesforFriendlyPortNames....... 10-22
ConfiguringFriendlyPortNames ............................ 10-23
DisplayingFriendlyPortNameswithOtherPortData .......... 10-24
BeenInserted ............................................. 10-27
Transceivers .......................................... 10-27
Modules .............................................. 10-27
Uni-DirectionalLinkDetection(UDLD) ...................... 10-29
10-1
Contents
ConfiguringUDLD......................................... 10-30
EnablingUDLD........................................ 10-31
ChangingtheKeepaliveInterval ......................... 10-32
ChangingtheKeepaliveRetries .......................... 10-32
ConfiguringUDLDforTaggedPorts ...................... 10-32
ViewingUDLDInformation ................................. 10-33
ConfigurationWarningsandEventLogMessages .............. 10-36
10-2
Overview
Overview
NoteOnConnecting
Transceiversto
Fixed-Configuration
Devices
Thischapterdescribeshowtoviewthecurrentportconfigurationandhow
toconfigureportstonon-defaultsettings,including
Enable/Disable
Mode(speedandduplex)
FlowControl
BroadcastLimit
FriendlyPortNames
Uni-directionalLinkDetection(UDLD)
ViewingPortStatusandConfiguringPort
Parameters
PortStatusandConfigurationFeatures
viewingportstatus n/a page10-4 page10-8 page10-21
viewingtransceiverstatus n/a n/a page10-12 page10-21
configuringports page10-7 page10-13 page10-21
configuringProCurveauto-mdix page10-18
Iftheswitcheitherfailstoshowalinkbetweenaninstalledtransceiverand
anotherdevice,ordemonstrateserrorsorotherunexpectedbehavioronthe
link,checktheportconfigurationonbothdevicesforaspeedand/orduplex
(mode)mismatch.
Tocheckthemodesettingforaportontheswitch,useeitherthePort
Statusscreeninthemenuinterface(page10-4)orshowinterfacesbriefin
theCLI(page10-8).
Todisplayinformationaboutthetransceiversinstalledonaswitch,enterthe
showtechtransceiverscommandintheCLI(page10-12).
10-3

ViewingPortStatusandConfiguringPortParameters
Menu:PortStatusandConfiguration
Fromthemenuinterface,youcanviewandchangetheportconfiguration.
UsingtheMenuToViewPortConfiguration. Themenuinterfacedis-
playstheconfigurationforportsand(ifconfigured)anytrunkgroups.
FromtheMainMenu,select:
1.StatusandCounters
4.PortStatus
==========================- CONSOLE - MANAGER MODE - ==========================
St at us and Count er s - Por t St at us
I nt r usi on MDI Fl ow Bcast
Por t Type Al er t Enabl ed St at us Mode Mode Ct r l Li mi t
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 100/ 1000T No Yes Down 100FDx Aut o of f 0
Act i ons- > Back I nt r usi on l og Hel p
Ret ur n t o pr evi ous scr een.
Use up/ down ar r ow keys t o scr ol l t o ot her ent r i es, l ef t / r i ght ar r ow keys t o
change act i on sel ect i on, and <Ent er > t o execut e act i on.
Figure10-1.ExampleofaSwitchPortStatusScreen
PortType
TheportTypefieldrepresentstheIEEEorotherindustryprotocolinoperation
onthatport.Forexample,1000Base-SXisagigabitprotocolforgigabit
operationoverfiberopticcable.
10-4
StatusofPorts
Aportcanbeenabledordisabled:
Yes:Enabled,thedefault.Thisindicatestheportisreadyforanetwork
connection.
No:Disabled,theportwillnotoperate,evenifproperlyconnectedtoa
network.Usethesetting,forexample,toshuttheportdownfordiagnostic
purposesorwhileyouaremakingtopologychanges.
Thestatusofaportcanbeupordown(Read-only):
Up:Theportsensesalinkbeat.
Down:Theportisnotenabled,hasnocablesconnected,orisexperiencinga
networkerror.Fortroubleshootinginformation,seetheInstallationand
GettingStartedGuideforyourswitch,orrefertoAppendixC,Troubleshoot-
ing(inthismanual).
FlowControl
WiththeportmodesettoAuto(thedefault)andflowcontrolon(enabled),
theswitchnegotiatesflowcontrolontheindicatedport.Iftheportmodeis
notsettoAuto,orifflowcontrolisoff(disabled)ontheport,thenflowcontrol
isnotused.Flowcontrolmustbeenabledonbothendsofalink.
On:Enabled.Theportuses802.3xLinkLayerFlowControl,generates
flowcontrolpackets,andprocessesreceivedflowcontrolpackets.
Off:Disabled(default).Theportdoesnotgenerateflowcontrolpackets,
anddropsanyflowcontrolpacketsitreceives.
BroadcastLimit
Thebroadcastlimitspecifiesthepercentageofthetheoreticalmaximum
networkbandwidththatcanbeusedforbroadcastandmulticasttraffic.Any
broadcastormulticasttrafficexceedingthatlimitwillbedropped.Zero(0)
meansthefeatureisdisabled.
Thebroadcast-limitcommandoperatesattheportcontextleveltosetthe
broadcastlimitforaportonaswitch.
Not e ThisfeatureisnotappropriatefornetworksthatrequirehighlevelsofIPXor
RIPbroadcasttraffic.
10-5
Modes
Themodeistheportsspeedandduplex(datetransferoperation)setting.
Table10-1showspossiblemodesavailable,dependingontheporttype
(copperorfiber)andportspeed.
Table10-1. SupportedModes
Mode SpeedandDuplexSettings
Auto-MDIX Sensesspeedandnegotiateswiththeportattheotherendofthelinkforport
operation(MDI-XorMDI).ToseewhattheswitchnegotiatesfortheAuto
setting,usetheCLIshowinterfacesbriefcommandorthemenucommands1.
StatusandCounters,3.PortStatus.
Thisfeaturesappliesonlytocopperportswitchesusingtwisted-paircopper
Ethernetcables.
MDI SetstheporttoconnectwithaPCusingacrossovercable(Manualmode
appliesonlytocopperportswitchesusingtwisted-paircopperEthernet
cables).
MDIX SetstheporttoconnectwithaPCusingastraight-throughcable(Manual
modeappliesonlytocopperportswitchesusingtwisted-paircopperEthernet
cables).
Auto-10 Allowstheporttonegotiatebetweenhalf-duplex(HDx)andfull-duplex(FDx)
whilekeepingspeedat10Mbps.Alsonegotiatesflowcontrol(enabledor
disabled).ProCurverecommendsAuto-10forlinksbetween10/100auto-
sensingportsconnectedwithCat3cabling.(Cat5cablingisrequiredfor100
Mbpslinks.)
Auto-100 Uses100Mbpsandnegotiateswiththeportattheotherendofthelinkforother
portoperationfeatures.
Auto-10-100 Allowstheporttoestablishalinkwiththeportattheotherendateither10Mbps
or100Mbps,usingthehighestmutualspeedandduplexmodeavailable.Only
thesespeedsareallowedwiththissetting.
Auto-1000 Uses1000Mbpsandnegotiateswiththeportattheotherendofthelinkfor
otherportoperationfeatures.
10HDx Uses10Mbps,Half-Duplex
100HDx Uses100Mbps,Half-Duplex
10FDX Uses10Mbps,Full-Duplex
100FDx Uses100Mbps,Full-Duplex
1000FDx Uses1000Mbps,Full-Duplex
10GbEFDx Uses10Gigabits/secFull-Duplex
Tables10-2and10-3displaytheprotocolsandmodessupportedforcopper
portsandfiberopticports,respectively.
10-6
Table10-2. ProtocolsandModesSupportedforCopperPorts
10/100Mbps Gigabit 10Gigabit
10/100TX 10/100/1000-T 10GBASE-CX4
Modes Settings Modes Settings Modes Settings
Auto
10HDx
100HDx
10FDx
100FDx
Auto-10
100FDx
10HDx
100HDx
10FDx
100FDX
10FDX
Auto
Auto-10
Auto-100
Auto-10-100
Auto-1000
10HDx
100HDX
1000FDx
1000FDx
10HDx
100FDx
100FDx
1000FDx
10HDx
100HDx
1000FDx
Auto 10GigabitFDx
Table10-3. ProtocolsandModesSupportedforFiberOpticPorts
100Mbps Gigabit 10Gigabit
Protocols 100BASE-FX
100BASE-BX10
1000BASE-SX
1000BASE-LX
1000BASE-BX10
1000BASE-LH
10GBASE-SR
10GBASE-LR
10GBASE-LRM
Modes 100HDx
100FDx
Auto
1000FDx
Auto
ConfiguringPorts
Youcanconfigureandviewtheportsettingsbyusingthemenu.
Not e Themenuinterfaceusesthesamescreenforconfiguringbothindividualports
andporttrunkgroups.Forinformationonporttrunkgroups,refertoChapter
12,PortTrunking.
1. FromtheMainMenu,Select:
2.Port/TrunkSettings
AnexampleoftheMenudisplayisshownbelow.
10-7

===========================- TELNET - MANAGER MODE - =============
Swi t ch Conf i gur at i on - Por t / Tr unk Set t i ngs
Por t Type Enabl ed Mode Fl ow Ct r l Gr oup Type
- - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 1000T | Yes Aut o- 10- 100 Di sabl e
2 1000T | Yes Aut o- 10- 100 Di sabl e
3 1000T | Yes Aut o Di sabl e
4 1000T | Yes Aut o- 1000 Di sabl e
5 1000T | Yes 10HDx Di sabl e
6 1000T | Yes 10FDx Di sabl e
7 1000T | Yes 100FDx Di sabl e Tr k1 Tr unk
8 1000T | Yes Aut o Di sabl e Tr k2 Tr unk
Cancel changes and r et ur n t o pr evi ous scr een.
Figure10-2.ExampleofPort/TrunkSettingswithaTrunkGroupConfigured
2. Press[E](forEdit).ThecursormovestotheEnabledfieldforthefirstport.
3. Refertotheonlinehelpprovidedwiththisscreenforfurtherinformation
[Enter],thenpress[S](forSave).
CLI:ViewingPortStatusandConfiguringPort
Parameters
FromtheCLI,youcanconfigureandviewallportparametersettingsandview
allportstatusindicators.
PortStatusandConfigurationCommands
showinterfacesbrief page10-9
showinterfacesconfig page10-10
showinterfacesport-utilization page10-11
showtechtransceivers page10-12
interface page10-13
disable/enable page10-13
speed-duplex page10-13
10-8

flow-control page10-15
broadcast-limit page10-17
auto-mdix page10-18
ViewingPortStatusandConfiguration
Usethefollowingcommandstodisplayportstatusandconfigurationdata.
Syntax: showinterfaces[brief|config|<port-list>]
brief:Liststhecurrentoperatingstatusforallportsonthe
switch.
config:Listsasubsetofconfigurationdataforallportsonthe
switch;thatis,foreachport,thedisplayshowswhethertheport
isenabled,theoperatingmode,andwhetheritisconfigured
forflowcontrol.
<port-list>:Showsasummaryofnetworktraffichandledbythe
specifiedports.
Anexampleoftheshowinterfacesbriefcommandisshownbelow.
Pr oCur ve( conf i g) # show i nt er f aces br i ef
| I nt r usi on MDI Fl ow Bcast
Por t Type | Al er t Enabl ed St at us Mode Mode Ct r l Li mi t
- - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 100/ 1000T | No Yes Down Aut o- 10- 100 Aut o of f 0
2 100/ 1000T | No Yes Down 1000FDx Aut o of f 0
Figure10-3.ExampleofshowinterfacesbriefCommandListing
Usetheshowinterfacesconfigcommandtoviewtheportsettings,asshown
below.
10-9

Pr oCur ve( conf i g) # show i nt er f aces conf i g
Por t Set t i ngs
Por t Type | Enabl ed Mode Fl ow Ct r l MDI
- - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 100/ 1000T Yes Aut o- 10- 100 Di sabl e Aut o
2 100/ 1000T Yes Aut o Di sabl e Aut o
Figure10-4.ExampleofashowinterfacesconfigCommandListing
Thedisplayoptioncanbeusedtoinitiatethedynamicupdateoftheshow
interfacescommandwiththeoutputbeingthesameastheshowinterfaces
command.WhenusingthedisplayoptionintheCLI,theinformationstayson
thescreenandisupdatedevery3seconds,asoccurswiththedisplayusing
themenufeature.TheupdateisterminatedwithCntl-C.
Youcanusethearrowkeystoscrollthroughthescreenwhentheoutputdoes
notfitinonescreen.
Syntax: showintdisplay
Initiatesthedynamicupdateofacommand.Theoutputisthe
sameastheequivalentshowcommand.Theinformationis
updatedevery3seconds.
Note:SelectBacktoexitthedisplay.
Forexample:
ProCurve#showintdisplay
10-10
Dynamicallyupdates
Figure10-5. ExampleofshowintdisplayCommandwithDynamicallyUpdatingOutput
ViewingPortUtilizationStatistics
Usetheshowinterfaceport-utilizationcommandtoviewareal-timeratedisplay
forallportsontheswitch.Thefollowingshowsasampleoutputfromthis
command.
Pr oCur ve( conf i g) # show i nt er f aces por t - ut i l i zat i on
St at us and Count er s - Por t Ut i l i zat i on
Rx Tx
Por t Mode | - - - - - - - - - - - - - - - - - - - - - - - - - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Kbi t s/ sec Pkt s/ sec Ut i l | Kbi t s/ sec Pkt s/ sec Ut i l
- - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - -
1 1000FDx | 0 0 0 | 0 0 0
2 1000FDx | 0 0 0 | 0 0 0
3 1000FDx | 0 0 0 | 0 0 0
4 1000FDx | 0 0 0 | 0 0 0
5 1000FDx | 0 0 0 | 0 0 0
6 1000FDx | 0 0 0 | 0 0 0
7 100FDx | 624 86 00. 62 | 496 0 00. 49
Figure10-6.ExampleofaShowInterfacePort-UtilizationCommandListing
10-11

OperatingNotes:
Foreachportontheswitch,thecommandprovidesareal-timedisplay
oftherateatwhichdataisreceived(Rx)andtransmitted(Tx)interms
ofkilobitspersecond(KBits/s),numberofpacketspersecond(Pkts/
s),andutilization(Util)expressedasapercentageofthetotalband-
widthavailable.
Theshowinterfaces<port-list>commandcanbeusedtodisplaythe
currentlinkstatusandtheportrateaverageovera5minuteperiod.
Portratesareshowninbitspersecond(bps)forportsupto1Gigabit;
for10Gigabitports,portratesareshowninkilobitspersecond
(Kbps).
ViewingTransceiverStatus
Theshowtechtransceiverscommandallowsyouto:
Remotelyidentifytransceivertypeandrevisionnumberwithouthaving
tophysicallyremoveaninstalledtransceiverfromitsslot.
Displayreal-timestatusinformationaboutallinstalledtransceivers,
includingnon-operationaltransceivers.
Figure10-7showssampleoutputfromtheshowtechtransceiverscommand.
Pr oCur ve# show t ech t r anscei ver s
Tr anscei ver Techni cal I nf or mat i on:
Por t # | Type | Pr od # | Ser i al # | Par t #
- - - - - - - +- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - - - - -
21 | 1000SX | J 4858B | CN605MP23K |
22 | 1000LX | J 4859C | H117E7X | 2157- 2345
23 | ?? | ?? | non oper at i onal |
25 | 10GbE- CX4 | J 8440A | US509RU079 |
26 | 100FX- sf p | J 9054B | CN702ZM043 | 1990- 3613
27 | 10GbE- LR | J 8437B | PPA02- 2904: 0017 | 2157- 2345
28 | 10GbE- SR | J 8436B | 01591602 | 2158- 1000
29 | 10GbE- ER | J 8438A | PPA03- 2905: 0001 |
The f ol l owi ng t r anscei ver s may not f unct i on cor r ect l y:
Por t # Message
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Por t 23 Sel f t est f ai l ur e.
Figure10-7. ExampleofShowTechTransceiversCommand
10-12
OperatingNotes:
Thefollowinginformationisdisplayedforeachinstalledtransceiver:
Portnumberonwhichtransceiverisinstalled.
Typeoftransceiver.
ProductnumberIncludesrevisionletter,suchasA,B,orC.Ifno
revisionletterfollowsaproductnumber,thismeansthatnorevision
isavailableforthetransceiver.
PartnumberAllowsyoutodeterminethemanufacturerforaspec-
ifiedtransceiverandrevisionnumber.
Foranon-ProCurveinstalledtransceiver(seeline23Figure10-7),no
transceivertype,productnumber,orpartinformationisdisplayed.Inthe
SerialNumberfield,non-operationalisdisplayedinsteadofaserialnum-
ber.
Thefollowingerrormessagesmaybedisplayedforanon-operational
transceiver:
Unsuppor t ed Tr anscei ver . ( Sel f Test Er r #060)
Check: www. hp. com/ r nd/ devi ce_hel p/ 2_i nf or mf or
mor e i nf o.
Thi s swi t ch onl y suppor t s r evi si on B and above
t r anscei ver s. Check: www. hp. com/ r nd/ devi ce_hel p/
2_i nf or mf or mor e i nf o.
Sel f t est f ai l ur e.
Tr anscei ver t ype not suppor t ed i n t hi s por t .
Tr anscei ver t ype not suppor t ed i n t hi s sof t war e
ver si on.
Not a Pr oCur ve Tr anscei ver . Pl ease go t o:
www. hp. com/ r nd/ devi ce_hel p/ 2_i nf or mf or mor e i nf o.
EnablingorDisablingPortsandConfiguringPortMode
Youcanconfigureoneormoreofthefollowingportparameters.
Syntax: [no]interface<port-list>
[<disable|enable>]
Disablesorenablestheportfornetworktraffic.Doesnot
usethenoformofthecommand.(Default:enable.)
10-13
[speed-duplex<auto-10|10-full|10-half|100-full|100-half|1000-full
|auto|auto100|auto-1000|auto10-100>]
Specifiestheportsdatatransferspeedandmode.Does
notusetheno formofthecommand.(Default:auto.)
Notethatintheabovesyntaxyoucansubstituteanintforinterface;that
is:int<port-list>.
The10/100auto-negotiationfeatureallowsaporttoestablishalinkwithaport
attheotherendateither10Mbpsor100Mbps,usingthehighestmutualspeed
andduplexmodeavailable.Onlythesespeedsareallowedwiththissetting.
Forexample,toconfigureport5forauto-10-100,enterthiscommand:
Pr oCur ve( conf i g) # i nt 5 speed- dupl ex aut o- 10- 100
Toconfigureports1through3andport6for100Mbpsfull-duplex,youwould
enterthesecommands:
Pr oCur ve( conf i g) # i nt 1- 3, 6 speed- dupl ex 100- f ul l
Similarly,toconfigureasingleportwiththeabovecommandsettings,you
couldeitherenterthesamecommandwithonlytheoneportidentified,orgo
tothecontextlevelforthatportandthenenterthecommand.Forexample,
toenterthecontextlevelforport6andthenconfigurethatportfor100FDx:
Pr oCur ve( conf i g) # i nt e 6
Pr oCur ve( et h- 6) # speed- dupl ex 100- f ul l
Ifport8wasdisabled,andyouwantedtoenableitandconfigureitfor100FDx
withflow-controlactive,youcoulddosowitheitherofthefollowingcom-
mandsets.
Thesecommandsenableandconfigure
port8fromtheconfiglevel:
Pr oCur ve( conf i g) # i nt 8 enabl e
Pr oCur ve( conf i g) # i nt 8 speed- dupl ex 100- f ul l
Pr oCur ve( conf i g) # i nt 8 f l ow- cont r ol
Pr oCur ve( conf i g) # i nt 8
Pr oCur ve( et h- 8) # enabl e
Pr oCur ve( et h- 8) # speed- dupl ex 100- f ul l
Thesecommandsselecttheport8
contextlevelandthenapplythe
subsequentconfigurationcommands
toport8:
Figure10-8.ExamplesofTwoMethodsforChangingaPortConfiguration
RefertoEnablingorDisablingFlowControlonpage10-15formoreonflow
control.
10-14
EnablingorDisablingFlowControl
Not e Youmustenableflowcontrolonbothportsinagivenlink.Otherwise,flow
controldoesnotoperateonthelink,andappearsasOffintheshowinterfaces
briefportlisting,evenifflowcontrolisconfiguredasenabledontheportin
theswitch.(RefertoFigure10-3onpage10-9.)Also,theport(speed-duplex)
modemustbesettoAuto(thedefault).
Todisableflowcontrolonsomeports,whileleavingitenabledonotherports,
justdisableitontheindividualportsyouwanttoexclude.
Syntax: [no]interface<port-list>flow-control
Enablesordisablesflowcontrolpacketsontheport.Theno
formofthecommanddisablesflowcontrolontheindividual
ports.(Default:Disabled.)
Forexample,supposethat:
1. Youwanttoenableflowcontrolonports7-11.
2. Later,youdecidetodisableflowcontrolonport11.
3. Asafinalstep,youwanttodisableflowcontrolonallports.
Assumingthatflowcontroliscurrentlydisabledontheswitch,youwoulduse
thesecommands:
10-15

Pr oCur ve( conf i g) # i nt 7- 10 f l ow- cont r ol
Pr oCur ve( conf i g) # show i nt br i ef
- - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6 100/ 1000T | No Yes Up 1000FDx Aut o of f 0
7- Tr k1 100/ 1000T | No Yes Up 1000FDx Aut o on 0
11 100/ 1000T | No Yes Up 1000FDx Aut o on 0
Figure10-9.ExampleofConfiguringFlowControlforaSeriesofPorts
Pr oCur ve( conf i g) # no i nt 11 f l ow- cont r ol
- - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Disablesper-portflow
controlonport11.
Figure10-10. ExampleContinuedfromFigure10-9
10-16

Pr oCur ve( conf i g) # no i nt 7- 10 f l ow- cont r ol
- - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7- Tr k1 100/ 1000T | No Yes Up 1000FDx Aut o of f 0
Figure10-11. ExampleContinuedfromFigure10-10
ConfiguringaBroadcastLimitontheSwitch
Broadcast-Limitonswitchescoveredinthisguideisconfiguredonaper-port
basis.Youmustbeattheportcontextlevelforthiscommandtowork,for
example:
Pr oCur ve( conf i g) #i nt B1
Pr oCur ve( i nt B1) # br oadcast - l i mi t 1
Broadcast-Limit.
Syntax: broadcast-limit<0-99>
Enablesordisablesbroadcastlimitingforoutbound
broadcastsonaselectedportontheswitch.Thevalueselected
isthepercentageoftrafficallowed,forexample,broadcast-limit
5allows5%ofthemaximumamountoftrafficforthatport.A
valueofzerodisablesbroadcastlimitingforthatport.
Note: Youmustswitchtoportcontextlevelbeforeissuingthe
broadcast-limitcommand.
Note: Thisfeatureisnotappropriatefornetworksrequiring
highlevelsofIPXorRIPbroadcasttraffic.
10-17
Syntax: showconfig
Displaysthestartup-configfile.Thebroadcastlimitsetting
appearshereifenabledandsavedtothestartup-configfile.
Syntax: showrunning-config
Displaystherunning-configfile.Thebroadcastlimitsetting
appearshereifenabled.Ifthesettingisnotalsosavedtothe
startup-configfile,rebootingtheswitchreturnsbroadcast
limittothesettingcurrentlyinthestartup-configfile.
Forexample,thefollowingcommandenablesbroadcastlimitingof1percent
ofthetrafficrateontheselectedportontheswitch:
Pr oCur ve( i nt B1) # br oadcast - l i mi t 1
ForaoneGbpsportthisresultsinabroadcasttrafficrateoftenMbps.
ConfiguringProCurveAuto-MDIX
Copperportsontheswitchcanautomaticallydetectthetypeofcableconfig-
uration(MDIorMDI-X)onaconnecteddeviceandadjusttooperateappro-
priately.
Thismeansyoucanuseastraight-throughtwisted-paircableoracross-
overtwisted-paircableforanyoftheconnectionstheportmakesthe
necessaryadjustmentstoaccommodateeitheroneforcorrectoperation.The
followingporttypesonyourswitchsupporttheIEEE802.3abstandard,which
includestheAutoMDI/MDI-Xfeature:
10/100-TXalmoduleports
100/1000-Talmoduleports
10/100/1000-Talmoduleports
Usingtheaboveports:
Ifyouconnectacopperportusingastraight-throughcableonaswitchto
aportonanotherswitchorhubthatusesMDI-Xports,theswitchport
automaticallyoperatesasanMDIport.
Ifyouconnectacopperportusingastraight-throughcableonaswitchto
aportonanendnode,suchasaserverorPC,thatusesMDIports,the
switchportautomaticallyoperatesasanMDI-Xport.
10-18
ProCurveAuto-MDIXwasdevelopedforauto-negotiatingdevices,andwas
sharedwiththeIEEEforthedevelopmentoftheIEEE802.3abstandard.
ProCurveAuto-MDIXandtheIEEE802.3abAutoMDI/MID-Xfeatureare
completelycompatible.Additionally,ProCurveAuto-MDIXsupportsopera-
tioninforcedspeedandduplexmodes.
IfyouwantmoreinformationonthissubjectpleaserefertotheIEEE802.3ab
StandardReference.
FormoreinformationonMDI-X,refertotheappendixtitledSwitchPortsand
NetworkCablesintheInstallationandGettingStartedGuideforyour
switch.
ManualOverride.IfyourequirecontrolovertheMDI/MDI-Xfeatureyoucan
settheswitchtoeitheroftwonon-defaultmodes:
ManualMDI
ManualMDI-X
Table10-4showsthecablingrequirementsfortheMDI/MDI-Xsettings.
Table10-4. CableTypesforAutoandManualMDI/MDI-XSettings
MDI/MDI-XDeviceType
Setting PCorOtherMDIDeviceType Switch,Hub,orOtherMDI-XDevice
ManualMDI CrossoverCable Straight-ThroughCable
ManualMDI-X Straight-ThroughCable CrossoverCable
Auto-MDI-X
(TheDefault)
EitherCrossoverorStraight-ThroughCable
TheAuto-MDIXfeaturesapplyonlytocopperportswitchesusingtwisted-pair
copperEthernetcables.
Syntax: interface<port-list>mdix-mode<auto-mdix|mdi|mdix>
auto-mdixistheautomatic,defaultsetting.Thisconfiguresthe
portforautomaticdetectionofthecable(eitherstraight-through
orcrossover).
mdiisthemanualmodesettingthatconfigurestheportfor
connectingtoeitheraPCorotherMDIdevicewithacrossover
cable,ortoaswitch,hub,orotherMDI-Xdevicewithastraight-
throughcable.
mdixisthemanualmodesettingthatconfigurestheportfor
connectingtoeitheraswitch,hub,orotherMDI-Xdevicewith
acrossovercable,ortoaPCorotherMDIdevicewithastraight-
throughcable.
10-19

Syntax: showinterfacesconfig
Liststhecurrentper-portAuto/MDI/MDI-Xconfiguration.
Syntax: showinterfacesbrief
Whereaportislinkedtoanotherdevice,thiscommandlists
theMDImodetheportiscurrentlyusing.Inthecaseofports
configuredforAuto(auto-mdix),theMDImodeappearsas
eitherMDIorMDIX,dependinguponwhichoptiontheporthas
negotiatedwiththedeviceontheotherendofthelink.Inthe
caseofportsconfiguredforMDIorMDIX,themodelistedin
thisdisplaymatchestheconfiguredsetting.Ifthelinkto
anotherdevicewasup,buthasgonedown,thiscommand
showsthelastoperatingMDImodetheportwasusing.Ifa
portonagivenswitchhasnotdetectedalinktoanotherdevice
sincethelastreboot,thiscommandliststheMDImodeto
whichtheportiscurrentlyconfigured.
Forexample,showinterfacesconfigdisplaysthefollowingdatawhenport1is
configuredforauto-mdix,port2isconfiguredformdi,andport3isconfigured
formdix.
Pr oCur ve( conf i g) # show i nt er f aces conf i g
Por t Set t i ngs
Por t Type | Enabl ed Mode Fl ow Ct r l MDI
- - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 100/ 1000T | Yes Aut o Di sabl e Aut o
2 100/ 1000T | Yes Aut o Di sabl e MDI
3 100/ 1000T | Yes Aut o Di sabl e MDI X
Per-PortMDI
Configuration
Figure10-12.ExampleofDisplayingtheCurrentMDIConfiguration
10-20

Per-PortMDIOperatingMode
- - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 100/ 1000T | No Yes Down 1000FDx MDI X of f 0
2 100/ 1000T | No Yes Down 100FDx MDI of f 0
3 100/ 1000T | No Yes Down 100FDx MDI X of f 0
Figure10-13.ExampleofDisplayingtheCurrentMDIOperatingMode
Web:ViewingPortStatusandConfiguringPort
Parameters
Inthewebbrowserinterface:
2. Clickon[PortConfiguration].
3. Selecttheportsyouwanttomodifyandclickon[ModifySelectedPorts].
4. Afteryoumakethedesiredchanges,clickon[ApplySettings].
Notethatthewebbrowserinterfacedisplaysanexistingporttrunkgroup.
However,toconfigureaporttrunkgroup,youmustusetheCLIorthemenu
interface.Formoreonthistopic,refertoChapter12,PortTrunking.
10-21
UsingFriendly(Optional)PortNames
ConfigureFriendlyPortNames StandardPort
Numbering
n/a page23 n/a
DisplayFriendlyPortNames n/a n/a page24 n/a
Thisfeatureenablesyoutoassignalphanumericportnamesofyourchoosing
toaugmentautomaticallyassignednumericportnames.Thismeansyoucan
configuremeaningfulportnamestomakeiteasiertoidentifythesourceof
informationlistedbysomeShowcommands.(Notethatthisfeatureaugments
portnumbering,butdoesnotreplaceit.)
ConfiguringandOperatingRulesforFriendlyPort
Names
Ateithertheglobalorcontextconfigurationlevelyoucanassignaunique
nametoaport.Youcanalsoassignthesamenametomultipleports.
Thefriendlyportnamesyouconfigureappearintheoutputoftheshow
name[port-list],showconfig,andshowinterface<port-number>commands.
TheydonotappearintheoutputofothershowcommandsorinMenu
interfacescreens.(RefertoDisplayingFriendlyPortNameswithOther
PortDataonpage10-24.)
FriendlyportnamesarenotasubstituteforportnumbersinCLIcom-
mandsorMenudisplays.
Trunkingportstogetherdoesnotaffectfriendlynamingfortheindividual
ports.(Ifyouwantthesamenameforallportsinatrunk,youmust
individuallyassignthenametoeachport.)
Afriendlyportnamecanhaveupto64contiguousalphanumericcharac-
ters.
Blankspaceswithinfriendlyportnamesarenotallowed,andifused,
causeaninvalidinputerror.(Theswitchinterpretsablankspaceasaname
terminator.)
Inaportlisting,notassignedindicatesthattheportdoesnothaveaname
assignmentotherthanitsfixedportnumber.
10-22
Toretainfriendlyportnamesacrossreboots,youmustsavethecurrent
running-configurationtothestartup-configfileafterenteringthefriendly
portnames.(IntheCLI,usethewritememorycommand.)
ConfiguringFriendlyPortNames
Syntax: interface<port-list>name<port-name-string>
Assignsaportnametoport-list.
Syntax: nointerface<port-list>name
Deletestheportnamefromport-list.
ConfiguringaSinglePortName.Supposethatyouhaveconnectedport
A3ontheswitchtoBillSmithsworkstation,andwanttoassignBillsname
andworkstationIPaddress(10.25.101.73)asaportnameforportA3:
Figure10-14.ExampleofConfiguringaFriendlyPortName
10-23
ConfiguringtheSameNameforMultiplePorts.Supposethatyouwant
touseportsA5throughA8asatrunkedlinktoaserverusedbyadrafting
group.InthiscaseyoumightconfigureportsA5throughA8withthename
Draft-Server:Trunk.
Figure10-15.ExampleofConfiguringOneFriendlyPortNameonMultiplePorts
DisplayingFriendlyPortNameswithOtherPortData
Youcandisplayfriendlyportnamedatainthefollowingcombinations:
showname:Displaysalistingofportnumberswiththeircorresponding
friendlyportnamesandalsoquicklyshowsyouwhichportsdonothave
friendlynameassignments.(shownamedatacomesfromtherunning-
configfile.)
showinterface<port-number>:Displaysthefriendlyportname,ifany,along
withthetrafficstatisticsforthatport.(Thefriendlyportnamedatacomes
fromtherunning-configfile.)
showconfig:Includesfriendlyportnamesintheper-portdataofthe
resultingconfigurationlisting.(showconfigdatacomesfromthestartup-
configfile.)
ToListAllPortsorSelectedPortswithTheirFriendlyPortNames.
Thiscommandlistsnamesassignedtoaspecificport.
10-24
Syntax: showname[port-list]
Liststhefriendlyportnamewithitscorrespondingport
numberandporttype.Theshownamecommandwithoutaport
listshowsthisdataforallportsontheswitch.
Forexample:
Friendlyportnames
assignedinprevious
examples.
PortsWithout
Friendly
Figure10-16.ExampleofFriendlyPortNameDataforAllPortsontheSwitch
PortWithoutaFriendly
Name
Friendlyportnames
assignedinprevious
examples.
Figure10-17.ExampleofFriendlyPortNameDataforSpecificPortsontheSwitch
IncludingFriendlyPortNamesinPer-PortStatisticsListings. A
friendlyportnameconfiguredtoaportisautomaticallyincludedwhenyou
displaytheportsstatisticsoutput.
10-25
Syntax: showinterface<port-number>
Includesthefriendlyportnamewiththeportstrafficstatistics
listing.
Forexample,ifyouconfigureportA1withthenameOConnor_10.25.101.43,
theshowinterfaceoutputforthisportappearssimilartothefollowing:
FriendlyPort
Name
Figure10-18.ExampleofaFriendlyPortNameinaPer-PortStatisticsListing
Foragivenport,ifafriendlyportnamedoesnotexistintherunning-config
file,theNamelineintheabovecommandoutputappearsas:
Name : not assi gned
ToSearchtheConfigurationforPortswithFriendlyPortNames.
Thisoptiontellsyouwhichfriendlyportnameshavebeensavedtothestartup-
configfile.(showconfigdoesnotincludeportsthathaveonlydefaultsettings
inthestartup-configfile.)
Syntax: showconfig
Includesfriendlyportnamesinalistingofallinterfaces(ports)
configuredwithnon-defaultsettings.Excludesportsthathave
neitherafriendlyportnamenoranyothernon-default
configurationsettings.
10-26
Forexample,ifyouconfigureportA1withafriendlyportname:
Figure10-19.ExampleListingoftheStartup-ConfigFilewithaFriendlyPortNameConfigured(andSaved)
Thiscommandsequence
savesthefriendlyportname
forportA1inthestartup-
configfile.Thenameentered
forportA2isnotsaved
becauseitwasexecutedafter
writememory.
Inthiscase,showconfiglists
onlyportA1.Executingwrite
memafterenteringthenamefor
portA2,andthenexecuting
showconfigagainwouldresult
inalistingthatincludesboth
ports.
Listingincludesfriendly
portnameforportA1
only.
BeenInserted
Transceivers
Previously,aporthadtobevalidandverifiedfortheswitchtoallowittobe
configured.Transceiversareremovableportsandconsideredinvalidwhen
notpresentintheswitch,sotheycannotbeconfiguredunlesstheyarealready
intheswitch.Forswitchescoveredinthisguide,theverificationforallowable
portconfigurationsperformedbytheCLIisremovedandconfigurationof
transceiversisallowedeveniftheyarenotyetinsertedintheswitch.
Modules
Youcancreateoreditconfigurationfiles(astextfiles)thatcanbeuploaded
totheswitchwithoutthemoduleshavingbeeninstalledyet.Additionally,you
canpre-configurethemoduleswiththeCLImodulecommand.
10-27
Syntax: module<module-num>type<module-type>
Allowsyoutoconfigurethetypeofthemodule.
Thesamemodulecommandusedinanuploadedconfigurationfileisusedto
defineamodulethatisbeingpre-configured.Thevalidationperformedwhen
issuedthroughtheCLIisstillperformedjustasifthecommandwasexecuted
ontheswitch,inotherwords,asifthemodulewereactuallypresentinthe
switch.
Not e Youcannotusethismethodtochangetheconfigurationofamodulethathas
alreadybeenconfigured.Theslotmustbeemptyandtheconfigurationfile
mustnothaveaconfigurationassociatedwithit.
10-28
Uni-directionalLinkDetection(UDLD)monitorsalinkbetweentwoProCurve
switchesandblockstheportsonbothendsofthelinkifthelinkfailsatany
pointbetweenthetwodevices.Thisfeatureisparticularlyusefulfordetecting
failuresinfiberlinksandtrunks.Figure10-20showsanexample.
Scenario1(NoUDLD):WithoutUDLD,theswitchports
remainenableddespitethelinkfailure.Trafficcontinuesto
beload-balancedtotheportsconnectedtothefailedlink.
Scenario2(UDLD-enabled):WhenUDLDisenabled,the
featureblockstheportsconnectedtothefailedlink.
Fiber
ProCurve
Switch
LinkFailure
ThirdParty
Switch
ProCurve
Switch
Trunk
ThirdParty
Switch
ProCurve
Switch
ThirdParty
Switch
Figure10-20. UDLDExample
Inthisexample,eachProCurveswitchloadbalancestrafficacrosstwoports
inatrunkgroup.WithouttheUDLDfeature,alinkfailureonalinkthatisnot
directlyattachedtooneoftheProCurveswitchesremainsundetected.Asa
result,eachswitchcontinuetosendtrafficontheportsconnectedtothefailed
link.WhenUDLDisenabledonthetrunkportsoneachProCurveswitch,the
switchesdetectthefailedlink,blocktheportsconnectedtothefailedlink,
andusetheremainingportsinthetrunkgrouptoforwardthetraffic.
Similarly,UDLDiseffectiveformonitoringfiberopticlinksthatusetwouni-
directionfiberstotransmitandreceivepackets.WithoutUDLD,ifafiber
breaksinonedirection,afiberportmayassumethelinkisstillgood(because
theotherdirectionisoperatingnormally)andcontinuetosendtrafficonthe
10-29
connectedports.UDLD-enabledports;however,willpreventtrafficfrom
beingsentacrossabadlinkbyblockingtheportsintheeventthateitherthe
individualtransmitterorreceiverforthatconnectionfails.
PortsenabledforUDLDexchangehealth-checkpacketsonceeveryfive
seconds(thelink-keepaliveinterval).Ifaportdoesnotreceiveahealth-check
packetfromtheportattheotherendofthelinkwithinthekeepaliveinterval,
theportwaitsforfourmoreintervals.Iftheportstilldoesnotreceiveahealth-
checkpacketafterwaitingforfiveintervals,theportconcludesthatthelink
hasfailedandblockstheUDLD-enabledport.
WhenaportisblockedbyUDLD,theeventisrecordedintheswitchlogor
viaanSNMPtrap(ifconfigured);andotherportblockingprotocols,like
spanningtreeormeshing,willnotusethebadlinktoloadbalancepackets.
Theportwillremainblockeduntilthelinkisunplugged,disabled,orfixed.
TheportcanalsobeunblockedbydisablingUDLDontheport.
ConfiguringUDLD
WhenconfiguringUDLD,keepthefollowingconsiderationsinmind:
UDLDisconfiguredonaper-portbasisandmustbeenabledatboth
endsofthelink.SeethenotebelowforalistofProCurveswitches
thatsupportUDLD.
ToconfigureUDLDonatrunkgroup,youmustconfigurethefeature
oneachportofthegroupindividually.ConfiguringUDLDonatrunk
groupsprimaryportenablesthefeatureonthatportonly.
Dynamictrunkingisnotsupported.Ifyouwanttoconfigureatrunk
groupthatcontainsportsonwhichUDLDisenabled,youmust
removetheUDLDconfigurationfromtheports.Afteryoucreatethe
trunkgroup,youcanre-addtheUDLDconfiguration.
Not e UDLDinteroperateswiththefollowingProCurveswitchseries:2600,2800,
2900,2910,3400,3500,4200,5300,5400,6200,6400,8212,and9300.Consult
thereleasenotesandcurrentmanualsforrequiredsoftwareversions
10-30
ThefollowingcommandsallowyoutoconfigureUDLDviatheCLI.
Syntax:[no]interface<port-list>link-keepalive
EnablesUDLDonaportorrangeofports.
Todisablethefeature,enterthenoformofthecommand.
Default:UDLDdisabled
Syntax:link-keepaliveinterval<interval>
DeterminesthetimeintervaltosendUDLDcontrolpackets.The
<interval>parameterspecifieshowoftentheportssendaUDLD
packet.Youcanspecifyfrom10100,in100msincrements,
where10is1second,11is1.1seconds,andsoon.
Default:50(5seconds)
Syntax:link-keepaliveretries<num>
DeterminesthemaximumnumberofretriestosendUDLD
controlpackets.The<num>parameterspecifiesthemaximum
numberoftimestheportwilltrythehealthcheck.Youcanspecify
avaluefrom310.
Default:5
Syntax:[no]interface<port-list>link-keepalivevlan<vid>
AssignsaVLANIDtoaUDLD-enabledportforsendingoftagged
UDLDcontrolpackets.Underdefaultsettings,untaggedUDLD
packetscanstillbetransmittedandreceivedontaggedonly
portshowever,awarningmessagewillbelogged.
ThenoformofthecommanddisablesUDLDonthespecified
port(s).
Default:UDLDpacketsareuntagged;taggedonlyportswill
transmitandreceiveuntaggedUDLDcontrolpackets
EnablingUDLD
UDLDisenabledonaperportbasis.Forexample,toenableUDLDonport
a1,enter:
Pr oCur ve( conf i g) #i nt er f ace al l i nk- keepal i ve
Toenablethefeatureonatrunkgroup,entertheappropriateportrange.For
example:
Pr oCur ve( conf i g) #i nt er f ace al - a4 l i nk- keepal i ve
10-31
Not e WhenatleastoneportisUDLD-enabled,theswitchwillforwardoutUDLD
packetsthatarriveonnon-UDLD-configuredportsoutofallothernon-UDLD-
configuredportsinthesamevlan.Thatis,UDLDcontrolpacketswillpass
throughaportthatisnotconfiguredforUDLD.However,UDLDpacketswill
bedroppedonanyblockedportsthatarenotconfiguredforUDLD.
ChangingtheKeepaliveInterval
Bydefault,portsenabledforUDLDsendalinkhealth-checkpacketonceevery
5seconds. Youcanchangetheintervaltoavaluefrom10100deciseconds,
where10is1second,11is1.1seconds,andsoon.Forexample,tochange
thepacketintervaltosevenseconds,enterthefollowingcommandatthe
globalconfigurationlevel:
Pr oCur ve( conf i g) # l i nk- keepal i ve i nt er val 70
ChangingtheKeepaliveRetries
Bydefault,aportwaitsfivesecondstoreceiveahealth-checkreplypacket
fromtheportattheotherendofthelink.Iftheportdoesnotreceiveareply,
theporttriesfourmoretimesbysendinguptofourmorehealth-check
packets.Iftheportstilldoesnotreceiveareplyafterthemaximumnumber
ofretries,theportgoesdown.
Youcanchangethemaximumnumberofkeepaliveattemptstoavaluefrom
310.Forexample,tochangethemaximumnumberofattemptsto4,enter
thefollowingcommandattheglobalconfigurationlevel:
Pr oCur ve( conf i g) # l i nk- keepal i ve r et r i es 4
ConfiguringUDLDforTaggedPorts
ThedefaultimplementationofUDLDsendstheUDLDcontrolpackets
untagged,evenacrosstaggedports.IfanuntaggedUDLDpacketisreceived
byanon-ProCurveswitch,thatswitchmayrejectthepacket.Toavoidsuch
anoccurrence,youcanconfigureportstosendoutUDLDcontrolpacketsthat
aretaggedwithaspecifiedVLAN.
ToenableportstoreceiveandsendUDLDcontrolpacketstaggedwitha
specificVLANID,enteracommandsuchasthefollowingattheinterface
configurationlevel:
Pr oCur ve( conf i g) #i nt er f ace l l i nk- keepal i ve vl an 22
10-32
Not es YoumustconfigurethesameVLANsthatwillbeusedforUDLDon
alldevicesacrossthenetwork;otherwise,theUDLDlinkcannotbe
maintained.
IfaVLANIDisnotspecified,thenUDLDcontrolpacketsaresentout
oftheportasuntaggedpackets.
Tore-assignaVLANID,re-enterthecommandwiththenewVLANID
number.Thenewcommandwilloverwritethepreviouscommand
setting.
WhenconfiguringUDLDfortaggedports,youmayreceiveawarning
messageifthereareanyinconsistencieswiththeportsVLANconfig-
uration(seepage36forpotentialproblems).
ViewingUDLDInformation
ThefollowingshowcommandsallowyoutodisplayUDLDconfigurationand
statusviatheCLI.
Syntax:showlink-keepalive
Displaysalltheportsthatareenabledforlink-keepalive.
Syntax:showlink-keepalivestatistics
DisplaysdetailedstatisticsfortheUDLD-enabledportsonthe
switch.
Syntax:clearlink-keepalivestatistics
ClearsUDLDstatistics.Thiscommandclearsthepacketssent,
packetsreceived,andtransitionscountersintheshowlink-
keepalivestatisticsdisplay.
10-33

unt agged
TodisplaysummaryinformationonallUDLD-enabledports,entertheshow
link-keepalivecommand.Forexample:
Pr oCur ve( conf i g) # show l i nk- keepal i ve
Tot al l i nk- keepal i ve enabl ed por t s: 4
Port5hasbeendisabledby
theSystemAdministrator.
Keepal i ve Ret r i es: 3 Keepal i ve I nt er val : 1 sec
Por t Enabl ed Physi cal Keepal i ve Adj acent UDLD
St at us St at us Swi t ch VLAN
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 Yes up up 00d9d- f 9b700 200
2 Yes up up 01560- 7b1600
3 Yes down of f - l i ne
4 Yes up f ai l ur e
5 No down of f - l i ne
Port4isconnected,butisblocked
duetoalink-keepalivefailure
Port1is UDLD-enabled,and
taggedforaspecificVLAN.
Port3is UDLD-enabled,but
hasnophysicalconnection.
Figure10-21.ExampleofShowLink-KeepaliveCommand
TodisplaydetailedUDLDinformationforspecificports,entertheshowlink-
keepalivestatisticscommand.
10-34

Ports1and2areUDLD-enabledandshow
thenumberofhealthcheckpacketssent
andreceivedoneachport.
Pr oCur ve( conf i g) # show l i nk- keepal i ve st at i st i cs
Por t :
Por t :
Por t Bl ocki ng: no Li nk- vl an: 200
Por t : 3
1
Cur r ent St at e: up Nei ghbor MAC Addr : 0000a1- b1c1d1
Udl d Packet s Sent : 1000 Nei ghbor Por t : 5
Udl d Packet s Recei ved: 1000 St at e Tr ansi t i ons: 2
2
Cur r ent St at e: up Nei ghbor MAC Addr : 000102- 030405
Udl d Packet s Sent : 500 Nei ghbor Por t : 6
Cur r ent St at e: of f l i ne Nei ghbor MAC Addr : n/ a
Udl d Packet s Sent : 0 Nei ghbor Por t : n/ a
Por t : 4
Cur r ent St at e: f ai l ur e Nei ghbor MAC Addr : n/ a
Udl d Packet s Sent : 128 Nei ghbor Por t : n/ a
Por t Bl ocki ng: yes Li nk- vl an: 1
Port4isshownasblocked
duetoalink-keepalivefailure
Figure10-22.ExampleofShowLink-KeepaliveStatisticsCommand
ToclearUDLDstatistics,enterthefollowingcommand:
Pr oCur ve# cl ear l i nk- keepal i ve st at i st i cs
Thiscommandclearsthepacketssent,packetsreceived,andtransitions
countersintheshowlinkkeepalivestatisticsdisplay(seeFigure10-22foran
example).
10-35
ConfigurationWarningsandEventLogMessages
WarningMessages.Thefollowingtableshowsthewarningmessagesthat
maybeissuedandtheirpossiblecauses,whenUDLDisconfiguredfortagged
ports.
Table10-5. WarningMessagescausedbyconfiguringUDLDforTaggedPorts
CLICommandExample WarningMessage PossibleProblem
l i nk- keepal i ve 6 Possi bl e conf i gur at i on
l i nk- keepal i ve 7
vl an 4
no vl an 22 t agged
20
pr obl emdet ect ed on por t
6. UDLD VLAN
conf i gur at i on does not
mat ch t he por t ' s VLAN
conf i gur at i on.
Possi bl e conf i gur at i on
7. UDLD VLAN
conf i gur at i on.
Possi bl e conf i gur at i on
18. UDLD VLAN
conf i gur at i on.
YouhaveattemptedtoenableUDLDonaportthatis
ataggedonlyport,butdidnotspecifyaconfiguration
fortaggedUDLDcontrolpackets.Inthisexample,the
switchwillsendandreceivetheUDLDcontrol
packetsuntaggeddespiteissuingthiswarning.
YouhaveattemptedtoconfiguretaggedUDLD
packetsonaportthatdoesnotbelongtothespecified
VLAN.Inthisexample,ifport7belongstoVLAN1and
22,buttheusertriestoconfigureUDLDonport7to
sendtaggedpacketsinVLAN4,theconfigurationwill
beaccepted.TheUDLDcontrolpacketswillbesent
taggedinVLAN4,whichmayresultintheportbeing
blockedbyUDLDiftheuserdoesnotconfigureVLAN
4onthisport.
YouhaveattemptedtoremoveaVLANonportthatis
configuredfortaggedUDLDpacketsonthatVLAN.In
thisexample,ifport18,19,and20aretransmittingand
receivingtaggedUDLDpacketsforVlan22,butthe
usertriestoremoveVlan22onport20,the
configurationwillbeaccepted.Inthiscase,theUDLD
packetswillstillbesentonVlan20,whichmayresult
intheportbeingblockedbyUDLDiftheusersdonot
changetheUDLDconfigurationonthisport.
Note:IfyouareconfiguringtheswitchviaSNMPwiththesameproblematicVLANconfigurationchoices,theabove
warningmessageswillalsobeloggedintheswitchseventlog.
EventLogMessages.Thefollowingtableshowstheeventlogmessagesthat
maybegeneratedonceUDLDhasbeenenabledonaport.
Table10-6. UDLDEventLogMessages
Message Event
I 01/ 01/ 06 04: 25: 05 por t s: por t 4 i s AUDLD-enabledporthasbeenblockedduetopartofthelink
deact i vat ed due t o l i nk f ai l ur e.
havingfailed.
I 01/ 01/ 06 06: 00: 43 por t s: por t 4 i s AfailedlinkhasbeenrepairedandtheUDLD-enabledport isno
up, l i nk st at us i s good.
longerblocked.
10-36
11
Contents
IntroductiontoPoE+ ......................................... 11-3
RelatedPublications ........................................ 11-3
PoETerminology........................................... 11-4
PoEOperation ............................................... 11-5
ConfigurationOptions ...................................... 11-5
PDSupport ................................................ 11-6
PowerPriorityOperation ............. ....................... 11-7
ConfiguringPoEOperation ................................... 11-7
DisablingorRe-EnablingPoEPortOperation .................. 11-8
ConfiguringthePoEPortPriorityLevel ....................... 11-8
EnablingSupportforPre-StandardDevices ................... 11-10
ControllingPoEAllocation ................................. 11-10
ManuallyConfiguringPoEPowerLevels...................... 11-11
ChangingtheThresholdforGeneratingaPowerNotice ......... 11-13
PoEwithLLDP .............................................. 11-14
Overview................................................. 11-14
PoEAllocation ............................................ 11-14
EnablingAdvertisementofPoeTLVs ......................... 11-15
DisplayingPoEWhenUsingLLDPInformation................ 11-16
DisplayingLLDPPortConfiguration ...................... 11-16
DisplayingLocalDevicePowerInformation ............... 11-16
DisplayingRemotePowerInformation .................... 11-17
DisplayingtheGlobalPoEStatus ............................ 11-20
DisplayingPoEStatusonAllPorts ........................... 11-21
DisplayingthePoEStatusonSpecificPorts ................... 11-23
PlanningandImplementingaPoEConfiguration.............. 11-26
AssigningPoEPortstoVLANs .............................. 11-26
11-1
Contents
ApplyingSecurityFeaturestoPoEConfigurations ............. 11-26
AssigningPriorityPoliciestoPoETraffic ..................... 11-27
PoEEventLogMessages ................................... 11-28
InformationalPoEEvent-LogMessages ................. 11-28
Warning PoEEvent-LogMessages ...................... 11-28
11-2
IntroductiontoPoE+
IntroductiontoPoE+
PoEtechnologyallowsIPtelephones,wirelessLANaccesspoints,andother
appliancestoreceivepowerandtransferdataoverethernetLANcabling.
Usinganavailablepowersupplyof382watts,PoEcandeliverupto15.4
wattsofpowerto24PoEportsovercategory3cabling.PoE+candeliverup
to30wattsofpowerto12PoE+portsovercategory5cabling.PoE+also
supportsdeliveryofPoEpowerconcurrentlywith10/100/1000Gbpsofdata
transmission.
Additionally,PoE+providesmorepower-managementcapability,allowingthe
switchtohavemorepoweravailableformorePDs.Powercanbeallocated
exactlyandautomaticallyaccordingtowhatthePDactuallyrequiresatagiven
time.
RelatedPublications
ThischapterintroducesgeneralPoEoperation,PoEconfigurationandmon-
itoringcommands,andEventLogmessagesrelatedtoPoEoperation.
TohelpyouplanandimplementaPoEsysteminyournetwork,refertothe
PoEPlanningandImplementationGuide,whichisavailableonthePro-
CurveNetworkingwebsiteatwww.procurve.com.(ClickonCustomerCare,
thenManuals.)
ThelatestversionofanyProCurveproductguideisalwaysontheProCurve
Networkingwebsite.RefertoGettingDocumentationFromtheWebon
page1-6.
11-3
IntroductiontoPoE+
PoETerminology
Term UseinthisManual
activePoEport APoEportconnectedtoaPDrequestingpower.
DTE DataTerminalEquipment
MPS MaintenancePowerSignature;thesignalaPDsendstotheswitchto
indicatethatthePDisconnectedandrequirespower.
Oversubscribed ThestatewheretherearemorePDsrequestingPoEpowerthancanbe
accommodated.
PD PoweredDevice.ThisisanIEEE802.3at-compliantdevicethatreceivesits
powerthroughadirectconnectiontoaGig-TPoEportinaPoEdevice.
ExamplesofPDsincludeVoice-over-IP(VoIP)telephones,wirelessaccess
points,andremotevideocameras.
PoE Power-Over-Ethernet;themethodbywhichPDsreceivepower(operates
accordingtothe802.3afstandard).Somepre-standardPoEdevicesare
alsosupported;refertotheFAQsforyourswitchmodel.
PoE+ Power-over-EthernetPlus;themethodbywhichPDsreceivepower
accordingtothe802.3atstandard.Itisbackwardcompatiblewithdevices
usingthe803.3afstandard.
port-number
priority
Referstothetypeofpowerprioritizationwhere,withinapriorityclass,PoE
assignsthehighestprioritytothelowest-numberedport,thesecond-
highestprioritytothesecondlowest-numberedport,andsoon.Notethat
powerpriorityrulesapplyonlyifPoEprovisioningbecomes
oversubscribed.
priorityclass ReferstothetypeofpowerprioritizationthatusesLow(thedefault),High,
andCriticalpriorityassignmentstodeterminewhichgroupsofportswill
receivepower.NotethatpowerpriorityrulesapplyonlyifPoEprovisioning
becomesoversubscribed.
PSE Power-SourcingEquipment.ThePSEcansupply15.4wattsofPoEpower
to24PoEportsor30wattsofpowerto12PoE+ports.
11-4
PoEOperation
PoEOperation
Not e YoucanconnecteitheraPoEdevice(PD)oranon-PoEdevicetoaport
configuredforPoEoperation.
Usingthecommandsdescribedinthischapter,youcan:
Configureanon-defaultpowerthresholdforSNMPandEventLog
reportingofPoEconsumptiononallPoEportsontheswitch.
SpecifytheportpriorityyouwanttouseforprovisioningPoEpower
intheeventthatthePoEresourcesbecomeoversubscribed.
EnableordisablePoEoperationonindividualports.
MonitorPoEstatusandperformance.
APSEdetectsthepowerneededbyaPDbeforesupplyingthatpower,a
detectionphasereferredtoassearching.IfthePSEcantsupplytherequired
amountofpower,itdoesnotsupplyanypower.APSEwillnotsupplyany
powertoaPDunlessthePSEhasatleast15.4Wavailable.Forexample,ifa
PSEhasamaximumavailablepowerof382Wandisalreadysupplying378W,
andisthenconnectedtoaPDrequiring10W,thePSEwillnotsupplypower
tothePD.
Not e ThePSEoutputmaximumislimitedtoahighervaluethan15.4W.Thismay
affecthowmuchpowermustbeinreservebeforeadetectedPDissupplied
withpower.Forexample,ifthemaximumis20W,then20Wmustbecurrently
availableforadetectedPDtobesuppliedwithpower.Thiscanreducethe
numberofPDsthatcanbepoweredbytheswitch.
ConfigurationOptions
Inthedefaultconfiguration,allGig-TportsinaProCurveswitchcoveredin
thisguideareconfiguredtosupportPoEoperation.Youcan:
Disableorre-enableper-portPoEoperationonindividualportsto
helpcontrolpowerusageandavoidoversubscribingPoEresources.
11-5
PoEOperation
Configureper-portpriorityforallocatingpowerincasepoweris
oversubscribed.Powerforsomelower-priorityportsisdroppedto
supportthedemandonother,higher-priorityports.
Configureaglobalpowerthreshold.Thissettingactsasatriggerfor
sendinganoticewhenthePoEpowerconsumptioncrossesthe
configuredglobalthresholdlevel.(Crossingthethresholdlevelin
eitherdirectionPoEpowerusageeitherincreasingor
decreasingtriggersthenotice.)Thedefaultsettingis80%.
Not e TheportssupportstandardnetworkinglinksandPoElinks.Youcanconnect
eitheranon-PoEdeviceoraPDtoaportenabledforPoEwithoutreconfig-
uringtheport.
PDSupport
Theinternalpowersupplyfortheswitchescoveredinthisguideprovidesup
to382wattsofpower.Dependingontheamountofpowerthepowersupply
devicedeliverstoPoEports,theremayormaynotalwaysbeenoughpower
availabletoconnectandsupportPoEoperationonall24Gig-Tports.Whena
newPDconnectstoaPoEportandthereisnotenoughpowerlefttoallocate
tothatport:
IfthenewPDconnectstoaportXhavingahigherPoEprioritythan
anotherportYthatisalreadysupportinganotherPD,thenthepower
isremovedfromportYanddeliveredtoportX.Inthiscasethe
PDonportYlosespowerandthePDonportXreceivespower.
IfthenewPDconnectstoaportXhavingalowerprioritythanall
otherPoEportscurrentlyprovidingpowertoPDs,thenpowerisnot
suppliedtoportXuntiloneormorePDsusinghigherpriorityports
areremoved.
Inthedefaultconfiguration(usage),whenaPDconnectstoaPoEportand
beginsoperating,theportretainsonlyenoughPoEpowertosupportthePDs
operation.UnusedpowerbecomesavailableforsupportingotherPDconnec-
tions.However,ifyouconfigurethepoe-allocate-byoptiontoeithervalueor
class,thenallofthepowerconfiguredisallocatedtotheport.
DisconnectingaPDfromaPoEportcausestheswitchtostopprovidingPoE
powertothatportandmakesthepoweravailabletoanyotherPoEportsthat
havePDsconnectedandwaitingforpower.IfthePDdemandforpower
becomesgreaterthanthePoEpoweravailable,thenpoweristransferredfrom
thelower-priorityportstothehigher-priorityports.(Portsnotcurrently
providingpowertoPDsarenotaffected.)
11-6
ConfiguringPoEOperation
PowerPriorityOperation
IfaPSEcanprovidepowerforallconnectedPDdemand,itdoesnotuseits
powerprioritysettingstoallocatepower.However,ifthePDpowerdemand
oversubscribestheavailablepower,thenthepowerallocationisprioritized
totheportsthatpresentaPDpowerdemand.Thiscausesthelossofpower
fromoneormorelower-priorityportstomeetthepowerdemandonother,
higher-priorityports.Thisoperationoccursregardlessoftheorderinwhich
PDsconnecttotheportsenabledforPoE.
TherearetwowaysthatPoEpowerisprioritized:
Usingapriorityclassmethod,apowerpriorityofLow(thedefault),
High,orCriticalisassignedtoeachenabledPoEport.SeeConfiguring
thePoEPortPriorityLevelonpage11-8.
Usingaport-numberprioritymethod,alower-numberedporthas
priorityoverahigher-numberedportwithinthesameconfigured
priorityclass,forexample,port1haspriorityoverport5ifbothare
configuredwithHighpriority.
Inthedefaultconfiguration,PoEsupportisenabledontheGig-Tports.The
defaultpriorityforallportsisLowandthedefaultpowernotificationthreshold
is80(%).UsingtheCLI,youcanperformthefunctionsshownintable11-1.
Table11-1. PoEFunctionsandCommands
Function Command
ChangethePoEprioritylevelon
individualPoEports
interface<port-list>power-over-ethernet
[critical|high|low]
Disableorre-enablePoEoperationon
individualPoEports
[no]interface<port-list>power-over-ethernet
Changethethresholdforgeneratinga
powerlevelnotice
power-over-ethernetthreshold<1-99>
11-7
DisablingorRe-EnablingPoEPortOperation
Syntax:[no]interface<port-list>power-over-ethernet
Re-enablesPoEoperationon<port-list>andrestoresthepriority
settingineffectwhenPoEwasdisabledon<port-list>.Thenoform
ofthecommanddisablesPoEoperationon<port-list>.(Default:
AllPoEareinitiallyenabledforPoEoperationatLowpriority.
Ifyouconfigureahigherpriority,thispriorityisretaineduntil
youchangeit.)
TocyclethepoweronaPDreceivingpowerfromaPoEportontheswitch,
disable,thenre-enablethepowertothatport.Forexample,tocyclethepower
onaPoEdeviceconnectedtoport1:
Pr oCur ve( conf i g) # no i nt er f ace 1 power - over - et her net
Pr oCur ve( conf i g) # i nt er f ace 1 power - over - et her net
ConfiguringthePoEPortPriorityLevel
Usingapriorityclassmethod,youcanassignapowerpriorityofLow(the
default),High,orCriticaltoeachenabledPoEport.
Syntax: interface<port-list>power-over-ethernet[critical|high|low]
ReconfiguresthePoEprioritylevelon<port-list>.Foragivenlevel,
portsareprioritizedbyportnumberinascendingorder.For
example,ifports1-24haveaprioritylevelofcritical,port1has
priorityoverports2-24.
IfthereisnotenoughpoweravailabletoprovisionallactivePoE
portsatagivenprioritylevel,thenthelowest-numberedportwill
beprovisionedfirst.PoEprioritiesareinvokedonlywhenall
activePoEportscannotbeprovisioned(suppliedwithPoE
power).
Critical:Specifiesthehighest-priorityPoEsupportfor
<port-list>.TheactivePoEportsatthislevelareprovisioned
beforethePoEportsatanyotherlevelareprovisioned.
High:SpecifiesthesecondpriorityPoEsupportfor
beforetheLowpriorityPoEportsareprovisioned.
Low:(thedefault):SpecifiesthethirdpriorityPoEsupportfor
onlyifthereispoweravailableafterprovisioninganyactive
PoEportsatthehigherprioritylevels.
11-8
Table11-2showssomeexamplesofPoEpriorityconfiguration.
Table11-2. ExampleofPoEPriorityOperation
Port Priority
Setting
ConfigurationCommand
1
andResultingOperation
withPDsconnectedtoPorts3Through24
3-17 Critical Inthisexample,thefollowingCLIcommandsetsports3-17toCritical:
Pr oCur ve( conf i g) # i nt er f ace 3- 17 power - over - et her net
cr i t i cal
TheCriticalpriorityclassalwaysreceivespower.Ifthereisnotenoughpowertoprovision
PDsonalloftheportsconfiguredforthisclass,thennopowergoestoportsconfiguredfor
HighandLowpriority.IfthereisenoughpowertoprovisionPDsononlysomeofthecritical-
priorityports,thenpowerisallocatedtotheseportsinascendingorder,beginningwiththe
lowest-numberedportintheclass,which,inthiscase,isport3.
19-22 High Inthisexample,thefollowingCLIcommandsetsports19-22toHigh:
Pr oCur ve( conf i g) # i nt er f ace 19- 22 power - over - et her net hi gh
TheHighpriorityclassreceivespoweronlyifallPDsonportswithaCriticalprioritysetting
arereceivingpower.IfthereisnotenoughpowertoprovisionPDsonallportswithahigh
priority,thennopowergoestoportswithalowpriority.Ifthereisenoughpowertoprovision
PDsononlysomeofthehigh-priorityports,thenpowerisallocatedtotheseportsin
ascendingorder,beginning,inthisexample,withport18,untilallavailablepowerisinuse.
23-24 Low Inthisexample,theCLIcommandsetsports23-24toLow
2
:
Pr oCur ve( conf i g) # i nt er f ace 23- 24 power - over - et her net l ow
ThispriorityclassreceivespoweronlyifallPDsonportswithHighandCriticalpriority
settingsarereceivingpower.IfthereisenoughpowertoprovisionPDsononlysomelow-
priorityports,thenpowerisallocatedtotheportsinascendingorder,beginningwiththe
lowest-numberedportintheclass(port23,inthiscase),untilallavailablepowerisinuse.
1-2 -n/a- Inthisexample,theCLIcommanddisablesPoEpoweronports1-2:
Pr oCur ve( conf i g) # no i nt er f ace 1- 2 power - over - et her net
Thereisnoprioritysettingfortheportsinthisexample.
1
ForalistingofPoEconfigurationcommands,withdescriptions,refertoConfiguringPoEOperationonpage11-7.
2
InthedefaultPoEconfiguration,theportsarealreadysettothelowpriority.Inthiscase,thecommandisnotnecessary.
11-9
EnablingSupportforPre-StandardDevices
TheProCurveswitchescoveredinthisguideareautomaticallybackward
compatiblewith802.3afdevices,andcanalsosupportsomepre-802.3af
devices.Foralistofthedevicessupported,refertotheFAQsforyourswitch
model.
Syntax:[no]power-over-ethernetpre-std-detect
Detectsandpowerspre-802.3afstandarddevices.
Note:Thisisenabledbydefault.
ControllingPoEAllocation
ThedefaultoptionforPoEallocationisusage,whichiswhataPDattached
totheportisallocated.Youcanspecifytheamountofpowerallocatedtoa
portbyusingtheclassorvalueoptions.
.
Syntax:[no]int<port-list>PoE-allocate-by[usage|class|value]
AllowsyoutomanuallyallocatetheamountofPoEpowerfor
aportbyeitheritsclassoradefinedvalue.
usage:TheautomaticallocationbyaPD.
class:Usesthepowerramp-upsignatureofthePDtoidentify
whichpowerclassthedevicewillbein.Thepowersuppliedto
thePDattheoutputofthePSEisseparatedinto4classes.
Classesandtheirrangesareshowintable11-3.Theseare
approximatelytheminimumpoweramountstobesuppliedby
thePSE.ActualPDneedsmaybewithinsomerangeforeach
class.
value:Auser-definedlevelofPoEpowerallocatedforthatport.
Not e TheallowablePDrequirementsarelowerthanthosespecifiedforPSEsto
allowforpowerlossesalongtheCat-5cable.
11-10
Table11-3. PowerClassesandTheirValues
PowerClass Value
0 DependsoncabletypeandPoEarchitecture.Requiresa
minimumof30W.
Thisisthedefaultclass;ifthereisntenoughinformation
abouttheloadforaspecificclassification,thePSE
classifiestheloadasclass0(zero).
1 Requiresatleast4wattsatthePSE.
2 Requiresatleast7wattsatthePSE.
3 15.4watts
4 reserved:canbepowervaluebeyondtheclass3limit.
DependsoncabletypeandPoEarchitecture.
Forexample,toallocatebyclassforports6-8:
Pr oCur ve( conf i g) # i nt 6- 8 PoE- al l ocat e- by cl ass
ManuallyConfiguringPoEPowerLevels
Youcanspecifyapowerlevel(inwatts)allocatedforaportin1watt
increments,byusingthevalueoption.
Toconfigureaportbyvalue,firstsetthePoEallocationbyenteringthePoE-
allocate-byvaluecommand:
Pr oCur ve( conf i g) # i nt 6 PoE- al l ocat e- by val ue
orininterfacecontext:
Pr oCur ve( et h- 6) # PoE- al l ocat e- by val ue
Thenselectavalue:
Pr oCur ve( conf i g) # i nt 6 PoE- val ue 15
Pr oCur ve( et h- 6) # PoE- val ue 15
Toviewthesettings,entertheshowpower-over-ethernetcommand:
11-11

Pr oCur ve( conf i g) # show power - over - et her net 6
St at us and Count er s - Por t Power St at us f or por t 6
Power Enabl e
Pr i or i t y
Al l ocat eBy
Det ect i on St at us
: Yes
: l ow
: val ue
: Del i ver i ng
LLDP Det ect
Conf i gur ed Type
Val ue
Power Cl ass
: enabl ed
:
: 15
: 0
Over Cur r ent Cnt
Power Deni ed Cnt
: 0
: 0
MPS Absent Cnt
Shor t Cnt
: 0
: 0
Vol t age
Power
: 55. 1 V
: 19. 1 W
Cur r ent : 348 mA
Figure11-1.ExampleDisplayingPoEAllocationbyValue
IfyousetthePoEmaximumvaluetolessthanthePDrequires,afaultoccurs.
Pr oCur ve( conf i g) # i nt 7 PoE- val ue 4
Pr oCur ve( conf i g) # show power - over - et her net 7
Power Enabl e : Yes
LLDP Det ect : enabl ed
Pr i or i t y : l ow Conf i gur ed Type :
Al l ocat eBy : val ue Val ue : 4
Det ect i on St at us : Ot her Faul t Power Cl ass : 0
Over Cur r ent Cnt
Power Deni ed Cnt
: 0
: 2
MPS Absent Cnt
Shor t Cnt
: 0
: 0
Vol t age
Power
: 0
: 0
V
W
Cur r ent : 0 mA
Figure11-2.ExampleShowingPoEPowerValueSetTooLowforthePD
11-12
ChangingtheThresholdforGeneratingaPowerNotice
Youcangenerateapowerusagenoticeataspecifiedthresholdbyentering
thiscommand.
Syntax: power-over-ethernetthreshold<1-99>
ThiscommandspecifiesthePoEusagelevel(asapercentageof
thePoEpoweravailable)atwhichtheswitchgeneratesapower
usagenotice.ThisnoticeappearsasanSNMPtrapanda
correspondingEventLogmessage,andoccurswhenthepower
consumptioncrossestheconfiguredthresholdvalue.Thatis,the
switchgeneratesanoticewheneverthepowerconsumption
eitherexceedsordropsbelowthespecifiedpercentageofthetotal
PoEpoweravailable.
ThiscommandconfiguresthenotificationthresholdforPoE
powerusageonaglobalbasis.
Iftheswitchisconfiguredfordebuglogging,italsosendsthe
EventLogmessagetotheconfigureddebugdestination(s).
11-13
PoEwithLLDP
PoEwithLLDP
Overview
Thedatalinklayerclassification(DLC)forPoEprovidesmoreexactcontrol
overthepowerrequirementbetweenaPSEandPD.TheDLCworksin
conjunctionwiththephysicallayerclassification(PLC)andismandatoryfor
anyType-2PDthatrequiresmorethan12.95wattsofinputpower.
Not e DLCisdefinedaspartoftheIEEE802.3atstandard.
ThepowernegotiationbetweenaPSEandaPDcanbeimplementedatthe
physicallayeroratthedatalinklayer.Afterthelinkispoweredatthephysical
layer,thePSEcanuseLLDPtorepeatedlyquerythePDtodiscoverthepower
needsofthePD.Communicationoverthedatalinklayerallowsfinercontrol
ofpowerallotment,whichmakesitpossibleforthePSEtosupplydynamically
thepowerlevelsneededbythePD.UsingLLDPisoptionalforthePSEbut
mandatoryforaType2PDthatrequiresmorethan12.95wattsofpower.
IfthepowerneededbythePDisnotavailable,thatportisshutoff.
PoEAllocation
EnablingPoE-lldp-detectallowsthedatalinklayertobeusedforpower
negotiation.WhenaPDrequestspoweronaPoEport,LLDPinteractswith
PoEtoseeifthereisenoughpowertofulfilltherequest.Powerissetatthe
levelrequested.IfthePDgoesintopower-savingmode,thepowersuppliedis
reduced;iftheneedforpowerincreases,theamountsuppliedisincreased.
PoEandLLDPinteracttomeetthecurrentpowerdemands.
Syntax: int<port-list>PoE-lldp-detect[enabled|disabled]
Allowsthedatalinklayertobeusedforpowernegotiation
betweenaPDonaPoEportandLLDP.
Default:Disabled
11-14

PoEwithLLDP
Forexample,youcanenterthiscommandtoenableLLDPdetection:
Pr oCur ve( conf i g) # i nt 7 PoE- l l dp- det ect enabl ed
Pr oCur ve( et h- 7) # PoE- l l dp- det ect enabl ed
Not e DetectingPoEinformationviaLLDPonlyaffectspowerdelivery;itdoesnot
affectnormalEthernetconnectivity.
Youcanviewthesettingsbyenteringtheshowpower-over-ethernetbrief
command:
Pr oCur ve( conf i g) # show power - over - et her net br i ef
St at us and Count er s - Por t Power St at us
PoE | Power LLDP Power Al l oc PoE Conf i gur ed Det ect i on Power
Por t | Enabl e Det ect Pr i or i t y By Val Type St at us Cl ass
- - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
A1 | Yes enabl ed l ow usage 5 Phone- 1 Del i ver i ng 0
A2 | Yes di sabl ed l ow usage 17 Sear chi ng 1
A6 | Yes di sabl ed l ow val ue 17 Sear chi ng 0
A7 | Yes enabl ed l ow val ue 5 Phone- 2 Del i ver i ng 0
A8 | Yes di sabl ed l ow val ue 17 Sear chi ng 0
Figure11-3.ExampleofPortwithLLDPConfigurationInformationObtainedfromtheDevice
EnablingAdvertisementofPoeTLVs
ToinitiatetheadvertisementofpowerwithPoETLVs,thefollowingcommand
isconfiguredwiththepoeplus_configoption.
Syntax:lldpconfig<port-list>dot3TlvEnablepoeplus_config
EnablesadvertisementofdatalinklayerpowerusingPoE
TLVs.TheTLVisprocessedonlyafterthephysicallayerandthe
datalinklayerareenabled.TheTLVinformsthePSEaboutthe
actualpowerrequiredbythedevice.
11-15
PoEwithLLDP
DisplayingPoEWhenUsingLLDPInformation
DisplayingLLDPPortConfiguration
TodisplayinformationaboutLLDPportconfiguration,usetheshowlldpconfig
command.
Syntax:showlldpconfig<port-list>
DisplaystheLLDPportconfigurationinformation,includingthe
TLVsadvertised.
Pr oCur ve( conf i g) # show l l dp conf i g 4
LLDP Por t Conf i gur at i on Det ai l
Por t : 4
Admi nSt at us [ Tx_Rx] : Tx_Rx
Not i f i cat i onEnabl ed [ Fal se] : Fal se
Med Topol ogy Tr ap Enabl ed [ Fal se] : Fal se
TLVS Adver t i sed:
* por t _descr
* syst em_name
* syst em_descr
* syst em_cap
* capabi l i t i es
* net wor k_pol i cy
* l ocat i on_i d
* poe
* macphy_conf i g
* poepl us_conf i g
I pAddr ess Adver t i sed:
Figure11-4.ExampleofLLDPPortConfigurationInformationwithPoE
DisplayingLocalDevicePowerInformation
ToviewinformationaboutlocalPoEdevicesandpowerusage,usethis
command.
11-16

PoEwithLLDP
Syntax: showlldpinfolocal-device<port-list>
DisplaysdetailedinformationaboutlocalPoEdevices.
Pr oCur ve( conf i g) # show l l dp i nf o l ocal - devi ce 1
LLDP Local Por t I nf or mat i on Det ai l
Por t : 1
Por t Type : l ocal
Por t I d : 1
Por t Desc : 1
Poe Pl us I nf or mat i on Det ai l
Poe Devi ce Type : Type2 PSE
Power Sour ce : Pr i mar y
Request ed Power Val ue : 15 Wat t s
Act ual Power Val ue : 15 Wat t s
Acknowl edgement : Not par t of ack/ nack cycl e
Lost Communi cat i on : 0
Figure11-5.ExampleofLLDPLocalDeviceInformation
DisplayingRemotePowerInformation
ToviewinformationaboutremotePoEdevicesandpowerusage,usethis
command.
Syntax: showlldpinforemote-device<port-list>
DisplaysdetailedinformationaboutremotePoEdevices.
11-17

PoEwithLLDP
Pr oCur ve( conf i g) # show l l dp i nf o r emot e- devi ce 3
LLDP Remot e Devi ce I nf or mat i on Det ai l
Local Por t : 3
Chassi sType : mac- addr ess
Chassi sI d : 00 16 35 f f 2d 40
Por t Type : l ocal
Por t I d : 23
SysName : Pr oCur ve Swi t ch
Syst emDescr : Pr oCur ve J 9146A Swi t ch 2910al - 24G- PoE, r evi si on W. 14. XX
Por t Descr : 23
Syst emCapabi l i t i es Suppor t ed : br i dge, r out er
Syst emCapabi l i t i es Enabl ed : br i dge
Remot e Management Addr ess
Type : i pv4
Addr ess : 10. 0. 10. 10
Poe Pl us I nf or mat i on Det ai l
Poe Devi ce Type : Type2 PD
Power Sour ce : Onl y PSE
Power Pr i or i t y : Hi gh
Request ed Power Val ue : 10 Wat t s
Act ual Power Val ue : 10 Wat t s
Acknowl edgement : Not par t of ack/ nack cycl e
Figure11-6.ExampleofLLDPRemoteDeviceInformation
11-18
PoEwithLLDP
PossiblevaluesforthePoEinformationareshownintable11-4.
Table11-4. ValuesforDisplayedPoEInformation
Name PossibleValues
PoeDeviceType Type2PSE
Type2PD
Type1PSE
Type1PD
LocalPowerSource
(fromwherethePSEissourcingpowertoPD)
Unknown
Primary
Backup
Reserved
RemotePowerSource
(fromwherethePDisacquiringpower)
Unknown
OnlyPSE
OnlyLocal
PSEandLocal
PowerPriorityValues Unknown
Critical
High
Low
AcknowledgementValues
ForaPSE(local),thisvalueistheresponsebythePSE
totherequestfromthePD.ForaPD(remote),thisvalue
istheresponsebythePDtotherequestfromthePSE.
Notpartofack/nackcycle
Acknowledge
NonAcknowledge
LossofCommunication
11-19

DisplayingtheGlobalPoEStatus
Syntax: showpower-over-ethernet[brief|[ethernet]<port-list>|all>]]
DisplaystheswitchsglobalPoEpowerstatus.
brief:DisplaysPoEinformationforeachport.SeeDisplayingPoE
StatusonAllPortsonpage11-21.
<port-list>:DisplaysPoEinformationfortheportsin<port-list>.
SeeDisplayingthePoEStatusonSpecificPortsonpage11-23.
Forexample,showpower-over-ethernetdisplaysdatasimilartothatinfigure
11-7.
Pr oCur ve( conf i g) # show power - over - et her net
St at us and Count er s - Syst emPower St at us
Pr e- st andar d Det ect : On
Oper at i onal St at us : On
Usage Thr eshol d ( %) : 80
Chassi s power - over - et her net :
Tot al Pr ovi ded Power : 382 W
Tot al Fai l over Power : 0 W
Tot al Redundancy Power : 0 W
Tot al Redundancy Power : 0 W
Tot al Al l ocat ed Power : 376 W+/ - 6W
Figure11-7.ExampleofShowPower-Over-EthernetOutput
11-20
DisplayingPoEStatusonAllPorts
Syntax:showpower-over-ethernetbrief
Displaysthefollowingportpowerstatus:
Port:ListsallPoE-capableportsontheswitch.
PowerEnable:ShowsYesforportsenabledtosupportPoE(the
default)andNoforportsonwhichPoEisdisabled.
LLDPDetect:Displaysiftheportisenabledordisabledfor
allocatingPoEpowerbasedonthelink-partnerscapabilities
viaLLDP(enabled,disabled).NotallPoEdevicessupport
LLDP,soPoEinformationisignoredbydefault.
Priority:Liststhepowerpriority(Low,High,andCritical)
configuredonportsenabledforPoE.(Formoreonthistopic,
refertothepowercommanddescriptionunderConfiguring
PoEOperationonpage11-7.)
Allocby:DisplayshowPoEisallocated(usage,class,value)
PoEValue:ThemaximumamountofPoEpowerallocatedfor
thatport(expressedinwatts).
ConfiguredType:Ifconfigured,showstheuser-specified
identifierfortheport.Ifnotconfigured,thefieldisempty.
DetectionStatus:
Searching: TheportistryingtodetectaPDconnection.
Delivering:TheportisdeliveringpowertoaPD.
Disabled:Ontheindicatedport,eitherPoEsupportis
disabledorPoEpowerisenabledbutthePSEdoesnothave
enoughpoweravailabletosupplytheportspowerneeds.
Fault:TheswitchdetectsaproblemwiththeconnectedPD.
PowerClass: Showsthe802.3atphysicallayerpowerclassof
thePDdetectedontheindicatedport.Classesinclude:
0:Dependsoncable 3:15.4watts
typeandPoE
4:reservedcanbepower
architecture valuebeyondtheclass3limit.
1:4watts
Dependsoncabletypeand
2:7watts
PoEarchitecture.
Otherfault:Theswitchhasdetectedaninternalfaultthat
preventsitfromsupplyingpoweronthatport.
11-21

Forexample,showpower-over-ethernetbriefdisplaysthisoutput:
Pr oCur ve( conf i g) # show power - over - et her net br i ef
St at us and Count er s - Por t Power St at us
PoE | Power LLDP Power Al l oc PoE Conf i gur ed Det ect i on Power
Por t | Enabl e Det ect Pr i or i t y By Val Type St at us Cl ass
- - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 | Yes enabl ed l ow usage 5 Phone- 1 Del i ver i ng 0
2 | Yes di sabl ed l ow usage 17 Sear chi ng 0
6 | Yes di sabl ed l ow val ue 17 Sear chi ng 0
Figure11-8. ExampleofShowPower-Over-EthernetBriefOutput
11-22
DisplayingthePoEStatusonSpecificPorts
Syntax:showpower-over-ethernet<port-list>
DisplaysthefollowingPoEstatusandstatistics(sincethelast
reboot)foreachportin<port-list>:
PowerEnable:ShowsYesforportsenabledtosupportPoE(the
default)andNoforportsonwhichPoEisdisabled.Notethat
forportsonwhichpowerisdisabled,thisistheonlyfield
displayedbyshowpower-over-ethernet<port-list>.
Priority:Liststhepowerpriority(Low,High,andCritical)
configuredonportsenabledforPoE.(Formoreonthistopic,
refertothepowercommanddescriptionunderConfiguring
PoEOperationonpage11-7.)
Allocateby:HowPoEisallocated(usage,class,value)
DetectionStatus:
Searching: TheportisavailabletosupportaPD.
Delivering:TheportisdeliveringpowertoaPD.
Disabled:PoEpowerisenabledontheportbutthePSEdoes
nothaveenoughpoweravailabletosupplytheportspower
needs.
Fault:TheswitchdetectsaproblemwiththeconnectedPD.
OtherFault:Theswitchhasdetectedaninternalfaultthat
preventsitfromsupplyingpoweronthatport.
OverCurrentCnt:ShowsthenumberoftimesaconnectedPD
hasattemptedtodrawmorethan33wattsifPoEis
configuredbyusage,otherwiseitisbasedontheclassorby
thelimitconfiguredontheport(value).Eachoccurrence
generatesanEventLogmessage.
11-23
Syntax:showpower-over-ethernet<port-list> (Continued)
PowerDeniedCnt: ShowsthenumberoftimesPDsrequesting
powerontheporthavebeendeniedduetoinsufficientpower
available.EachoccurrencegeneratesanEventLogmessage.
Voltage: Thetotalvoltage,indV,beingdeliveredtoPDs.
Power:Thetotalpower,inmW,beingdeliveredtoPDs.
LLDPDetect:PortisenabledordisabledforallocatingPoE
powerbasedonthelink-partnerscapabilitiesviaLLDP
ConfiguredType:Ifconfigured,showstheuser-specified
identifierfortheport.Ifnotconfigured,thefieldisempty.
Value:ThemaximumamountofPoEpowerallocatedforthat
port(expressedinwatts).
PowerClass: ShowsthepowerclassofthePDdetectedonthe
indicatedport.Classesinclude:
0:DependsoncabletypeandPoEarchitecture
1:0.44wto3.84w
2:3.84wto6.49w
3:6.49wto12.95w
4:reserved:canbepowervaluebeyondtheclass3limit.
DependsoncabletypeandPoEarchitecture
MPSAbsentCnt: Thisvalueshowsthenumberoftimesa
detectedPDhasnolongerrequestedpowerfromtheport.
EachoccurrencegeneratesanEventLogmessage.(MPS
referstotheMaintenancePowerSignature.RefertoPoE
Terminologyonpage11-4.)
ShortCnt: Showsthenumberoftimestheswitchprovided
insufficientcurrenttoaconnectedPD.
Current: Thetotalcurrent,inmA,beingdeliveredtoPDs.
11-24

Forexample,ifyouwantedtoviewthePoEstatusofports6and7,youwould
useshowpower-over-ethernet6-7todisplaythedata:
Pr oCur ve( conf i g) # show power - over - et her net 6- 7
Power Enabl e : Yes
LLDP Det ect : enabl ed
Al l ocat eBy : val ue Val ue : 17 W
Det ect i on St at us : Del i ver i ng Power Cl ass : 0
Over Cur r ent Cnt : 0 MPS Absent Cnt : 0
Power Deni ed Cnt : 0 Shor t Cnt : 0
Vol t age : 55. 1 V Cur r ent : 348 mA
Power : 15 W
Power Enabl e : yes
LLDP Det ect : di sabl ed
Al l ocat eBy : val ue Val ue : 17 W
Det ect i on St at us : Sear chi ng Power Cl ass : 0
Over Cur r ent Cnt : 0 MPS Absent Cnt : 0
Power Deni ed Cnt : 0 Shor t Cnt : 0
Vol t age : 0 V Cur r ent : 0 mA
Power : 0 W
Figure11-9.ExampleofShowPower-Over-Ethernet<port-list>Output
11-25
PlanningandImplementingaPoEConfiguration
PlanningandImplementingaPoE
Configuration
ThissectionprovidesanoverviewofsomeconsiderationsforplanningaPoE
application.Foradditionalinformationonthistopic,refertotheProCurve
PoEPlanningandImplementationGuidewhichisavailableontheProCurve
Networkingwebsiteatwww.procurve.com.(ClickonCustomerCare,then
Manuals).
SomeoftheelementsyoumaywanttoconsiderforaPoEinstallationinclude:
PortassignmentstoVLANs
Useofsecurityfeatures
Powerrequirements
ThissectioncanhelpyoutoplanyourPoEinstallation.Ifyouusemultiple
VLANsinyournetwork,orifyouhaveconcernsaboutnetworksecurity,you
shouldreadthefirsttwotopics.IfyourPoEinstallationcomescloseto(oris
likelytoexceed)thesystemsabilitytosupplypowertoalldevicesthatmay
requestit,thenyoushouldalsoreadthethirdtopic.(Ifitisunlikelythatyour
installationwillevenapproachafullutilizationofthePoEpoweravailable,
thenyoumayfinditunnecessarytospendmuchtimeoncalculatingPoE
powerscenarios.)
AssigningPoEPortstoVLANs
IfyournetworkincludesVLANs,youmaywanttoassignvariousPoEports
tospecificVLANs.Forexample,ifyouareusingPoEtelephonesinyour
network,youmaywanttoassignportsusedfortelephoneaccesstoaVLAN
reservedfortelephonetraffic.
ApplyingSecurityFeaturestoPoEConfigurations
Youcanutilizesecurityfeaturesbuiltintotheswitchtocontroldeviceoruser
accesstothenetworkthroughPoEportsinthesamewayasnon-PoEports.
11-26
MACAddressSecurity:UsingPortSecurity,youcanconfigureeach
switchportwithauniquelistofMACaddressesfordevicesthatare
authorizedtoaccessthenetworkthroughthatport.Formoreinfor-
mation,refertothechaptertitled"ConfiguringandMonitoringPort
Security"intheAccessSecurityGuideforyourswitch.
Username/PasswordSecurity:Ifyouareconnectingadevicethat
allowsyoutoenterausernameandpasswordthatisforwardedtoa
networkedserverforauthentication,thenyoucanalsoconfigurethe
followingsecurityfeatures:
Localusernameandpassword
TACACS+
RADIUSAuthenticationandAccounting
802.1XAuthentication
Formoreinformationonsecurityoptions,refertothelatesteditionofthe
AccessSecurityGuideforyourswitch.(TheProCurveNetworkingwebsite
offersthelatestversionofallProCurveproductpublications.RefertoGetting
DocumentationFromtheWebonpage1-6.)
AssigningPriorityPoliciestoPoETraffic
YoucanusetheconfigurableQoS(QualityofService)featuresintheswitch
tocreateprioritizationpoliciesfortrafficmovingthroughPoEports.Table11-
5liststheavailableclassifiersandtheirorderofprecedence.
Table11-5. ClassifiersforPrioritizingOutboundPackets
Priority QoSClassifier
1 UDP/TCPApplicationType(port)
2 DevicePriority(destinationorsourceIPaddress)
3 IPTypeofService(ToS)field(IPpacketsonly)
4 VLANPriority
5 Incomingsource-portontheswitch
6 Incoming802.1ppriority(presentintaggedVLANenvironments)
Formoreonthistopic,refertothechaptertitledQualityofService:Managing
BandwidthMoreEffectivelyintheAdvancedTrafficManagementGuidefor
yourswitch.
11-27
PoEEventLogMessages
PoEoperationgeneratestheseEventLogmessages.Youcanalsoconfigure
theswitchtosendthesemessagestoaconfigureddebugdestination(terminal
deviceorSyslogDserver).
InformationalPoEEvent-LogMessages
Message Meaning
I <MM/DD/YY> <HH:MM:SS> <ports> Messageheader,withseverity,date,systemtime.Formore
informationonEventLogoperation,includingseverity
indicators,refertoUsingtheEventLogforTroubleshooting
SwitchProblemsonpageC-26
por t <port-id>appl yi ng power t o PD APoEdeviceisconnectedtotheindicatedportand
receivingpower.
por t <port-id>PD det ect ed TheswitchhasdetectedaPoEdeviceconnectedtothe
indicatedport.
WarningPoEEvent-LogMessages
Message Meaning
W<MM/DD/YY> <HH:MM:SS> chassi s Messageheader,withseverity,date,systemtime.Formore
informationonEventLogoperation,includingseverity
indicators,refertoUsingtheEventLogforTroubleshooting
SwitchProblemsonpageC-26.
Por t <port-id>PD Deni ed power due t o ThereisinsufficientpoweravailabletopowerthePDonthe
i nsuf f i ci ent power al l ocat i on. indicatedportandtheportdoesnothavesufficientPoE
prioritytotakepowerfromanotheractivePoEport.
Por t <port-id> PD I nval i d Si gnat ur e Theswitchhasdetectedanon-802.3af-compliantdeviceon
i ndi cat i on theindicatedport.Thismessageappearsforallnon-802.3af
devicesconnectedtotheport,suchasotherswitches,PC-
NICs,etc.
Por t <port-id> PD MPS Absent i ndi cat i on Theswitchnolongerdetectsadeviceon<port-id>.The
devicemayhavebeendisconnected,powereddown,or
stoppedfunctioning.
Por t <port-id>PD Ot her Faul t i ndi cat i on ThereisaproblemwiththePDconnectedtotheport.
11-28
Message Meaning
Por t <port-id>PD Over Cur r ent ThePDconnectedto<port-id>hasrequestedmorethan
i ndi cat i on 15.4wattsofpower.Thismayindicateashort-circuitor
otherprobleminthePD.
50v Power Suppl y i s f aul t ed. Internalpowersupplyhasfaulted.
Fai l ur es: x
50v Power Suppl y i s OK. Fai l ur es: x InternalpowersupplyisnowOK.
FET bad on por t <por t - i d> ExternalFET(FieldEffectTransistor)ontheporthasgone
badandcannotdeliverpower.
11-29
11-30
12
PortTrunking
Contents
Overview .................................................... 12-2
PortTrunkFeaturesandOperation ........................... 12-4
TrunkConfigurationMethods ................................ 12-4
Menu:ViewingandConfiguringaStaticTrunkGroup.......... 12-9
CLI:ViewingandConfiguringPortTrunkGroups ............. 12-11
UsingtheCLIToViewPortTrunks .......................... 12-11
UsingtheCLIToConfigureaStaticorDynamicTrunkGroup ... 12-14
Web:ViewingExistingPortTrunkGroups .................... 12-17
TrunkGroupOperationUsingLACP ......................... 12-18
DefaultPort Operation . .................................... 12-21
LACPNotesandRestrictions ......... ...................... 12-22
TrunkGroupOperationUsingtheTrunkOption ............ 12-26
HowtheSwitchListsTrunkData ............................ 12-27
OutboundTrafficDistributionAcrossTrunkedLinks ......... 12-27
12-1
PortTrunking
Overview
Overview
Thischapterdescribescreatingandmodifyingporttrunkgroups.This
includesnon-protocoltrunksandLACP(802.3ad)trunks.
PortStatusandConfigurationFeatures
viewingporttrunks n/a page12-9 page12-11 page12-17
configuringastatictrunk none page12-9 page12-15
group
configuringadynamicLACP disabled page12-15
trunkgroup
Porttrunkingallowsyoutoassignuptoeightphysicallinkstoonelogicallink
(trunk)thatfunctionsasasingle,higher-speedlinkprovidingdramatically
increasedbandwidth.Thiscapabilityappliestoconnectionsbetweenback-
bonedevicesaswellastoconnectionsinothernetworkareaswheretraffic
bottlenecksexist.Atrunkgroupisasetofuptoeightportsconfiguredas
membersofthesameporttrunk.Notethattheportsinatrunkgroupdonot
havetobeconsecutive.Forexample:
Themultiplephysicallinksinatrunkbehaveasonelogicallink
Switch2: Switch1: port1 portc1
port2 portc2
Portsa1,a3-a4, Portsc1-c3,
port3 portc3
a6-a8,a11,and c5-c7,and
port4 portc4
a12configured c9-c10
port5 portc5
asaporttrunk configuredasa
port6 portc6
group porttrunkgroup.
port7
portc8
portc7
port8
portc9 port9
portc10 port10
port11
portn
port12
portn
Figure12-1.ConceptualExampleofPortTrunking
Withfull-duplexoperationinaeight-porttrunkgroup,trunkingenablesthe
followingbandwidthcapabilities:
12-2
PortTrunking
Overview
PortConnectionsandConfiguration:Allporttrunklinksmustbepoint-
to-pointconnectionsbetweenaswitchandanotherswitch,router,server,or
workstationconfiguredforporttrunking.Nointervening,non-trunking
devicesareallowed.Itisimportanttonotethatportsonbothendsofaport
trunkgroupmusthavethesamemode(speedandduplex)andflowcontrol
settings.
Not e LinkConnections.Theswitchdoesnotsupportporttrunkingthroughan
intermediate,non-trunkingdevicesuchasahub,orusingmorethanonemedia
typeinaporttrunkgroup.Similarly,forpropertrunkoperation,alllinksin
thesametrunkgroupmusthavethesamespeed,duplex,andflowcontrol.
PortSecurityRestriction.Portsecuritydoesnotoperateonatrunkgroup.
Ifyouconfigureportsecurityononeormoreportsthatarelateraddedtoa
trunkgroup,theswitchresetstheportsecurityparametersforthoseportsto
thefactory-defaultconfiguration.
Ca u t i o n Toavoidbroadcaststormsorloopsinyournetworkwhileconfiguringa
trunk,firstdisableordisconnectallportsyouwanttoaddtoorremovefrom
thetrunk.Afteryoufinishconfiguringthetrunk,enableorre-connectthe
ports.
12-3
PortTrunking
PortTrunkFeaturesandOperation
PortTrunkFeaturesandOperation
Theswitchescoveredinthisguideoffertheseoptionsforporttrunking:
LACP:IEEE802.3adpage12-18
Trunk:Non-Protocolpage12-26
Upto24trunkgroupsaresupportedontheswitchescoveredinthisguide.The
actualmaximumdependsonthenumberofportsavailableontheswitchand
thenumberoflinksineachtrunk.(UsingtheLinkAggregationControl
ProtocolLACPoption,youcanincludestandbytrunkedportsinaddition
tothemaximumofeightactivelytrunkingports.)
L ACP No t e LACPrequiresfull-duplex(FDx)linksofthesamemediatype(10/100Base-T,
100FX,etc.)andthesamespeed,andenforcesspeedandduplexconformance
acrossatrunkgroup.Formostinstallations,ProCurverecommendsthatyou
leavetheportModesettingsatAuto(thedefault).LACPalsooperateswith
Auto-10,Auto-100,andAuto-1000(ifnegotiationselectsFDx),and10FDx,100FDx,
and1000FDxsettings.(The10-gigabitportsavailableforsomeswitchmodels
allowonlytheAutosetting.)
FaultTolerance: Ifalinkinaporttrunkfails,theswitchredistributes
trafficoriginallydestinedforthatlinktotheremaininglinksinthetrunk.The
trunkremainsoperableaslongasthereisatleastonelinkinoperation.Ifa
linkisrestored,thatlinkisautomaticallyincludedinthetrafficdistribution
again.TheLACPoptionalsooffersastandbylinkcapability,whichenables
youtokeeplinksinreserveforserviceifoneormoreoftheoriginalactive
linksfails.RefertoTrunkGroupOperationUsingLACPonpage12-18.)
TrunkConfigurationMethods
DynamicLACPTrunk:Theswitchautomaticallynegotiatestrunkedlinks
betweenLACP-configuredportsonseparatedevices,andoffersonedynamic
trunkoption:LACP.ToconfiguretheswitchtoinitiateadynamicLACPtrunk
withanotherdevice,usetheinterfacecommandintheCLItosetthedefault
LACPoptiontoActiveontheportsyouwanttouseforthetrunk.Forexample,
thefollowingcommandsetsportsC1-C4toLACPactive:
12-4
PortTrunking
Pr oCur ve( conf i g) i nt c1- c4 l acp act i ve
Notethattheprecedingexampleworksiftheportsarenotalreadyoperating
inatrunk.TochangetheLACPoptiononportsalreadyoperatingasatrunk,
youmustfirstremovethemfromthetrunk.Forexample,ifportsC1-C4were
LACP-activeandoperatinginatrunkwithanotherdevice,youwoulddothe
followingtochangethemtoLACP-passive:
Pr oCur ve( conf i g) # no i nt c1- c4 l acp
Removestheportsfromthetrunk.
Pr oCur ve( conf i g) # i nt c1- c4 l acp passi ve
ConfiguresLACPpassive.
StaticTrunk:TheswitchusesthelinksyouconfigurewiththePort/Trunk
SettingsscreeninthemenuinterfaceorthetrunkcommandintheCLItocreate
astaticporttrunk.Theswitchofferstwotypesofstatictrunks:LACPand
Trunk.
Table12-1. TrunkTypesUsedinStaticandDynamicTrunkGroups
Trunking
Method
LACP Trunk
Dynamic Yes No
Static Yes Yes
12-5
PortTrunking
Table12-2. TrunkConfigurationProtocols
Protocol TrunkingOptions
LACP ProvidesdynamicandstaticLACPtrunkingoptions.
(802.3ad)
DynamicLACPUsetheswitch-negotiateddynamicLACPtrunkwhen:
TheportontheotherendofthetrunklinkisconfiguredforActiveorPassiveLACP.
Youwantfault-toleranceforhigh-availabilityapplications.Ifyouuseaneight-linktrunkyoucanalso
configureoneormoreadditionallinkstooperateasstandbylinksthatwillactivateonlyifanother
activelinkgoesdown.
StaticLACPUsethemanuallyconfiguredstaticLACPtrunkwhen:
TheportontheotherendofthetrunklinkisconfiguredforastaticLACPtrunk
Youwanttoconfigurenon-defaultspanningtreeorIGMPparametersonanLACPtrunkgroup.
YouwantanLACPtrunkgrouptooperateinaVLANotherthanthedefaultVLANandGVRPisdisabled.
(RefertoVLANsandDynamicLACPonpage12-23.)
YouwanttouseamonitorportontheswitchtomonitoranLACPtrunk.
Formoreinformation,refertoTrunkGroupOperationUsingLACPonpage12-18.
Trunk Providesmanuallyconfigured,static-onlytrunkingto:
(non- MostProCurveswitchesandroutingswitchesnotrunningthe802.3adLACPprotocol.
protocol)
WindowsNTandHP-UXworkstationsandservers
UsetheTrunkoptionwhen:
Thedevicetowhichyouwanttocreateatrunklinkisusinganon-802.3adtrunkingprotocol
Youareunsurewhichtypeoftrunktouse,orthedevicetowhichyouwanttocreateatrunklinkis
usinganunknowntrunkingprotocol.
Youwanttouseamonitorportontheswitchtomonitortrafficonatrunk.
RefertoTrunkGroupOperationUsingtheTrunkOptiononpage12-26.
12-6
PortTrunking
Table12-3. GeneralOperatingRulesforPortTrunks
Media:Forpropertrunkoperation,allportsonbothendsofatrunkgroupmusthavethesamemediatypeandmode
(speedandduplex).(Fortheswitchescoveredinthisguide,ProCurverecommendsleavingtheportModesettingatAuto
or,innetworksusingCat3cabling,Auto-10.)
PortConfiguration:ThedefaultportconfigurationisAuto,whichenablesaporttosensespeedandnegotiateduplexwith
anAuto-Enabledportonanotherdevice.ProCurverecommendsthatyouusetheAutosettingforallportsyouplantouse
fortrunking.Otherwise,youmustmanuallyensurethatthemodesettingforeachportinatrunkiscompatiblewiththe
otherportsinthetrunk.
RecommendedPortModeSettingforLACP
Figure12-2.RecommendedPortModeSettingforLACP
Allofthefollowingoperateonaper-portbasis,regardlessoftrunkmembership:
Enable/Disable
Flowcontrol(FlowCtrl)
LACPisafull-duplexprotocol.RefertoTrunkGroupOperationUsingLACPonpage12-18.
TrunkConfiguration:Allportsinthesametrunkgroupmustbethesametrunktype(LACPorTrunk).AllLACPportsinthe
sametrunkgroupmustbeeitherallstaticLACPoralldynamicLACP.
AtrunkappearsasasingleportlabeledDyn1(foranLACPdynamictrunk)orTrk1(forastatictrunkoftype:LACP,
Trunk)onvariousmenuandCLIscreens.Foralistingofwhichscreensshowwhichtrunktypes,refertoHowtheSwitch
ListsTrunkDataonpage12-27.
Forspanning-treeorVLANoperation,configurationforallportsinatrunkisdoneatthetrunklevel.(Youcannotseparately
configureindividualportswithinatrunkforspanning-treeorVLANoperation.)
TrafficDistribution:AlloftheswitchtrunkprotocolsusetheSA/DA(SourceAddress/DestinationAddress)methodof
distributingtrafficacrossthetrunkedlinks.RefertoOutboundTrafficDistributionAcrossTrunkedLinksonpage12-27.
12-7
PortTrunking
SpanningTree:802.1D(STP)and802.1w(RSTP)SpanningTreeoperateasaglobalsettingontheswitch(withoneinstance
ofSpanningTreeperswitch).802.1s(MSTP)SpanningTreeoperatesonaper-instancebasis(withmultipleinstances
allowedperswitch).ForeachSpanningTreeinstance,youcanadjustSpanningTreeparametersonaper-portbasis.A
statictrunkofanytypeappearsintheSpanningTreeconfigurationdisplay,andyoucanconfigureSpanningTree
parametersforastatictrunkinthesamewaythatyouwouldconfigureSpanningTreeparametersonanon-trunkedport.
(NotethattheswitchliststhetrunkbynamesuchasTrk1anddoesnotlisttheindividualportsinthetrunk.)For
example,ifportsC1andC2areconfiguredasastatictrunknamedTrk1,theyarelistedintheSpanningTreedisplayas
Trk1anddonotappearasindividualportsintheSpanningTreedisplays.
Inthisexampleshowing
partoftheshowspanning-
treelisting,portsC1andC2
aremembersofTRK1and
donotappearasindividual
portsintheport
configurationpartofthe
listing.
Figure12-3.ExampleofaPortTrunkinaSpanningTreeListing
WhenSpanningTreeforwardsonatrunk,allportsinthetrunkwillbeforwarding.Conversely,whenSpanningTreeblocks
atrunk,allportsinthetrunkareblocked.
Note:AdynamicLACPtrunkoperatesonlywiththedefaultSpanningTreesettings.Also,thistypeoftrunkappearsin
theCLIshowspanning-treedisplay,butnotintheSpanningTreeOperationdisplayoftheMenuinterface.
Ifyouremoveaportfromastatictrunk,theportretainsthesameSpanningTreesettingsthatwereconfiguredforthetrunk.
IPMulticastProtocol(IGMP):AstatictrunkofanytypeappearsintheIGMPconfigurationdisplay,andyoucanconfigure
IGMPforastatictrunkinthesamewaythatyouwouldconfigureIGMPonanon-trunkedport.(Notethattheswitchlists
thetrunkbynamesuchasTrk1anddoesnotlisttheindividualportsinthetrunk.)Also,creatinganewtrunk
automaticallyplacesthetrunkinIGMPAutostatusifIGMPisenabledforthedefaultVLAN.AdynamicLACPtrunk
operatesonlywiththedefaultIGMPsettingsanddoesnotappearintheIGMPconfigurationdisplayorshowipigmp
listing.
VLANs:CreatinganewtrunkautomaticallyplacesthetrunkintheDEFAULT_VLAN,regardlessofwhethertheportsin
thetrunkwereinanotherVLAN.Similarly,removingaportfromatrunkgroupautomaticallyplacestheportinthedefault
VLAN.YoucanconfigureastatictrunkinthesamewaythatyouconfigureaportformembershipinanyVLAN.
Note:ForadynamicLACPtrunktooperateinaVLANotherthanthedefaultVLAN(DEFAULT_VLAN),GVRPmustbe
enabled.RefertoTrunkGroupOperationUsingLACPonpage12-18.
PortSecurity:Trunkgroups(andtheirindividualports)cannotbeconfiguredforportsecurity,andtheswitchexcludes
trunkedportsfromtheshowport-securitylisting.Ifyouconfigurenon-defaultportsecuritysettingsforaport,then
subsequentlytrytoplacetheportinatrunk,youwillseethefollowingmessageandthecommandwillnotbeexecuted:
<port-list>Command cannot oper at e over a l ogi cal por t .
MonitorPort:
Note:Atrunkcannotbeamonitorport.AmonitorportcanmonitorastatictrunkbutcannotmonitoradynamicLACPtrunk.
12-8
PortTrunking
Menu:ViewingandConfiguringaStaticTrunkGroup
Menu:ViewingandConfiguringaStatic
TrunkGroup
Important Configureporttrunkingbeforeyouconnectthetrunkedlinkstoanother
switch,routingswitch,orserver.Otherwise,abroadcaststormcouldoccur.
(Ifyouneedtoconnecttheportsbeforeconfiguringthemfortrunking,you
cantemporarilydisabletheportsuntilthetrunkisconfigured.Referto
EnablingorDisablingPortsandConfiguringPortModeonpage10-13.)
ToViewand/orConfigureStaticPortTrunking:Thisprocedureuses
thePort/TrunkSettingsscreentoconfigureastaticporttrunkgrouponthe
switch.
1. FollowtheproceduresintheImportantnoteabove.
2.Port/TrunkSettings
3. Press[E](forEdit)andthenusethearrowkeystoaccesstheporttrunk
parameters.
Thesetwocolumnsindicate
statictrunkstatus.
(FordynamicLACPtrunk
status,usetheCLIshowlacp
commandpage12-13.)
Figure12-4.ExampleoftheMenuScreenforConfiguringaPortTrunkGroup
4. IntheGroupcolumn,movethecursortotheportyouwanttoconfigure.
5. UsetheSpacebartochooseatrunkgroupassignment(Trk1,Trk2,andso
on)fortheselectedport.
12-9
PortTrunking
Menu:ViewingandConfiguringaStaticTrunkGroup
Forpropertrunkoperation,allportsinatrunkmusthavethesame
mediatypeandmode(suchas10/100TXsetto100FDx,or100FXset
to100FDx).Theflowcontrolsettingsmustalsobethesameforall
portsinagiventrunk.Toverifythesesettings,refertoViewingPort
StatusandConfiguringPortParametersonpage10-3.
Youcanconfigurethetrunkgroupwithuptoeightportspertrunk.If
multipleVLANsareconfigured,allportswithinatrunkwillbe
assignedtothesameVLANorsetofVLANs.(Withthe802.1QVLAN
capabilitybuiltintotheswitch,morethanoneVLANcanbeassigned
toatrunk.RefertothechaptertitledStaticVirtualLANs(VLANs)
intheAdvancedTrafficManagementGuideforyourswitch.)
(Toreturnaporttoanon-trunkstatus,keeppressingtheSpacebar
untilablankappearsinthehighlightedGroupvalueforthatport.)
Figure12-5.ExampleoftheConfigurationforaTwo-PortTrunkGroup
6. MovethecursortotheTypecolumnfortheselectedportandusethe
Spacebartoselectthetrunktype:
LACP
Trunk(thedefaulttypeifyoudonotspecifyatype)
Allportsinthesametrunkgrouponthesameswitchmusthavethesame
Type(LACPorTrunk).
7. Whenyouarefinishedassigningportstothetrunkgroup,press[Enter],
then[S](forSave)andreturntotheMainMenu.(Itisnotnecessaryto
reboottheswitch.)
DuringtheSaveprocess,trafficontheportsconfiguredfortrunkingwill
bedelayedforseveralseconds.IftheSpanningTreeProtocolisenabled,
thedelaymaybeupto30seconds.
12-10
PortTrunking
CLI:ViewingandConfiguringPortTrunkGroups
8. Connectthetrunkedportsontheswitchtothecorrespondingportson
theoppositedevice.Ifyoupreviouslydisabledanyofthetrunkedports
ontheswitch,enablethemnow.(RefertoViewingPortStatusand
ConfiguringPortParametersonpage10-3.)
ChecktheEventLog(UsingtheEventLogforTroubleshootingSwitch
ProblemsonpageC-26)toverifythatthetrunkedportsareoperatingprop-
erly.
CLI:ViewingandConfiguringPortTrunk
Groups
TrunkStatusandConfigurationCommands
showtrunks below
showlacp page12-13
trunk page12-15
interface<port-list>lacp page12-15
UsingtheCLIToViewPortTrunks
Youcanlistthetrunktypeandgroupforallportsontheswitchorforselected
ports.YoucanalsolistLACP-onlystatusinformationforLACP-configured
ports.
ListingStaticTrunkTypeandGroupforAllPortsorforSelected
Ports.
Syntax: showtrunks[<port-list>]
Omittingthe<port-list>parameterresultsinastatictrunk
datalistingforallLANportsintheswitch.Forexample,in
aswitchwhereportsA4andA5belongtoTrunk1andports
A7andA8belongtoTrunk2,youhavetheoptionsshownin
figures12-6and12-7fordisplayingportdataforports
belongingtostatictrunks.
12-11
PortTrunking
Usingaportlistspecifies,forswitchportsinastatictrunkgroup,onlythe
portsyouwanttoview.Inthiscase,thecommandspecifiesportsA5through
A7.However,becauseportA6isnotinastatictrunkgroup,itdoesnotappear
intheresultinglisting:
PortA5appearswithanexampleofanamethatyoucanoptionallyassignusingtheFriendly
PortNamesfeature.(RefertoUsingFriendly(Optional)PortNamesonpage10-22.)
PortA6doesnotappearinthislistingbecause
itisnotassignedtoastatictrunk.
Figure12-6.ExampleListingSpecificPortsBelongingtoStaticTrunks
Theshowtrunks<port-list>commandintheaboveexampleincludesaport
list,andthusshowstrunkgroupinformationonlyforspecificportsthathave
membershipinastatictrunk.Infigure12-7,thecommanddoesnotincludea
portlist,sotheswitchlistsallportshavingstatictrunkmembership.
Figure12-7.ExampleofaShowTrunkListingWithoutSpecifyingPorts
12-12
PortTrunking
ListingStaticLACPandDynamicLACPTrunkData.
Syntax: showlacp
ListsdataforonlytheLACP-configuredports..
Inthefollowingexample,portsA1andA2havebeenpreviouslyconfigured
forastaticLACPtrunk.(FormoreontheActiveparameter,seetable12-5
onpage12-21.)
Figure12-8. ExampleofaShowLACPListing
(Foradescriptionofeachoftheabove-listeddatatypes,refertotable12-5,
LACPPortStatusDataonpage12-21.)
DynamicLACPStandbyLinks.DynamicLACPtrunkingenablesyouto
configurestandbylinksforatrunkbyincludingmorethaneightportsina
dynamicLACPtrunkconfiguration.Wheneightports(trunklinks)areup,the
remaininglink(s)willbeheldinstandbystatus.IfatrunkedlinkthatisUp
fails,itwillbereplacedbyastandbylink,whichmaintainsyourintended
bandwidthforthetrunk.(RefertoalsotheStandbyentryunderPortStatus
in"Table12-5.LACPPortStatusData"onpage12-21.)Inthenextexample,
portsA1throughA9havebeenconfiguredforthesameLACPtrunk.Notice
thatoneofthelinksshowsStandbystatus,whiletheremainingeightlinksare
Up.
12-13
PortTrunking
Figure12-9.ExampleofaDynamicLACPTrunkwithOneStandbyLink
UpLinks
StandbyLink
UsingtheCLIToConfigureaStaticorDynamicTrunk
Group
I mp o r t a n t Configureporttrunkingbeforeyouconnectthetrunkedlinksbetween
switches.Otherwise,abroadcaststormcouldoccur.(Ifyouneedtoconnect
theportsbeforeconfiguringthemfortrunking,youcantemporarilydisable
theportsuntilthetrunkisconfigured.RefertoEnablingorDisablingPorts
andConfiguringPortModeonpage10-13.)
Thetableonpage12-5describesthemaximumnumberoftrunkgroupsyou
canconfigureontheswitch.Anindividualtrunkcanhaveuptoeightlinks,
withadditionalstandbylinksifyoureusingLACP.Youcanconfiguretrunk
grouptypesasfollows:
TrunkType TrunkGroupMembership
TrkX(Static) DynX(Dynamic)
LACP
Trunk
Yes Yes
Yes No
Thefollowingexamplesshowhowtocreatedifferenttypesoftrunkgroups.
12-14
PortTrunking
ConfiguringaStaticTrunkorStaticLACPTrunkGroup.
Syntax: trunk<port-list><trk1...trk24><trunk|lacp>
Configuresthespecifiedstatictrunktype.
ThisexampleusesportsC4-C6tocreateanon-protocolstatictrunkgroup
withthegroupnameofTrk2.
Pr oCur ve( conf i g) # t r unk c4- c6 t r k2 t r unk
RemovingPortsfromaStaticTrunkGroup.Thiscommandremoves
oneormoreportsfromanexistingTrkxtrunkgroup.
Ca u t i o n Removingaportfromatrunkcancreatealoopandcauseabroadcaststorm.
Whenyouremoveaportfromatrunkwherespanningtreeisnotinuse,
ProCurverecommendsthatyoufirstdisabletheportordisconnectthelink
onthatport.
Syntax: notrunk<port-list>
Removesthespecifiedportsfromanexistingtrunkgroup.
Forexample,toremoveportsC4andC5fromanexistingtrunkgroup.
Pr oCur ve( conf i g) # no t r unk c4- c5
EnablingaDynamicLACPTrunkGroup.Inthedefaultportconfigura-
tion,allportsontheswitcharesettodisabled.Toenabletheswitchto
automaticallyformatrunkgroupthatisdynamiconbothendsofthelink,the
portsononeendofasetoflinksmustbeLACPActive.Theportsontheother
endcanbeeitherLACPActiveorLACPPassive.Theactivecommandenables
theswitchtoautomaticallyestablisha(dynamic)LACPtrunkgroupwhenthe
deviceontheotherendofthelinkisconfiguredforLACPPassive.
12-15
PortTrunking
Figure12-10.ExampleofCriteriaforAutomaticallyFormingaDynamicLACPTrunk
SwitchA
withportsset
toLACP
passive.
SwitchB
withportsset
toLACP
passive.
DynamicLACPtrunkcannotautomaticallyformbecauseboth
endsofthelinksareLACPpassive.
(Inthiscasespanning-treeblockingisneededtopreventaloop.
SwitchA
withportsset
toLACP
active.
SwitchB
withportsset
toLACP
passive.
DynamicLACPtrunkautomaticallyformsbecauseboth
endsofthelinksareLACPandatleastoneendisLACP
active.(Spanningtreeisnotneeded,andtheclear
advantagesareincreasedbandwidthandfault-tolerance.)
Syntax: interface<port-list>lacpactive
Configures<port-list>asLACPactive.Iftheportsattheother
endofthelinkson<port-list>areconfiguredasLACPpassive,
thenthiscommandenablesadynamicLACPtrunkgroupon
<port-list>.
ThisexampleusesportsC4andC5toenableadynamicLACPtrunkgroup.
Pr oCur ve( conf i g) # i nt er f ace c4- c5 l acp act i ve
RemovingPortsfromanDynamicLACPTrunkGroup. Toremovea
portfromdynamicLACPtrunkoperation,youmustturnoffLACPontheport.
(Onaportinanoperating,dynamicLACPtrunk,youcannotchangebetween
LACPActiveandLACPpassivewithoutfirstremovingLACPoperationfrom
theport.)
12-16
PortTrunking
Web:ViewingExistingPortTrunkGroups
Ca u t i o n Unlessspanningtreeisrunningonyournetwork,removingaportfromatrunk
canresultinaloop.Tohelppreventabroadcaststormwhenyouremovea
portfromatrunkwherespanningtreeisnotinuse,ProCurverecommends
thatyoufirstdisabletheportordisconnectthelinkonthatport.
Syntax: nointerface<port-list>lacp
Removes<port-list>fromanydynamicLACPtrunkand
returnstheportsin <port-list> topassiveLACP.
Inthisexample,portC6belongstoanoperating,dynamicLACPtrunk.To
removeportC6fromthedynamictrunkandreturnittopassiveLACP,you
woulddothefollowing:
Pr oCur ve( conf i g) # no i nt er f ace c6 l acp
Pr oCur ve( conf i g) # i nt er f ace c6 l acp passi ve
Notethatintheaboveexample,iftheportontheotherendofthelinkis
configuredforactiveLACPorstaticLACP,thetrunkedlinkwillbere-
establishedalmostimmediately.
Web:ViewingExistingPortTrunk
Groups
Whilethewebbrowserinterfacedoesnotenableyoutoconfigureaporttrunk
group,itdoesprovideaviewofanexistingtrunkgroup.
Toviewanyporttrunkgroups:
ClickontheStatustab.
Clickon[PortStatus].
12-17
PortTrunking
TrunkGroupOperationUsingLACP
TheswitchcanautomaticallyconfigureadynamicLACPtrunkgrouporyou
canmanuallyconfigureastaticLACPtrunkgroup.
Not e LACPrequiresfull-duplex(FDx)linksofthesamemediatype(10/100Base-T,
100FX,etc.)andthesamespeed,andenforcesspeedandduplexconformance
acrossatrunkgroup.Formostinstallations,ProCurverecommendsthatyou
leavetheportModesettingsatAuto(thedefault).LACPalsooperateswith
Auto-10,Auto-100,andAuto-1000(ifnegotiationselectsFDx),and10FDx,100FDx,
and1000FDxsettings.
LACPtrunkstatuscommandsinclude:
TrunkDisplayMethod StaticLACPTrunk DynamicLACPTrunk
CLIshowlacpcommand Includedinlisting. Includedinlisting.
CLIshowtrunkcommand Includedinlisting. Notincluded.
Port/TrunkSettingsscreeninmenuinterface Includedinlisting. Notincluded
Thus,todisplayalistingofdynamicLACPtrunkports,youmustusetheshow
lacpcommand.
Inmostcases,trunksconfiguredforLACPontheswitchescoveredinthisguide
operateasdescribedintable12-4onthenextpage.
12-18
PortTrunking
Table12-4. LACPTrunkTypes
LACPPortTrunk
Configuration
Operation
DynamicLACP Thisoptionautomaticallyestablishesan802.3ad-complianttrunkgroup,withLACPfortheportType
parameterandDynXfortheportGroupname,whereXisanautomaticallyassignedvaluefrom1to24,
dependingonhowmanydynamicandstatictrunksarecurrentlyontheswitch.(Theswitchallowsa
maximumof24trunkgroupsinanycombinationofstaticanddynamictrunks.)
Note:DynamicLACPtrunksoperateonlyinthedefaultVLAN(unlessGVRPisenabledandForbidis
usedtopreventthetrunkedportsfromjoiningthedefaultVLAN).Thus,ifanLACPdynamicport
formsusingportsthatarenotinthedefaultVLAN,thetrunkwillautomaticallymovetothedefault
VLANunlessGVRPoperationisconfiguredtopreventthisfromoccurring.Insomecases,thiscan
createatrafficloopinyournetwork.Formoreonthistopic,refertoVLANsandDynamicLACPon
page12-23.
Underthefollowingconditions,theswitchautomaticallyestablishesadynamicLACPporttrunkgroup
andassignsaportGroupname:
Theportsonbothendsofeachlinkhavecompatiblemodesettings(speedandduplex).
TheportononeendofeachlinkmustbeconfiguredforLACPActiveandtheportontheotherend
ofthesamelinkmustbeconfiguredforeitherLACPPassiveorLACPActive.Forexample:
Switch1
PortX:
LACPEnable:Active
PortY:
LACPEnable:Active
Switch2
PortA:
LACPEnable:Active
PortB:
LACPEnable:Passive
Active-to-Active
Active-to-Passive
EitheroftheabovelinkconfigurationsallowadynamicLACPtrunklink.
BackupLinks:Amaximumofeightoperatinglinksareallowedinthetrunk,but,withdynamicLACP,
youcanconfigureoneormoreadditional(backup)linksthattheswitchautomaticallyactivatesifa
primarylinkfails.Toconfigurealinkasastandbyforanexistingeight-portdynamicLACPtrunk,ensure
thattheportsinthestandbylinkareconfiguredaseitheractive-to-activeoractive-to-passivebetween
switches.
DisplayingDynamicLACPTrunkData:TolisttheconfigurationandstatusforadynamicLACPtrunk,
usetheCLIshowlacpcommand.
Note:Thedynamictrunkisautomaticallycreatedbytheswitch,andisnotlistedinthestatictrunk
listingsavailableinthemenuinterfaceorintheCLIshowtrunklisting.
12-19
PortTrunking
StaticLACP Providesamanuallyconfigured,staticLACPtrunktoaccommodatetheseconditions:
LACPPortTrunk
Configuration
Operation
TheportontheotherendofthetrunklinkisconfiguredforastaticLACPtrunk.
Youwanttoconfigurenon-defaultspanningtreeorIGMPparametersonanLACPtrunkgroup.
YouwantanLACPtrunkgrouptooperateinaVLANotherthanthedefaultVLANandGVRPis
disabled.(RefertoVLANsandDynamicLACPonpage12-23.)
YouwanttouseamonitorportontheswitchtomonitoranLACPtrunk.
Thetrunkoperatesifthetrunkgroupontheoppositedeviceisrunningoneofthefollowingtrunking
protocols:
ActiveLACP
PassiveLACP
Trunk
ThisoptionusesLACPfortheportTypeparameterandTrkXfortheportGroupparameter,whereXis
anautomaticallyassignedvalueinarangecorrespondingtothemaximumnumberoftrunkstheswitch
allows.(Thetableonpage12-5liststhemaximumnumberoftrunkgroupsallowedontheswitches
coveredinthisguide.)
DisplayingStaticLACPTrunkData:TolisttheconfigurationandstatusforastaticLACPtrunk,usethe
CLIshowlacpcommand.TolistastaticLACPtrunkwithitsassignedports,usetheCLIshowtrunk
commandordisplaythemenuinterfacePort/TrunkSettingsscreen.
StaticLACPdoesnotallowstandbyports.
12-20
PortTrunking
DefaultPortOperation
Inthedefaultconfiguration,LACPisdisabledforallports.IfLACPisnot
configuredasActiveonatleastoneendofalink,thentheportdoesnottry
todetectatrunkconfigurationandoperatesasastandard,untrunkedport.
Table12-5liststheelementsofper-portLACPoperation.Todisplaythisdata
foraswitch,executethefollowingcommandintheCLI:
Pr oCur ve> show l acp
Table12-5. LACPPortStatusData
StatusName Meaning
PortNumb ShowsthephysicalportnumberforeachportconfiguredforLACPoperation(C1,C2,C3).Unlistedport
numbersindicatethatthemissingportsareassignedtoastaticTrunkgrouparenotconfiguredforany
trunking.
LACPEnabled Active:TheportautomaticallysendsLACPprotocolpackets.
Passive:TheportdoesnotautomaticallysendLACPprotocolpackets,andrespondsonlyifitreceives
LACPprotocolpacketsfromtheoppositedevice.
AlinkhavingeithertwoactiveLACPportsoroneactiveportandonepassiveportcanperformdynamic
LACPtrunking.AlinkhavingtwopassiveLACPportswillnotperformLACPtrunkingbecausebothports
arewaitingforanLACPprotocolpacketfromtheoppositedevice.
Note:Inthedefaultswitchconfiguration,LACPisdisabledforallports.
TrunkGroup TrkX:ThisporthasbeenmanuallyconfiguredintoastaticLACPtrunk.
TrunkGroupSameasPortNumber:TheportisconfiguredforLACP,butisnotamemberofaporttrunk.
PortStatus Up:TheporthasanactiveLACPlinkandisnotblockedorinStandbymode.
Down:Theportisenabled,butanLACPlinkisnotestablished.Thiscanindicate,forexample,aportthat
isnotconnectedtothenetworkoraspeedmismatchbetweenapairoflinkedports.
Disabled:Theportcannotcarrytraffic.
Blocked:LACP,spanningtreehasblockedtheport.(TheportisnotinLACPStandbymode.)Thismay
beduetoa(brief)trunknegotiationoraconfigurationerrorsuchasdifferingportspeedsonthesame
linkortryingtoconnecttheswitchtomoretrunksthanitcansupport.(Seethetableonpage12-5.)
Note:Someolderdevicesarelimitedtofourportsinatrunk.WheneightLACP-enabledportsare
connectedtooneoftheseolderdevices,fourportsconnect,buttheotherfourportsareblocked.
Standby:TheportisconfiguredfordynamicLACPtrunkingtoanotherdevice,butthemaximumnumber
ofportsfortheDynamictrunktothatdevicehasalreadybeenreachedoneithertheswitchortheother
device.Thisportwillremaininreserve,orstandbyunlessLACPdetectsthatanother,activelinkinthe
trunkhasbecomedisabled,blocked,ordown.Inthiscase,LACPautomaticallyassignsaStandbyport,
ifavailable,toreplacethefailedport.
LACPPartner Yes:LACPisenabledonbothendsofthelink.
No:LACPisenabledontheswitch,buteitherLACPisnotenabledorthelinkhasnotbeendetectedon
theoppositedevice.
12-21
PortTrunking
StatusName Meaning
LACPStatus Success:LACPisenabledontheport,detectsandsynchronizeswithadeviceontheotherendofthe
link,andcanmovetrafficacrossthelink.
Failure:LACPisenabledonaportanddetectsadeviceontheotherendofthelink,butisnotableto
synchronizewiththisdevice,andthereforenotabletosendLACPpacketsacrossthelink.Thiscanbe
caused,forexample,byaninterveningdeviceonthelink(suchasahub),abadhardwareconnection,
oriftheLACPoperationontheoppositedevicedoesnotcomplywiththeIEEE802.3adstandard.
LACPNotesandRestrictions
802.1X(Port-BasedAccessControl)ConfiguredonaPort.Tomain-
tainsecurity,LACPisnotallowedonportsconfiguredfor802.1Xauthenticator
operation.IfyouconfigureportsecurityonaportonwhichLACP(activeor
passive)isconfigured,theswitchremovestheLACPconfiguration,displays
anoticethatLACPisdisabledontheport(s),andenables802.1Xonthatport.
Pr oCur ve( conf i g) # aaa por t - access aut hent i cat or b1
LACP has been di sabl ed on 802. 1x por t ( s) .
Pr oCur ve( conf i g) #
TheswitchwillnotallowyoutoconfigureLACPonaportonwhichport
access(802.1X)isenabled.Forexample:
Pr oCur ve( conf i g) # i nt b1 l acp passi ve
Er r or conf i gur i ng por t < por t - number >: LACP and 802. 1x
cannot be r un t oget her .
TorestoreLACPtotheport,youmustfirstremovetheports802.1Xconfigu-
rationandthenre-enableLACPactiveorpassiveontheport.
PortSecurityConfiguredonaPort.Tomaintainsecurity,LACPisnot
allowedonportsconfiguredforportsecurity.Ifyouconfigureportsecurity
onaportonwhichLACP(activeorpassive)isconfigured,theswitchremoves
theLACPconfiguration,displaysanoticethatLACPisdisabledontheport(s),
andenablesportsecurityonthatport.Forexample:
Pr oCur ve( conf i g) # por t - secur i t y a17 l ear n- mode st at i c
addr ess- l i mi t 2
LACP has been di sabl ed on secur ed por t ( s) .
12-22
PortTrunking
TheswitchwillnotallowyoutoconfigureLACPonaportonwhichport
securityisenabled.Forexample:
Pr oCur ve( conf i g) # i nt a17 l acp passi ve
Er r or conf i gur i ng por t A17: LACP and por t secur i t y cannot
be r un t oget her .
TorestoreLACPtotheport,youmustremoveportsecurityandre-enable
LACPactiveorpassive.
ChangingTrunkingMethods.Toconvertatrunkfromstatictodynamic,
youmustfirsteliminatethestatictrunk.
StaticLACPTrunks.WhereaportisconfiguredforLACP(Activeor
Passive),butdoesnotbelongtoanexistingtrunkgroup,youcanaddthatport
toastatictrunk.DoingsodisablesdynamicLACPonthatport,whichmeans
youmustmanuallyconfigurebothendsofthetrunk.
DynamicLACPTrunks. YoucanconfigureaportforLACP-activeorLACP-
passive,butonadynamicLACPtrunkyoucannotconfiguretheotheroptions
thatyoucanonstatictrunks.Ifyouwanttomanuallyconfigureatrunk,use
thetrunkcommand.(RefertoUsingtheCLIToConfigureaStaticorDynamic
TrunkGrouponpage12-14.)
VLANsandDynamicLACP. AdynamicLACPtrunkoperatesonlyinthe
defaultVLAN(unlessyouhaveenabledGVRPontheswitchanduseForbidto
preventtheportsfromjoiningthedefaultVLAN).
IfyouwanttouseLACPforatrunkonanon-defaultVLANandGVRPis
disabled,configurethetrunkasastatictrunk.
12-23

PortTrunking
BlockedPortswithOlderDevices.Someolderdevicesarelimitedtofour
portsinatrunk.WheneightLACP-enabledportsareconnectedtooneofthese
olderdevices,fourportsconnect,buttheotherfourportsareblocked.The
LACPstatusoftheblockedportsisshownasFailure.
Ifoneoftheotherportsbecomesdisabled,ablockedportwillreplaceit(Port
StatusbecomesUp).Whentheotherportbecomesactiveagain,thereplace-
mentportgoesbacktoblocked(PortStatusisBlocked).Itcantakeafew
secondsfortheswitchtodiscoverthecurrentstatusoftheports.
Pr oCur ve( et h- B1- B8) # show l acp
LACP
PORT LACP TRUNK PORT LACP LACP
NUMB ENABLED GROUP STATUS PARTNER STATUS
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
B1 Act i ve Dyn1 Up Yes Success
B5 Act i ve Dyn1 Bl ocked Yes Fai l ur e
B6 Act i ve Dyn1 Bl ocked Yes Fai l ur e
B7 Act i ve B7 Down No Success
B8 Act i ve B8 Down No Success
Figure12-11. BlockedPortswithLACP
12-24
PortTrunking
IfthereareportsthatyoudonotwantonthedefaultVLAN,ensurethat
theycannotbecomedynamicLACPtrunkmembers.Otherwiseatraffic
loopcanunexpectedlyoccur.Forexample:
VLAN-1
(Default
VLAN)
VLAN-2
VLAN-1
(Default
VLAN)
VLAN-2
VLAN-1
(Default
VLAN)
VLAN-2
VLAN-1
(Default
VLAN)
VLAN-2
IftheportsinVLAN2areconfiguredtoallowadynamictrunk(andGVRPisdisabled),addinga
secondlinkinVLAN2automaticallyformsadynamicLACPtrunkandmovesthetrunktoVLAN-1
(thedefaultVLAN),whichcreatesatrafficloopinVLAN1betweenthetwoswitchesand
eliminatesthelinkinVLAN2betweenthetwoswitches.
Figure12-12.ADynamicLACPTrunkForminginaVLANCanCauseaTrafficLoop
EasycontrolmethodsincludeeitherdisablingLACPontheselectedportsor
configuringthemtooperateinstaticLACPtrunks.
SpanningTreeandIGMP.IfSpanningTreeand/orIGMPisenabledinthe
switch,adynamicLACPtrunkoperatesonlywiththedefaultsettingsforthese
featuresanddoesnotappearintheportlistingsforthesefeatures.
Half-Duplexand/orDifferentPortSpeedsNotAllowedinLACP
Trunks.TheportsonbothsidesofanLACPtrunkmustbeconfiguredfor
thesamespeedandforfull-duplex(FDx).The802.3adLACPstandardspeci-
fiesafull-duplex(FDx)requirementforLACPtrunking.(10-gigabitports
operateonlyatFDx.)
AportconfiguredasLACPpassiveandnotassignedtoaporttrunkcanbe
configuredtohalf-duplex(HDx).However,inanyofthefollowingcases,a
portcannotbereconfiguredtoanHDxsetting:
Iftheportisa10-gigabitport.
IfaportissettoLACPActive,youcannotconfigureittoHDx.
IfaportisalreadyamemberofastaticordynamicLACPtrunk,youcannot
configureittoHDx.
IfaportisalreadysettoHDx,theswitchdoesnotallowyoutoconfigure
itforastaticordynamicLACPtrunk.
12-25
PortTrunking
TrunkGroupOperationUsingtheTrunkOption
Dynamic/StaticLACPInteroperation:Aportconfiguredfordynamic
LACPcanproperlyinteroperatewithaportconfiguredforstatic(TrkX)LACP,
butanyportsconfiguredasstandbyLACPlinkswillbeignored.
TrunkGroupOperationUsingthe
TrunkOption
Thismethodcreatesatrunkgroupthatoperatesindependentlyofspecific
trunkingprotocolsanddoesnotuseaprotocolexchangewiththedeviceon
theotherendofthetrunk.Withthischoice,theswitchsimplyusestheSA/DA
methodofdistributingoutboundtrafficacrossthetrunkedportswithout
regardforhowthattrafficishandledbythedeviceattheotherendofthe
trunkedlinks.Similarly,theswitchhandlesincomingtrafficfromthetrunked
linksasifitwerefromatrunkedsource.
Whenatrunkgroupisconfiguredwiththetrunkoption,theswitchautomati-
callysetsthetrunktoapriorityof4forspanning-treeoperation(evenif
spanning-treeiscurrentlydisabled.Thisappearsintherunning-configfileas
spanni ng- t r ee Tr kn pr i or i t y 4.Executingwritememoryafterconfig-
uringthetrunkplacesthesameentryinthestartup-configfile.
UsetheTrunkoptiontoestablishatrunkgroupbetweenaswitchcoveredin
thisguideandanotherdevice,wheretheotherdevicestrunkingoperationfails
tooperateproperlywithLACPtrunkingconfiguredontheswitches.
12-26
PortTrunking
HowtheSwitchListsTrunkData
HowtheSwitchListsTrunkData
StaticTrunkGroup:Appearsinthemenuinterfaceandtheoutputfromthe
CLIshowtrunkandshowinterfacescommands.
DynamicLACPTrunkGroup:AppearsintheoutputfromtheCLIshowlacp
command.
InterfaceOption DynamicLACP
TrunkGroup
StaticLACP
TrunkGroup
StaticNon-Protocol
MenuInterface No Yes Yes
CLIshowtrunk No Yes Yes
CLIshowinterfaces No Yes Yes
CLIshowlacp Yes Yes No
CLIshowspanning-tree No Yes Yes
CLIshowigmp No Yes Yes
CLIshowconfig No Yes Yes
OutboundTrafficDistributionAcross
TrunkedLinks
Thetwotrunkgroupoptions(LACPandTrunk)usesource-destination
addresspairs(SA/DA)fordistributingoutboundtrafficovertrunkedlinks.
SA/DA(sourceaddress/destinationaddress)causestheswitchtodistribute
outboundtraffictothelinkswithinthetrunkgrouponthebasisofsource/
destinationaddresspairs.Thatis,theswitchsendstrafficfromthesame
sourceaddresstothesamedestinationaddressthroughthesametrunkedlink,
andmayalsosendtrafficfromthesamesourceaddresstoadifferentdesti-
nationaddressthroughthesamelinkoradifferentlink,dependingonthe
mappingofpathassignmentsamongthelinksinthetrunk.Likewise,the
switchdistributestrafficforthesamedestinationaddressbutfromdifferent
sourceaddressesthroughlinksdependingonthepathassignment.
12-27
PortTrunking
OutboundTrafficDistributionAcrossTrunkedLinks
Theload-balancingisdoneonapercommunicationbasis.Otherwise,traffic
istransmittedacrossthesamepathasshowninfigure12-13.Thatis,ifClient
AattachedtoSwitch1sendsfivepacketsofdatatoServerAattachedto
Switch2,thesamelinkisusedtosendallfivepackets.TheSA/DAaddress
pairforthetrafficisthesame.Thepacketsarenotevenlydistributedacross
anyotherexistinglinksbetweenthetwoswitches;theyalltakethesamepath.
Client A Client B
Switch 1 Switch 2
All five packets go through
the same link
Figure12-13.ExampleofSinglePathTrafficthroughaTrunk
Theactualdistributionofthetrafficthroughatrunkdependsonacalculation
usingbitsfromtheSourceAddressandDestinationaddress.WhenanIP
addressisavailable,thecalculationincludesthelastfivebitsoftheIPsource
addressandIPdestinationaddress,otherwisetheMACaddressesareused.
Theresultofthatprocessundergoesamappingthatdetermineswhichlink
thetrafficgoesthrough.Ifyouhaveonlytwoportsinatrunk,itispossible
thatallthetrafficwillbesentthroughoneporteveniftheSA/DApairsare
different.Themoreportsyouhaveinthetrunk,themorelikelyitisthatthe
trafficwillbedistributedamongthelinks.
Whenanewportisaddedtothetrunk,theswitchbeginssendingtraffic,either
newtrafficorexistingtraffic,throughthenewlink.Aslinksareaddedor
deleted,theswitchredistributestrafficacrossthetrunkgroup.Forexample,
infigure12-14showingathree-porttrunk,trafficcouldbeassignedasshown
intable12-6.
Switch Switch
A W
C Y
B X
D Z
1
2
3
C
C
C
Figure12-14.ExampleofPort-TrunkedNetwork
12-28
PortTrunking
Table12-6. ExampleofLinkAssignmentsinaTrunkGroup(SA/DADistribution)
Source: Destination: Link:
NodeA NodeW 1
NodeB NodeX 2
NodeC NodeY 3
NodeD NodeZ 1
NodeA NodeY 2
NodeB NodeW 3
Becausetheamountoftrafficcomingfromorgoingtovariousnodesina
networkcanvarywidely,itispossibleforonelinkinatrunkgrouptobefully
utilizedwhileotherlinksinthesametrunkhaveunusedbandwidthcapacity
eveniftheassignmentswereevenlydistributedacrossthelinksinatrunk.
12-29
PortTrunking
12-30
13
PortTrafficControls
Contents
Overview .................................................... 13-2
Rate-Limiting ................................................ 13-3
AllTrafficRate-Limiting ... .................................. 13-3
ConfiguringRate-Limiting................................ 13-3
DisplayingtheCurrentRate-LimitConfiguration ............ 13-5
Operating NotesforRate-Limiting ..... .................... 13-5
JumboFrames ............................................... 13-8
Terminology ............................................... 13-8
OperatingRules ............................................ 13-9
ConfiguringJumboFrameOperation ......................... 13-10
Overview ............................................. 13-10
ViewingtheCurrentJumboConfiguration ................. 13-11
EnablingorDisablingJumboTrafficonaVLAN ............ 13-13
ConfiguringaMaximumFrameSize.......................... 13-13
ConfiguringIPMTU .................................... 13-14
SNMPImplementation ................................. 13-14
DisplayingtheMaximumFrame Size ..................... 13-15
OperatingNotesforMaximumFrameSize ................ 13-15
OperatingNotesforJumboTraffic-Handling .................. 13-15
Troubleshooting .......................................... 13-18
13-1
PortTrafficControls
Overview
Overview
Rate-Limiting None n/a 13-3 n/a
JumboPackets Disabled n/a 13-8 n/a
Thischapterincludes:
Rate-Limiting:Enablesaporttolimittheamountofbandwidthauser
ordevicemayutilizefortrafficontheswitch.
JumboFrames:Enablesportsoperatingat1Gbpsor10Gbpsspeedsto
acceptinboundframesofupto9220byteswhenconfiguredforjumbo
traffic.
13-2
PortTrafficControls
Rate-Limiting
Rate-Limiting
rate-limitall none n/a page13-3 n/a
showrate-limitall n/a n/a page13-5 n/a
AllTrafficRate-Limiting
Rate-limitingforalltrafficoperatesonaper-portbasistoallowonlythe
specifiedbandwidthtobeusedforinboundoroutboundtraffic.Whentraffic
exceedstheconfiguredlimit,itisdropped.Thiseffectivelysetsausagelevel
onagivenport,andisatoolforenforcingmaximumservicelevelcommit-
mentsgrantedtonetworkusers.Thisfeatureoperatesonaper-portleveland
isnotconfigurableonporttrunks.Notethatrate-limitingisdesignedtobe
appliedatthenetworkedgetolimittrafficfromnon-criticalusersortoenforce
serviceagreementssuchasthoseofferedbyInternetServiceProviders(ISPs)
toprovideonlythebandwidthforwhichacustomerhaspaid.
Not e Rate-limitingalsocanbeappliedbyaRADIUSserverduringanauthentication
clientsession.Forfurtherdetails,refertothechaptertitledRADIUSAuthen-
ticationandAccountingintheAccessSecurityGuideforyourswitch.
Ca u t i o n Rate-limiting is intended for use on edge ports in a network. It is not
recommended for use on links to other switches, routers, or servers
within a network, or for use in the network core. Doing so can
interfere with applications the network requires to function properly.
ConfiguringRate-Limiting
Therate-limitallcommandcontrolstherateoftrafficsentorreceivedona
portbysettingalimitonthebandwidthavailable.Itincludesoptionsfor:
Rate-limitingoneitherinboundoroutboundtraffic.
Specifyingthetrafficrateaseitherapercentageofbandwidth,orinterms
ofbitspersecond.
13-3
PortTrafficControls
Rate-Limiting
Not e
Syntax: [no]int<port-list>rate-limitallin<percent<0-100>|kbps
<0-10000000>>
Configuresatrafficratelimit(onnon-trunkedports)onthe
link.The"no"formofthecommanddisablesrate-limitingon
thespecifiedports.
(Default:Disabled.)
Optionsinclude:
inSpecifiesatrafficratelimitoninboundtrafficpassing
throughthatport,oronoutboundtraffic.
percentorkbpsSpecifiestheratelimitasapercentageof
totalavailablebandwidth,orinkilobitspersecond.
Notes:
Rate-limitingdoesnotapplytotrunkedports.
Kbpsrate-limitingisdoneinsegmentsof1%ofthelowest
correspondingmediaspeed.Forexample,ifthemedia
speedis100Kbps,thevaluewouldbe1Mbps.A1-100Kbps
rate-limitisimplementedasalimitof100Kbps;alimitof
100-199Kbpsisalsoimplementedasalimitof100Kbps,
alimitof200-299Kbpsisimplementedasalimitof200
Kbps,andsoon.
Percentagelimitsarebasedonlinkspeed.Forexample,if
a100Mbpsportnegotiatesalinkat100Mbpsandthe
inboundrate-limitisconfiguredat50%,thenthetraffic
flowthroughthatportislimitedtonomorethan50Mbps.
Similarly,ifthesameportnegotiatesa10Mbpslink,then
itallowsnomorethan5Mbpsofinboundtraffic.
Configuringaratelimitof0(zero)onaportblocksalltraffic
onthatport.However,ifthisisthedesiredbehavioronthe
port,ProCurverecommendsusingthe<port-list>disable
commandinsteadofconfiguringaratelimitof0.
Youcanconfigurearatelimitfromeithertheglobalconfigurationlevelor
fromtheportcontextlevel.Forexample,eitherofthefollowingcommands
configuresaninboundratelimitof60%onportsA3-A5:
Pr oCur ve ( conf i g) # i nt a3- a5 r at e- l i mi t al l i n per cent 60
Pr oCur ve ( et h- A3- A5) # r at e- l i mi t al l i n per cent 60
Youmustexecuteawritememtosavetherate-limitingconfigurationtothe
start-upconfigfile.
13-4

PortTrafficControls
Rate-Limiting
DisplayingtheCurrentRate-LimitConfiguration
Theshowrate-limitallcommanddisplaystheper-portrate-limitconfiguration.
Syntax: showrate-limitall[port-list]
Without[port-list],thiscommandliststherate-limit
configurationforallportsontheswitch.With[port-list],this
commandliststherate-limitconfigurationforthespecified
port(s).ThiscommandoperatesthesamewayinanyCLI
context.
Forexample,ifyouwantedtoviewtherate-limitingconfiguration:
Pr oCur ve( conf i g) # show r at e- l i mi t al l
I nbound Rat e Li mi t Maxi mum%
Por t | Li mi t Mode Radi us Over r i de
- - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 | Di sabl ed Di sabl ed No- over r i de
2 | 500 kbps No- over r i de
3 | 50 % No- over r i de
Figure13-1.ExampleofListingtheRate-LimitConfiguration
OperatingNotesforRate-Limiting
Rate-limitingoperatesonaper-portbasis,regardlessoftraffic
priority.Rate-limitingisavailableonalltypesofports(otherthantrunked
ports)ontheswitchescoveredinthisguide,andatallportspeeds
configurableforthesedevices.
Rate-limitingisnotallowedontrunkedports:Rate-limitingisnot
supportedonportsconfiguredinatrunkgroup.Configuringaportfor
rate-limitingandthenaddingittoatrunksuspendsrate-limitingonthe
portwhileitisinthetrunk.Attemptingtoconfigurerate-limitingonaport
thatalreadybelongstoatrunkgeneratesthefollowingmessage:
<port-list>: Oper at i on i s not al l owed f or a t r unked por t .
13-5
PortTrafficControls
Rate-Limiting
Rate-limitingisvisibleasanoutboundforwardingrate:Because
inboundrate-limitingisperformedonpacketsduringpacket-processing,
itisnotshownviatheinbounddropcounters.Instead,thislimitis
verifiableastheratioofoutboundtrafficfromaninboundrate-limited
portversustheinboundrate.
Operationwithotherfeatures:Configuringrate-limitingonaport
whereotherfeaturesaffectportqueuebehavior(suchasflowcontrol)
canresultintheportnotachievingitsconfiguredrate-limitingmaximum.
Forexample,inasituationwhereflowcontrolisconfiguredonarate-
limitedport,therecanbeenoughbackpressuretoholdhigh-priority
inboundtrafficfromtheupstreamdeviceorapplicationtoaratethatis
lowerthantheconfiguredratelimit.Inthiscase,theinboundtrafficflow
doesnotreachtheconfiguredrateandlowerprioritytrafficisnot
forwardedintotheswitchfabricfromtherate-limitedport.(Thisbehavior
istermedhead-of-lineblockingandisawell-knownproblemwithflow-
control.)Inanothertypeofsituation,anoutboundportcanbecome
oversubscribedbytrafficreceivedfrommultiplerate-limitedports.Inthis
case,theactualratefortrafficontherate-limitedportsmaybelowerthan
configuredbecausethetotaltrafficloadrequestedtotheoutboundport
exceedstheportsbandwidth,andthussomerequestedtrafficmaybeheld
offoninbound.
Trafficfiltersonrate-limitedports:Configuringatrafficfilterona
portdoesnotpreventtheswitchfromincludingfilteredtrafficinthe
bandwidth-usemeasurementforrate-limitingwhenitisconfiguredonthe
sameport.Forexample,ACLs,source-portfilters,protocolfilters,and
multicastfiltersareallincludedinbandwidthusagecalculations.
Monitoring(Mirroring)rate-limitedinterfaces:Ifmonitoringis
configured,packetsdroppedbyrate-limitingonamonitoredinterfacewill
stillbeforwardedtothedesignatedmonitorport.(Monitoringshowswhat
trafficisinboundonaninterface,andisnotaffectedbydropor
forwarddecisions.)
Optimumrate-limitingoperation:Optimumrate-limiting occurswith
64-bytepacketsizes.Trafficwithlargerpacketsizescanresultin
performancesomewhatbelowtheconfiguredbandwidth.Thisisto
ensurethestrictestpossiblerate-limitingofallsizesofpackets.
13-6
NoteonTesting
Rate-Limiting
PortTrafficControls
Rate-Limiting
Rate-limitingisappliedtotheavailablebandwidthonaport,andnottoany
specificapplicationsrunningthroughtheport.Ifthetotalbandwidth
requestedbyallapplicationsislessthantheconfiguredmaximumrate,then
norate-limitcanbeapplied.Thissituationoccurswithanumberofpopular
throughput-testingapplications,aswellasmostregularnetworkapplications.
Considerthefollowingexamplethatusestheminimumpacketsize:
Thetotalavailablebandwidthona100MbpsportX(allowingforInter-
packetGapIPG),withnorate-limitingrestrictions,is:
(((100,000,000 bits) / 8 ) / 84) x 64 = 9,523,809 bytes per second
where:
Thedivisor(84)includesthe12-byteIPG,8-bytepreamble,and64-
bytesofdatarequiredtotransfera64-bytepacketona100Mbpslink.
Calculatedbytes-per-secondincludespacketheadersanddata.This
valueisthemaximumbytes-per-secondthat100Mbpscansupport
forminimum-sizedpackets.
SupposeportXisconfiguredwitharatelimitof50%(4,761,904bytes).
Ifathroughput-testingapplicationistheonlyapplicationusingtheport,
andtransmits1Mbyteofdatathroughtheport,itusesonly10.5%ofthe
portsavailablebandwidth,andtherate-limitof50%hasnoeffect.This
isbecausethemaximumratepermitted(50%)exceedsthetestapplica-
tionsbandwidthusage(126,642-164,062bytes,dependinguponpacket
size,whichisonly1.3-1.7%oftheavailabletotal).Beforerate-limitingcan
occur,thetestapplicationsbandwidthusagemustexceed50%ofthe
portstotalavailablebandwidth.Thatis,totesttherate-limitsetting,the
followingmustbetrue:
bandwidthusage>(0.50x9,523,809)
13-7
PortTrafficControls
JumboFrames
JumboFrames
displayVLANjumbostatus n/a 13-11
configurejumboVLANs Disabled 13-13
TheMaximumTransmissionUnit(MTU)isthemaximumsizeIPframethe
switchcanreceiveforLayer2framesinboundonaport.Theswitchdropsany
inboundframeslargerthantheMTUallowedontheport.Onportsoperating
at10Mbpsor100Mbps,theMTUisfixedat1522bytes.However,ports
operatingat1Gbsor10Gbpsspeedsacceptforwardframesofupto9220
bytes(includingfourbytesforaVLANtag)whenconfiguredforjumbotraffic.
Youcanenableinboundjumboframesonaper-VLANbasis.Thatis,onaVLAN
configuredforjumbotraffic,allportsbelongingtothatVLANandoperating
at1Gbsor10Gbpsallowinboundjumboframesofupto9220bytes.
(Regardlessofthemodeconfiguredonagivenjumbo-enabledport,iftheport
isoperatingatonly10Mbpsor100Mbps,onlyframesthatdonotexceed1522
bytesareallowedinboundonthatport.)
Terminology
JumboFrame:AnIPframeexceeding1522bytesinsize.Themaximum
Jumboframesizeis9220bytes.(Thissizeincludes4bytesfortheVLAN
tag.)
JumboVLAN:AVLANconfiguredtoallowinboundjumbotraffic.Allports
belongingtoajumboandoperatingat1Gbpsorhighercanreceivejumbo
framesfromexternaldevices.Iftheswitchisinamesheddomain,then
allmeshedports(operatingat1Gbpsorhigher)ontheswitchwillaccept
jumbotrafficfromotherdevicesinthemesh.
MTU(MaximumTransmissionUnit):Thisisthemaximum-sizeIPframe
theswitchcanreceiveforLayer2framesinboundonaport.Theswitch
allowsjumboframesofupto9220bytes.
StandardMTU:AnIPframeof1522bytesinsize.(Thissizeincludes4bytes
fortheVLANtag.)
13-8
PortTrafficControls
JumboFrames
OperatingRules
RequiredPortSpeed:Thisfeatureallowsinboundandoutboundjumbo
framesonportsoperatingatspeedsof1gigabitorhigher.Atlowerport
speeds,onlystandard(1522-byteorsmaller)framesareallowed,regard-
lessofthejumboconfiguration.
SwitchMeshing:IfyouenablejumbotrafficonaVLAN,thenallmeshed
portsontheswitchwillbeenabledtosupportjumbotraffic.(Onagiven
meshedswitch,everymeshedportoperatingat1Gbpsorhigherbecomes
amemberofeveryVLANconfiguredontheswitch.)
GVRPOperation:AVLANenabledforjumbotrafficcannotbeusedto
createadynamicVLAN.Aportbelongingtoastaticallyconfigured,jumbo-
enabledVLANcannotjoinadynamicVLAN.
PortAddsandMoves:IfyouaddaporttoaVLANthatisalready
configuredforjumbotraffic,theswitchenablesthatporttoreceivejumbo
traffic.Ifyouremoveaportfromajumbo-enabledVLAN,theswitch
disablesjumbotrafficcapabilityontheportonlyiftheportisnotcurrently
amemberofanotherjumbo-enabledVLAN.Thissameoperationapplies
toporttrunks.
JumboTrafficSources:Aportbelongingtoajumbo-enabledVLANcan
receiveinboundjumboframesthroughanyVLANtowhichitbelongs,
includingnon-jumboVLANs.Forexample,ifVLAN10(withoutjumbos
enabled)andVLAN20(withjumbosenabled)arebothconfiguredona
switch,andport1belongstobothVLANs,thenport1canreceivejumbo
trafficfromdevicesoneitherVLAN.Foramethodtoallowonlysome
portsinaVLANtoreceivejumbotraffic,refertoConfiguringaMaximum
FrameSizeonpage13-13.
13-9
PortTrafficControls
JumboFrames
ConfiguringJumboFrameOperation
Command Page
showvlans 13-11
showvlansports<port-list> 13-12
showvlans<vid> 13-13
jumbo 13-13
jumbomax-frame-size 13-13
Overview
1. DeterminetheVLANmembershipoftheportsortrunksthroughwhich
youwanttheswitchtoacceptinboundjumbotraffic.Foroperationwith
GVRPenabled,refertotheGVRPtopicunderOperatingRules,above.
2. Ensurethattheportsthroughwhichyouwanttheswitchtoreceivejumbo
framesareoperatingatleastatgigabitspeed.(ChecktheModefieldinthe
outputfortheshowinterfacesbrief<port-list>command.)
3. UsethejumbocommandtoenablejumboframesononeormoreVLANs
staticallyconfiguredintheswitch.(Allportsbelongingtoajumbo-
enabledVLANcanreceivejumboframes.
4. Executewritememorytosaveyourconfigurationchangestothestartup-
configfile.
13-10
PortTrafficControls
JumboFrames
ViewingtheCurrentJumboConfiguration
Syntax: showvlans
ListsthestaticVLANsconfiguredontheswitchandincludes
aJumbocolumntoindicatewhichVLANsareconfiguredto
supportinboundjumbotraffic.Allportsbelongingtoa
jumbo-enabledVLANcanreceivejumbotraffic.(Formore
informationrefertoConfiguringaMaximumFrameSize
onpage13-13.)SeeFigure13-2,below.
Figure13-2.ExampleListingofStaticVLANsToShowJumboStatusPerVLAN
Indicateswhichstatic
VLANsareconfiguredto
enablejumboframes.
Syntax: showvlansports<port-list>
ListsthestaticVLANstowhichthespecifiedport(s)belong,
includingtheJumbocolumntoindicatewhichVLANsare
configuredtosupportjumbotraffic.Enteringonlyoneport
in<port-list>resultsinalistofallVLANstowhichthatport
belongs.Enteringmultipleportsin<port-list>resultsina
supersetlistthatincludestheVLANmembershipsofallports
inthelist,eventhoughtheindividualportsinthelistmay
belongtodifferentsubsetsofthecompleteVLANlisting.For
example,ifport1belongstoVLAN1,port2belongstoVLAN
10,andport3belongstoVLAN15,thenexecutingthis
commandwitha<port-list>of1-3resultsinalistingofall
threeVLANs,eventhoughnoneoftheportsbelongtoallthree
VLANS.(RefertoFigure13-3.)
13-11
PortTrafficControls
JumboFrames
Indicateswhichstatic
VLANsareconfiguredto
enablejumboframes.
Figure13-3.ExampleofListingtheVLANMembershipsforaRangeofPorts
Syntax: showvlans<vid>
Thiscommandshowsportmembershipandjumbo
configurationforthespecified<vid>.
ListstheportsbelongingtoVLAN
100andwhethertheVLANis
enabledforjumboframetraffic.
Figure13-4.ExampleofListingthePortMembershipandJumboStatusforaVLAN
13-12
PortTrafficControls
JumboFrames
EnablingorDisablingJumboTrafficonaVLAN
Syntax: vlan<vid>jumbo
[no]vlan<vid>jumbo
ConfiguresthespecifiedVLANtoallowjumboframesonall
portsontheswitchthatbelongtothatVLAN. IftheVLANis
notalreadyconfiguredontheswitch,vlan<vid>jumboalso
createstheVLAN.Notethataportbelongingtoonejumbo
VLANcanreceivejumboframesthroughanyotherVLAN
staticallyconfiguredontheswitch,regardlessofwhetherthe
otherVLANisenabledforjumboframes.The[no]formofthe
commanddisablesinboundjumbotrafficonallportsinthe
specifiedVLANthatdonotalsobelongtoanotherVLANthat
isenabledforjumbotraffic.InaVLANcontext,thecommand
formsarejumboandnojumbo.(Default:Jumbosdisabledon
thespecifiedVLAN.)
ConfiguringaMaximumFrameSize
YoucangloballysetamaximumframesizeforJumboframesthatwillsupport
valuesfrom1518bytesto9216bytesforuntaggedframes.
Syntax: jumbomax-frame-size<size>
SetsthemaximumframesizeforJumboframes.Therange
isfrom1518bytesto9216bytes.
Note:Thejumbomax-frame-sizeissetonaGLOBALlevel.
Default:9216bytes
13-13
PortTrafficControls
JumboFrames
ConfiguringIPMTU
Not e Thefollowingfeatureisavailableontheswitchescoveredinthisguide.
Jumbossupportisrequired.Onswitchesthatdonotsupportthiscommand,
theIPMTUvalueisderivedfromthemaximumframesizeandisnotconfig-
urable.
YoucansettheIPMTUgloballybyenteringthiscommand.Thevalueofmax-
frame-sizemustbegreaterthanorequalto18bytesmorethanthevalue
selectedforip-mtu.Forexample,ifip-mtuissetto8964,themax-frame-sizeis
configuredas8982.
Syntax: jumboip-mtu<size>
GloballysetstheIPMTUsize.Valuesrangebetween1500and
9198bytes.Thisvaluemustbe18byteslessthanthevalueof
max-frame-size.
Default:9198bytes
SNMPImplementation
JumboMaximumFrameSize.
ThemaximumframesizeforJumbosissupportedwiththefollowingpropri-
etaryMIBobject:
hpSwitchMaxFrameSizeOBJECT-TYPE
Thisisthevalueoftheglobalmax-frame-sizesupportedbytheswitch.The
defaultvalueissetto9216bytes.
JumboIPMTU.
TheIPMTUforJumbosissupportedwiththefollowingproprietaryMIB
object:
hpSwitchIpMTUOBJECT-TYPE
ThisisthevalueoftheglobalJumbosIPMTU(orL3MTU)supportedbythe
switch.Thedefaultvalueissetto9198bytes(avaluethatis18byteslessthan
thelargestpossiblemaximumframesizeof9216bytes).Thisobjectcanonly
beusedinswitcheswhichsupportmax-frame-sizeandip-mtuconfiguration.
13-14
PortTrafficControls
JumboFrames
DisplayingtheMaximumFrameSize
Usetheshowjumboscommandtodisplaythegloballyconfigureduntagged
maximumframesizefortheswitch.
Pr oCur ve( conf i g) # show j umbos
J umbos Gl obal Val ues
Conf i gur ed : MaxFr ameSi ze : 9216 I p- MTU : 9198
I n Use : MaxFr ameSi ze : 9216 I p- MTU : 9198
Figure13-5.DisplayingtheMaximumFrameSizeandIPMTUValues
OperatingNotesforMaximumFrameSize
WhenyousetamaximumframesizeforJumboframes,itmustbeon
agloballevel.Youcannotusethejumbomax-frame-sizecommandon
aper-portorper-VLANbasis.
TheoriginalwaytoconfigureJumboframesremainsthesame,which
isper-VLAN,butyoucannotsetamaximumframesizeper-VLAN.
JumbosupportmustbeenabledforaVLANfromtheCLIorthrough
SNMP.
Settingthemaximumframesizedoesnotrequireareboot.
Whenyouupgradetoaversionofsoftwarethatsupportssettingthe
maximumframesizefromaversionthatdidnot,themax-frame-size
valueissetautomaticallyto9216bytes.
ConfiguringaJumbomaximumframesizeonaVLANallowsframes
uptomax-frame-sizeeventhoughotherVLANsofwhichtheportisa
memberarenotenabledforJumbosupport.
OperatingNotesforJumboTraffic-Handling
ProCurvedoesnotrecommendconfiguringavoiceVLANtoacceptjumbo
frames.VoiceVLANframesaretypicallysmall,andallowingavoiceVLAN
toacceptjumboframetrafficcandegradethevoicetransmissionperfor-
mance.
Youcanconfigurethedefault,primary,and/or(ifconfigured)themanage-
mentVLANtoacceptjumboframesonallportsbelongingtotheVLAN.
13-15
PortTrafficControls
JumboFrames
WhentheswitchappliesthedefaultMTU(1522-bytes)toaVLAN,allports
intheVLANcanreceiveincomingframesofupto1522bytesinlength.
WhentheswitchappliesthejumboMTU(9220bytes)toaVLAN,allports
inthatVLANcanreceiveincomingframesofupto9220bytesinlength.
AportreceivingframesexceedingtheapplicableMTUdropssuchframes,
causingtheswitchtogenerateanEventLogmessageandincrementthe
GiantRxcounter(displayedbyshowinterfaces<port-list>).
Theswitchallowsflowcontrolandjumboframecapabilitytoco-existon
aport.
ThedefaultMTUis1522bytes(including4bytesfortheVLANtag).The
jumboMTUis9220bytes(including4bytesfortheVLANtag).
Whenaportisnotamemberofanyjumbo-enabledVLAN,itdropsall
jumbotraffic.Iftheportisreceivingexcessiveinboundjumbotraffic,
theportgeneratesanEventLogmessagetonotifyyouofthiscondition.
ThissameconditiongeneratesaFault-FindermessageintheAlertlogof
theswitchswebbrowserinterface,andalsoincrementstheswitchs
GiantRxcounter.
IfyoudonotwantallportsinagivenVLANtoacceptjumboframes,you
canconsidercreatingoneormorejumboVLANswithamembership
comprisedofonlytheportsyouwanttoreceivejumbotraffic.Becausea
portbelongingtoonejumbo-enabledVLANcanreceivejumboframes
throughanyVLANtowhichitbelongs,thismethodenablesyoutoinclude
bothjumbo-enabledandnon-jumboportswithinthesameVLAN.For
example,supposeyouwantedtoallowinboundjumboframesonlyon
ports6,7,12,and13.However,theseportsarespreadacrossVLAN100
andVLAN200,andalsosharetheseVLANswithotherportsyouwant
excludedfromjumbotraffic.AsolutionistocreateathirdVLANwiththe
solepurposeofenablingjumbotrafficonthedesiredports,whileleaving
theotherportsontheswitchdisabledforjumbotraffic.Thatis:
VLAN100 VLAN200 VLAN300
Ports 6-10 11-15 6,7,12,and13
Jumbo- No No Yes
Enabled?
IftherearesecurityconcernswithgroupingtheportsasshownforVLAN
300,youcaneitherusesource-portfilteringtoblockunwantedtraffic
pathsorcreateseparatejumboVLANs,oneforports6and7,andanother
forports12and13.
OutboundJumboTraffic.Anyportoperatingat1Gbpsorhighercan
transmitoutboundjumboframesthroughanyVLAN,regardlessofthe
jumboconfiguration.TheVLANisnotrequiredtobejumbo-enabled,and
theportisnotrequiredtobelongtoanyother,jumboenabledVLANs.This
13-16
PortTrafficControls
JumboFrames
canoccurinsituationswhereanon-jumboVLANincludessomeportsthat
donotbelongtoanother,jumbo-enabledVLANandsomeportsthatdo
belongtoanother,jumbo-enabledVLAN.Inthiscase,portscapableof
receivingjumboframescanforwardthemtotheportsintheVLANthat
donothavejumbocapability.
Jumbo-EnabledVLAN
VLAN10
Non-JumboVLAN
VLAN20
Port3belongstobothVLAN10andVLAN20.
Jumboframesreceivedinboundonport3canbe
forwardedouttheNon-Jumboports4,5,and6.
1 5 2 3 4 6
Figure13-6.ForwardingJumboFramesThroughNon-JumboPorts
Jumboframescanalsobeforwardedoutnon-jumboportswhenthejumbo
framesreceivedinboundonajumbo-enabledVLANareroutedtoanother,
non-jumboVLANforoutboundtransmissiononportsthathavenomem-
bershipsinother,jumbo-capableVLANs.Whereeitheroftheabove
scenariosisapossibility,thedownstreamdevicemustbeconfiguredto
acceptthejumbotraffic.Otherwise,thistrafficwillbedroppedbythe
downstreamdevice.
JumboTrafficinaSwitchMeshDomain.Notethatifaswitchbelongs
toamesheddomain,butdoesnothaveanyVLANsconfiguredtosupport
jumbotraffic,thenthemeshedportsonthatswitchwilldropanyjumbo
framestheyreceivefromotherdevices.Inthisregard,ifameshdomain
includesanyProCurve1600M/2400M/2424M/4000M/8000Mswitches
alongwiththeswitchescoveredinthisguideconfiguredtosupportjumbo
traffic,onlytheswitchescoveredinthisguidewillreceivejumboframes.
Theotherswitchmodelsinthemeshwilldropsuchframes.Formore
informationonswitchmeshing,refertothechaptertitledSwitchMesh-
ingintheAdvancedTrafficManagementGuideforyourswitch.
13-17
PortTrafficControls
JumboFrames
Troubleshooting
AVLANisconfiguredtoallowjumboframes,butoneormoreports
dropsallinboundjumboframes. Theportmaynotbeoperatingat1giga-
bitorhigher.Regardlessofaportsconfiguration,ifitisactuallyoperatingat
aspeedlowerthan1gigabit,itdropsinboundjumboframes.Forexample,if
aportisconfiguredforAutomode(speed-duplexauto),buthasnegotiateda
100Mbpsspeedwiththedeviceattheotherendofthelink,thentheport
cannotreceiveinboundjumboframes.Todeterminetheactualoperating
speedofoneormoreports,viewtheModefieldintheoutputforthefollowing
command:
showinterfacesbrief<port-list>
Anon-jumboportisgeneratingExcessiveundersize/giantframes
messagesintheEventLog. Theswitchescantransmitoutboundjumbo
trafficonanyport,regardlessofwhethertheportbelongstoajumboVLAN.
Inthiscase,anotherportinthesameVLANontheswitchmaybejumbo-
enabledthroughmembershipinadifferent,jumbo-enabledVLAN,andmay
beforwardingjumboframesreceivedonthejumboVLANtonon-jumboports.
RefertoOutboundJumboTrafficonpage13-16.
13-18
14
ConfiguringforNetworkManagement
Applications
Contents
UsingSNMPToolsToManagetheSwitch...................... 14-3
Overview.................................................. 14-3
SNMPManagementFeatures................................. 14-4
ConfiguringforSNMPversion1and2cAccesstotheSwitch ..... 14-4
ConfiguringforSNMPVersion3AccesstotheSwitch ........... 14-5
SNMPVersion3Commands ................................. 14-6
EnablingSNMPv3....................................... 14-7
SNMPv3Users ......................................... 14-7
GroupAccessLevels ................................... 14-11
SNMPv3Communities .................................. 14-11
Communities.......................................... 14-13
CLI:ViewingandConfiguringSNMPCommunityNames .... 14-15
SNMPNotifications........................................ 14-17
SupportedNotifications ................................ 14-17
GeneralStepsforConfiguringSNMPNotifications ......... 14-18
SNMPv1andSNMPv2cTraps............................ 14-19
ConfiguringanSNMPTrapReceiver...................... 14-19
EnablingSNMPv2cInforms ............................. 14-21
ConfiguringSNMPv3Notifications....................... 14-23
ManagingNetworkSecurityNotifications................. 14-26
EnablingLink-ChangeTraps ............................ 14-28
ConfiguringtheSourceIPAddressforSNMPNotifications .. 14-29
DisplayingSNMPNotificationConfiguration............... 14-31
AdvancedManagement:RMON.............................. 14-33
CLI-ConfiguredsFlowwithMultipleInstances................. 14-33
14-1
ConfiguringforNetworkManagementApplications
Contents
Terminology .......................................... 14-33
ConfiguringsFlow..................................... 14-34
ViewingsFlowConfigurationandStatus .................. 14-34
LLDP(Link-LayerDiscoveryProtocol) ....................... 14-37
Terminology .............................................. 14-38
GeneralLLDPOperation .. ................................. 14-40
LLDP-MED ........................................... 14-40
PacketBoundariesinaNetworkTopology . ................... 14-40
ConfigurationOptions ..................................... 14-41
OptionsforReadingLLDPInformationCollectedbytheSwitch .. 14-43
LLDPandLLDP-MEDStandardsCompatibility ................ 14-44
LLDPOperatingRules ..................................... 14-44
ConfiguringLLDPOperation ................................ 14-45
ViewingtheCurrentConfiguration....................... 14-46
ConfiguringGlobalLLDPPacketControls ................. 14-47
ConfiguringSNMPNotificationSupport................... 14-51
ConfiguringPer-PortTransmitandReceiveModes ......... 14-52
ConfiguringBasicLLDPPer-PortAdvertisementContent.... 14-53
Advertisements........................................ 14-55
LLDP-MED(Media-Endpoint-Discovery) ..................... 14-56
LLDP-MEDTopologyChangeNotification................. 14-59
LLDP-MEDFastStartControl ........................... 14-61
andLocationData ..................................... 14-61
ConfiguringLocationDataforLLDP-MEDDevices ......... 14-65
DisplayingAdvertisementData ........ ...................... 14-70
Advertisements........................................ 14-71
DisplayingLLDPStatistics.............................. 14-75
LLDPOperatingNotes ..................................... 14-77
LLDPandCDPDataManagement ........................... 14-79
LLDPandCDPNeighborData ........................... 14-79
CDPOperationandCommands .......................... 14-81
14-2
UsingSNMPToolsToManagetheSwitch
Overview
YoucanmanagetheswitchviaSNMPfromanetworkmanagementstation
runninganapplicationsuchasProCurveManager(PCM)orProCurve
ManagerPlus(PCM+).FormoreonPCMandPCM+,visittheProCurve
Networkingwebsiteat:
www.procurve.com
Clickonproductsindexinthesidebar,thenclickontheappropriatelink
appearingundertheNetworkManagementheading.
Thissectionincludes:
AnoverviewofSNMPmanagementfortheswitch
Configuringtheswitchesfor:
SNMPCommunities(page14-11)
TrapReceiversandAuthenticationTraps(page14-17)
InformationonadvancedmanagementthroughRMONSupport(page
14-33)
ToimplementSNMPmanagement,theswitchmusthaveanIPaddress,
configuredeithermanuallyordynamically(usingDHCPorBootp).Ifmultiple
VLANsareconfigured,eachVLANinterfaceshouldhaveitsownIPaddress.
ForDHCPusewithmultipleVLANs,refertothesectiontitledThePrimary
VLANintheStaticVirtualLANs(VLANs)chapteroftheAdvancedTraffic
ManagementGuideforyourswitch.
Not e IfyouusetheswitchsAuthorizedIPManagersandManagementVLAN
features,ensurethattheSNMPmanagementstationand/orthechoiceof
switchportusedforSNMPaccesstotheswitcharecompatiblewiththeaccess
controlsenforcedbythesefeatures.Otherwise,SNMPaccesstotheswitch
willbeblocked.FormoreonAuthorizedIPManagers,refertotheAccess
SecurityGuideforyourswitch.(Thelatestversionofthisguideisavailable
ontheProCurveNetworkingwebsite.)ForinformationontheManagement
VLANfeature,refertothesectiontitledTheSecureManagementVLANin
theStaticVirtualLANs(VLANs)chapteroftheAdvancedTraffic
ManagementGuideforyourswitch.
14-3
SNMPManagementFeatures
SNMPmanagementfeaturesontheswitchinclude:
SNMPversion1,version2c,orversion3overIP
SecurityviaconfigurationofSNMPcommunities(page14-11)
SecurityviaauthenticationandprivacyforSNMPVersion3access
EventreportingviaSNMP
Version1traps
RMON:groups1,2,3,and9
ProCurveManager/Plussupport
FlowsamplingusingsFlow
StandardMIBs,suchastheBridgeMIB(RFC1493),EthernetMAUMIB
(RFC1515),andothers.
TheswitchSNMPagentalsousescertainvariablesthatareincludedina
Hewlett-PackardproprietaryMIB(ManagementInformationBase)file.Ifyou
areusingHPOpenView,youcanensurethatitisusingthelatestversionof
theMIBfilebydownloadingthefiletotheOpenViewdatabase.Todoso,go
totheProCurveNetworkingwebsiteat:
www.procurve.com
Clickonsoftwareupdates,thenMIBs.
ConfiguringforSNMPversion1and2cAccesstothe
Switch
SNMPaccessrequiresanIPaddressandsubnetmaskconfiguredonthe
switch.(RefertoIPConfigurationonpage8-2.)IfyouareusingDHCP/Bootp
toconfiguretheswitch,ensurethattheDHCP/BootpprocessprovidestheIP
address.(RefertoDHCP/BootpOperationonpage8-12.)
OnceanIPaddresshasbeenconfigured,themainstepsforconfiguringSNMP
version1andversion2caccessmanagementfeaturesare:
1. ConfiguretheappropriateSNMPcommunities.(RefertoSNMPv3Com-
munitiesonpage14-11.)
2. Configuretheappropriatetrapreceivers.(RefertoSNMPNotifications
onpage14-17.)
Insomenetworks,authorizedIPmanageraddressesarenotused.Inthiscase,
allmanagementstationsusingthecorrectcommunitynamemayaccessthe
switchwiththeViewandAccesslevelsthathavebeensetforthatcommunity.
14-4
Ifyouwanttorestrictaccesstooneormorespecificnodes,youcanusethe
switchsIPAuthorizedManagerfeature.(RefertotheAccessSecurityGuide
foryourswitch.)
Ca u t i o n ForProCurveManager(PCM)version1.5orearlier(oranyTopToolsversion),
deletingthepubliccommunitydisablessomenetworkmanagement
functions(suchastrafficmonitoring,SNMPtrapgeneration,andthreshold
setting).Ifnetworkmanagementsecurityisaconcern,andyouareusingthe
abovesoftwareversions,ProCurverecommendsthatyouchangethewrite
accessforthepubliccommunitytoRestricted.
ConfiguringforSNMPVersion3AccesstotheSwitch
SNMPversion3(SNMPv3)accessrequiresanIPaddressandsubnetmask
configuredontheswitch.(RefertoIPConfigurationonpage8-2.)Ifyouare
usingDHCP/Bootptoconfiguretheswitch,ensurethattheDHCP/Bootp
processprovidestheIPaddress.(SeeDHCP/BootpOperationonpage8-12.)
OnceanIPaddresshasbeenconfigured,themainstepsforconfiguringSNMP
version3accessmanagementfeaturesare:
1. EnableSNMPv3foroperationontheswitch(RefertoSNMPVersion3
Commandsonpage14-6)
2. ConfiguretheappropriateSNMPusers(RefertoSNMPv3Usersonpage
14-7)
3. ConfiguretheappropriateSNMPcommunities.(RefertoSNMPv3Com-
munitiesonpage14-11.)
4. Configuretheappropriatetrapreceivers.(RefertoSNMPNotifications
onpage14-17.)
Insomenetworks,authorizedIPmanageraddressesarenotused.Inthiscase,
allmanagementstationsusingthecorrectUserandcommunitynamemay
accesstheswitchwiththeViewandAccesslevelsthathavebeensetforthat
community.Ifyouwanttorestrictaccesstooneormorespecificnodes,you
canusetheswitchsIPAuthorizedManagerfeature.(RefertotheAccess
SecurityGuideforyourswitch.)
14-5
SNMPVersion3Commands
SNMPversion3(SNMPv3)addssomenewcommandstotheCLIfor
configuringSNMPv3functions.ToenableSMNPv3operationontheswitch,
usethesnmpv3enablecommand.Aninitialuserentrywillbegeneratedwith
MD5authenticationandDESprivacy.
Youmay(optionally)restrictaccesstoonlySNMPv3agentsbyusingthe
snmpv3onlycommand.Torestrictwrite-accesstoonlySNMPv3agents,use
thesnmpv3restricted-accesscommand.
Ca u t i o n Restrictingaccesstoonlyversion3messageswillmakethecommunitynamed
publicinaccessibletonetworkmanagementapplications(suchasauto-
discovery,trafficmonitoring,SNMPtrapgeneration,andthresholdsetting)
fromoperatingintheswitch.
Syntax: [no]snmpv3enable
EnableanddisabletheswitchforaccessfromSNMPv3
agents.Thisincludesthecreationoftheinitialuserrecord.
[no]snmpv3only
EnablesordisablesrestrictionstoaccessfromonlySNMPv3
agents.Whenenabled,theswitchwillrejectallnon-SNMPv3
messages.
[no]snmpv3restricted-access
Enablesordisablesrestrictionsfromallnon-SNMPv3agents
toreadonlyaccess.
showsnmpv3enable
DisplaystheoperatingstatusofSNMPv3.
showsnmpv3only
Displaysstatusofmessagereceptionofnon-SNMPv3
messages.
showsnmpv3restricted-access
Displaysstatusofwritemessagesofnon-SNMPv3messages.
14-6
EnablingSNMPv3
Thesnmpv3enablecommandallowstheswitchto:
ReceiveSNMPv3messages.
Configureinitialusers.
Restrictnon-version3messagestoreadonly(optional).
Figure14-1showsanexampleofhowtousethesnmpv3enablecommand.
Not e:
SNMP
V e r s i o n 3
I ni t i al Us er s
Tocreatenewusers,mostSNMPv3managementsoftwarerequiresaninitial
userrecordtoclone.Theinitialuserrecordcanbedowngradedandprovided
withfewerfeatures,butnotupgradedbyaddingnewfeatures.Forthisreason
itisrecommendedthatwhenyouenableSNMPv3,youalsocreateasecond
userwithSHAauthenticationandDESprivacy.
EnableSNMPv3
CreateinitialusermodelsforSNMPv3
ManagementApplications
Setrestrictionon
non-SNMPv3messages
Figure14-1.ExampleofSNMPversion3EnableCommand
SNMPv3Users
TouseSNMPv3ontheswitch,youmustconfiguretheusersthatwillbe
assignedtodifferentgroups.ToconfigureSNMPusersontheswitch:
14-7
1. ConfigureusersintheUserTablewiththesnmpv3usercommand.Toview
thelistofconfiguredusers,entertheshowsnmpv3usercommand(see
AddingUsersonpage14-8).
2. AssignuserstoSecurityGroupsbasedontheirsecuritymodelwiththe
snmpv3groupcommand(seeAssigningUserstoGroupsonpage14-10).
Ca u t i o n IfyouaddanSNMPv3userwithoutauthenticationand/orprivacytoagroup
thatrequireseitherfeature,theuserwillnotbeabletoaccesstheswitch.
Ensurethatyouaddauserwiththeappropriatesecurityleveltoanexisting
securitygroup.
AddingUsers. ToconfigureanSNMPv3user,youmustfirstaddtheuser
nametothelistofknownuserswiththesnmpv3usercommand.
Pr oCur ve( conf i g) # snmpv3 user Net wor kAdmi n
Pr oCur ve( conf i g) # snmpv3 user Net wor kMgr aut h md5 aut hpass pr i v pr i vpass
AdduserNetworkAdminwith
noauthenticationorprivacy.
AdduserNetworkMgrwith
authenticationandprivacy.
MD5authenticationisenabledand
thepasswordissettoauthpass.
Privacyisenabledandthe
passwordissettoprivpass.
Pr oCur ve( conf i g) # show snmpv3 user
User Name
St at us and Count er s - SNMP v3 Gl obal Conf i gur at i on I nf or mat i on
- - - - - - - - - - - - - - - - -
i ni t i al
Net wor kAdmi n
Aut h. Pr ot ocol
- - - - - - - - - - - - - -
MD5
MD5
Pr i vacy Pr ot ocol
- - - - - - - - - - - - - - - -
CFB AES- 128
CBC- DES
Figure14-2. AddingSNMPv3UsersandDisplayingSNMPv3Configuration
14-8
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SNMPv3UserCommands
Syntax: [no]snmpv3user<user_name>
AddsordeletesauserentryforSNMPv3.Authorization
andprivacyareoptional,buttouseprivacy,youmust
useauthorization.Whenyoudeleteauser,onlythe
<user_name>isrequired.
[auth<md5|sha><auth_pass>]
Withauthorization,youcanseteitherMD5orSHA
authentication.Theauthenticationpassword
<auth_pass>mustbe6-32charactersinlengthandis
mandatorywhenyouconfigureauthentication.
Default:None
[priv<des|aes><priv_pass>]
Withprivacy,theswitchsupportsDES(56-bit)and
AES(128-bit)encryption.Theprivacypassword
<priv_pass>mustbe6-32charactersinlengthandis
mandatorywhenyouconfigureprivacy.
Default:DES
Note:OnlyAES128-bitandDES56-bitencryptionare
supportedasprivacyprotocols.Othernon-standard
encryptionalgorithms,suchasAES-172,AES-256,and
3-DESarenotsupported.
ListingUsers. Todisplaythemanagementstationsconfiguredtoaccessthe
switchwithSNMPv3andviewtheauthenticationandprivacyprotocolsthat
eachstationuses,entertheshowsnmpv3usercommand.
Syntax: showsnmpv3user
Thisexampledisplaysinformationaboutthemanagementstationsconfigured
onVLAN1toaccesstheswitch.
Pr oCur ve# conf i gur e t er mi nal
Pr oCur ve( conf i g) # vl an 1
Pr oCur ve( vl an- 1) # show snmpv3 user
St at us and Count er s - SNMPv3 Gl obal Conf i gur at i on I nf or mat i on
User Name Aut h. Pr ot ocol Pr i vacy Pr ot ocol
i ni t i al MD5 CFB AES- 128
Net wor kAdmi n MD5 CBC- DES
Figure14-3.ExampleofManagementStationInformation
14-9
AssigningUserstoGroups.Thenyoumustsetthegroupaccesslevelfor
theuserbyassigningtheusertoagroup.Thisisdonewiththesnmpv3group
command.FormoredetailsontheMIBsaccessforagivengroupreferto
GroupAccessLevelsonpage14-11.
AddNetworkAdminto
operatornoauthgroup
AddNetworkMgrtomanagerprivgroup
Pre-assignedgroupsfor
accessbyVersion2cand
version1management
applications
Figure14-4.ExampleofAssigningUserstoGroups
SNMPv3GroupCommands
Syntax: [no]snmpv3group
Thiscommandassignsorremovesausertoasecuritygroup
foraccessrightstotheswitch.Todeleteanentry,allofthe
followingthreeparametersmustbeincludedinthe
command.
group<group_name>
Thisparameteridentifiesthegroupthathastheprivileges
thatwillbeassignedtotheuser.Formoredetailsreferto
GroupAccessLevelsonpage14-11.
user<user_name>
Thisparameteridentifiestheusertobeaddedtotheaccess
group.Thismustmatchtheusernameaddedwiththesnmpv3
usercommand.
sec-model<ver1|ver2c|ver3>
Thisdefineswhichsecuritymodeltousefortheaddeduser.
ASNMPv3accessGroupshouldonlyusethever3security
model.
14-10
GroupAccessLevels
Theswitchsupportseightpredefinedgroupaccesslevels.Therearefour
levelsforusewithversion3usersandfourareusedforaccessbyversion2c
orversion1managementapplications.
GroupName GroupAccessType GroupReadView GroupWriteView
managerpriv Ver3MusthaveAuthentication ManagerReadView ManagerWriteView
andPrivacy
managerauth Ver3MusthaveAuthentication ManagerReadView ManagerWriteView
operatorauth Ver3MusthaveAuthentication OperatorReadView DiscoveryView
operatornoauth Ver3NoAuthentication OperatorReadView DiscoveryView
commanagerrw Ver2corVer1 ManagerReadView ManagerWriteView
commanagerr Ver2corVer1 ManagerReadView DiscoveryView
comoperatorrw Ver2corVer1 OperatorReadView OperatorReadView
comoperatorr Ver2corVer1 OperatorReadView DiscoveryView
EachviewallowsyoutoviewormodifyadifferentsetofMIBs.
ManagerReadViewaccesstoallmanagedobjects
ManagerWriteViewaccesstoallmanagedobjectsexceptthefollow-
ing:vacmContextTable,vacmAccessTable,vacmViewTreeFamilyTable
OperatorReadViewnoaccesstoicfSecurityMIB,hpSwitchIpTftp-
Mode,vacmContextTable,vacmAccessTable,vacmViewTreeFami-
lyTable,usmUserTable,snmpCommunityTable
DiscoveryViewAccesslimitedtosamplingProbeMIB.
Not e Allaccessgroupsandviewsarepredefinedontheswitch.Thereisnomethod
tomodifyoraddgroupsorviewstothosethatarepre-definedontheswitch.
SNMPv3Communities
SNMPcommuitiesaresupportedbytheswitchtoallowmanagement
applicationsthatuseversion2corversion1toaccesstheswitch.The
communitiesaremappedtoGroupAccessLevelsthatareusedforversion2c
orversion1support.FormoreinformationrefertoGroupAccessLevelson
page14-11.Thismappingwillhappenautomaticallybasedonthecommunities
accessprivileges,butspecialmappingscanbeaddedwiththesnmpv3
communitycommand.
14-11
Syntax: [no]snmpv3community
Thiscommandmapsorremovesamappingofa
communitynametoagroupaccesslevel.Toremovea
mappingyou,onlyneedtospecifytheindex_name
parameter.
index<index_name>
Thisisanindexnumberortitleforthemapping.The
valuesof1-5arereservedandcannotbemapped.
name<community_name>
Thisisthecommunitynamethatisbeingmappedtoa
groupaccesslevel.
sec-name<security_name>
Thisisthegroupleveltowhichthecommunityisbeing
mapped.FormoreinformationrefertoGroupAccess
Levelsonpage14-11.
tag<tag_value>
Thisisusedtospecifywhichtargetaddressmayhave
accessbywayofthisindexreference.
Figure14-5showstheassigningoftheOperatorcommunityonMgrStation1
totheCommunityOperatorReadWritegroup.AnyotherOperatoronlyhasan
accesslevelofCommunityOperatorReadOnly
Addmappingtoallowwriteaccessfor
Operator communityonMgrStation1
TwoOperatorAccessLevels
Figure14-5.AssigningaCommunitytoaGroupAccessLevel
14-12
SNMPCommunityFeatures
showSNMPcommunities n/a page page
14-13 14-15
configureidentityinformation none page
14-16
configurecommunitynames public page page
MIBviewforacommunityname
14-13 14-16
(operator,manager)
manager
writeaccessfordefault

communityname unrestricted

UseSNMPcommunitiestorestrictaccesstotheswitchbySNMPmanagement
stationsbyadding,editing,ordeletingSNMPcommunities.Youcanconfigure
uptofiveSNMPcommunities,eachwitheitheranoperator-leveloramanager-
levelview,andeitherrestrictedorunrestrictedwriteaccess.
UsingSNMPrequiresthattheswitchhaveanIPaddressandsubnetmask
compatiblewithyournetwork.
Ca u t i o n ForProCurveManager(PCM)version1.5orearlier(oranyTopToolsversion),
deletingthepubliccommunitydisablessomenetworkmanagement
functions(suchastrafficmonitoring,SNMPtrapgeneration,andthreshold
setting).Ifnetworkmanagementsecurityisaconcern,andyouareusingthe
abovesoftwareversions,ProCurverecommendsthatyouchangethewrite
accessforthepubliccommunitytoRestricted.
Communities
ToView,Edit,orAddSNMPCommunities:
6.SNMPCommunityNames
14-13
Note:Thisscreengives
anoverviewofthe
SNMPcommunities
thatarecurrently
configured.Allfieldsin
thisscreenareread-
only.
Figure14-6.TheSNMPCommunitiesScreen(DefaultValues)
2. Press[A](forAdd)todisplaythefollowingscreen:
AddandEditoptionsare
usedtomodifytheSNMP
options.SeeFigure8-2.
Ifyouareaddinga
community,the
fieldsinthisscreen
areblank.
Ifyouareeditingan
existingcommunity,
thevaluesforthe
currentlyselected
Communityappear
inthefields.
Typethevalueforthisfield.
UsetheSpacebartoselect
valuesforotherfields
Figure14-7.TheSNMPAddorEditScreen
NeedHelp?Ifyouneedinformationontheoptionsineachfield,press
[Enter]tomovethecursortotheActionsline,thenselecttheHelpoption
ontheActionsline.WhenyouarefinishedwithHelp,press[E](forEdit)
toreturnthecursortotheparameterfields.
3. EnterthenameyouwantintheCommunityNamefield,andusetheSpace
bartoselecttheappropriatevalueineachoftheotherfields.(Usethe
[Tab]keytomovefromonefieldtothenext.)
4. Press[Enter],then[S](for Save).
14-14
CLI:ViewingandConfiguringSNMPCommunityNames
CommunityNameCommands Page
showsnmp-server[<community-string>] 14-15
[no]snmp-server 14-16
[community<community-str>] 14-16
[host<community-str><ip-addr>] 14-19
[<none|debug|all|not-info|critical>]
[enabletraps<authentication> 14-27
[enabletrapslink-change<port-list>] 14-28
ListingCommunityNamesandValues.Thiscommandliststhedatafor
currentlyconfiguredSNMPcommunitynames(alongwithtrapreceiversand
thesettingforauthenticationtrapsrefertoSNMPNotificationsonpage
14-17).
Syntax: showsnmp-server[<community-string>]
Thisexampleliststhedataforallcommunitiesinaswitch;thatis,boththe
defaultpubliccommunitynameandanothercommunitynamed"blue-team"
Default
Communityand
Settings
Non-Default
Communityand
Settings
TrapReceiver
Data(Seepage
14-17.)
Figure14-8.ExampleoftheSNMPCommunityListingwithTwoCommunities
Tolistthedataforonlyonecommunity,suchasthepubliccommunity,use
theabovecommandwiththecommunitynameincluded.Forexample:
Pr oCur ve# show snmp- ser ver publ i c
14-15
ConfiguringCommunityNamesandValues.Thesnmp-servercommand
enablesyoutoaddSNMPcommunitieswitheitherdefaultorspecificaccess
attributes,andtodeletespecificcommunities.
Syntax: [no]snmp-servercommunity<community-name>
Configuresanewcommunityname.Ifyoudonotalso
specifyoperatorormanager,theswitchautomatically
assignsthecommunitytotheoperatorMIBview.Ifyou
donotspecifyrestrictedorunrestricted,theswitch
automaticallyassignsthecommunitytorestricted(read-
only)access.Thenoformusesonlythe<community-
name>variableanddeletesthenamedcommunityfrom
theswitch.
[operator|manager]
Optionallyassignsanaccesslevel.Attheoperatorlevel
thecommunitycanaccessallMIBobjectsexceptthe
CONFIGMIB.Atthemanagerlevelthecommunitycan
accessallMIBobjects.
[restricted|unrestricted]
OptionallyassignsMIBaccesstype.Assigningthe
restrictedtypeallowsthecommunitytoreadMIB
variables,butnottosetthem.Assigningtheunrestricted
typeallowsthecommunitytoreadandsetMIB
variables.
Forexample,toaddthefollowingcommunities:
Community AccessLevel TypeofAccess
red-team manager
(AccesstoallMIBobjects.)
unrestricted
(read/write)
blue-team operator restricted
(AccesstoallMIBobjects (read-only)
excepttheCONFIGMIB.)
Pr oCur ve( conf i g) # snmp- ser ver communi t y r ed- t eam
manager unr est r i ct ed
Pr oCur ve( conf i g) # snmp- ser ver communi t y bl ue- t eam
oper at or r est r i ct ed
Toeliminateapreviouslyconfiguredcommunitynamed"gold-team":
Pr oCur ve( conf i g) # no snmp- ser ver communi t y gol d- t eam
14-16
SNMPNotifications
Theswitchescoveredinthisguidesupport:
SNMPversion1orSNMPversion2ctraps
SNMPv2cinforms
SNMPv3notificationprocess,includingtraps
Thissectiondescribeshowtoconfigureaswitchtosendnetworksecurityand
link-changenotificationstoconfiguredtrapreceivers.
SupportedNotifications
Bydefault,thefollowingnotificationsareenabledonaswitch:
Managerpasswordchanges
SNMPauthenticationfailure
Link-changetraps:whenthelinkonaportchangesfromuptodown
(linkDown)ordowntoup(linkUp)
Port-security(web,MAC,or802.1X)authenticationfailure
Invalidpasswordenteredinaloginattemptthroughadirectserial,Telnet,
orSSHconnection
InabilitytoestablishaconnectionwiththeRADIUSorTACACS+authen-
ticationserver
DHCPsnoopingevents
ARPprotectionevents
Inaddition,youcanenabletheswitchtosendthefollowingtypesof
notificationstoconfiguredtrapreceivers.Forinformationonhowto
configureeachnotification,refertotheProCurvesoftwareguideunderwhich
thenotificationislisted.
ManagementandConfigurationGuide:
Configurationchanges
Instrumentationmonitoring
Link-LayerDiscoveryProtocol(LLDP)
Pingtests
PoweroverEthernet(POE):porttoggle,powerlimit
RMON
14-17
AdvanceTrafficManagementGuide:
Loopprotection
SpanningTree(STP,RSTP,MSTP)
AccessSecurityGuide:
MAClockdown
MAClockout
GeneralStepsforConfiguringSNMPNotifications
ToconfigureSNMPnotifications,followthesegeneralsteps:
1. DeterminetheversionsofSNMPnotificationsthatyouwanttouseinyour
network.
IfyouwanttouseSNMPv1andSNMPv2ctraps,youmustalsoconfigure
atrapreceiver.Refertothefollowingsectionsandfollowtherequired
configurationprocedures:
SNMPv1andSNMPv2cTrapsonpage14-19
ConfiguringanSNMPTrapReceiveronpage14-19
EnablingSNMPv2cInformsonpage14-21
IfyouwanttouseSNMPv3notifications(includingtraps),youmustalso
configureanSNMPv3managementstation.Followtherequiredconfigu-
rationprocedureinthefollowingsection:
ConfiguringSNMPv3Notificationsonpage14-23
2. ToreconfigureanyoftheSNMPnotificationsthatareenabledbydefault
tobesenttoamanagementstation(trapreceiver),refertothesesections:
EnablingLink-ChangeTrapsonpage14-28
3. (Optional)RefertothefollowingsectionstoconfigureoptionalSNMP
notificationfeaturesandverifythecurrentconfiguration:
ConfiguringtheSourceIPAddressforSNMPNotificationsonpage
14-29
DisplayingSNMPNotificationConfigurationonpage14-31
14-18
SNMPv1andSNMPv2cTraps
Theswitchescoveredinthisguidesupportthefollowingfunctionalityfrom
earlierSNMPversions(SNMPv1andSNMPv2c):
Trapreceivers:Atrapreceiverisamanagementstationtowhichthe
switchsendsSNMPtrapsand(optionally)eventlogmessagessentfrom
theswitch.FromtheCLIyoucanconfigureuptotenSNMPtrapreceivers
toreceiveSNMPtrapsfromtheswitch.
FixedorWell-KnownTraps:Aswitchautomaticallysendsfixedtraps
(suchascoldStart,warmStart,linkDown,andlinkUp)totrap
receiversusingthepubliccommunityname.Thesetrapscannotberedi-
rectedtoothercommunities.Ifyouchangeordeletethedefaultpublic
communityname,thesetrapsarenotsent.
Thresholds:Aswitchautomaticallysendsallmessagescreatedwhena
systemthresholdisreachedtothenetworkmanagementstationthat
configuredthethreshold,regardlessofthetrapreceiverconfiguration.
ConfiguringanSNMPTrapReceiver
Usethesnmp-serverhostcommandtoconfigureatrapreceiverthatcanreceive
SNMPv1andSNMPv2ctraps,and(optionally)eventlogmessages.Whenyou
configureatrapreceiver,youspecifyitscommunitymembership,
managementstationIPaddress,and(optionally)thetypeofeventlog
messagestobesent.
Ifyouspecifyacommunitynamethatdoesnotexistthatis,hasnotyetbeen
configuredontheswitchtheswitchstillacceptsthetrapreceiver
assignment.However,notrapswillbesenttothattrapreceiveruntilthe
communitytowhichitbelongshasbeenconfiguredontheswitch.
14-19
Syntax: snmp-serverhost<ipv4-addr|ipv6-addr><communityname>
Configuresadestinationnetworkmanagementstation
toreceiveSNMPv1/v2ctraps,and(optionally)eventlog
messagessentastrapsfromtheswitch,usingthe
specifiedcommunitynameanddestinationIPv4or
IPv6address.Youcanspecifyuptotentrapreceivers
(networkmanagementstations).Thedefault
communitynameispublic.
[<none|all|non-info|critical|debug>]
(Optional)Configuresthesecurityleveloftheeventlog
messagesyouwanttosendastrapstoatrapreceiver
(seetable14-1,SecurityLevelsforEventLogMessages
SentasTraps).
Thetypeofeventlogmessagethatyouspecifyapplies
onlytoeventlogmessages,nottothresholdtraps.
Foreachconfiguredeventlevel,theswitchcontinues
tosendthresholdtrapstoallnetworkmanagement
stationsthathavetheappropriatethresholdlevel
configured.
Ifyoudonotspecifyaneventlevel,theswitchuses
thedefaultvalue(none)andsendsnoeventlog
messagesastraps.
[<inform>]
(Optional)ConfigurestheswitchtosendSNMPv2
informrequestswhencertaineventsoccur.See
EnablingSNMPv2cInformsonpage14-21formore
information.
Table14-1. SecurityLevelsforEventLogMessagesSentasTraps
SecurityLevel Action
None(default) Sendsnoeventlogmessages.
All Sendsalleventlogmessages.
Non-Info Sendsalleventlogmessagesthatarenotforinformationonly.
Critical Sendsonlyeventlogmessagesforcriticalerrorconditions.
Debug Sendsonlyeventlogmessagesneededtotroubleshootnetwork-and
switch-levelproblems.
14-20
Forexample,toconfigureatrapreceiverinacommunitynamed"red-team"
withanIPaddressof10.28.227.130toreceiveonly"critical"eventlog
messages,youcanenterthefollowingcommand:
Pr oCur ve( conf i g) #snmp- ser ver host 10. 28. 227. 130 r ed- t eam
cr i t i cal
Not es ToreplaceonecommunitynamewithanotherforthesameIPaddress,you
mustfirstenterthenosnmp-serverhost<community-name><ipv4-address|ipv6-
address>commandtodeletetheunwantedcommunityname.Otherwise,if
youaddanewcommunitynamewithanIPaddressthatisalreadyusedwith
adifferentcommunityname,twovalidcommunitynameentriesarecreated
forthesamemanagementstation.
Ifyoudonotspecifytheeventlevel([<none|all|non-info|critical|debug>]),
theswitchdoesnotsendeventlogmessagesastraps.However,"well-known"
trapsandthresholdtraps(ifconfigured)arestillsent.
EnablingSNMPv2cInforms
OnaswitchenabledforSNMPv2c,youcanusethesnmp-serverhostinform
commandtosendinformrequestswhencertaineventsoccur.WhenanSNMP
Managerreceivesaninformrequest,itcansendanSNMPresponsebackto
thesendingagentontheswitchtolettheagentknowthattheinformrequest
reacheditsdestination.
IfthesendingagentontheswitchdoesnotreceiveanSNMPresponseback
fromtheSNMPManagerwithinthetimeoutperiod,theinformrequestmay
beresent,basedontheretrycountvalue.
WhenyouenableSNMPv2cinformrequeststobesent,youmustspecifythe
IPaddressandcommunitynameofthemanagementstationthatwillreceive
theinformnotification.
Syntax: [no]snmp-serverhost<ipv4-addr|ipv6-addr><communityname>
inform[retries<count>][timeout<interval>]]
Enables(ordisables)theinformoptionforSNMPv2conthe
switchandallowsyoutoconfigureoptionsforsending
SNMPinformrequests.
retries:Maximumnumberoftimestoresendaninform
requestifnoSNMPresponseisreceived.Default:3
timeout:Numberofsecondstowaitforanacknowledgement
beforeresendingtheinformrequest.Default:15seconds
14-21

Not e Theretriesandtimeoutvaluesarenotusedtosendtraprequests.
ToverifytheconfigurationofSNMPv2cinforms,entertheshowsnmp-server
command:
Pr oCur ve( conf i g) # show snmp- ser ver
SNMP Communi t i es
Communi t y Name MI B Vi ew Wr i t e Access
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
publ i c Manager Unr est r i ct ed
Tr ap Recei ver s
Li nk- Change Tr aps Enabl ed on Por t s [ Al l ] : Al l
. . .
Addr ess Communi t y Event s Sent Not i f y Type Ret r y Ti meout
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15. 28. 333. 456 guest Al l i nf or m
SNMPv2cInform
configuration
3 15
Excl uded MI Bs
Snmp Response Pdu Sour ce- I P I nf or mat i on
Sel ect i on Pol i cy : Def aul t r f c1517
Tr ap Pdu Sour ce- I P I nf or mat i on
Sel ect i on Pol i cy : Conf i gur ed I P
I p Addr ess : 10. 10. 10. 10
Figure14-9. DisplayofSNMPv2cInformConfiguration
14-22
ConfiguringSNMPv3Notifications
TheSNMPv3notificationprocessallowsmessagesthatarepassedviaSNMP
betweentheswitchandanetworkmanagementstationtobeauthenticated
andencrypted.
ToconfigureSNMPv3notifications,followthesesteps:
1. EnableSNMPv3operationontheswitchbyenteringthesnmpv3enable
command(seeSNMPVersion3Commandsonpage14-6).
WhenSNMPv3isenabled,theswitchsupports:
ReceptionofSNMPv3notificationmessages(trapsandinforms)
Configurationofinitialusers
(Optional)Restrictionofnon-SNMPv3messagestoreadonly
2. ConfigureSNMPv3usersbyenteringthesnmpv3usercommand(see
SNMPv3Usersonpage14-7).EachSNMPv3userconfigurationis
enteredintheUserTable.
3. AssignSNMPv3userstosecuritygroupsaccordingtotheirlevelofaccess
privilegebyenteringthesnmpv3groupcommand(seeAssigningUsersto
Groupsonpage14-10).
4. DefinethenameofanSNMPv3notificationconfigurationbyenteringthe
snmpv3notify command.
Syntax: [no]snmpv3notify<notify_name>tagvalue<tag_name>
AssociatesthenameofanSNMPv3notification
configurationwithatagnameused(internally)in
SNMPv3commands.Todeleteanotification-to-tag
mapping,enternosnmpv3notify<notify_name>.
notify<notify_name>
SpecifiesthenameofanSNMPv3notification
configuration.
tagvalue<tag_name>
SpecifiesthenameofatagvalueusedinotherSNMPv3
commands,suchassnmpv3targetaddressparamstaglist
<tag_name>inStep5.
14-23
5. ConfigurethetargetaddressoftheSNMPv3managementstationtowhich
SNMPv3informsandtrapsaresentbyenteringthesnmpv3targetaddress
command.
Syntax: [no]snmpv3targetaddress<ipv4-addr|ipv6-addr><name>
ConfigurestheIPv4orIPv6address,name,and
configurationfilenameoftheSNMPv3management
stationtowhichnotificationmessagesaresent.
params<parms_name>
NameoftheSNMPv3stationsparametersfile.The
parametersfilenameconfiguredwithparams
<params_name>mustmatchtheparams
<params_name>valueenteredwiththesnmpv3params
commandinStep6.
taglist<tag_name>[tag_name]...
SpecifiestheSNMPv3notifications(identifiedbyone
ormore<tag_name>values)tobesenttotheIPaddress
oftheSNMPv3managementstation.
Youcanentermorethanone<tag_name>value.Each
<tag_name>valuemustbealreadyassociatedwiththe
nameofanSNMPv3notificationconfigurationentered
withthesnmpv3notifycommandinStep4.
Useablankspacetoseparate<tag_name>values.
Youcanenterupto103charactersin<tag_name>
entriesfollowingthetaglistkeyword.
[filter<none|debug|all|not-info|critical>]
(Optional)Configuresthetypeofmessagessenttoa
managementstation.Default:none.
[udp-port<port>]
(Optional)SpecifiestheUDPporttouse.Default:162.
[port-mask<mask>]
(Optional)SpecifiesarangeofUDPports.Default:0.
[addr-mask<mask>]
(Optional)SpecifiesarangeofIPaddressesas
destinationsfornotificationmessages.Default:0.
[retries<value>]
(Optional)Numberoftimesanotificationis
retransmittedifnoresponseisreceived.Range:1-255.
Default:3.
14-24
Syntax: [no]snmpv3targetaddress<ipv4-addr|ipv6-addr><name>
Continued
[timeout<value>]
(Optional)Time(inmillisecondincrements)allowed
toreceivearesponsefromthetargetbeforenotification
packetsareretransmitted.Range:0-2147483647.
Default:1500(15seconds).
[max-msg-size<size>]
(Optional)Maximumnumberofbytessupportedina
notificationmessagetothespecifiedtarget.Default:
1472
6. Createaconfigurationrecordforthetargetaddresswiththesnmpv3
params command.
Syntax [no]snmpv3params<params_name>user<user_name>
AppliestheconfigurationparametersandIPaddress
ofanSNMPv3managementstation(fromtheparams
<params_name>valueconfiguredwiththesnmpv3
targetaddresscommandinStep5)toaspecified
SNMPv3user(fromtheuser<user_name>value
configuredwiththesnmpv3usercommandinStep2).
Ifyouenterthesnmpv3paramsusercommand,youmust
alsoconfigureasecuritymodel(sec-model)and
messageprocessingalgorithm(msg-processing).
<sec-model<ver1|ver2c|ver3>
ConfiguresthesecuritymodelusedforSNMPv3
notificationmessagessenttothemanagementstation
configuredwiththesnmpv3targetaddresscommandin
Step5.
Ifyouconfigurethesecuritymodelasver3,youmust
alsoconfigurethemessageprocessingvalueasver3.
<msg-processing<ver1|ver2c|ver3>[noaut|auth|priv]
Configuresthealgorithmusedtoprocessmessagessent
totheSNMPv3targetaddress.
Ifyouconfigurethemessageprocessingvalueasver3
andthesecuritymodelasver3,youmustalsoconfigure
asecurityserviceslevel(noauth,auth,orpriv).
14-25
AnexampleofhowtoconfigureSNMPv3notificationisshownhere:
Thetag_namevalueinsnmpv3notifycommandmatchesthe
tag_namevalueinthesnmpv3targetaddresscommand.
Params_namevalueinthesnmpv3targetaddresscommand
matchestheparams_namevalueinthesnmpv3params
command.
Configuringthesecuritymodelver3requiresyoutoconfigure
messageprocessingver3andasecurityservicelevel.
Figure14-10.ExampleofanSNMPv3NotificationConfiguration
ManagingNetworkSecurityNotifications
Bydefault,aswitchisenabledtosendtheSNMPnotificationslistedin
SupportedNotificationsonpage14-17whenanetworksecurityevent(for
example,authenticationfailure)occurs.However,beforesecurity
notificationscanbesent,youmustfirstconfigureoneormoretrapreceivers
orSNMPv3managementstationsasdescribedin:
ConfiguringanSNMPTrapReceiveronpage14-19
ConfiguringSNMPv3Notificationsonpage14-23
Youcanmanagethedefaultconfigurationoftheswitchtodisableandre-
enablenotificationstobesentforthefollowingtypesofsecurityevents:
ARPprotectionevents
UnabletoestablishaconnectionwiththeRADIUSorTACACS+authen-
ticationserver
DHCPsnoopingevents
Linkchangenotification
Invalidpasswordenteredinaloginattemptthroughadirectserial,Telnet,
orSSHconnection
Managerpasswordchanges
Port-security(web,MAC,or802.1X)authenticationfailure
SNMPauthenticationfailure
14-26
Toenableordisablenotification/trapsfornetworksecurityfailuresandother
securityevents,enterthesnmp-serverenabletrapscommand.
Syntax: [no]snmp-serverenabletraps[snmp-auth|password-change-mgr|login-
failure-mgr|port-security|auth-server-fail|dhcp-snooping|arp-protect]
Enablesordisablessendingoneofthesecuritynotification
typeslistedbelowtoconfiguredtrapreceivers.(Unless
otherwisestated,allofthefollowingnotificationsare
enabledinthedefaultconfiguration.
arp-protectsendsatrapifARPpacketsarereceivedwithaninvalid
sourceordestinationMACaddress,aninvalidIPaddress,oraninvalid
IP-to-MACbinding.
auth-server-failsendsatrapiftheconnectionwithaRADIUSor
TACACS+authenticationserverfails.
dhcp-snoopingsendsatrapifDHCPpacketsarereceivedfroman
untrustedsourceorifDHCPpacketscontainaninvalidIP-to-MAC
binding.
link-change<port-list>sendsatrapwhenthelinkstateonaport
changesfromuptodown,orthereverse.
login-failure-mgrsendsatrapforafailedloginwithamanager
password.
password-change-mgrsendsatrapwhenamanagerpasswordis
reset.
port-securitysendsatrapforafailedauthenticationattemptthrough
aweb,MAC,or801.Xauthenticationsession.
snmp-authentication[extended|standard]sendsatrapforafailed
authenticationattemptviaSNMP.Default:extended.
Todeterminethespecificcauseofasecurityevent,checktheeventloginthe
consoleinterfacetoseewhyatrapwassent.Formoreinformation,referto
UsingtheEventLogforTroubleshootingSwitchProblemsonpageC-26.
Todisplaythecurrentconfigurationfornetworksecuritynotifications,enter
theshowsnmp-servertrapscommand.Notethatcommandoutputisasubset
oftheinformationdisplayedwiththeshowsnmp-servercommandinFigure14-
13.
14-27

Pr oCur ve( conf i g) # show snmp- ser ver t r aps
Tr ap Recei ver s
Li nk- Change Tr aps Enabl ed on Por t s [ Al l ] : A1- A24
Link-change
trapsetting
Tr aps Cat egor y Cur r ent St at us
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SNMP Aut hent i cat i on : Ext ended
Passwor d change : Enabl ed
Logi n f ai l ur es : Enabl ed
Por t - Secur i t y : Enabl ed
Aut hor i zat i on Ser ver Cont act : Enabl ed
DHCP Snoopi ng : Enabl ed
Dynami c ARP Pr ot ect i on : Enabl ed
Dynami c I P Lockdown : Enabl ed
Networksecurity
notificationsettings
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15. 255. 5. 225 publ i c Al l t r ap 3 15
2001: 0db8: 0000: 0001
: 0000: 0000: 0000: 0121 user _1 Al l t r ap 3 15
Excl uded MI Bs
Figure14-11.DisplayofConfiguredNetworkSecurityNotifications
EnablingLink-ChangeTraps
Bydefaultaswitchisenabledtosendatrapwhenthelinkstateonaport
changesfromuptodown(linkDown)ordowntoup(linkUp).Toreconfigure
theswitchtosendlink-changetrapstoconfiguredtrapreceivers,enterthe
snmp-serverenabletrapslink-changecommand.
Syntax: [no]snmp-serverenabletrapslink-change<port-list>[all]
Enablesordisablestheswitchtosendalink-changetrapto
configuredtrapreceiverswhenthelinkstateonaportgoes
fromuptodownordowntoup.
Enteralltoenableordisablelink-changetrapsonallports
ontheswitch.
14-28
ConfiguringtheSourceIPAddressforSNMPNotifications
TheswitchusesaninterfaceIPaddressasthesourceIPaddressinIPheaders
whensendingSNMPnotifications(trapsandinforms)orresponsestoSNMP
requests.
Formulti-nettedinterfaces,thesourceIPaddressistheIPaddressofthe
outboundinterfaceoftheSNMPreply,whichmaydifferfromthedestination
IPaddressintheIPheaderofthereceivedrequest.Forsecurityreasons,it
maybedesirabletosendanSNMPreplywiththeIPaddressofthedestination
interface(oraspecifiedIPaddress)onwhichthecorrespondingSNMP
requestwasreceived.
ToconfiguretheswitchtousethesourceIPaddressonwhichanSNMP
requestwasreceivedinSNMPnotification/trapsandreplies,enterthesnmp-
serverresponse-sourceandsnmp-servertrap-sourcecommands.
Syntax: [no]snmp-serverresponse-source[dst-ip-of-request|<ipv4-addr|ipv6-
addr>|loopback<0-7>]
SpecifiesthesourceIPaddressoftheSNMPresponsePDU.
ThedefaultSNMPresponsePDUusestheIPaddressofthe
activeinterfacefromwhichtheSNMPresponsewassentas
thesourceIPaddress.
Thenoformofthecommandresetstheswitchtothedefault
behavior(compliantwithrfc-1517).
Default:InterfaceIPaddress
dst-ip-of-request:DestinationIPaddressoftheSNMPrequest
PDUthatisusedasthesourceIPaddressinanSNMP
responsePDU.
<ipv4-addr|ipv6-addr>:User-definedinterfaceIPaddressthat
isusedasthesourceIPaddressinanSNMPresponsePDU.
BothIPv4andIPv6addressesaresupported.
loopback<0-7>:IPaddressconfiguredforthespecified
loopbackinterfacethatisusedasthesourceIPaddressin
anSNMPresponsePDU.IfmultipleloopbackIPaddresses
areconfigured,thelowestalphanumericaddressisused.
Forexample,tousetheIPaddressofthedestinationinterfaceonwhichan
SNMPrequestwasreceivedasthesourceIPaddressintheIPheaderofSNMP
trapsandreplies,enterthefollowingcommand:
Pr oCur ve( conf i g) # snmp- ser ver r esponse- sour ce
dst - i p- of - r equest
14-29
ToconfiguretheswitchtouseaspecifiedsourceIPaddressingeneratedtrap
PDUs,enterthesnmp-servertrap-sourcecommand.
Syntax: [no]snmp-servertrap-source[<ipv4-addr>|loopback<0-7>]
SpecifiesthesourceIPaddresstobeusedforatrapPDU.
Thenoformofthecommandresetstheswitchtothedefault
behavior(compliantwithrfc-1517).
Default:UsetheinterfaceIPaddressingeneratedtrapPDUs.
<ipv4-addr>:User-definedinterfaceIPv4addressthatisused
asthesourceIPaddressingeneratedtraps.IPv6addresses
arenotsupported.
loopback<0-7>:IPaddressconfiguredforthespecified
loopbackinterfacethatisusedasthesourceIPaddressina
generatedtrapPDU.IfmultipleloopbackIPaddressesare
configured,thelowestalphanumericaddressisused.
Not es Whenyouusethesnmp-serverresponse-sourceandsnmp-servertrap-source
commands,notethefollowingbehavior:
Thesnmp-serverresponse-sourceandsnmp-servertrap-sourcecommands
configurethesourceIPaddressforIPv4interfacesonly.
Youmustmanuallyconfigurethesnmp-serverresponse-sourcevalueifyou
wishtochangethedefaultuser-definedinterfaceIPaddressthatisused
asthesourceIPaddressinSNMPtraps(RFC1517).
Thevaluesconfiguredwiththesnmp-serverresponse-sourceandsnmp-
servertrap-sourcecommandsareappliedgloballytoallinterfacesthatare
sendingSNMPresponsesorSNMPtrapPDUs.
OnlythesourceIPaddressfieldintheIPheaderoftheSNMPresponse
PDUcanbechanged.
OnlythesourceIPaddressfieldintheIPheaderandtheSNMPv1Agent
AddressfieldoftheSNMPtrapPDUcanbechanged.
ToverifytheconfigurationoftheinterfaceIPaddressusedasthesourceIP
addressinIPheadersforSNMPrepliesandtrapssentfromtheswitch,enter
theshowsnmp-servercommandtodisplaytheSNMPpolicyconfiguration.
14-30

Pr oCur ve_8212( conf i g) # show snmp- ser ver
SNMP Communi t i es
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
publ i c Manager Unr est r i ct ed
Tr ap Recei ver s
. . .
Excl uded MI Bs
Snmp Response Pdu Sour ce- I P I nf or mat i on
dstIpOfRequest:The
destinationIPaddressof
Sel ect i on Pol i cy : dst I pOf Request
theinterfaceonwhich
anSNMPrequestis
Tr ap Pdu Sour ce- I P I nf or mat i on
receivedisusedasthe
sourceIPaddressin
Sel ect i on Pol i cy : Conf i gur ed I P
SNMPreplies.
I p Addr ess : 10. 10. 10. 10
Figure14-12. DisplayofSourceIPAddressConfiguration
DisplayingSNMPNotificationConfiguration
Usetheshowsnmp-servercommandtodisplaythecurrentlyconfigured:
Managementstations(trapreceivers)
Settingsfornetworksecuritynotificationsandlink-changetraps
SNMPcommunities
Syntax: showsnmp-server
Displaysthecurrentlyconfigurednotificationsettingsfor
versionsSNMPv1andSNMPv2ctraps,includingSNMP
communities,trapreceivers,link-changetraps,andnetwork
securitynotifications.
14-31

Inthefollowingexample,theshowsnmp-servercommandoutputshowsthat
theswitchhasbeenconfiguredtosendSNMPtrapsandnotificationsto
managementstationsthatbelongtothepublic,red-team,andblue-team
communities.
Pr oCur ve( conf i g) # show snmp- ser ver
SNMP Communi t i es
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
publ i c Oper at or Rest r i ct ed
bl ue- t eam Manager Unr est r i ct ed
r ed- t eam Manager Unr est r i ct ed
Tr ap Recei ver s
Tr ap Cat egor y Cur r ent Tr ap Conf i gur at i on
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SNMP Aut hent i cat i on ext ended
Passwor d change enabl ed
Networksecurity
Logi n f ai l ur es enabl ed
notification
Por t - Secur i t y enabl ed
settings
Aut hor i zat i on Ser ver Cont act enabl ed
ARP Pr ot ect i on enabl ed
DHCP Snoopi ng enabl ed
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
10. 28. 227. 200 publ i c Al l t r ap 3 15
10. 28. 227. 105 r ed- t eam Cr i t i cal t r ap 3 15
10. 28. 227. 120 bl ue- t eam Not - I NFO t r ap 3 15
. . .
SNMPCommunity
configuration
Link-change
trapsetting
Figure14-13.DisplayofSNMPNotificationConfiguration
14-32
AdvancedManagement:RMON
TheswitchsupportsRMON(RemoteMonitoring)onallconnectednetwork
segments.Thisallowsfortroubleshootingandoptimizingyournetwork.
ThefollowingRMONgroupsaresupported:
EthernetStatistics(exceptthenumbersofpacketsofdifferentframesizes)
Alarm
History(ofthesupportedEthernetstatistics)
Event
TheRMONagentautomaticallyrunsintheswitch.UsetheRMON
managementstationonyournetworktoenableordisablespecificRMON
trapsandevents.NotethatyoucanaccesstheEthernetstatistics,Alarm,and
EventgroupsfromtheProCurveManagernetworkmanagementsoftware.For
moreonProCurveManager,visittheProCurveNetworkingwebsiteat
www.procurve.com
Clickonproductsindex,thenlookfortheProCurveManagertopicunderthe
NetworkManagerbar.
CLI-ConfiguredsFlowwithMultipleInstances
UptothreedistinctsFlowinstancescanbeconfiguredviatheCLI.Once
enabled,ansFlowreceiver/destinationcanbeindependentlyconfiguredfor
fullflow-samplingandcounter-polling.CLI-configuredsFlowinstancesmay
besavedtothestartupconfigurationtopersistacrossaswitchreboot.
Terminology
sFlowAnindustrystandardsamplingtechnology,definedbyRFC3176,
usedtocontinuouslymonitortrafficflowsonallportsprovidingnetwork-
widevisibilityintotheuseofthenetwork.
sFlowagentAsoftwareprocessthatrunsaspartofthenetworkmanage-
mentsoftwarewithinadevice.Theagentpackagesdataintodatagrams
thatareforwardedtoacentraldatacollector.
sFlowdestinationThecentraldatacollectorthatgathersdatagramsfrom
sFlow-enabledswitchportsonthenetwork.Thedatacollectordecodes
thepacketheadersandotherinformationtopresentdetailedLayer2to
Layer7usagestatistics.
14-33
ConfiguringsFlow
ThefollowingsFlowcommandsallowyoutoconfiguresFlowinstancesvia
theCLI.
Syntax: [no]sflow<receiver-instance>destination<ip-address>[udp-port-num]
EnablesansFlowreceiver/destination.Thereceiver-instancenumbermustbea1,2,
or3.Bydefault,theudpdestinationportnumberis6343.
TodisableansFlowreceiver/destination,enternosflow<receiver-instance>.
Syntax: sflow<receiver-instance>sampling<port-list><samplingrate>
OnceansFlowreceiver/destinationhasbeenenabled,thiscommandenablesflow
samplingforthatinstance.Thereceiver-instancenumberis1,2,or3,andthe
samplingrateistheallowablenon-zeroskipcountforthespecifiedportorports.
Todisableflow-samplingforthespecifiedport-list,repeattheabovecommandwith
asamplingrateof0.
Syntax: sflow<receiver-instance>polling<port-list><pollinginterval>
OnceansFlowreceiver/destinationhasbeenenabled,thiscommandenablescounter
pollingforthatinstance.Thereceiver-instancenumberis1,2,or3,andthepolling
intervalmaybesettoanallowablenon-zerovaluetoenablepollingonthespecified
portorports.
Todisablecounter-pollingforthespecifiedport-list,repeattheabovecommandwith
apollingintervalof0.
Not e Underthemultipleinstanceimplementation,sFlowcanbeconfiguredviathe
CLIorviaSNMP.However,CLI-ownedsFlowconfigurationscannotbemodi-
fiedviaSNMP,whereasSNMP-ownedinstancescanbedisabledviatheCLI
usingthenosflow<receiver-instance>command.
ViewingsFlowConfigurationandStatus
ThefollowingsFlowcommandsallowyoutodisplaysFlowconfigurationand
statusviatheCLI.
Syntax: showsflowagent
DisplayssFlowagentinformation.Theagentaddressisnormallytheipaddressof
thefirstvlanconfigured.
Syntax: showsflow<receiverinstance>destination
DisplaysinformationaboutthemanagementstationtowhichthesFlowsampling-
pollingdataissent.
Syntax: showsflow<receiverinstance>sampling-polling<port-list/range>
DisplaysstatusinformationaboutsFlowsamplingandpolling.
14-34

Theshowsflowagentcommanddisplaysread-onlyswitchagentinformation.
TheversioninformationshowsthesFlowversion,MIBsupportandsoftware
versions;theagentaddressistypicallytheipaddressofthefirstvlanconfig-
uredontheswitch
.
Pr oCur ve# show sf l ow agent
Ver si on 1. 3; HP; W. 14. XX
Agent Addr ess 10. 0. 10. 228
Figure14-14.ExampleofViewingsFlowAgentInformation
Theshowsflow<instance>destinationcommandincludesinformationabout
themanagement-stationsdestinationaddress,receiverport,andowner.
Pr oCur ve# show sf l ow 2 dest i nat i on
Dest i nat i on I nst ance 2
sf l ow Enabl ed
Dat agr ams Sent 221
Dest i nat i on Addr ess 10. 0. 10. 41
Recei ver Por t 6343
Owner Admi ni st r at or , CLI - owned, I nst ance 2
Ti meout ( seconds) 99995530
Max Dat agr amSi ze 1400
Dat agr amVer si on Suppor t 5
Figure14-15.ExampleofViewingsFlowDestinationInformation
Notethefollowingdetails:
DestinationAddressremainsblankunlessithasbeenconfigured.
DatagramsSentshowsthenumberofdatagramssentbytheswitch
agenttothemanagementstationsincetheswitchagentwaslast
enabled.
Timeoutdisplaysthenumberofsecondsremainingbeforetheswitch
agentwillautomaticallydisablesFlow(thisissetbythemanagement
stationanddecrementswithtime).
MaxDatagramSizeshowsthecurrentlysetvalue(typicallya
defaultvalue,butthiscanalsobesetbythemanagementstation).
14-35

Theshowsflow<instance>sampling-polling[port-list]commanddisplaysinfor-
mationaboutsFlowsamplingandpollingontheswitch.Youcanspecifyalist
orrangeofportsforwhichtoviewsamplinginformation.
Pr oCur ve# show sf l ow 2 sampl i ng- pol l i ng A1- A4
Por t | Sampl i ng
+
- - -
Numberdenotesthesampling/pollinginstancetowhichthereceiveriscoupled.
Dr opped | Pol l i ng
| Enabl ed Rat e Header Sampl es | Enabl ed I nt er val
- - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
A1 Yes( 2) 40 128 1234567890 - - -
A2 - - - - - - - - - 0 Yes( 1) 60
A3 No( 1) 0 100 898703 No 30
A4 Yes( 3) 50 128 0 No( 3) 0
Figure14-16.ExampleofViewingsFlowSamplingandPollingInformation
Not e Thesamplingandpollinginstances(notedinparentheses)coupledtoa
specificreceiverinstanceareassigneddynamically,andsotheinstance
numbersmaynotalwaysmatch.Thekeythingtonoteiswhethersamplingor
pollingisenabledonaport,andthesamplingratesorpollingintervalsforthe
receiverinstanceconfiguredoneachport.
14-36
LLDP(Link-LayerDiscoveryProtocol)
TostandardizedevicediscoveryonallProCurveswitches,LLDPwillbe
implementedwhileofferinglimitedread-onlysupportforCDPasdocumented
inthismanual.Forthelatestinformationonyourswitchmodel,consultthe
ReleaseNotes(availableontheProCurveNetworkingwebsite).IfLLDPhas
notyetbeenimplemented(orifyouarerunninganolderversionofsoftware),
consultapreviousversionoftheManagementandConfigurationGuidefor
devicediscoverydetails.
Table14-2. LLDPandLLDP-MEDFeatures
ViewtheswitchsLLDPconfiguration n/a page14-45
EnableordisableLLDPontheswitch Enabled page14-41
Changethetransmitinterval(refresh-interval)for 30seconds page14-48
LLDPpackets
ChangetheholdtimemultiplierforLLDPPackets 4seconds page14-41
(holdtime-multiplierxrefresh-interval=time-to-live)
Changethedelayintervalbetweenadvertisements 2seconds page14-49
Changingthereinitializationdelayinterval 2seconds page14-50
ConfiguringSNMPnotificationsupport Disabled page14-51
Configuringtransmitandreceivemodes tx_rx page14-52
ConfiguringbasicLLDPper-portadvertisement Enabled page14-53
content
Configuringportspeedandduplexadvertisementsfor Enabled page14-73
optionalLLDPandmandatoryLLDP-MEDapplications
ConfiguringtopologychangenotificationforLLDP- Enable page14-59
MED
Changingthefast-startdurationforLLDP-MED 5sec page14-61
ConfiguringLLDP-MEDAdvertising Enabled page14-53
ConfiguringLLDP-MEDdevicelocationdata None page14-71
DisplayingAdvertisementDataandStatistics n/a page14-75
LLDP(LinkLayerDiscoveryProtocol):providesastandards-based
methodforenablingtheswitchescoveredinthisguidetoadvertisethemselves
toadjacentdevicesandtolearnaboutadjacentLLDPdevices.
14-37
LLDP-MED(LLDPMediaEndpointDiscovery):Providesanextensionto
LLDPandisdesignedtosupportVoIPdeployments.
Not e LLDP-MEDisanextensionforLLDP,andtheswitchrequiresthatLLDPbe
enabledasaprerequisitetoLLDP-MEDoperation.
AnSNMPutilitycanprogressivelydiscoverLLDPdevicesinanetworkby:
1. ReadingagivendevicesNeighborstable(intheManagementInformation
Base,orMIB)tolearnaboutother,neighboringLLDPdevices.
2. Usingtheinformationlearnedinstep1tofindandreadtheneighbor
devicesNeighborstablestolearnaboutadditionaldevices,andsoon.
Also,byusingshowcommandstoaccesstheswitchsneighbordatabasefor
informationcollectedbyanindividualswitch,systemadministratorscanlearn
aboutotherdevicesconnectedtotheswitch,includingdevicetype
(capability)andsomeconfigurationinformation.InVoIPdeploymentsusing
LLDP-MEDontheswitchescoveredinthisguide,additionalsupportuniqueto
VoIPapplicationsisalsoavailable.RefertoLLDP-MED(Media-Endpoint-
Discovery)onpage14-56.
Terminology
AdjacentDevice:RefertoNeighbororNeighborDevice.
Advertisement:SeeLLDPDU.
ActivePort:Aportlinkedtoanotheractivedevice(regardlessofwhether
MSTPisblockingthelink).
ELIN(EmergencyLocationIdentificationNumber): Avalidtelephone
numberintheNorthAmericanNumberingPlanformatandassignedtoa
multilinetelephonesystemoperatorbytheappropriateauthority.This
numbercallsapublicserviceansweringpoint(PSAP)andrelaysautomatic
locationidentificationdatatothePSAP.
LLDP:LinkLayerDiscoveryProtocol:
Switchescoveredinthisguide:IEEE802.1AB
LLDP-Aware:AdevicethathasLLDPinitsoperatingcode,regardlessof
whetherLLDPisenabledordisabled.
LLDPDevice:Aswitch,server,router,orotherdevicerunningLLDP.
14-38
LLDPNeighbor:AnLLDPdevicethatiseitherdirectlyconnectedtoanother
LLDPdeviceorconnectedtothatdevicebyanother,non-LLDPLayer2device
(suchasahub)Notethatan802.1D-compliantswitchdoesnotforwardLLDP
datapacketsevenifitisnotLLDP-aware.
LLDPDU(LLDPDataUnit):LLDPdatapacketaretransmittedonactive
linksandincludemultipleTLVscontainingglobalandper-portswitch
information.Inthisguide,LLDPDUsaretermedadvertisementsor
packets.
LLDP-MED(LinkLayerDiscoverProtocolMediaEndpoint
Discovery):TheTIAtelecommunicationsstandardproducedbyengineering
subcommitteeTR41.4,VoIPSystemsIPTelephonyinfrastructureand
EndpointstoaddressneedsrelatedtodeployingVoIPequipmentinIEEE802-
basedenvironments.ThisstandardwillbepublishedasANSI/TIA-1057.
MIB(ManagementInformationBase):Aninternaldatabasetheswitch
maintainsforconfigurationandperformanceinformation.
MLTS(MultilineTelephoneSystem):Anetwork-basedand/orpremises-
basedtelephonesystemhavingacommoninterfacewiththepublicswitched
telephonesystemandhavingmultipletelephonelines,commoncontrolunits,
multipletelephonesets,andcontrolhardwareandsoftware.
NANP(NorthAmericanNumberingPlan):Aten-digittelephonenumber
formatwherethefirstthreedigitsareanareacodeandthelastseven-digits
arealocaltelephonenumber.
Neighbor:SeeLLDPNeighbor.
Non-LLDPDevice:AdevicethatisnotcapableofLLDPoperation.
PD(PoweredDevice): ThisisanIEEE802.3af-compliantdevicethat
receivesitspowerthroughadirectconnectiontoa10/100Base-TXPoERJ-45
portinaProCurvefixed-portorchassis-basedswitch.ExamplesofPDs
includeVoice-over-IP(VoIP)telephones,wirelessaccesspoints,andremote
videocameras.
PSAP(PublicSafetyAnsweringPoint):PSAPsaretypicallyemergency
telephonefacilitiesestablishedasafirstpointtoreceiveemergency(911)calls
andtodispatchemergencyresponseservicessuchaspolice,fireand
emergencymedicalservices.
PSE(Power-SourcingEquipment):APSE,suchasaPoEmoduleinstalled
inaswitchcoveredinthisguide,providespowertoIEEE802.3af-compliant
PDsdirectlyconnectedtotheportsonthemodule.
14-39
TLV(Type-Length-Value):Adataunitthatincludesadatatypefield,adata
unitlengthfield(inbytes),andafieldcontainingtheactualdatatheunitis
designedtocarry(asanalphanumericstring,abitmap,orasubgroupof
information).SomeTLVsincludesubelementsthatoccurasseparatedata
pointsindisplaysofinformationmaintainedbytheswitchforLLDP
advertisements.(Thatis,someTLVsincludemultipledatapointsor
subelements.)
GeneralLLDPOperation
AnLLDPpacketcontainsdataaboutthetransmittingswitchandport.The
switchadvertisesitselftoadjacent(neighbor)devicesbytransmittingLLDP
datapacketsoutallportsonwhichoutboundLLDPisenabled,andreading
LLDPadvertisementsfromneighbordevicesonportsthatareinboundLLDP-
enabled.(LLDPisaone-wayprotocolanddoesnotincludeany
acknowledgementmechanism.) AnLLDP-enabledportreceivingLLDP
packetsinboundfromneighbordevicesstoresthepacketdatainaNeighbor
database(MIB).
LLDP-MED
ThiscapabilityisanextensiontoLLDPandisavailableontheswitches
coveredinthisguide.RefertoLLDP-MED(Media-Endpoint-Discovery)on
page14-56.
PacketBoundariesinaNetworkTopology
WheremultipleLLDPdevicesaredirectlyconnected,anoutboundLLDP
packettravelsonlytothenextLLDPdevice.AnLLDP-capabledevicedoes
notforwardLLDPpacketstoanyotherdevices,regardlessofwhether
theyareLLDP-enabled.
AninterveninghuborrepeaterforwardstheLLDPpacketsitreceivesin
thesamemannerasanyothermulticastpacketsitreceives.Thus,two
LLDPswitchesjoinedbyahuborrepeaterhandleLLDPtrafficinthesame
waythattheywouldifdirectlyconnected.
Anyintervening802.1DdeviceorLayer-3devicethatiseitherLLDP-
unawareorhasdisabledLLDPoperationdropsthepacket.
14-40
ConfigurationOptions
EnableorDisableLLDPontheSwitch.Inthedefaultconfiguration,
LLDPisgloballyenabledontheswitch.Topreventtransmissionorreceiptof
LLDPtraffic,youcandisableLLDPoperation(page14-41)
EnableorDisableLLDP-MED. Inthedefaultconfigurationforthe
switchescoveredinthisguide,LLDP-MEDisenabledbydefault.(Requiresthat
LLDPisalsoenabled.)Formoreinformation,refertoLLDP-MED(Media-
Endpoint-Discovery)onpage14-56.
ChangetheFrequencyofLLDPPacketTransmissiontoNeighbor
Devices. Onaglobalbasis,youcanincreaseordecreasethefrequencyof
outboundLLDPadvertisements(page14-41).
ChangetheTime-To-LiveforLLDPPacketsSenttoNeighbors.Ona
globalbasis,youcanincreaseordecreasethetimethattheinformationinan
LLDPpacketoutboundfromtheswitchwillbemaintainedinaneighborLLDP
device(page14-41).
TransmitandReceiveMode. WithLLDPenabled,theswitchperiodically
transmitsanLLDPadvertisement(packet)outeachactiveportenabledfor
outboundLLDPtransmissions,andreceivesLLDPadvertisementsoneach
activeportenabledtoreceiveLLDPtraffic(page14-52).Per-Port
configurationoptionsincludefourmodes:
TransmitandReceive(tx_rx):Thisisthedefaultsettingonallports.It
enablesagivenporttobothtransmitandreceiveLLDPpackets,andto
storethedatafromreceived(inbound)LLDPpacketsintheswitchsMIB.
Transmitonly(txonly):ThissettingenablesaporttotransmitLLDP
packetsthatcanbereadbyLLDPneighbors.However,theportdrops
inboundLLDPpacketsfromLLDPneighborswithoutreadingthem.This
preventstheswitchfromlearningaboutLLDPneighborsonthatport.
Receiveonly(rxonly):ThissettingenablesaporttoreceiveandreadLLDP
packetsfromLLDPneighbors,andtostorethepacketdataintheswitchs
MIB.However,theportdoesnottransmitoutboundLLDPpackets.This
preventsLLDPneighborsfromlearningabouttheswitchthroughthat
port.
Disable(disable):ThissettingdisablesLLDPpackettransmissionsand
receptiononaport.Inthisstate,theswitchdoesnotusetheportforeither
learningaboutLLDPneighborsorinformingLLDPneighborsofitspres-
ence.
14-41
SNMPNotification.Youcanenabletheswitchtosendanotificationtoany
configuredSNMPtrapreceiver(s)whentheswitchdetectsaremoteLLDP
datachangeonanLLDP-enabledport(page14-51).
Per-Port(Outbound)DataOptions. Thefollowingtableliststhe
informationtheswitchcanincludeintheper-port,outboundLLDPpacketsit
generates.Inthedefaultconfiguration,alloutboundLLDPpacketsinclude
thisinformationintheTLVstransmittedtoneighbordevices.However,you
canconfigureLLDPadvertisementsonaper-portbasistoomitsomeofthis
information(page14-53).
Table14-3.DataAvailableforBasicLLDPAdvertisements
DataType Configuration
Options
Default Description
Time-to-Live Seenote1. 120Seconds ThelengthoftimeanLLDPneighborretainstheadvertised
databeforediscardingit.
ChassisType
2,6
N/A AlwaysEnabled IndicatesthetypeofidentifierusedforChassisID.
ChassisID
6
N/A AlwaysEnabled UsesbaseMACaddressoftheswitch.
PortType
3,6
N/A AlwaysEnabled UsesLocal,meaningassignedlocallybyLLDP.
PortId
6
N/A AlwaysEnabled Usesportnumberofthephysicalport.Intheswitches
coveredinthisguide,thisisaninternalnumberreflecting
thereservedslot/portpositioninthechassis.Formore
informationonthisnumberingscheme,refertofiguresD-2
andD-3inAppendixD,MACAddressManagementofthe
ManagementandConfigurationGuideforyourswitch.
RemoteManagement
Address
Type
4,6
N/A AlwaysEnabled Showsthenetworkaddresstype.
Address
4
Defaultor Usesadefaultaddressselectionmethodunlessanoptionaladdressis
Configured configured.SeeRemoteManagementAddressonpage14-43.
SystemName
6
Enable/Disable Enabled Usestheswitchsassignedname.
SystemDescription
6
Enable/Disable Enabled Includesswitchmodelnameandrunningsoftwareversion,
andROMversion.
PortDescription
6
Enable/Disable Enabled Usesthephysicalportidentifier.
Systemcapabilities Enable/Disable Enabled Identifiestheswitchsprimarycapabilities(bridge,router).
supported
5,6
14-42
DataType Configuration
Options
Default Description
Systemcapabilities Enable/Disable Enabled Identifiestheprimaryswitchfunctionsthatareenabled,
enabled
5,6
suchasrouting.
1
ThePacketTime-to-LivevalueisincludedinLLDPdatapackets.(RefertoChangingtheTime-to-LiveforTransmitted
Advertisementsonpage14-49.)
2
SubelementoftheChassisIDTLV.
3
SubelementofthePortIDTLV.
4
SubelementoftheRemote-Management-AddressTLV.
5
SubelementoftheSystemCapabilityTLV.
6
Populatedwithdatacapturedinternallybytheswitch.Formoreonthesedatatypes,refertotheIEEEP802.1ABStandard.
RemoteManagementAddress.TheswitchalwaysincludesanIPaddress
initsLLDPadvertisements.Thiscanbeeitheranaddressselectedbyadefault
process,oranaddressconfiguredforinclusioninadvertisements.RefertoIP
AddressAdvertisementsonpage14-44.
DebugLogging. YoucanenableLLDPdebugloggingtoaconfigureddebug
destination(Syslogserverand/oraterminaldevice)byexecutingthedebug
lldpcommand.(FormoreonDebugandSyslog,refertotheTroubleshooting
appendixinthisguide.)NotethattheswitchsEventLogdoesnotrecordusual
LLDPupdatemessages.
OptionsforReadingLLDPInformationCollectedbythe
Switch
YoucanextractLLDPinformationfromtheswitchtoidentifyadjacentLLDP
devices.Optionsinclude:
Usingtheswitchsshowlldpinfocommandoptionstodisplaydata
collectedonadjacentLLDPdevicesaswellasthelocaldatathe
switchistransmittingtoadjacentLLDPdevices(page14-45).
UsinganSNMPapplicationthatisdesignedtoquerytheNeighbors
MIBforLLDPdatatouseindevicediscoveryandtopologymapping.
3400/6400only?
UsingthewalkmibcommandtodisplayalistingoftheLLDPMIB
objects
14-43
LLDPandLLDP-MEDStandardsCompatibility
Theoperationcoveredbythissectioniscompatiblewiththesestandards:
IEEEP802.1AB
RFC2922(PTOPO,orPhysicalTopologyMIB)
RFC2737(EntityMIB)
RFC2863(InterfacesMIB)
ANSI/TIA-1057/D6(LLDP-MED;refertoLLDP-MED(Media-Endpoint-
Discovery)onpage14-56.)
LLDPOperatingRules
(ForadditionalinformationspecifictoLLDP-MEDoperation,refertoLLDP-
MED(Media-Endpoint-Discovery)onpage14-56.)
PortTrunking. LLDPmanagestrunkedportsindividually.Thatis,trunked
portsareconfiguredindividuallyforLLDPoperation,inthesamemanneras
non-trunkedports.Also,LLDPsendsseparateadvertisementsoneachportin
atrunk,andnotonaper-trunkbasis.Similarly,LLDPdatareceivedthrough
trunkedportsisstoredindividually,per-port.
IPAddressAdvertisements.Inthedefaultoperation,ifaportbelongsto
onlyonestaticVLAN,thentheportadvertisesthelowest-orderIPaddress
configuredonthatVLAN.IfaportbelongstomultipleVLANs,thentheport
advertisesthelowest-orderIPaddressconfiguredontheVLANwiththe
lowestVID.IfthequalifyingVLANdoesnothaveanIPaddress,theport
advertises127.0.0.1asitsIPaddress.Forexample,iftheportisamemberof
thedefaultVLAN(VID=1),andthereisanIPaddressconfiguredforthe
defaultVLAN,thentheportadvertisesthisIPaddress.Inthedefaultoperation,
theIPaddressthatLLDPusescanbeanaddressacquiredbyDHCPorBootp.
Youcanoverridethedefaultoperationbyconfiguringtheporttoadvertise
anyIPaddressthatismanuallyconfiguredontheswitch,eveniftheportdoes
notbelongtotheVLANconfiguredwiththeselectedIPaddress(page14-53).
(NotethatLLDPcannotbeconfiguredthroughtheCLItoadvertisean
addressesacquiredthroughDHCPorBootp.However,asmentionedabove,
inthedefaultLLDPconfiguration,ifthelowest-orderIPaddressontheVLAN
withthelowestVIDforagivenportisaDHCPorBootpaddress,thenthe
switchincludesthisaddressinitsLLDPadvertisementsunlessanother
addressisconfiguredforadvertisementsonthatport.)Also,althoughLLDP
allowsconfiguringmultipleremotemanagementaddressesonaport,onlythe
lowest-orderaddressconfiguredontheportwillbeincludedinoutbound
14-44
advertisements.AttemptingtousetheCLItoconfigureLLDPwithanIP
addressthatiseithernotconfiguredonaVLAN,orhasbeenacquiredbyDHCP
orBootpresultsinthefollowingerrormessage.
xxx. xxx. xxx. xxx: Thi s I P addr ess i s not conf i gur ed or i s
a DHCP addr ess.
Spanning-TreeBlocking.SpanningtreedoesnotpreventLLDPpacket
transmissionorreceiptonSTP-blockedlinks.
802.1XBlocking. Portsblockedby802.1Xoperationdonotallow
transmissionorreceiptofLLDPpackets.
ConfiguringLLDPOperation
Inthedefaultconfiguration,LLDPisenabledandinbothtransmitandreceive
modeonallactiveports.TheLLDPconfigurationincludesglobalsettingsthat
applytoallactiveportsontheswitch,andper-portsettingsthataffectonly
theoperationofthespecifiedports.
ThecommandsinthissectionaffectbothLLDPandLLDP-MEDoperation.for
informationonoperationandconfigurationuniquetoLLDP-MED,referto
LLDP-MED(Media-Endpoint-Discovery)onpage14-56.
Command Page
showlldpconfig 14-47
[no]lldprun 14-48
lldprefresh-interval 14-48
lldpholdtime-multiplier 14-49
lldpTxDelay 14-49
lldpReinitDelay 14-50
lldpenable-notification 14-51
lldpnotificationinterval 14-52
lldpadmin-status<txonly|rxonly|tx_rx|disable> 14-52
lldpconfig<port-list>IpAddrEnable 14-53
lldpconfig<port-list>basicTlvEnable 14-54
lldpconfig<port-list>dot3TlvEnable<macphy_config> 14-56
14-45
ViewingtheCurrentConfiguration
DisplayingtheGlobalLLDP,PortAdmin,andSNMPNotification
Status. ThiscommanddisplaystheswitchsgeneralLLDPconfiguration
status,includingsomeper-portinformationaffectingadvertisementtraffic
andtrapnotifications.
Syntax showlldpconfig
DisplaystheLLDPglobalconfiguration,LLDPportstatus,and
SNMPnotificationstatus.Forinformationonportadminstatus,
refertoConfiguringPer-PortTransmitandReceiveModeson
page14-52.
Forexample,showlldpconfigproducesthefollowingdisplaywhentheswitch
isinthedefaultLLDPconfiguration:
Med Topol ogy Tr ap Enabl ed
- - - - - - - - - - - - - - - - - - - - - - - - -
Fal se
Tr ue
Fal se
Fal se
Tr ue
Fal se
Fal se
Note:Thisvaluecorrespondsto
thelldprefresh-interval
command(page14-48).
Figure14-17.ExampleofViewingtheGeneralLLDPConfiguration
14-46
DisplayingPortConfigurationDetails. Thiscommanddisplaystheport-
specificconfiguration,including.
Syntax showlldpconfig<port-list>
DisplaystheLLDPport-specificconfigurationforallportsin
<port-list>,includingwhichoptionalTLVsandanynon-default
IPaddressthatareincludedintheportsoutbound
advertisements.Forinformationonthenotificationsetting,
refertoConfiguringSNMPNotificationSupportonpage
14-51.Forinformationontheotherconfigurablesettings
displayedbythiscommand,refertoConfiguringPer-Port
TransmitandReceiveModesonpage14-52.
TheblankIpAddressfieldindicatesthatthe
defaultIPaddresswillbeadvertisedfromthis
port.(Refertopage14-53:ConfiguringaRemote
ManagementAddressforOutboundLLDP
Advertisements
Thisfieldappearswhendot3tlvenableisenabled
ontheswitch,whichisthedefaultsetting.
Thesefieldsappearwhenmedtlvenableis
enabledontheswitch,whichisthedefault
setting.
Figure14-18.ExampleofPer-PortConfigurationDisplay
ConfiguringGlobalLLDPPacketControls
ThecommandsinthissectionconfiguretheaspectsofLLDPoperationthat
applythesametoallportsintheswitch.
14-47
EnablingorDisablingLLDPOperationontheSwitch. EnablingLLDP
operation(thedefault)causestheswitchto:
Useactive,LLDP-enabledportstotransmitLLDPpacketsdescribingitself
toneighbordevices.
AddentriestoitsneighborstablebasedondatareadfromincomingLLDP
advertisements.
Syntax [no]lldprun
EnablesordisablesLLDPoperationontheswitch.Thenoform
ofthecommand,regardlessofindividualLLDPport
configurations,preventstheswitchfromtransmittingoutbound
LLDPadvertisements,andcausestheswitchtodropallLLDP
advertisementsreceivedfromotherdevices.Theswitch
preservesthecurrentLLDPconfigurationwhenLLDPis
disabled.AfterLLDPisdisabled,theinformationintheLLDP
neighborsdatabaseremainsuntilittimes-out.(Default:
Enabled)
Forexample,todisableLLDPontheswitch:
Pr oCur ve( conf i g) # no l l dp r un
ChangingthePacketTransmissionInterval. Thisintervalcontrolshow
oftenactiveportsretransmitadvertisementstotheirneighbors.
Syntax lldprefresh-interval<5-32768>
Changestheintervalbetweenconsecutivetransmissionsof
LLDPadvertisementsonanygivenport.(Default:30seconds)
Note:Therefresh-intervalmustbegreaterthanorequalto
(4xdelay-interval).(Thedefaultdelay-intervalis2).Forexample,
withthedefaultdelay-interval,thelowestrefresh-intervalyoucan
useis8seconds(4x2=8).Thus,ifyouwantarefresh-intervalof
5seconds,youmustfirstchangethedelayintervalto1(thatis,
4x1<5).Ifyouwanttochangethedelay-interval,usethesetmib
command.
14-48
ChangingtheTime-to-LiveforTransmittedAdvertisements.The
Time-to-Livevalue(inseconds)forallLLDPadvertisementstransmittedfrom
aswitchiscontrolledbytheswitchthatgeneratestheadvertisement,and
determineshowlonganLLDPneighborretainstheadvertiseddatabefore
discardingit.TheTime-to-Livevalueistheresultofmultiplyingtherefresh-
intervalbytheholdtime-multiplierdescribedbelow.
Syntax lldpholdtime-multiplier<2-10>
ChangesthemultiplieranLLDPswitchusestocalculatethe
Time-to-LivefortheLLDPadvertisementsitgeneratesand
transmitstoLLDPneighbors.WhentheTime-to-Liveforagiven
advertisementexpirestheadvertiseddataisdeletedfromthe
neighborswitchsMIB.(Default:4;Range:2-10)
Forexample,iftherefresh-intervalontheswitchis15secondsandthe
holdtime-multiplierisatthedefault,theTime-to-Liveforadvertisements
transmittedfromtheswitchis60seconds(4x15).ToreducetheTime-to-Live,
youcouldlowertheholdtime-intervalto2,whichwouldresultinaTime-to-
Liveof30seconds.
Pr oCur ve( conf i g) # l l dp hol dt i me- mul t i pl i er 2
ChangingtheDelayIntervalBetweenAdvertisementsGeneratedby
ValueorStatusChangestotheLLDPMIB.Theswitchusesadelay-
intervalsettingtodelaytransmittingsuccessiveadvertisementsresulting
fromtheseLLDPMIBchanges.Ifaswitchissubjecttofrequentchangesto
itsLLDPMIB,lengtheningthisintervalcanreducethefrequencyofsuccessive
advertisements.Thedelay-intervalcanbechangedusingeitheranSNMP
networkmanagementapplicationortheCLIsetmibcommand.
14-49
Syntax setmiblldpTxDelay.0-i<1-8192>
Usessetmibtochangetheminimumtime(delay-interval)any
LLDPportwilldelayadvertisingsuccessiveLLDP
advertisementsduetoachangeinLLDPMIBcontent.(Default:
2;Range:1-8192)
Note:TheLLDPrefresh-interval(transmitinterval)mustbe
greaterthanorequalto(4xdelay-interval).Theswitchdoes
notallowincreasingthedelayintervaltoavaluethatconflicts
withthisrelationship.Thatis,theswitchdisplaysInconsistent
valueif(4xdelay-interval)exceedsthecurrenttransmit
interval,andthecommandfails.Dependingonthecurrent
refresh-intervalsetting,itmaybenecessarytoincreasethe
refresh-intervalbeforeusingthiscommandtoincreasethe
delay-interval.
Forexample,tochangethedelay-intervalfrom2secondsto8secondswhen
therefresh-intervalisatthedefault30seconds,youmustfirstsettherefresh-
intervaltoaminimumof32seconds(32=4x8).
Figure14-19.ExampleofChangingtheTransmit-DelayInterval
Attempttochangethetransmit-delay
intervalshowsthattherefresh-
intervalislessthan(4xdelay-interval).
Changestherefresh-intervalto32;thatis:
32=4x(desiredtransmit-delayinterval)
Successfullychangesthetransmit-
delayintervalto8.
ChangingtheReinitializationDelayInterval.Inthedefault
configuration,aportreceivingadisablecommandfollowedimmediatelybya
txonly,rxonly,ortx_rxcommanddelaysreinitializingfortwoseconds,during
whichtimeLLDPoperationremainsdisabled.Ifanactiveportissubjectedto
frequenttogglingbetweentheLLDPdisabledandenabledstates,LLDP
advertisementsaremorefrequentlytransmittedtotheneighbordevice.Also,
theneighbortableintheadjacentdevicewillchangemorefrequently,asit
deletes,thenreplacesLLDPdatafortheaffectedportwhich,inturn,generates
SNMPtraps(iftrapreceiversandSNMPnotificationareconfigured).Allof
thiscanunnecessarilyincreasenetworktraffic.Extendingthereinitialization-
14-50
delayintervaldelaystheportsabilitytoreinitializeandgenerateLLDPtraffic
followinganLLDPdisable/enablecycle.
Syntax setmiblldpReinitDelay.0-i<1-10>
Usessetmibtochangetheminimumtime(reinitializationdelay
interval)anLLDPportwillwaitbeforereinitializingafter
receivinganLLDPdisablecommandfollowedcloselybya
txonlyortx_rxcommand.Thedelayintervalcommenceswith
executionofthelldpadmin-status<port-list>disablecommand.
(Default:2seconds;Range:1-10seconds)
Forexample,thefollowingcommandchangesthereinitializationdelay
intervaltofiveseconds:
Pr oCur ve( conf i g) # set mi b l l dpr ei ni t del ay. 0 - i 5
ConfiguringSNMPNotificationSupport
YoucanenableSNMPtrapnotificationofLLDPdatachangesdetectedon
advertisementsreceivedfromneighbordevices,andcontroltheinterval
betweensuccessivenotificationsofdatachangesonthesameneighbor.
EnablingLLDPDataChangeNotificationforSNMPTrapReceivers.
Syntax [no]lldpenable-notification<port-list>
Enablesordisableseachportin<port-list>forsending
notificationtoconfiguredSNMPtrapreceiver(s)ifanLLDPdata
changeisdetectedinanadvertisementreceivedontheportfrom
anLLDPneighbor.(Default:Disabled)
Forinformationonconfiguringtrapreceiversintheswitch,refer
toSNMPNotificationsonpage14-17.
Forexample,thiscommandenablesSNMPnotificationonports1-5:
Pr oCur ve( conf i g) # l l dp enabl e- not i f i cat i on 1- 5
14-51
ChangingtheMinimumIntervalforSuccessiveDataChange
NotificationsfortheSameNeighbor.
IfLLDPtrapnotificationisenabledonaport,arapidsuccessionofchanges
inLLDPinformationreceivedinadvertisementsfromoneormoreneighbors
cangenerateahighnumberoftraps.Toreducethiseffect,youcanglobally
changetheintervalbetweensuccessivenotificationsofneighbordatachange.
Syntax setmiblldpnotificationinterval.0-i<1-3600>
Globallychangestheintervalbetweensuccessivetraps
generatedbytheswitch.Ifmultipletrapsaregeneratedinthe
specifiedinterval,onlythefirsttrapwillbesent.Theremaining
trapswillbesuppressed.(Anetworkmanagementapplication
canperiodicallychecktheswitchMIBtodetectanymissed
changenotificationtraps.RefertoIEEEP802.1ABorlaterfor
moreinformation.)(Default:5seconds)
Forexample,thefollowingcommandlimitschangenotificationtrapsfroma
particularswitchtooneperminute.
Pr oCur ve( conf i g) #set mi b l l dpnot i f i cat i oni nt er val . 0 - i 60
l l dpNot i f i cat i onI nt er val . 0 = 60
ConfiguringPer-PortTransmitandReceiveModes
Thesecommandscontroladvertisementtrafficinboundandoutboundon
activeports.
Syntax lldpadmin-status<port-list><txonly|rxonly|tx_rx|disable>
WithLLDPenabledontheswitchinthedefaultconfiguration,
eachportisconfiguredtotransmitandreceiveLLDPpackets.
Theseoptionsenableyoutocontrolwhichportsparticipatein
LLDPtrafficandwhethertheparticipatingportsallowLLDP
trafficinonlyonedirectionorinbothdirections.
txonly:Configuresthespecifiedport(s)totransmitLLDPpack-
ets,butblockinboundLLDPpacketsfromneighbordevices.
rxonly:Configuresthespecifiedport(s)toreceiveLLDPpackets
fromneighbors,butblockoutboundpacketstoneighbors.
tx_rx:Configuresthespecifiedport(s)tobothtransmitand
receiveLLDPpackets.(Thisisthedefaultsetting.)
disable:DisablesLLDPpackettransmitandreceiveonthe
specifiedport(s).
14-52
ConfiguringBasicLLDPPer-PortAdvertisementContent
InthedefaultLLDPconfiguration,outboundadvertisementsfromeachport
ontheswitchincludebothmandatoryandoptionaldata.
MandatoryData.AnactiveLLDPportontheswitchalwaysincludesthe
mandatorydatainitsoutboundadvertisements.LLDPcollectsthemandatory
data,and,exceptfortheRemoteManagementAddress,youcannotuseLLDP
commandstoconfiguretheactualdata.
ChassisType(TLVsubelement)
ChassisID(TLV)
PortType(TLVsubelement)
PortID(TLV)
RemoteManagementAddress(TLV;actualIPaddressisasubelementthat
canbeadefaultaddressoraconfiguredaddress)
ConfiguringaRemoteManagementAddressforOutboundLLDP
Advertisements.Thisisanoptionalcommandyoucanusetoincludea
specificIPaddressintheoutboundLLDPadvertisementsforspecificports.
Syntax [no]lldpconfig<port-list>ipAddrEnable<ip-address>
ReplacesthedefaultIPaddressfortheportwithanIP
addressyouspecify.ThiscanbeanyIPaddressconfigured
inastaticVLANontheswitch,eveniftheportdoesnot
belongtotheVLANconfiguredwiththeselectedIPaddress.
ThenoformofthecommanddeletesthespecifiedIP
address.IftherearenoIPaddressesconfiguredas
managementaddresses,thentheIPaddressselection
methodreturnstothedefaultoperation.(Default:Theport
advertisestheIPaddressofthelowest-numberedVLAN
(VID)towhichitbelongs.IfthereisnoIPaddressconfigured
ontheVLAN(s)towhichtheportbelongs,andtheportis
notconfiguredtoadvertiseanIPaddressfromanyother
(static)VLANontheswitch,thentheportadvertisesan
addressof127.0.0.1.)
Note:ThiscommanddoesnotaccepteitherIPaddresses
acquiredthroughDHCPorBootp,orIPaddressesthatare
notconfiguredinastaticVLANontheswitch
14-53
Forexample,ifport3belongstoasubnettedVLANthatincludesanIPaddress
of10.10.10.100andyouwantedport3tousethissecondaryaddressinLLDP
advertisements,youwouldneedtoexecutethefollowingcommand:
Pr oCur ve( conf i g) #l l dp conf i g 3 i pAddr Enabl e 10. 10. 10. 100
OptionalData. Youcanconfigureanindividualportorgroupofportsto
excludeoneormoreofthesedatatypesfromoutboundLLDPadvertisements.
Notethatoptionaldatatypes,whenenabled,arepopulatedwithdatainternal
totheswitch;thatis,youcannotuseLLDPcommandstoconfiguretheiractual
content.
portdescription(TLV)
systemname(TLV)
systemdescription(TLV)
systemcapabilities(TLV)
systemcapabilitiesSupported(TLVsubelement)
systemcapabilitiesEnabled(TLVsubelement)
portspeedandduplex(TLVsubelement)
Syntax: [no]lldpconfig<port-list>basicTlvEnable<TLV-Type>
port_descr
ForoutboundLLDPadvertisements,thisTLVincludesan
alphanumericstringdescribingtheport.
(Default:Enabled)
system_name
alphanumericstringshowingthesystemsassignedname.
(Default:Enabled)
system_descr
alphanumericstringdescribingthefullnameandversion
identificationforthesystemshardwaretype,software
version,andnetworkingapplication.
(Default:Enabled)
14-54
system_cap
Foroutboundadvertisements,thisTLVincludesa
bitmaskofsupportedsystemcapabilities(device
functions).Alsoincludesinformationonwhetherthe
capabilitiesareenabled.
(Default:Enabled)
Forexample,ifyouwantedtoexcludethesystemnameTLVfromthe
outboundLLDPadvertisementsforallportsonaswitch,youwouldusethis
command:
Pr oCur ve( conf i g) # no l l dp conf i g 1- 24 basi cTl vEnabl e
syst em_name
IfyoulaterdecidedtoreinstatethesystemnameTLVonports1-5,youwould
usethiscommand:
Pr oCur ve( conf i g) # l l dp conf i g 1- 5 basi cTl vEnabl e
syst em_name
Advertisements
ThisfeatureisoptionalforLLDPoperation,butisrequiredforLLDP-MED
operation.
Portspeedandduplexadvertisementsaresupportedontheswitchescovered
inthisguidetoinformanLLDPendpointandtheswitchportofeachothers
portspeedandduplexconfigurationandcapabilities.Configuration
mismatchesbetweenaswitchportandanLLDPendpointcanresultin
excessivecollisionsandvoicequalitydegradation.LLDPenablesdiscoveryof
suchmismatchesbysupportingSNMPaccesstotheswitchMIBforcomparing
thecurrentswitchportandendpointsettings.(Changingacurrentdevice
configurationtoeliminateamismatchrequiresinterventionbythesystem
operator.)
14-55
Syntax: [no]lldpconfig<port-list>dot3TlvEnablemacphy_config
Foroutboundadvertisements,thisTLVincludesthe
(local)switchportscurrentspeedandduplexsettings,the
rangeofspeedandduplexsettingstheportsupports,and
themethodrequiredforreconfiguringthespeedand
duplexsettingsonthedevice(auto-negotiationduring
linkinitialization,ormanualconfiguration).
UsingSNMPtocomparelocalandremoteinformationcan
helpinlocatingconfigurationmismatches.
(Default:Enabled)
Note: ForLLDPoperation,thisTLVisoptional.For
LLDP-MEDoperation,thisTLVismandatory.
Asmentionedabove,anSNMPnetworkmanagementapplicationcanbeused
tocomparetheportspeedandduplexdataconfiguredintheswitchand
advertisedbytheLLDPendpoint.YoucanalsousetheCLItodisplaythis
information.FormoreonusingtheCLItodisplayportspeedandduplex
information,refertoDisplayingtheCurrentPortSpeedandDuplex
ConfigurationonaSwitchPortonpage14-72.
LLDP-MED(Media-Endpoint-Discovery)
LLDP-MED(ANSI/TIA-1057/D6)extendstheLLDP(IEEE802.1AB)industry
standardtosupportadvancedfeaturesonthenetworkedgeforVoiceOverIP
(VoIP)endpointdeviceswithspecializedcapabilitiesandLLDP-MED
standards-basedfunctionality.LLDP-MEDintheswitchesusesthestandard
LLDPcommandsdescribedearlierinthissection,withsomeextensions,and
alsointroducesnewcommandsuniquetoLLDP-MEDoperation.Theshow
commandsdescribedelsewhereinthissectionareapplicabletobothLLDP
andLLDP-MEDoperation.LLDP-MEDbenefitsinclude:
plug-and-playprovisioningforMED-capable,VoIPendpointdevices
simplified,vendor-independentmanagementenablingdifferentIP
telephonysystemstointeroperateononenetwork
automaticdeploymentofconvergencenetworkpolicies(voice
VLANs,Layer2/CoSpriority,andLayer3/QoSpriority)
configurableendpointlocationdatatosupporttheEmergencyCall
Service(ECS)(suchasEnhanced911service,999,112)
detailedVoIPendpointdatainventoryreadableviaSNMPfromthe
switch
14-56
IP Network
Infrastructure
(IEEE 802 LAN)
IP Network
Infrastructure
(IEEE 802 LAN)
IP Network
Infrastructure
(IEEE 802 LAN)
PoweroverEthernet(PoE)statusandtroubleshootingsupportvia
SNMP
supportforIPtelephonynetworktroubleshootingofcallquality
issuesviaSNMP
ThissectiondescribeshowtoconfigureanduseLLDP-MEDfeaturesinthe
switchestosupportVoIPnetworkedgedevices(MediaEndpointDevices)
suchas:
IPphones
voice/mediagateways
mediaservers
IPcommunicationscontrollers
otherVoIPdevicesorservers
IP Network
Infrastructure
(IEEE 802 LAN)
SwitchesProvidingNetwork
AccesstoLLDP-MEDEndpoints
LLDP-MEDClass1GenericEndpoints
SuchAsIPCallControlDevices
LLDP-MEDClass2MediaEndpointsSuchAs
MediaGateways,ConferenceBridges,and
otherDevicesSupportingIPMediaStreams
LLDP-MEDClass3End-UserIPCommunication
DevicesSuchAsVoIPTelephones
Figure14-20.ExampleofLLDP-MEDNetworkElements
LLDP-MEDEndpointSupport. LLDP-MEDontheswitchescoveredinthis
guideinteroperateswithdirectlyconnectedIPtelephony(endpoint)clients
havingthesefeaturesandservices:
abletoautonegotiatespeedandduplexconfigurationwiththeswitch
14-57
abletousethefollowingnetworkpolicyelementsconfiguredonthe
clientport
voiceVLAN ID
802.1p(Layer2)QoS
Diffservcodepoint(DSCP)(Layer3)QoS
discoverandadvertisedevicelocationdatalearnedfromtheswitch
supportemergencycallservice(ECSsuchasE911,999,and112)
advertisedeviceinformationforthedevicedatainventorycollected
bytheswitch,including:
hardwarerevision serialnumber assetID
firmwarerevision manufacturername
softwarerevision modelname
provideinformationonnetworkconnectivitycapabilities(for
example,amulti-portVoIPphonewithLayer2switchcapability)
supportthefaststartcapability
Not e LLDP-MEDontheswitchescoveredinthisguideisintendedforusewithVoIP
endpoints,andisnotdesignedtosupportlinksbetweennetwork
infrastructuredevices,suchasswitch-to-switchorswitch-to-routerlinks.
LLDP-MEDEndpointDeviceClasses. LLDP-MEDendpointdevicesare,
bydefinition,locatedatthenetworkedgeandcommunicateusingtheLLDP-
MEDframework.AnyLLDP-MEDendpointdevicebelongstooneofthe
followingthreeclasses:
Class1(GenericEndpointDevices):Thesedevicesofferthebasic
LLDPdiscoveryservices,networkpolicyadvertisement(VLANID,
Layer2/802.1ppriority,andLayer3/DSCPpriority),andPoEmanage-
ment.ThisclassincludessuchdevicesasIPcallcontrollersand
communication-relatedservers.
Class2(MediaEndpointDevices):ThesedevicesofferallClass1
featuresplusmediastreamingcapability,andincludesuchdevicesas
voice/mediagateways,conferencebridges,andmediaservers.
14-58
Class3(CommunicationDevices):ThesedevicesaretypicallyIP
phonesorend-userdevicesthatotherwisesupportIPmediaandoffer
allClass1andClass2features,pluslocationidentificationand
emergency911capability,Layer2switchsupport,anddeviceinfor-
mationmanagement.
LLDP-MEDOperationalSupport.Theswitchescoveredinthisguideoffer
twoconfigurableTLVssupportingMED-specificcapabilities:
medTlvEnable(forper-portenablingordisablingofLLDP-MEDopera-
tion)
medPortLocation(forconfiguringper-portlocationoremergencycall
data)
Not e LLDP-MEDoperationalsorequirestheportspeedandduplexTLV
(dot3TlvEnable;page14-56),whichisenabledinthedefaultconfiguration.
LLDP-MEDTopologyChangeNotification
ThisoptionalfeatureprovidesinformationanSNMPapplicationcanuseto
trackLLDP-MEDconnectsanddisconnects.
14-59
Syntax: lldptop-change-notify<port-list>
Topologychangenotification,whenenabledonanLLDPport,
causestheswitchtosendanSNMPtrapifitdetectsLLDP-
MEDendpointconnectionordisconnectionactivityonthe
port,oranage-outoftheLLDP-MEDneighborontheport.The
trapincludesthefollowinginformation:
theportnumber(internal)onwhichtheactivitywas
detected(Formoreininternalportnumbers,referto
DeterminingtheSwitchPortNumberIncludedin
TopologyChangeNotificationTrapsonpage14-78.)
theLLDP-MEDclassofthedevicedetectedontheport
(LLDP-MEDEndpointDeviceClassesonpage14-58.)
Theshowrunningcommandshowswhetherthetopology
changenotificationfeatureisenabledordisabled.For
example,ifportsA1-A10havetopologychangenotification
enabled,thefollowingentryappearsintheshowrunning
output:
l l dp t op- change- not i f y A1- A10
(Default:Disabled)
Note: Tosendtraps,thisfeaturerequiresaccesstoatleast
oneSNMPserver.Forinformationonconfiguringtraps,
refertoSNMPNotificationsonpage14-17.
Also,ifadetectedLLDP-MEDneighborbeginssending
advertisementswithoutLLDP-MEDTLVs,theswitchsends
atop-change-notifytrap.
Not e Topologychangenotificationsprovideonemethodformonitoringsystem
activity.However,becauseSNMPnormallyemploysUDP,whichdoesnot
guaranteedatagramdelivery,topologychangenotificationshouldnotbe
relieduponasthesolemethodformonitoringcriticalendpointdevice
connectivity.
14-60
LLDP-MEDFastStartControl
Syntax: lldpfast-start-count<1-10>
AnLLDP-MEDdeviceconnectingtoaswitchportmayuse
thedatacontainedintheMEDTLVsfromtheswitchto
configureitself.However,thelldprefresh-intervalsetting
(default:30seconds)fortransmittingadvertisementscan
causeanunacceptabledelayinMEDdeviceconfiguration.
TosupportrapidLLDP-MEDdeviceconfiguration,thelldp
fast-start-countcommandtemporarilyoverridestherefresh-
intervalsettingforthefast-start-countadvertisementinterval.
ThisresultsintheportinitiallyadvertisingLLDP-MEDat
afasterrateforalimitedtime.Thus,whentheswitchdetects
anewLLDP-MEDdeviceonaport,ittransmitsoneLLDP-
MEDadvertisementpersecondouttheportfortheduration
ofthefast-start-countinterval.Inmostcases,thedefault
settingshouldprovideanadequatefast-start-countinterval.
(Range:1-10seconds;Default:5seconds)
Note:Thisglobalcommandappliesonlytoportsonwhicha
newLLDP-MEDdeviceisdetected.Itdoesnotoverridethe
refresh-intervalsettingonportswherenon-MEDdevicesare
detected.
andLocationData
ThemedTlvEnableoptionontheswitchisenabledinthedefaultconfiguration
andsupportsthefollowingLLDP-MEDTLVs:
LLDP-MEDcapabilities:ThisTLVenablestheswitchtodetermine:
whetheraconnectedendpointdevicesupportsLLDP-MED
whichspecificLLDP-MEDTLVstheendpointsupports
thedeviceclass(1,2,or3)fortheconnectedendpoint
ThisTLValsoenablesanLLDP-MEDendpointtodiscoverwhatLLDP-
MEDTLVstheswitchportcurrentlysupports.
networkpolicyoperatingontheporttowhichtheendpointisconnected
(VLAN,Layer2QoS,Layer3QoS)
PoE(MEDPower-over-Ethernet)
physicallocationdatapage14-65
14-61
Not e LLDP-MEDoperationrequiresthemacphy_configTLVsubelementenabled
bydefaultthatisoptionalforIEEE802.1ABLLDPoperation.Refertothe
dot3TlvEnablemacphy_configcommandonpage14-56.
NetworkPolicyAdvertisements.Networkpolicyadvertisementsare
intendedforreal-timevoiceandvideoapplications,andincludetheseTLV
subelements:
Layer2(802.1p)QoS
Layer3DSCP(diffservcodepoint)QoS
VoiceVLANID(VID)
VLANOperatingRules.TheserulesaffectadvertisementsofVLANsin
networkpolicyTLVs:
TheVLANIDTLVsubelementappliesonlytoaVLANconfiguredforvoice
operation(vlan<vid>voice).
IftherearemultiplevoiceVLANsconfiguredonaport,LLDP-MED
advertisesthevoiceVLANhavingthelowestVID.
ThevoiceVLANportmembershipconfiguredontheswitchcanbetagged
oruntagged.However,iftheLLDP-MEDendpointexpectsataggedmem-
bershipwhentheswitchportisconfiguredforuntagged,orthereverse,
thenaconfigurationmismatchresults.(Typically,theendpointexpects
theswitchporttohaveataggedvoiceVLANmembership.)
IfagivenportdoesnotbelongtoavoiceVLAN,thentheswitchdoesnot
advertisetheVLANIDTLVthroughthisport.
PolicyElements. Thesepolicyelementsmaybestaticallyconfiguredonthe
switchordynamicallyimposedduringanauthenticatedsessionontheswitch
usingaRADIUSserverand802.1XorMACauthentication.(Web
authenticationdoesnotapplytoVoIPtelephonesandother
telecommunicationsdevicesthatarenotcapableofaccessingtheswitch
throughaWebbrowser.)TheQoSandvoiceVLANpolicyelementscanbe
staticallyconfiguredwiththefollowingCLIcommands:
vlan<vid>voice
vlan<vid><tagged|untagged><port-list>
int<port-list>qospriority<0-7>
vlan<vid>qosdscp<codepoint>
14-62
Not es Acodepointmusthavean802.1pprioritybeforeyoucanconfigureitforuse
inprioritizingpacketsbyVLAN-ID.IfacodepointyouwanttouseshowsNo
OverrideinthePrioritycolumnoftheDSCPpolicytable(displaywithshowqos-
dscpmap,thenuseqos-dscpmap<codepoint>priority<0-7>toconfigurea
prioritybeforeproceeding.Formoreonthistopic,refertothechaptertitled
QualityofService(QoS):ManagingBandwidthMoreEffectivelyinthe
AdvancedTrafficManagementGuideforyourswitch.
EnablingorDisablingmedTlvEnable.InthedefaultLLDP-MED
configuration,theTLVscontrolledbymedTlvEnableareenabled.
Syntax: [no]lldpconfig<port-list>medTlvEnable<medTlv>
EnablesordisablesadvertisementofthefollowingTLVs
onthespecifiedports:
devicecapabilityTLV
configurednetworkpolicyTLV
configuredlocationdataTLV(RefertoConfiguring
LocationDataforLLDP-MEDDevicesonpage
14-65.)
currentPoEstatusTLV
(Default:AlloftheaboveTLVsareenabled.)
Helpstolocateconfigurationmismatchesbyallowinguse
ofanSNMPapplicationtocomparetheLLDP-MEDcon-
figurationonaportwiththeLLDP-MEDTLVsadvertised
byaneighborconnectedtothatport.
capabilities
ThisTLVenablestheswitchtodetermine:
whichLLDP-MEDTLVsaconnectedendpointcan
discover
thedeviceclass(1,2,or3)fortheconnected
endpoint
ThisTLValsoenablesanLLDP-MEDendpointto
discoverwhatLLDP-MEDTLVstheswitchportcur-
rentlysupports.
(Default:enabled)
Note:ThisTLVcannotbedisabledunlessthe
network_policy,poe,andlocation_idTLVsarealready
disabled.
14-63
network-policy
ThisTLVenablestheswitchporttoadvertiseits
configurednetworkpolicies(voiceVLAN,Layer2QoS,
Layer3QoS),andallowsLLDP-MEDendpointdevicesto
auto-configurethevoicenetworkpolicyadvertisedbythe
switch.ThisalsoenablestheuseofSNMPapplicationsto
troubleshootstaticallyconfiguredendpointnetwork
policymismatches.
(Default:Enabled)
Notes:Networkpolicyisonlyadvertisedforportsthatare
configuredasmembersofthevoiceVLAN.Iftheport
belongstomorethanonevoiceVLAN,thenthevoice
VLANwiththelowest-numberedVIDisselectedasthe
VLANforvoicetraffic.Also,thisTLVcannotbeenabled
unlessthecapabilityTLVisalreadyenabled.
Formoreinformation,refertoNetworkPolicy
Advertisementsonpage14-62
location_id
ThisTLVenablestheswitchporttoadvertiseits
configuredlocationdata(ifany).Formoreon
configuringlocationdata,refertoConfiguringLocation
DataforLLDP-MEDDevices.
(Default:Enabled)
Note: Whendisabled,thisTLVcannotbeenabledunless
thecapabilityTLVisalreadyenabled.
poe
ThisTLVenablestheswitchporttoadvertiseitscurrent
PoE(PoweroverEthernet)stateandtoreadthePoE
requirementsadvertisedbytheLLDP-MEDendpoint
deviceconnectedtotheport.
(Default:Enabled)
Note: Whendisabled,thisTLVcannotbeenabledunless
thecapabilityTLVisalreadyenabled.
Formoreonthistopic,refertoPoEAdvertisements,
below.
14-64
PoEAdvertisements. TheseadvertisementsinformanLLDP-MED
endpointofthepower(PoE)configurationonswitchports.Similar
advertisementsfromanLLDP-MEDendpointinformtheswitchofthe
endpointspowerneedsandprovideinformationthatcanbeusedtoidentify
powerprioritymismatches.
Power-over-EthernetTLVsincludethefollowingpowerdata:
powertype:indicateswhetherthedeviceisapower-sourcingentity
(PSE)orapowereddevice(PD).AMED-capableVoIPtelephoneisaPD.
powersource:indicatesthesourceofpowerinusebythedevice.Power
sourcesforpowereddevices(PDs)includePSE,local(internal),andPSE/
local.TheswitchescoveredinthisguideadvertiseUnknown.
powerpriority:indicatesthepowerpriorityconfiguredontheswitch
(PSE)portorthepowerpriorityconfiguredontheMED-capableend-
point.
powervalue:indicatesthetotalpowerinwattsthataswitchport(PSE)
candeliverataparticulartime,orthetotalpowerinwattsthattheMED
endpoint(PD)requirestooperate.
TodisplaythecurrentpowerdataforanLLDP-MEDdeviceconnectedtoa
port,usethefollowingcommand:
showlldpinforemote-device<port-list>
Formoreonthiscommand,refertopage14-73.
TodisplaythecurrentPoEconfigurationontheswitch,usethefollowing
commands:
showpowerbrief<port-list>
showpower<port-list>
FormoreonPoEconfigurationandoperation,refertoChapter11,Power
OverEthernet(PoE+)Operation.
ConfiguringLocationDataforLLDP-MEDDevices
Youcanconfigureaswitchporttoadvertiselocationdatafortheswitchitself,
thephysicalwall-jacklocationoftheendpoint(recommended),orthe
locationofaDHCPserversupportingtheswitchand/orendpoint.Youalso
havetheoptionofconfiguringthesedifferentaddresstypes:
civicaddress:physicaladdressdatasuchascity,streetnumber,and
buildinginformation
14-65
ELIN(EmergencyLocationIdentificationNumber):anemergency
numbertypicallyassignedtoMLTS(MultilineTelephoneSystemOpera-
tors)inNorthAmerica
coordinate-basedlocation:attitude,longitude,andaltitudeinforma-
tion(RequiresconfigurationviaanSNMPapplication.)
Syntax: [no]lldpconfig<port-list>medPortLocation<Address-Type>
Configureslocationoremergencycalldatatheswitchadvertises
perportinthelocation_idTLV.ThisTLVisforusebyLLDP-
MEDendpointsemployinglocation-basedapplications.
Note:TheswitchallowsonemedPortLocationentryper
port(withoutregardtotype).Configuringanew
medPortLocationentryofanytypeonaportreplaces
anypreviouslyconfiguredentryonthatport.
civic-addr<COUNTRY-STR><WHAT><CA-TYPE><CA-VALUE>...
[<CA-TYPE><CA-VALUE>]...[<CA-TYPE><CA-VALUE>]
Thiscommandenablesconfigurationofaphysical
addressonaswitchport,andallowsupto75characters
ofaddressinformation.
COUNTRY-STR:Atwo-charactercountrycode,asdefinedby
ISO3166.SomeexamplesincludeFR(France),DE
(Germany),andIN(India).Thisfieldisrequiredina
civic-addrcommand.(Foracompletelistofcountrycodes,
visitwww.iso.orgontheworldwideweb.)
WHAT:Asingle-digitnumberspecifyingthetypeofdevice
towhichthelocationdataapplies:
0:LocationofDHCPserver
1:Locationofswitch
2:LocationofLLDP-MEDendpoint(recommended
application)
Thisfieldisrequiredinacivic-addrcommand.
Continued
14-66
Continued
Type/Value Pairs (CA-TYPEandCA-VALUE): Thisisa
seriesofdatapairs,eachcomposedofalocationdata
typespecifierandthecorrespondinglocationdata
forthattype.Thatis,thefirstvalueinapairis
expectedtobethecivicaddresstypenumber(CA-
TYPE),andthesecondvalueinapairisexpectedto
bethecorrespondingcivicaddressdata(CA-VALUE).
Forexample,iftheCA-TYPEforcitynameis3,then
thetype/valuepairtodefinethecityofParisis3
Paris.Multipletype/valuepairscanbeenteredinany
order,althoughitisrecommendedthatmultiple
pairsbeenteredinascendingorderoftheCA-
TYPE.Whenanemergencycallisplacedfroma
properlyconfiguredclass3endpointdevicetoan
appropriatePSAP,thecountrycode,devicetype,and
type/valuepairsconfiguredontheswitchportare
includedinthetransmission.Thetypespecifiers
areusedbythePSAPtoidentifyandorganizethe
locationdatacomponentsinanunderstandable
formatforresponsepersonneltointerpret.Acivic-
addrcommandrequiresaminimumofonetype/
valuepair,buttypicallyincludesmultipletype/value
pairsasneededtoconfigureacompletesetofdata
describingagivenlocation.CA-TYPE:Thisisthefirst
entryinatype/valuepair,andisanumberdefining
thetypeofdatacontainedinthesecondentryinthe
type/valuepair(CA-VALUE).SomeexamplesofCA-TYPE
specifiersinclude:
3= city
6=street(name)
25=buildingname
(Range:0-255)
ForasamplelistingofCA-TYPEspecifiers,refertotable
14-4onpage14-69.
CA-VALUE:Thisisthesecondentryinatype/value
pair,andisanalphanumericstringcontaining
thelocationinformationcorrespondingtothe
immediatelyprecedingCA-TYPEentry.Strings
aredelimitedbyeitherblankspaces,single
quotes(...),ordoublequotes(...).Eachstring
shouldrepresentaspecificdatatypeinasetof
uniquetype/valuepairscomprisingthe
descriptionofalocation,andeachstringmust
beprecededbyaCA-TYPEnumberidentifyingthe
typeofdatainthestring.
14-67
Note:AswitchportallowsoneinstanceofanygivenCA-
TYPE.Forexample,ifatype/valuepairof6Atlantic(to
specifyAtlanticasastreetname)isconfiguredonport
A5andlateranothertype/valuepairof6Pacificis
configuredonthesameport,thenPacificreplacesAtlantic
inthecivicaddresslocationconfiguredforportA5.
elin-addr<emergency-number>
ThisfeatureisintendedforuseinEmergencyCallService
(ECS)applicationstosupportclass3LLDP-MEDVoIP
telephonesconnectedtoaswitchcoveredinthisguidein
amultilinetelephonesystem(MLTS)infrastructure.An
ELIN(EmergencyLocationIdentificationNumber)isa
validNorthAmericanNumberingPlan(NANP)format
telephonenumberassignedtoMLTSoperatorsinNorth
Americabytheappropriateauthority.TheELINisused
torouteemergency(E911)callstoaPublicSafety
AnsweringPoint(PSAP).
(Range:1-15numericcharacters)
ConfiguringCoordinate-BasedLocations. Latitude,longitude,and
altitudedatacanbeconfiguredperswitchportusinganSNMPmanagement
application.Formoreinformation,refertothedocumentationprovidedwith
theapplication.AfurthersourceofinformationonthistopicisRFC3825-
DynamicHostConfigurationProtocolOptionforCoordinate-based
LocationConfigurationInformation.
Not e EndpointuseofdatafromamedPortLocationTLVsentbytheswitchisdevice-
dependent.Refertothedocumentationprovidedwiththeendpointdevice.
14-68
Table14-4. SomeLocationCodesUsedinCA-TYPEFields*
LocationElement Code LocationElement Code
nationalsubdivision 1
regionalsubdivision 2
cityortownship 3
citysubdivision 4
street 6
streetsuffix 18
streetnumber 19
additionallocationdata 22
unitorapartment 26
floor 27
roomnumber 28
*Thecodeassignmentsinthistableareexamplesfromawork-in-progress(the
internetdrafttitledDynamicHostConfigurationProtocol(DHCPv4and
DHCPv6)OptionforCivicAddressesConfigurationInformationdraft-ietf-
geopriv-dhcp-civil-06datedMay30,2005.)Fortheactualcodestouse,
contactthePSAPorotherauthorityresponsibleforspecifyingthecivic
addressingdatastandardforyournetwork.
ExampleofaLocationConfiguration. Supposeasystemoperator
wantedtoconfigurethefollowinginformationasthecivicaddressfora
telephoneconnectedtohercompanysnetworkthroughportA2ofaswitch
atthefollowinglocation:
Description CA-Type CA-VALUE
nationalsubdivision 1 CA
city 3 Widgitville
street 6 Main
streetnumber 19 1433
unit 26 Suite4-N
floor 27 4
roomnumber 28 N4-3
14-69
Figure14-21showsthecommandsforconfiguringanddisplayingtheabove
data.
Figure14-21.ExampleofaCivicAddressConfiguration
DisplayingAdvertisementData
Command Page
showlldpinfolocal-device below
walkmiblldpXdot3LocPortOperMauType
showlldpinforemote-device 14-73
walkmiblldpXdot3RemPortAutoNegAdvertisedCap
showlldpinfostats 14-75
14-70
Advertisements
Thesecommandsdisplaythecurrentswitchinformationthatwillbeusedto
populateoutboundLLDPadvertisements.
Syntax showlldpinfolocal-device[port-list]
Withoutthe[port-list]option,thiscommanddisplaystheglobal
switchinformationandtheper-portinformationcurrently
availableforpopulatingoutboundLLDPadvertisements.
Withthe[port-list]option,thiscommanddisplaysonlythe
followingport-specificinformationthatiscurrentlyavailablefor
outboundLLDPadvertisementsonthespecifiedports:
PortType
PortId
PortDesc
Note:Thiscommanddisplaystheinformationavailableonthe
switch.Usethelldpconfig<port-list>commandtochangethe
selectionofinformationthatisincludedinactualoutbound
advertisements.InthedefaultLLDPconfiguration,all
informationdisplayedbythiscommandistransmittedin
outboundadvertisements.
Forexample,inthedefaultconfiguration,theswitchinformationcurrently
availableforoutboundLLDPadvertisementsappearssimilartothedisplayin
Figure14-22onpage14-72.
14-71
TheManagementAddressfielddisplaysonly
theLLDP-configurableIPaddressesonthe
switch.(Onlymanually-configuredIP
addressesareLLDP-configurable.)Ifthe
switchhasonlyanIPaddressfromaDHCPor
Bootpserver,thentheManagementAddress
fieldisempty(becausetherearenoLLDP-
configurableIPaddressesavailable).Formore
onthistopic,refertoRemoteManagement
Addressonpage14-43.
Figure14-22.ExampleofDisplayingtheGlobalandPer-PortInformationAvailableforOutbound
Advertisements
Figure14-23.ExampleoftheDefaultPer-PortInformationContentforPorts1and2
DisplayingtheCurrentPortSpeedandDuplexConfigurationona
SwitchPort.Portspeedandduplexinformationforaswitchportanda
connectedLLDP-MEDendpointcanbecomparedforconfiguration
mismatchesbyusinganSNMPapplication.YoucanalsousetheswitchCLI
todisplaythisinformation,ifnecessary.Thefollowingtwocommandsprovide
methodsfordisplayingspeedandduplexinformationforswitchports.For
14-72
informationondisplayingthecurrentlyconfiguredportspeedandduplexon
anLLDP-MEDendpoint,refertoDisplayingtheCurrentPortSpeedand
DuplexConfigurationonaSwitchPortonpage14-72.
Syntax: showinterfacesbrief<port-list>
IncludesportspeedandduplexconfigurationintheMode
columnoftheresultingdisplay.
DisplayingAdvertisementsCurrentlyintheNeighborsMIB.These
commandsdisplaythecontentoftheinboundLLDPadvertisementsreceived
fromotherLLDPdevices.
Syntax showlldpinforemote-device[port-list]
Withoutthe[port-list]option,thiscommandprovidesaglobal
listoftheindividualdevicesithasdetectedbyreadingLLDP
advertisements.Discovereddevicesarelistedbytheinbound
portonwhichtheywerediscovered.Multipledeviceslistedfor
asingleportindicatesthatsuchdevicesareconnectedtothe
switchthroughahub.
Discoveringthesamedeviceonmultipleportsindicatesthat
theremotedevicemaybeconnectedtotheswitchinoneofthe
followingways:
ThroughdifferentVLANSusingseparatelinks.(This
appliestoswitchesthatusethesameMACaddressforall
configuredVLANs.)
Throughdifferentlinksinthesametrunk.
ThroughdifferentlinksusingthesameVLAN.(Inthis
case,spanning-treeshouldbeinvokedtopreventanet-
worktopologyloop.NotethatLLDPpacketstravelonlinks
thatspanning-treeblocksforothertraffictypes.)
Withthe[port-list]option,thiscommandprovidesalistingof
theLLDPdatathattheswitchhasdetectedinadvertisements
receivedonthespecifiedports.
Fordescriptionsofthevarioustypesofinformationdisplayed
bythesecommands,refertoTable14-3onpage14-42.
14-73
Figure14-24.ExampleofaGlobalListingofDiscoveredDevices
Indicatesthepolicyconfiguredon
thetelephone.Aconfiguration
mismatchoccursifthesupporting
portisconfigureddifferently.
Figure14-25. ExampleofanLLLDP-MEDListingofanAdvertisementReceivedFromanLLDP-MED(VoIP
Telephone)Source
14-74
DisplayingLLDPStatistics
LLDPstatisticsareavailableonbothaglobalandaper-portlevels.Rebooting
theswitchresetstheLLDPstatisticscounterstozero.Disablingthetransmit
and/orreceivecapabilityonaportfreezestherelatedportcountersattheir
currentvalues.
Syntax showlldpstats[port-list]
TheglobalLLDPstatisticscommanddisplaysanoverviewof
neighbordetectionactivityontheswitch,plusdataonthe
numberofframessent,received,anddiscardedper-port.The
per-portLLDPstatisticscommandenhancesthelistofper-port
statisticsprovidedbytheglobalstatisticscommandwithsome
additionalper-portLLDPstatistics.
GlobalLLDPCounters:
NeighborEntriesListLastUpdated:Showstheelapsedtimesince
aneighborwaslastaddedordeleted.
NewNeighborEntriesCount:ShowsthetotalofnewLLDP
neighborsdetectedsincethelastswitchreboot.Disconnecting,
thenreconnectinganeighborincrementsthiscounter.
NeighborEntriesDeletedCount:Showsthenumberofneighbor
deletionsfromtheMIBforAgeOutCountandforceddropsfor
allports.Forexample,iftheadminstatusforportona
neighbordevicechangesfromtx_rxortxonlytodisabledor
rxonly,thentheneighbordevicesendsashutdownpacketout
theportandceasestransmittingLLDPframesoutthatport.
Thedevicereceivingtheshutdownpacketdeletesall
informationabouttheneighborreceivedontheapplicable
inboundportandincrementsthecounter.
NeighborEntriesDroppedCount:ShowsthenumberofvalidLLDP
neighborstheswitchdetected,butcouldnotadd.Thiscan
occur,forexample,whenanewneighborisdetectedwhenthe
switchisalreadysupportingthemaximumnumberof
neighbors.RefertoNeighborMaximumonpage14-77.
NeighborEntriesAgeOutCount:ShowsthenumberofLLDP
neighborsdroppedonallportsduetoTime-to-Liveexpiring.
Continued
14-75
Continued
Per-PortLLDPCounters:
NumFramesRecvd:Showsthetotalnumberofvalid,inbound
LLDPadvertisementsreceivedfromanyneighbor(s)on<port-
list>.Wheremultipleneighborsareconnectedtoaportthrough
ahub,thisvalueisthetotalnumberofLLDPadvertisements
receivedfromallsources.
NumFramesSent:ShowsthetotalnumberofLLDP
advertisementssentfrom<port-list>.
NumFramesDiscarded:ShowsthetotalnumberofinboundLLDP
advertisementsdiscardedby<port-list>.Thiscanoccur,for
example,whenanewneighborisdetectedontheport,butthe
switchisalreadysupportingthemaximumnumberof
neighbors.RefertoNeighborMaximumonpage14-77.This
canalsobeanindicationofadvertisementformatting
problemsintheneighbordevice.
FramesInvalid:ShowsthetotalnumberofinvalidLLDP
advertisementsreceivedontheport.Aninvalidadvertisement
canbecausedbyheaderformattingproblemsintheneighbor
device.
TLVsUnrecognized:ShowsthetotalnumberofLLDPTLVs
receivedonaportwithatypevalueinthereservedrange.This
couldbecausedbyabasicmanagementTLVfromalaterLLDP
versionthantheonecurrentlyrunningontheswitch.
TLVsDiscarded:ShowsthetotalnumberofLLDPTLVsdiscarded
foranyreason.Inthiscase,theadvertisementcarryingthe
TLVmaybeaccepted,buttheindividualTLVwasnotusable.
NeighborAgeouts:ShowsthenumberofLLDPneighbors
droppedontheportduetoTime-to-Liveexpiring.
14-76
Countersshowingframes
sentonaportbutno
framesreceivedonthat
portindicatesanactive
linkwithadevicethat
eitherhasLLDPdisabled
onthelinkorisnotLLDP-
aware.
Figure14-26.ExampleofaGlobalLLDPStatisticsDisplay
Figure14-27. ExampleofaPer-PortLLDPStatisticsDisplay
LLDPOperatingNotes
NeighborMaximum. Theneighborstableintheswitchsupportsasmany
neighborsasthereareportsontheswitch.Theswitchcansupportmultiple
neighborsconnectedthroughahubonagivenport,butiftheswitchneighbor
maximumisreached,advertisementsfromadditionalneighborsonthesame
orotherportswillnotbestoredintheneighborstableunlesssomeexisting
neighborstime-outorareremoved.
14-77
LLDPPacketForwarding:An802.1D-compliantswitchdoesnotforward
LLDPpackets,regardlessofwhetherLLDPisgloballyenabledordisabledon
theswitch.
OneIPAddressAdvertisementPer-Port:LLDPadvertisesonlyoneIP
addressper-port,evenifmultipleIPaddressesareconfiguredbylldpconfig
<port-list>ipAddrEnableonagivenport.
802.1QVLANInformation.LLDPpacketsdonotinclude802.1Qheader
information,andarealwayshandledasuntaggedpackets.
Effectof802.1XOperation.If802.1Xportsecurityisenabledonaport
andaconnecteddeviceisnotauthorized,LLDPpacketsarenottransmitted
orreceivedonthatport.AnyneighbordatastoredintheneighborMIBforthat
portpriortotheunauthorizeddeviceconnectionremainsintheMIBuntilit
agesout.Ifanunauthorizeddevicelaterbecomesauthorized,LLDPtransmit
andreceiveoperationresumes.
NeighborDataCanRemainintheNeighborDatabaseAfterthe
NeighborIsDisconnected.AfterdisconnectinganeighborLLDPdevice
fromtheswitch,theneighborcancontinuetoappearintheswitchsneighbor
databaseforanextendedperiodiftheneighborsholdtime-multiplierishigh;
especiallyiftherefresh-intervalislarge.RefertoChangingtheTime-to-Live
forTransmittedAdvertisementsonpage14-49.
MandatoryTLVs.AllmandatoryTLVsrequiredforLLDPoperationarealso
mandatoryforLLDP-MEDoperation.
DeterminingtheSwitchPortNumberIncludedinTopologyChange
NotificationTraps. Enablingtopologychangenotificationonaswitchport
andthenconnectingordisconnectinganLLDP-MEDendpointonthatport
causestheswitchtosendanSNMPtraptonotifythedesignatedmanagement
station(s).Theportnumberincludedinthetrapcorrespondstotheinternal
numbertheswitchmaintainsforthedesignatedport,andnottheports
external(slot/number)identity.Tomatchtheportsexternalslot/numberto
theinternalportnumberappearinginanSNMPtrap,usethewalkmibifDescr
command,asshowninthefollowingfigure:
14-78
Figure14-28. MatchingInternalPortNumberstoExternalSlot/PortNumbers
Pr oCur ve# wal kmi b i f Descr
i f Descr . 1 = A1
i f Descr . 2 = A2
i f Descr . 3 = A3
.
.
.
i f Descr . 23 = A23
i f Descr . 24 = A24
i f Descr . 27 = B1
i f Descr . 28 = B2
i f Descr . 29 = B3
.
.
.
i f Descr . 48 = B22
.
.
.
BeginningandEndingofPort
NumberListingforSlotA
BeginningandEndingofPort
NumberListingforSlotB
LLDPandCDPDataManagement
ThissectiondescribespointstonoteregardingLLDP(Link-LayerDiscovery
Protocol)andCDP(CiscoDiscoveryProtocol)datareceivedbytheswitch
fromotherdevices.LLDPoperationincludesbothtransmittingLLDPpackets
toneighbordevicesandreadingLLDPpacketsreceivedfromneighbor
devices.CDPoperationislimitedtoreadingincomingCDPpacketsfrom
neighbordevices.(ProCurveswitchesdonotgenerateCDPpackets.)
LLDPandCDPNeighborData
WithbothLLDPand(read-only)CDPenabledonaswitchport,theportcan
readbothLLDPandCDPadvertisements,andstoresthedatafrombothtypes
ofadvertisementsinitsneighbordatabase.(TheswitchonlystoresCDPdata
thathasacorrespondingfieldintheLLDPneighbordatabase.)Theneighbor
databaseitselfcanbereadbyeitherLLDPorCDPmethodsorbyusingthe
showlldpcommands.Takenoteofthefollowingrulesandconditions:
14-79
IftheswitchreceivesbothLLDPandCDPadvertisementsonthesame
portfromthesameneighbortheswitchstoresthisinformationastwo
separateentriesiftheadvertisementshavedifferenceschassisIDandport
IDinformation.
IfthechassisandportIDinformationarethesame,theswitchstoresthis
informationasasingleentry.Thatis,LLDPdataoverwritesthecorre-
spondingCDPdataintheneighbordatabaseifthechassisandportID
informationintheLLDPandCDPadvertisementsreceivedfromthesame
deviceisthesame.
DatareadfromaCDPpacketdoesnotsupportsomeLLDPfields,suchas
SystemDescr,SystemCapSupported,andChassisType.Forsuch
fields,LLDPassignsrelevantdefaultvalues.Also:
TheLLDPSystemDescrfieldmapstoCDPsVersionandPlat-
formfields.
TheswitchassignsChassisTypeandPortTypefieldsaslocalfor
boththeLLDPandtheCDPadvertisementsitreceives.
BothLLDPandCDPsupporttheSystemCapabilityTLV.However,
LLDPdifferentiatesbetweenwhatadeviceiscapableofsupporting
andwhatitisactuallysupporting,andseparatesthetwotypesof
informationintosubelementsoftheSystemCapabilityTLV.CDPhas
onlyasinglefieldforthisdata.Thus,whenCDPSystemCapability
dataismappedtoLLDP,thesamevalueappearsinbothLLDPSystem
Capabilityfields.
SystemNameandPortDescrarenotcommunicatedbyCDP,andthus
arenotincludedintheswitchsNeighborsdatabase.
Not e BecauseProCurveswitchesdonotgenerateCDPpackets,theyarenot
representedintheCDPdatacollectedbyanyneighbordevicesrunningCDP.
AswitchwithCDPdisabledforwardstheCDPpacketsitreceivesfromother
devices,butdoesnotstoretheCDPinformationfromthesepacketsinitsown
MIB.
LLDPdatatransmission/collectionandCDPdatacollectionarebothenabled
intheswitchsdefaultconfiguration.Inthisstate,anSNMPnetwork
managementapplicationdesignedtodiscoverdevicesrunningeitherCDPor
LLDPcanretrieveneighborinformationfromtheswitchregardlessofwhether
LLDPorCDPisusedtocollectthedevice-specificinformation.
14-80
ProtocolState Packet
Generation
InboundDataManagement InboundPacketForwarding
CDPEnabled
1
n/a StoreinboundCDPdata. Noforwardingofinbound
CDPpackets.
CDPDisabled n/a NostorageofCDPdatafrom FloodsinboundCDPpackets
neighbordevices. fromconnecteddevicesto
outboundports.
LLDPEnabled
1
Generatesand StoreinboundLLDPdata. Noforwardingofinbound
transmits LLDPpackets.
LLDPpackets
outallportson
theswitch.
LLDPDisabled Nopacket NostorageofLLDPdata Noforwardingofinbound
generation. fromneighbordevices. LLDPpackets.
1
BothCDPdatacollectionandLLDPtransmit/receiveareenabledinthedefaultconfiguration.
IfaswitchreceivesCDPpacketsandLLDPpacketsfromthesameneighbordeviceonthe
sameport,itstoresanddisplaysthetwotypesofinformationseparatelyifthechassisand
portIDinformationinthetwotypesofadvertisementsisdifferent.Inthiscase,ifyouwant
touseonlyonetypeofdatafromaneighborsendingbothtypes,disabletheunwanted
protocoloneithertheneighbordeviceorontheswitch.However,ifthechassisandportID
informationinthetwotypesofadvertisementsisthesame,theLLDPinformationoverwrites
theCDPdataforthesameneighbordeviceonthesameport.
CDPOperationandCommands
BydefaulttheswitchescoveredinthisguidehaveCDPenabledoneachport.
Thisisaread-onlycapability,meaningthattheswitchcanreceiveandstore
informationaboutadjacentCDPdevicesbutdoesnotgenerateCDPpackets.
WhenaCDP-enabledswitchreceivesaCDPpacketfromanotherCDPdevice,
itentersthatdevicesdataintheCDPNeighborstable,alongwiththeport
numberwherethedatawasreceived(anddoesnotforwardthepacket).The
switchalsoperiodicallypurgesthetableofanyentriesthathaveexpired.(The
holdtimeforanydataentryintheswitchsCDPNeighborstableisconfigured
inthedevicetransmittingtheCDPpacket,andcannotbecontrolledinthe
switchreceivingthepacket.)AswitchreviewsthelistofCDPneighborentries
everythreeseconds,andpurgesanyexpiredentries.
14-81
Command Page
showcdp 14-82
showcdpneighbors[<port-list>detail] 14-83
[detail<port-list>]
[no]cdprun 14-84
[no]cdpenable<port-list> 14-84
Not e FordetailsonhowtouseanSNMPutilitytoretrieveinformationfromthe
switchsCDPNeighborstablemaintainedintheswitchsMIB(Management
InformationBase),refertothedocumentationprovidedwiththeparticular
SNMPutility.
ViewingtheSwitchsCurrentCDPConfiguration. CDPisshownas
enabled/disabledbothgloballyontheswitchandonaper-portbasis.
Syntax: showcdp
Liststheswitchsglobalandper-portCDPconfiguration.
ThefollowingexampleshowsthedefaultCDPconfiguration.
Figure14-29.ExampleofShowCDPwiththeDefaultCDPConfiguration
14-82
ViewingtheSwitchsCurrentCDPNeighborsTable.Devicesarelisted
bytheportonwhichtheyweredetected.
Syntax: showcdpneighbors
ListstheneighboringCDPdevicestheswitchdetects,
withasubsetoftheinformationcollectedfromthe
devicesCDPpacket.
[[e]port-numb[detail]]
ListstheCDPdeviceconnectedtothespecifiedport.
(Allowsonlyoneportatatime.)Usingdetailprovides
alongerlistofdetailsontheCDPdevicetheswitch
detectsonthespecifiedport.
[detail[[e]port-num]]
ProvidesalistofthedetailsforalloftheCDPdevices
theswitchdetects.Usingport-numproducesalistof
detailsfortheselectedport.
Figure14-30listsCDPdevicesthattheswitchhasdetectedbyreceivingtheir
CDPpackets.
Figure14-30. ExampleofCDPNeighborsTableListing
EnablingCDPOperation. EnablingCDPoperation(thedefault)onthe
switchcausestheswitchtoaddentriestoitsCDPNeighborstableforany
CDPpacketsitreceivesfromotherneighboringCDPdevices.
14-83
DisablingCDPOperation. DisablingCDPoperationclearstheswitchs
CDPNeighborstableandcausestheswitchtodropinboundCDPpackets
fromotherdeviceswithoutenteringthedataintheCDPNeighborstable.
Syntax: [no]cdprun
EnablesordisablesCDPread-onlyoperationontheswitch.
(Default:Enabled)
Forexample,todisableCDPread-onlyontheswitch:
Pr oCur ve( conf i g) # no cdp r un
WhenCDPisdisabled:
showcdpneighborsdisplaysanemptyCDPNeighborstable
showcdpdisplays
GlobalCDPinformation
EnableCDP[Yes]:No
EnablingorDisablingCDPOperationonIndividualPorts.Inthe
factory-defaultconfiguration,theswitchhasallportsenabledtoreceiveCDP
packets.DisablingCDPonaportcausesittodropinboundCDPpackets
withoutrecordingtheirdataintheCDPNeighborstable.
Syntax: [no]cdpenable<[e]port-list>
Forexample,todisableCDPonportA1:
Pr oCur ve( conf i g) # no cdp enabl e a1
14-84
A
FileTransfers
Contents
Overview .................................................... A-3
DownloadingSwitchSoftware ................................ A-3
GeneralSoftwareDownload Rules ............................ A-4
UsingTFTPToDownloadSwitchSoftwarefromaServer ........ A-4
Menu:TFTPDownloadfromaServertoPrimaryFlash....... A-5
CLI: TFTPDownloadfromaServerto Flash ................ A-7
UsingSecureCopyandSFTP ................................ A-9
HowItWorks......................................... A-10
TheSCP/SFTPProcess..................................... A-10
DisableTFTPandAuto-TFTPforEnhancedSecurity ....... A-11
CommandOptions ..................................... A-13
Authentication ........................................ A-14
SCP/SFTPOperatingNotes ............................. A-14
TroubleshootingSSH,SFTP,andSCPOperations .......... A-16
aPCorUNIXWorkstation .................................. A-17
Menu:XmodemDownload to PrimaryFlash ............... A-17
PrimaryorSecondaryFlash ............................. A-18
UsingUSBtoTransferFilestoandfromtheSwitch............ A-19
UsingUSBto DownloadSwitchSoftware ................. A-20
Switch-to-SwitchDownload .......... ...................... A-21
Menu:Switch-to-SwitchDownloadtoPrimaryFlash ........ A-22
CLI:Switch-To-SwitchDownloads ....................... A-23
UsingPCM+toUpdateSwitchSoftware ...................... A-24
CopyingSoftwareImages .................................... A-24
TFTP:CopyingaSoftwareImagetoaRemoteHost ......... A-24
SeriallyConnectedPCorUNIXWorkstation............... A-25
A-1
FileTransfers
Contents
USB:CopyingaSoftwareImagetoaUSBDevice ........... A-25
TransferringSwitchConfigurations .......................... A-26
TFTP:CopyingaConfigurationFiletoaRemoteHost....... A-26
TFTP:CopyingaConfigurationFilefromaRemoteHost .... A-27
TFTP:CopyingaCustomizedCommandFiletoaSwitch .... A-27
USB:CopyingaConfigurationFiletoaUSBDevice......... A-30
USB:CopyingaConfigurationFilefromaUSBDevice...... A-31
TransferringACLCommandFiles ............................ A-31
TFTP:UploadinganACLCommandFilefromaTFTPServer A-31
USB:UploadinganACLCommandFilefromaUSBDevice.. A-33
Host,USBDevice,PCorUNIXWorkstation................... A-35
CopyingCommandOutputtoaDestinationDevice......... A-35
CopyingEventLogOutputtoaDestinationDevice ......... A-36
CopyingCrashDataContenttoaDestinationDevice ....... A-36
CopyingCrashLogDataContenttoaDestinationDevice .... A-37
UsingUSBAutorun.......................................... A-39
HowItWorks ............................................. A-39
SecurityConsiderations ................................ A-40
TroubleshootingAutorunOperations ..................... A-41
ConfiguringAutorunontheSwitch .......................... A-42
EnablingSecure Mode.................................. A-42
OperatingNotesandRestrictions ........................ A-43
AutorunandConfiguringPasswords... ................... A-43
ViewingAutorunConfigurationInformation................... A-44
A-2
FileTransfers
Overview
Overview
Theswitchescoveredinthisguidesupportseveralmethodsfortransferring
filestoandfromaphysicallyconnecteddevice,orviathenetwork,including
TFTP,Xmodem,andUSB.Thisappendixexplainshowtodownloadnew
switchsoftware,uploadordownloadswitchconfigurationfilesandsoftware
images,anduploadcommandfilesforconfiguringAccessControlLists
(ACLs).Itcontainsthefollowinginformation:
Downloadingswitchsoftware(beginsonthispage)
Copyingsoftwareimages(pageA-24)
Transferringswitchconfigurations(beginsonpageA-26)
UploadingACLcommandfiles(beginsonpageA-31)
Copyingdiagnosticdata(beginsonpageA-35)
UsingUSBAutorun(beginsonpageA-39)
DownloadingSwitchSoftware
ProCurveperiodicallyprovidesswitchsoftwareupdatesthroughthePro-
CurveNetworkingwebsite.Formoreinformation,refertothesupportand
warrantybookletshippedwiththeswitch,orvisitwww.procurve.comandclick
onsoftwareupdates.Afteryouacquireanewsoftwareversion,youcanuse
oneofthefollowingmethodsfordownloadingsoftwaretotheswitch:
SoftwareDownloadFeature Default Menu CLI Web
TFTP n/a pageA-5 pageA-7
Xmodem n/a pageA-17 pageA-18
USB n/a n/a pageA-19
Switch-to-Switch n/a pageA-22 pageA-23
SoftwareUpdateManagerinPCM+ RefertothedocumentationprovidedwithPCM+.
Not e Thismanualusesthetermsswitchsoftwareandsoftwareimagetoreferto
thedownloadablesoftwarefilestheswitchusestooperateitsnetworking
features.OthertermssometimesincludeOperatingSystem,orOS.
A-3
FileTransfers
GeneralSoftwareDownloadRules
Switchsoftwarethatyoudownloadviathemenuinterfacealwaysgoes
toprimaryflash.
Afterasoftwaredownload,youmustreboottheswitchtoimplementthe
newsoftware.Untilarebootoccurs,theswitchcontinuestorunonthe
softwareitwasusingbeforethedownloadcommenced.
Not e Downloadingnewswitchsoftwaredoesnotchangethecurrentswitchcon-
figuration.Theswitchconfigurationiscontainedinseparatefilesthatcanalso
betransferred.RefertoTransferringSwitchConfigurationsonpageA-24.
Inmostcases,ifapowerfailureorothercauseinterruptsaflashimage
download,theswitchrebootswiththeimagepreviouslystoredinprimary
flash.Intheunlikelyeventthattheprimaryimageiscorrupted(whichmay
occurifadownloadisinterruptedbyapowerfailure),theswitchgoesinto
bootROMmode.Inthiscase,usethebootROMconsoletodownloadanew
imagetoprimaryflash.RefertoRestoringaFlashImageonpageC-85.
UsingTFTPToDownloadSwitchSoftwarefroma
Server
AsoftwareversionfortheswitchhasbeenstoredonaTFTPserver
accessibletotheswitch.(Thesoftwarefileistypicallyavailablefromthe
ProCurveNetworkingwebsiteatwww.procurve.com.)
Theswitchisproperlyconnectedtoyournetworkandhasalreadybeen
configuredwithacompatibleIPaddressandsubnetmask.
TheTFTPserverisaccessibletotheswitchviaIP.
Beforeyouusetheprocedure,dothefollowing:
ObtaintheIPaddressoftheTFTPserverinwhichthesoftwarefilehas
beenstored.
IfVLANsareconfiguredontheswitch,determinethenameoftheVLAN
inwhichtheTFTPserverisoperating.
DeterminethenameofthesoftwarefilestoredintheTFTPserverforthe
switch(forexample,E0820.swi).
Not e IfyourTFTPserverisaUNIXworkstation,ensurethatthecase(upperor
lower)thatyouspecifyforthefilenameisthesamecaseasthecharacters
inthesoftwarefilenamesontheserver.
A-4
FileTransfers
Menu:TFTPDownloadfromaServertoPrimaryFlash
Notethatthemenuinterfaceaccessesonlytheprimaryflash.
1. IntheconsoleMainMenu,selectDownloadOStodisplaythescreenin
figureA-1.(ThetermOS,oroperatingsystemreferstotheswitch
software):
FigureA-1. ExampleofaDownloadOS(Software)Screen(DefaultValues)
3. Ensurethatthe Method fieldissettoTFTP(thedefault).
4. IntheTFTPServerfield,typeintheIPaddressoftheTFTPserverinwhich
thesoftwarefilehasbeenstored.
5. Inthe RemoteFileName field,typethenameofthesoftwarefile.Ifyou
areusingaUNIXsystem,rememberthatthefilenameiscase-sensitive.
6. Press[Enter],then[X](foreXecute)tobeginthesoftwaredownload.The
followingscreenthenappears:
FigureA-2. ExampleoftheDownloadOS(Software)ScreenDuringaDownload
A-5
FileTransfers
Aprogressbarindicatestheprogressofthedownload.Whentheentire
softwarefilehasbeenreceived,allactivityontheswitchhaltsandyou
willseeValidatingandwritingsystemsoftwaretoFLASH...
7. Aftertheprimaryflashmemoryhasbeenupdatedwiththenewsoftware,
youmustreboottheswitchtoimplementthenewlydownloadedsoftware.
ReturntotheMainMenuandpress[6](forRebootSwitch).Youwillthen
seethisprompt:
Continue reboot of system? : No
PressthespacebaroncetochangeNo toYes,thenpress[Enter]tobegin
thereboot.
Not e Whenyouusethemenuinterfacetodownloadaswitchsoftware,thenew
imageisalwaysstoredinprimaryflash.Also,usingtheRebootSwitch
commandintheMainMenualwaysrebootstheswitchfromprimaryflash.
RebootingtheswitchfromtheCLIgivesyoumoreoptions.Referto
RebootingtheSwitchonpage6-18.
8. Afteryoureboottheswitch,confirmthatthesoftwaredownloadedcor-
rectly:
a. FromtheMainMenu,select 1.StatusandCounters,andfromtheStatus
andCountersmenu,select 1.GeneralSystemInformation
b. Checkthe Firmwarerevision line.
TroubleshootingTFTPDownloadFailures. Whenusingthemenuinter-
face,ifaTFTPdownloadfails,theDownloadOS(OperatingSystem,or
software)screenindicatesthefailure.
MessageIndicating
causeofTFTPDownload
Failure
FigureA-3. ExampleofMessageforDownloadFailure
A-6
FileTransfers
Tofindmoreinformationonthecauseofadownloadfailure,examinethe
messagesintheswitchsEventLogbyexecutingtheshowlogtftpcommand
fromtheCLI.Also:
FormoreontheEventLog,seeUsingtheEventLogforTroubleshooting
SwitchProblemsonpageC-26.
FordescriptionsofindividualEventLogmessages,refertothelatest
versionoftheEventLogMessageReferenceGuideforyourswitch,
availableontheProCurvewebsite.(SeealsoGettingDocumentation
FromtheWebonpage1-6.)
Someofthecausesofdownloadfailuresinclude:
IncorrectorunreachableaddressspecifiedfortheTFTPServerparameter.
Thismayincludenetworkproblems.
IncorrectVLAN.
IncorrectnamespecifiedfortheRemoteFileNameparameter,orthe
specifiedfilecannotbefoundontheTFTPserver.Thiscanalsooccurif
theTFTPserverisaUNIXmachineandthecase(upperorlower)forthe
filenameontheserverdoesnotmatchthecaseforthefilenameentered
fortheRemoteFileNameparameterintheDownloadOS(OperatingSystem,
orsoftware)screen.
OneormoreoftheswitchsIPconfigurationparametersareincorrect.
ForaUNIXTFTPserver,thefilepermissionsforthesoftwarefiledonot
allowthefiletobecopied.
Anotherconsolesession(througheitheradirectconnectiontoaterminal
deviceorthroughTelnet)wasalreadyrunningwhenyoustartedthe
sessioninwhichthedownloadwasattempted.
Not e Ifanerroroccursinwhichnormalswitchoperationcannotberestored,the
switchautomaticallyrebootsitself.Inthiscase,anappropriatemessageis
displayedaftertheswitchreboots.
CLI:TFTPDownloadfromaServertoFlash
Syntax: copytftpflash<ip-address><remote-file>[<primary|secondary>]
Thiscommandautomaticallydownloadsaswitchsoftware
filetoprimaryorsecondaryflash.Notethatifyoudonot
specifytheflashdestination,theTFTPdownloaddefaultsto
primaryflash.
A-7
FileTransfers
Forexample,todownloadaswitchsoftwarefilenamedk0800.swifroma
TFTPserverwiththeIPaddressof10.28.227.103toprimaryflash:
1. Executecopyasshownbelow:
Dynamiccountercontinuallydisplaysthe
numberofbytestransferred.
Thismessagemeansthattheimageyou
wanttouploadwillreplacetheimage
currentlyinprimaryflash.
FigureA-4. ExampleoftheCommandtoDownloadanOS(SwitchSoftware)
2. Whentheswitchfinishesdownloadingthesoftwarefilefromtheserver,
itdisplaysthisprogressmessage:
ValidatingandWritingSystemSoftwaretoFLASH
3. Whenthedownloadfinishes,youmustreboottheswitchtoimplement
thenewlydownloadedsoftwareimage.Todoso,useoneofthefollowing
commands:
Syntax: bootsystemflash<primary|secondary>
Bootsfromtheselectedflash.
Syntax: reload
Bootsfromtheflashimageandstartup-configfile.Aswitch
coveredinthisguide(withmultipleconfigurationfiles),also
usesthecurrentstartup-configfile.
(Formoreonthesecommands,refertoRebootingtheSwitchonpage
6-18.)
4. Toconfirmthatthesoftwaredownloadedcorrectly,executeshowsystem
andchecktheFirmwarerevisionline.
Forinformationonprimary/secondaryflashmemoryandthebootcommands,
refertoUsingPrimaryandSecondaryFlashImageOptionsonpage6-13.
Not e Ifyouuseauto-tftptodownloadanewimageinaredundantmanagement
system,theactivemanagementmoduledownloadsthenewimagetoboththe
activeandstandbymodules.Rebootingaftertheauto-tftpprocesscompletes
rebootstheentiresystem.
A-8
FileTransfers
UsingSecureCopyandSFTP
Forsomesituationsyoumaywanttouseasecuremethodtoissuecommands
orcopyfilestotheswitch.Byopeningasecure,encryptedSSHsessionyou
canthenuseathird-partysoftwareapplicationtotakeadvantageofSecure
Copy(SCP)andSecureftp(SFTP).SCPandSFTPprovideasecurealternative
toTFTPfortransferringinformationthatmaybesensitive(likeswitchcon-
figurationfiles)toandfromtheswitch.Essentiallyyouarecreatingasecure
SSHtunnelasawaytotransferfileswithSFTPandSCPchannels.
Tousethesecommandsyoumustinstallontheadministratorworkstationa
third-partyapplicationsoftwareclientthatsupportstheSFTPand/orSCP
functions.SomeexamplesofsoftwarethatsupportsSFTPandSCPare
PuTTY,OpenSSH,WinSCP,andSSHSecureShell.Mostofthesearefreeware
andmaybedownloadedwithoutcostorlicensingfromtheinternet.Thereare
differencesinthewaytheseclientswork,sobesureyoualsodownloadthe
documentation.
AsdescribedearlierinthischapteryoucanuseaTFTPclientontheadmin-
istratorworkstationtoupdatesoftwareimages.Thisisaplaintextmechanism
anditconnectstoastandaloneTFTPserveroranotherProCurveswitch
actingasaTFTPservertoobtainthesoftwareimagefile(s).UsingSCPand
SFTPallowsyoutomaintainyourswitcheswithgreatersecurity.Youcanalso
rolloutnewsoftwareimageswithautomatedscriptsthatmakeiteasierto
upgrademultipleswitchessimultaneouslyandsecurely.
SFTP(securefiletransferprotocol)isunrelatedtoFTP,althoughthereare
somefunctionalsimilarities.OnceyousetupanSFTPsessionthroughanSSH
tunnel,someofthecommandsarethesameasFTPcommands.Certain
commandsarenotallowedbytheSFTPserverontheswitch,suchasthose
thatcreatefilesorfolders.Ifyoutrytoissuecommandssuchascreateor
removeusingSFTPtheswitchserverreturnsanerrormessage.
YoucanuseSFTPjustasyouwouldTFTPtotransferfilestoandfromthe
switch,butwithSFTPyourfiletransfersareencryptedandrequireauthenti-
cation,sotheyaremoresecurethantheywouldbeusingTFTP.SFTPworks
onlywithSSHversion2(SSHv2).
Not e SFTPoverSSHversion1(SSHv1)isnotsupported.Arequestfromeitherthe
clientortheswitch(orboth)usingSSHv1generatesanerrormessage.The
actualtextoftheerrormessagediffers,dependingontheclientsoftwarein
use.Someexamplesare:
Pr ot ocol maj or ver si ons di f f er : 2 vs. 1
Connect i on cl osed
A-9
FileTransfers
Pr ot ocol maj or ver si ons di f f er : 1 vs. 2
Recei ved di sconnect f r om<ip-addr>: / usr / l ocal /
l i bexec/ sf t p- ser ver : command not suppor t ed
SCP(securecopy)isanimplementationoftheBSDrcp(BerkeleyUNIX
remotecopy)commandtunneledthroughanSSHconnection.
SCPisusedtocopyfilestoandfromtheswitchwhensecurityisrequired.
SCPworkswithbothSSHv1andSSHv2.Beawarethatthemostthird-party
softwareapplicationclientsthatsupportSCPuseSSHv1.
HowItWorks
ThegeneralprocessforusingSCPandSFTPinvolvesthreesteps:
1. OpenanSSHtunnelbetweenyourcomputerandtheswitchifyouhavent
alreadydoneso.(ThisstepassumesthatyouhavealreadysetupSSHon
theswitch.)
2. Executeipsshfiletransfertotelltheswitchthatyouwanttoenablesecure
filetransfer.
3. Useathird-partyclientapplicationforSCPandSFTPcommands.
TheSCP/SFTPProcess
TouseSCPandSFTP:
1. OpenanSSHsessionasyounormallywouldtoestablishasecure
encryptedtunnelbetweenyourcomputerandtheswitch.Formore
detaileddirectionsonhowtoopenanSSHsessionrefertothechapter
titledConfiguringSecureShell(SSH)intheAccessSecurityGuidefor
yourswitch.Pleasenotethatthisisaone-timeprocedurefornew
switchesorconnections.Ifyouhavealreadydoneitonceyoushouldnot
needtodoitasecondtime.
2. Toenablesecurefiletransferontheswitch(onceyouhaveanSSHsession
establishedbetweentheswitchandyourcomputer),openaterminal
windowandtypeinthefollowingcommand:
Pr oCur ve( conf i g) # i p ssh f i l et r ansf er
A-10
FileTransfers
DisableTFTPandAuto-TFTPforEnhancedSecurity
UsingtheipsshfiletransfercommandtoenableSecureFTP(SFTP)automat-
icallydisablesTFTPandauto-TFTP(ifeitherorbothareenabled).
Pr oCur ve( conf i g) # i p ssh f i l et r ansf er
EnablingSFTPautomaticallydisablesTFTP
Tf t p and aut o- t f t p have been di sabl ed.
andauto-tftpanddisplaysthismessage.
Pr oCur ve( conf i g) # sho r un
vl an 1
name "DEFAULT_VLAN"
unt agged A1- A24, B1- B24
i p addr ess 10. 28. 234. 176 255. 255. 240. 0
exi t
i p ssh f i l et r ansf er
no t f t p- enabl e
passwor d manager
ViewingtheconfigurationshowsthatSFTPis
enabledandTFTPisdisabled.
FigureA-5. ExampleofSwitchConfigurationwithSFTPEnabled
IfyouenableSFTP,thenlaterdisableit,TFTPandauto-TFTPremaindisabled
unlesstheyareexplicitlyre-enabled.
Operatingrulesare:
TheTFTPfeatureisenabledbydefault,andcanbeenabledordisabled
throughtheCLI,theMenuinterface,oranSNMPapplication.Auto-TFTP
isdisabledbydefaultandmustbeconfiguredthroughtheCLI.
A-11
FileTransfers
Enables/DisablesTFTP.
Note:IfSFTPisenabled,thisfieldwillbesettoNo.You
cannotusethisfieldtoenableTFTPifSFTPisenabled.
AttemptingtodosoproducesanInconsistentvalue
messageinthebannerbelowtheActionsline.
FigureA-6. UsingtheMenuInterfaceToDisableTFTP
WhileSFTPisenabled,TFTPandauto-TFTPcannotbeenabledfromthe
CLI.Attemptingtoenableeithernon-secureTFTPoptionwhileSFTPis
enabledproducesoneofthefollowingmessagesintheCLI:
SFTP must be di sabl ed bef or e enabl i ng t f t p.
SFTP must be di sabl ed bef or e enabl i ng aut o- t f t p.
Similarly,whileSFTPisenabled,TFTPcannotbeenabledusinganSNMP
managementapplication.Attemptingtodosogeneratesaninconsistent
valuemessage.(AnSNMPmanagementapplicationcannotbeusedto
enableordisableauto-TFTP.)
ToenableSFTPbyusinganSNMPmanagementapplication,youmust
firstdisableTFTPand,ifconfigured,auto-TFTPontheswitch.Youcan
useeitheranSNMPapplicationortheCLItodisableTFTP,butmustuse
theCLItodisableauto-TFTP.ThefollowingtwoCLIcommandsdisable
TFTPandauto-TFTPontheswitch.
A-12
FileTransfers
Syntax: notftp-enable
ThiscommanddisablesallTFTPoperationontheswitchexceptfortheauto-TFTP
feature.Tore-enableTFTPoperation,usethetftp-enablecommand.WhenTFTPis
disabled,theinstancesoftftpintheCLIcopycommandandtheMenuinterface
DownloadOSscreenbecomeunavailable.
Note: Thiscommanddoesnot disableauto-TFTPoperation.Todisableanauto-
TFTPcommandconfiguredontheswitch,usethenoauto-tftpcommanddescribed
belowtoremovethecommandentryfromtheswitchsconfiguration.
Syntax: noauto-tftp
Ifauto-TFTPisconfiguredontheswitch,thiscommanddeletestheauto-tftpentry
fromtheswitchconfiguration,thuspreventingauto-tftpoperationiftheswitch
reboots.
Note: ThiscommanddoesnotaffectthecurrentTFTP-enableconfigurationonthe
switch.
CommandOptions
IfyouneedtoenableSSHv2(whichisrequiredforSFTP)enterthiscommand:
Pr oCur ve( conf i g) # i p ssh ver si on 2
Not e Asamatterofpolicy,administratorsshouldnotenabletheSSHv1-onlyorthe
SSHv1-or-v2advertisementmodes.SSHv1issupportedononlysomelegacy
switches(suchastheProCurveSeries2500switches).
ToconfirmthatSSHisenabledtypeinthecommand
Pr oCur ve( conf i g) # show i p ssh
OnceyouhaveconfirmedthatyouhaveenabledanSSHsession(withtheshow
ipsshcommand)youcanthenopenyourthird-partysoftwareclientapplica-
tiontobeginusingtheSCPorSFTPcommandstosafelytransferfilesorissue
commandstotheswitch.
Ifyouneedtodisablesecurefiletransfer:
Pr oCur ve( conf i g) # no i p ssh f i l et r ansf er
A-13
FileTransfers
Authentication
Switchmemoryallowsuptotenpublickeys.Thismeanstheauthentication
andencryptionkeysyouuseforyourthird-partyclientSCP/SFTPsoftware
candifferfromthekeysyouusefortheSSHsession,eventhoughbothSCP
andSFTPuseasecureSSHtunnel.
Not e SSHauthenticationismutuallyexclusivewithRADIUSservers.
SomeclientssuchasPSCP(PuTTYSCP)automaticallycompareswitchhost
keysforyou.Otherclientsrequireyoutomanuallycopyandpastekeystothe
$HOME/.ssh/known_hostsfile.WhateverSCP/SFTPsoftwaretoolyouuse,after
installingtheclientsoftwareyoumustverifythattheswitchhostkeysare
availabletotheclient.
Becausethethird-partysoftwareutilitiesyoumayuseforSCP/SFTPvary,you
shouldrefertothedocumentationprovidedwiththeutilityyouselectbefore
performingthisprocess.
SCP/SFTPOperatingNotes
AnyattemptstouseSCPorSFTPwithoutusingipsshfiletransferwillcause
theSCPorSFTPsessiontofail.Dependingontheclientsoftwareinuse,
youwillreceiveanerrormessageontheoriginatingconsole,forexample:
I P f i l e t r ansf er not enabl ed on t he swi t ch
ThereisadelaywhenSFTPiscopyinganimageontotheswitch,and
althoughthecommandpromptreturnsinacoupleofseconds,theswitch
maytakeapproximatelyaminuteandhalfwritingtheimagetoflash.You
cankeepenteringtheshowflashcommandtoseewhenthecopyis
completeandtheflashisupdated.Youcanalsocheckthelogforanentry
similartothefollowing:
I 01/ 09/ 09 16: 17: 07 00150 updat e: Pr i mar y I mage
updat ed.
I 01/ 09/ 09 16: 13: 22 00636 ssh: sf t p sessi on f r om
15. 22. 22. 03
WhenanSFTPclientconnects,theswitchprovidesafilesystemdisplay-
ingallofitsavailablefilesandfolders.Nofileordirectorycreationis
permittedbytheuser.Filesmayonlybeuploadedordownloaded,accord-
ingtothepermissionsmask.Allofthenecessaryfilestheswitchwillneed
arealreadyinplaceontheswitch.Youdonotneedto(norcanyoucreate)
newfiles.
TheswitchsupportsoneSFTPsessionoroneSCPsessionatatime.
A-14

FileTransfers
Allfileshaveread-writepermission.SeveralSFTPcommands,suchas
cr eat e orr emove,arenotallowedandreturnanerrormessage.The
switchdisplaysthefollowingfiles:
/
+- - - cf g
| r unni ng- conf i g
| st ar t up- conf i g
+- - - l og
| cr ash- dat a
| cr ash- dat a- a
| cr ash- dat a- b
| cr ash- dat a- c
| cr ash- dat a- e
| cr ash- dat a- f
| cr ash- dat a- h
| cr ash- dat a- I
| cr ash- dat a- J
| cr ash- dat a- K
| cr ash- dat a- L
| cr ash- l og
| cr ash- l og- a
| cr ash- l og- b
| cr ash- l og- c
| cr ash- l og- e
| cr ash- l og- f
| cr ash- l og- h
| cr ash- l og- I
| cr ash- l og- J
| cr ash- l og- K
| cr ash- l og- L
| event l og
+- - - os
| pr i mar y
| secondar y
\ - - - ssh
+- - - mgr _keys
| aut hor i zed_keys
\ - - - oper _keys
aut hor i zed_keys
\ - - - cor e
| mm1. cor e managementmoduleormanagementfunction
| por t _1- 24. cor e core-dumpforports1-24(stackableswitchesonly)
| por t _25- 48. cor e core-dumpforports25-48(stackableswitchesonly)
OnceyouhaveconfiguredyourswitchforsecurefiletransferswithSCPand
SFTP,filescanbecopiedtoorfromtheswitchinasecure(encrypted)
environmentandTFTPisnolongernecessary.
A-15
FileTransfers
TroubleshootingSSH,SFTP,andSCPOperations
Youcanverifysecurefiletransferoperationsbycheckingtheswitchsevent
log,orbyviewingtheerrormessagessentbytheswitchthatmostSCPand
SFTPclientswillprintoutontheirconsole.
Not e Messagesthataresentbytheswitchtotheclientdependontheclientsoftware
inusetodisplaythemontheuserconsole.
BrokenSSHConnection. Ifansshconnectionisbrokenatthewrong
moment(forinstance,thelinkgoesawayorspanningtreebringsdownthe
link),afatalexceptionwouldoccurontheswitch.Ifthishappens,theswitch
willgracefullyexitthesessionandproduceaneventlogmessageindicating
thecauseoffailure.Thefollowingthreeexamplesshowtheerrormessages
thatmayappearinthelogdependingonthetypeofsessionthatisrunning
(SSH,SCP,orSFTP).
ssh: r ead er r or Bad f i l e number , sessi on abor t ed I 01/
01/ 90 00: 06: 11 00636 ssh: sf t p sessi on f r om
: : f f f f : 10. 0. 12. 35 W01/ 01/ 90 00: 06: 26 00641 ssh:
sf t p r ead er r or Bad f i l e number , sessi on abor t ed I 01/
01/ 90 00: 09: 54 00637 ssh: scp sessi on f r om
: : f f f f : 10. 0. 12. 35 W01/ 01/ 90
ssh: scp r ead er r or Bad f i l e number , sessi on abor t ed
Not e TheBad f i l e number isfromthesystemerrorvalueandmaydiffer
dependingonthecauseofthefailure.Inthethirdexample,thedevicefileto
readwasclosedasthedevicereadwasabouttooccur.
AttempttoStartaSessionDuringaFlashWrite. Ifyouattemptto
startanSCP(orSFTP)sessionwhileaflashwriteisinprogress,theswitch
willnotallowtheSCPorSFTPsessiontostart.Dependingontheclient
softwareinuse,thefollowingerrormessagemayappearontheclientconsole:
Recei ved di sconnect f r om10. 0. 12. 31: 2: Fl ash access
i n pr ogr ess
l ost connect i on
FailuretoExitfromaPreviousSession. Thisnextexampleshowsthe
errormessagethatmayappearontheclientconsoleifanewSCP(orSFTP)
sessionisstartedfromaclientbeforethepreviousclientsessionhasbeen
closed(theswitchrequiresapproximatelytensecondstotimeouttheprevious
session):
A-16
FileTransfers
Recei ved di sconnect f r om10. 0. 12. 31: 2: Wai t f or
pr evi ous sessi on t o compl et e
l ost connect i on
AttempttoStartaSecondSession. TheswitchsupportsonlyoneSFTP
sessionoroneSCPsessionatatime.Ifasecondsessionisinitiated(for
example,anSFTPsessionisrunningandthenanSCPsessionisattempted),
thenthefollowingerrormessagemayappearontheclientconsole:
Recei ved di sconnect f r om10. 0. 12. 31: 2: Ot her SCP/ SFTP
sessi on r unni ng
l ost connect i on
aPCorUNIXWorkstation
TheswitchisconnectedviatheConsoleRS-232porttoaPCoperatingas
aterminal.(RefertotheInstallationandGettingStartedGuideyou
receivedwiththeswitchforinformationonconnectingaPCasaterminal
andrunningtheswitchconsoleinterface.)
TheswitchsoftwareisstoredonadiskdriveinthePC.
TheterminalemulatoryouareusingincludestheXmodembinarytransfer
feature.(Forexample,intheHyperTerminalapplicationincludedwith
WindowsNT,youwouldusetheSendFileoptionintheTransferdropdown
menu.)
Menu:XmodemDownloadtoPrimaryFlash
Notethatthemenuinterfaceaccessesonlytheprimaryflash.
1. FromtheconsoleMainMenu,select
7.DownloadOS
3. UsetheSpacebartoselectXMODEMinthe Method field.
4. Press[Enter],then[X](foreXecute)tobeginthesoftwaredownload.The
followingmessagethenappears:
PressenterandtheninitiateXmodemtransfer
fromtheattachedcomputer.....
A-17
FileTransfers
5. Press[Enter]andthenexecutetheterminalemulatorcommand(s)tobegin
Xmodembinarytransfer.Forexample,usingHyperTerminal:
a. ClickonTransfer,thenSendFile.
b. TypethefilepathandnameintheFilenamefield.
c. IntheProtocolfield,selectXmodem.
d. Clickonthe[Send]button.
Thedownloadwillthencommence.Itcantakeseveralminutes,depend-
ingonthebaudratesetintheswitchandinyourterminalemulator.
seethefollowingprompt:
Continuerebootofsystem? : No
thereboot.
7. Toconfirmthatthesoftwaredownloadedcorrectly:
a. FromtheMainMenu,select
1.StatusandCounters
1.GeneralSystemInformation
PrimaryorSecondaryFlash
UsingXmodemandaterminalemulator,youcandownloadasoftwarefileto
eitherprimaryorsecondaryflash.
Syntax: copyxmodemflash[<primary|secondary>]
Downloadsasoftwarefiletoprimaryorsecondaryflash.If
youdonotspecifytheflashdestination,theXmodem
downloaddefaultstoprimaryflash.
Forexample,todownloadaswitchsoftwarefilenamedE0822.swifromaPC
(runningaterminalemulatorprogramsuchasHyperTerminal)toprimary
flash:
1. ExecutethefollowingcommandintheCLI:
A-18
FileTransfers
2. ExecutetheterminalemulatorcommandstobegintheXmodemtransfer.
Forexample,usingHyperTerminal:
a. ClickonTransfer,thenSendFile.
b. TypethefilepathandnameintheFilenamefield.
c. IntheProtocolfield,selectXmodem.
d. Clickonthe[Send]button.
Thedownloadcantakeseveralminutes,dependingonthebaudrateused
inthetransfer.
thenewlydownloadedsoftware.Todoso,useoneofthefollowing
commands:
Rebootsfromtheselectedflash.
Syntax: reload
Rebootsfromtheflashimagecurrentlyinuse.
(Formoreonthesecommands,seeRebootingtheSwitchonpage6-18.)
ProCurve> show system
ChecktheFirmwarerevisionline.Itshouldshowthesoftwareversionthat
youdownloadedintheprecedingsteps.
Ifyouneedinformationonprimary/secondaryflashmemoryandtheboot
commands,refertoUsingPrimaryandSecondaryFlashImageOptionson
page6-13.
UsingUSBtoTransferFilestoandfromtheSwitch
TheswitchsUSBport(labeledasAuxiliaryPort)allowstheuseofaUSB
flashdriveforcopyingconfigurationfilestoandfromtheswitch.Beginning
withsoftwarereleaseK_12_XXorlater,copycommandsthatusedeithertftp
orxmodem,nowincludeanadditionaloptionforusbasasourceordestination
forfiletransfers.
A-19
FileTransfers
OperatingrulesandrestrictionsonUSBusageare:
UnformattedUSBflashdrivesmustfirstbeformattedonaPC(Windows
FATformat).Fordeviceswithmultiplepartitions,onlythefirstpartition
issupported.Deviceswithsecurepartitionsarenotsupported.
Iftheyalreadyexistonthedevice,sub-directoriesaresupported.When
specifyinga<filename>,youmustentereithertheindividualfilename(if
attheroot)orthefullpathname(forexample,/subdir/filename).
ToviewthecontentsofaUSBflashdrive,usethedircommand.Thiswill
listallfilesanddirectoriesattheroot.Toviewthecontentsofadirectory,
youmustspecifythesubdirectoryname(thatis,dir<subdirectory>).
TheUSBportsupportsconnectiontoasingleUSBdevice.USBhubsto
addmoreportsarenotsupported.
Not e SomeUSBflashdrivesmaynotbesupportedonyourswitch.Consultthelatest
ReleaseNotesforinformationonsupporteddevices.
UsingUSBtoDownloadSwitchSoftware
AsoftwareversionfortheswitchhasbeenstoredonaUSBflashdrive.
(ThelatestsoftwarefileistypicallyavailablefromtheProCurveNetwork-
ingwebsiteatwww.procurve.com.)
TheUSBdevicehasbeenpluggedintotheswitchsUSBport.
Beforeyouusetheprocedure:
DeterminethenameofthesoftwarefilestoredontheUSBflashdrive(for
example,k0800.swi).
Decidewhethertheimagewillbeinstalledintheprimaryorsecondary
flash.(Formoreonprimary/secondaryflashmemoryandrelatedboot
commands,refertoUsingPrimaryandSecondaryFlashImageOptions
onpage6-13.)
Syntax: copyusbflash<filename>[<primary|secondary>]
Thiscommandautomaticallydownloadsaswitchsoftware
filetoprimaryorsecondaryflash.Notethatifyoudonot
specifytheflashdestination,theUSBdownloaddefaultsto
primaryflash.
A-20
FileTransfers
Forexample,tocopyaswitchsoftwarefilenamedk0800.swifromaUSB
devicetoprimaryflash:
1. Executecopyasshownbelow:
Thismessagemeansthattheimageyou
wanttouploadwillreplacetheimage
currentlyinprimaryflash.
FigureA-7. ExampleoftheCommandtoCopySwitchSoftwarefromUSB
2. WhentheswitchfinishescopyingthesoftwarefilefromtheUSBdevice,
itdisplaysthisprogressmessage:
ValidatingandWritingSystemSoftwaretotheFilesystem.
3. Whenthecopyfinishes,youmustreboottheswitchtoimplementthe
newlyloadedsoftware.Todoso,useoneofthefollowingcommands:
Bootsfromtheselectedflash.
Syntax: reload
Bootsfromtheflashimageandstartup-configfile.Aswitch
coveredinthisguide(withmultipleconfigurationfiles),also
usesthecurrentstartup-configfile.
6-18.)
4. Toconfirmthatthesoftwaredownloadedcorrectly,executeshowsystem
andchecktheFirmwarerevisionline.
Switch-to-SwitchDownload
YoucanuseTFTPtotransferasoftwareimagebetweentwoswitchesofthe
sameseries.Themenuinterfaceenablesyoutotransferprimary-to-primary
orsecondary-to-primary.TheCLIenablesallcombinationsofflashlocation
options.
A-21
FileTransfers
Menu:Switch-to-SwitchDownloadtoPrimaryFlash
Usingthemenuinterface,youcandownloadaswitchsoftwarefilefromeither
theprimaryorsecondaryflashofoneswitchtotheprimaryflashofanother
switchofthesameseries.
1. FromtheswitchconsoleMainMenuintheswitchtoreceivethedown-
load,select7.DownloadOSscreen.
2. EnsurethattheMethodparameterissettoTFTP(thedefault).
3. IntheTFTPServerfield,entertheIPaddressoftheremoteswitchcontain-
ingthesoftwarefileyouwanttodownload.
4. FortheRemoteFileName,enteroneofthefollowing:
Todownloadthesoftwareintheprimaryflashofthesourceswitch,
typeflashinlowercasecharacters.
Todownloadthesoftwareinthesecondaryflashofthesourceswitch,
type
/os/secondary.
5. Press[Enter],then[X](foreXecute)tobeginthesoftwaredownload.
6. Aprogressbarindicatestheprogressofthedownload.Whentheentire
switchsoftwaredownloadhasbeenreceived,allactivityontheswitch
haltsandthefollowingmessagesappear:
ValidatingandwritingsystemsoftwaretoFLASH...
seethisprompt:
Continuerebootofsystem? : No
thereboot.
a. FromtheMainMenu,select
StatusandCounters
A-22
FileTransfers
CLI:Switch-To-SwitchDownloads
Wheretwoswitchesinyournetworkbelongtothesameseries,youcan
downloadasoftwareimagebetweenthembyinitiatingacopytftpcommand
fromthedestinationswitch.TheoptionsforthisCLIfeatureinclude:
Copyfromprimaryflashinthesourcetoeitherprimaryorsecondaryin
thedestination.
Copyfromeitherprimaryorsecondaryflashinthesourcetoeither
primaryorsecondaryflashinthedestination.
DownloadingfromPrimaryOnly.
Syntax: copytftpflash<ip-addr>flash[primary|secondary]
Thiscommand(executedinthedestinationswitch)
downloadsthesoftwareflashinthesourceswitchsprimary
flashtoeithertheprimaryorsecondaryflashinthe
destinationswitch.
Ifyoudonotspecifyeitheraprimaryorsecondaryflashlocationforthe
destination,thedownloadautomaticallygoestoprimaryflash.
Forexample,todownloadasoftwarefilefromprimaryflashinaswitchwith
anIPaddressof10.29.227.103totheprimaryflashinthedestinationswitch,
youwouldexecutethefollowingcommandinthedestinationswitchsCLI:
RunningTotal
ofBytes
Downloaded
FigureA-8.Switch-To-Switch,fromPrimaryinSourcetoEitherFlashinDestination
DownloadingfromEitherFlashintheSourceSwitchtoEitherFlash
intheDestinationSwitch.
Syntax: copytftpflash<ip-addr></os/primary>|</os/secondary>[primary|
secondary]
A-23
FileTransfers
CopyingSoftwareImages
Thiscommand(executedinthedestinationswitch)givesyou
themostoptionsfordownloadingbetweenswitches.Ifyoudo
notspecifyeitheraprimaryorsecondaryflashlocationfor
thedestination,thedownloadautomaticallygoestoprimary
flash.
Forexample,todownloadasoftwarefilefromsecondaryflashinaswitch
withanIPaddressof10.28.227.103tothesecondaryflashinadestination
switch,youwouldexecutethefollowingcommandinthedestinationswitchs
CLI:
FigureA-9.Switch-to-Switch,fromEitherFlashinSourcetoEitherFlashin
Destination
UsingPCM+toUpdateSwitchSoftware
ProCurveManagerPlusincludesasoftwareupdateutilityforupdatingon
ProCurveswitchproducts.Forfurtherinformation,refertotheGetting
StartedGuideandtheAdministratorsGuide,providedelectronicallywith
theapplication.
UsingtheCLIcommandsdescribedinthissection,youcancopysoftware
imagesfromtheswitchtoanotherdeviceusingtftp,xmodem,orusb.
Not e Fordetailsonhowswitchmemoryoperates,includingprimaryandsecondary
flash,refertoChapter6,SwitchMemoryandConfiguration.
TFTP:CopyingaSoftwareImagetoaRemoteHost
Syntax: copyflashtftp<ip-addr><filename>
ThiscommandcopiestheprimaryflashimagetoaTFTP
server.
A-24
FileTransfers
Forexample,tocopytheprimaryflashtoaTFTPserverhavinganIPaddress
of10.28.227.105:
Pr oCur ve# copy f l ash t f t p 10. 28. 227. 105 k0800. swi
wherek0800. swi isthefilenamegiventotheflashimagebeingcopied.
SeriallyConnectedPCorUNIXWorkstation
Tousethismethod,theswitchmustbeconnectedviatheserialporttoaPC
orUNIXworkstation.
Syntax: copyflashxmodem<pc|unix>
UsesXmodemtocopyadesignatedconfigurationfilefromthe
switchtoaPCorUnixworkstation.
Forexample,tocopytheprimaryflashimagetoaseriallyconnectedPC:
1. Executethefollowingcommand:
Pr ocur ve# copy xmodemf l ash
Pr ess Ent er and st ar t XMODEM on your host . . .
2. Afteryouseetheaboveprompt,press[Enter].
3. Executetheterminalemulatorcommandstobeginthefiletransfer.
USB:CopyingaSoftwareImagetoaUSBDevice
Tousethismethod,aUSBflashmemorydevicemustbeconnectedtothe
switchsUSBport.
Syntax: copyflashusb<filename>
UsestheUSBporttocopytheprimaryflashimagefromthe
switchtoaUSBflashmemorydevice.
Forexample,tocopytheprimaryimagetoaUSBflashdrive:
1. InsertaUSBdeviceintotheswitchsUSBport.
Pr ocur ve# copy f l ash usb k0800. swi
A-25
FileTransfers
TransferringSwitchConfigurations
wherek0800. swi isthenamegiventotheprimaryflashimagethatis
copiedfromtheswitchtotheUSBdevice.
TransferFeatures
Feature Page
UseTFTPtocopyfromaremotehosttoaconfigfile. A-27
UseTFTPtocopyaconfigfiletoaremotehost. A-28
UseXmodemtocopyaconfigurationfromaseriallyconnectedhosttoaconfigfile. A-28
UseXmodemtocopyaconfigfiletoaseriallyconnectedhost. A-29
UseUSBtocopyaconfigurationfromaUSBdevicetoaconfigfile. A-30
UseUSBtocopyaconfigfiletoaUSBdevice. A-31
UsingtheCLIcommandsdescribedinthissection,youcancopyswitch
configurationstoandfromaswitch,orcopyasoftwareimagetoconfigureor
replaceanACLintheswitchconfiguration.
Not e Forgreatersecurity,youcanperformallTFTPoperationsusingSFTPas
describedinthesectiononUsingSecureCopyandSFTPonpageA-9.
Theinclude-credentialscommandcanalsobeusedtosavepasswords,secret
keys,andothersecuritycredentialsintherunningconfigfile.Formore
information,seethesectiononSavingSecurityCredentialsinaConfigFile
intheAccessSecurityGuideforyourswitch.
TFTP:CopyingaConfigurationFiletoaRemoteHost
Syntax: copy<startup-config|running-config>tftp<ip-addr><remote-file>
[pc|unix]
copyconfig<filename>tftp<ip-addr><remote-file>[pc|unix]
Thiscommandcancopyadesignatedconfigfileintheswitch
toaTFTPserver.Formoreonmultipleconfigurationfiles,
refertoMultipleConfigurationFilesonpage6-23.
A-26
FileTransfers
Forexample,touploadthecurrentstartupconfigurationtoafilenamed
sw8200intheconfigsdirectoryondrivedinaTFTPserverhavinganIP
addressof10.28.227.105:
ProCurve# copy startup-config tftp 10.28.227.105
d:\configs\sw8200
TFTP:CopyingaConfigurationFilefromaRemoteHost
Syntax: copytftp<startup-config|running-config><ip-address><remote-file>
[pc|unix]
copytftpconfig<filename><ip-address><remote-file>[pc|unix]
Thiscommandcancopyaconfigurationfromaremotehost
toadesignatedconfigfileintheswitch.Formoreonmultiple
configurationfiles,refertoMultipleConfigurationFileson
page6-23.
(RefertoUsingPrimaryandSecondaryFlashImage
Optionsonpage6-13formoreonflashimageuse.)
Forexample,todownloadaconfigurationfilenamedsw8200intheconfigs
directoryondrivedinaremotehosthavinganIPaddressof10.28.227.105:
ProCurve# copy tftp startup-config 10.28.227.105
d:\configs\sw8200
TFTP:CopyingaCustomizedCommandFiletoaSwitch
Usingthecopytftpcommandwiththeshow-techoptionprovidestheabilityto
copyacustomizedcommandfiletotheswitch.Whentheshowtechcustom
commandisexecuted,thecommandsinthecustomfileareexecutedinstead
ofthehard-codedlistofcommands.Ifnocustomfileisfound,thecurrent
hard-codedlistisexecuted.Thislistcontainscommandstodisplaydatasuch
astheimagestamp,runningconfiguration,boothistory,portsettings,andso
on.
Syntax: copytftpshow-tech<ipv4oripv6address><filename>
Copyacustomizedcommandfiletotheswitch.
Pr oCur ve( conf i g) # copy t f t p show- t ech 10. 10. 10. 3 commandf i l e1
A-27
FileTransfers
FigureA-10.ExampleofUsingthecopytftpshow-techCommandtoUploada
CustomizedCommandFile
Syntax: showtechcustom
Executesthecommandsfoundinacustomfileinsteadofthe
hard-codedlist.
Note:Exittheglobalconfigmode(ifneeded)beforeexecuting
showtechcommands.
Youcanincludeshowtechcommandsinthecustomfile,withtheexception
ofshowtechcustom.Forexample,youcanincludethecommandshowtechall.
Ifnocustomfileisfound,amessagedisplaysstatingNoSHOW-TECHfile
found.
Pr oCur ve# show t ech cust om
Nocustomfilewasuploadedwiththecopytftpshow-
No SHOW- TECH f i l e f ound.
techcommand
FigureA-11.ExampleoftheshowtechcustomCommand
ConnectedPCorUNIXWorkstation
orUNIXworkstation.Youwillneedto:
Determineafilenametouse.
Knowthedirectorypathyouwillusetostoretheconfigurationfile.
Syntax: copy<startup-config|running-config>xmodem<pc|unix>
copyconfig<filename>xmodem<pc|unix>
UsesXmodemtocopyadesignatedconfigurationfilefromthe
switchtoaPCorUnixworkstation.Formoreonmultiple
page6-23.
Forexample,tocopyaconfigurationfiletoaPCseriallyconnectedtothe
switch:
A-28
FileTransfers
1. DeterminethefilenameanddirectorylocationonthePC.
orUNIXworkstationonwhichisstoredtheconfigurationfileyouwantto
copy.Tocompletethecopying,youwillneedtoknowthenameofthefileto
copyandthedriveanddirectorylocationofthefile.
Syntax: copyxmodemstartup-config<pc|unix>
copyxmodemconfig<filename><pc|unix>
CopiesaconfigurationfilefromaseriallyconnectedPCor
UNIXworkstationtoadesignatedconfigurationfileonthe
switch.Formoreonmultipleconfigurationfiles,referto
MultipleConfigurationFilesonpage6-23.
Forexample,tocopyaconfigurationfilefromaPCseriallyconnectedtothe
switch:
thenewlydownloadedsoftware.Todoso,useoneofthefollowing
commands:
A-29
FileTransfers
Syntax: bootsystemflash[primary|secondary]
bootsystemflash[config<filename>
Switchesbootfromthedesignatedconfigurationfile.Formore
onmultipleconfigurationfiles,refertoMultiple
ConfigurationFilesonpage6-23.
Syntax: reload
Rebootsfromtheflashimagecurrentlyinuse.
6-18.)
USB:CopyingaConfigurationFiletoaUSBDevice
Tousethismethod,aUSBflashmemorydevicemustbeconnectedtothe
switchsUSBport.
Syntax: copystartup-configusb<filename>
copyrunning-configusb<filename>
UsestheUSBporttocopyadesignatedconfigurationfilefrom
theswitchtoaUSBflashmemorydevice.Formoreonmultiple
page6-23.
Forexample,tocopythestartupconfigurationfiletoaUSBflashdrive:
Pr ocur ve# copy st ar t up- conf i g usb pr ocur ve- conf i g
wherepr ocur ve- conf i gisthenamegiventotheconfigurationfilethat
iscopiedfromtheswitchtotheUSBdevice.
A-30
FileTransfers
TransferringACLCommandFiles
USB:CopyingaConfigurationFilefromaUSBDevice
Tousethismethod,theswitchmustbeconnectedviatheUSBporttoaUSB
flashdriveonwhichisstoredtheconfigurationfileyouwanttocopy.To
executethecommand,youwillneedtoknowthenameofthefiletocopy.
Syntax: copyusbstartup-config<filename>
CopiesaconfigurationfilefromaUSBdevicetothestartup
configurationfileontheswitch.
Forexample,tocopyaconfigurationfilefromaUSBdevicetotheswitch:
Pr ocur ve# copy usb st ar t up- conf i g pr ocur ve- conf i g
wherepr ocur ve- conf i gisthenameofthefiletocopy.
3. Attheprompt,press[Enter]toreboottheswitchandimplementthenewly
downloadedsoftware.
Thissectiondescribeshowtouploadandexecuteacommandfiletothe
switchforconfiguringorreplacinganAccessControlList(ACL)intheswitch
configuration.SuchfilesshouldcontainonlyACE(AccessControlEntry)
commands.Formoreonthisgeneraltopic,includinganexampleofanACL
commandfilecreatedoffline,refertothesectiontitledEditingACLsand
CreatinganACLOfflineintheAccessControlLists(ACLs)chapterofthe
latestAccessSecurityGuideforyourswitch.
TFTP:UploadinganACLCommandFilefromaTFTPServer
Syntax: copytftpcommand-file<ip-addr><filename.txt><unix|pc>
A-31
FileTransfers
where:
<ip-addr>=TheIPaddressofaTFTPserveravailable
totheswitch
<filename.txt>=AtextfilecontainingACLcommands
andstoredintheTFTPdirectoryof
theserveridentifiedby<ip-addr>
<unix|pc>=Thetypeofworkstationusedforserial,
Telnet,orSSHaccesstotheswitchCLI
Thiscommandcopiesandexecutesthenamedtextfilefrom
thespecifiedTFTPserveraddressandexecutestheACL
commandsinthefile.DependingontheACLcommandsused,
thisactiondoesoneofthefollowingintherunning-configfile:
CreatesanewACL.
ReplacesanexistingACL.(RefertoCreatinganACL
OfflineintheAccessControlLists(ACLs)chapterin
thelatestAccessSecurityGuideforyourswitch.)
AddstoanexistingACL.
Forexample,supposeyou:
1. CreatedanACLcommandfilenamedvlan10_in.txttoupdateanexisting
ACL.
2. CopiedthefiletoaTFTPserverat18.38.124.16.
UsingaPCworkstation,youthenexecutethefollowingfromtheCLItoupload
thefiletotheswitchandimplementtheACLcommandsitcontains:
ProCurve(config)# copy tftp command-file 18.38.124.16
vlan10_in.txt pc
Theswitchdisplaysthismessage:
Running configuration may change, do you want to continue
[y/n]?
Tocontinuewiththeupload,pressthe[Y]key.Toaborttheupload,pressthe
[N]key.Notethatiftheswitchdetectsanillegal(non-ACL)commandinthe
file,itbypassestheillegalcommand,displaysanoticeasshowninfigureA-
12,andcontinuestoimplementtheremainingACLcommandsinthefile.
A-32
FileTransfers
Thismessageindicates
thatshowrunning
commandjustaboveit
isnotanACLcommand
andwillbeignoredby
theswitch.
Manuallyexecuting
showrunningfromthe
CLIindicatesthatthe
filewasimplemented,
creatingACL155inthe
switchsrunning
configuration.
FigureA-12. ExampleofUsingtheCopyCommandtoDownloadandConfigureanACL
Syntax: copyxmodemcommand-file<unix|pc>
UsesXmodemtocopyandexecutesanACLcommandfroma
PCorUnixworkstation.DependingontheACLcommands
used,thisactiondoesoneofthefollowingintherunning-
configfile:
CreatesanewACL.
USB:UploadinganACLCommandFilefromaUSBDevice
Syntax: copyusbcommand-file<filename.txt><unix|pc>
A-33
FileTransfers
where:
<filename.txt>=AtextfilecontainingACLcommands
andstoredintheUSBflashdrive.
<unix|pc >=Thetypeofworkstationusedtocreatethe
textfile.
Thiscommandcopiesandexecutesthenamedtextfilefroma
USBflashdriveandexecutestheACLcommandsinthefile.
DependingontheACLcommandsused,thisactiondoesone
ofthefollowingintherunning-configfile:
CreatesanewACL.
Forexample,supposeyou:
1. CreatedanACLcommandfilenamedvlan10_in.txttoupdateanexisting
ACL.
2. CopiedthefiletoaUSBflashdrive.
UsingaPCworkstation,youthenexecutethefollowingfromtheCLItoupload
thefiletotheswitchandimplementtheACLcommandsitcontains:
ProCurve(config)# copy usb command-file vlan10_in.txt pc
Theswitchdisplaysthismessage:
Running configuration may change, do you want to continue
[y/n]?
Tocontinuewiththeupload,pressthe[Y]key.Toaborttheupload,pressthe
[N]key.Notethatiftheswitchdetectsanillegal(non-ACL)commandinthe
file,itbypassestheillegalcommand,displaysanotice(asinthetftpexample
showninFigureA-12onpageA-33),andcontinuestoimplementtheremaining
ACLcommandsinthefile.
A-34
FileTransfers
CopyingDiagnosticDatatoaRemoteHost,USBDevice,PCorUNIXWorkstation
Host,USBDevice,PCorUNIX
Workstation
YoucanusetheCLItocopythefollowingtypesofswitchdatatoatextfilein
adestinationdevice:
CommandOutput:SendstheoutputofaswitchCLIcommandasafileon
thedestinationdevice.
EventLog:CopiestheswitchsEventLogintoafileonthedestination
device.
CrashData:software-specificdatausefulfordeterminingthereasonfor
asystemcrash.
CrashLog:Processor-Specificoperatingdatausefulfordeterminingthe
reasonforasystemcrash.
Thedestinationdeviceandcopymethodoptionsareasfollows(CLIkeyword
isinbold):
RemoteHostviaTFTP.
PhysicallyconnectedUSBflashdriveviatheswitchsUSBport.
SeriallyconnectedPCorUNIXworkstationviaXmodem.
CopyingCommandOutputtoaDestinationDevice
Syntax: copycommand-output<cli-command>tftp<ip-address><filepath-
filename>
copycommand-output<cli-command>usb<filename>
copycommand-output<cli-command>xmodem
ThesecommandsdirectthedisplayedoutputofaCLI
commandtoaremotehost,attachedUSBdevice,ortoaserially
connectedPCorUNIXworkstation.
Forexample,touseXmodemtocopytheoutputofshowconfigtoaserially
connectedPC:
A-35
FileTransfers
Atthispoint,press
[Enter]andstartthe
Xmodemcommand
sequenceinyour
terminalemulator.
Indicatestheoperationisfinished.
FigureA-13. ExampleofSendingCommandOutputtoaFileonanAttachedPC
Not e Thecommandyouspecifymustbeenclosedindouble-quotemarks.
CopyingEventLogOutputtoaDestinationDevice
Syntax: copyevent-logtftp<ip-address><filepath_filename>
copyevent-logusb<filename>
copyevent-logxmodem<filename>
ThesecommandscopytheEventLogcontenttoaremotehost,
attachedUSBdevice,ortoaseriallyconnectedPCorUNIX
workstation.
Forexample,tocopytheeventlogtoaPCconnectedtotheswitch:
Atthispoint,press
[Enter]andstartthe
Xmodemcommand
sequenceinyour
terminalemulator.
FigureA-14. ExampleofSendingEventLogContenttoaFileonanAttachedPC
CopyingCrashDataContenttoaDestinationDevice
ThiscommandusesTFTP,USB,orXmodemtocopytheCrashDatacontent
toadestinationdevice.Youcancopyindividualslotinformationorthe
managementmodulesswitchinformation.Ifyoudonotspecifyeither,the
commanddefaultstothemanagementfunctionsdata.
A-36
FileTransfers
Syntax: copycrash-data[<slot-id>|master]tftp<ip-address><filename>
copycrash-data[<slot-id>|mm]usb<filename>
copycrash-data[<slot-id>|mm]xmodem
where: slot-id = a- h,andretrievesthecrashlogorcrashdatafrom
theprocessoronthemoduleinthespecifiedslot.
mm Retrievescrashlogorcrashdatafromtheswitchs
chassisprocessor.Whenmmisspecified,crash
filesfrombothmanagementmodulesarecopied.
Thesecommandscopythecrashdatacontenttoaremotehost,
workstation.Youcancopyindividualslotinformationorthe
managementmodule(mm)switchinformation.Ifyoudonot
specifyeither,thecommanddefaultstothemmdata.
Forexample,tocopytheswitchscrashdatatoafileinaPC:
Atthispoint,press
[Enter]andstartthe
Xmodemcommand
sequenceinyour
terminalemulator.
FigureA-15.ExampleofCopyingSwitchCrashDataContenttoaPC
CopyingCrashLogDataContenttoaDestinationDevice
Syntax: copycrash-log[<slot-id>|mm]tftp<ip-address>
<filepathandfilename>
copycrash-log[<slot-id>|mm]usb<filename>
copycrash-log[<slot-id>|mm]xmodem
where: slot-id= a- h,andretrievesthecrashlogfrom
theprocessoronthemoduleinthespecifiedslot.
mm Retrievesthecrashlogfromtheswitchs
chassisprocessor.Whenmmisspecified,
crashfilesfrombothmanagementmodulesare
copied.
A-37
FileTransfers
ThesecommandscopytheCrashLogcontenttoaremotehost,
workstation.Youcancopyindividualslotinformationorthe
managementmodule(mm)switchinformation.Ifyoudonot
specifyeither,thecommanddefaultstothemmdata.
Forexample,tocopytheCrashLogforslotCtoafileinaPCconnectedto
theswitch:
Atthispoint,press
[Enter]andstartthe
Xmodemcommand
sequenceinyour
terminalemulator.
FigureA-16. ExampleofsendingaCrashLogforSlotCtoaFileonanAttachedPC
A-38
FileTransfers
UsingUSBAutorun
UsingUSBAutorun
USBautorunhelpseasetheconfigurationofProCurveswitchesbyproviding
awaytoauto-executeCLIcommandsfromaUSBflashdrive.Usingthis
solution,youcancreateacommandfile(alsoknownasanAutoRunfile),write
ittoaUSBstoragedevice,andthenexecutethefilesimplybyinsertingthe
USBdeviceintotheswitchs AuxiliaryPort.TheAutoRunfilegetsexecuted
automaticallywhenautorunisenabledontheswitch,andcanbedesignedfor
variouspurposes:forexample,toconfiguretheswitch,toupdatesoftware,
ortoretrievediagnosticlogsfortroubleshootingpurposes.
TheoverallUSBautorunsolutionrequiresthefollowingcomponents:
AProCurveswitchwhichcansecurelyuseUSBautoruntoloadautho-
rizedconfigurationsandwritereportinginformation.Thisrequiressoft-
wareversionsK.13.01,T.13.01,W.14.xxorgreater.
ThenetworkmanagementapplicationProCurveManagerPlus(PCM+).
PCM+isrequiredtocreateavalidAutoRunfileandviewtheresultsafter
thefilehasbeenexecutedontheswitch.
Anon-proprietaryUSBflashdrive.
Not e TheabilitytocreateavalidAutoRunfilewillbeincorporatedintoanupcoming
ProCurveManagerupdate.RefertotheProCurveManagerdocumentationfor
details.ForguidelinesonusingtheUSBportforbasicfilecopycapabilities,
seeUsingUSBtoTransferFilestoandfromtheSwitchonpageA-19.
HowItWorks
ThegeneralprocessforusingUSBAutorunisasfollows(steps1,2,and7
requireanupcomingupdatetoPCM+asdescribedabove):
1. CreateanAutoRunfileusingPCM+.RefertotheProCurveManager
documentationfordetails.
Not e CreatingtheAutoRunfileinPCM+,includesthefollowingsteps:
a. specifythetargetdeviceordevices.
b. createtheCLIscripttobeexecutedonthetargetdevice(s).
c. determineifthefilewillbesignedand/orencrypted.
A-39
FileTransfers
UsingUSBAutorun
d. determineifthefilewillberunonce(movedtoaprocesseddirec-
toryonexecution)orrunmany(keptintherootdirectoryoftheflash
drivefromwhereitcanbeexecutedagain).
2. DeploytheAutoRunfiletoaUSBflashdrive.
3. (Ifrequired)Enabletheautorunfeatureontheswitch(autorunisenabled
bydefaultunlessanoperatorormanagerpasswordhasbeensetsee
AutorunandConfiguringPasswordsonpageA-43).
4. (IftheAutoRunfilehasbeensignedorencrypted)Enablesecure-mode
ontheswitchfirstlybyconfiguringanencryptionkeyandavalidtrusted
certificate,andthenbyenablingsecure-modeviatheCLI.SeeEnabling
SecureModeonpageA-42.
5. InserttheUSBflashdriveintotheswitchsUSBauxiliaryport.
TheswitchprocessestheAutoRunfileautomaticallyandwritesaresult
(.txt)fileandreport(.xml)filebacktotheUSBflashdrive,reportingon
thecommandoperationsthatwereexecuted.
6. RemovetheUSBdevicefromtheUSBport.
Theswitchexecutesanypost-commands,suchasrebootingtheswitchto
applyanyconfigurationupdates.
7. (Optional)TransfertheresultfileandreportfiletoaPCM+-enabled
computerforreportchecking.SeeTroubleshootingAutorunOperations
onpageA-41.
SecurityConsiderations
Bydefault,theswitchisunsecuredwhenshipped(thatis,USBautorunis
enabledbydefault).However,assoonasanoperatorormanagerpasswordis
configured,autorunisdisabledandmustbere-enabledattheconfiguration
leveloftheCLIbeforeitcanbeused.TherequirementtousePCM+tocreate
avalidAutoRunfilehelpspreventanon-authorizedcommandfilefrombeing
createdandprocessedbytheswitch.
Intermsofphysicalsecurity,accesstotheswitchsconsoleportandUSBport
areequivalent.Keepingtheswitchinalockedwiringclosetorothersecure
spacehelpstopreventunauthorizedphysicalaccess.Asadditionalprecau-
tions,youhavethefollowingconfigurationoptionsviatheCLI(seepageA-42):
Disableautorunbysettinganoperatorormanagerpassword.
Disableorre-enabletheUSBautorunfunctionviatheCLI.
Enableautoruninsecuremodetoverifysignaturesinautoruncommand
filesandtodecryptencryptedcommandfiles.
A-40
FileTransfers
UsingUSBAutorun
TroubleshootingAutorunOperations
Youcanverifyautorunoperationsbycheckingthefollowingitems:
USBAuxiliaryPortLEDs.ThefollowingtableshowsLEDindicationson
theAuxiliaryPortthatallowyoutoidentifythedifferentUSBoperationstates.
Color State Meaning
Green
Green
n/a
Amber
SlowBlinking
Solid
Off
FastBlinking
SwitchisprocessingUSBAutoRunfile.
SwitchhasfinishedprocessingUSBAutoRunfile.ThisLED
stateindicatestheAutoRunfilewassuccessfullyexecuted,
andthereportfilesweregenerated.Thereportfilesmaybe
reviewedonaUSB-enabledcomputerformoredetails.Upon
removaloftheUSBdevice,theLEDwillbeturnedOFF.
IndicatesthatnoUSBdevicehasbeeninserted,orthataUSB
devicethatcannotberecognizedasaUSBstoragedevicehas
beeninserted, orthatnoAutoRunfilecanbefoundonthe
insertedUSBdevice.IftheUSBdevicehasjustbeenremoved
fromtheport,theswitchwillexecuteanypostcommands.
ProcessingError.TheAutoRunfilewillstopprocessingwhen
anerrorisencountered(forexample,nomorediskspaceis
availableontheUSBdevicetowritetheresultandreportfiles).
RemovetheUSBdeviceandinspectitscontentsonaUSB-
enabledcomputerformoreinformationontheerror.
AutoRunStatusFiles.Thefollowingfilesaregeneratedduringautorun
operationsandwrittentotheUSBflashdrive:
Reportfile(s)(.xmlfile)showswhichCLIcommandshavebeenrun.
Thefilenameincludesaserialnumberanddatetimestamptoindicate
whenandonwhichdevicetheAutoRunfilewasexecuted.
Resultfile(s)(.txtfile)containstheCLIoutputforeachcommandthat
wasrunontheswitch,allowingyoutoverifywhetheracommandwas
executedsuccessfullyornot.
Not e PCM+providesamechanismtoreadthesestatusfilesandcapturetheresults
ofthecommandsexecuted.Italsoallowsyoutoverifythereportfilesfortheir
authenticityandrejectfilesthathavenotbeensigned(refertotheProCurve
Managerdocumentationfordetails).
Thestatusfileswillnotincludeanyrecordsofpostcommandsthatmayhave
beenexecutedaftertheUSBflashdrivewasremovedfromtheswitch.
A-41
FileTransfers
UsingUSBAutorun
EventLogorSyslog. Fordetailsonhowtousetheswitchseventlogor
syslogforhelpinisolatingautorun-relatedproblems,seeUsingtheEventLog
forTroubleshootingSwitchProblemsonpageC-26.
ConfiguringAutorunontheSwitch
Toenable/disabletheautorunfeatureontheswitch,thefollowingcommands
canbeexecutedfromconfigurationmodeintheCLI.
Syntax: [no]autorun[encryption-key<key-string>|secure-mode]
Enables/disablesUSBautorunontheswitch.
Usetheencryption-keykeywordtoconfigureorremovean
encryption-key(abase-64encodedstring).Theencryptionkey
isapre-requisiteforenablingautoruninsecure-mode.
EncryptionisregardedonlywhentheAutoRunfileisalso
signedbyanauthenticsource.
Usethesecure-modekeywordtoenableordisablesecuremode
forautorun.
Default:Enabled(orDisabledifapasswordhasbeenset).
EnablingSecureMode
Autorunsecuremodecanbeusedtoverifytheauthenticityofautorun
commandfiles.Secure-modeisconfiguredusingtheautorunsecure-mode
commandandcanbeenabledunderthefollowingconditions:
anencryption-keyhasalreadybeenconfiguredusingtheautorun
encryptionkeycommand;and
atrustedcertificateforverifyingautoruncommandfileshasbeencopied
totheswitchusingthecopy<tftp|usb>autorun-cert-filecommand.
Thereisanadditionalsecurityoptiontoinstallavalidkey-pairforsigningthe
resultfilesthataregeneratedduringautorunoperations.Thekey-paircanbe
generatedontheswitchusingthecryptokeygenerateautorun[rsa]command.
Not e Thekey-paircanalsobeinstalledfromatftpserverorviatheusbportusing
copy<tftp|usb>autorun-key-file<ipaddrfilename>command.Thefilenamemust
containtheprivatekey andthematchingpublickeyinaX509certificate
structure.BoththeprivatekeyandtheX509certificatemustbeinPEMformat.
A-42
FileTransfers
UsingUSBAutorun
OperatingNotesandRestrictions
Autorunisenabledbydefault,untilpasswordsaresetonthedevice.
Secure-modeandencryption-keyaredisabledbydefault.
Toenablesecuremodebothanencryptionkeyandtrustedcertificate
mustbeset.
Ifsecure-modeisenabled,thefollowingconditionsapply:
theencryption-keycannotberemoved/un-configured;
thekey-paircannotberemoved.
Ifsecuremodeisdisabled,thekey-paircanberemovedusingthecrypto
keyzeorizeautoruncommand.
Wheninstallingtheautoruncertificatefileand/ortheotherkeyfiles,the
filesmustbeinPEMformat.
AutorunandConfiguringPasswords
Whenanoperatorormanagerpasswordisconfiguredonaswitch,autorun
willbedisabledautomatically,andamessageisdisplayedonthescreenas
showninthefollowingexample:
Pr oCur ve# passwor d manager
New passwor d f or manager : *****
Pl ease r et ype new passwor d f or manager : *****
Aut or un i s di sabl ed as oper at or / manager i s conf i gur ed.
Afterpasswordsareset,autoruncanbere-enabledasneededusingtheautorun
command.
Formoreinformationonconfiguringpasswords,refertothechapteron
UsernameandPasswordSecurityintheAccessSecurityGuideforyour
switch.
A-43
FileTransfers
UsingUSBAutorun
ViewingAutorunConfigurationInformation
Theshowautoruncommanddisplaysautorunconfigurationstatusinformation
asshowninthefollowingexample.
Pr oCur ve( conf i g) # show aut or un
Aut or un conf i gur at i on st at us
Enabl ed : Yes
Secur e- mode : Di sabl ed
Encr ypt i on- key :
A-44
B
MonitoringandAnalyzingSwitchOperation
Contents
Overview .................................................... B-3
StatusandCountersData .................................... B-4
MenuAccessToStatusandCounters ..... .................... B-5
GeneralSystemInformation ................................. B-6
MenuAccess ........................................... B-6
CLIAccesstoSystemInformation ........................ B-7
TaskMonitorCollectingProcessorData ..................... B-8
SwitchManagementAddressInformation...................... B-9
MenuAccess ........................................... B-9
CLIAccess............................................ B-10
PortStatus............................................... B-10
Menu:DisplayingPortStatus ............................ B-10
CLIAccess............................................ B-11
WebAccess ........................................... B-11
ViewingPortandTrunkGroupStatisticsandFlowControlStatus B-11
MenuAccesstoPort andTrunkStatistics................. B-13
CLIAccessToPortandTrunkGroupStatistics ............ B-14
GroupStatistics ....................................... B-14
ViewingtheSwitchsMACAddressTables.................... B-15
MenuAccesstotheMACAddressViewsandSearches ...... B-15
CLIAccessforMACAddressViewsandSearches .......... B-18
SpanningTreeProtocol(MSTP)Information .................. B-19
CLIAccesstoMSTPData ............................... B-19
InternetGroupManagementProtocol(IGMP)Status ........... B-20
VLANInformation ......................................... B-21
WebBrowserInterfaceStatusInformation .................... B-23
B-1
Contents
InterfaceMonitoringFeatures .............................. B-24
Menu:ConfiguringPortandStaticTrunkMonitoring ........... B-25
CLI:ConfiguringPortandStaticTrunkMonitoring ............. B-27
Web:ConfiguringPortMonitoring ........................... B-30
LocatingaDevice ........................................... B-31
B-2
Overview
Overview
Theswitchescoveredinthisguidehaveseveralbuilt-intoolsformonitoring,
analyzing,andtroubleshootingswitchandnetworkoperation:
Status:Includesoptionsfordisplayinggeneralswitchinformation,man-
agementaddressdata,portstatus,portandtrunkgroupstatistics,MAC
addressesdetectedoneachportorVLAN,andSTP,IGMP,andVLANdata
(pageB-4).
Counters:Displaydetailsoftrafficvolumeonindividualports(page
B-11).
EventLog:Listsswitchoperatingevents(UsingtheEventLogfor
TroubleshootingSwitchProblemsonpageC-26).
AlertLog:Listsnetworkoccurrencesdetectedbytheswitchinthe
Status|Overviewscreenofthewebbrowserinterface(page5-21).
Configurabletrapreceivers:UsesSNMPtoenablemanagementsta-
tionsonyournetworktoreceiveSNMPtrapsfromtheswitch.(Referto
SNMPManagementFeaturesonpage14-4.)
Portmonitoring(mirroring):Copyalltrafficfromthespecifiedports
toadesignatedmonitoringport(pageB-24).
ChassisLocatorLED:TheblueLocatorLEDlightsupwhenyouenter
thechassislocatecommand(
Not e Linktestandpingtestanalysistoolsintroubleshootingsituationsare
describedinappendixC,Troubleshooting.RefertoDiagnosticToolson
pageC-59.
B-3
StatusandCountersData
Thissectiondescribesthestatusandcountersscreensavailablethroughthe
switchconsoleinterfaceand/orthewebbrowserinterface.
Not e YoucanaccessallconsolescreensfromthewebbrowserinterfaceviaTelnet
totheconsole.TelnetaccesstotheswitchisavailableintheDeviceView
windowundertheConfigurationtab.
StatusorCountersType Interface Purpose Page
MenuAccesstoStatusand Menu Accessmenuinterfaceforstatusandcounterdata. B-5
Counters
GeneralSystem Menu,CLI Listsswitch-leveloperatinginformation. B-6
Information
ManagementAddress Menu,CLI ListstheMACaddress,IPaddress,andIPXnetworknumberfor B-9
Information eachVLANor,ifnoVLANsareconfigured,fortheswitch.
PortStatus Menu,CLI, Displaystheoperationalstatusofeachport. B-10
Web
PortandTrunkStatistics Menu,CLI, Summarizesportactivityandlistsper-portflowcontrolstatus. B-11
andFlowControlStatus Web
VLANAddressTable Menu,CLI ListstheMACaddressesofnodestheswitchhasdetectedon B-15
specificVLANs,withthecorrespondingswitchport.
PortAddressTable Menu,CLI ListstheMACaddressesthattheswitchhaslearnedfromthe B-15
selectedport.
STPInformation Menu,CLI ListsSpanningTreeProtocoldatafortheswitchandforindividual B-19
ports.IfVLANsareconfigured,reportsonaper-VLANbasis.
IGMPStatus Menu,CLI ListsIGMPgroups,reports,queries,andportonwhichquerieris B-20
located.
VLANInformation Menu,CLI ForeachVLANconfiguredintheswitch,lists802.1QVLANIDand B-21
up/downstatus.
PortStatusOverviewand Web Showsportutilizationandcounters,andtheAlertLog. B-23
PortCounters
B-4
MenuAccessToStatusandCounters
BeginningattheMainMenu,displaytheStatusandCountersmenubyselect-
ing:
1.StatusandCounters
FigureB-1.TheStatusandCountersMenu
Eachoftheabovemenuitemsaccessestheread-onlyscreensdescribedon
thefollowingpages.Refertotheonlinehelpforadescriptionoftheentries
displayedinthesescreens.
B-5

MenuAccess
FromtheconsoleMainMenu,select:
1.StatusandCounters
1.GeneralSystemInformation
===========================- TELNET - MANAGER MODE - ==========================
Syst emCont act : Geor ge
Syst emLocat i on : Bui di ng A
Sof t war e r evi si on : W. 14. XX Base MAC Addr : 001c2e- 95b900
ROM Ver si on : W. 14. 01 Ser i al Number : SG862I I 056
Up Ti me : 46 hour s Memor y - Tot al :
CPU Ut i l ( %) : 19 Fr ee :
I P Mgmt - Pkt s Rx : 532, 398 Packet - Tot al : 6750
Pkt s Tx : 3005 Buf f er s Fr ee : 5093
Lowest : 5030
Mi ssed : 0
Act i ons- > Back Hel p
FigureB-2.ExampleofGeneralSwitchInformation
Thisscreendynamicallyindicateshowindividualswitchresourcesarebeing
used.RefertotheonlineHelpfordetails.
B-6
CLIAccesstoSystemInformation
Theshowsystemcommanddisplaysgeneralsysteminformationaboutthe
switch.
Syntax: showsystem[information|power-supply|temperature|fans]
Displaysglobalsysteminformationandoperational
parametersfortheswitch.
information
Displaysglobalsysteminformationandoperational
parametersfortheswitch.
power-supply
Showschassispowersupplyandsettings.
temperature
Showssystemtemperatureandsettings.
fans
Showssystemfanstatus.
Pr oCur ve( conf i g) # show syst emf ans
Fan I nf or mat i on
Num | St at e | Fai l ur es
- - - - - - - +- - - - - - - - - - - - - +- - - - - - - - - -
Sys- 1 | Fan OK | 0
0 / 1 Fans i n Fai l ur e St at e
0 / 1 Fans have been i n Fai l ur e St at e
FigureB-3.ExampleofSystemFanStatus
B-7

Pr oCur ve( conf i g) # show syst em
Syst emName : Pr oCur ve Swi t ch
Syst emCont act :
Syst emLocat i on :
Ti me Zone : 0
Sof t war e r evi si on : T. 13. XX Base MAC Addr : 001635- b57cc0
ROM Ver si on : K. 12. 12 Ser i al Number : LP621KI 005
Up Ti me : 51 secs Memor y - Tot al : 152, 455, 616
CPU Ut i l ( %) : 3 Fr ee : 110, 527, 264
I P Mgmt - Pkt s Rx : 0 Packet - Tot al : 6750
Pkt s Tx : 0 Buf f er s Fr ee : 5086
Lowest : 5086
Mi ssed : 0
FigureB-4.ExampleofSwitchSystemInformation
TaskMonitorCollectingProcessorData
Thetaskmonitorfeatureallowsyoutoenableordisablethecollectionof
processorutilizationdata.Thetask-monitorcpucommandisequivalenttothe
existingdebugmodecommandtaskusage-d.(ThetaskUsageShowcommand
isavailableaswell.)
Whenthetask-monitorcommandisenabled,theshowcpucommandsumma-
rizestheprocessorusagebyprotocolandsystemfunctions.
Syntax: [no]task-monitorcpu
Allowsthecollectionofprocessorutilizationdata.Only
managerloginscanexecutethiscommand.Thesettingsare
notpersistent,thatis,therearenochangestotheconfigura-
tion.
Default:Disabled
B-8
Pr oCur ve( conf i g) # t ask- moni t or cpu
Pr oCur ve( conf i g) # show cpu
2 per cent busy, f r om2865 sec ago
1 sec ave: 9 per cent busy
5 sec ave: 9 per cent busy
1 mi n ave: 1 per cent busy
%CPU | Descr i pt i on
- - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - -
99 | I dl e
FigureB-5.Exampleofthetask-monitorcpuCommandandshowcpuOutput
SwitchManagementAddressInformation
MenuAccess
1StatusandCounters
2.SwitchManagementAddressInformation
FigureB-6.ExampleofManagementAddressInformationwithVLANsConfigured
Thisscreendisplaysaddressesthatareimportantformanagementofthe
switch.IfmultipleVLANsarenotconfigured,thisscreendisplaysasingleIP
addressfortheentireswitch.RefertotheonlineHelpfordetails.
B-9
Not e AsshowninfigureB-6,allVLANsontheswitchesusethesameMACaddress.
(ThisincludesboththestaticallyconfiguredVLANsandanydynamicVLANs
existingontheswitchasaresultofGVRPoperation.)
Also,theswitchescoveredinthisguideuseamultipleforwardingdatabase.
WhenusingmultipleVLANsandconnectingaswitchtoadevicethatusesa
singleforwardingdatabase,suchasaSwitch4000M,therearecablingand
taggedportVLANrequirements.Formoreonthistopic,refertothesection
titledMultipleVLANConsiderationsintheStaticVirtualLANs(VLANs)
chapteroftheAdvancedTrafficManagementGuideforyourswitch.
CLIAccess
Syntax: showmanagement
PortStatus
Thewebbrowserinterfaceandtheconsoleinterfaceshowthesameport
statusdata.
Menu:DisplayingPortStatus
1.StatusandCounters
4.PortStatus
B-10
FigureB-7.ExampleofPortStatusontheMenuInterface
CLIAccess
Syntax: showinterfacesbrief
WebAccess
1. ClickontheStatustab.
2. Clickon[PortStatus].
ViewingPortandTrunkGroupStatisticsandFlow
ControlStatus
viewingportandtrunkstatisticsforall n/a pageB-13 pageB-14 pageB-14
ports,andflowcontrolstatus
viewingadetailedsummaryfora n/a pageB-13 pageB-14 pageB-14
particularportortrunk
resettingcounters n/a pageB-13 pageB-14 pageB-14
B-11
Thesefeaturesenableyoutodeterminethetrafficpatternsforeachportsince
thelastrebootorresetoftheswitch.Youcandisplay:
AgeneralreportoftrafficonallLANportsandtrunkgroupsintheswitch,
alongwiththeper-portflowcontrolstatus(OnorOff).
Adetailedsummaryoftrafficonaselectedportortrunkgroup.
Youcanalsoresetthecountersforaspecificport.
Themenuinterfaceandthewebbrowserinterfaceprovideadynamicdisplay
ofcounterssummarizingthetrafficoneachport.TheCLIletsyouseeastatic
snapshotofportortrunkgroupstatisticsataparticularmoment.
Asmentionedabove,rebootingorresettingtheswitchresetsthecountersto
zero.Youcanalsoresetthecounterstozeroforthecurrentsession.Thisis
usefulfortroubleshooting.RefertotheNoteOnReset,below.
No t e o n Re s e t TheResetactionresetsthecounterdisplaytozeroforthecurrentsession,but
doesnotaffectthecumulativevaluesintheactualhardwarecounters.(In
compliancewiththeSNMPstandard,thevaluesinthehardwarecountersare
notresettozerounlessyoureboottheswitch.)Thus,usingtheResetaction
resetsthedisplayedcounterstozeroforthecurrentsessiononly.Exitingfrom
theconsolesessionandstartinganewsessionrestoresthecounterdisplays
totheaccumulatedvaluesinthehardwarecounters.
B-12
MenuAccesstoPortandTrunkStatistics
ToaccessthisscreenfromtheMainMenu,select:
1.StatusandCounters
4.PortCounters
FigureB-8.ExampleofPortCountersontheMenuInterface
Toviewdetailsaboutthetrafficonaparticularport,usethe[v]keytohighlight
thatportnumber,thenselectShowDetails.Forexample,selectingportA2
displaysascreensimilartofigureB-9,below.
FigureB-9.ExampleoftheDisplayforShowdetailsonaSelectedPort
ThisscreenalsoincludestheResetactionforthecurrentsession.(Referto
theNoteonResetonpageB-12.)
B-13
CLIAccessToPortandTrunkGroupStatistics
ToDisplaythePortCounterSummaryReport.
Syntax: showinterfaces
Thiscommandprovidesanoverviewofportactivityforall
portsontheswitch.
ToDisplayaDetailedTrafficSummaryforSpecificPorts.
Syntax: showinterfaces<port-list>
Thiscommandprovidestrafficdetailsfortheport(s)you
specify
ToResetthePortCountersforaSpecificPort.
Syntax: clearstatistics<port-list>
Thiscommandresetsthecountersforthespecifiedportstozero
forthecurrentsession.(SeetheNoteonResetonpageB-12.)
GroupStatistics
1. ClickontheStatustab.
2. Clickon[PortCounters].
3. Torefreshthecountersforaspecificport,clickanywhereintherowfor
thatport,thenclickon[Refresh].
Not e Toresettheportcounterstozero,youmustreboottheswitch.
B-14
ViewingtheSwitchsMACAddressTables
viewingMACaddressesonall
portsonaspecificVLAN
n/a pageB-15 pageB-18
viewingMACaddressesona n/a pageB-17 pageB-18
specificport
searchingforaMACaddress n/a pageB-17 pageB-18
Thesefeatureshelpyoutoview:
TheMACaddressesthattheswitchhaslearnedfromnetworkdevices
attachedtotheswitch
TheportonwhicheachMACaddresswaslearned
MenuAccesstotheMACAddressViewsandSearches
Per-VLANMAC-AddressViewingandSearching. Thisfeatureletsyou
determinewhichswitchportonaselectedVLANisbeingusedtocommuni-
catewithaspecificdeviceonthenetwork.Theper-VLANlistingincludes:
TheMACaddressesthattheswitchhaslearnedfromnetworkdevices
attachedtotheswitch
TheportonwhicheachMACaddresswaslearned
1.StatusandCounters
5.VLANAddressTable
2. TheswitchthenpromptsyoutoselectaVLAN.
3. UsetheSpacebartoselecttheVLANyouwant,thenpress[Enter].The
switchthendisplaystheMACaddresstableforthatVLAN:
B-15
FigureB-10.ExampleoftheAddressTable
Topagethroughthelisting,useNextpageandPrevpage.
FindingthePortConnectionforaSpecificDeviceonaVLAN. This
featureusesadevicesMACaddressthatyouentertoidentifytheportused
bythatdevice.
1. ProceedingfromfigureB-10,press[S](forSearch),todisplaythefollowing
prompt:
Enter MAC address: _
2. TypetheMACaddressyouwanttolocateandpress[Enter].Theaddress
andportnumberarehighlightediffound.Iftheswitchdoesnotfindthe
MACaddressonthecurrentlyselectedVLAN,itleavestheMACaddress
listingempty.
LocatedMAC
Addressand
Corresponding
PortNumber
FigureB-11.ExampleofMenuIndicatingLocatedMACAddress
3. Press[P](forPrevpage)toreturntothefulladdresstablelisting.
B-16
Port-LevelMACAddressViewingandSearching. Thisfeaturedisplays
andsearchesforMACaddressesonthespecifiedportinsteadofforallports
ontheswitch.
1.StatusandCounters
7.PortAddressTable
PromptforSelecting
thePortToSearch
FigureB-12. ListingMACAddressesforaSpecificPort
2. UsetheSpacebartoselecttheportyouwanttolistorsearchforMAC
addresses,thenpress[Enter]tolisttheMACaddressesdetectedonthat
port.
DeterminingWhetheraSpecificDeviceIsConnectedtotheSelected
Port. Proceedingfromstep2,above:
1. Press[S](forSearch),todisplaythefollowingprompt:
Enter MAC address: _
2. TypetheMACaddressyouwanttolocateandpress[Enter].Theaddressis
highlightediffound.Iftheswitchdoesnotfindtheaddress,itleavesthe
MACaddresslistingempty.
3. Press[P](forPrevpage)toreturntothepreviousper-portlisting.
B-17
CLIAccessforMACAddressViewsandSearches
Syntax: showmac-address
[vlan<vlan-id>]
[<port-list>]
[<mac-addr>]
ToListAllLearnedMACAddressesontheSwitch,withThePort
NumberonWhichEachMACAddressWasLearned.
ProCurve> show mac-address
ToListAllLearnedMACAddressesononeormoreports,withTheir
CorrespondingPortNumbers. Forexample,tolistthelearnedMAC
addressonportsA1throughA4andportA6:
ProCurve> show mac-address a1-a4,a6
ToListAllLearnedMACAddressesonaVLAN,withTheirPort
Numbers. ThiscommandliststheMACaddressesassociatedwiththeports
foragivenVLAN.Forexample:
ProCurve> show mac-address vlan 100
Not e Theswitchescoveredinthisguideoperatewithamultipleforwardingdatabase
architecture.
ToFindthePortOnWhichtheSwitchLearnedaSpecificMAC
Address. Forexample,tofindtheportonwhichtheswitchlearnsaMAC
addressof080009-21ae84:
B-18
SpanningTreeProtocol(MSTP)Information
CLIAccesstoMSTPData
ThisoptionliststheMSTPconfiguration,rootdata,andper-portdata(cost,
priority,state,anddesignatedbridge).
Syntax: showspanning-tree
Thiscommanddisplaystheswitchsglobalandregional
spanning-treestatus,plustheper-portspanning-tree
operationattheregionallevel.Notethatvaluesforthe
followingparametersappearonlyforportsconnectedtoactive
devices:DesignatedBridge,HelloTime,PtP,andEdge.
FigureB-13.Outputfromshowspanning-treeCommand
B-19
InternetGroupManagementProtocol(IGMP)Status
TheswitchusestheCLItodisplaythefollowingIGMPstatusonaper-VLAN
basis:
ShowCommand Output
showipigmp GlobalcommandlistingIGMPstatusforallVLANsconfigured
intheswitch:
VLANID(VID)andname
ActivegroupaddressesperVLAN
Numberofreportandquerypacketspergroup
QuerieraccessportperVLAN
showipigmp<vlan-id> Per-VLANcommandlistingaboveIGMPstatusforspecified
VLAN(VID)
showipigmpgroup<ip-addr> Liststheportscurrentlyparticipatinginthespecifiedgroup,
withporttype,Accesstype,AgeTimerdataandLeaveTimer
data.
Forexample,supposethatshowipigmplistedanIGMPgroupaddressof
224.0.1.22.Youcouldgetadditionaldataonthatgroupbyexecutingthe
following:
FigureB-14.ExampleofIGMPGroupData
B-20
VLANInformation
TheswitchusestheCLItodisplaythefollowingVLANstatus:
ShowCommand Output
showvlan Lists:
MaximumnumberofVLANstosupport
ExistingVLANs
Status(staticordynamic)
PrimaryVLAN
showvlan<vlan-id> ForthespecifiedVLAN,lists:
Name,VID,andstatus(static/dynamic)
Per-Portmode(tagged,untagged,forbid,no/auto)
UnknownVLANsetting(Learn,Block,Disable)
Portstatus(up/down)
Forexample,supposethatyourswitchhasthefollowingVLANs:
Ports VLAN VLANID
1-12 DEFAULT_VLAN 1
13-14 VLAN-33 33
15-20 VLAN-44 44
ThenextthreefiguresshowhowyoucouldlistdataontheaboveVLANs.
FigureB-15.ExampleofVLANListingfortheEntireSwitch
B-21
BecauseportsA1
andA2arenot
membersofVLAN-
44,itdoesnotappear
inthislisting.
FigureB-16.ExampleofVLANListingforSpecificPorts
FigureB-17.ExampleofPortListingforanIndividualVLAN
B-22
WebBrowserInterfaceStatusInformation
ThehomescreenforthewebbrowserinterfaceistheStatusOverview
screen,asshownbelow.Asthetitleimplies,itprovidesanoverviewofthe
statusoftheswitch,includingsummarygraphsindicatingthenetworkutili-
zationoneachoftheswitchports,symbolicportstatusindicators,andthe
AlertLog,whichinformsyouofanyproblemsthatmayhaveoccurredonthe
switch.
Formoreinformationonthisscreen,refertochapter5,UsingtheProCurve
WebBrowserInterface.
AlertLog
Port
Status
Indicators
Port
Utilization
Graphs
FigureB-18.ExampleofaWebBrowserInterfaceStatusOverviewScreen
B-23
InterfaceMonitoringFeatures
PortMonitoringFeatures
displaymonitoring
configuration
disabled pageB-25 pageB-27 pageB-30
configurethemonitorport(s) ports:none pageB-25 pageB-28 pageB-30
selectingorremovingports noneselected pageB-25 pageB-29 pageB-30
Youcandesignatemonitoringofinboundandoutboundtrafficon:
Portsandstatictrunks:Allowsmonitoringofindividualports,groups
ofcontiguousports,andstaticporttrunks.
StaticVLANs:AllowstrafficmonitoringononestaticVLAN.
Theswitchmonitorsnetworkactivitybycopyingalltrafficinboundand
outboundonthespecifiedinterfacestothedesignatedmonitoringport,to
whichanetworkanalyzercanbeattached.
Ifataggedpacketarrivesonamonitoredport,thepacketwillremaintagged
whenitgoesoutamonitoredportevenifthatportisconfiguredasuntagged.
Ifthepacketisuntagged,itwillremainuntaggedgoingoutthemonitorport.
Themonitorportstate(taggedoruntagged)doesnotaffectthetaggingofthe
packet.However,egressmirroringdoesnotreflectthetaggedoruntagged
characteristictothemirrorport,insteaditreflectsthetaggedoruntagged
characteristicofthemirrorport.
Not e Whenbothinboundandoutboundmonitoringisdone,andIGMPisenabled
onanyVLAN,youmaygettwocopiesofIGMPpacketsonthemonitoredport.
Not e VLANsandporttrunkscannotbeusedasamonitoringport.
TheswitchcanmonitorstaticLACPtrunks,butnotdynamicLACPtrunks.
Itispossible,whenmonitoringmultipleinterfacesinnetworkswithhigh
trafficlevels,tocopymoretraffictoamonitorportthanthelinkcansupport.
Inthiscase,somepacketsmaynotbecopiedtothemonitorport.
B-24
Menu:ConfiguringPortandStaticTrunkMonitoring
Thisproceduredescribesconfiguringtheswitchformonitoringwhenmoni-
toringisdisabled.(Ifmonitoringhasalreadybeenenabled,thescreenswill
appeardifferentlythanshowninthisprocedure.)
1. FromtheConsoleMainMenu,Select:
3.NetworkMonitoringPort
Enablemonitoring
bysettingthis
parametertoYes.
FigureB-19. TheDefaultNetworkMonitoringConfigurationScreen
2. IntheActionsmenu,press[E](for Edit).
3. Ifmonitoringiscurrentlydisabled(thedefault)thenenableitbypressing
theSpacebar(or[Y])toselect Yes.
4. Pressthedownarrowkeytodisplayascreensimilartothefollowingand
movethecursortotheMonitoringPort parameter.
B-25
MovethecursortotheMonitoringPort
InboundPortandTrunkMonitoring(Only)ontheSwitch4108
FigureB-20.HowToSelectaMonitoringPort
5. UsetheSpacebartoselecttheporttouseformonitoring.
6. HighlighttheMonitorfieldandusetheSpacebartoselecttheinterfaces
tomonitor:
Ports:Useformonitoringportsorstatictrunks.
VLAN:UseformonitoringaVLAN.
Ifyouaremonitoringportsorstatictrunksgotostep8.
IfyouaremonitoringaVLAN:
i. Press[Tab]orthedownarrowkeytomovetotheVLANfield.
UsetheSpacebarto
selectaVLANtomonitor.
B-26
ii. UsetheSpacebartoselecttheVLANyouwanttomonitor.
iii. Gotostep10.
8. UsethedownarrowkeytomovethecursortotheActioncolumnforthe
individualportsandpositionthecursorataportyouwanttomonitor.
9. PresstheSpacebartoselectMonitorforeachportandtrunkthatyouwant
monitored.(Usethedownarrowkeytomovefromoneinterfacetothe
nextintheActioncolumn.)
10. Whenyoufinishselectingportstomonitor,press[Enter],thenpress[S](for
Save)tosaveyourchangesandexitfromthescreen.
11. ReturntotheMainMenu.
CLI:ConfiguringPortandStaticTrunkMonitoring
PortandStaticTrunkMonitoringCommandsUsedinThisSection
showmonitor below
mirror-port pageB-28
monitor pageB-29
Youmustusethefollowingconfigurationsequencetoconfigureportandstatic
trunkmonitoringintheCLI:
1. Assignamonitoring(mirror)port.
2. Designatetheport(s)and/orstatictrunk(s)tomonitor.
DisplayingtheMonitoringConfiguration.
Syntax: showmonitor
Thiscommandliststheportassignedtoreceivemonitored
trafficandtheportsand/ortrunksbeingmonitored.
Forexample,ifyouassignportA6asthemonitoringportandconfigurethe
switchtomonitorportsA1-A3,showmonitordisplaysthefollowing:
B-27
Portreceivingmonitoredtraffic.
MonitoredPorts
FigureB-21.ExampleofMonitoredPortListing
ConfiguringtheMonitorPort.
Syntax: [no]mirror-port[<port-num>]
Thiscommandassignsorremovesamonitoringport,and
mustbeexecutedfromtheglobalconfigurationlevel.Removing
themonitorportdisablesportmonitoringandresetsthe
monitoringparameterstotheirfactory-defaultsettings.
Forexample,toassignport6asthemonitoringport:
ProCurve(config)# mirror-port 6
Toturnoffmonitoring:
ProCurve(config)# no mirror-port
B-28
SelectingorRemovingMonitoringSourceInterfaces.Afteryoucon-
figureamonitorportyoucanuseeithertheglobalconfigurationlevelorthe
interfacecontextleveltoselectports,statictrunks,orVLANsasmonitoring
sources.Youcanalsouseeitherleveltoremovemonitoringsources.
Syntax: [no]interface<monitor-list>monitor
[no]vlan<vid>monitor
where:
<monitor-list> Includesportnumbersandstatictrunknames
suchasa4,c7,b5-b8,trk1.
<vid> AllowsmonitoringofoneVLAN.
Identifiestheswitchelementstomonitorthroughthecurrently
configuredmonitorport.Youcanmonitortheport(s)and
statictrunk(s)availableontheswitchoroneVLAN.
Not e Individualportsandstatictrunkscanbemonitoredatthesametime.However,
ifyouconfiguretheswitchtomonitoraVLAN,allotherinterfacesareremoved
frommonitoring.Also,youcanconfigureonlyoneVLANatatimeformoni-
toring.
Elementsinthemonitorlistcanincludeportnumbersandstatictrunknames
atthesametime.
Forexample,withaportsuchasportA6configuredasthemonitoring(mirror)
port,youwoulduseeitherofthefollowingcommandstoselecttheseinter-
facesformonitoring:
A1throughA3,andA5
Trunks1and2
Pr oCur ve( conf i g) # i nt 6- 9, 14 t r k2, moni t or
FigureB-22.ExamplesofSelectingPortsandStaticTrunksasMonitoringSources
TomonitoraVLAN:
B-29
ConfiguremonitoringofVLAN20.
Displaycurrentmonitoring
configuration:
Monitorport
InterfaceBeingMonitored
FigureB-23.ExampleofConfiguringVLANMonitoring
Thesetwocommands
showhowtodisable
monitoringattheinterface
contextlevelforasingle
portorallportsinan
interfacecontextlevel.
Thesetwocommandsshowhowtodisablemonitoringat
theglobalconfiglevelforasingleportoragroupofports.
FigureB-24.ExamplesofRemovingPortsasMonitoringSources
Web:ConfiguringPortMonitoring
Toenableportmonitoring:
2. Clickon[MonitorPort].
3. Tomonitoroneormoreports.
a. ClickontheradiobuttonforMonitorSelectedPorts.
b. Selecttheport(s)tomonitor.
4. Clickon[ApplyChanges].
Toremoveportmonitoring:
1. Clickonthe[MonitoringOff]radiobutton.
2. Clickon[ApplyChanges].
Forweb-basedHelponhowtousethewebbrowserinterfacescreen,clickon
the[?]buttonprovidedonthewebbrowserscreen.
B-30
LocatingaDevice
LocatingaDevice
Ifyouaretryingtolocateaparticularswitchyoucanenterthechassislocate
command.TheblueLocatorLEDwilllightuponthatswitch.
Syntax: chassislocate[blink|on|off]
LocateadevicebyusingtheblueLocateLEDonthefrontpanel.
blink<1-1440>
BlinksthechassisLocateLEDforaselectednumberofminutes
(defaultis30minutes).
on<1-1440>
TurnsthechassisLocateLEDonforaselectednumberofminutes
(defaultis30minutes).
off
TurnsthechassisLocateLEDoff.
ProCurve(config)#chassislocate
blink<1-1440>Blinkthechassislocateled(default30minutes).
off Turnthechassislocateledoff.
on<1-1440> Turnthechassislocateledon(default30minutes).
ProCurve(config)#chassislocate
FigureB-25.Thechassislocatecommand
B-31
LocatingaDevice
B-32
C
Troubleshooting
Contents
Overview .................................................... C-4
TroubleshootingApproaches.................................. C-5
BrowserorTelnetAccessProblems ........................... C-6
UnusualNetworkActivity .................................... C-8
GeneralProblems.......................................... C-8
802.1QPrioritizationProblems............................... C-9
ACLProblems ............................................. C-9
IGMP-RelatedProblems .................................... C-13
LACP-RelatedProblems .................................... C-14
Mesh-RelatedProblems.................................... C-14
Port-BasedAccessControl(802.1X)-RelatedProblems ......... C-14
QoS-RelatedProblems..................................... C-17
Radius-RelatedProblems ................................... C-17
Spanning-TreeProtocol(MSTP)andFast-UplinkProblems...... C-18
SSH-RelatedProblems..................................... C-19
TACACS-RelatedProblems................................. C-21
TimeP,SNTP,orGatewayProblems ......................... C-23
VLAN-RelatedProblems .............. ...................... C-23
FanFailure ............................................... C-25
UsingtheEventLogforTroubleshootingSwitchProblems .... C-26
EventLogEntries ......................................... C-26
Menu:DisplayingandNavigatingintheEventLog ............. C-34
CLI:DisplayingtheEventLog ............................... C-35
CLI:ClearingEventLogEntries ............................. C-35
CLI:TurningEventNumberingOn ........................... C-36
EventLogandSNMPMessages.............................. C-36
C-1
Troubleshooting
Contents
LogThrottlePeriods ............. ...................... C-37
ExampleofLogThrottling .............................. C-37
ExampleofEventCounterOperation ..................... C-39
Debug/SyslogOperation ..................................... C-40
Debug/SyslogMessaging ................................... C-40
Debug/SyslogDestinationDevices ........................... C-40
Debug/SyslogConfigurationCommands ...................... C-41
ConfiguringDebug/SyslogOperation ......................... C-43
DisplayingaDebug/SyslogConfiguration.................. C-45
DebugCommand ................... ....................... C-49
DebugMessages ....................................... C-49
DebugDestinations.............. ...................... C-51
LoggingCommand ........................................ C-52
ConfiguringaSyslogServer ............................. C-53
MessagesSenttoaSyslogServer ...... ...................... C-56
MessagesSenttoaSyslogServer ........................ C-57
OperatingNotesforDebugandSyslog ....................... C-57
DiagnosticTools ............................................ C-59
PortAuto-Negotiation...................................... C-60
PingandLinkTests ........................................ C-60
Web:ExecutingPingorLinkTests....................... C-61
CLI:PingTest ......................................... C-62
LinkTests ............................................ C-63
TracerouteCommand ...................................... C-64
ViewingSwitchConfigurationandOperation ................. C-68
CLI:ViewingtheStartuporRunningConfigurationFile ......... C-68
Web: ViewingtheConfigurationFile ......................... C-68
CLI:ViewingaSummaryofSwitchOperationalData ........... C-68
SavingshowtechCommandOutputtoaTextFile .......... C-70
CustomizingshowtechCommandOutput ................. C-71
CLI:ViewingMoreInformationonSwitchOperation ........... C-75
PatternMatchingWhenUsingtheShowCommand......... C-75
CLI:UsefulCommandsforTroubleshootingSessions........... C-79
C-2
Troubleshooting
Contents
SystemFailures:CoreDumpUtility .......................... C-79
CLI:Enabling/DisablingCoreDump ...................... C-80
CLI:TransferringCoreDumpFiles .... ................... C-80
CLI:DisplayingCoreDump Information .................. C-81
CLI: DeletingCore Dump Files.. .... . .................... C-81
Web:Enabling/DisablingCoreDump .. ................... C-81
WebUI:DownloadingCoreDumpFiles ................... C-83
RestoringtheFactory-DefaultConfiguration ................. C-84
CLI:ResettingtotheFactory-DefaultConfiguration............ C-84
Clear/Reset:ResettingtotheFactory-DefaultConfiguration..... C-85
RestoringaFlashImage ..................................... C-85
DNSResolver ............................................... C-88
Terminology .......................................... C-88
BasicOperation ........................................... C-89
withDNS-CompatibleCommands ........................... C-90
ConfiguringaDNSEntry ................................... C-91
ExampleUsingDNSNameswithPingandTraceroute .......... C-92
ViewingtheCurrentDNSConfiguration ...................... C-94
OperatingNotes........................................... C-95
EventLogMessages ....................................... C-96
C-3
Troubleshooting
Overview
Overview
Thisappendixaddressesperformance-relatednetworkproblemsthatcanbe
causedbytopology,switchconfiguration,andtheeffectsofotherdevicesor
theirconfigurationsonswitchoperation.(Forswitch-specificinformationon
hardwareproblemsindicatedbyLEDbehavior,cablingrequirements,and
otherpotentialhardware-relatedproblems,refertotheInstallationGuide
youreceivedwiththeswitch.)
Not e ProCurveperiodicallyplacesswitchsoftwareupdatesontheProCurve
Networkingwebsite.ProCurverecommendsthatyoucheckthiswebsitefor
softwareupdatesthatmayhavefixedaproblemyouareexperiencing.
Forinformationonsupportandwarrantyprovisions,refertotheSupportand
Warrantybookletshippedwiththeswitch.
C-4
Troubleshooting
TroubleshootingApproaches
TroubleshootingApproaches
Usetheseapproachestodiagnoseswitchproblems:
ChecktheProCurveNetworkingwebsiteforsoftwareupdatesthatmay
havesolvedyourproblem:www.procurve.com
ChecktheswitchLEDsforindicationsofproperswitchoperation:
EachswitchporthasaLinkLEDthatshouldlightwheneveranactive
networkdeviceisconnectedtotheport.
Problemswiththeswitchhardwareandsoftwareareindicatedby
flashingtheFaultandotherswitchLEDs.
RefertotheInstallationGuideshippedwiththeswitchforadescrip-
tionoftheLEDbehaviorandinformationonusingtheLEDsfor
troubleshooting.
Checkthenetworktopology/installation.RefertotheInstallationGuide
shippedwiththeswitchfortopologyinformation.
Checkcablesfordamage,correcttype,andproperconnections.You
shouldalsouseacabletestertocheckyourcablesforcompliancetothe
relevantIEEE802.3specification.RefertotheInstallationGuideshipped
withtheswitchforcorrectcabletypesandconnectorpin-outs.
UseProCurveManagertohelpisolateproblemsandrecommendsolu-
tions.
UsethePortUtilizationGraphandAlertLoginthewebbrowserinterface
includedintheswitchtohelpisolateproblems.RefertoChapter5,Using
theProCurveWebBrowserInterfaceforoperatinginformation.These
toolsareavailablethroughthewebbrowserinterface:
PortUtilizationGraph
AlertLog
PortStatusandPortCountersscreens
Diagnostictools(Linktest,Pingtest,configurationfilebrowser)
Forhelpinisolatingproblems,usetheeasy-to-accessswitchconsolebuilt
intotheswitchorTelnettotheswitchconsole.Refertochapters3and4
foroperatinginformationontheMenuandCLIinterfacesincludedinthe
console.Thesetoolsareavailablethroughtheswitchconsole
StatusandCountersscreens
EventLog
Diagnosticstools(Linktest,Pingtest,configurationfilebrowser,and
advancedusercommands)
C-5
Troubleshooting
BrowserorTelnetAccessProblems
Cannotaccessthewebbrowserinterface:
AccessmaybedisabledbytheWebAgentEnabledparameterintheswitch
console.Checkthesettingonthisparameterbyselecting:
1.SystemInformation
TheswitchmaynothavethecorrectIPaddress,subnetmaskorgateway.
VerifybyconnectingaconsoletotheswitchsConsoleportandselecting:
5.IPConfiguration
Note:IfDHCP/Bootpisusedtoconfiguretheswitch,theIPaddressing
canbeverifiedbyselecting:
1.StatusandCounters
alsochecktheDHCP/BootpserverconfigurationtoverifycorrectIP
addressing.
IfyouareusingDHCPtoacquiretheIPaddressfortheswitch,theIP
addressleasetimemayhaveexpiredsothattheIPaddresshaschanged.
FormoreinformationonhowtoreserveanIPaddress,refertothe
documentationfortheDHCPapplicationthatyouareusing.
IfoneormoreIP-Authorizedmanagersareconfigured,theswitchallows
webbrowseraccessonlytoadevicehavinganauthorizedIPaddress.For
moreinformationonIPAuthorizedmanagers,refertotheAccessSecurity
Guideforyourswitch.
Javaappletsmaynotberunningonthewebbrowser.Theyarerequired
fortheswitchwebbrowserinterfacetooperatecorrectly.Refertothe
onlineHelponyourwebbrowserforhowtoruntheJavaapplets.
C-6
Troubleshooting
CannotTelnetintotheswitchconsolefromastationonthenetwork:
OffsubnetmanagementstationscanloseTelnetaccessifyouenable
routingwithoutfirstconfiguringastatic(default)route.Thatis,theswitch
usestheIPdefaultgatewayonlywhileoperatingasaLayer2device.While
routingisenabledontheswitch,theIPdefaultgatewayisnotused.You
canavoidthisproblembyusingtheiproutecommandtoconfigureastatic
(default)routebeforeenablingrouting.Formoreinformation,refertothe
chaptertitledIPRoutingFeaturesintheMulticastandRoutingGuide
foryourswitch.
TelnetaccessmaybedisabledbytheInboundTelnetEnabledparameterin
theSystemInformationscreenofthemenuinterface:
1.SystemInformation
TheswitchmaynothavethecorrectIPaddress,subnetmask,orgateway.
VerifybyconnectingaconsoletotheswitchsConsoleportandselecting:
5.IPConfiguration
Note:IfDHCP/Bootpisusedtoconfiguretheswitch,refertotheNote,
above.
IfyouareusingDHCPtoacquiretheIPaddressfortheswitch,theIP
addressleasetimemayhaveexpiredsothattheIPaddresshaschanged.
FormoreinformationonhowtoreserveanIPaddress,refertothe
documentationfortheDHCPapplicationthatyouareusing.
IfoneormoreIP-Authorizedmanagersareconfigured,theswitchallows
inboundtelnetaccessonlytoadevicehavinganauthorizedIPaddress.
FormoreinformationonIPAuthorizedmanagers,refertotheAccess
SecurityGuideforyourswitch.
C-7
Troubleshooting
UnusualNetworkActivity
Networkactivitythatfailstomeetacceptednormsmayindicateahardware
problemwithoneormoreofthenetworkcomponents,possiblyincludingthe
switch.Suchproblemscanalsobecausedbyanetworklooporsimplytoo
muchtrafficforthenetworkasitiscurrentlydesignedandimplemented.
UnusualnetworkactivityisusuallyindicatedbytheLEDsonthefrontofthe
switchormeasuredwiththeswitchconsoleinterfaceorwithanetwork
managementtoolsuchasProCurveManager.RefertotheInstallationGuide
youreceivedwiththeswitchforinformationonusingLEDstoidentifyunusual
networkactivity.
Atopologyloopcanalsocauseexcessivenetworkactivity.TheEventLog
FFImessagescanbeindicativeofthistypeofproblem.
GeneralProblems
Thenetworkrunsslow;processesfail;userscannotaccessserversor
otherdevices.Broadcaststormsmaybeoccurringinthenetwork.These
maybeduetoredundantlinksbetweennodes.
Ifyouareconfiguringaporttrunk,finishconfiguringtheportsinthe
trunkbeforeconnectingtherelatedcables.Otherwiseyoumayinad-
vertentlycreateanumberofredundantlinks(i.e.topologyloops)that
willcausebroadcaststorms.
TurnonSpanningTreeProtocoltoblockredundantlinks(i.e.
topologyloops)
CheckforFFImessagesintheEventLog.
DuplicateIPAddresses. ThisisindicatedbythisEventLogmessage:
ip:InvalidARPsource:IPaddressonIPaddress
where:bothinstancesofIPaddressarethesameaddress,indicatingthe
switchsIPaddresshasbeenduplicatedsomewhereonthenetwork.
DuplicateIPAddressesinaDHCPNetwork.IfyouuseaDHCPserver
toassignIPaddressesinyournetworkandyoufindadevicewithavalidIP
addressthatdoesnotappeartocommunicateproperlywiththeserverorother
devices,aduplicateIPaddressmayhavebeenissuedbytheserver.Thiscan
occurifaclienthasnotreleasedaDHCP-assignedIPaddressafterthe
intendedexpirationtimeandtheserverleasestheaddresstoanotherdevice.
C-8
Troubleshooting
Thiscanalsohappen,forexample,iftheserverisfirstconfiguredtoissueIP
addresseswithanunlimitedduration,thenissubsequentlyconfiguredtoissue
IPaddressesthatwillexpireafteralimitedduration.Onesolutionisto
configurereservationsintheDHCPserverforspecificIPaddressestobe
assignedtodeviceshavingspecificMACaddresses.Formoreinformation,
refertothedocumentationfortheDHCPserver.
OneindicationofaduplicateIPaddressinaDHCPnetworkisthisEventLog
message:
i p: I nval i d ARP sour ce: < IP-address > on <IP-address>
where:bothinstancesofIP-addressarethesameaddress,indicatingthe
IPaddressthathasbeenduplicatedsomewhereonthenetwork.
TheSwitchHasBeenConfiguredforDHCP/BootpOperation,ButHas
NotReceivedaDHCPorBootpReply. Whentheswitchisfirstconfig-
uredforDHCP/Bootpoperation,orifitisrebootedwiththisconfiguration,it
immediatelybeginssendingrequestpacketsonthenetwork.Iftheswitchdoes
notreceiveareplytoitsDHCP/Bootprequests,itcontinuestoperiodically
sendrequestpackets,butwithdecreasingfrequency.Thus,ifaDHCPorBootp
serverisnotavailableoraccessibletotheswitchwhenDHCP/Bootpisfirst
configured,theswitchmaynotimmediatelyreceivethedesiredconfiguration.
Afterverifyingthattheserverhasbecomeaccessibletotheswitch,rebootthe
switchtore-starttheprocess.
802.1QPrioritizationProblems
Portsconfiguredfornon-defaultprioritization(level1-7)arenot
performingthespecifiedaction.Iftheportswereplacedinatrunkgroup
afterbeingconfiguredfornon-defaultprioritization,theprioritysettingwas
automaticallyresettozero(thedefault).Portsinatrunkgroupoperateonly
atthedefaultprioritysetting.
ACLProblems
ACLsareproperlyconfiguredandassignedtoVLANs,buttheswitch
isnotusingtheACLstofilterIPlayer3packets.
1. TheswitchmayberunningwithIProutingdisabled.ToensurethatIP
routingisenabled,executeshowrunningandlookfortheIProuting
statementintheresultinglisting.Forexample:
C-9
Troubleshooting
S
Indicatesthatroutingisenabled;arequire-
mentforACLoperation.(Thereisan
exception.RefertotheNote,below.)
FigureC-1. IndicationthatRoutingIsEnabled
Not e IfanACLassignedtoaVLANincludesanACEreferencinganIPaddresson
theswitchitselfasapacketsourceordestination,theACEscreenstrafficto
orfromthisswitchaddressregardlessofwhetherIProutingisenabled.This
isasecuritymeasuredesignedtohelpprotecttheswitchfromunauthorized
managementaccess.
IfyouneedtoconfigureIProuting,executetheiproutingcommand.
2. ACLfilteringontheswitchescoveredinthisguideappliesonlytorouted
packetsandpacketshavingadestinationIPaddress(DA)ontheswitch
itself.Also,theswitchappliesassignedACLsonlyatthepointwhere
trafficentersorleavestheswitchonaVLAN.Ensurethatyouhave
correctlyappliedyourACLs(inand/orout)totheappropriate
VLAN(s).
Theswitchdoesnotallowmanagementaccessfromadeviceonthe
sameVLAN.
Theimplicitdenyanyfunctionthattheswitchautomaticallyappliesasthelast
entryinanyACLalwaysblockspacketshavingthesameDAastheswitchs
IPaddressonthesameVLAN.Thatis,bridgedpacketswiththeswitchitself
asthedestinationareblockedasasecuritymeasure.Topreemptthisaction,
edittheACLtoincludeanACEthatpermitsaccesstotheswitchsDAonthat
VLANfromthemanagementdevice.
C-10
Troubleshooting
Error(Invalidinput)whenenteringanIPaddress.
Whenusingthehostoptioninthecommandsyntax,ensurethatyouarenot
includingamaskineitherdotteddecimalorCIDRformat.Usingthehost
optionimpliesaspecifichostdeviceandthereforedoesnotpermitanymask
entry.
Correct.
Incorrect.Nomaskneeded
tospecifyasinglehost.
FigureC-2. ExamplesofCorrectlyandIncorrectlySpecifyingaSingleHost
ApparentfailuretologallDenyMatches.
WherethelogstatementisincludedinmultipleACEsconfiguredwithadeny
option,alargevolumeofdenymatchesgeneratingloggingmessagesina
shortperiodoftimecanimpactswitchperformance.Ifitappearsthatthe
switchisnotconsistentlyloggingalldenymatches,tryreducingthenumber
ofloggingactionsbyremovingthelogstatementfromsomeACEsconfigured
withthedenyaction.
Theswitchdoesnotallowanyroutedaccessfromaspecifichost,group
ofhosts,orsubnet.
Theimplicitdenyanyfunctionthattheswitchautomaticallyappliesasthelast
entryinanyACLmaybeblockingallaccessbydevicesnotspecifically
permittedbyanentryinanACLaffectingthosesources.Ifyouareusingthe
ACLtoblockspecifichosts,agroupofhosts,orasubnet,butwanttoallow
anyaccessnotspecificallypermitted,insertpermitanyasthelastexplicitentry
intheACL.
TheswitchisnotperformingroutingfunctionsonaVLAN
Twopossiblecausesofthisproblemare:
Routingisnotenabled.Ifshowrunningindicatesthatroutingisnot
enabled,usetheiproutingcommandtoenablerouting.
Onaswitchcoveredinthisguide,anACLmaybeblockingaccess
totheVLAN.EnsurethattheswitchsIPaddressontheVLANisnot
blockedbyoneoftheACEentriesinanACLappliedtothatVLAN.A
commonmistakeistoeithernotexplicitlypermittheswitchsIP
addressasaDAortouseawildcardACLmaskinadenystatement
C-11
C-12
Troubleshooting
thathappenstoincludetheswitchsIPaddress.Foranexampleof
thisproblem,refertothesectiontitledGeneralACLOperating
NotesintheAccessControlLists(ACLs)chapterofthelatest
AccessSecurityGuideforyourswitch.
RoutingThroughaGatewayontheSwitchFails
ConfiguringadenyACEthatincludesagatewayaddresscanblocktraffic
attemptingtousethegatewayasanext-hop.
RemoteGatewayCase.Forexample,configuringACL101(below)and
applyingitoutboundonVLAN1inFigureC-4includestheroutergateway
(10.0.8.1)neededbydevicesonothernetworks.Thiscanpreventtheswitch
fromsendingARPandotherroutingmessagestothegatewayrouterto
supporttrafficfromauthorizedremotenetworks.
FigureC-3. ExampleofACEBlockinganEntireSubnet
InFigureC-4,thisACE
deniesaccesstothe
10Nets10.0.8.1router
gatewayneededby
the20Net.
(Subnetmaskis
255.255.255.0.)
FigureC-4. ExampleofInadvertentlyBlockingaGateway
30Net
IP:30.29.16.1
(Deflt.Gateway)
RouterX
10Net
IP:10.0.8.1
8212zl
10Net--VLAN1
IP:10.08.15
(Deflt.GWay=10.0.8.1)
Switch1
20Net--VLAN2
IP:20.0.8.21
(Deflt.Gway=20.0.8.1)
20NetVLAN2
IP:20.0.8.1
(Deflt.Gway
for20.0.8.1)
30.29.16.91
Switch2
10Net--VLAN1
IP:10.0.8.16
(Deflt.Gway=10.0.8.1)
Switch1cannot
accessthe30Neton
RouterXbecauseACL
101ontheSwitch
8212zldeniesrouted,
outboundIPtrafficto
the10Net.
Troubleshooting
Toavoidinadvertentlyblockingtheremotegatewayforauthorizedtraffic
fromanothernetwork(suchasthe20Netinthisexample):
1. ConfigureanACEthatspecificallypermitsauthorizedtrafficfromthe
remotenetwork.
2. ConfigurenarrowlydefinedACEstoblockunwantedIPtrafficthatwould
otherwiseusethegateway.SuchACEsmightdenytrafficforaparticular
application,particularhosts,oranentiresubnet.
3. ConfigureapermitanyACEtospecificallyallowanyIPtraffictomove
throughthegateway.
LocalGatewayCase. Ifyouusetheswitchasagatewayfortrafficyouwant
routedbetweensubnets,usethesegeneralstepstoavoidblockingthegateway
forauthorizedapplications:
1. Configuregatewaysecurityfirstforroutingwithspecificpermitanddeny
statements.
2. Permitauthorizedtraffic.
3. Denyanyunauthorizedtrafficthatyouhavenotalreadydeniedinstep1.
IGMP-RelatedProblems
IPMulticast(IGMP)TrafficThatIsDirectedByIGMPDoesNotReach
IGMPHostsoraMulticastRouterConnectedtoaPort.IGMPmust
beenabledontheswitchandtheaffectedportmustbeconfiguredforAuto
orForwardoperation.
IPMulticastTrafficFloodsOutAllPorts;IGMPDoesNotAppearTo
FilterTraffic. TheIGMPfeaturedoesnotoperateiftheswitchorVLANdoes
nothaveanIPaddressconfiguredmanuallyorobtainedthroughDHCP/Bootp.
ToverifywhetheranIPaddressisconfiguredfortheswitchorVLAN,doeither
ofthefollowing:
TryUsingtheWebBrowserInterface:Ifyoucanaccesstheweb
browserinterface,thenanIPaddressisconfigured.
TryToTelnettotheSwitchConsole:IfyoucanTelnettotheswitch,
thenanIPaddressisconfigured.
UsingtheSwitchConsoleInterface:FromtheMainMenu,checkthe
ManagementAddressInformationscreenbyclickingon
1.StatusandCounters
C-13
Troubleshooting
Ca u t i o n
Not e
LACP-RelatedProblems
UnabletoenableLACPonaportwiththeinterface<port-number>lacp
command.Inthiscase,theswitchdisplaysthefollowingmessage:
Operation is not allowed for a trunked port.
YoucannotenableLACPonaportwhileitisconfiguredasstaticTrunkport.
ToenableLACPonstatic-trunkedport,firstusethe
notrunk<port-number>commandtodisablethestatictrunkassignment,then
executeinterface<port-number>lacp.
Removingaportfromatrunkwithoutfirstdisablingtheportcancreatea
trafficloopthatcanslowdownorhaltyournetwork.Beforeremovingaport
fromatrunk,ProCurverecommendsthatyoueitherdisabletheportor
disconnectitfromtheLAN.
Mesh-RelatedProblems
TrafficonadynamicVLANdoesnotgetthroughtheswitchmesh.
GVRPenablesdynamicVLANs.Ensurethatallswitchesinthemeshhave
GVRPenabled.
Port-BasedAccessControl(802.1X)-RelatedProblems
Tolistthe802.1Xport-accessEventLogmessagesstoredontheswitch,use
showlog802.
SeealsoRadius-RelatedProblemsonpageC-17.
TheswitchdoesnotreceivearesponsetoRADIUSauthentication
requests. Inthiscase,theswitchwillattemptauthenticationusingthe
secondarymethodconfiguredforthetypeofaccessyouareusing(console,
Telnet,orSSH).
Therecanbeseveralreasonsfornotreceivingaresponsetoanauthentication
request.Dothefollowing:
UsepingtoensurethattheswitchhasaccesstotheconfiguredRADIUS
servers.
Verifythattheswitchisusingthecorrectencryptionkey(RADIUSsecret
key)foreachserver.
C-14
Troubleshooting
VerifythattheswitchhasthecorrectIPaddressforeachRADIUSserver.
Ensurethattheradius-servertimeoutperiodislongenoughfornetwork
conditions.
TheswitchdoesnotauthenticateaclienteventhoughtheRADIUS
serverisproperlyconfiguredandprovidingaresponsetothe
authenticationrequest. IftheRADIUSserverconfigurationforauthenti-
catingtheclientincludesaVLANassignment,ensurethattheVLANexistsas
astaticVLANontheswitch.RefertoHow802.1XAuthenticationAffects
VLANOperationintheAccessSecurityGuideforyourswitch.
DuringRADIUS-authenticatedclientsessions,accesstoaVLANonthe
portusedfortheclientsessionsislost.IftheaffectedVLANisconfig-
uredasuntaggedontheport,itmaybetemporarilyblockedonthatportduring
an802.1Xsession.Thisisbecausetheswitchhastemporarilyassignedanother
VLANasuntaggedontheporttosupporttheclientaccess,asspecifiedinthe
responsefromtheRADIUSserver.RefertoHow802.1XAuthentication
AffectsVLANOperationintheAccessSecurityGuideforyourswitch.
Theswitchappearstobeproperlyconfiguredasasupplicant,but
cannotgainaccesstotheintendedauthenticatorportontheswitch
towhichitisconnected.Ifaaaauthenticationport-accessisconfiguredfor
Local,ensurethatyouhaveenteredthelocallogin(operator-level)username
andpasswordoftheauthenticatorswitchintotheidentityandsecretparame-
tersofthesupplicantconfiguration.Ifinstead,youentertheenable(manager-
level)usernameandpassword,accesswillbedenied.
Thesupplicantstatisticslistingshowsmultipleportswiththesame
authenticatorMACaddress.Thelinktotheauthenticatormayhavebeen
movedfromoneporttoanotherwithoutthesupplicantstatisticshavingbeen
clearedfromthefirstport.RefertoNoteonSupplicantStatisticsinthe
chapteronPort-BasedandUser-BasedAccessControlintheAccessSecurity
Guideforyourswitch.
Theshowport-accessauthenticator<port-list>commandshowsoneormore
portsremainopenaftertheyhavebeenconfiguredwithcontrol
unauthorized. 802.1Xisnotactiveontheswitch.Afteryouexecuteaaaport-
accessauthenticatoractive,allportsconfiguredwithcontrolunauthorized
shouldbelistedasClosed.
C-15
Troubleshooting
PortA9showsanOpenstatuseven
thoughAccessControlissetto
Unauthorized(ForceAuth).Thisis
becausetheport-access
authenticatorhasnotyetbeen
activated.
FigureC-5. AuthenticatorPortsRemainOpenUntilActivated
RADIUSserverfailstorespondtoarequestforservice,eventhough
theserversIPaddressiscorrectlyconfiguredintheswitch.Use
showradiustoverifythattheencryptionkey(RADIUSsecretkey)theswitch
isusingiscorrectfortheserverbeingcontacted.Iftheswitchhasonlyaglobal
keyconfigured,theniteithermustmatchtheserverkeyoryoumustconfigure
aserver-specifickey.Iftheswitchalreadyhasaserver-specifickeyassigned
totheserversIPaddress,thenitoverridestheglobalkeyandmustmatchthe
serverkey.
GlobalRADIUSEncryptionKey
UniqueRADIUSEncryptionKey
fortheRADIUSserverat
10.33.18.119
FigureC-6. DisplayingEncryptionKeys
C-16
Troubleshooting
Also,ensurethattheswitchportusedtoaccesstheRADIUSserverisnot
blockedbyan802.1Xconfigurationonthatport.Forexample,showport-
accessauthenticator<port-list>givesyouthestatusforthespecifiedports.
Also,ensurethatotherfactors,suchasportsecurityorany802.1Xconfigura-
tionontheRADIUSserverarenotblockingthelink.
TheauthorizedMACaddressonaportthatisconfiguredforboth
802.1Xandportsecurityeitherchangesorisre-acquiredafter
executionofaaaport-accessauthenticator<port-list>initialize. Iftheportis
force-authorizedwithaaaport-accessauthenticator<port-list>controlauthorized
commandandportsecurityisenabledontheport,thenexecutinginitialize
causestheporttoclearthelearnedaddressandlearnanewaddressfromthe
firstpacketitreceivesafteryouexecuteinitialize.
Atrunkedportconfiguredfor802.1Xisblocked. Ifyouareusing
RADIUSauthenticationandtheRADIUSserverspecifiesaVLANfortheport,
theswitchallowsauthentication,butblockstheport.Toeliminatethis
problem,eitherremovetheportfromthetrunkorreconfiguretheRADIUS
servertoavoidspecifyingaVLAN.
QoS-RelatedProblems
LossofcommunicationwhenusingVLAN-taggedtraffic. Ifyoucannot
communicatewithadeviceinataggedVLANenvironment,ensurethatthe
deviceeithersupportsVLANtaggedtrafficorisconnectedtoaVLANportthat
isconfiguredasUntagged.
Radius-RelatedProblems
TheswitchdoesnotreceivearesponsetoRADIUSauthentication
requests. Inthiscase,theswitchwillattemptauthenticationusingthe
secondarymethodconfiguredforthetypeofaccessyouareusing(console,
Telnet,orSSH).
Therecanbeseveralreasonsfornotreceivingaresponsetoanauthentication
request.Dothefollowing:
UsepingtoensurethattheswitchhasaccesstotheconfiguredRADIUS
server.
Verifythattheswitchisusingthecorrectencryptionkeyforthedesig-
natedserver.
VerifythattheswitchhasthecorrectIPaddressfortheRADIUSserver.
C-17
Troubleshooting
Ensurethattheradius-servertimeoutperiodislongenoughfornetwork
conditions.
VerifythattheswitchisusingthesameUDPportnumberastheserver.
RADIUSserverfailstorespondtoarequestforservice,eventhough
theserversIPaddressiscorrectlyconfiguredintheswitch.Use
showradiustoverifythattheencryptionkeytheswitchisusingiscorrectfor
theserverbeingcontacted.Iftheswitchhasonlyaglobalkeyconfigured,then
iteithermustmatchtheserverkeyoryoumustconfigureaserver-specific
key.Iftheswitchalreadyhasaserver-specifickeyassignedtotheserversIP
address,thenitoverridestheglobalkeyandmustmatchtheserverkey.
GlobalRADIUSEncryptionKey
UniqueRADIUSEncryptionKey
fortheRADIUSserverat
10.33.18.119
FigureC-7. ExamplesofGlobalandUniqueEncryptionKeys
Spanning-TreeProtocol(MSTP)andFast-Uplink
Problems
Ca u t i o n IfyouenableMSTP,itisrecommendedthatyouleavetheremainderofthe
MSTPparametersettingsattheirdefaultvaluesuntilyouhavehadanoppor-
tunitytoevaluateMSTPperformanceinyournetwork.Becauseincorrect
MSTPsettingscanadverselyaffectnetworkperformance,youshouldavoid
makingchangeswithouthavingastrongunderstandingofhowMSTPoper-
ates.TolearnthedetailsofMSTPoperation,refertotheIEEE802.1sstandard.
C-18
Troubleshooting
BroadcastStormsAppearingintheNetwork. Thiscanoccurwhen
therearephysicalloops(redundantlinks)inthetopology.Wherethisexists,
youshouldenableMSTPonallbridgingdevicesinthetopologyinorderfor
thelooptobedetected.
STPBlocksaLinkinaVLANEvenThoughThereAreNoRedundant
LinksinthatVLAN. In802.1Q-compliantswitchesMSTPblocksredundant
physicallinkseveniftheyareinseparateVLANs.Asolutionistouseonlyone,
multiple-VLAN(tagged)linkbetweenthedevices.Also,ifportsareavailable,
youcanimprovethebandwidthinthissituationbyusingaporttrunk.Refer
toSpanningTreeOperationwithVLANsinthechaptertitledStaticVirtual
LANs(VLANs)intheAdvancedTrafficManagementGuideforyourswitch.
Fast-UplinkTroubleshooting.Someoftheproblemsthatcanresultfrom
incorrectusageofFast-UplinkMSTPincludetemporaryloopsandgeneration
ofduplicatepackets.
Problemsourcescaninclude:
Fast-UplinkisconfiguredonaswitchthatistheMSTProotdevice.
EithertheHelloTimeortheMaxAgesetting(orboth)istoolongononeor
moreswitches.ReturntheHelloTimeandMaxAgesettingstotheirdefault
values(2secondsand20seconds,respectively,onaswitch).
Adownlinkportisconnectedtoaswitchthatisfurtheraway(inhop
count)fromtherootdevicethantheswitchportonwhichfast-uplink
MSTPisconfigured.
Twoedgeswitchesaredirectlylinkedtoeachotherwithafast-uplink
(Mode=Uplink)connection.
Fastuplinkisconfiguredonbothendsofalink.
AswitchservingasabackupMSTProotswitchhasportsconfiguredfor
fast-uplinkMSTPandhasbecometherootdeviceduetoafailureinthe
originalrootdevice.
SSH-RelatedProblems
Switchaccessrefusedtoaclient. Eventhoughyouhaveplacedthe
clientspublickeyinatextfileandcopiedthefile(usingthecopytftppub-key-
filecommand)intotheswitch,theswitchrefusestoallowtheclienttohave
access.IfthesourceSSHclientisanSSHv2application,thepublickeymay
beinthePEMformat,whichtheswitch(SSHv1)doesnotinterpret.Checkthe
SSHclientapplicationforautilitythatcanconvertthePEM-formattedkey
intoanASCII-formattedkey.
C-19
Troubleshooting
ExecutingIPSSHdoesnotenableSSHontheswitch. Theswitch
doesnothaveahostkey.Verifybyexecutingshowiphost-public-key.Ifyou
seethemessage
ssh cannot be enabl ed unt i l a host key i s conf i gur ed
( use ' cr ypt o' command) .
thenyouneedtogenerateanSSHkeypairfortheswitch.Todoso,execute
cryptokeygenerate.(Referto2.GeneratingtheSwitchsPublicandPrivate
KeyPairintheSSHchapteroftheAccessSecurityGuideforyourswitch.)
Switchdoesnotdetectaclientspublickeythatdoesappearinthe
switchspublickeyfile(showipclient-public-key). Theclientspublickey
entryinthepublickeyfilemaybeprecededbyanotherentrythatdoesnot
terminatewithanewline(CR).Inthiscase,theswitchinterpretsthenext
sequentialkeyentryassimplyacommentattachedtotheprecedingkeyentry.
Whereapublickeyfilehasmorethanoneentry,ensurethatallentries
terminatewithanewline(CR).Whilethisisoptionalforthelastentryinthe
file,notaddinganewlinetothelastentrycreatesanerrorpotentialifyou
eitheraddanotherkeytothefileatalatertimeorchangetheorderofthekeys
inthefile.
Anattempttocopyaclientpublic-keyfileintotheswitchhasfailed
andtheswitchlistsoneofthefollowingmessages.
Downl oad f ai l ed: over l engt h key i n key f i l e.
Downl oad f ai l ed: t oo many keys i n key f i l e.
Downl oad f ai l ed: one or mor e keys i s not a val i d RSA
publ i c key.
Thepublickeyfileyouaretryingtodownloadhasoneofthefollowing
problems:
Akeyinthefileistoolong.Themaximumkeylengthis1024characters,
includingspaces.Thiscouldalsomeanthattwoormorekeysaremerged
togetherinsteadofbeingseparatedbya<CR><LF>.
Therearemorethantenpublickeysinthekeyfile.
Oneormorekeysinthefileiscorruptedorisnotavalidrsapublickey.
Clientceasestorespond(hangs)duringconnectionphase. The
switchdoesnotsupportdatacompressioninanSSHsession.Clientswilloften
havecompressionturnedonbydefault,butwilldisableitduringthenegotia-
tionphase.Aclientwhichdoesnotrecognizethecompression-request
C-20
Troubleshooting
FAILUREresponsemayfailwhenattemptingtoconnect.Ensurethat
compressionisturnedoffbeforeattemptingaconnectiontopreventthis
problem.
TACACS-RelatedProblems
EventLog. WhentroubleshootingTACACS+operation,checktheswitchs
EventLogforindicationsofproblemareas.
AllUsersAreLockedOutofAccesstotheSwitch.Iftheswitchisfunc-
tioningproperly,butnousername/passwordpairsresultinconsoleorTelnet
accesstotheswitch,theproblemmaybeduetohowtheTACACS+server
and/ortheswitchareconfigured.Useoneofthefollowingmethodstorecover:
AccesstheTACACS+serverapplicationandadjustorremovethe
configurationparameterscontrollingaccesstotheswitch.
Iftheabovemethoddoesnotwork,tryeliminatingconfiguration
changesintheswitchthathavenotbeensavedtoflash(boot-up
configuration)bycausingtheswitchtorebootfromtheboot-up
configuration(whichincludesonlytheconfigurationchangesmade
priortothelastwritememorycommand.)Ifyoudidnotusewrite
memorytosavetheauthenticationconfigurationtoflash,then
pressingtheResetbuttonorcyclingthepowerrebootstheswitch
withtheboot-upconfiguration.
DisconnecttheswitchfromnetworkaccesstoanyTACACS+servers
andthenlogintotheswitchusingeitherTelnetordirectconsoleport
access.BecausetheswitchcannotaccessaTACACS+server,itwill
defaulttolocalauthentication.Youcanthenusetheswitchslocal
OperatororManagerusername/passwordpairtologon.
Asalastresort,usetheClear/Resetbuttoncombinationtoresetthe
switchtoitsfactorydefaultboot-upconfiguration.Takingthisstep
meansyouwillhavetoreconfiguretheswitchtoreturnittooperation
inyournetwork.
NoCommunicationBetweentheSwitchandtheTACACS+Server
Application.Iftheswitchcanaccesstheserverdevice(thatis,itcanping
theserver),thenaconfigurationerrormaybetheproblem.Somepossibilities
include:
TheserverIPaddressconfiguredwiththeswitchstacacs-serverhost
commandmaynotbecorrect.(Usetheswitchsshowtacacs-server
commandtolisttheTACACS+serverIPaddress.)
C-21
Troubleshooting
Theencryptionkeyconfiguredintheserverdoesnotmatchthe
encryptionkeyconfiguredintheswitch(byusingthetacacs-server
keycommand).Verifythekeyintheserverandcompareittothekey
configuredintheswitch.(Useshowtacacs-servertolisttheglobalkey.
Useshowconfigorshowconfigrunningtolistanyserver-specifickeys.)
TheaccessibleTACACS+serversarenotconfiguredtoprovide
servicetotheswitch.
AccessIsDeniedEvenThoughtheUsername/PasswordPairIs
Correct.Somereasonsfordenialincludethefollowingparameters
controlledbyyourTACACS+serverapplication:
Theaccounthasexpired.
Theaccessattemptisthroughaportthatisnotallowedforthe
account.
Thetimequotafortheaccounthasbeenexhausted.
Thetimecreditfortheaccounthasexpired.
Theaccessattemptisoutsideofthetimeframeallowedforthe
account.
Theallowednumberofconcurrentloginsfortheaccounthasbeen
exceeded
Formorehelp,refertothedocumentationprovidedwithyourTACACS+
serverapplication.
UnknownUsersAllowedtoLogintotheSwitch.YourTACACS+appli-
cationmaybeconfiguredtoallowaccesstounknownusersbyassigningthem
theprivilegesincludedinadefaultuserprofile.Refertothedocumentation
providedwithyourTACACS+serverapplication.
SystemAllowsFewerLoginAttemptsthanSpecifiedintheSwitch
Configuration.YourTACACS+serverapplicationmaybeconfiguredto
allowfewerloginattemptsthanyouhaveconfiguredintheswitchwiththe
aaaauthenticationnum-attemptscommand.
C-22
Troubleshooting
TimeP,SNTP,orGatewayProblems
TheSwitchCannotFindtheTimeServerortheConfiguredGateway.
TimeP,SNTP,andGatewayaccessarethroughtheprimaryVLAN,whichin
thedefaultconfigurationistheDEFAULT_VLAN.IftheprimaryVLANhas
beenmovedtoanotherVLAN,itmaybedisabledordoesnothaveports
assignedtoit.
VLAN-RelatedProblems
MonitorPort.WhenusingthemonitorportinamultipleVLANenviron-
ment,theswitchhandlesbroadcast,multicast,andunicasttrafficoutputfrom
themonitorportasfollows:
IfthemonitorportisconfiguredfortaggedVLANoperationonthesame
VLANasthetrafficfrommonitoredports,thetrafficoutputfromthe
monitorportcarriesthesameVLANtag.
IfthemonitorportisconfiguredforuntaggedVLANoperationonthesame
VLANasthetrafficfromthemonitoredports,thetrafficoutputfromthe
monitorportisuntagged.
IfthemonitorportisnotamemberofthesameVLANasthetrafficfrom
themonitoredports,trafficfromthemonitoredportsdoesnotgooutthe
monitorport.
NoneofthedevicesassignedtooneormoreVLANsonan802.1Q-
compliantswitcharebeingrecognized.IfmultipleVLANsarebeingused
onportsconnecting802.1Q-compliantdevices,inconsistentVLANIDsmay
havebeenassignedtooneormoreVLANs.ForagivenVLAN,thesameVLAN
IDmustbeusedonallconnected802.1Q-compliantdevices.
LinkConfiguredforMultipleVLANsDoesNotSupportTrafficforOne
orMoreVLANs. OneormoreVLANsmaynotbeproperlyconfiguredas
TaggedorUntagged.AVLANassignedtoaportconnectingtwo802.1Q-
compliantdevicesmustbeconfiguredthesameonbothports.Forexample,
VLAN_1andVLAN_2usethesamelinkbetweenswitchXandswitchY.
C-23
Troubleshooting
LinksupportingVLAN_1
andVLAN_2
SwitchY SwitchX
PortY-7 PortX-3
VLANPortAssignment VLANPortAssignment
Port VLAN_1 VLAN_2 Port VLAN_1 VLAN_2
X-3 UntaggedTagged Y-7 UntaggedTagged
FigureC-8. ExampleofCorrectVLANPortAssignmentsonaLink
1. IfVLAN_1(VID=1)isconfiguredasUntaggedonport3onswitchX,
thenitmustalsobeconfiguredasUntaggedonport7onswitchY.
MakesurethattheVLANID(VID)isthesameonbothswitches.
2. Similarly,ifVLAN_2(VID=2)isconfiguredasTaggedonthelinkporton
switchA,thenitmustalsobeconfiguredasTaggedonthelinkport
onswitchB.MakesurethattheVLANID(VID)isthesameonboth
switches.
DuplicateMACAddressesAcrossVLANs.Theswitchescoveredinthis
guideoperatewithmultipleforwardingdatabases.Thus,duplicateMAC
addressesoccurringondifferentVLANscanappearwhereadevicehaving
oneMACaddressisamemberofmorethanone802.1QVLAN,andtheswitch
porttowhichthedeviceislinkedisusingVLANs(insteadofMSTPortrunking)
toestablishredundantlinkstoanotherswitch.Iftheotherdevicesendstraffic
overmultipleVLANs,itsMACaddresswillconsistentlyappearinmultiple
VLANsontheswitchporttowhichitislinked.
NotethatattemptingtocreateredundantpathsthroughtheuseofVLANswill
causeproblemswithsomeswitches.OnesymptomisthataduplicateMAC
addressappearsinthePortAddressTableofoneport,andthenlaterappears
onanotherport.Whiletheswitcheshavemultipleforwardingdatabases,and
thusdoesnothavethisproblem,someswitcheswithasingleforwarding
databaseforallVLANsmayproducetheimpressionthataconnecteddevice
ismovingamongportsbecausepacketswiththesameMACaddressbut
differentVLANsarereceivedondifferentports.Youcanavoidthisproblem
bycreatingredundantpathsusingporttrunksorspanningtree.
C-24
Troubleshooting
Server
8212zlSwitch
(Multiple
Forwarding
Database)
Switchwith
Single
Forwarding
Database
MACAddressA;VLAN1
MACAddressA;VLAN2
Problem:Thisswitchdetects
continualmovesofMAC
addressAbetweenports.
VLAN1
VLAN2
FigureC-9. ExampleofDuplicateMACAddress
FanFailure
Whentwoormorefansfail,atow-minutetimerstarts.Aftertwominutes,the
switchispowereddownandmustberebootedtorestartit.Thisprotectsthe
switchfrompossibleoverheating.
ProCurverecommendsthatyoureplaceafailedfantrayassemblywithinone
minuteofremovingit.
C-25

Troubleshooting
UsingtheEventLogforTroubleshootingSwitchProblems
UsingtheEventLogforTroubleshooting
SwitchProblems
TheEventLogrecordsoperatingeventsinsingle-ordouble-lineentriesand
servesasatooltoisolateandtroubleshootproblems.
StartinginsoftwarereleaseK.13.xx,themaximumnumberofentries
supportedintheEventLogisincreasedfrom1000to2000entries.Entriesare
listedinchronologicalorder,fromtheoldesttothemostrecent.
Oncetheloghasreceived2000entries,itdiscardstheoldestmessageeach
timeanewmessageisreceived.TheEventLogwindowcontains14logentry
lines.Youcanscrollthroughittoviewanypartofthelog.
Not e TheEventLogiserasedifpowertotheswitchisinterruptedorifyouenter
thebootsystemcommand.ThecontentsoftheEventLogarenoterasedifyou:
ReboottheswitchbychoosingtheRebootSwitchoptionfromthemenu
interface.
EnterthereloadcommandfromtheCLI.
EventLogEntries
AsshowninFigureC-10,eachEventLogentryiscomposedoffiveorsixfields,
dependingonwhethernumberingisturnedonornot:
Severity Date Time Eventnumber SystemModule EventMessage
I 08/ 05/ 06 10: 52: 32 00063 por t s: por t A1 enabl ed
FigureC-10.FormatofanEventLogEntry
Severityisoneofthefollowingcodes(fromhighesttolowestseverity):
M (major)indicatesthatafatalswitcherrorhasoccurred.
E (error)indicatesthatanerrorconditionoccurredontheswitch.
W (warning)indicatesthataswitchservicehasbehavedunexpectedly.
I (information)providesinformationonnormalswitchoperation.
C-26
Troubleshooting
D (debug)isreservedforProCurveinternaldiagnosticinformation.
Dateisthedateintheformatmm/dd/yywhenanentryisrecordedinthelog.
Time isthetimeintheformathh:mm:sswhenanentryisrecordedinthelog.
EventNumberisthenumberassignedtoanevent.Youcanturnevent
numberingonandoffwiththe[no]log-numbercommand.
SystemModuleistheinternalmodule(suchasports:forportmanager)that
generatedalogentry.IfVLANsareconfigured,thenaVLANnamealsoappears
foraneventthatisspecifictoanindividualVLAN.TableC-1liststhedifferent
systemmoduleswithadescriptionofeachone.
EventMessageisabriefdescriptionoftheoperatingevent.
TableC-1. EventLogSystemModules
System
Module
Description
DocumentedinProCurveHardware/
Softwareguide
802.1x 802.1Xauthentication:Providesaccesscontrolonaper-client
orper-portbasis:
Client-levelsecuritythatallowsLANaccessto802.1X
clients(upto32perport)withvalidusercredentials
Port-levelsecuritythatallowsLANaccessonlyonportson
whichasingle802.1X-capableclient(supplicant)has
enteredvalidRADIUSusercredentials
AccessSecurityGuide
acl AccessControlLists(ACLs):Filterlayer-3IPtraffictoorfrom
ahosttoblockunwantedIPtraffic,andblockorlimitother
protocoltrafficsuchasTCP,UDP,IGMP,andICMP.Access
controlentries(ACEs)specifythefiltercriteriaandanaction
(permitordeny)totakeonapacketifitmeetsthecriteria.
AdvancedTrafficManagementGuide
addrmgr AddressTableManager:ManagesMACaddressesthatthe
switchhaslearnedandarestoredintheswitchsaddress
table.
ManagementandConfigurationGuide
arp-protect DynamicARPProtection:ProtectsthenetworkfromARP
cachepoisoning.OnlyvalidARPrequestsandresponsesare
relayedorusedtoupdatethelocalARPcache.ARPpackets
withinvalidIP-to-MACaddressbindingsadvertisedinthe
sourceprotocoladdressandsourcephysicaladdressfields
arediscarded.
AccessSecurityGuide
auth Authorization:Aconnectedclientmustreceiveauthorization
throughweb,AMC,RADIUS-based,TACACS+-based,or
802.1Xauthenticationbeforeitcansendtraffictotheswitch.
AccessSecurityGuide
C-27
Troubleshooting
cdp CiscoDiscoveryProtocol:SupportsreadingCDPpackets
receivedfromneighbordevices,enablingaswitchtolearn
aboutadjacentCDPdevices.ProCurveswitchesdonot
supportthetransmissionofCDPpacketstoneighbordevices.
chassis Hardwareoperation,includingmodulesandports,power
supply,fans,transceivers,CPUinterrupterrors,switch
temperature,andsoon.Chassismessagesincludeeventson
PowerOverEthernet(POE)operation.
InstallationGuides
connfilt Connection-Ratefiltering:Usedonthenetworkedgeto
protectthenetworkfromattackbyworm-likemaliciouscode
bydetectinghoststhataregeneratingIPtrafficthatexhibits
thisbehaviorand(optionally)eitherthrottlingordroppingall
IPtrafficfromtheoffendinghosts.
Connection-Ratefilteringmessagesincludeeventsonvirus
throttling.Virusthrottlingusesconnection-ratefilteringto
stopthepropagationofmaliciousagents.
AccessSecurityGuide
console Consoleinterfaceusedtomonitorswitchandportstatus,
reconfiguretheswitch,readtheeventlogthroughanin-band
Telnetorout-of-bandconnection.
InstallationandGettingStartedGuide
cos ClassofService(CoS):Providespriorityhandlingofpackets
traversingtheswitch,basedontheIEEE802.1pprioritycarried
byeachpacket.
CoSmessagesalsoincludeQualityofService(QoS)events.
TheQoSfeatureclassifiesandprioritizestrafficthroughouta
network,establishinganend-to-endtrafficprioritypolicyto
manageavailablebandwidthandimprovethroughputof
importantdata.
dca DynamicConfigurationArbiter(DCA)determinestheclient-
specificparametersthatareassignedinanauthentication
session.
AccessSecurityGuide
dhcp DynamicHostConfigurationProtocol(DHCP)server
configuration:Switchisautomaticallyconfiguredfroma
DHCP(Bootp)server,includingIPaddress,subnetmask,
defaultgateway,TimepServeraddress,andTFTPserver
address.
dhcpv6c DHCPforIPv6prefixassignment IPv6ManagementGuide
dhcpr DHCPrelay:Forwardsclient-originatedDHCPpacketstoa
DHCPnetworkserver.
download Downloadoperationforcopyingasoftwareversionorfilesto
theswitch.
dhcp-snoop DHCPsnooping:ProtectsyournetworkfromcommonDHCP
attacks,suchasaddressspoofingandrepeatedaddress
requests.
AccessSecurityGuide
System
Module
Description
Softwareguide
C-28
Troubleshooting
dma DirectAccessMemory(DMA):Transmitsandreceives
packetsbetweentheCPUandtheswitch.Notusedforlogging
messagesinsoftwarereleaseK.13.xx.
fault FaultDetectionfacility,includingresponsepolicyandthe
sensitivitylevelatwhichanetworkproblemshouldgenerate
analert.
ffi Find,Fix,andInform:Eventoralertlogmessagesindicatinga
possibletopologyloopthatcauseexcessivenetworkactivity
andresultsinthenetworkrunningslow.FFImessagesinclude
eventsontransceiverconnectionswithothernetwork
devices.
garp GenericAttributeRegistrationProtocol(GARP),definedinthe
IEEE802.1D-1998standard.
gvrp GARPVLANRegistrationProtocol(GVRP):Managesdynamic
802.1QVLANoperations,inwhichtheswitchcreates
temporaryVLANmembershiponaporttoprovidealinkto
anotherportinthesameVLANonanotherdevice.
hpesp Managementmodulethatmaintainscommunicationbetween
switchports.
idm Identity-drivenManagement:Optionalmanagement
applicationusedtomonitorandcontrolaccesstoswitch.
igmp InternetGroupManagementProtocol:Reducesunnecessary
bandwidthusageformulticasttraffictransmittedfrom
multimediaapplicationsonaper-portbasis.
MulticastandRoutingGuide
inst-mon InstrumentationMonitor:Identifiesattacksontheswitchby
generatingalertsfordetectedanomalies.
AccessSecurityGuide
ip IPaddressing:ConfigurestheswitchwithanIPaddressand
subnetmasktocommunicateonthenetworkandsupport
remotemanagementaccess;configuresmultipleIP
addressesonaVLAN;enablesIProutingontheswitch.
ipaddrmgr IPAddressManager:ProgramsIProutinginformationin
switchhardware.
iplock IPLockdown:PreventsIPsourceaddressspoofingonaper-
portandper-VLANbasisbyforwardingonlytheIPpacketsin
VLANtrafficthatcontainaknownsourceIPaddressandMAC
addressbindingfortheport.
AccessSecurityGuide
ipx NovellNetwareprotocolfiltering:Onthebasisofprotocol
type,theswitchcanforwardordroptraffictoaspecificsetof
destinationportsontheswitch.
AccessSecurityGuide
licensing ProCurvepremiumlicensing:Provideaccesstoexpanded
featuresoncertainProCurvenetworkdevices.
PremiumLicenseInstallationGuide
System
Module
Description
Softwareguide
C-29
Troubleshooting
kms KeyManagementSystem:Configuresandmaintainssecurity
information(keys)forallroutingprotocols,includingatiming
mechanismforactivatinganddeactivatinganindividual
protocol.
AccessSecurityGuide
lacp LACPtrunks:Theswitchcaneitherautomaticallyestablishan
802.3ad-complianttrunkgrouporprovideamanually
configured,staticLACPtrunk.
ldbal LoadbalancinginLACPporttrunksor802.1sMultiple
SpanningTreeprotocol(MSTP)thatusesVLANsinanetwork
toimprovenetworkresourceutilizationandmaintainaloop-
freeenvironment.
Load-balancingmessagesalsoincludeswitchmeshing
events.TheSwitchMeshingfeatureprovidesredundantlinks,
improvedbandwidthuse,andsupportfordifferentporttypes
andspeeds.
lldp Link-LayerDiscoveryProtocol:SupportstransmittingLLDP
packetstoneighbordevicesandreadingLLDPpackets
receivedfromneighbordevices,enablingaswitchto
advertiseitselftoadjacentdevicesandtolearnabout
adjacentLLDPdevices.
loop_protect Loopprotection:Detectstheformationofloopswhenan
unmanageddeviceonthenetworkdropsspanningtree
packets,andprovidesprotectionbytransmittingloopprotocol
packetsoutportsonwhichloopprotectionhasbeenenabled.
macauth WebandMACauthentication:Port-basedsecurityemployed
onthenetworkedgetoprotectprivatenetworksandthe
switchitselffromunauthorizedaccessusingoneofthe
followinginterfaces:
Webpagelogintoauthenticateusersforaccesstothe
network
RADIUSserverthatusesadevicesMACaddressfor
authentication
AccessSecurityGuide
maclock MAClockdownandMAClockout
MAClockdownpreventsstationmovementandMAC
addresshijackingbyrequiringaMACaddresstobeused
onlyanassignedportontheswitch.MACLockdownalso
restrictstheclientdevicetoaspecificVLAN.
MAClockoutblocksaspecificMACaddresssothatthe
switchdropsalltraffictoorfromthespecifiedaddress.
AccessSecurityGuide
mgr ProCurveManager(PCM)andProCurveManagerPlus
(PCM+):Windows-basednetworkmanagementsolutionsfor
managingandmonitoringperformanceofProCurvedevices.
PCMmessagesalsoincludeeventsforconfiguration
operations.
System
Module
Description
Softwareguide
C-30
Troubleshooting
mld MulticastListenerDiscovery(MLD):IPv6protocolusedbya
routertodiscoverthepresenceofmulticastlisteners.MLD
canalsooptimizeIPv6multicasttrafficflowwiththesnooping
feature.
mtm MulticastTrafficManager(MTM):Controlsandcoordinates
L3multicasttrafficforupperlayerprotocols.
netinet NetworkInternet:Monitorsthecreationofarouteoran
AddressResolutionProtocol(ARP)entryandsendsalog
messageincaseoffailure.
pagp PortsAggregationProtocol(PAgP):Obsolete.Replacedby
LACP(802.3ad).Notusedforloggingmessagesinsoftware
releaseK.13.xx.
ports Portstatusandportconfigurationfeatures,includingmode
(speedandduplex),flowcontrol,broadcastlimit,jumbo
packets,andsecuritysettings.
PortmessagesincludeeventsonPowerOverEthernet(POE)
operationandtransceiverconnectionswithothernetwork
devices.
AccessSecurityGuide
radius RADIUS(RemoteAuthenticationDial-InUserService)
authenticationandaccounting:Anetworkserverisusedto
authenticateuser-connectionrequestsontheswitchand
collectaccountinginformationtotracknetworkresource
usage.
AccessSecurityGuide
ratelim Rate-limiting:Enablesaporttolimittheamountofbandwidth
auserordevicemayutilizeforinboundtrafficontheswitch.
sflow Flowsampling:sFlowisanindustrystandardsampling
technology,definedbyRFC3176,usedtocontinuouslymonitor
trafficflowsonallportsprovidingnetwork-widevisibilityinto
theuseofthenetwork.
snmp SimpleNetworkManagementProtocol:Allowsyoutomanage
theswitchfromanetworkmanagementstation,including
supportforsecurityfeatures,eventreporting,flowsampling,
andstandardMIBs.
sntp SimpleNetworkTimeProtocol:Synchronizesandensuresa
uniformtimeamonginteroperatingdevices.
System
Module
Description
Softwareguide
C-31
Troubleshooting
ssh SecureShellversion2(SSHv2):Providesremoteaccessto
managementfunctionsonaswitchviaencryptedpaths
betweentheswitchandmanagementstationclientscapable
ofSSHoperation.
SSHmessagesalsoincludeeventsfromtheSecureFile
TransferProtocol(SFTP)feature.SFTPprovidesasecure
alternativetoTFTPfortransferringsensitiveinformation,such
asswitchconfigurationfiles,toandfromtheswitchinanSSH
session.
AccessSecurityGuide
ssl SecureSocketLayerVersion3(SSLv3),includingTransport
LayerSecurity(TLSv1)support:Providesremotewebaccess
toaswitchviaencryptedpathsbetweentheswitchand
managementstationclientscapableofSSL/TLSoperation.
AccessSecurityGuide
stack Stackmanagement:UsesasingleIPaddressandstandard
networkcablingtomanageagroup(upto16)ofswitchesin
thesameIPsubnet(broadcastdomain),resultinginareduced
numberofIPaddressesandsimplifiedmanagementofsmall
workgroupsforscalingyournetworktohandleincreased
bandwidthdemand.
stp Multiple-instancespanningtreeprotocol/MSTP(802.1s):
Ensuresthatonlyoneactivepathexistsbetweenanytwo
nodesinagroupofVLANsinthenetwork.MSTPoperationis
designedtoavoidloopsandbroadcaststormsofduplicate
messagesthatcanbringdownthenetwork.
system Switchmanagement,includingsystemconfiguration,switch
bootup,activationofbootROMimage,memorybuffers,traffic
andsecurityfilters.
SystemmessagesalsoincludeeventsfromManagement
interfaces(menu,CLI,webbrowser,ProCurveManager)used
toreconfiguretheswitchandmonitorswitchstatusand
performance.
AccessSecurityGuide
tacacs TACACS+authentication:Acentralserverisusedtocontrol
accesstotheswitches(andotherTACACS-awaredevices)in
thenetworkthroughaswitchsconsoleport(localaccess)or
Telnet(remoteaccess).
AccessSecurityGuide
tcp TransmissionControlProtocol:Atransportprotocolthatruns
onIPandisusedtosetupconnections.
telnet Sessionestablishedontheswitchfromaremotedevice
throughtheTelnetvirtualterminalprotocol.
tftp TrivialFileTransferProtocol:Supportsthedownloadoffilesto
theswitchfromaTFTPnetworkserver.
timep TimeProtocol:Synchronizesandensuresauniformtime
amonginteroperatingdevices.
System
Module
Description
Softwareguide
C-32
Troubleshooting
udld Uni-directionalLinkDetection:Monitorsalinkbetweentwo
switchesandblockstheportsonbothendsofthelinkifthe
linkfailsatanypointbetweenthetwodevices.
AccessSecurityGuide
udpf UDPbroadcastforwarding:Supportstheforwardingofclient
requestssentaslimitedIPbroadcastsaddressedtoaUDP
applicationportonanetworkserver.
update Updates(TFTPorserial)toProCurvesoftwareandupdatesto
running-configandstart-upconfigfiles
usb Auxiliaryportthatallowsyoutoconnectexternaldevicesto
theswitch.
vlan Static802.1QVLANoperations,includingport-andprotocol-
basedconfigurationsthatgroupusersbylogicalfunction
insteadofphysicallocation
Aport-basedVLANcreatesalayer-2broadcastdomain
comprisedofmemberportsthatbridgeIPv4trafficamong
themselves.
Aprotocol-basedVLANcreatesalayer-3broadcast
domainfortrafficofaparticularroutingprotocol,andis
comprisedofmemberportsthatbridgetrafficofthe
specifiedprotocoltypeamongthemselves.
VLANmessagesincludeeventsfromManagementinterfaces
(menu,CLI,webbrowser,ProCurveManager)usedto
reconfiguretheswitchandmonitorswitchstatusand
performance.
wsm WirelessEdgeServicesModule:OperationoftheWireless
ServicesapplicationonaninstalledWirelessEdgeServices
Module.MessagescontaintheslotIDintheformat:wsm
<slot-letter>";forexample,"wsmA:"forslotA.
WirelessEdgeModuleInstallationand
ConfigurationGuide
xmodem Xmodem:Binarytransferfeaturethatsupportsthedownload
ofsoftwarefilesfromaPCorUnixworkstation.
System
Module
Description
Softwareguide
C-33

Troubleshooting
Menu:DisplayingandNavigatingintheEventLog
TodisplaytheEventLogfromtheMainMenu,selectEventLog.FigureC-11
showsasampleeventlogdisplay.
Pr oCur ve Swi t ch 25- Oct - 2007 18: 02: 52
==========================- CONSOLE - MANAGER MODE - ============================
M 10/ 25/ 07 16: 30: 02 sys: ' Oper at or col d r eboot f r omCONSOLE sessi on. '
I 10/ 25/ 07 17: 42: 51 00061 syst em: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
I 10/ 25/ 07 17: 42: 51 00063 syst em: Syst emwent down: 10/ 25/ 07 16: 30: 02
I 10/ 25/ 07 17: 42: 51 00064 syst em: Oper at or col d r eboot f r omCONSOLE sessi on.
I 10/ 25/ 07 17: 42: 51 00690 udpf : DHCP r el ay agent f eat ur e enabl ed
I 10/ 25/ 07 17: 42: 51 00433 ssh: Ssh ser ver enabl ed
I 10/ 25/ 07 17: 42: 52 00400 st ack: St ack Pr ot ocol di sabl ed
I 10/ 25/ 07 17: 42: 52 00128 t f t p: Enabl e succeeded
I 10/ 25/ 07 17: 42: 52 00417 cdp: CDP enabl ed
- - - - Log event s st or ed i n memor y 1- 751. Log event s on scr een 690- 704.
Act i ons- > Back Next page Pr ev page End Hel p
Use up/ down ar r ow t o scr ol l one l i ne, l ef t / r i ght ar r ow keys t o
change act i on sel ect i on, and <Ent er > t o execut e act i on.
FigureC-11.ExampleofanEventLogDisplay
Thelogstatuslinebelowtherecordedentriesstatesthetotalnumberof
eventsstoredintheeventlogandwhichloggedeventsarecurrentlydisplayed.
ToscrolltootherentriesintheEventLog,eitherprecedingorfollowingthe
currentlyvisibleportion,pressthekeysindicatedatthebottomofthedisplay
(Back,Nextpage,Prevpage,orEnd)orthekeysdescribedinTabletableC-1.
TableC-1. EventLogControlKeys
Key Action
[N] Advancesthedisplaybyonepage(nextpage).
[P] Rollsbackthedisplaybyonepage(previouspage).
[v] Advancesdisplaybyoneevent(downoneline).
[^] Rollsbackdisplaybyoneevent(uponeline).
C-34
Troubleshooting
Key Action
[E] Advancestotheendofthelog.
[H] DisplaysHelpfortheEventLog.
CLI:DisplayingtheEventLog
TodisplaymessagesrecordedintheeventlogfromtheCLI,entertheshow
loggingcommand.Keywordsearchesaresupported.
Syntax: showlogging[-a,-r][<search-text>]
Bydefault,theshowloggingcommanddisplaysthelog
messagesrecordedsincethelastrebootinchronological
order.
-a displaysallrecordedlogmessages,includingthose
beforethelastreboot.
-r displaysallrecordedlogmessages,withthemostrecent
entrieslistedfirst.
<search-text>displaysallEventLogentriesthatcontainthe
specifiedtext.Usea<search-text>valuewith-aor-rto
furtherfiltershowloggingcommandoutput.
Examples.TodisplayallEventLogmessagesthathavesysteminthe
messagetextormodulename,enterthefollowingcommand:
Pr oCur ve# show l oggi ng - a syst em
TodisplayallEventLogmessagesrecordedsincethelastrebootthathavethe
word,system,inthemessagetextormodulename,enter:
Pr oCur ve# show l oggi ng syst em
CLI:ClearingEventLogEntries
Usetheclearloggingcommandtohide,butnoterase,EventLogentries
displayedinshowloggingcommandoutput.Onlynewentriesgeneratedafter
youenterthecommandwillbedisplayed.
C-35
Troubleshooting
Toredisplayallhiddenentries,includingEventLogentriesrecordedpriorto
thelastreboot,entertheshowlogging-acommand.
Syntax: clearlogging
Removesallentriesfromtheeventlogdisplayoutput.
CLI:TurningEventNumberingOn
Syntax: [no]log-numbers
Turnseventnumberingonandoff
EventLogandSNMPMessages
ArecurringeventcangenerateaseriesofduplicateEventLogmessagesand
SNMPtrapsinarelativelyshorttime.Asaresult,theEventLogandany
configuredSNMPtrapreceiversmaybefloodedwithexcessive,exactly
identicalmessages.Tohelpreducethisproblem,theswitchuseslogthrottle
periodstoregulate(throttle)duplicatemessagesforrecurringevents,and
maintainsacountertorecordhowmanytimesitdetectsduplicatesofa
particulareventsincethelastsystemreboot.
Whenthefirstinstanceofaparticulareventorconditiongeneratesamessage,
theswitchinitiatesalogthrottleperiodthatappliestoallrecurrencesofthat
event.Iftheloggedeventrecursduringthelogthrottleperiod,theswitch
incrementsthecounterinitiatedbythefirstinstanceoftheevent,butdoes
notgenerateanewmessage.
Iftheloggedeventrepeatsagainafterthelogthrottleperiodexpires,the
switchgeneratesaduplicateofthefirstmessage,incrementsthecounter,and
startsanewlogthrottleperiodduringwhichanyadditionalinstancesofthe
eventarecounted,butnotlogged.Thus,foraparticularrecurringevent,the
switchdisplaysonlyonemessageintheEventLogforeachlogthrottleperiod
inwhichtheeventreoccurs.Also,eachloggedinstanceoftheeventmessage
includescounterdatashowinghowmanytimestheeventhasoccurredsince
thelastreboot.TheswitchmanagesmessagestoSNMPtrapreceiversinthe
sameway.
C-36
Troubleshooting
LogThrottlePeriods
Thelengthofthelogthrottleperioddiffersaccordingtoaneventsseverity
level:
SeverityLevel LogThrottlePeriod
I(Information) 6000Seconds
W(Warning) 600Seconds
D(Debug) 60Seconds
M(Major) 6Seconds
ExampleofLogThrottling
Forexample,supposethatyouconfigureVLAN100ontheswitchtosupport
PIMoperation,butdonotconfigureanIPaddress.IfPIMattemptedtouse
VLAN100,theswitchwouldgeneratethefirstinstanceofthefollowingEvent
Logmessageandcounter.
W10/ 01/ 06 09: 00: 33 PI M:No I P addr ess conf i gur ed on VI D 100 ( 1)
Thecounterindicatesthatthisisthefirstinstance
ofthiseventsincetheswitchlastrebooted.
FigureC-12.ExampleoftheFirstInstanceofanEventMessageandCounter
C-37
Troubleshooting
IfPIMoperationcausedthesameeventtooccursixmoretimesduringthe
initiallogthrottleperiod,therewouldbenofurtherentriesintheEventLog.
However,iftheeventoccurredagainafterthelogthrottleperiodexpired,the
switchwouldrepeatthemessage(withanupdatedcounter)andstartanew
logthrottleperiod.
.
.
.
Thismessageindicatestheoriginalinstance
oftheevent(sincethelastswitchreboot).
Theduplicateoftheoriginalmessageisthefirst
instanceoftheeventsincethepreviouslog
throttleperiodexpired,andindicatesthatanew
logthrottleperiodhasbegunforthisevent..
OriginalCounterfromFirstLogThrottlePeriod
Thecounternowindicatesthatthisisthe
eighthinstanceofthiseventsincethe
switchlastrebooted.
FigureC-13.ExampleofDuplicateMessagesOverMultipleLogThrottlingPeriods
Notethatifthesametypeofeventoccursunderdifferentcircumstances,the
switchhandlestheseasunrelatedeventsforthepurposeofEventLog
messages.Forexample,ifPIMoperationsimultaneouslydetectedthatVLANs
100and205wereconfiguredwithoutIPaddresses,youwouldseelog
messagessimilartothefollowing:
Thesetwomessagesreportseparateeventsinvolving
separatelogthrottleperiodsandseparatecounters.
.
.
.
FigureC-14.ExampleofLogMessagesGeneratedbyUnrelatedEventsoftheSameType
C-38
Troubleshooting
ExampleofEventCounterOperation
Supposetheswitchdetectsthefollowingafterareboot:
ThreeduplicateinstancesofaSenderrorduringthefirstlogthrottle
periodforthisevent
FivemoreinstancesofthesameSenderrorduringthesecondlogthrottle
periodforthisevent
FourinstancesofthesameSenderrorduringthethirdlogthrottleperiod
forthisevent
Inthiscase,theduplicatemessagewouldappearthreetimesintheEventLog
(onceforeachlogthrottleperiodfortheeventbeingdescribed),andthe
DuplicateMessageCounterwouldincrementasshownintableC-2.(Thesame
operationwouldapplyformessagessenttoanyconfiguredSNMPtrap
receivers.)
TableC-2. HowtheDuplicateMessageCounterIncrements
Instances Instances Instances Duplicate
During1stLog During2ndLog During3rdLog Message
ThrottlePeriod ThrottlePeriod ThrottlePeriod Counter*
3 1
5 4
4 9
*Thisvaluealwayscomprisesthefirstinstanceoftheduplicate
messageinthecurrentlogthrottleperiodplusallpreviousoccurrences
oftheduplicatemessageoccurringsincetheswitchlastrebooted.
C-39
Troubleshooting
Debug/SyslogOperation
WhiletheEventLogrecordsswitch-levelprogress,status,andwarning
messagesontheswitch,theDebug/SystemLogging(Syslog)featureprovides
awaytorecordEventLoganddebugmessagesonaremotedevice.For
example,youcansendmessagesaboutroutingmisconfigurationsandother
networkprotocoldetailstoanexternaldevice,andlaterusethemtodebug
network-levelproblems.
Debug/SyslogMessaging
TheDebug/SyslogfeatureallowsyoutospecifythetypesofEventLogand
debugmessagesthatyouwanttosendtoanexternaldevice.Asshownin
FigureC-15,youcanperformthefollowingoperations:
Usethedebugcommandtoconfiguremessagingreportsforthefollowing
eventtypes:
ACLdenymatches
DynamicARPprotectionevents
DHCPsnoopingevents
EventsrecordedintheswitchsEventLog
IProutingevents(IPv4andIPv6)
LLDPevents
SSHevents
WirelessServicesevents
UsetheloggingcommandtoselectasubsetofEventLogmessagestosend
toanexternaldevicefordebuggingpurposesaccordingto:
Severitylevel
Systemmodule
Debug/SyslogDestinationDevices
TouseDebug/Syslogmessaging,youmustconfigureanexternaldeviceasthe
loggingdestinationbyusingthelogginganddebugdestinationcommands.For
moreinformation,seeDebugDestinationsonpageC-51andConfiguringa
SyslogServeronpageC-53.
C-40
Troubleshooting
ADebug/SyslogdestinationdevicecanbeaSyslogserverand/oraconsole
session.Youcanconfiguredebugandloggingmessagestobesentto:
UptosixSyslogservers
ACLIsessionthroughadirectRS-232consoleconnection,oraTelnetor
SSHsession
Debug/SyslogConfigurationCommands
Event
Notification
Logging
Automaticallysendsswitch-leveleventmessagestotheswitchsEventLog.Debugand
Syslogdonotaffectthisoperation,butaddthecapabilityofdirectingEventLog
messagingtoanexternaldevice.
logging
Command
<syslog-ip-addr> EnablesSyslogmessagingtobesenttothespecifiedIPaddress.
facility (Optional)Theloggingfacilitycommandspecifiesthedestination(facility)subsystem
usedonaSyslogserverfordebugreports.
severity SendsEventLogmessagesofequalorgreaterseveritythanthespecifiedvalueto
configureddebugdestinations.(ThedefaultsettingistosendEventLogmessagesfrom
allseveritylevels.)
system-module SendsEventLogmessagesfromthespecifiedsystemmoduletoconfigureddebug
destinations.Theseverityfilterisalsoappliedtothesystem-modulemessagesyouselect.
ThedefaultsettingistosendEventLogmessagesfromallsystemmodules.Torestore
thedefaultsetting,enterthenologgingsystem-module<system-module>orlogging
system-moduleall-passcommands.
debug
Command
acl SendsACLSyslogloggingtoconfigureddebugdestinations.Whenthereisamatchwith
adenystatement,directstheresultingmessagetotheconfigureddebugdestination(s).
all SendsdebugloggingtoconfigureddebugdestinationsforallACL,EventLog,andIP-RIP
options.
arp-protect MonitorandtroubleshootthevalidationofARPpackets
destination logging:Disablesorre-enablesSyslogloggingononeormoreSyslogserversconfigured
withthelogging<syslog-ip-addr>command.SeeDebugDestinationsonpageC-51.
session:Assignsorre-assignsdestinationstatustotheterminaldevicethatwasmost
recentlyusedtorequestdebugoutput.DebugDestinationsonpageC-51.
buffer:EnablesSyslogloggingtosendthedebugmessagetypesspecifiedbythedebug
<debug-type>commandtoabufferinswitchmemory.SeeDebugDestinationson
pageC-51.
windshell:printdebugmessagestowindshell.
dhcp-snooping agent:DisplaysDHCPsnoopingagentmessages.
event:DisplaysDHCPsnoopingeventmessages.
packet:DisplaysDHCPsnoopingpacketmessages.
C-41
Troubleshooting
event SendsstandardEventLogmessagestoconfigureddebugdestinations.(Thesame
messagesarealsosenttotheswitchsEventLog,regardlessofwhetheryouenablethis
option.)
ip forwarding:SendsIPv4forwardingmessagestothedebugdestination(s).
packet:SendsIPv4packetmessagestothedebugdestination(s).
rip:SendsRIPeventloggingtothedebugdestination(s).
ipv6 dhcpv6-client:SendsDHCPv6clientdebugmessagestotheconfigureddebug
destination.
forwarding:SendsIPv6forwardingmessagestothedebugdestination(s)
nd:SendsIPv6debugmessagesforIPv6neighbordiscoverytotheconfigureddebug
destination(s).
packet:SendsIPv6packetmessagestothedebugdestination(s).
lldp SendsLLDPdebugloggingtothedebugdestination(s).
ssh SendsSSHdebugmessagesatthespecifiedleveltothedebugdestination.Thelevels
arefatal,error,info,verbose,debug,debug2,anddebug3.
wireless- Sendswirelessservicemoduledebugmessagestothedebugdestination.
services
FigureC-15.SummaryofDebug/SyslogConfigurationCommands
UsingtheDebug/Syslogfeature,youcanperformthefollowingoperations:
ConfiguretheswitchtosendEventLogmessagestooneormoreSyslog
servers.Inaddition,youcanconfigurethemessagestobesenttotheUser
logfacility(default)ortoanotherlogfacilityonconfiguredSyslogservers.
Not e AsofNovember2008,theloggingfacility<facility-name>option(describedon
pageC-55)issupportedonthefollowingswitchmodels:
8212zlswitch
Series6400clswitches
6200ylSwitch
Series5400zlswitches
Series5300xlswitches
Series4200vlswitches
Series4100glswitches(softwarereleaseG.07.50orgreater)
Series3500ylswitches
Series3400clswitches
Series2910alswitches
Series2900switches
Series2800switches
C-42
Troubleshooting
Series2610switches
Series2600switchesandtheSwitch6108(softwarereleaseH.07.30or
greater)
ForthelatestfeatureinformationonProCurveswitches,visittheProCurve
Networkingwebsiteandcheckthelatestreleasenotesfortheswitchproducts
youuse.
ConfiguretheswitchtosendEventLogmessagestothecurrentmanage-
ment-accesssession(serial-connectCLI,TelnetCLI,orSSH).
DisableallSyslogdebugloggingwhileretainingtheSyslogaddressesfrom
theswitchconfiguration.ThisallowsyoutoconfigureSyslogmessaging
andthendisableandre-enableitasneeded.
Displaythecurrentdebugconfiguration.IfSyslogloggingiscurrently
active,thelistfconfiguredSyslogserversisdisplayed.
DisplaythecurrentSyslogserverlistwhenSyslogloggingisdisabled.
ConfiguringDebug/SyslogOperation
1. TouseaSyslogserverasthedestinationdevicefordebugmessaging,
followthesesteps:
a. Enterthelogging<syslog-ip-addr>commandattheglobalconfigura-
tionleveltoconfiguretheSyslogserverIPaddressandenableSyslog
logging.Optionally,youmayalsospecifythedestinationsubsystem
tobeusedontheSyslogserverbyenteringtheloggingfacility
command.
IfnootherSyslogserverIPaddressesareconfigured,enteringthe
loggingcommandenablesbothdebugmessagingtoaSyslogserver
andtheEventdebugmessagetype.Asaresult,theswitchautomati-
callysendsEventLogmessagestotheSyslogserver,regardlessof
otherdebugtypesthatmaybeconfigured.
b. Re-entertheloggingcommandinStepatoconfigureadditional
Syslogservers.Youcanconfigureuptoatotalofsixservers.(When
multipleserverIPaddressesareconfigured,theswitchsendsthe
debugmessagetypesthatyouconfigureinStep3toallIPaddresses.)
2. TouseaCLIsessiononadestinationdevicefordebugmessaging:
a. Setupaserial,Telnet,orSSHconnectiontoaccesstheswitchsCLI.
b. Enterthedebugdestinationsessioncommandatthemanagerlevel.
3. EnablethetypesofdebugmessagestobesenttoconfiguredSyslog
serversand/orthecurrentsessiondevicebyenteringthedebug<debug-
type>command:
C-43
Troubleshooting
Pr oCur ve# debug <acl | al l | ar p- pr ot ect | event | i p
[ bgp| f or war di ng| packet | r i p| r out emap] | i pv6| l l dp>
Repeatthisstepifnecessarytoenablemultipledebugmessagetypes.
Bydefault,EventLogmessagesaresenttoconfigureddebugdestination
devices.ToblockEventLogmessagesfrombeingsent,enterthenodebug
eventcommand.
4. Ifnecessary,enableasubsetofEventLogmessagestobesenttoconfig-
uredSyslogserversbyspecifyingaseverityleveland/orsystemmodule
usingthefollowingcommands
Pr oCur ve( conf i g) # l oggi ng sever i t y <debug|major|error|warning|info>
Pr oCur ve( conf i g) # l oggi ng syst emmodul e <system-module>
Todisplayalistofvalidvaluesforeachcommand,enterloggingseverity
orloggingsystem-modulefollowedby?orpressingtheTabkey.
Theseveritylevelsinorderfromthehighesttolowestseverityare:major,
error,warning,info,debug.Foralistofvalidvaluesfortheloggingsystem-
module<system-module>command,refertoTableC-1onpageC-27.
5. Ifyouconfiguresystem-moduleand/orseverity-levelvaluestofilterEvent
Logmessages,whenyoufinishtroubleshooting,youmaywanttoreset
thesevaluestotheirdefaultsettingssothattheswitchsendsallEventLog
messagestoconfigureddebugdestinations(Syslogserversand/orCLI
session).
Toremoveaconfiguredsettingandrestorethedefaultvaluesthatsend
allEventLogmessages,enteroneorbothofthefollowingcommands:
Pr oCur ve( conf i g) #no l oggi ng sever i t y <debug|major|error|warning|info>
Pr oCur ve( conf i g) # no l oggi ng syst emmodul e <system-module>
Ca u t i o n Ifyouconfigureaseverity-level,system-module,loggingdestination,or
loggingfacilityvalueandsavethesettingstothestartupconfiguration(for
example,byenteringthewritememorycommand),thedebugsettingsare
savedafterasystemreboot(powercycleorreboot)andre-activatedonthe
switch.Asaresult,afterswitchstartup,oneofthefollowingsituationsmay
occur:
OnlyapartialsetofEventLogmessagesmaybesenttoconfigureddebug
destinations.
MessagesmaybesenttoapreviouslyconfiguredSyslogserverusedinan
earlierdebuggingsession.
C-44
Troubleshooting
DisplayingaDebug/SyslogConfiguration
Usetheshowdebugcommandtodisplaythecurrentlyconfiguredsettingsfor:
DebugmessagetypesandEventLogmessagefilters(severityleveland
systemmodule)senttodebugdestinations
Debugdestinations(SyslogserversorCLIsession)andSyslogserver
facilitytobeused
Syntax: showdebug
Displaysthecurrentlyconfigureddebugloggingdestinations
andmessagetypesselectedfordebuggingpurposes.(Ifno
Syslogserveraddressisconfiguredwiththelogging<syslog-ip-
addr>command,noshowdebugcommandoutputisdisplayed.)
Pr oCur ve( conf i g) # show debug
Debug Loggi ng
Dest i nat i on:
Loggi ng - -
10. 28. 38. 164
Faci l i t y=ker n
Sever i t y=war ni ng
Syst emmodul e=al l - pass
Enabl ed debug t ypes:
event
FigureC-16.SampleOutputofshowdebugCommand
Example:Inthefollowingexample,noSyslogserversareconfiguredonthe
switch(defaultsetting).WhenyouconfigureaSyslogserver,debugloggingis
enabledtosendEventLogmessagestotheserver.TolimittheEventLog
C-45
Troubleshooting
messagessenttotheSyslogserver,specifyasetofmessagesbyenteringthe
loggingseverityandloggingsystem-modulecommands.
Debug Loggi ng
Dest i nat i on: None
None ar e enabl ed
Pr oCur ve( conf i g) # l oggi ng 10. 28. 38. 164
Debug Loggi ng
Dest i nat i on:
Loggi ng - -
10. 28. 38. 164
Faci l i t y=user
Sever i t y=debug
event
Pr oCur ve( conf i g) # l oggi ng sever i t y er r or
Pr oCur ve( conf i g) # l oggi ng syst emmodul e i pl ock
Displaysthedefaultdebug
configuration.(NoSyslogserverIP
addressesordebugtypesare
configured.)
WhenyouconfigureaSyslogIP
addresswiththelogging
command,bydefault,theswitch
enablesdebugmessagingtothe
Syslogaddressandtheuser
facilityontheSyslogserver,and
sendsEventLogmessagesofall
severitylevelsfromallsystem
modules.
Youcanentertheloggingseverity
andloggingsystem-module
commandstospecifyasubsetof
EventLogmessagestosendtothe
Syslogserver.
FigureC-17.SyslogConfigurationtoReceiveEventLogMessagesFromSpecified
SystemModuleandSeverityLevels
AsshownatthetopofFigureC-17,ifyouentertheshowdebugcommandwhen
noSyslogserverIPaddressisconfigured,theconfigurationsettingsforSyslog
serverfacility,EventLogseveritylevelandsystemmodulearenotdisplayed.
However,afteryouconfigureaSyslogserveraddressandenableSyslog
logging,alldebugandloggingsettingsaredisplayedwiththeshowdebug
command.IfyoudonotwantEventLogmessagessenttoSyslogservers,you
canblockthemessagesfrombeingsentbyenteringthenodebugevent
command.(Thereisnoeffectonthenormalloggingofmessagesinthe
switchsEventLog.)
C-46
Troubleshooting
Example. Thenextexampleshowshowtoconfigure:
DebugloggingofACLpacketmessagesonaSyslogserverat18.38.64.164
(withuserasthedefaultloggingfacility).
DisplayofthesemessagesintheCLIsessionofyourterminaldevices
managementaccesstotheswitch.
BlockingEventLogmessagesfrombeingsentfromtheswitchtothe
SyslogserverandaCLIsession.
ToconfigureSyslogoperationinthesewayswiththeDebug/Syslogfeature
disabledontheswitch,youwouldenterthecommandsshowninFigureC-18.
C-47
Troubleshooting
Pr oCur ve# conf i g
Pr oCur ve( conf i g) # l oggi ng 10. 38. 64. 164
Debug Loggi ng
Dest i nat i on:
Loggi ng - -
10. 38. 64. 164
Faci l i t y=user
Sever i t y=debug
event
Pr oCur ve( conf i g) # no debug event
Pr oCur ve( conf i g) # debug acl
Pr oCur ve( conf i g) # debug dest i nat i on sessi on
Debug Loggi ng
Dest i nat i on:
Loggi ng - -
10. 38. 64. 164
Faci l i t y=user
Sever i t y=debug
Sessi on
acl l og
ConfigureaSyslogserverIPaddress.
(NootherSyslogserversare
configuredontheswitch.)Theserver
addressservesasanactivedebug
destinationforanyconfigureddebug
types.)
Displaythenewdebugconfiguration.
(Defaultdebugsettings-facility,
severity,systemmodule,anddebug
types-aredisplayed.)
Removetheunwantedevent
messageloggingtodebug
destinations.
Configurethedebugmessagestypes
thatyouwanttosendtotheSyslog
serverandCLIsession.
ConfiguretheCLIsessionasadebug
destination.
DisplaythefinaldebugandSyslog
serverconfiguration.
FigureC-18.Debug/SyslogConfigurationforMultipleDebugTypesandMultiple
Destinations
C-48
Troubleshooting
DebugCommand
Atthemanagerlevel,usethedebugcommandtoperformtwomainfunctions:
Specifiesthetypesofeventmessagestobesenttoanexternaldestination.
Specifiesthedestinationstowhichselectedmessagetypesaresent.
Bydefault,nodebugdestinationisenabledandonlyEventLogmessagesare
enabledtobesent.
Not e ToconfigureaSyslogserver,usethelogging<syslog-ip-addr>command.For
moreinformation,seeConfiguringaSyslogServeronpageC-53.
DebugMessages
Usethedebugcommandtoconfigurethetypesofdebugmessagesthatthe
switchcansendtoconfigureddebugdestinations.
Syntax: [no]debug<debug-type>
acl
WhenamatchoccursonanACLdenyAccessControl
Entry(withlogconfigured),theswitchsendsanACL
messagetoconfigureddebugdestinations.Formoreinfor-
mation,refertotheAccessControlListschapterinthe
AdvancedTrafficManagementGuide.(Default:Disabled-
ACLmessagesfortrafficthatmatchesdenyentriesare
notsent.)
all
Configurestheswitchtosendalldebugmessagetypes(ACL,
EventLog,IPRIP,andLLDP)toconfigureddebugdestina-
tion(s).(Default:Disabled-Nodebugmessagesaresent.)
event
ConfigurestheswitchtosendEventLogmessagestoconfig-
ureddebugdestinations.
Note: Thisvaluedoesnotaffectthereceptionofevent
notificationmessagesintheEventLogontheswitch.
C-49
Troubleshooting
Syntax: [no]debug<debug-type>(Continued)
event
EventLogmessagesareautomaticallyenabledtobesentto
debugdestinationsintheseconditions:
IfnoSyslogserveraddressisconfiguredandyouenter
thelogging<syslog-ip-addr>commandtoconfigurea
destinationaddress.
IfatleastoneSyslogserveraddressisconfiguredinthe
startupconfigurationandtheswitchisrebootedorreset.
Eventlogmessagesarethedefaulttypeofdebugmessage
senttoconfigureddebugdestinations.
ip[rip<database|event|trigger>]
rip<database|event|trigger> EnablesthespecifiedRIP
messagetypefortheconfigureddestination(s).
databaseDisplaydatabasechanges.
eventDisplayRIPevents.
triggerDisplaytriggermessages.
ip[fib]
fib:DisplaysIPForwardingInformationBasedebug
messages.
lldp
EnablesallLLDPmessagetypesfortheconfigureddestina-
tions.
C-50
Troubleshooting
DebugDestinations
Usethedebugdestinationcommandtoenable(anddisable)Syslogmessaging
onaSyslogserverortoaCLIsessionforspecifiedtypesofdebugandEvent
Logmessages.
Syntax: [no]debugdestination<logging|session|buffer>
logging
EnablesSyslogloggingtoconfiguredSyslogserverssothat
thedebugmessagetypesspecifiedbythedebug<debug-type>
command(seeDebugMessagesonpageC-49)aresent.
(Default:Loggingdisabled)
ToconfigureaSyslogserverIPaddress,refertoConfig-
uringaSyslogServeronpageC-53.
Note: Debugmessagesfromtheswitchescoveredinthis
guidehaveadebugseveritylevel.Becausethedefault
configurationofsomeSyslogserversignoreSyslog
messageswiththedebugseveritylevel,ensurethatthe
Syslogserversyouwanttousetoreceivedebugmessages
areconfiguredtoacceptthedebuglevel.Formoreinforma-
tion,refertoOperatingNotesforDebugandSyslogon
pageC-57.
session
Enablestransmissionofeventnotificationmessagestothe
CLIsessionthatmostrecentlyexecutedthiscommand.The
sessioncanbeonanyoneterminalemulationdevicewith
serial,Telnet,orSSHaccesstotheCLIattheManagerlevel
prompt(ProCurve#_ ).Ifmorethanoneterminaldevicehas
aconsolesessionwiththeCLI,youcanredirectthedesti-
nationfromthecurrentdevicetoanotherdevice.Dosoby
executingdebugdestinationsessionintheCLIonthe
terminaldeviceonwhichyounowwanttodisplayevent
messages.
EventmessagetypesreceivedontheselectedCLIsessionare
configuredwiththedebug<debug-type>command.(Refer
toDebugMessagesonpageC-49.)
buffer
EnablesSyslogloggingtosendthedebugmessagetypes
specifiedbythedebug<debug-type>commandtoabuffer
inswitchmemory.Toviewthedebugmessagesstoredin
theswitchbuffer,entertheshowdebugbuffercommand.
C-51
Troubleshooting
LoggingCommand
Attheglobalconfigurationlevel,theloggingcommandallowsyoutoenable
debugloggingonspecifiedSyslogserversandselectasubsetofEventLog
messagestosendfordebuggingpurposesaccordingto:
Severitylevel
Systemmodule
Byspecifyingbothaseveritylevelandsystemmodule,youcanuseboth
configuredsettingstofiltertheEventLogmessagesyouwanttouseto
troubleshootswitchornetworkerrorconditions.
Ca u t i o n AfteryouconfigureaSyslogserverandaseverityleveland/orsystemmodule
tofiltertheEventLogmessagesthataresent,ifyousavethesesettingstothe
startupconfigurationfilebyenteringthewritememorycommand,thesedebug
andloggingsettingsareautomaticallyre-activatedafteraswitchrebootor
powerrecycle.Thedebugsettingsanddestinationsconfiguredinyour
previoustroubleshootingsessionwillthenbeappliedtothecurrentsession,
whichmaynotbedesirable.
Afterareboot,messagesremainintheEventLogandarenotdeleted.
However,afterapowerrecycle,allEventLogmessagesaredeleted.
Ifyouconfigureaseverityleveland/orsystemmoduletotemporarilyfilter
EventLogmessages,besuretoresetthevaluestotheirdefaultsettingsby
enteringthenoformofthefollowingcommandstoensurethatEventLog
messagesofallseveritylevelsandfromallsystemmodulesaresentto
configuredSyslogservers:
Pr oCur ve( conf i g) #no l oggi ng sever i t y <debug|major|error|warning|info>
Pr oCur ve( conf i g) # no l oggi ng syst emmodul e <system-module>
C-52
Troubleshooting
ConfiguringaSyslogServer
Syslogisaclient-serverloggingtoolthatallowsaclientswitchtosendevent
notificationmessagestoanetworkeddeviceoperatingwithSyslogserver
software.MessagessenttoaSyslogservercanbestoredtoafileforlater
debugginganalysis.
TousetheSyslogfeature,youmustinstallandconfigureaSyslogserver
applicationonanetworkedhostaccessibletotheswitch.Refertothedocu-
mentationfortheSyslogserverapplicationforinstructions.
ToconfigureaSyslogserver,usethelogging<syslog-ip-addr>commandas
describedbelow.
WhenyouconfigureaSyslogserver,EventLogmessagesareautomatically
enabledtobesenttotheserver.Toreconfigurethissetting,usethefollowing
commands:
Usedebugcommandtospecifyadditionaldebugmessagetypes(see
DebugMessagesonpageC-49).
Usetheloggingcommandtoconfigurethesystemmoduleorseveritylevel
usedtofiltertheEventLogmessagessenttoconfiguredSyslogservers
(seeConfiguringtheSeverityLevelforEventLogMessagesSenttoa
SyslogServeronpageC-56andConfiguringtheSystemModuleUsedto
SelecttheEventLogMessagesSenttoaSyslogServeronpageC-57).
TodisplaythecurrentlyconfiguredSyslogserversaswellasthetypesofdebug
messagesandtheseverity-levelandsystem-modulefiltersusedtospecifythe
EventLogmessagesthataresent,entertheshowdebugcommand(see
DisplayingaDebug/SyslogConfigurationonpageC-45).
C-53
Troubleshooting
Syntax: [no]logging<syslog-ip-addr>
EnablesordisablesSyslogmessagingtothespecifiedIP
address.Youcanconfigureuptosixaddresses.Ifyou
configureanaddresswhennonearealreadyconfigured,this
commandenablesdestinationlogging(Syslog)andtheEvent
debugtype.Therefore,ataminimum,theswitchbegins
sendingEventLogmessagestoconfiguredSyslogservers.The
ACLand/orIP-RIPmessagetypeswillalsobesenttotheSyslog
server(s)iftheyarecurrentlyenabledasdebugtypes.(Refer
toDebugMessagesonpageC-49.)
nologgingremovesallcurrentlyconfiguredSysloglogging
destinationsfromtherunningconfiguration.
nologging<syslog-ip-address>removesonlythespecifiedSyslog
loggingdestinationfromtherunningconfiguration.
Ifyouusethenoformofthecommandtodeletetheonly
remainingSyslogserveraddress,debugdestinationloggingis
disabledontheswitch,butthedefaultEventdebugtypeisnot
changed.
Also,removingallconfiguredSyslogdestinationswiththeno
loggingcommand(oraspecifiedSyslogserverdestinationwith
thenologging<syslog-ip-address>command)doesnotdeletethe
SyslogserverIPaddressesstoredinthestartupconfiguration.
TodeleteSyslogaddressesinthestartupconfiguration,you
mustenteranologgingcommandfollowedbythewritememory
command.ToverifythedeletionofaSyslogserveraddress,
displaythestartupconfigurationbyenteringtheshowconfig
command.
ToblockthemessagessenttoconfiguredSyslogserversfrom
thecurrentlyconfigureddebugmessagetype,enterthenodebug
<debug-type>command.(SeeDebugMessagesonpageC-49.)
TodisableSyslogloggingontheswitchwithoutdeletingconfig-
uredserveraddresses,enterthenodebugdestinationlogging
command.Notethat,unlikethecaseinwhichnoSyslogservers
areconfigured,ifoneormoreSyslogserversarealready
configuredandSyslogmessagingisdisabled,configuringa
newserveraddressdoesnotre-enableSyslogmessaging.Tore-
enableSyslogmessaging,youmustenterthedebugdestination
loggingcommand.
C-54
Troubleshooting
Syntax: [no]loggingfacility<facility-name>
Theloggingfacilityspecifiesthedestinationsubsystemused
inaconfiguredSyslogserver.(AllconfiguredSyslogservers
mustusethesamesubsystem.)ProCurverecommendsthe
default(user)subsystemunlessyourapplicationspecifically
requiresanothersubsystem.Optionsinclude:
user(default)Randomuser-levelmessages
kernKernelmessages
mailMailsystem
daemonSystemdaemons
authSecurity/Authorizationmessages
syslogMessagesgeneratedinternallybySyslog
lprLine-Printersubsystem
newsNetnewssubsystem
uucpuucpsubsystem
croncron/atsubsystem
sys9cron/atsubsystem
sys10-sys14Reservedforsystemuse
local10-local17Reservedforsystemuse
Usethenoformofthecommandtoremovetheconfigured
facilityandreconfigurethedefault(user)value.
ForalistofsupportedProCurveswitches,refertotheNoteon
pageC-42.
C-55
Troubleshooting
MessagesSenttoaSyslogServer
EventLogmessagesareenteredwithoneofthefollowingseveritylevels(from
highesttolowest):
Major:Afatalerrorconditionhasoccurredontheswitch.
Error:Anerrorconditionhasoccurredontheswitch.
Warning:Aswitchservicehasbehavedunexpectedly.
Information:Informationonanormalswitchevent.
Debug:ReservedforProCurveinternaldiagnosticinformation.
Usingtheloggingseveritycommand,youcanselectasetofEventLog
messagesaccordingtotheirseveritylevelandsendthemtoaSyslogserver.
Messagesoftheselectedandhigherseveritywillbesent.ToconfigureaSyslog
server,seeConfiguringaSyslogServeronpageC-53.
Syntax: [no]loggingseverity<major|errorlwarning|info|debug>
ConfigurestheswitchtosendallEventLogmessageswith
aseveritylevelequaltoorhigherthanthespecifiedvalue
toallconfiguredSyslogservers.
Default:debug(Reportsmessagesofallseveritylevels.)
severitylevelandreconfigurethedefaultvalue,whichsends
EventLogmessagesofallseveritylevelstoSyslogservers.
Note:Theseveritysettingdoesnotaffecteventnotification
messagesthattheswitchnormallysendstotheEventLog.
AllmessagesremainrecordedintheEventLog.
C-56
Troubleshooting
MessagesSenttoaSyslogServer
EventLogmessagescontainthenameofthesystemmodulethatreportedthe
event.Usingtheloggingsystem-modulecommand,youcanselectasetofEvent
Logmessagesaccordingtotheoriginatingsystemmoduleandsendthemtoa
Syslogserver.ToconfigureaSyslogserver,seeConfiguringaSyslogServer
onpageC-53.
Usingtheloggingsystem-modulecommand,youcanselectmessagesfromonly
onesystemmoduletobesenttoaSyslogserver.Youcannotconfigure
messagesfrommultiplesystemmodulestobesent.Ifyoure-enterthe
commandwithadifferentsystemmodulename,thecurrentlyconfigured
valueisreplacedwiththenewone.
Syntax: [no]loggingsystem-module<system-module>
ConfigurestheswitchtosendallEventLogmessagesbeing
loggedfromthespecifiedsystemmoduletoconfigured
Syslogservers.
RefertoTableC-1onpageC-27forthecorrectvaluetoenter
foreachsystemmodule.
Default:all-pass(ReportsallEventLogmessages.)
systemmodulevalueandreconfigurethedefaultvalue,
whichsendsEventLogmessagesfromallsystemmodules
toSyslogservers.
Note:Thissettinghasnoeffectoneventnotification
messagesthattheswitchnormallysendstotheEventLog.
OperatingNotesforDebugandSyslog
RebootingtheSwitchorpressingtheResetbuttonresetsthe
DebugConfiguration.
DebugOption EffectofaRebootorReset
logging(debugdestination) IfSyslogserverIPaddressesarestoredinthestartup-config
file,theyaresavedacrossarebootandthelogging
destinationoptionremainsenabled.Otherwise,thelogging
destinationisdisabled.
session(debugdestination) Disabled.
ACL(debugtype) Disabled.
All(debugtype) Disabled.
C-57
Troubleshooting
DebugOption EffectofaRebootorReset
event(debugtype) IfaSyslogserverIPaddressisconfiguredinthestartup-
configfile,thesendingofEventLogmessagesisresetto
enabled,regardlessofthelastactivesetting.
IfnoSyslogserverisconfigured,thesendingofEventLog
messagesisdisabled.
IP(debugtype) Disabled.
Debugcommandsdonotaffectnormalmessageoutputtothe
EventLog.
Usingthedebugeventcommand,youcanspecifythatEventLogmessages
aresenttothedebugdestinationsyouconfigure(CLIsessionand/or
Syslogservers)inadditiontotheEventLog.
EnsurethatyourSyslogserversacceptDebugmessages.
AllSyslogmessagesresultingfromadebugoperationhaveadebug
severitylevel.Ifyouconfiguretheswitchtosenddebugmessagestoa
Syslogserver,ensurethattheserversSyslogapplicationisconfiguredto
acceptthedebugseveritylevel.(Thedefaultconfigurationforsome
Syslogapplicationsignoresthedebugseveritylevel.)
DuplicateIPaddressesarenotstoredinthelistofsyslogservers.
Ifthedefaultseverityvalueisineffect,allmessagesthathaveseverities
greaterthanthedefaultvaluearepassedtosyslog.Forexample,ifthe
defaultseverityisdebug,allmessagesthathaveseveritiesgreaterthan
debugarepassedtosyslog.
Thereisalimitofsixsyslogservers.Allsyslogserversaresentthesame
messagesusingthesamefilterparameters.Anerrorisgeneratedforan
attempttoaddmorethansixsyslogservers.
C-58
Troubleshooting
DiagnosticTools
DiagnosticTools
DiagnosticFeatures
PortAutonegotiation n/a
Pingtest n/a pageC-62 pageC-61
Linktest n/a pageC-62 pageC-61
Tracerouteoperation n/a pageC-64 n/a
Viewswitchconfigurationfiles n/a pageC-68 pageC-68
Viewswitch(showtech) n/a pageC-68
operation
Viewcrashinformationand n/a pageC-75
commandhistory
Viewsysteminformationand n/a pageC-75
softwareversion
Usefulcommandsina n/a pageC-79
troubleshootingsession
Resettingfactory-default pageC-85 pageC-84
configuration (Buttons)
Restoringaflashimage n/a pageC-85
PortStatus n/a pageB-10 pageB-10 pageB-10
C-59
Troubleshooting
DiagnosticTools
PortAuto-Negotiation
WhenalinkLEDdoesnotlight(indicatinglossoflinkbetweentwodevices),
themostcommonreasonisafailureofportauto-negotiationbetweenthe
connectingports.IfalinkLEDfailstolightwhenyouconnecttheswitchtoa
portonanotherdevice,dothefollowing:
1. Ensurethattheswitchportandtheportontheattachedend-nodeare
bothsettoAutomode.
2. Iftheattachedend-nodedoesnothaveanAutomodesetting,thenyou
mustmanuallyconfiguretheswitchporttothesamesettingastheend-
nodeport.RefertoChapter10,PortStatusandConfiguration.
PingandLinkTests
ThePingtestandtheLinktestarepoint-to-pointtestsbetweenyourswitch
andanotherIEEE802.3-compliantdeviceonyournetwork.Thesetestscan
tellyouwhethertheswitchiscommunicatingproperlywithanotherdevice.
Not e TorespondtoaPingtestoraLinktest,thedeviceyouaretryingtoreachmust
beIEEE802.3-compliant.
PingTest.Thisisatestofthepathbetweentheswitchandanotherdevice
onthesameoranotherIPnetworkthatcanrespondtoIPpackets(ICMPEcho
Requests).Tousetheping(ortraceroute)commandwithhostnamesorfully
qualifieddomainnames,refertoDNSResolveronpageC-88.
LinkTest.Thisisatestoftheconnectionbetweentheswitchandadesig-
natednetworkdeviceonthesameLAN(orVLAN,ifconfigured).Duringthe
linktest,IEEE802.2testpacketsaresenttothedesignatednetworkdevice
inthesameVLANorbroadcastdomain.Theremotedevicemustbeableto
respondwithan802.2TestResponsePacket.
C-60
Troubleshooting
DiagnosticTools
Web:ExecutingPingorLinkTests
FigureC-19.LinkandPingTestScreenontheWebBrowserInterface
4.ForaPingtest,enter
theIPaddressofthe
targetdevice.Fora
Linktest,enterthe
MACaddressofthe
target device.
3.SelectPingTest(the
default)orLinkTest
5.Selectthenumberoftries
(packets)andthetimeoutfor
eachtryfromthedrop-down
menus.
6.ClickonStarttobeginthetest.
2.Clickhere.
1.Clickhere.
SuccessesindicatesthenumberofPingorLinkpacketsthatsuccessfully
completedthemostrecenttest.
FailuresindicatesthenumberofPingorLinkpacketsthatwereunsuccessful
inthelasttest.Failuresindicateconnectivityornetworkperformanceprob-
lems(suchasoverloadedlinksordevices).
DestinationIP/MACAddressisthenetworkaddressofthetarget,ordestination,
devicetowhichyouwanttotestaconnectionwiththeswitch.AnIPaddress
isintheX.X.X.XformatwhereXisadecimalnumberbetween0and255.A
MACaddressismadeupof12hexadecimaldigits,forexample,0060b0-080400.
C-61
Troubleshooting
DiagnosticTools
NumberofPacketstoSendisthenumberoftimesyouwanttheswitchto
attempttotestaconnection.
TimeoutinSecondsisthenumberofsecondstoallowperattempttotesta
connectionbeforedeterminingthatthecurrentattempthasfailed.
TohaltaLinkorPingtestbeforeitconcludes,clickontheStopbutton.
Toresetthescreentoitsdefaultsettings,clickontheDefaultsbutton.
CLI:PingTest
ThePing(PacketInterNetGroper)testusesInternetControlMessage
Protocol(ICMP)echorequestsandICMPechorepliestodetermineifanother
deviceisalive.Italsomeasurestheamountoftimeittakestoreceiveareply
fromthespecifieddestination.ThePingcommandhasseveralextended
commandsthatallowadvancedcheckingofdestinationavailability.
Syntax: ping<ip-address|hostname|switch-num>[repetitions<1-10000>]
[timeout<1-60>][source<ip-address>|<vlan-id>][data-size<0-65471>]
[data-fill<0-1024>]
ping6<ip-address|hostname|switch-num>[repetitions<1-10000>]
[timeout<1-60>][source<ip-address>|<vlan-id>][data-size<0-65471>]
[data-fill<0-1024>]
SendsICMPechorequeststodetermineifanotherdeviceisalive.
Note:Forinformationaboutping6,seetheIPv6Configuration
Guideforyourswitch.
<ip-address|hostname>
TargetIPaddressorhostnameofthedestinationnodebeing
pinged.
repetitions<1-10000>
Numberofpingpacketssenttothedestinationaddress.
Default:1
timeout<1-60>
Timeoutintervalinseconds;theECHOREPLYmustbe
receivedbeforethistimeintervalexpiresforthePingtobe
successful.
Default:5
C-62
Troubleshooting
DiagnosticTools
source<ip-addr|hostname>
SourceIPaddressorhostname.ThesourceIPaddressmust
beownedbytherouter.IfaVLANisspecified,theIPaddress
associatedwiththespecifiedVLANisused.
data-size<0-65471>
Sizeofpacketsent.Default:0(zero)
data-fill<0-1024>
Thedatapatterninthepacket.Default:Zerolengthstring
Pingwith
Repetitions
andTimeout
BasicPing
Operation
PingFailure
Pingwith
Repetitions
FigureC-20.ExamplesofPingTests
Tohaltapingtestbeforeitconcludes,press[Ctrl] [C].
Not e Tousetheping(ortraceroute)commandwithhostnamesorfullyqualified
domainnames,refertoDNSResolveronpageC-88.
LinkTests
Youcanissuesingleormultiplelinktestswithvaryingrepetitionsandtimeout
periods.Thedefaultsare:
Repetitions:1(1-999)
Timeout:5seconds(1-256seconds)
Syntax: link<mac-address>[repetitions<1-999>][timeout<1-256>]
[vlan<vlan-id>]
C-63
Troubleshooting
DiagnosticTools
BasicLinkTest
LinkTestwith
Repetitions
LinkTestwith
Repetitionsand
Timeout
LinkTestOvera
SpecificVLAN
LinkTestOvera
SpecificVLAN;
TestFail
FigureC-21.ExampleofLinkTests
TracerouteCommand
Thetraceroutecommandenablesyoutotracetheroutefromtheswitchtoa
hostaddress.
Thiscommandoutputsinformationforeach(router)hopbetweentheswitch
andthedestinationaddress.Notethateverytimeyouexecutetraceroute,it
usesthesamedefaultsettingsunlessyouspecifyotherwiseforthatinstance
ofthecommand.
Syntax: traceroute<ip-address|hostname>
traceroute6<ip-address|hostname>
ListstheIPaddressorhostnameofeachhopintheroute,
plusthetimeinmicrosecondsforthetraceroutepacketreply
totheswitchforeachhop.
Tohaltanongoingtraceroutesearch,pressthe[Ctrl] [C]keys.
Note:Forinformationabouttraceroute6,seetheIPv6
ConfigurationGuideforyourswitch.
C-64
Troubleshooting
DiagnosticTools
<ip-address|hostname>
TheIPaddressorhostnameofthedevicetowhichtosendthe
traceroute.
[minttl<1-255>]
Forthecurrentinstanceoftraceroute,changestheminimum
numberofhopsallowedforeachprobepacketsentalongthe
route.Ifminttlisgreaterthantheactualnumberofhops,then
theoutputincludesonlythehopsatandabovetheminttl
threshold.(Thehopsbelowthethresholdarenotlisted.)If
minttlmatchestheactualnumberofhops,onlythathopis
shownintheoutput.Ifminttlislessthantheactualnumber
ofhops,thenallhopsarelisted.Foranyinstanceof
traceroute,ifyouwantaminttlvalueotherthanthedefault,
youmustspecifythatvalue.(Default:1)
[maxttl<1-255>]
Forthecurrentinstanceoftraceroute,changesthemaximum
numberofhopsallowedforeachprobepacketsentalongthe
route.Ifthedestinationaddressisfurtherfromtheswitch
thanmaxttlallows,thentracerouteliststheIPaddressesfor
allhopsitdetectsuptothemaxttllimit.Foranyinstanceof
traceroute,ifyouwantamaxttlvalueotherthanthedefault,
youmustspecifythatvalue.(Default:30)
[timeout<1-120>]
Forthecurrentinstanceoftraceroute,changesthetimeout
periodtheswitchwaitsforeachprobeofahopintheroute.
Foranyinstanceoftraceroute,ifyouwantatimeoutvalue
otherthanthedefault,youmustspecifythatvalue.(Default:
5seconds)
[probes<1-5>]
Forthecurrentinstanceoftraceroute,changesthenumberof
queriestheswitchsendsforeachhopintheroute.Forany
instanceoftraceroute,ifyouwantaprobesvalueotherthan
thedefault,youmustspecifythatvalue.(Default:3)
[source<ip-addr|vlan-id>]
ThesourceIPaddressorVLAN.ThesourceIPaddressmust
beownedbytherouter.IfaVLANisspecified,theIPaddress
associatedwiththespecifiedVLANisused
ALowMaxttlCausesTracerouteToHaltBeforeReachingthe
DestinationAddress.Forexample,executingtraceroutewithitsdefault
valuesforadestinationIPaddressthatisfourhopsawayproducesaresult
similartothis:
C-65
Troubleshooting
DiagnosticTools
Intermediaterouterhops
withthetimetakenforthe
switchtoreceive
acknowledgementof
eachprobereachingeach
router.
DestinationIPAddress
FigureC-22.ExampleofaCompletedTracerouteEnquiry
Continuingfromthepreviousexample(FigureC-22,above),executing
traceroutewithaninsufficientmaxttlfortheactualhopcountproducesan
outputsimilartothis:
Traceroutedoesnotreach
destinationIPaddress
becauseoflowmaxttl
setting.
Theasteriskindicatestherewasa
timeoutonthesecondprobetothethird
hop.
FigureC-23.ExampleofIncompleteTracerouteDuetoLowMaxttlSetting
C-66
Troubleshooting
DiagnosticTools
IfANetworkConditionPreventsTraceroutefromReachingthe
Destination.CommonreasonsforTraceroutefailingtoreachadestination
include:
Timeouts(indicatedbyoneasteriskperprobe,perhop;refertoFigure
C-23,above.)
Unreachablehosts
Unreachablenetworks
Interferencefromfirewalls
Hostsconfiguredtoavoidresponding
Executingtraceroutewheretheroutebecomesblockedorotherwisefails
resultsinanoutputmarkedbytimeoutsforallprobesbeyondthelastdetected
hop.Forexamplewithamaximumhopcountof7(maxttl=7),wheretheroute
becomesblockedorotherwisefails,theoutputappearssimilartothis:
Athop3,thefirstand
thirdprobestimedout
butthesecondprobe
reachedtherouter.
Allfurtherprobes
withinthemaxttl
timed-outwithout
findingarouterorthe
destinationIP
address.
Anasteriskindicatesatimeout
withoutfindingthenexthop.
FigureC-24.ExampleofTracerouteFailingtoReachtheDestinationAddress
C-67
Troubleshooting
ViewingSwitchConfigurationandOperation
ViewingSwitchConfigurationand
Operation
Insometroubleshootingscenarios,youmayneedtoviewtheswitchconfig-
urationtodiagnoseaproblem.Thecompleteswitchconfigurationiscon-
tainedinafilethatyoucanbrowsefromeitherthewebbrowserinterfaceor
theCLIusingthecommandsdescribedinthissection.
CLI:ViewingtheStartuporRunningConfigurationFile
UsingtheCLI,youcandisplayeithertherunningorthestartupconfiguration.
Formoreinformationandexamplesofhowtousethesecommands,referto
Chapter6,SwitchMemoryandConfiguration.)
Syntax: writeterminal
Displaystherunningconfiguration.
showconfig
Displaysthestartupconfiguration.
showrunning-config
Displaystherunning-configfile.
Web:ViewingtheConfigurationFile
Todisplaytherunningconfiguration,throughthewebbrowserinterface:
1. ClickontheDiagnosticstab.
2. Clickon[ConfigurationReport]
3. Usetheright-sidescrollbartoscrollthroughtheconfigurationlisting.
CLI:ViewingaSummaryofSwitchOperationalData
Syntax: showtech
Bydefault,theshowtechcommanddisplaysasingleoutputofswitchoperat-
ingandrunning-configurationdatafromseveralinternalswitchsources,
including:
C-68

Troubleshooting
Imagestamp(softwareversiondata)
Runningconfiguration
EventLoglisting
BootHistory
Portsettings
Statusandcountersportstatus
IProutes
StatusandcountersVLANinformation
GVRPsupport
Loadbalancing(trunkandLACP)
FigureC-25showssampleoutputfromtheshowtechcommand.
Pr oCur ve# show t ech
show syst em
Syst emName
Syst emCont act
Syst emLocat i on
: 5400_1
:
:
Ti me Zone : 0
Sof t war e r evi si on
ROM Ver si on
: K. 14. XX
: K. 12. 12
Base MAC Addr
Ser i al Number
: 001871- c42f 00
: SG641SU00L
Up Ti me
CPU Ut i l ( %)
: 23 hour s
: 10
Memor y - Tot al
Fr ee
:
:
I P Mgmt - Pkt s Rx : 759
Pkt s Tx : 2
Packet
Buf f er s
- Tot al
Fr ee
Lowest
Mi ssed
: 6750
: 5086
: 4961
: 0
show f l ash
I mage Si ze( Byt es) Dat e Ver si on
- - - - - - - - - -
FigureC-25.ExampleofShowTechCommand
- - - - - - - - - - - - - - - - - - - -
Bui l d #
- - - - - - -
C-69
Troubleshooting
Tospecifythedatadisplayedbytheshowtechcommand,usethecopyshow
techcommandasdescribedinCustomizingshowtechCommandOutputon
pageC-71.
SavingshowtechCommandOutputtoaTextFile
Whenyouentertheshowtechcommand,asummaryofswitchoperational
dataissenttoyourterminalemulator.Youcanuseyourterminalemulators
textcapturefeaturestosavetheshowtechdatatoatextfileforviewing,
printing,orsendingtoanassociatetodiagnoseaproblem.
Forexample,ifyourterminalemulatoristheHyperterminalapplication
availablewithMicrosoftWindowssoftware,youcancopytheshowtech
outputtoafileandthenuseeitherMicrosoftWordorNotepadtodisplaythe
data.(Inthiscase,MicrosoftWordprovidesthedatainaneasier-to-read
format.)
ThefollowingexampleusestheMicrosoftWindowsterminalemulator.Ifyou
areusingadifferentterminalemulatorapplication,refertothedocumentation
providedwiththeapplication.
Tosaveshowtechcommandoutputfromyourterminalemulatortoatextfile,
followthesesteps:
1. InHyperterminal,clickonTransfer|CaptureText...
FigureC-26.CaptureTextwindowoftheHyperterminalApplication
2. IntheFilefield,enterthepathandfilenameinwhichyouwanttostore
theshowtechoutput.
FigureC-27.EnteringaPathandFilenameforSavingshowtechOutput
C-70
Troubleshooting
3. Click[Start]tocreateandopenthetextfile.
4. Fromtheglobalconfigurationcontext,entertheshowtechcommand:
Pr oCur ve# show t ech
Theshowtechcommandoutputiscopiedintothetextfileanddisplayed
ontheterminalemulatorscreen.Whenthecommandoutputstopsand
displays-- MORE --,presstheSpacebartodisplayandcopymore
information.TheCLIpromptappearswhenthecommandoutputfinishes.
5. ClickonTransfer|CaptureText|StopinHyperTerminaltostopcopyingdata
andsavethetextfile.
IfyoudonotstopHyperTerminalfromcopyingcommandoutputintothe
textfile,additionalunwanteddatacanbecopiedfromtheHyperTerminal
screen.
6. Toaccessthefile,openitinMicrosoftWord,Notepad,orasimilartext
editor.
CustomizingshowtechCommandOutput
Usethecopyshowtechcommandtocustomizethedetailedswitchinformation
displayedwiththeshowtechcommandtosuityourtroubleshootingneeds.
Tocustomizetheinformationdisplayedwiththeshowtechcommand:
1. Determinetheinformationthatyouwanttogathertotroubleshoota
probleminswitchoperation.
2. Enterthecopyshowtechcommandtospecifythedatafilesthatcontain
theinformationyouwanttoview.
Syntax: copy<source>show-tech
Specifiestheoperationalandconfigurationdatafromoneor
moresourcefilestobedisplayedbytheshowtechcommand.
Enterthecommandonceforeachdatafilethatyouwantto
includeinthedisplay.
Default:Displaysdatafromallsourcefiles,where<source>
canbeanyoneofthefollowingvalues:
command-output<command>
C-71
Troubleshooting
Includestheoutputofaspecifiedcommandinshow-tech
commandoutput.Enterthecommandnamebetween
double-quotationmarks;forexample,copyshowsystem
show-tech.
crash-data[slot-id|master]:
Includesthecrashdatafromallmanagementandinterface
modulesinshowtechcommandoutput.
Tolimittheamountofcrashdatadisplayed,specifyan
installedmoduleormanagementmodules,where:
slot-id:Includesthecrashdatafromaninstalledmodule.
ValidslotIDsarethelettersathroughh.
master:Includesthecrashdatafrombothmanagement
modules.
.
crash-log[slot-id|master]:
Includesthecrashlogsfromallmanagementandinterface
modulesinshowtechcommandoutput.
Tolimittheamountofcrash-logdatadisplayed,specifyan
installedmoduleormanagementmodules,where:
slot-id:Includesthecrashlogfromaninstalledmodule.
ValidslotIDsarethelettersathroughh.
master:Includesthecrashlogfrombothmanagement
modules.
event-log
CopiesthecontentsoftheEventLogtoshowtechcommand
output.
running-config
Includesthecontentsoftherunningconfigurationfilein
showtechcommandoutput.
startup-config
Includesthecontentsofthestartupconfigurationfilein
showtechcommandoutput.
C-72
Troubleshooting
tftpconfig<startup-config|running-config><ip-addr><remote-file>
<pc|unix>
Downloadsthecontentsofaconfigurationfilefroma
remotehosttoshowtechcommandoutput,where:
ip-addr:SpecifiestheIPaddressoftheremotehostdevice.
remote-file:Specifiesthepathnameontheremotehostfor
theconfigurationfilewhosecontentsyouwanttoinclude
inthecommandoutput.
pc|unix:SpecifieswhethertheremotehostisaDOS-based
PCorUNIXworkstation.
Formoreinformationonusingcopytftpcommands,refer
totheFileTransfersappendix.
.
usbconfig<startup-config<filename>|command-file<acl-
filename.txt>
CopiesthecontentsofaconfigurationfileorACL
commandfilefromaUSBflashdrivetoshowtech
commandoutput,where:
startup-config<filename>:Specifiesthenameofastartup
configurationfileontheUSBdrive.
command-file<acl-filename.txt>:Specifiesthenameofan
ACLcommandfileontheUSBdrive.
Formoreinformationonusingcopyusbcommands,refer
totheFileTransfersappendix.
xmodemconfig<startup-config|config<filename>|command-file
<acl-filename.txt><pc|unix>
C-73
Troubleshooting
CopiesthecontentsofaconfigurationfileorACL
commandfilefromaseriallyconnectedPCorUNIX
workstationtoshowtechcommandoutput,where:
startup-config:Specifiesthenameofthestartup
configurationfileontheconnecteddevice.
config<filename>:Specifiesthepathnameofa
configurationfileontheconnecteddevice.
command-file<acl-filename.txt>:Specifiesthepathnameof
anACLcommandfileontheconnecteddevice.
pc|unix:SpecifieswhethertheconnecteddeviceisaDOS-
basedPCorUNIXworkstation.
Formoreinformationonusingcopyxmodemcommands,
refertotheFileTransfersappendix.
C-74
Troubleshooting
CLI:ViewingMoreInformationonSwitchOperation
Usethefollowingcommandstodisplayadditionalinformationonswitch
operationfortroubleshootingpurposes.
Syntax: showboot-history
Displaysthecrashinformationsavedforeachmanagement
moduleontheswitch(seeDisplayingSavedCrash
InformationintheRedundancy(Switch8212zl)chapter).
showhistory
Displaysthecurrentcommandhistory.Thiscommandoutput
isusedforreferenceorwhenyouwanttorepeatacommand.
showsystem-information
Displaysgloballyconfiguredparametersandinformationon
switchoperation(seeCLI:ViewingandConfiguringSystem
InformationintheInterfaceAccessandSystemInformation
chapter).
showversion
Displaysthesoftwareversioncurrentlyrunningontheswitch,
andtheflashimagefromwhichtheswitchbooted(primaryor
secondary).Formoreinformation,seeDisplaying
ManagementInformationintheRedundancy(Switch
8212zl)chapter.
showinterfaces
Displaysinformationontheactivityonallswitchports(see
CLI:ViewingPortStatusandConfiguringPortParameters
inthePortStatusandConfigurationchapter).
showinterfaces-display
Displaysthesameinformationastheshowinterfacescommand
anddynamicallyupdatestheoutputeverythreeseconds.Press
Ctrl+Ctostopthedynamicupdatesofsysteminformation.
UsetheArrowkeystoviewinformationthatisoffthescreen.
PatternMatchingWhenUsingtheShowCommand
Thepatternmatchingoptionwiththeshowcommandprovidestheabilityto
dosearchesforspecifictext.Selectedportionsoftheoutputaredisplayed
dependingontheparameterschosen.
C-75
Troubleshooting
Syntax: show<commandoption>|<include|exclude|begin><regular
expression>
Usematchingpatternsearchestodisplayselectedportionsof
theoutputfromashowcommand.Thereisnolimittothe
numberofcharactersthatcanbematched.Onlyregular
expressionsarepermitted;symbolssuchastheasterisk
cannotbesubstitutedtoperformmoregeneralmatching.
includeOnlythelinesthatcontainthematchingpatternare
displayedintheoutput.
exclude:Onlythelinesthatcontainthematchingpatternare
notdisplayedintheoutput.
begin:Thedisplayoftheoutputbeginswiththelinethat
containsthematchingpattern.
Not e Patternmatchingiscase-sensitive.
Belowareexamplesofwhatportionsoftherunningconfigfiledisplay
dependingontheoptionchosen.
Pr oCur ve( conf i g) # show r un | i ncl ude i pv6
i pv6 enabl e
i pv6 enabl e
i pv6 access- l i st " EH- 01"
Displaysonlylinesthatcontainipv6.
FigureC-28.ExampleofPatternMatchingwithIncludeOption
C-76
Troubleshooting
Pr oCur ve( conf i g) # show r un | excl ude i pv6
; J 9146A Conf i gur at i on Edi t or ; Cr eat ed on r el ease #W. 14. 06
host name " Pr oCur ve Swi t ch"
snmp- ser ver communi t y " not publ i c" Unr est r i ct ed
vl an 1
unt agged A1- A24, B1- B20
Displaysalllinesthatdontcontainipv6.
i p addr ess dhcp- boot p
no unt agged B21- B24
exi t
vl an 20
name " VLAN20"
unt agged B21- B24
no i p addr ess
exi t
pol i cy qos "mi chael "
exi t
sequence 10 deny t cp 2001: db8: 255: : / 48 2001: db8: 125: : / 48
exi t
no aut or un
passwor d manager
FigureC-29.ExampleofPatternMatchingwithExcludeOption
C-77
Troubleshooting
Pr oCur ve( conf i g) # show r un | begi n i pv6
i pv6 enabl e
no unt agged B21- B24
Displaystherunningconfigbeginningatthefirstline
exi t thatcontainsipv6.
vl an 20
name " VLAN20"
unt agged B21- B24
i pv6 enabl e
no i p addr ess
exi t
pol i cy qos " mi chael "
exi t
i pv6 access- l i st " EH- 01"
sequence 10 deny t cp 2001: db8: 255: : / 48 2001: db8: 125: : / 48
exi t
no aut or un
passwor d manager
FigureC-30.ExampleofPatternMatchingwithBeginOption
FigureC-31isanexampleoftheshowarpcommandoutput,andthenthe
outputdisplayedwhentheincludeoptionhastheIPaddressof15.255.128.1as
theregularexpression.
Pr oCur ve( conf i g) # show ar p
I P ARP t abl e
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15. 255. 128. 1 00000c- 07ac00 dynami c B1
15. 255. 131. 19 00a0c9- b1503d dynami c
15. 255. 133. 150 000bcd- 3cbeec dynami c B1
Pr oCur ve( conf i g) # show ar p | i ncl ude 15. 255. 128. 1
15. 255. 128. 1 00000c- 07ac00 dynami c B1
FigureC-31.ExampleoftheShowARPCommandandPatternMatchingwiththe
IncludeOption
C-78
Troubleshooting
CLI:UsefulCommandsforTroubleshootingSessions
Usethefollowingcommandsinatroubleshootingsessiontomoreaccurately
displaytheinformationyouneedtodiagnoseaproblem.Formoreinformation
onothertheseCLIpractices,refertochapterChapter4,UsingtheCommand
LineInterface(CLI).
Syntax: kill
Terminatesacurrentlyrunning,remotetroubleshooting
session.Usetheshowipsshcommandtolistthecurrent
managementsessions.
Formoreinformation,seeDenyingInterfaceAccessby
TerminatingRemoteManagementSessionsintheInterface
AccessandSystemInformationchapter.
[no]page
Togglesthepagingmodeforshowcommandsbetween
continuouslistingandper-pagelisting.
repeat
Repeatedlyexecutesoneormorecommandssothatyoucansee
theresultsofmultiplecommandsdisplayedoveraperiodof
time.Tohaltthecommandexecution,pressanykeyonthe
keyboard.
Formoreinformation,seeRepeatingaCommandinthe
UsingtheCommandLineInterface(CLI)chapter.
setup
DisplaystheSwitchSetupscreenfromthemenuinterface.
SystemFailures:CoreDumpUtility
Thecoredumpfeatureautomaticallygeneratescoredumpsforenhanced
debuggingcapabilitiesintheeventofsystemfailure.Havingthisfeature
enabled(thedefault),allowsautomaticcaptureofsystemcrashinformation
thatcanbeusedfortroubleshootingpurposes.Onthedownside,thecore
dumputilitymayslowdownreboots.However,thepotentialimpactson
systemperformancearenegligiblecomparedtothepotentialbenefitsof
havingthesystemcrashinformationavailablewhenneeded.
C-79
Troubleshooting
Not e Thecoredumpfilecontainsnon-readabledataandmustbetransferredtoHP
ProCurveCustomerCareforanalysis,diagnosticsandtroubleshooting.For
instructionsonhowtotransferthefilefromtheswitch,seeCLI:Transferring
CoreDumpFilesonpageC-80.
ThecoredumpfeaturecanbeaccessedviatheCLIorviatheWebbrowser
interface(seetablefordetails).
CoreDumpConfigurationOptions
ConfigurationOption Default CLI Web
Enabling/disablingcoredumpfilecaptures Enabled pageC-80 pageC-81
Transferringcoredumpfiles pageC-80 n/a
Displayingcoredumpconfiguration n/a pageC-82
Downloadingcoredumpfiles n/a pageC-83
Displayingcoredumpfiles pageC-81 n/a
Deletingcoredumpfiles pageC-81 n/a
CLI:Enabling/DisablingCoreDump
Theswitchcanbeenabledtocollectacoredumpofthememoryspaceinthe
eventofasystemcrashusingthecore-dumpcommand.
Syntax: [no]core-dump
Enablescoredumpontheswitch.
(Default:enabled)
Not es Dependingonthesizeofthecoredump,itmaytakeseveralminutesto
writeintothecorefilebeforebootup.Toobtainfastercrashreboots,it
isadvisabletodisablethecoredumputility.
Afterafatalerroroccurs,thecoredumpiscopiedtocorefile(s)duringa
subsequentrebootandcanberetrievedlaterforrootcauseanalysis.See
CLI:TransferringCoreDumpFilesforfilenamingconventions.
CLI:TransferringCoreDumpFiles
YoucanuseSFTP(securefiletransferprotocol)orSCP(securecopy)to
transfercoredumpfilesfromtheswitchtootherdevices.WhenanSFTP/SCP
clientconnects,theswitchprovidesafilesystemdisplayingallofitsavailable
filesandfolders.Thecoredumpfilesarestoredinthecoredirectoryandhave
thefollowingnamingconventionsforindividualcorefiles:
C-80
Troubleshooting
/
+- - - cor e
| mm1. cor e managementmoduleormanagementfunction
| por t _1- 24. cor e coredumpforports1-24(stackableswitchesonly)
| por t _25- 48. cor e coredumpforports25-48(stackableswitchesonly)
FormoreonusingSFTP/SCPtotransferfiles,refertotheFileTransfers
appendixoftheManagementandConfigurationGuideforyourswitch.
CLI:DisplayingCoreDumpInformation
Theshowboot-historycommandwillindicateifanycoredumpfilesexiston
theswitch.
Syntax: showboot-history
Displaysanycoredumpfilessavedinthefilesystem.
Pr oCur ve( conf i g) # show boot - hi st or y
Mast er - - Saved Cr ash I nf or mat i on ( most r ecent f i r st ) :
======================================================
SubSyst em0 went down: 07/ 16/ 08 23: 29: 10
Oper at or col d r eboot f r omCONSOLE sessi on.
No Cor e- Dump Fi l es
CLI:DeletingCoreDumpFiles
Todeleteacoredumpfilefromthefilesystem,usetheerasecore-dump<file-
name>command.
Web:Enabling/DisablingCoreDump
ToenableordisablethecoredumpfeatureviatheWebUIortoverifycurrent
coredumpstatus(enabledordisabled),followthestepsbelow:
1. NavigatetotheDiagnostics->CoreDumptab.
Thecoredumpwindowappearsshowingthecurrentconfigurationstatus
(checked=enabled;orunchecked=disabled).
C-81
Troubleshooting
FigureC-32.WebUserInterface:CoreDumpWindow
2. Toenableordisablecoredumpfilecaptures,check/unchecktheEnabled
checkbox.
3. ClicktheSavebuttontoapplythechanges.
Awindowwillappeartoconfirmthecurrentstatus.
FigureC-33.Enable/DisableConfirmationWindow
4. ClicktheBackbuttontoreturntothepreviouswindow.
C-82
Troubleshooting
WebUI:DownloadingCoreDumpFiles
Todownloadacoredumpfilefromtheswitch,followthestepsbelow:
1. NavigatetotheDiagnostics->CoreDumptab.
2. FromtheDownloadCoreDumpFilearea,selecttherequiredcoredump
filefromthedrop-downbox.
3. ClicktheDownloadbutton.
Adialogboxwillappearopeningthefile.
FigureC-34.OpeningCore-FileWindow
4. SelectSavetoDisk,thenclickOK.
5. Selectadownloadlocationandenterthenameofthefiletobesaved,then
clickSave.
C-83
Troubleshooting
RestoringtheFactory-DefaultConfiguration
Not e ItisrecommendedthatyouaddadateprefixusingtheformatYYYYMMD
andleavetherestofthefilenameandfileextensionunchanged(for
example,20090122-mm1.core).
Oncethefilehasbeendownloaded,itcanbesenttoHPProCurveCustomer
Carefordiagnosisandanalysisofthesystemcrashinformationcontained
withinthefile(seealsoCLI:TransferringCoreDumpFilesonpageC-80).
RestoringtheFactory-Default
Configuration
Aspartofyourtroubleshootingprocess,itmaybecomenecessarytoreturn
theswitchconfigurationtothefactorydefaultsettings.Thisprocessmomen-
tarilyinterruptstheswitchoperation,clearsanypasswords,clearstheconsole
EventLog,resetsthenetworkcounterstozero,performsacompleteselftest,
andrebootstheswitchintoitsfactorydefaultconfigurationincludingdeleting
anIPaddress.Therearetwomethodsforresettingtothefactory-default
configuration:
CLI
Clear/Resetbuttoncombination
Not e ProCurverecommendsthatyousaveyourconfigurationtoaTFTPserver
beforeresettingtheswitchtoitsfactory-defaultconfiguration.Youcanalso
saveyourconfigurationviaXmodem,toadirectlyconnectedPC.
CLI:ResettingtotheFactory-DefaultConfiguration
ThiscommandoperatesatanylevelexcepttheOperatorlevel.
Syntax: erasestartup-configuration
Deletesthestartup-configfileinflashsothattheswitchwill
rebootwithitsfactory-defaultconfiguration.
Not e Theerasestartup-configcommanddoesnotclearpasswords.
C-84
Troubleshooting
RestoringaFlashImage
Clear/Reset:ResettingtotheFactory-Default
Configuration
Toexecutethefactorydefaultreset,performthesesteps:
1. Usingpointedobjects,simultaneouslypressboththeResetandClear
buttonsonthefrontoftheswitch.
2. ContinuetopresstheClearbuttonwhilereleasingtheResetbutton.
3. WhentheSelfTestLEDbeginstoflash,releasetheClearbutton.
Theswitchwillthencompleteitsselftestandbeginoperatingwiththe
configurationrestoredtothefactorydefaultsettings.
Theswitchcanloseitsoperatingsystemifeithertheprimaryorsecondary
flashimagelocationisemptyorcontainsacorruptedOSfileandanoperator
usestheeraseflashcommandtoeraseagoodOSimagefilefromtheopposite
flashlocation.
ToRecoverfromanEmptyorCorruptedFlashState.Usetheswitchs
consoleserialporttoconnecttoaworkstationorlaptopcomputerthathas
thefollowing:
AterminalemulatorprogramwithXmodemcapability,suchastheHyper-
TerminalprogramincludedinWindowsPCsoftware.
AcopyofagoodOSimagefilefortheswitch.
Not e ThefollowingprocedurerequirestheuseofXmodem,andcopiesanOSimage
intoprimaryflashonly.
ThisprocedureassumesyouareusingHyperTerminalasyourterminal
emulator.Ifyouuseadifferentterminalemulator,youmayneedtoadaptthis
proceduretotheoperationofyourparticularemulator.
1. Starttheterminalemulatorprogram.
C-85
Troubleshooting
2. Ensurethattheterminalprogramisconfiguredasfollows:
Baudrate:9600 1stopbit
Noparity Noflowcontrol
8Bits
3. UsetheResetbuttontoresettheswitch.Thefollowingpromptshould
thenappearintheterminalemulator:
Ent er h or ? f or hel p.
=>
4. SincetheOSfileislarge,youcanincreasethespeedofthedownloadby
changingtheswitchconsoleandterminalemulatorbaudratestoahigh
speed.Forexample:
a. Changetheswitchbaudrateto115,200Bps.
=> sp 115200
b. Changetheterminalemulatorbaudratetomatchtheswitchspeed:
i. InHyperTerminal,selectCall|Disconnect.
ii. SelectFile|Properties.
iii. ClickonConfigure.
iv. Changethebaudrateto115200.
v. Clickon[OK].Inthenextwindow,clickon[OK]again.
vi. SelectCall|Connect
vii. Press[Enter]oneormoretimestodisplaythe=>prompt.
5. StarttheConsoleDownloadutilitybytypingdoatthe=>promptand
pressing[Enter]:
=> do
6. Youwillthenseethisprompt:
7. Attheaboveprompt:
a. Typey(forYes)
b. SelectTransfer|FileinHyperTerminal.
c. EntertheappropriatefilenameandpathfortheOSimage.
d. SelecttheXmodemprotocol(andnotthe1kXmodemprotocol).
e. Clickon[Send].
C-86
Troubleshooting
IfyouareusingHyperTerminal,youwillseeascreensimilartothe
followingtoindicatethatthedownloadisinprogress:
FigureC-35.ExampleofXmodemDownloadinProgress
8. Whenthedownloadcompletes,theswitchrebootsfromprimaryflash
usingtheOSimageyoudownloadedintheprecedingsteps,plusthemost
recentstartup-configfile.
C-87
Troubleshooting
DNSResolver
DNSResolver
TheDomainNameSystem(DNS)resolverisdesignedforuseinlocalnetwork
domainswhereitenablesuseofahostnameorfullyqualifieddomainname
withDNS-compatibleswitchCLIcommands.(AtsoftwarereleaseK.13.01,the
DNS-compatiblecommandsincludepingandtraceroute.)
BeginningwithsoftwarereleaseK.13.01,DNSoperationsupportsbothIPv4
andIPv6DNSresolutionandmultiple,prioritizedDNSservers.(Forinforma-
tiononIPv6DNSresolution,refertothelatestIPv6ConfigurationGuidefor
yourswitch.)
Terminology
DomainSuffixIncludesalllabelstotherightoftheuniquehostnamein
afullyqualifieddomainnameassignedtoanIPaddress.Forexample,in
thefullyqualifieddomainnamedevice53.evergreen.trees.org,the
domainsuffixisevergreen.trees.org,whiledevice53istheunique
(host)nameassignedtoaspecificIPaddress.
FullyQualifiedDomainNameThesequenceoflabelsinadomainname
identifyingaspecifichost(hostname)andthedomaininwhichitexists.
Forexample,ifadevicewithanIPaddressof10.10.10.101hasahostname
ofdevice53andresidesintheevergreen.trees.orgdomain,thenthe
devicesfullyqualifieddomainnameisdevice53.evergreen.trees.organd
theDNSresolutionofthisnameis10.10.10.101.
HostNameTheunique,leftmostlabelinadomainnameassignedtoa
specificIPaddressinaDNSserverconfiguration.Thisenablestheserverto
distinguishadeviceusingthatIPaddressfromotherdevicesinthesame
domain.Forexample,intheevergreen.trees.orgdomain,ifanIPv4addressof
10.10.100.27isassignedahostnameofaccounts015andanotherIPaddress
of10.10.100.33isassignedahostnameofsales021,thentheswitchconfigured
withthedomainsuffixevergreen.trees.organdaDNSserverthatresolves
addressesinthatdomaincanusethehostnamestoreachthedeviceswith
DNS-compatiblecommands.Forexample:
pi ng account s015
t r acer out e account s015
C-88
Troubleshooting
DNSResolver
BasicOperation
WhentheswitchisconfiguredwithonlytheIPaddressofaDNS
serveravailabletotheswitch,thenaDNS-compatiblecommand,
executedwithafullyqualifieddomainname,canreachadevicefound
inanydomainaccessiblethroughtheconfiguredDNSserver.
Whentheswitchisconfiguredwithbothofthefollowing:
theIPaddressofaDNSserveravailabletotheswitch
thedomainsuffixofadomainavailabletotheconfiguredDNS
server
then:
ADNS-compatiblecommandthatincludesthehostnameofa
deviceinthesamedomainastheconfigureddomainsuffixcan
reachthatdevice.
ADNS-compatiblecommandthatincludesafullyqualified
domainnamecanreachadeviceinanydomainthatisavailable
totheconfiguredDNSserver.
Example.Supposetheswitchisconfiguredwiththedomainsuffix
mygroup.procurve.netandtheIPaddressforanaccessibleDNSserver.Ifan
operatorwantstousetheswitchtopingatargethostinthisdomainbyusing
theDNSnameleader(assignedbyaDNSservertoanIPaddressusedin
thatdomain),thentheoperatorcanuseeitherofthefollowingcommands:
Pr oCur ve# pi ng l eader
10. 28. 229. 220 i s al i ve, t i me = 1 ms
HostNamefortheDesiredHost
PingResponse
Pr oCur ve# pi ng l eader . mygr oup. pr ocur ve. net FullyQualifiedDomainNameforthe
10. 28. 229. 220 i s al i ve, t i me = 1 ms
DesiredHost
PingResponse
FigureC-36.ExampleofUsingEitheraHostNameoraFullyQualifiedDomainName
Intheproceedingexample,iftheDNSserversIPaddressisconfiguredonthe
switch,butadomainsuffixiseithernotconfiguredorisconfiguredfora
differentdomainthanthetargethost,thenthefullyqualifieddomainname
mustbeused.
C-89

Troubleshooting
DNSResolver
Notethatifthetargethostisinadomainotherthanthedomainconfigured
ontheswitch,then:
Thehostsdomainmustbereachablefromtheswitch.Thisrequires
thattheDNSserverfortheswitchmustbeabletocommunicatewith
theDNSserver(s)inthepathtothedomaininwhichthetargethost
operates.
Thefullyqualifieddomainnamemustbeused,andthedomainsuffix
mustcorrespondtothedomaininwhichthetargethostoperates,
regardlessofthedomainsuffixconfiguredintheswitch.
Example.Supposetheswitchisconfiguredwiththedomainsuffix
mygroup.procurve.netandtheIPaddressforanaccessibleDNSserverinthis
samedomain.Thistime,theoperatorwantstousetheswitchtotracethe
routetoahostnamedremote-01inadifferentdomainnamed
common.group.net.AssumingthisseconddomainisaccessibletotheDNS
serveralreadyconfiguredontheswitch,atraceroutecommandusingthe
targetsfullyqualifiedDNSnameshouldsucceed.
Pr oCur ve# t r acer out e r emot e- 01. common. gr oup. net
t r acer out e t o 10. 22. 240. 73
1 hop mi n, 30 hops max, 5 sec. t i meout , 3 pr obes
1 10. 28. 229. 3 0 ms 0 ms 0 ms
2 10. 71. 217. 1 0 ms 0 ms 0 ms
3 10. 0. 198. 2 1 ms 0 ms 0 ms
4 10. 22. 240. 73 0 ms 0 ms 0 ms
FullyQualifiedHostNamefor
theTargetHost
IPAddressforTargetHost
remote-01
FigureC-37.ExampleUsingtheFullyQualifiedDomainNameforanAccessibleTargetinAnotherDomain
withDNS-CompatibleCommands
(AtsoftwarereleaseK.13.01,theDNS-compatiblecommandsincludepingand
traceroute.)
1. Determinethefollowing:
a. TheIPaddressforaDNSserveroperatinginadomaininyour
network
b. Thepriority(1-3)oftheselectedserver,relativetootherDNSservers
inthedomain
C-90
Troubleshooting
DNSResolver
c. Thedomainnameforanaccessibledomaininwhichtherearehosts
youwanttoreachwithaDNS-compatiblecommand.(Thisisthe
domainsuffixinthefullyqualifieddomainnameforagivenhost
operatingintheselecteddomain.RefertoTerminologyonpageC-
88.)Notethatifadomainsuffixisnotconfigured,fullyqualified
domainnamescanbeusedtoresolveDNS-compatiblecommands.
d. thehostnamesassignedtotargetIPaddressesintheDNSserverfor
thespecifieddomain
2. Usethedatafromsteps1athrough1ctoconfiguretheDNSentryonthe
switch.
3. UseaDNS-compatiblecommandwiththehostnametoreachthetarget
devices.
ConfiguringaDNSEntry
TheswitchallowsuptothreeDNSserverentries(IPaddressesforDNS
servers).Onedomainsuffixcanalsobeconfiguredtosupportresolutionof
DNSnamesinthatdomainbyusingahostnameonly.Includingthedomain
suffixenablestheuseofDNS-compatiblecommandswithatargetshostname
insteadofthetargetsfullyqualifieddomainname.
Syntax: [no]ipdnsserver-addresspriority<1-3><ip-addr>
ConfigurestheaccesspriorityandIPaddressofaDNSserver
accessibletotheswitch.Thesesettingsspecify:
therelativepriorityoftheDNSserverwhenmultipleservers
areconfigured
theIPaddressoftheDNSserver
ThesesettingsmustbeconfiguredbeforeaDNS-compatible
commandcanbeexecutedwithhostnamecriteria.
TheswitchsupportsthreeprioritizedDNSserverentries.
ConfiguringanotherIPaddressforaprioritythathasalready
beenassignedtoanIPaddressisnotallowed.Toreplaceone
IPaddressatagivenprioritylevelwithanotheraddress
havingthesamepriority,youmustfirstusethenoformofthe
commandtoremovetheunwantedaddress.Also,onlyone
instanceofagivenserveraddressisallowedintheserverlist.
Attemptingtoenteraduplicateofanexistingentryata
differentprioritylevelisnotallowed.Tochangethepriorityof
anexistingserveraddress,usethenoformofthecommandto
removetheentry,thenre-entertheaddresswiththenew
priority.
ThenoformofthecommandreplacestheconfiguredIPaddress
withthenullsetting.(Default:null)
C-91
Troubleshooting
DNSResolver
Syntax: [no]ipdnsdomain-name<domain-name-suffix>
ThisoptionalDNScommandconfiguresthedomainsuffixthat
isautomaticallyappendedtothehostnameenteredwitha
DNS-compatiblecommand.WhenthedomainsuffixandtheIP
addressforaDNSserverthatcanaccessthatdomainareboth
configuredontheswitch,youcanexecuteaDNS-compatible
commandusingonlythehostnameofthedesiredtarget.(For
anexample,refertoFigureC-36onpageC-89.)Ineitherofthe
followingtwoinstances,youmustmanuallyprovidethe
domainidentificationbyusingafullyqualifiedDNSname
withaDNS-compatiblecommand:
IftheDNSserverIPaddressisconfiguredontheswitch,but
thedomainsuffixisnotconfigured(null)
Thedomainsuffixconfiguredontheswitchisnotthe
domaininwhichthetargethostexists
TheswitchsupportsonedomainsuffixentryandthreeDNS
serverIPaddressentries.(Refertotheprecedingcommand
description.)
Thenoformofthecommandreplacestheconfigureddomain
suffixwiththenullsetting.(Default:null)
ExampleUsingDNSNameswithPingandTraceroute
InthenetworkillustratedinFigureC-38,theswitchat10.28.192.1isconfig-
uredtouseDNSnamesforDNS-compatiblecommandsinthe
pubs.outdoors.comdomain.TheDNSserverhasbeenconfiguredtoassignthe
hostnamedocservrtotheIPaddressusedbythedocumentserver
(10.28.229.219).
10.28.192.1
SwitchAConfigured
withDNSResolver
10.28.192.2
10.28.229.1
RouterB
docservr
(10.28.229.219)
Document
Server
Domain:pubs.outdoors.com
DNSServerforpubs.outdoors.com
10.28.229.10
HostNameforIPaddress
10.28.229.219=docservr
FigureC-38.ExampleNetworkDomain
C-92

Troubleshooting
DNSResolver
ConfiguringswitchAwiththedomainnameandtheIPaddressofaDNS
serverforthedomainenablestheswitchtousehostnamesassignedtoIP
addressesinthedomaintoperformpingandtracerouteactionsonthedevices
inthedomain.Tosummarize:
Entity: Identity:
DNSServerIPAddress 10.28.229.10
DomainName(andDomainSuffixforHostsin pubs.outdoors.com
theDomain)
HostNameAssignedto10.28.229.219bythe docservr
DNSServer
FullyQualifiedDomainNamefortheIPaddress docservr.pubs.outdoors.com
UsedBytheDocumentServer(10.28.229.219)
SwitchIPAddress 10.28.192.1
DocumentServerIPAddress 10.28.229.219
Withtheabovealreadyconfigured,thefollowingcommandsenableaDNS-
compatiblecommandwiththehostnamedocservertoreachthedocument
serverat10.28.229.219.
Pr oCur ve( conf i g) # i p dns ser ver - addr ess 10. 28. 229. 10
Pr oCur ve( conf i g) # i p dns domai n- name pubs. out door s. com
FigureC-39.ConfiguringSwitchAinFigureC-38ToSupportDNSResolution
Pr oCur ve# pi ng docser vr
10. 28. 229. 219 i s al i ve, t i me = 1 ms
Pr oCur ve# t r acer out e docser vr
First-HopRouter(B)
t r acer out e t o 10. 28. 229. 219
1 10. 28. 192. 2 1 ms 0 ms 0 ms
2 10. 28. 229. 219 0 ms 0 ms 0 ms
TracerouteTarget
FigureC-40.ExampleofPingandTracerouteExecutionfortheNetworkinFigureC-38onPageC-92
C-93

Troubleshooting
DNSResolver
AsmentionedunderBasicOperationonpageC-89,iftheDNSentryconfig-
uredintheswitchdoesnotincludethedomainsuffixforthedesiredtarget,
thenyoumustusethetargethostsfullyqualifieddomainnamewithDNS-
compatiblecommands.Forexample,usingthedocumentserverinFigureC-
38asatarget:
Pr oCur ve# pi ng docser vr . pubs. out door s. com
10. 28. 229. 219 i s al i ve, t i me = 1 ms
Pr oCur ve# t r acer out e docser vr . pubs. out door s. com
t r acer out e t o 10. 28. 229. 219
1 10. 28. 192. 2 1 ms 0 ms 0 ms
2 10. 28. 229. 219 0 ms 0 ms 0 ms
TargetsFullyQualified
DomainName
FigureC-41.ExampleofPingandTracerouteExecutionWhenOnlytheDNSServerIPAddressIsConfigured
ViewingtheCurrentDNSConfiguration
TheshowipcommanddisplaysthecurrentdomainsuffixandtheIPaddress
ofthehighestpriorityDNSserverconfiguredontheswitch,alongwithother
IPconfigurationinformation.Iftheswitchconfigurationcurrentlyincludesa
non-default(non-null)DNSentry,itwillalsoappearintheshowruncommand
output.
Pr oCur ve# show i p
I P Rout i ng : Di sabl ed
Def aul t TTL : 64
Ar p Age : 20
Domai n Suf f i x : pubs. out door s. com
DNSResolverConfigurationinthe
showipcommandoutput DNS ser ver : 10. 28. 229. 10
VLAN | I P Conf i g I P Addr ess Subnet Mask
- - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DEFAULT_VLAN | Manual 10. 28. 192. 1 255. 255. 255. 0
FigureC-42.ExampleofViewingtheCurrentDNSConfiguration
C-94
Troubleshooting
DNSResolver
OperatingNotes
ConfiguringanotherIPaddressforaprioritythathasalreadybeen
assignedtoanIPaddressisnotallowed.ToreplaceoneIPaddressata
givenprioritylevelwithanotheraddresshavingthesamepriority,you
mustfirstusethenoformofthecommandtoremovetheunwanted
address.Also,onlyoneinstanceofagivenserveraddressisallowedin
theserverlist.Attemptingtoenteraduplicateofanexistingentryata
differentprioritylevelisnotallowed.Tochangethepriorityofanexisting
serveraddress,usethenoformofthecommandtoremovetheentry,then
re-entertheaddresswiththenewpriority.
Tochangethepositionofanaddressalreadyconfiguredwithpriorityx,
youmustfirstusenoipdnsserver-addresspriorityx<ip-addr>toremove
theaddressfromtheconfiguration,thenuseipdnsserver-addresspriority
<ip-addr>toreconfiguretheaddresswiththenewpriority.Also,ifthe
prioritytowhichyouwanttomoveanaddressisalreadyusedinthe
configurationforanotheraddress,youmustfirstusethenoformofthe
commandtoremovethecurrentaddressfromthetargetpriority.
TheDNSserver(s)anddomainconfiguredontheswitchmustbe
accessibletotheswitch,butitisnotnecessaryforanyintermediate
devicesbetweentheswitchandtheDNSservertobeconfiguredto
supportDNSoperation.
WhenmultipleDNSserversareconfiguredontheswitch,theycan
resideinthesamedomainordifferentdomains.
ADNSconfigurationmustincludetheIPaddressforaDNSserver
thatisabletoresolvehostnamesforthedesireddomain.IfaDNS
serverhaslimitedknowledgeofotherdomains,thenitsabilityto
resolveDNS-compatiblecommandrequestsisalsolimited.
IftheDNSconfigurationincludesaDNSserverIPaddressbutdoes
notalsoincludeadomainsuffix,thenanyDNS-compatible
commandsshouldincludethetargethostsfullyqualifieddomain
name.RefertoFigureC-36onpageC-89.
Switch-InitiatedDNSpacketsgooutthroughtheVLANhavingthe
bestroutetotheDNSserver,evenifaManagementVLANhasbeen
configured.
TheDNSserveraddressmustbemanuallyinput.Itisnotautomati-
callydeterminedviaDHCP.
C-95
Troubleshooting
DNSResolver
EventLogMessages
Message Meaning
DNSserveraddressnotconfigured TheswitchdoesnothaveanIPaddressconfiguredfortheDNS
server.
DNSservernotresponding TheDNSserverfailedtorespondorisunreachable.Anincorrect
serverIPaddresscanproducethisresult.
Unknownhost<host-name> ThehostnamedidnotresolvetoanIPaddress.Somereasonsfor
thisoccurringinclude:
Thehostnamewasnotfound.
Thenameddomainwasnotfound.
Thedomainsuffixwasexpected,buthasnotbeenconfigured.(If
theserversIPaddresshasbeenconfiguredintheswitchbutthe
domainnamehasnotbeenconfigured,thenthehostsfully
qualifieddomainnamemustbeused.)
C-96
D
Contents
Overview .................................................... D-2
DeterminingMACAddresses.................................. D-3
Menu:ViewingtheSwitchs MACAddresses.................... D-4
CLI:ViewingthePort andVLANMACAddresses................ D-5
ViewingtheMACAddressesofConnectedDevices ............. D-7
D-1
Overview
Overview
TheswitchassignsMACaddressesintheseareas:
Formanagementfunctions,oneBaseMACaddressisassignedtothe
defaultVLAN(VID=1).(AllVLANsontheswitchescoveredinthisguide
usethesameMACaddress.)
Forinternalswitchoperations:OneMACaddressperport(RefertoCLI:
ViewingthePortandVLANMACAddressesonpageD-5.)
MACaddressesareassignedatthefactory.Theswitchautomatically
implementstheseaddressesforVLANsandportsastheyareaddedtothe
switch.
Not e TheswitchsbaseMACaddressisalsoprintedonalabelaffixedtotheswitch.
D-2
DeterminingMACAddresses
MACAddressViewingMethods
viewswitchsbase(defaultvlan)MACaddress
andtheaddressingforanyaddedVLANs
n/a D-4 D-5
viewportMACaddresses(hexadecimalformat) n/a D-5
UsethemenuinterfacetoviewtheswitchsbaseMACaddressandthe
MACaddressassignedtoanyVLANyouhaveconfiguredontheswitch.
(ThesameMACaddressisassignedtoVLAN1andallotherVLANs
configuredontheswitch.)
Not e TheswitchsbaseMACaddressisusedforthedefaultVLAN(VID=1)thatis
alwaysavailableontheswitch.ThisistruefordynamicVLANsaswell;the
baseMACaddressisthesameacrossallVLANs.
UsetheCLItoviewtheswitchsportMACaddressesinhexadecimal
format.
D-3
Menu:ViewingtheSwitchsMACAddresses
TheManagementAddressInformationscreenliststheMACaddressesfor:
Baseswitch(defaultVLAN;VID=1)
AnyadditionalVLANsconfiguredontheswitch.
Also,theBaseMACaddressappearsonalabelonthebackoftheswitch.
Not e TheBaseMACaddressisusedbythefirst(default)VLANintheswitch.This
isusuallytheVLANnamedDEFAULT_VLANunlessthenamehasbeen
changed(byusingtheVLANNamesscreen).Ontheswitchescoveredinthis
guide,theVID(VLANidentificationnumber)forthedefaultVLANisalways
1,andcannotbechanged.
ToViewtheMACAddress(andIPAddress)assignmentsforVLANs
ConfiguredontheSwitch:
1. FromtheMainMenu,Select
1.StatusandCounters
IftheswitchhasonlythedefaultVLAN,thefollowingscreenappears.If
theswitchhasmultiplestaticVLANs,eachislistedwithitsaddressdata.
SwitchBase(orDefault
VLAN)MACaddress
CurrentIPAddress
AssignedtotheSwitch
FigureD-1. ExampleoftheManagementAddressInformationScreen
D-4
CLI:ViewingthePortandVLANMACAddresses
TheMACaddressassignedtoeachswitchportisusedinternallybysuch
featuresasFlowControlandthespanning-treeprotocol.Usingthewalkmib
commandtodeterminetheMACaddressassignmentsforindividualportscan
sometimesbeusefulwhendiagnosingswitchoperation.
SwitchSeries MACAddressAllocation
8212zl Theswitchallots24MACaddressesperslot.Foragivenslot,ifa
four-portmoduleisinstalled,thentheswitchusesthefirstfourMAC
addressesintheallotmentforthatslot,andtheremaining18MAC
addressesareunused.Ifa24-portmoduleisinstalled,theswitch
usesthefirst24MACaddressesintheallotment,andso-on.
AllModels TheswitchsbaseMACaddressisassignedtoVLAN(VID)1and
appearsinthewalkmiblistingaftertheMACaddressesfortheports.
(AllVLANsintheswitchhavethesameMACaddress.)
TodisplaytheswitchsMACaddresses,usethewalkmibcommandatthe
commandprompt:
Not e ThisproceduredisplaystheMACaddressesforallportsandexistingVLANs
intheswitch,regardlessofwhichVLANyouselect.
1. IftheswitchisattheCLIOperatorlevel,usetheenablecommandtoenter
theManagerleveloftheCLI.
2. TypethefollowingcommandtodisplaytheMACaddressforeachporton
theswitch:
ProCurve# walkmib ifPhysAddress
(Theabovecommandisnotcase-sensitive.)
Forexample,aProCurve8212zlswitchwiththefollowingmoduleconfigura-
tionshowsMACaddressassignmentssimilartothoseshowninfigureD-2:
a4-portmoduleinslotA,a24-portmoduleinslotC,andnomodulesin
slotsBandD
twonon-defaultVLANsconfigured
D-5
Pr oCur ve# wal kmi b i f physaddr ess
i f PhysAddr ess. 1 = 00 12 79 88 b1 f f
i f PhysAddr ess. 2 = 00 12 79 88 b1 f e
i f PhysAddr ess. 3 = 00 12 79 88 b1 f d
i f PhysAddr ess. 4 = 00 12 79 88 b1 f c
i f PhysAddr ess. 49 = 00 12 79 88 b1 cf
ifPhysAddress.461and
488 Physicaladdressesfor
non-defaultVLANsconfigured
ontheswitch.Ontheswitches
coveredbythismanual,all
VLANsusethesameMAC
addressastheDefaultVLAN.
Referto"MultipleVLANCon-
siderations"inthe"StaticVirtual
LANs(VLANs)"chapterofthe
AdvancedTrafficManagement
Guideforyourswitch.
ifPhysAddress.1-4: PortsA1-A4inSlotA
(Addresses5- 24inslotAareunused.)
ifPhysAddress.49- 72:PortsC1-C24inSlotC
(Inthisexample,thereisnomoduleinslotB.)
ifPhysAddress.362 BaseMACAddress(MAC
AddressfordefaultVLAN;
VID=1)
i f PhysAddr ess. 50 = 00 12 79 88 b1 ce
i f PhysAddr ess. 51 = 00 12 79 88 b1 cd
i f PhysAddr ess. 52 = 00 12 79 88 b1 cc
i f PhysAddr ess. 53 = 00 12 79 88 b1 cb
i f PhysAddr ess. 54 = 00 12 79 88 b1 ca
i f PhysAddr ess. 55 = 00 12 79 88 b1 c9
i f PhysAddr ess. 65 = 00 12 79 88 b1 bf
i f PhysAddr ess. 66 = 00 12 79 88 b1 be
i f PhysAddr ess. 67 = 00 12 79 88 b1 bd
i f PhysAddr ess. 68 = 00 12 79 88 b1 bc
i f PhysAddr ess. 69 = 00 12 79 88 b1 bb
i f PhysAddr ess. 70 = 00 12 79 88 b1 ba
i f PhysAddr ess. 71 = 00 12 79 88 b1 b9
i f PhysAddr ess. 72 = 00 12 79 88 b1 b8
i f PhysAddr ess. 362 = 00 12 79 88 a1 00
i f PhysAddr ess. 461 = 00 12 79 88 a1 00
i f PhysAddr ess. 488 = 00 12 79 88 a1 00
i f PhysAddr ess. 4456 =
FigureD-2. ExampleofPortMACAddressAssignmentsonaSwitch
D-6
ViewingtheMACAddressesofConnectedDevices
ViewingtheMACAddressesof
ConnectedDevices
Syntax: showmac-address[|mac-addr|
ListstheMACaddressesofthedevicestheswitchhasdetected,
alongwiththenumberofthespecificportonwhicheachMAC
addresswasdetected.
[port-list]
ListstheMACaddressesofthedevicestheswitchhasdetected,on
thespecifiedport(s).
[mac-addr]
ListstheportonwhichtheswitchdetectsthespecifiedMAC
address.ReturnsthefollowingmessageifthespecifiedMAC
addressisnotdetectedonanyportintheswitch:
MAC addr ess <mac-addr> not f ound.
[vlan<vid>]
ListstheMACaddressesofthedevicestheswitchhasdetectedon
portsbelongingtothespecifiedVLAN,alongwiththenumberof
thespecificportonwhicheachMACaddresswasdetected.
TolisttheMACaddressesofdevicestheswitchhasdetected,usetheshow
mac-addresscommand.
D-7
ViewingtheMACAddressesofConnectedDevices
D-8
E
MonitoringResources
Contents
ViewingInformationonResourceUsage ....................... E-2
PolicyEnforcementEngine .................................. E-2
DisplayingCurrentResourceUsage ........................... E-3
WhenInsufficientResourcesAreAvailable .................... E-6
E-1
MonitoringResources
ViewingInformationonResourceUsage
Theswitchallowsyoutoviewinformationaboutthecurrentusageand
availabilityofresourcesinthePolicyEnforcementengine,includingthe
followingsoftwarefeatures:
Accesscontrollists(ACL)
Quality-of-service(QoS),includingdeviceandapplicationportpriority,
andQoSpolicies
Dynamicassignmentofper-portACLsandQoSthroughRADIUSauthen-
ticationdesignatedasIDM,withorwithouttheoptionalidentity-driven
management(IDM)application
Virusthrottling(VT)usingconnection-ratefiltering
Otherfeatures,including:
ManagementVLAN
DHCPsnooping
DynamicARPprotection
JumboIP-MTU
PolicyEnforcementEngine
ThePolicyEnforcementengineisthehardwareelementintheswitchthat
managesquality-of-serviceandACLpolicies,aswellasothersoftwarefea-
tures,usingtherulesthatyouconfigure.ResourceusageinthePolicyEnforce-
mentengineisbasedonhowthesefeaturesareconfiguredontheswitch.
ResourceusagebydynamicportACLsandvirus-throttlingisdeterminedas
follows:
DynamicportACLsconfiguredbyaRADIUSserver(withorwithoutthe
optionalIDMapplication)foranauthenticatedclientdeterminethecur-
rentresourceconsumptionforthisfeatureonaspecifiedslot.Whena
clientsessionends,theresourcesinuseforthatclientbecomeavailable
forotheruses.
Avirus-throttlingconfiguration(connection-ratefiltering)ontheswitch
doesnotaffectswitchresourcesunlesstrafficbehaviorhastriggered
eitherathrottlingorblockingactiononthetrafficfromoneormore
clients.Whenthethrottlingactionceasesorablockedclientisunblocked,
theresourcesusedforthatactionarereleased.
Resourceusagebythefollowingfeatures(whenconfiguredgloballyorper
VLAN),appliesacrossallportgroups:
E-2
MonitoringResources
ACLs
QoSconfigurationsthatusethefollowingcommands:
QoSdevicepriority(IPAddress)throughtheCLIusingtheqos
device-prioritycommand
QoSapplicationportthroughtheCLIusingqostcp-portorqosudp-port
ManagementVLANconfiguration
DHCPsnooping
DynamicARPprotection
JumboIP-MTU
Resourceusageonthefollowingfeatures,whichareconfiguredper-port,
appliesonlytotheportgrouponwhichthefeatureisconfigured:
ACLsorQoSappliedper-portthroughRADIUSauthentication
Virusthrottlingappliedtoanyport(whenahighconnection-rateclientis
beingthrottledorblocked)
DisplayingCurrentResourceUsage
Todisplaycurrentresourceusageintheswitch,entertheshowqosresources
orshowaccess-listresourcescommand.
Syntax: show<qos|access-list>resources
DisplaystheresourceusageofthePolicyEnforcementEngineonthe
switchbysoftwarefeature.Foreachtypeofresource,theamountstill
availableandtheamountusedbyeachsoftwarefeatureisshown.
Theqosandaccess-listparametersdisplaythesamecommandoutput.
Theshow<qos|access-list>resourcescommandoutputallowsyoutoview
currentresourceusageand,ifnecessary,helpprioritizeandreconfigure
softwarefeaturestofreeresourcesreservedforlessimportantfeatures.
FigureE-1showstheresourceusageonaswitchconfiguredforACLs,QoS,
E-3

MonitoringResources
RADIUS-basedauthentication,andotherfeatures(foranexplanationofthis
output,refertothenotesonpageE-5).
Pr oCur ve( conf i g) # show access- l i st r esour ces
Resour ce usage i n Pol i cy Enf or cement Engi ne
| Rul es | Rul es Used
Por t s | Avai l abl e | ACL | QoS | I DM | VT | Ot her |
- - - - - - +- - - - - - - - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - |
1- 24 | 1994 | 10 | 5 | 0 | 0 | 3 |
| Met er s | Met er s Used
- - - - - - +- - - - - - - - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - |
1- 24 | 250 | | 5 | | | 0 |
| Appl i cat i on |
| Por t Ranges | Appl i cat i on Por t Ranges Used
- - - - - - +- - - - - - - - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - |
1- 24 | 31 | 1 | 0 | 0 | | 0 |
0 of 32 Pol i cy Engi ne mangement r esour ces used.
Key:
ACL = Access Cont r ol Li st s
QoS = Devi ce & Appl i cat i on Por t Pr i or i t y
I DM = I dent i t y Dr i ven Management
VT = Vi r us Thr ot t l i ng bl ocks
Ot her = Management VLAN, DHCP Snoopi ng, ARP Pr ot ect i on.
Resour ce usage i ncl udes r esour ces act ual l y i n use, or r eser ved f or f ut ur e
use by t he l i st ed f eat ur e. I nt er nal dedi cat ed- pur pose r esour ces, such as
por t bandwi dt h l i mi t s or VLAN QoS pr i or i t y, ar e not i ncl uded.
FigureE-1. ExampleofDisplayingCurrentResourceUsageonaSeries2910alSwitch
E-4
MonitoringResources
Notesonshowresourcescommandoutput:
A1:1mappingofinternalrulestoconfiguredpoliciesintheswitchdoes
notnecessarilyexist.Asaresult,displayingcurrentresourceusageisthe
mostreliablemethodforkeepingtrackofavailableresources.Also,
becausesomeinternalresourcesareusedbymultiplefeatures,deleting
afeatureconfigurationmaynotincreasetheamountofavailable
resources.
Resourceusageincludesresourcesactuallyinuse,orreservedforfuture
usebythelistedfeatures.
Internaldedicated-purposeresourcesincludethefollowingfeatures:
Per-portingressratelimitingthroughtheCLIusingrate-limitin
Per-portingressbroadcastratelimitingthroughtheCLIusingrate-
limitbcast/mcast
Per-portorper-vlanpriorityorDSCPthroughtheCLIusingqospriority
orqosdscp
PerprotocolprioritythroughtheCLIusingqosprotocol
TheAvailablecolumnsdisplaytheresourcesavailableforadditional
featureuse.
TheIDMcolumnshowstheresourcesusedforRADIUS-basedauthen-
ticationwithorwithouttheIDMoption.
MetersareusedwhenapplyingaQoSpolicywitharate-limitclass
action.
E-5
MonitoringResources
WhenInsufficientResourcesAreAvailable
WhenInsufficientResourcesAre
Available
Theswitchhasampleresourcesforconfiguringfeaturesandsupporting:
RADIUS-authenticatedclients(withorwithouttheoptionalIDMapplica-
tion)
Virusthrottlingandblockingonindividualclients.
Not e VirusthrottlingdoesnotoperateonIPv6traffic.
Iftheresourcessupportingthesefeaturesbecomefullysubscribed:
Thecurrentfeatureconfiguration,RADIUS-authenticatedclientsessions,
andvirusthrottlinginstancescontinuetooperatenormally.
Theswitchgeneratesaneventlognoticetosaythatcurrentresourcesare
fullysubscribed.
Currentlyengagedresourcesmustbereleasedbeforeanyofthefollowing
actionsaresupported:
ConfigurationofnewentriesforACL,QoS,IDM,virusthrottling,and
otherfeatures(ManagementVLAN,DHCPsnooping,dynamicARP
protection).
AcceptanceofnewRADIUS-basedclientauthenticationrequests
(displayedasanewresourceentryforIDM).
Not e Failuretoauthenticateaclientthatpresentsvalidcredentialsmayindi-
catethatinsufficientresourcesareavailableforthefeaturesconfigured
fortheclientintheRADIUSserver.Totroubleshoot,checktheeventlog.
Throttlingorblockingofnewlydetectedclientswithahighrateof
connectionrequests(asdefinedbythecurrentvirus-throttling
configuration).
Theswitchcontinuestogenerateeventlognotifications(andSNMP
trapnotification,ifconfigured)fornewinstancesofhighconnection-
ratebehaviordetectedbythevirus-throttlingfeature.
E-6
F
DaylightSavingsTimeonProCurveSwitches
ThisinformationappliestothefollowingProCurveswitches:
212M Series2500 Series5300xl
224M Series2600 Series5400zl
1600M Series2800 Switch6108
2400M Series2900 Switch6200yl
2424M Series2910al Series6400cl
4000M Series3400cl Switch8212zl
8000M Series3500yl ProCurveAdvanceStack
Series4100gl
Switches
Series4200vl
ProCurveAdvanceStack
Routers
ProCurveswitchesprovideawaytoautomaticallyadjustthesystemclockfor
DaylightSavingsTime(DST)changes.Tousethisfeatureyoudefinethemonth
anddatetobeginandtoendthechangefromstandardtime.Inadditiontothe
valuenone(notimechanges),therearefivepre-definedsettings,named:
Alaska
CanadaandContinentalUS
MiddleEuropeandPortugal
SouthernHemisphere
WesternEurope
Thepre-definedsettingsfollowtheserules:
Alaska:
BeginDSTat2amonthesecondSundayinMarch.
EndDSTat2amonthefirstSundayinNovember.
CanadaandContinentalUS:
BeginDSTat2amonthesecondSundayinMarch.
EndDSTat2amonthefirstSundayinNovember.
F-1
MiddleEuropeandPortugal:
BeginDSTat2amthefirstSundayonorafterMarch25th.
EndDSTat2amthefirstSundayonorafterSeptember24th.
SouthernHemisphere:
BeginDSTat2amthefirstSundayonorafterOctober25th.
EndDSTat2amthefirstSundayonorafterMarch1st.
WesternEurope:
BeginDSTat2amthefirstSundayonorafterMarch23rd.
EndDSTat2amthefirstSundayonorafterOctober23rd.
AsixthoptionnamedUserdefinedallowsyoutocustomizetheDSTconfig-
urationbyenteringthebeginningmonthanddateplustheendingmonthand
dateforthetimechange.Themenuinterfacescreenlookslikethis(allmonth/
dateentriesareattheirdefaultvalues):
SelectUser-definedandpress[v]to
displaytheremainingparameters.
FigureF-1.MenuInterfacewithUser-DefinedDaylightTimeRuleOption
F-2
BeforeconfiguringaUserdefinedDaylightTimeRule,itisimportantto
understandhowtheswitchtreatstheentries.Theswitchknowswhichdates
areSundays,andusesanalgorithmtodetermineonwhichdatetochangethe
systemclock,giventheconfiguredBeginningdayandEndingday:
IftheconfigureddayisaSunday,thetimechangesat2amonthatday.
IftheconfigureddayisnotaSunday,thetimechangesat2amonthefirst
Sundayaftertheconfiguredday.
ThisistrueforboththeBeginningdayandtheEndingday.
Withthatalgorithm,oneshouldusethevalue1torepresentfirstSundayof
themonth,andavalueequaltonumberofdaysinthemonthminus6"to
representlastSundayofthemonth.Thisallowsasingleconfigurationfor
everyyear,nomatterwhatdateistheappropriateSundaytochangetheclock.
F-3
F-4
Index
Symbols
=>promptC-85
Numerics
802.1X
effect,LLDP14-78
LLDPblocked14-45
802.1Xaccesscontrol
authenticationfailure,SNMP
notification14-26
SNMPnotificationofauthentication
failure14-26
A
access
manager14-13
operator14-13,2-3
accesscontrollist
SeeACL.
ACL
debugmessagesC-41
Seealsodebugcommand.
E-2
gatewayfailsC-12
resourceusageE-2,E-3
transferringcommandfilesA-31,C-9
ACLs
SeeACL.
address
networkmanager14-4
addresstable,portB-15
address,networkmanager14-5
advertiselocation14-57
AESencryption14-9
alertlog5-21
alerttypes5-22
disabling5-25
settingthesensitivitylevel5-24,5-21
allocation,class11-10
allocation,value11-10
ARP
arpage,default8-7
ARPprotection
SNMPnotification14-17,14-26
arp-protect
debugmessagesC-41
asterisk
meaninginshowconfig6-27,C-66
authentication
notificationmessages14-17,14-26
authenticationtrap
SeealsoSNMP.
authorizedIPmanagers
SNMP,blocking14-3
autoMDI/MDI-X
configuration,display10-20
operation10-18,10-20
portmode,display10-20
Auto-1012-4,12-7,12-18
autonegotiate14-57
auto-TFTP
downloadtoaredundantmanagement
systemA-8
B
bandwidth
displayingportutilization10-11,5-18
banner2-7
configuring2-9
default2-7
non-default2-8
operation2-8
boot
Seealsoreboot.
bootcommand6-4,6-19
bootROMconsoleA-4
bootROMmodeC-85
Bootp
Bootptablefile8-13
effectofnoreplyC-8
operation8-12,8-13
server8-2
usingwithUnixsystems8-13
SeealsoDHCP.
Bootp/DHCPdifferences8-13
Index1
Bootp/DHCP,LLDP14-53
broadcastlimit10-17
broadcaststorm12-3,C-19
broadcasttraffic
IPX10-17
RIP10-17
browserinterface
Seewebbrowserinterface.
C
CDP14-79,14-80,14-81,14-82,14-84
Clear+Resetbuttoncombination6-34
Clearbutton5-11
restoringfactorydefaultconfigurationC-85
clearloggingC-36
CLI
accessingfrommenuconsole3-8
contextconfigurationlevel4-5,10-14
globalconfigurationlevel4-5
Help4-11
keystrokeshortcuts4-18
listingcommandoptions4-8
movingtoorfromthemenu4-7
portortrunk-specificcommands4-13,4-3
using 4-24-16
VLAN-specificcommands4-15
commandlineinterface
SeeCLI.
commandsyntaxconventions1-2
communities,SNMP14-14
viewingandconfiguringwiththeCLI14-15,
14-13
configfiles,SCP/SFTPtransfer6-37
configuration
Bootp8-13
comparingstartuptorunning6-6,7-3,A-26
factorydefault6-9,8-2
impactsofsoftwaredownloadonA-4
IP8-2
networkmonitoringB-24
permanent6-7,6-4,10-1,12-1,10-13
quick3-8
reboottoactivatechanges3-13,C-84
savingfrommenuinterface3-10,7-3
SNMP14-4,14-5,14-11,14-13,14-15
startup3-10,7-11
Telnetaccessconfiguration7-3
transferringA-26,14-19
usbautorunA-39,3-7
viewing6-6
webbrowseraccess7-3
configurationfile
browsingfortroubleshootingC-68
configurationfile,multiple
afterfirstreboot6-26,6-23,6-27
backupConfig6-24
changepolicy6-28
Clear+Resetbuttoncombination6-34
copyfromaUSBdeviceA-31,6-36,A-30,6-35,
A-27,A-28,6-25,6-31,6-32,6-27
defaultrebootfromprimary6-29
erasing6-32
memoryassignments6-26,6-24,6-27,6-29,
6-33
newconfig6-29
oldConfig6-25,6-28
policy,override6-30,6-29,6-27
rebootpolicyoptions6-24,6-28,6-25,6-30,
6-31,6-29,6-25,6-24
secondarybootpath6-27,6-28,6-27,6-24,6-25
transitiontomultiplefiles6-25
unabletocopy6-31
workingConfig6-24,6-25
xmodemfromhost6-37,6-36
connection-ratefiltering
affectonswitchresourcesE-2
resourceusageE-2
console
Actionsline3-10,3-11
configuring7-3
endingasession3-5
features2-3
Help3-9,3-11
inactivity-timer7-8
MainMenuinterface3-7
meaningofasterisk3-10,3-13,C-8
navigation3-9,3-10
operation3-10
startingasession3-4,3-12,3-7
troubleshootingaccessproblemsC-6
contextlevel
globalconfig4-5,8-10
managerlevel4-5,4-7
portortrunk-group4-13
VLAN-specific4-15
2Index
copy
commandoutputA-35,A-36,A-37
eventlogoutputA-36
multipleconfigfile,tftp6-35
softwareimagesA-24
tftpshow-techA-27
copyshowtechC-71
copytftp
show-techA-27
coredump
downloadingfilesviaWebC-83
enabling/disablingviaCLIC-80,C-81
transferringfilesC-80
usedtodiagnosesystemfailuresC-79
CPUutilizationB-6
cpuutilizationdataB-8
custom,showtechA-28
D
dateformat,eventsC-27
date,configure7-16
debug
aclmessagesC-41
comparedtoeventlogC-40
destination,loggingC-41,C-45
forwardingIPv4messagesC-42
lldpmessagesC-42
overview
packetmessagesC-42
sendingeventlogmessagesC-40,C-42
usingCLIsessionC-41
wirelessservicesC-42
debugcommand
arp-protectC-41
configuringdebug/SyslogoperationC-43
destinationsC-41,C-51,C-41
eventlogC-58,C-41,C-49,C-40
operatingnotesC-57
RIPmessagesC-50
showdebugC-45,C-51,C-58,C-41,C-49
usingCLIsessionC-51
debuglogging
LLDP14-43
defaultgateway8-3
Seealsogateway.
defaulttrunktype12-10
DESencryption14-9
DevicePasswordswindow5-9
DHCP
addressproblemsC-8
Bootpoperation8-12
effectofnoreplyC-8
manualgatewayprecedence8-12
DHCPsnooping
resourceusageE-2
DHCP/Bootpdifferences8-13
DHCP/Bootpprocess8-12
DHCP/Bootp,LLDP14-53
dhcp-snooping
debugmessagesC-41
DHCPv6
debugmessagesC-42
dhcpv6-clientC-42
diagnosticstoolsC-59
browsingtheconfigurationfileC-68
displayingswitchoperationC-68,C-71
pingandlinktestsC-60
tracerouteC-64
viewingswitchoperationC-68
DNS
configurationC-90,C-93,C-96,C-94
DNS-compatiblecommandsC-88,C-90
domainname,fullyqualifiedC-88,C-89,C-94,
C-88,C-92
eventlogmessagesC-96,C-92
hostnameC-88
IPv6DNSresolutionC-88
name,usinginwebbrowser
operatingnotesC-95
pingC-88,C-90,C-93
resolverC-88,C-89
securemanagementVLANC-95,C-89,C-95,
C-91
threeentriessupportedC-91,C-88,C-90,C-93
VLAN,bestrouteselectionC-95
documentation
featurematrix-xxii
latestversions-xxi
printedin-boxpublications-xxi
releasenotes-xxi
DomainNameServer
SeeDNS.
download
softwareA-22,A-4,A-21
Index3
TFTPA-5
troubleshootingA-6
XmodemA-17
Seealsoswitchsoftware.
duplexadvertisements14-55
duplexinformation,displaying14-72
duplicateMACaddress
SeeMACaddress.
Dyn1
SeeLACP.
dynamicARPprotection
resourceusageE-2
E
edgeports13-3
EmergencyLocationIdNumber14-38,14-66
eventlog
clearingentriesC-35,C-40,3-7
debuggingbyseveritylevelC-41,C-52,C-41,
C-52
format,dateC-27
generatedbysystemmoduleC-27
howtoreadentriesC-26
listingentriesC-35,C-26
navigationC-34,C-58
securitylevels14-20,C-41,C-26,C-56,C-57
timeformatC-27
UDLDwarningmessages10-36
usedfordebuggingC-41,C-26
excessiveframes13-18
F
facility
loggingC-41
factorydefaultconfiguration
restoring6-9,C-84
failure,switchsoftwaredownloadA-7
fans,showstatusB-7
fastbootcommand6-21
faultdetectionpolicy5-9,5-24
fault-tolerance12-4
fiberoptics,monitoringlinks10-29
filter,source-port
jumboVLANs13-16
firmwareversionB-6
flashmemory3-10,6-3
flowcontrol
constraints10-15
effectonrate-limiting13-6
global10-15
jumboframes13-16
per-port10-15
terminal7-3
flowcontrol,statusB-11
flowsampling14-4
friendlyportnames
Seeportnames,friendly.
G
gateway
configuring8-5
defaultgateway8-3
IPaddress8-4,8-6
manualconfigpriority8-12
onprimaryVLAN8-4
precedenceofmanualgatewayoverDHCP/
Bootp8-12
routingfailsC-12
giantframes13-18
globalconfiglevel8-10
H
Help
forCLI1-7,4-11,1-6,3-9,3-11,1-7,5-14
online,inoperable5-14
hop,router8-10
HP
Auto-MDIXfeature10-18
webbrowserinterface2-5
I
ICMP
resourcesE-3
IDM
resourceusageE-2,E-3,E-6
IEEE802.1dC-18
IEEEP802.1AB/D914-44
IGMP
hostnotreceivingC-13
notworkingC-13
statisticsB-20
4Index
inactivitytimeout7-4
inactivity-timer7-8
InboundTelnetEnabledparameterC-7
informs
sendingtotrapreceiver14-20
SNMP14-21
IP8-7
CLIaccess8-6
configuration8-2
DHCP/Bootp8-2
duplicateaddressC-8
effectwhenaddressnotused8-11
featuresavailablewithandwithout8-11
gateway8-3,8-4
menuaccess8-5,8-3,8-8
subnet8-3,8-8,8-2,8-6
timeserveraddress9-9,9-19
Time-To-Live8-7,8-10,8-7,8-10
usingforwebbrowserinterface5-5
webaccess8-10
IPaddress
forSNMPmanagement14-3
loopbackinterfaceconfiguration8-16
manuallyconfigure8-6,8-8
quickstart1-8,8-3
removingorreplacing8-10
setupscreen8-3,8-7
IPPreserve
DHCPserver8-20
overview8-20
rules,operating8-20
summaryofeffect8-23
IProuting
debugmessagesC-41
IPv6
debugdhcpv6messagesC-42
IPX
broadcasttraffic10-17
networknumberB-9
J
jumboframes
configuration13-10
excessiveinbound13-16
flowcontrol13-16
GVRPoperation13-9
managementVLAN13-15,13-8,13-13,13-9
MTU13-8
portaddsandmoves13-9
securityconcerns13-16,13-8,13-17
throughnon-jumboports13-17,13-9,13-18
VLANtag13-8
voiceVLAN13-15
K
killcommand7-9
L
LACP
802.1Xnotallowed12-22
active12-15
blockedports12-24
CLIaccess12-11
defaultportoperation12-21,12-6,12-18
Dyn112-7
dynamic12-19
enablingdynamictrunk12-15
full-duplexrequired12-4,12-18
IGMP12-23
monitoringstatictrunkB-24
nohalf-duplex12-25
operationnotallowedC-14,12-4
passive12-15
removingportfromactivetrunk12-16,12-22
standbylink12-19,12-21
STP12-23
trunklimit12-19
VLANs12-23
with802.1X12-22
limit,broadcast10-17
linkfailures
detecting10-29
linkspeed,porttrunk12-3
linktestC-60
link,serial7-3
link-changetraps14-17,14-28
Link-LayerDiscoveryProtocol
SeeLLDP.
LLDP
802.1D-compliantswitch14-78,14-45,14-78
activeport14-38,14-53,14-70,14-53,14-54,
14-49
CDPneighbordata14-79
Index5
chassisID14-53,14-75,14-80,14-41,14-54
dataoptions14-42,14-43,14-39,14-43,C-41,
C-42,14-45
DHCP/Bootpoperation14-44
disable,per-port14-52,14-73
ELIN14-38
enable/disable,global14-48
features14-37
generaloperation14-40,14-75
holdtimemultiplier14-49,14-40
IEEEP802.1AB/D914-44
inconsistentvalue14-50,14-42,14-76
IPaddressadvertisement14-44,14-78,14-53
LLDP-aware14-38,14-39
mandatoryTLVs14-78
MIB14-40,14-44
neighbor14-39,14-78,14-73,14-75,14-77
operatingrules14-44,14-40,14-54,14-42
packetboundaries14-40,14-43,14-40,14-78,
14-39,14-76,14-54,14-53,14-55,14-44,14-53
refreshinterval14-48,14-50,14-43,14-53,
14-75,14-52
setmib,delayinterval14-49,14-51,14-70,
14-46,14-47,14-71
SNMPnotification14-42
spanning-treeblocking14-45,14-44,14-75,
14-54
terminology14-38,14-41,14-49
TLV14-40
transmissionfrequency14-41,14-48,14-41,
14-52,14-51
TTL14-41,14-43
txonly14-52
VLAN,untagged14-78
walkmib14-43
LLDP-MED
displayingspeed14-72
ELIN14-66
enableordisable14-41,14-57
faststartcontrol14-61
locationdata14-65
medTlvenable14-63
NeighborsMIB14-73
topologychangenotification14-59
VoiceoverIP14-56
loadbalancing
Seeporttrunk.
logging
facilityC-41
loggingcommandC-49
syntaxC-41,C-52
logicalport12-8
loop,network12-3
loopbackinterface
benefits8-15
configuration8-16
default8-15,8-18,8-17
multipleinterfacessupported8-15
lostpassword5-11
M
MACaddress8-13,B-6,D-2
displayingdetecteddevicesD-7,C-19,C-24
learnedB-15
per-slotorper-switchD-5,D-2,D-4
sameMAC,multipleVLANsD-6,D-2
VLAND-2,D-5
walkmibD-5
MACauthentication
MaintenancePowerSignature11-4
management
interfacesdescribed2-2
serverURL5-13,5-14
ManagementInformationBase
SeeMIB.
managementVLAN
SeeVLAN.
managementVLAN,DNSC-95
manageraccess4-5,4-6,14-13
managerpassword5-9,5-11
managerprivileges4-5,4-6
maxframesize,jumbo13-13
MD5authentication14-9
MDI/MDI-X
configuration,display10-20
operation10-18
portmode,display10-20
mediatype,porttrunk12-3
memory
flash3-10,6-3
startupconfiguration3-10
menuinterface
configurationchanges,saving3-10
6Index
movingtoorfromtheCLI4-7
Seealsoconsole.
mesh
jumboframes13-17
MIB
HPproprietary14-4
listing14-4
standard14-4
mirroring
Seeportmonitoring.
MLTS14-39
module
CLIcommand10-28
configuringwhennotinserted10-27
pre-configuring10-27
monitoring
linksbetweenports10-29
Seeportmonitoring.
monitoringtrafficB-24
monitoring,portB-24
MPS,defined11-4
MultilineTelephonesystem14-39
multinetting8-3,8-8
SeealsoACLs.
multipleconfigurationfile
Seeconfigurationfile,multiple.
multipleforwardingdatabaseB-10,B-18
multipleVLAN14-3
N
NANP14-39
navigation,eventlogC-34
networkmanagementfunctions14-5,14-13
networkmanageraddress14-4,14-5
networkmonitoring
trafficoverloadB-24
NetworkMonitoringPortscreenB-24
networkslowC-8
NorthAmericanNumberingPlan14-39
notifications
authenticationmessages14-17,14-26
configuringtrapreceivers14-19
enablingfornetworksecurity14-26
link-changetraps14-17
networksecurity14-26
O
onlineHelp
SeeHelp.
operatingsystem
Seeswitchsoftware.
operationnotallowed,LACPC-14
operatoraccess4-4,4-6,14-13
operatorpassword5-11
settingviawebbrowser5-9
operatorprivileges4-4,4-6
OS
versionA-22
Seealsoswitchsoftware.
out-of-bandaccess2-3
P
packet
debugmessagesC-42
password5-9,5-11
console3-7,5-9
delete5-11,A-43
ifyoulosethepassword5-11
lost5-11
manager4-4,5-9
operator4-4,5-9
setting5-10
usingtoaccessbrowserandconsole5-11
webinterface5-9
patternmatching,showcommandoutputC-75
PD14-39
pingC-88,C-90,C-93
SeealsoDNS,resolver.
Seealsotroubleshooting.
pingtestC-60
PoE
activeports,defined11-4,14-65,11-10
benefitofLLDP-MED14-57
changingprioritylevel11-7,11-13,11-26,11-7
enableordisableoperation11-5,11-8
EPS,defined11-4
eventlogmessages11-28
LLDPdetection,enablingordisabling11-15
manuallyconfiguringpowerlevels11-11,
11-28
MPS,defined11-4
otherfault11-23,11-4,11-21
Index7
PD,defined11-4
port-numberpriority11-7,11-4,11-5,11-4,
11-7,11-8,11-4,11-27,11-6,11-7
PSE,defined11-4
QoSclassifiers11-27
relatedpublications11-3
RPS,defined11-4
security11-26,14-61,11-23,11-10
terminology11-4,11-6,11-13
viewingstatus11-20
VLANassignments11-26
policyenforcementengine
describedE-2
pollinterval
SeeTimeP.
port
addresstableB-15
blockedbyUDLD10-30,10-17
CLIaccess10-8
configuration10-1,10-30,10-14,B-12
defaultloopbackinterface8-18,8-17,10-9
enablingUDLD10-31
loopbackinterfaceconfiguration8-15,8-16
MACaddressD-4,D-5
menuaccess10-4,B-24
speed,view10-9
trafficpatternsB-12,10-12
Seeporttrunk.
utilization5-18,10-11
CLI10-11
webbrowserinterface5-18
webbrowseraccess10-21
portconfiguration12-1
portnames,friendly
configuring10-23
displaying10-24
summary10-22
portsecurity
porttrunkrestriction12-3
trunkrestriction12-8
porttrunk12-2
bandwidthcapacity12-2
caution12-3,12-9,12-17
CLIaccess12-11
defaulttrunktype12-10
enablingdynamicLACP12-15,10-31
IGMP12-8
limit12-2,12-19,12-3,12-8
mediarequirements12-7,12-3,12-9,12-8,B-24
nonconsecutiveports12-2
portsecurityrestriction12-8
removingportfromstatictrunk12-15,12-7
SA/DA12-27
spanningtreeprotocol12-8,12-7,12-4,12-19
STP12-8,12-7
trafficdistribution12-7
Trk112-7
trunk(non-protocol)option12-6,12-26,12-6
UDLDconfiguration10-30
VLAN12-8,12-7
webbrowseraccess12-17
SeealsoLACP.
porttrunkgroup
interfaceaccess12-1
port,active14-38
port-accessauthentication
port-basedaccesscontrol
eventlogC-14
LACPnotallowed12-22
troubleshootingC-14
port-utilizationandstatusdisplays10-11
powerlevels,configuring11-11
powersupply
showsettingsB-7
power-over-ethernet
SeePoE.
Power-SourcingEquipment11-4,14-39
priorityclass,defined11-4
priorityofoperation11-5
privilegelevels4-3
ProCurve
Auto-MDIXfeature10-18
supportURL5-14,-xxi
ProCurveManager
readingUSBautorunfilesA-41,A-39
securityconcernswhendeletingpublic
community14-5
SNMPandnetworkmanagement14-3
startingwebbrowser5-5
updatingswitchsoftwareA-24,5-6
ProCurve,HP,URL14-4
prompt,=>C-85
PSAP14-39
PSE14-39
PSE,defined11-4
8Index
PublicSafetyAnsweringPoint14-39
publicSNMPcommunity14-5,14-13
Q
QoS
SeeQualityofService.
QualityofService
resourceusageE-2,E-3
quickconfiguration3-8
quickstart1-8
R
RADIUS
webbrowseraccess5-9
RADIUS-assignedACLs
resourcesE-2
ratedisplayforports10-11
rate-limiting
caution13-3
displayingconfiguration13-5
edgeports13-3,13-6,13-5
howmeasured13-6
ICMP
SeeICMPrate-limiting.
intendeduse13-3
noteontesting13-7
operatingnotes13-5,13-6
per-portonly13-3
trafficfilters13-6
reboot
actionscausing6-4
fasterboottime6-21,6-20
obtainingfasterreboottime6-19
schedulingremotely6-22
viamenuconsole3-8,3-10,3-12
Seealsoboot.
redo,commanddescription4-16
reload6-4
reloadcommand6-19
remotesession,terminate7-9
repeat,commanddescription4-16
Resetbutton6-4
restoringfactorydefaultconfigurationC-85
resetoperatingsystem3-12
resetportcountersB-12
resettingtheswitch
factorydefaultresetC-84
resourcemonitor
eventlogE-6
resourceusage
displayingE-3
insufficientresourcesE-6
restrictedwriteaccess14-13
RFCs
RFC149314-4,14-44,14-33
SeealsoMIB.
RIP
broadcasttraffic10-17
debugcommandC-50,C-42
RMON14-4
RMONgroupssupported14-33
router
gateway8-6
router,hop8-10
routing
gatewayfailsC-12
OSPFdebugmessagesC-50
RIPdebugmessagesC-50
tracerouteC-64
RS-2322-3
running-config
viewing6-6
Seealsoconfiguration.
S
scheduledreboot6-22
SCP/SFTP
enablingA-10
sessionlimitA-14,A-17
transferofconfigfiles6-37,A-16
securecopy
SeeSCP/SFTP.
secureFTP
SeeSCP/SFTP.
securemanagementVLAN
SeeVLAN.
securemanagementVLAN,DNSC-95
security
Clearbutton5-12
enablingnetworksecuritynotifications14-26
privilegelevelsinCLI4-3
USBautorunA-40
usernameandpassword5-9
Index9
webbrowseraccess,RADIUS5-9
SelfTestLED
behaviorduringfactorydefaultresetC-85
serialnumberB-6
setmib,delayinterval14-49
setmib,reinitdelay14-51
setupscreen1-8
severitylevel
eventlogC-26
selectingEventLogmessagesfor
debuggingC-56
sFlow14-4
agent14-33
CLI-ownedversusSNMP-owned
configurations14-34
configuringviatheCLI14-34
destination14-33
sampling-pollinginformation14-36,14-34
SHAauthentication14-9
show
displayingspecificoutputC-75
excludeoption
show
begin option C-75
includeoptionC-75,10-9
patternmatchingwithC-75
tech,customA-28,7-6
showcpuB-8
showdebugC-45
showinterfaces
dynamicdisplay10-10
showinterfacesdisplayC-75
showmanagement9-9,9-19
showtechC-68
customA-28
show-techA-27
slownetworkC-8
SNMP14-3
ARPprotectionevents14-17
authenticationnotification14-17,14-26
CLIcommands14-13
communities14-4,14-5,14-13,14-14
configuringwiththeCLI14-15,14-13
mapping14-11
14-4,14-5,14-23,14-19
DHCPsnoopingevents14-17
differentversions14-17
enablinginforms14-21,14-27,14-23
fixedtraps14-19
invalidpasswordinlogin14-17
IP14-3
link-changetraps14-17,14-28
managerpasswordchange14-17
networksecuritynotification14-26
publiccommunity14-5,14-13
supportednotifications14-17,14-19
traps10-30,14-4,14-17
walkmibD-5,D-6,14-19
SNMPtrap,LLDP14-51
SNMPv3
"public"communityaccesscaution14-6
access14-5,14-7,14-9
communities14-11
enablecommand14-7,14-6,14-9
groupaccesslevels14-11,14-10
networkmanagementproblemswithsnmpv3
only14-6
restricted-accessoption14-6
setup14-5
users14-5
SNTP
broadcastmode9-2,9-11,9-3
configuration9-4
disabling9-12
enablinganddisabling9-10,9-26
manualconfigpriority8-12,9-26
operatingmodes9-2
pollinterval
SeeTimeP.
selecting9-3,9-9
unicastmode9-3,9-12,9-25,9-26
viewing9-4,9-8
software
Seeswitchsoftware.
softwareimage
Seeswitchsoftware.
softwareversionB-6
sortingalertlogentries5-21
sourceportfilters
jumboVLANs13-16
spanningtree
fast-uplink,troubleshootingC-19
problemsrelatedtoC-19
showtech,copyoutputC-70
usingwithporttrunking12-8
10Index
SSH
enablingordisablingA-13
TACACSexclusionA-14
troubleshootingA-16,C-19
standardMIB14-4
startingaconsolesession3-4
startup-config
viewing6-6
Seealsoconfiguration.
statistics3-7,B-4
statistics,clearcounters6-11
statusandcounters
accessfromconsole3-7
statusandcountersmenuB-5
statusoverviewscreen5-7
subnet8-8
subnetmask8-4,8-6
SeealsoIPmasks.
support
changingdefaultURL5-14
URL5-13
switchconsole
Seeconsole.
switchsetupmenu3-8
switchsoftware
copyfromaUSBdeviceA-19
downloadusingTFTPA-4,A-7,A-22,A-6,A-4
softwareimageA-3
versionA-6,A-18
Syslog
"debug"severitylevelasdefaultC-56,C-58
comparedtoeventlogC-40,C-43,C-41,C-49,
C-41
displayingSyslogconfigurationC-45
eventlogmessagessentbydefaultC-54
loggingcommandC-49,C-51
operatingnotesC-57,C-40
Seealsodebugcommand.
sendingeventlogmessagesC-40,C-53,C-51,
C-56,C-57
userfacilityasdefaultC-55,C-58,C-41,C-52
systemconfigurationscreen7-11
systeminformationB-7
fansB-7
power-supplyB-7
temperatureB-7
systemmodule
selectingeventlogmessagesfor
debuggingC-57
SystemNameparameter7-12
T
TACACS
SSHexclusionA-14
taskmonitorB-8
taskusage-dB-8
taskUsageShowB-8
Telnet
connectingtoswitch3-4
enable/disable7-4
outbound7-6
terminatesession,killcommand7-9,C-7
telnet
domainnameaddress7-6
hostname7-6
ipv6address7-6
showcommand7-6
temperature,showsettingsB-7
terminalaccess,loseconnectivity7-8
terminaltype7-3
terminateremotesession7-9
TFTP
copycommandoutputA-35,A-36,A-37,A-36,
A-27,A-24
downloadsoftwareusingCLIA-7,A-5
switch-to-switchtransferA-21
troubleshootingdownloadfailuresA-6
uploadinganACLcommandfileA-31,A-4
thresholdsetting14-5,14-13
thresholds,SNMP14-19
timeformat,eventsC-27
timeprotocol
selecting9-3
timeserver8-2
timezone7-12,7-16
time,configure7-16
TimeP8-3,8-5
assignmentmethods9-2
disabling9-23
enablinganddisabling9-20
pollinterval9-23
selecting9-3,9-9,9-19
viewingandconfiguring,menu9-17,9-19
Index11
timesync,disabling9-23
Time-To-Live8-3,8-5,8-6,8-10
SeealsoTTL.
time-to-live,LLDP14-41
Time-To-Live,onprimaryVLAN8-4
TLV14-40
TLVs,mandatory14-78
tracerouteC-88,C-90,C-93
asteriskC-66
blockedrouteC-67
failsC-65
trafficmonitoring14-5,14-13
SeealsosFlowandRMON.
traffic,monitoringB-24
traffic,portB-12
transceiver
errormessages10-13
viewstatus10-12
transceivers
configuringwhennotinserted10-27
notinserted10-27
trap5-25
CLIaccess14-19
configuringtrapreceivers14-19
securitylevels14-20
trapnotification14-51
trapreceiver14-4,14-5
configuring14-19
sendingeventlogmessages14-20
SNMP14-19
uptotensupported14-19
traps
arp-protect14-27
dhcp-snooping14-27
enablingnetworksecuritynotifications14-26
fixed14-19
link-change14-27,14-28,14-27
password-change-mgr14-27
Seealsonotification.
snmp-authentication14-27
threshold14-19
troubleshooting
ACLC-9
approachesC-5
browsingtheconfigurationfileC-68
configuringdebugdestinationsC-41,C-6,
C-79
diagnosingunusualnetworkactivityC-8,
C-59,C-68,C-71
DNS
SeeDNS.
fast-uplinkC-18
pingandlinktestsC-60
resourceusageE-2,C-84
spanningtreeC-18
SSHC-19,A-16
switchsoftwaredownloadA-6,C-85,C-79
tracerouteC-88,C-90
unusualnetworkactivityC-8,C-41,C-26
viewingswitchoperationC-68
webbrowseraccessproblemsC-6
trunk
Seeporttrunk.
TTL8-3,8-5,8-6,8-7
IP8-10
LLDP14-41
onprimaryVLAN8-4
SeealsoTime-To-Live.
Type-Length-Value14-40
typesofalertlogentries5-22
U
UDLD
changingthekeepaliveinterval10-32
enablingonaport10-31,10-36
operation10-30,10-29
viewingconfiguration10-33,10-34
warningmessages10-36
unauthorizedaccess14-27
undersizeframes13-18
Uni-directionalLinkDetection
SeeUDLD.
UniversalResourceLocator
SeeURL.
Unix,Bootp8-13
unrestrictedwriteaccess14-13
unusualnetworkactivityC-8
uptimeB-6
URL
browserinterfaceonlinehelplocation5-14
management5-14,5-13,5-14
ProCurve5-14,14-4
support5-13,5-14
12Index
USB
autorunA-39A-44
AutoRunfileA-39
commandfileA-39,A-43,A-39
enablingordisablingA-43
LEDindicationsA-41
reportoutputsA-41,A-39
secure-modeA-43,A-40
troubleshootingA-41
viewingconfiginformationA-44
A-19,A-39,A-41
A-36,A-25
deviceswithsecurepartitionsnot
supportedA-20
flashdrivesmustbeformattedA-20
supportedcapabilitiesA-20
viewingflashdrivecontentsA-20
username
usingforbrowserorconsoleaccess5-9,5-11
users,SNMPv3
SeeSNMPv3.
utilization,port5-18,10-11
V
version,OSA-22
version,switchsoftwareA-6,A-18
view
duplex10-9
portspeed10-9
transceiverstatus10-12
virtualinterface
Seeloopbackinterface
virus-throttling
Seeconnection-ratefiltering.
VLAN
address14-3
Bootp8-13
configuringBootp8-13,10-32
devicenotseenC-23
eventlogentriesC-27
ID4-15,8-4
jumbomaxframesize13-13
linkblockedC-19
MACaddressD-2,D-5
managementandjumboframes13-15,E-2,
14-3,B-3,B-24,8-3,8-8,14-3,8-3,8-8
portconfigurationC-23,8-3
rebootrequired3-8
sameMAC,multipleVLANsD-6,C-95,8-3,8-8,
3-8,A-4
taggingbroadcast,multicast,andunicast
trafficC-23
VLANID
SeeVLAN.
VoIP
LLDP-MEDsupport14-56
VT-100terminal7-3
W
walkmib14-43,D-5,D-6
warranty-ii
webagent
advantages2-5
disablingaccess5-3
enable/disable7-4,5-3
Webauthentication
webbrowserinterface
accessconfiguration7-3,5-9,7-3,5-21,5-22
bandwidthadjustment5-19
disableaccess5-3
enabling5-5,5-18
faultdetectionpolicy5-9,5-24,2-5,5-8
Javaapplets,enabling5-5
mainscreen5-17
onlinehelp5-14,5-17
Overviewwindow5-17
passwordlost5-11,5-10,5-20,5-18
screenelements5-17,5-3,5-9,5-5,5-7,5-5
troubleshootingaccessproblemsC-6
URLdefault5-14,5-15
website,HP14-4
windshell,debugdestinationC-41
wirelessservices
debugmessagesC-42
worldwidewebsite,HP
SeeProCurve.
writeaccess14-13
writememory
effectonmenuinterface3-13
Index13
X
Xmodem
A-28,A-25
downloadtoprimaryorsecondaryflashA-18
14Index
Copyright 2009 Hewlett-Packard
Development Company, L.P.
February 2009
Manual Part Number
5992-5437

HP ProCurve - Management and Configuration Guide W.14.03

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

HP ProCurve - Management and Configuration Guide W.14.03

Transféré par

Droits d'auteur :

Formats disponibles

Management and

TimeSyncMethod None SeeChapter9,TimeProtocols.

DaylightTimeRule None page

Vous aimerez peut-être aussi