Management and Configuration Guide ProCurve Switch 2500 Series

Management and
Configuration Guide
ProCurve Switches
Software Release F.01.xx
(Refer to Release Notes for F.02.xx and greater)
Series 2500 Switches
www.procurve.com
ProCurveSwitches
2512and2524
Software Release F.01.xx
(RefertoReleaseNotesforreleasesF.02.xxand
greater,andforcurrentsoftwarefeatures)
ManagementandConfigurationGuide
Copyright2000,2005 Hewlett-PackardCompany
AllRightsReserved.
Thisdocumentcontainsinformationwhichisprotectedby
copyright.Reproduction,adaptation,ortranslationwithout
priorpermissionisprohibited,exceptasallowedunderthe
copyrightlaws.
PublicationNumber
5969-2354
October2005
ApplicableProduct
ProCurveSwitch2512(J4812A)
ProCurveSwitch2524(J4813A)
TrademarkCredits
Microsoft,Windows,Windows95,andMicrosoftWindows
NTareregisteredtrademarksofMicrosoftCorporation.
InternetExplorerisatrademarkofMicrosoftCorporation.
EthernetisaregisteredtrademarkofXeroxCorporation.
NetscapeisaregisteredtrademarkofNetscapeCorporation.
Disclaimer
Theinformationcontainedinthisdocumentissubjectto
changewithoutnotice.
HEWLETT-PACKARDCOMPANYMAKESNOWARRANTY
OFANYKINDWITHREGARDTOTHISMATERIAL,
INCLUDING,BUTNOTLIMITEDTO,THEIMPLIED
WARRANTIESOFMERCHANTABILITYANDFITNESS
FORAPARTICULARPURPOSE.Hewlett-Packardshallnot
beliableforerrorscontainedhereinorforincidentalor
consequentialdamagesinconnectionwiththefurnishing,
performance,oruseofthismaterial.
Hewlett-Packardassumesnoresponsibilityfortheuseor
reliabilityofitssoftwareonequipmentthatisnotfurnished
byHewlett-Packard.
Warranty
SeetheCustomerSupport/Warrantybookletincludedwith
theproduct.
Acopyofthespecificwarrantytermsapplicabletoyour
Hewlett-Packardproductsandreplacementpartscanbe
obtainedfromyourHPSalesandServiceOfficeor
authorizeddealer.
Hewlett-PackardCompany
8000FoothillsBoulevard,m/s5551
Roseville,California 95747-5551
http://www.hp.com/go/procurve
Preface
Preface
UseofThisGuideandOtherProCurveSwitch
Documentation
Thisguidedescribeshowtousethecommandlineinterface(CLI),menu
interface,andwebbrowserinterfacefortheProCurveSwitches2512and2524
- hereafterreferredtoindividuallyastheSwitch2512orSwitch2524and
collectivelyastheSwitches2512/2524orSeries2500switches).
Not e ThisguidecoverssoftwarereleaseF.01.xxonly.Forinformationonreleases
F.02.xxandgreaterandthelatestsoftwareupdates,refertotheReleaseNotes
(visittheProCurveNetworkingwebsiteathttp://www.procurve.com,clickon
Technicalsupport,andthenclickonProductManuals).
Forinformationonspecificparametersinthemenuinterface,refertothe
onlinehelpprovidedintheinterface.
ForinformationonaspecificcommandintheCLI,typethecommand
namefollowedbyhelp(<command>help).
ForinformationonspecificfeaturesintheHPWebBrowserInterface
(hereafterreferredtoasthewebbrowserinterface),usetheonlinehelp
availableforthewebbrowserinterface.Formoreinformationonweb
browserHelpoptions,refertoOnlineHelpfortheHPWebBrowser
Interfaceonpage4-12.
FormoreinformationonProCurveNetworkingswitchtechnology,refer
totheProCurveNetworkingwebsiteat:
http://www.procurve.com
iii
Contents
Contents
Preface ........................................................iii
UseofThisGuideandOtherProCurveSwitchDocumentation...... iii
1.SelectingaManagementInterface
ChapterContents ............................................. 1-1
Overview ..................................................... 1-2
UnderstandingManagementInterfaces ......................... 1-2
AdvantagesofUsingtheMenuInterface........................ 1-3
AdvantagesofUsingtheCLI ................................... 1-4
CLIUsage .............................................. 1-4
AdvantagesofUsingtheHPWebBrowserInterface............. 1-5
AdvantagesofUsingHPTopToolsforHubs&Switches ......... 1-6
2.UsingtheMenuInterface
Overview ..................................................... 2-2
StartingandEndingaMenuSession ........................... 2-3
HowToStartaMenuInterfaceSession ......................... 2-4
HowToEndaMenuSessionandExitfromtheConsole .......... 2-5
MainMenuFeatures .......................................... 2-7
ScreenStructureandNavigation............................... 2-9
RebootingtheSwitch......................................... 2-12
MenuFeaturesList........................................... 2-14
WhereToGoFromHere ...................................... 2-15
3.UsingtheCommandLineInterface(CLI)
Overview ..................................................... 3-2
v
Contents
AccessingtheCLI ............................................. 3-2
Usingthe CLI................................................. 3-2
PrivilegeLevelsatLogon ..................................... 3-3
PrivilegeLevelOperation ..................................... 3-4
OperatorPrivileges ...................................... 3-4
ManagerPrivileges....................................... 3-5
HowToMoveBetweenLevels ................................ 3-7
ListingCommandsandCommandOptions ...................... 3-8
ListingCommandsAvailableatAnyPrivilegeLevel ........... 3-8
CommandOptionDisplays ............................... 3-10
DisplayingCLI"Help" ....................................... 3-11
ConfigurationCommandsandtheContextConfigurationModes .. 3-13
CLIControlandEditing ...................................... 3-16
4.UsingtheHPWebBrowserInterface
Overview ..................................................... 4-2
GeneralFeatures.............................................. 4-3
WebBrowserInterfaceRequirements .......................... 4-4
StartinganHPWebBrowserInterfaceSessionwiththeSwitch .. 4-5
UsingaStandaloneWebBrowserinaPCorUNIXWorkstation .... 4-5
UsingHPTopToolsforHubs&Switches ....................... 4-6
TasksforYourFirstHPWebBrowserInterfaceSession......... 4-8
ViewingtheFirstTimeInstallWindow ........................ 4-8
CreatingUsernamesandPasswordsintheBrowserInterface ...... 4-9
UsingthePasswords .................................... 4-11
UsingtheUserNames ................................... 4-11
IfYouLoseaPassword .................................. 4-11
OnlineHelpfortheHPWebBrowserInterface ................. 4-12
Support/MgmtURLsFeature .................................. 4-13
SupportURL .............................................. 4-14
HelpandtheManagementServerURL ........................ 4-14
StatusReportingFeatures .................................... 4-16
TheOverviewWindow ...................................... 4-16
vi
Contents
ThePortUtilizationandStatusDisplays ....................... 4-17
PortUtilization ......................................... 4-17
PortStatus............................................. 4-19
TheAlertLog .............................................. 4-20
SortingtheAlertLogEntries ............................. 4-20
AlertTypes ............................................ 4-21
ViewingDetailViewsofAlertLogEntries .................. 4-22
TheStatusBar ............................................. 4-23
SettingFaultDetectionPolicy ................................ 4-24
5.ConfiguringIPAddressing,InterfaceAccess,and
SystemInformation
Menu:ConfiguringIPAddress,Gateway,Time-To-Live(TTL),
Overview ..................................................... 5-2
IPConfiguration .............................................. 5-3
JustWantaQuickStart? ..................................... 5-4
IPAddressingwithMultipleVLANs............................ 5-4
IPAddressinginaStackingEnvironment ....................... 5-5
andTimep.................................................. 5-5
CLI:ConfiguringIPAddress,Gateway,Time-To-Live(TTL),
andTimep.................................................. 5-7
Web:ConfiguringIPAddressing .............................. 5-10
HowIPAddressingAffectsSwitchOperation................... 5-10
DHCP/BootpOperation.................................. 5-11
NetworkPreparationsforConfiguringDHCP/Bootp ......... 5-14
GloballyAssignedIPNetworkAddresses...................... 5-15
InterfaceAccess:Console/SerialLink,Web,andInboundTelnet 5-16
Menu:ModifyingtheInterfaceAccess ......................... 5-17
CLI:ModifyingtheInterfaceAccess ........................... 5-18
SystemInformation .......................................... 5-21
Menu:ViewingandConfiguringSystemInformation............. 5-22
CLI:ViewingandConfiguringSystemInformation .............. 5-23
Web:ConfiguringSystemParameters ......................... 5-25
vii
Contents
6.OptimizingPortUsageThroughTrafficControland
PortTrunking
Overview ..................................................... 6-2
ViewingPortStatusandConfiguringPortParameters........... 6-2
Menu:ViewingPortStatusandConfiguringPortParameters ...... 6-5
CLI:ViewingPortStatusandConfiguringPortParameters ........ 6-6
Web:ViewingPortStatusandConfiguringPortParameters ....... 6-9
PortTrunking................................................ 6-10
Switch2512and2524PortTrunkFeaturesandOperation ........ 6-11
TrunkConfigurationMethods ................................ 6-12
Menu:ViewingandConfiguringaStaticTrunkGroup............ 6-16
CLI:ViewingandConfiguringaStaticorDynamic
PortTrunkGroup .......................................... 6-18
UsingtheCLIToViewPortTrunks ........................ 6-18
UsingtheCLIToConfigureaStaticorDynamicTrunkGroup . 6-20
Web:ViewingExistingPortTrunkGroups ..................... 6-23
TrunkGroupOperationUsingLACP .......................... 6-24
DefaultPortOperation .................................. 6-25
LACPNotesandRestrictions ............................. 6-26
TrunkGroupOperationUsingtheTrunkOption............... 6-27
HowtheSwitchListsTrunkData ............................. 6-27
OutboundTrafficDistributionAcrossTrunkedLinks ............ 6-28
7.UsingPasswords,PortSecurity,andAuthorizedIP
ManagersToProtectAgainstUnauthorizedAccess
Overview ..................................................... 7-3
UsingPasswordSecurity....................................... 7-4
Menu:SettingManagerandOperatorpasswords ................. 7-5
CLI:SettingManagerandOperatorPasswords................... 7-7
Web:ConfiguringUserNamesandPasswords ................... 7-8
ConfiguringandMonitoringPortSecurity ...................... 7-9
viii
Contents
BasicOperation ............................................. 7-9
BlockingUnauthorizedTraffic ............................ 7-10
TrunkGroupExclusion.................................. 7-11
PlanningPortSecurity ...................................... 7-11
CLI:PortSecurityCommandOptionsandOperation ............ 7-13
CLI:DisplayingCurrentPortSecuritySettings.............. 7-16
CLI:ConfiguringPortSecurity ............................ 7-17
Web:DisplayingandConfiguringPortSecurityFeatures ......... 7-21
ReadingIntrusionAlertsandResettingAlertFlags.............. 7-22
NoticeofSecurityViolations ............................. 7-22
HowtheIntrusionLogOperates .......................... 7-22
KeepingtheIntrusionLogCurrentbyResettingAlertFlags... 7-23
Menu:CheckingforIntrusions,ListingIntrusionAlerts,and
ResettingAlertFlags .................................... 7-24
CLI:CheckingforIntrusions,ListingIntrusionAlerts,and
UsingtheEventLogToFindIntrusionAlerts
Web:CheckingforIntrusions,ListingIntrusionAlerts,and
............... 7-27
OperatingNotesforPortSecurity............................. 7-28
UsingIPAuthorizedManagers ............................... 7-30
AccessLevels .............................................. 7-31
DefiningAuthorizedManagementStations ..................... 7-31
OverviewofIPMaskOperation ........................... 7-32
Menu:ViewingandConfiguringIPAuthorizedManagers ......... 7-33
CLI:ViewingandConfiguringAuthorizedIPManagers ........... 7-34
ListingtheSwitchsCurrentAuthorizedIPManager(s) ....... 7-34
ConfiguringIPAuthorizedManagersfortheSwitch.......... 7-35
Web:ConfiguringIPAuthorizedManagers..................... 7-36
BuildingIPMasks.......................................... 7-36
ConfiguringOneStationPerAuthorizedManagerIPEntry.... 7-36
ConfiguringMultipleStationsPerAuthorizedManager
IPEntry ............................................... 7-37
AdditionalExamplesforAuthorizingMultipleStations ....... 7-39
OperatingandTroubleshootingNotes ......................... 7-39
ix
Contents
8.ConfiguringforNetworkManagementApplications
Overview ..................................................... 8-2
SNMPManagementFeatures .................................. 8-3
ConfiguringforSNMPAccesstotheSwitch .................... 8-4
SNMPCommunities ........................................... 8-6
Menu:ViewingandConfiguringSNMPCommunities ............. 8-6
ToView,Edit,orAddSNMPCommunities: .................. 8-6
CLI:ViewingandConfiguringCommunityNames ................ 8-8
ListingCurrentCommunityNamesandValues ............... 8-8
ConfiguringIdentityInformation ........................... 8-9
ConfiguringCommunityNamesandValues .................. 8-9
TrapReceiversandAuthenticationTraps ..................... 8-10
CLI:ConfiguringandDisplayingTrapReceivers ................ 8-11
UsingtheCLIToListCurrentSNMPTrapReceivers ......... 8-11
ConfiguringTrapReceivers .............................. 8-12
UsingtheCLIToEnableAuthenticationTraps.................. 8-12
AdvancedManagement:RMONandExtendedRMONSupport .. 8-13
RMON .................................................... 8-13
ExtendedRMON ........................................... 8-13
9.ConfiguringAdvancedFeatures
Overview ..................................................... 9-4
HPProCurveStackManagement ............................... 9-5
WhichDevicesSupportStacking? ............................. 9-6
ComponentsofHPProCurveStackManagement ................ 9-7
GeneralStackingOperation................................... 9-7
OperatingRulesforStacking .................................. 9-8
GeneralRules ........................................... 9-8
SpecificRules ........................................... 9-9
OverviewofConfiguringandBringingUpaStack ............... 9-11
GeneralStepsforCreatingaStack ........................ 9-13
x
Contents
UsingtheMenuInterfaceToViewStackStatusAnd
ConfigureStacking......................................... 9-15
UsingtheMenuInterfaceToViewandConfigureaCommander
UsingtheCommanderToAccessMemberSwitchesfor
ConvertingaCommanderorMembertoaMemberof
UsingtheCLIToAccessMemberSwitchesforConfiguration
Switch ................................................ 9-15
UsingtheMenuToManageaCandidateSwitch............. 9-17
UsingtheCommanderToManageTheStack ................... 9-19
ConfigurationChangesandMonitoringTraffic .............. 9-26
AnotherStack .......................................... 9-27
MonitoringStackStatus ..................................... 9-28
UsingtheCLIToViewStackStatusandConfigureStacking...... 9-32
UsingtheCLIToViewStackStatus ....................... 9-34
UsingtheCLIToConfigureaCommanderSwitch........... 9-36
AddingtoaStackorMovingSwitchesBetweenStacks ....... 9-38
UsingtheCLIToRemoveaMemberfromaStack........... 9-43
ChangesandTrafficMonitoring........................... 9-45
SNMPCommunityOperationinaStack ....................... 9-46
UsingtheCLIToDisableorRe-EnableStacking ................ 9-47
TransmissionInterval ....................................... 9-47
StackingOperationwithMultipleVLANsConfigured ............ 9-47
Web:ViewingandConfiguringStacking ....................... 9-48
StatusMessages............................................ 9-49
Port-BasedVirtualLANs(StaticVLANs) ...................... 9-50
OverviewofUsingVLANs ................................... 9-53
VLANSupportandtheDefaultVLAN...................... 9-53
WhichVLANIsPrimary? ................................ 9-53
Per-PortStaticVLANConfigurationOptions ................ 9-54
GeneralStepsforUsingVLANs........................... 9-56
NotesonUsingVLANs .................................. 9-56
Menu:ConfiguringVLANParameters.......................... 9-57
ToChangeVLANSupportSettings ........................ 9-57
AddingorEditingVLANNames ........................... 9-59
AddingorChangingaVLANPortAssignment ............... 9-60
CLI:ConfiguringVLANParameters ........................... 9-62
Web:ViewingandConfiguringVLANParameters ............... 9-68
VLANTaggingInformation .................................. 9-69
xi
Contents
EffectofVLANsonOtherSwitchFeatures ..................... 9-73
SpanningTreeProtocolOperationwithVLANs ............. 9-73
IPInterfaces ........................................... 9-73
VLANMACAddresses ................................... 9-74
PortTrunks ............................................ 9-74
PortMonitoring ........................................ 9-74
VLANRestrictions .......................................... 9-75
SymptomsofDuplicateMACAddressesinVLANEnvironments ...
9-76
GVRP ........................................................ 9-77
GeneralOperation .......................................... 9-78
Per-PortOptionsforHandlingGVRPUnknownVLANs ......... 9-80
Per-PortOptionsforDynamicVLANAdvertisingandJoining ..... 9-82
GVRPandVLANAccessControl.............................. 9-83
Port-LeaveFromaDynamicVLAN........................ 9-83
PlanningforGVRPOperation ................................ 9-84
ConfiguringGVRPOnaSwitch ............................... 9-84
Menu:ViewingandConfiguringGVRP ..................... 9-84
CLI:ViewingandConfiguringGVRP ....................... 9-86
Web:ViewingandConfiguringGVRP ...................... 9-89
GVRPOperatingNotes ...................................... 9-89
MultimediaTrafficControlwithIPMulticast(IGMP) .......... 9-91
IGMPOperatingFeatures.................................... 9-92
CLI:ConfiguringandDisplayingIGMP ........................ 9-93
Web:EnablingorDisablingIGMP............................. 9-97
HowIGMPOperates ........................................ 9-97
RoleoftheSwitch ...................................... 9-98
NumberofIPMulticastAddressesAllowed................ 9-101
InteractionwithMulticastTraffic/SecurityFilters. .......... 9-101
SpanningTreeProtocol(STP) ............................... 9-102
Menu:ConfiguringSTP..................................... 9-103
CLI:ConfiguringSTP ...................................... 9-105
Web:EnablingorDisablingSTP............................. 9-108
HowSTPOperates ........................................ 9-108
STPFastMode........................................ 9-109
STPOperationwith802.1QVLANs....................... 9-110
xii
Contents
10.MonitoringandAnalyzingSwitchOperation
ChapterContents ............................................ 10-1
Overview .................................................... 10-2
StatusandCountersData .................................... 10-3
MenuAccessToStatusandCounters ......................... 10-4
GeneralSystemInformation ................................. 10-5
MenuAccess ........................................... 10-5
CLIAccess............................................. 10-5
SwitchManagementAddressInformation...................... 10-6
MenuAccess ........................................... 10-6
CLIAccess............................................. 10-6
PortStatus................................................ 10-7
Menu:DisplayingPortStatus ............................. 10-7
CLIAccess............................................. 10-7
WebAccess ............................................ 10-7
ViewingPortandTrunkGroupStatistics ...................... 10-8
MenuAccesstoPortandTrunkStatistics.................. 10-9
CLIAccessToPortandTrunkGroupStatistics ............ 10-10
WebBrowserAccessToViewPortandTrunk
GroupStatistics ....................................... 10-10
ViewingtheSwitchsMACAddressTables.................... 10-11
MenuAccesstotheMACAddressViewsandSearches ...... 10-12
CLIAccessforMACAddressViewsandSearches .......... 10-14
SpanningTreeProtocol(STP)Information.................... 10-15
MenuAccesstoSTPData ............................... 10-15
CLIAccesstoSTPData................................. 10-16
InternetGroupManagementProtocol(IGMP)Status ........... 10-17
VLANInformation ......................................... 10-18
WebBrowserInterfaceStatusInformation .................... 10-20
PortMonitoringFeatures ................................... 10-21
Menu:ConfiguringPortMonitoring .......................... 10-22
CLI:ConfiguringPortMonitoring ............................ 10-24
Web:ConfiguringPortMonitoring ........................... 10-26
11.Troubleshooting
ChapterContents ............................................ 11-1
Overview .................................................... 11-2
xiii
Contents
TroubleshootingApproaches.................................. 11-3
BrowserorConsoleAccessProblems.......................... 11-4
UnusualNetworkActivity .................................... 11-6
GeneralProblems....................................... 11-6
IGMP-RelatedProblems ................................. 11-7
ProblemsRelatedtoSpanning-TreeProtocol(STP).......... 11-8
Stacking-RelatedProblems............................... 11-8
TimeporGatewayProblems ............................. 11-8
VLAN-RelatedProblems ................................. 11-9
UsingtheEventLogToIdentifyProblemSources............. 11-11
Menu:EnteringandNavigatingintheEventLog ............... 11-12
CLI: ..................................................... 11-13
DiagnosticTools ............................................ 11-14
PingandLinkTests ........................................ 11-14
Web:ExecutingPingorLinkTests....................... 11-15
CLI:PingorLinkTests ................................. 11-16
DisplayingtheConfigurationFile ............................ 11-18
CLI:ViewingtheConfigurationFile ...................... 11-18
Web:ViewingtheConfigurationFile...................... 11-18
CLIAdministrativeandTroubleshootingCommands ........... 11-19
RestoringtheFactory-DefaultConfiguration ................. 11-20
CLI:ResettingtotheFactory-DefaultConfiguration ........ 11-20
Clear/Reset:ResettingtotheFactory-DefaultConfiguration . 11-20
A.TransferringanOperatingSystemorStartup
ConfigurationFile
AppendixContents........................................... A-1
Overview .................................................... A-2
DownloadinganOperatingSystem(OS)....................... A-2
UsingTFTPToDownloadtheOSFilefromaServer............. A-3
Menu:TFTPDownloadfromaServer...................... A-4
CLI:TFTPDownloadfromaServer ....................... A-5
UsingtheSNMP-BasedSoftwareUpdateUtility................. A-6
Series2500Switch-to-SwitchDownload....................... A-6
Menu:Switch-to-SwitchDownload ........................ A-6
CLI:Switch-To-SwitchDownload ......................... A-7
xiv
Contents
UsingXmodemtoDownloadtheOSFileFromaPC ............. A-7
Menu:XmodemDownload ............................... A-7
CLI:XmodemDownloadfromaPCorUnixWorkstation ..... A-8
TroubleshootingTFTPDownloads ............................ A-9
TransferringSwitchConfigurations .......................... A-10
B.MACAddressManagement
AppendixBContents......................................... B-1
Overview .................................................... B-1
DeterminingMACAddresses.................................. B-2
Menu:ViewingtheSwitchsMACAddresses.................... B-3
CLI:ViewingthePortandVLANMACAddresses................ B-4
C.SwitchMemoryandConfiguration
UsingtheMenuandWebBrowserInterfacesToImplement
UsingtheWebBrowserInterfaceToImplement
AppendixContents........................................... C-1
Overview .................................................... C-2
OverviewofConfigurationFileManagement .................. C-2
UsingtheCLIToImplementConfigurationChanges ........... C-4
ConfigurationChanges ....................................... C-7
UsingtheMenuInterfaceToImplementConfigurationChanges .. C-7
UsingSaveandCancelintheMenuInterface ............... C-8
RebootingfromtheMenuInterface ....................... C-9
ConfigurationChanges ..................................... C-10
D.DaylightSavingsTimeonHPProCurveSwitches
xv
Contents
xvi
1
SelectingaManagementInterface
ChapterContents
Overview ..................................................... 1-2
UnderstandingManagementInterfaces ......................... 1-2
AdvantagesofUsingtheMenuInterface........................ 1-3
AdvantagesofUsingtheCLI ................................... 1-4
CLIUsage .............................................. 1-4
AdvantagesofUsingtheHPWebBrowserInterface............. 1-5
AdvantagesofUsingHPTopToolsforHubs&Switches ......... 1-6
S
e
l
e
c
t
i
n
g
M
a
n
a
g
e
m
e
n
t
I
n
t
e
r
f
a
c
e
1-1
Overview
S
e
l
e
c
t
i
n
g
M
a
n
a
g
e
m
e
n
t
I
n
t
e
r
f
a
c
e
Overview
Thischapterdescribesthefollowing:
ManagementinterfacesfortheSwitches2512/2524
Advantagesofusingeachinterface
UnderstandingManagementInterfaces
Managementinterfacesenableyoutoreconfiguretheswitchandtomonitor
switchstatusandperformance.TheHPSwitches2512/2524offerthefollowing
interfaces:
Menuinterfaceamenu-driveninterfaceofferingasubsetofswitch
commandsthroughthebuilt-inVT-100/ANSIconsolepage1-3
CLIacommandlineinterfaceofferingthefullsetofswitchcommands
throughtheVT-100/ANSIconsolebuiltintotheswitchpage1-4
Webbrowserinterface--aswitchinterfaceofferingstatusinformation
andasubsetofswitchcommandsthroughastandardwebbrowser(such
asNetscapeNavigatororMicrosoftInternetExplorer)page1-5
HPTopToolsforHubs&Switches--aneasy-to-use,browser-based
networkmanagementtoolthatworkswithHPproactivenetworking
featuresbuiltintomanagedHPhubsandswitches
Thismanualdescribeshowtousethemenuinterface(chapter2),theCLI
(chapter3),thewebbrowserinterface(chapter4),andhowtousethese
interfacestoconfigureandmonitortheswitch.
ForinformationonhowtoaccessthewebbrowserinterfaceHelp,seeOnline
HelpfortheWebBrowserInterfaceonpage4-12.
TouseHPTopToolsforHubs&Switches,refertotheHPTopToolsUsers
GuideandtheTopToolsonlinehelp,whichareavailableelectronicallywith
theTopToolssoftware.(TogetacopyofHPTopToolsforHubs&Switches
software,seetheReadMeFirstdocumentshippedwithyourswitch.)
1-2
AdvantagesofUsingtheMenuInterface
AdvantagesofUsingtheMenuInterface
Figure1-1. ExampleoftheConsoleInterfaceDisplay
Providesquick,easymanagementaccesstoamenu-drivensubsetof
switchconfigurationandperformancefeatures:
IPaddressing SpanningTree
VLANs Systeminformation
Security Passwordsandothersecurityfeatures
PortandStaticTrunkGroup SNMPcommunities
StackManagement
Themenuinterfacealsoprovidesaccessfor:
Setupscreen Switchandportstatisticandcounter
EventLogdisplay
displays
Switchandport
Reboots
statusdisplays Softwaredownloads
Offersout-of-bandaccess(throughtheRS-232connection)tothe
switch,sonetworkbottlenecks,crashes,lackofconfiguredorcorrectIP
address,andnetworkdowntimedonotsloworpreventaccess
EnablesTelnet(in-band)accesstothemenufunctionality.
Allowsfasternavigation,avoidingdelaysthatoccurwithslower
displayofgraphicalobjectsoverawebbrowserinterface.
Providesmoresecurity;configurationinformationandpasswordsare
notseenonthenetwork.
S
e
l
e
c
t
i
n
g
M
a
n
a
g
e
m
e
n
t
I
n
t
e
r
f
a
c
e
1-3
AdvantagesofUsingtheCLI
S
e
l
e
c
t
i
n
g
M
a
n
a
g
e
m
e
n
t
I
n
t
e
r
f
a
c
e
AdvantagesofUsingtheCLI
HP2512> OperatorLevel
HP2512# ManagerLevel
HP2512(config)# GlobalConfigurationLevel
HP2512(<context>)# ContextConfigurationLevels(port,VLAN)
Figure1-2. ExampleofTheCommandPrompt
Providesaccesstothecompletesetoftheswitchconfiguration,perfor-
mance,anddiagnosticfeatures.
Offersout-of-bandaccess(throughtheRS-232connection)orTelnet(in-
band)access.
Enablesquick,detailedsystemconfigurationandmanagementaccessto
systemoperatorsandadministratorsexperiencedincommandprompt
interfaces.
Provideshelpateachlevelfordeterminingavailableoptionsandvari-
ables.
CLIUsage
ForinformationonhowtousetheCLI,refertochapter3."Usingthe
CommandLineInterface(CLI)".
Toperform specificprocedures(suchasconfiguringIPaddressingor
VLANs),usetheContentslistingatthefrontofthemanualtolocatethe
informationyouneed.
Tomonitorandanalyzeswitchoperation,seechapter10,"Monitoringand
AnalyzingSwitchOperation".
ForinformationonindividualCLIcommands,refertotheIndexortothe
"CommandLineInterfaceReferenceGuide"availableonHPsProCurve
websiteat
1-4
AdvantagesofUsingtheHPWebBrowserInterface
AdvantagesofUsingtheHPWeb
BrowserInterface
Figure1-3. ExampleoftheHPWebBrowserInterface
Easyaccesstotheswitchfromanywhereonthenetwork
Familiarbrowserinterface--locationsofwindowobjectsconsistent
withcommonlyusedbrowsers,usesmouseclickingfornavigation,no
terminalsetup
Manyfeatureshavealltheirfieldsinonescreensoyoucanviewall
valuesatonce
Morevisualcues,usingcolors,statusbars,deviceicons,andother
graphicalobjectsinsteadofrelyingsolelyonalphanumericvalues
Displayofacceptablerangesofvaluesavailableinconfigurationlist
boxes
Forspecificrequirements,seeWebBrowserInterfaceRequirementsonpage
4-4.
S
e
l
e
c
t
i
n
g
M
a
n
a
g
e
m
e
n
t
I
n
t
e
r
f
a
c
e
1-5
AdvantagesofUsingHPTopToolsforHubs&Switches
S
e
l
e
c
t
i
n
g
M
a
n
a
g
e
m
e
n
t
I
n
t
e
r
f
a
c
e
AdvantagesofUsingHPTopToolsfor
Hubs&Switches
YoucanoperateHPTopToolsfromaPConthenetworktomonitortraffic,
manageyourhubsandswitches,andproactivelyrecommendnetwork
changestoincreasenetworkuptimeandoptimizeperformance.Easytoinstall
anduse,HPTopToolsforHubs&Switchesistheanswertoyourmanagement
challenges.
Figure1-4. ExampleofHPTopToolsMainScreen
HPTopToolsforHubs&Switchesenablesgreatercontrol,uptime,and
performanceinyournetwork:
Fornetworkeddevices
Enablesfastinstallationofhubsandswitches.
EnablesyoutoproactivelymanageyournetworkbyusingtheAlert
Logtoquicklyidentifyproblemsandsuggestsolutions,savingvalu-
abletime.
1-6
NotifiesyouwhenHPhubsuseself-healingfeaturestofixorlimit
commonnetworkproblems.
Providesalistofdiscovereddevices,withdevicetype,connectivity
status,thenumberofneworopenalertsforeachdevice,andthetype
ofmanagementforeachdevice.
Providesgraphicalmapsofyournetworkeddevices,fromwhichyou
canaccessspecificdevices.
Identifiesusersbyportandletsyouassigneasy-to-remembernames
toanynetworkdevice.
EnablesyoutoconfigureandmonitorHPnetworkeddevicesfrom
yournetworkmanagementPC,includingidentityandstatusinforma-
tion,portcounters,porton/offcapability,sensitivitythresholdsfor
traps,IPandsecurityconfiguration,deviceconfigurationreport,and
otherdevicefeatures.
Enablespolicy-basedmanagementthroughtheQualityofService
feature(QoS)toestablishtrafficprioritypoliciesforcontrollingand
improvingthroughputacrossalltheHPswitchesinyournetworkthat
supportthisfeature.
Fornetworktraffic:
Watchesthenetworkforproblemsanddisplaysreal-timeinformation
aboutnetworkstatus.
Showstrafficandtoptalkernodesonscreen.
Usestrafficmonitordiagramstomakebottleneckseasytosee.
Improvesnetworkreliabilitythroughreal-timefaultisolation.
LetsyouseeyourentirenetworkwithouthavingtoputRMONprobes
oneverysegment(upto1500segments).
Fornetworkgrowth:
Monitors,stores,andanalyzesnetworktraffictodeterminewhere
upgradesareneeded.
UsesNetworkPerformanceAdvisorforautomatictrafficanalysis
andeasy-to-understandreportsthatgiveclear,easy-to-followplans
forcost-effectivelyupgradingyournetwork.
S
e
l
e
c
t
i
n
g
M
a
n
a
g
e
m
e
n
t
I
n
t
e
r
f
a
c
e
1-7
S
e
l
e
c
t
i
n
g
M
a
n
a
g
e
m
e
n
t
I
n
t
e
r
f
a
c
e
1-8
2
UsingtheMenuInterface
ChapterContents
Overview ..................................................... 2-2
StartingandEndingaMenuSession ........................... 2-3
HowToStartaMenuInterfaceSession ......................... 2-4
HowToEndaMenuSessionandExitfromtheConsole .......... 2-5
MainMenuFeatures .......................................... 2-7
ScreenStructureandNavigation............................... 2-9
RebootingtheSwitch......................................... 2-12
MenuFeaturesList........................................... 2-14
WhereToGoFromHere ...................................... 2-15
U
s
i
n
g
t
h
e
M
e
n
u
I
n
t
e
r
f
a
c
e
2-1
U
s
i
n
g
t
h
e
M
e
n
u
I
n
t
e
r
f
a
c
e
Overview
2-2
Overview
Thischapterdescribesthefollowingfeatures:
OverviewoftheMenuInterface(page4-1)
StartingandendingaMenusession(page2-3)
TheMainMenu(page2-7)
Screenstructureandnavigation(page2-9)
Rebootingtheswitch(page2-12)
Themenuinterfaceoperatesthroughtheswitchconsoletoprovideyouwith
asubsetofswitchcommandsinaneasy-to-usemenuformatenablingyouto:
Performa"quickconfiguration"ofbasicparameters,suchastheIP
addressingneededtoprovidemanagementaccessthroughyournetwork
Configurethesefeatures:
ManagerandOperatorpass- Anetworkmonitoringport
words
StackManagement
Systemparameters
SpanningTreeoperation
IPaddressing
SNMPcommunitynames
Ports
IPauthorizedmanagers
Onetrunkgroup
VLANs(VirtualLANs)
Viewstatus,counters,andEventLoginformation
Downloadnewsoftwaresystem
Reboottheswitch
Foradetailedlistofmenufeatures,seethe"MenuFeaturesList"onpage2-14.
PrivilegeLevelsandPasswordSecurity.HPstronglyrecommendsthat
youconfigureaManagerpasswordtohelppreventunauthorizedaccessto
yournetwork.AManagerpasswordgrantsfullread-writeaccesstotheswitch.
AnOperatorpassword,ifconfigured,grantsaccesstostatusandcounter,
EventLog,andtheOperatorlevelintheCLI.Afteryouconfigurepasswords
ontheswitchandlogoffoftheinterface,accesstothemenuinterface(and
theCLIandwebbrowserinterface)willrequireentryofeithertheManager
orOperatorpassword.(IftheswitchhasonlyaManagerpassword,then
someonewithoutapasswordcanstillgainread-onlyaccess.)Formore
informationonpasswords,see"UsingPasswordSecurity"on.
StartingandEndingaMenuSession
MenuInteractionwithOtherInterfaces.
Aconfigurationchangemadethroughanyswitchinterfaceoverwrites
earlierchangesmadethroughanyotherinterface.
TheMenuInterfaceandtheCLI(CommandLineInterface)bothusethe
switchconsole.ToenterthemenufromtheCLI,usethemenucommand.
ToentertheCLIfromtheMenuinterface,selectCommandLine(CLI)option.)
Youcanaccessthemenuinterfaceusinganyofthefollowing:
Adirectserialconnectiontotheswitchsconsoleport,asdescribedinthe
installationguideyoureceivedwiththeswitch
ATelnetconnectiontotheswitchconsolefromanetworkedPCorthe
switchswebbrowserinterface.TelnetrequiresthatanIPaddressand
subnetmaskcompatiblewithyournetworkhavealreadybeenconfigured
ontheswitch.
ThestackCommander,iftheswitchisastackmember
Not e Thissectionassumesthateitheraterminaldeviceisalreadyconfiguredand
connectedtotheswitch(seetheInstallationGuideshippedwithyourswitch)
orthatyouhavealreadyconfiguredanIPaddressontheswitch(requiredfor
Telnetaccess).
U
s
i
n
g
t
h
e
M
e
n
u
I
n
t
e
r
f
a
c
e
2-3
U
s
i
n
g
t
h
e
M
e
n
u
I
n
t
e
r
f
a
c
e
HowToStartaMenuInterfaceSession
Initsfactorydefaultconfiguration,theswitchconsolestartswiththeCLI
prompt.TousethemenuinterfacewithManagerprivileges,gototheManager
levelpromptandenterthemenucommand.
1. Useoneofthesemethodstoconnecttotheswitch:
APCterminalemulatororterminal
Telnet
(YoucanalsousethestackCommanderiftheswitchisastackmember.
See"HPProCurveStackManagement"on).
2. Dooneofthefollowing:
IfyouareusingTelnet,gotostep3.
IfyouareusingaPCterminalemulatororaterminal,pressone
ormoretimesuntilapromptappears.
3. Whentheswitchscreenappears,dooneofthefollowing:
Ifapasswordhasbeenconfigured,thepasswordpromptappears.
Password: _
TypetheManagerpasswordandpress.EnteringtheManager
passwordgivesyoumanager-levelaccesstotheswitch.(Enteringthe
Operatorpasswordgivesyouoperator-levelaccesstotheswitch.See
"UsingPasswordSecurity"on.)
Ifnopasswordhasbeenconfigured,theCLIpromptappears.Goto
thenextstep.
4. WhentheCLIpromptappears,displaytheMenuinterfacebyenteringthe
menucommand.Forexample:
HP2512# menu
resultsin:
2-4
Figure2-1. TheMainMenuwithManagerPrivileges
ForadescriptionofMainMenufeatures,seeMainMenuFeaturesonpage
2-7.
Not e ToconfiguretheswitchtostartwiththemenuinterfaceinsteadoftheCLI,go
totheManagerlevelprompt,enterthesetupcommand,andintheresulting
display,changetheLogonDefaultparametertoMenu.Formoreinformation,see
theInstallationandGettingStartedGuideyoureceivedwiththeswitch.
HowToEndaMenuSessionandExitfromtheConsole
Themethodforendingamenusessionandexitingfromtheconsoledepends
onwhether,duringthesession,youmadeanychangestotheswitchconfigu-
rationthatrequireaswitchreboottoactivate.(MostchangesneedonlyaSave,
anddonotrequireaswitchreboot.)Configurationchangesneedingareboot
aremarkedwithanasterisk(*)nexttotheconfigureditemintheConfigura-
tionmenuandalsonexttotheSwitchConfigurationitemintheMainMenu.
U
s
i
n
g
t
h
e
M
e
n
u
I
n
t
e
r
f
a
c
e
2-5
U
s
i
n
g
t
h
e
M
e
n
u
I
n
t
e
r
f
a
c
e
i
i
i
toactivate.
Aster skindicatesa
configurat onchange
thatrequ resareboot
Figure2-2. AnAsteriskIndicatesaConfigurationChangeRequiringaReboot
1. Inthecurrentsession,ifyouhavenotmadeconfigurationchangesthat
requireaswitchreboottoactivate,returntotheMainmenuandpress
(zero)tologout.Thenjustexitfromtheterminalprogram,turnoffthe
terminal,orquittheTelnetsession.
2. Ifyouhavemadeconfigurationchangesthatrequireaswitchreboot
thatis,ifanasterisk(*)appearsnexttoaconfigureditemornexttoSwitch
ConfigurationintheMainmenu:
a. ReturntotheMainmenu.
b. PresstoselectRebootSwitchandfollowtheinstructionsonthe
rebootscreen.
Rebootingtheswitchterminatesthemenusession,and,ifyouareusing
Telnet,disconnectstheTelnetsession.
(SeeRebootingToActivateConfigurationChangesonpage2-13.)
3. Exitfromtheterminalprogram,turnofftheterminal,orclosetheTelnet
applicationprogram.
2-6
MainMenuFeatures
MainMenuFeatures
U
s
i
n
g
t
h
e
M
e
n
u
I
n
t
e
r
f
a
c
e
Figure2-3. TheMainMenuViewwithManagerPrivileges
TheMainMenugivesyouaccesstotheseMenuinterfacefeatures:
StatusandCounters: Providesaccesstodisplayscreensshowing
switchinformation,portstatusandcounters,portandVLANaddress
tables,andspanningtreeinformation.(Seechapter10,Monitoringand
AnalyzingSwitchOperation.)
SwitchConfiguration: Providesaccesstoconfigurationscreensfor
displayingandchangingthecurrentconfigurationsettings.(SeetheCon-
tentslistingatthefrontofthismanual.)Foralistingoffeaturesand
parametersconfigurablethroughthemenuinterface,seethe"MenuFea-
turesList"onpage2-14.
ConsolePasswords:Providesaccesstothescreenusedtosetorchange
Manager-levelandOperator-levelpasswords,andtodeleteManagerand
Operatorpasswordprotection.(See"UsingPasswordSecurity"onpage
page7-4.)
EventLog: Enablesyoutoreadprogressanderrormessagesthatare
usefulforcheckingandtroubleshootingswitchoperation.(SeeUsingthe
EventLogToIdentifyProblemSourcesonpage11-11.)
2-7
U
s
i
n
g
t
h
e
M
e
n
u
I
n
t
e
r
f
a
c
e
MainMenuFeatures
CommandLine(CLI):SelectstheCommandLineInterfaceatthesame
level(ManagerorOperator)thatyouareaccessingintheMenuinterface.
(Seechapter3,"UsingtheCommandLineInterface(CLI)".)
RebootSwitch: Performsa"warm"rebootoftheswitch,whichclears
mosttemporaryerrorconditions,resetsthenetworkactivitycountersto
zero,andresetsthesystemuptimetozero.Arebootisrequiredtoactivate
achangeintheVLANSupportparameter.(SeeRebootingfromtheMenu
InterfaceonpageC-9.)
DownloadOS:Enablesyoutodownloadanewsoftwareversiontothe
switch.(SeeappendixA,TransferringanOperatingSystemorConfigu-
ration.)
RunSetup:DisplaystheSwitchSetupscreenforquicklyconfiguring
basicswitchparameterssuchasIPaddressing,defaultgateway,logon
defaultinterface,spanningtree,andothers.(SeetheInstallationand
GettingStartedguideshippedwithyourswitch.)
Stacking:EnablesyoutouseasingleIPaddressandstandardnetwork
cablingtomanageagroupofupto16switchesinthesamesubnet
(broadcastdomain).SeeHPProCurveStackManagementonpage9-5.
Logout:ClosestheMenuinterfaceandconsolesession,anddisconnects
Telnetaccesstotheswitch.(SeeHowtoEndaMenuSessionandExit
fromtheConsoleonpage2-5.)
2-8
ScreenStructureandNavigation
Menuinterfacescreensincludethesethreeelements:
Parameterfieldsand/orread-onlyinformationsuchasstatistics
Navigationandconfigurationactions,suchasSave,Edit,andCancel
Helplinetodescribenavigationoptions,individualparameters,andread-
onlydata
Forexample,inthefollowingSystemInformationscreen:
i
ld
ibi
i
i
Screentitleidentifies
thelocationwithinthe
Helpline
descr bingthe
selectedaction
orselected
parameterfie
Parameterfields
Helpdescr ngeachofthe
temsintheparameterfields
Navigation nstructions
Actionsline
menustructure
Systemname
Figure4-1. ElementsoftheScreenStructure
FormsDesign.Theconfigurationscreens,inparticular,operatesimilarly
toanumberofPCapplicationsthatuseformsfordataentry.Whenyoufirst
enterthesescreens,youseethecurrentconfigurationfortheitemyouhave
selected.Tochangetheconfiguration,thebasicoperationisto:
1. PresstoselecttheEditaction.
2. Navigatethroughthescreenmakingallthenecessaryconfiguration
changes.(SeeTable4-1onthenextpage.)
3. PresstoreturntotheActionsline.Fromthereyoucansavethe
configurationchangesorcancelthechanges.Cancelreturnstheconfigu-
rationtothevaluesyousawwhenyoufirstenteredthescreen.
U
s
i
n
g
t
h
e
M
e
n
u
I
n
t
e
r
f
a
c
e
2-9
Table4-1. HowToNavigateintheMenuInterface
Task: Actions:
Executeanaction Useeitherofthefollowingmethods:
fromtheActions>
Usethearrowkeys([<],or[>])tohighlighttheactionyouwant
listatthebottomof
toexecute,thenpress.
thescreen:
Pressthekeycorrespondingtothecapitalletterintheaction
name.Forexample,inaconfigurationmenu,presstoselect
Editandbegineditingparametervalues.
U
s
i
n
g
t
h
e
M
e
n
u
I
n
t
e
r
f
a
c
e
Reconfigure(edit)a
parametersettingora
field:
1. Selectaconfigurationitem,suchasSystemName.(Seefigure
4-1.)
2. Press(for Edit ontheActionsline).
3. Use orthearrowkeys([<],[>],[^],or[v])tohighlightthe
itemorfield.
Iftheparameterhaspreconfiguredvalues,eitherusethe
Spacebartoselectanewoptionortypethefirstpartofyour
selectionandtherestoftheselectionappearsautomatically.
(ThehelplineinstructsyoutoSelectavalue.)
Iftherearenopreconfiguredvalues,typeinavalue(theHelp
lineinstructsyoutoEnteravalue).
5. Ifyouwanttochangeanotherparametervalue,returntostep3.
6. Ifyouarefinishededitingparametersinthedisplayedscreen,
presstoreturntotheActionslineanddooneofthe
following:
Tosaveandactivateconfigurationchanges,press (forthe
Saveaction).Thissavesthechangesinthestartup
configurationandalsoimplementsthechangeinthe
currentlyrunningconfiguration.(SeeappendixC,"Switch
MemoryandConfiguration.)
Toexitfromthescreenwithoutsavinganychangesthatyou
havemade(orifyouhavenotmadechanges),press (for
theCancelaction).
Note: Inthemenuinterface,executingSaveactivatesmost
parameterchangesandsavestheminthestartupconfiguration
(orflash)memory,anditisthereforenotnecessarytorebootthe
switchaftermakingthesechanges.Butifanasteriskappears
nexttoanymenuitemyoureconfigure,theswitchwillnot
activateorsavethechangeforthatitemuntilyourebootthe
switch.Inthiscase,rebootingshouldbedoneafteryouhave
madealldesiredchangesandthenreturnedtotheMainMenu.
7. Whenyoufinisheditingparameters,returntotheMainMenu.
8. Ifnecessary,reboottheswitchbyhighlightingRebootSwitchin
theMainMenuandpressing.(SeetheNote,above.)
Exitfromaread-only Press(fortheBackaction).
screen.
2-10
TogetHelponindividualparameterdescriptions.Inmostscreens
thereisaHelpoptionintheActionsline.Wheneveranyoftheitemsinthe
Actionslineishighlighted,press,andaseparatehelpscreenisdisplayed.
Forexample:
elpand
di l
Hi
i i
l
li
Pressing orhighlightingH
pressing sp aysHelpforthe
parameterslistedintheupperpartof
thescreen
ghlightonanyitem
intheActionsline
nd catesthatthe
Actionslineisactive.
TheHe plineprovides
abriefdescriptorof
thehigh ghtedAction
itemorparameter.
Figure4-2. ExampleShowingHowToDisplayHelp
TogetHelpontheactionsordatafieldsineachscreen:Usethearrow
keys([<],[>],[^],or[v])toselectanactionordatafield.Thehelplineunder
theActionsitemsdescribesthecurrentlyselectedactionordatafield.
Forguidanceonhowtonavigateinascreen:Seetheinstructionsprovided
atthebottomofthescreen,orrefertoScreenStructureandNavigationon
page2-9.)
U
s
i
n
g
t
h
e
M
e
n
u
I
n
t
e
r
f
a
c
e
2-11
RebootingtheSwitch
U
s
i
n
g
t
h
e
M
e
n
u
I
n
t
e
r
f
a
c
e
RebootingtheSwitch
Rebootingtheswitchfromthemenuinterface
Terminatesallcurrentsessionsandperformsaresetoftheoperating
system
Activatesanyconfigurationchangesthatrequireareboot
Resetsstatisticalcounterstozero
(Notethatstatisticalcounterscanberesettozerowithoutrebootingthe
switch.)
ToReboottheswitch,usetheRebootSwitchoptionintheMainMenu.(Note
thattheRebootSwitchoptionisnotavailableifyoulogoninOperatormode;
thatis,ifyouenteranOperatorpasswordinsteadofamanagerpasswordat
thepasswordprompt.)
RebootSwitchoption
Figure4-3. TheRebootSwitchOptionintheMainMenu
2-12
RebootingtheSwitch
RebootingToActivateConfigurationChanges. Configurationchanges
formostparametersbecomeeffectiveassoonasyousavethem.However,
youmustreboottheswitchinordertoimplementachangeintheMaximum
VLANstosupportparameter.(Toaccessthisparameter,gototheMainmenuand
select2.SwitchConfiguration,then8.VLANMenu,then1.VLANSupport.)
Ifconfigurationchangesrequiringareboothavebeenmade,theswitch
displaysanasterisk(*)nexttothemenuiteminwhichthechangehasbeen
made.Forexample,ifyouchangeandsavethevaluefortheMaximumVLANsto
supportparameter,anasteriskappearsnexttotheVLANSupportentryinthe
VLANMenuscreen,andalsonexttothetheSwitchConfiguration... entryinthe
Mainmenu,asshowninfigure4-6:
Asteri
effect.
Reminderto
reboottheswitch
toactivate
configuration
changes.
skindicates
aconfiguration
changethat
requiresareboot
inordertotake
Figure4-4. IndicationofaConfigurationChangeRequiringaReboot
Toactivatechangesindicatedbytheasterisk,gototheMainMenuandselect
theRebootSwitchoption.
Not e ExecutingthewritememorycommandintheCLIdoesnotaffectpending
configurationchangesindicatedbyanasteriskinthemenuinterface.Thatis,
onlyarebootfromthemenuinterfaceorabootorreloadcommandfromthe
CLIwillactivateapendingconfigurationchangeindicatedbyanasterisk.
U
s
i
n
g
t
h
e
M
e
n
u
I
n
t
e
r
f
a
c
e
2-13
U
s
i
n
g
t
h
e
M
e
n
u
I
n
t
e
r
f
a
c
e
MenuFeaturesList
2-14
MenuFeaturesList
StatusandCounters
GeneralSystemInformation
SwitchManagementAddressInformation
PortStatus
PortCounters
AddressTable
PortAddressTable
SpanningTreeInformation
SwitchConfiguration
SystemInformation
Port/TrunkSettings
NetworkMonitoringPort
SpanningTreeOperation
IPConfiguration
SNMPCommunityNames
IPauthorizedManagers
VLANMenu
ConsolePasswords
EventLog
CommandLine(CLI)
RebootSwitch
DownloadOS
RunSetup
Stacking
StackingStatus(ThisSwitch)
StackingStatus(All)
StackConfiguration
StackManagement(AvailableinStackCommanderOnly)
StackAccess(AvailableinStackCommanderOnly)
Logout
WhereToGoFromHere
WhereToGoFromHere
Thischapterprovidesanoverviewofthemenuinterfaceandhowtouseit.
Thefollowingtableindicateswheretoturnfordetailedinformationonhow
tousetheindividualfeaturesavailablethroughthemenuinterface.
Option WhereToTurn
TousetheRunSetupoption
TousetheProCurveStackManager
Toviewandmonitorswitchstatusand
counters
Tolearnhowtoconfigureanduse
passwords
TolearnhowtousetheEventLog
TolearnhowtheCLIoperates
Todownloadsoftware(theOS)
Foradescriptionofhowswitch
memoryhandlesconfiguration
changes
Forinformationonotherswitch
featuresandhowtoconfigurethem
SeetheInstallationandGettingStartedGuide
shippedwiththeswitch.
HPProCurveStackManagementonpage9-5
Chapter10,"MonitoringandAnalyzingSwitch
Operation"
"UsingPasswordSecurity"onpage7-4
"UsingtheEventLogToIdentifyProblemSources"
onpage11-11
Chapter3,"UsingtheCommandLineInterface
(CLI)"
AppendixA,"FileTransfers"
AppendixC,"SwitchMemoryandConfiguration"
SeetheTableofContentsatthefrontofthis
manual.
U
s
i
n
g
t
h
e
M
e
n
u
I
n
t
e
r
f
a
c
e
2-15
WhereToGoFromHere
U
s
i
n
g
t
h
e
M
e
n
u
I
n
t
e
r
f
a
c
e
2-16
3
UsingtheCommandLineInterface(CLI)
ChapterContents
Overview ..................................................... 3-2
AccessingtheCLI ............................................. 3-2
Usingthe CLI................................................. 3-2
PrivilegeLevelsatLogon ..................................... 3-3
PrivilegeLevelOperation ..................................... 3-4
OperatorPrivileges ...................................... 3-4
ManagerPrivileges....................................... 3-5
HowToMoveBetweenLevels ................................ 3-7
ListingCommandsandCommandOptions ...................... 3-8
ListingCommandsAvailableatAnyPrivilegeLevel ........... 3-8
CommandOptionDisplays ............................... 3-10
DisplayingCLI"Help" ....................................... 3-11
ConfigurationCommandsandtheContextConfigurationModes .. 3-13
CLIControlandEditing ...................................... 3-16
U
s
i
n
g
t
h
e
C
o
m
m
a
n
d
L
i
n
e
I
n
t
e
r
f
a
c
e
(
C
L
I
)
3-1
Overview
U
s
i
n
g
t
h
e
C
o
m
m
a
n
d
L
i
n
e
I
n
t
e
r
f
a
c
e
(
C
L
I
)
Overview
TheCLIisatext-basedcommandinterfaceforconfiguringandmonitoringthe
switch.TheCLIgivesyouaccesstotheswitchsfullsetofcommandswhile
providingthesamepasswordprotectionthatisusedinthewebbrowser
interfaceandthemenuinterface.
AccessingtheCLI
Likethemenuinterface,theCLIisaccessedthroughtheswitchconsole,and,
intheswitchsfactorydefaultstate,isthedefaultinterfacewhenyoustarta
consolesession.Youcanaccesstheconsoleout-of-bandbydirectly
connectingaterminaldevicetotheswitch,orin-bandbyusingTelneteither
fromaterminaldeviceorthroughthewebbrowserinterface.
Also,ifyouareusingthemenuinterface,youcanaccesstheCLIbyselecting
theCommandLine(CLI)optionintheMainMenu.
Usingthe CLI
TheCLIofferstheseprivilegelevelstohelpprotecttheswitchfromunautho-
rizedaccess:
Operator
Manager
GlobalConfiguration
ContextConfiguration
Not e CLIcommandsarenotcase-sensitive.
WhenyouusetheCLItomakeaconfigurationchange,theswitchwritesthe
changetotheRunning-Configfileinvolatilememory.Thisallowsyoutotest
yourconfigurationchangesbeforemakingthempermanent.tomakechanges
permanent,youmustusethewritememorycommandtosavethemtothe
StartupConfigfileinnon-volatilememory.Ifyoureboottheswitchwithout
3-2
UsingtheCLI
firstusingwritememory,allchangesmadesincethelastrebootorwritememory
(whicheverislater)willbelost.Formoreonswitchmemoryandsaving
configurationchanges,seeappendixC,"SwitchMemoryandConfiguration".
PrivilegeLevelsatLogon
PrivilegelevelscontrolthetypeofaccesstotheCLI.Toimplementthis
control,youmustsetatleastaManagerpassword.WithoutaManager
passwordconfigured,anyonehavingserialport,Telnet,orwebbrowser
accesstotheswitchcanreachallCLIlevels.(Formoreonsettingpasswords,
see"UsingPasswordSecurity"onpage7-4.)
WhenyouusetheCLItologontotheswitch,andpasswordsareset,youwill
bepromptedtoenterapassword.Forexample:
U
s
i
n
g
t
h
e
C
o
m
m
a
n
d
L
i
n
e
I
n
t
e
r
f
a
c
e
(
C
L
I
)
PasswordPrompt
Figure3-1. ExampleofCLILog-OnScreenwithPassword(s)Set
Intheabovecase,youwillentertheCLIatthelevelcorrespondingtothe
passwordyouprovide(operatorormanager).
IfnopasswordsaresetwhenyoulogontotheCLI,youwillenteratthe
Managerlevel.Forexample:
HP2512# _
3-3
UsingtheCLI
U
s
i
n
g
t
h
e
C
o
m
m
a
n
d
L
i
n
e
I
n
t
e
r
f
a
c
e
(
C
L
I
)
Ca u t i o n HPstronglyrecommendsthatyouconfigureaManagerpassword.IfaMan-
agerpasswordisnotconfigured,thentheManagerlevelisnotpassword-
protected,andanyonehavingin-bandorout-of-bandaccesstotheswitchmay
beabletoreachtheManagerlevelandcompromiseswitchandnetwork
security.NotethatconfiguringonlyanOperatorpassworddoesnotprevent
accesstotheManagerlevelbyintruderswhohavetheOperatorpassword.
PressingtheClearbuttononthefrontoftheswitchremovespassword
protection.Forthisreason,itisrecommendedthatyouprotecttheswitch
fromphysicalaccessbyunauthorizedpersons.Ifyouareconcernedabout
switchsecurityandoperation,youshouldinstalltheswitchinasecure
location,suchasalockedwiringcloset.
PrivilegeLevelOperation
OperatorPrivileges
ManagerPrivileges
ManagerLevel
OperatorLevel
GlobalConfigurationLevel
ContextConfigurationLevel
Figure3-2. PrivilegeLevelAccessSequence
OperatorPrivileges
AttheOperatorlevelyoucanexaminethecurrentconfigurationandmove
betweeninterfaceswithoutbeingabletochangetheconfiguration. A">"
characterdelimitstheOperator-levelprompt.Forexample:
HP2512>_ (ExampleoftheOperatorprompt.)
WhenusingenabletomovetotheManagerlevel,theswitchpromptsyoufor
theManagerpasswordifonehasalreadybeenconfigured.
3-4
UsingtheCLI
ManagerPrivileges
Managerprivilegesgiveyouthreeadditionallevelsofaccess:Manager,Global
Configuration,andContextConfiguration.(Seefigure.)A"#"character
delimitsanyManagerprompt.Forexample:
HP2512#_ (ExampleoftheManagerprompt.)
Managerlevel:ProvidesallOperatorlevelprivilegesplustheabilityto
performsystem-levelactionsthatdonotrequiresavingchangestothe
systemconfigurationfile.ThepromptfortheManagerlevelcontainsonly
thesystemnameandthe"#"delimiter,asshownabove.Toselectthis
level,entertheenablecommandattheOperatorlevelpromptandenter
theManagerpassword,whenprompted.Forexample:
HP2512> enable (EnterenableattheOperatorprompt.)
HP2512# _ (TheManagerprompt.)
GlobalConfigurationlevel:ProvidesallOperatorandManagerlevel
privileges,andenablesyoutomakeconfigurationchangestoanyofthe
switchssoftwarefeatures.ThepromptfortheGlobalConfigurationlevel
includesthesystemnameand"(config)". Toselectthislevel,enterthe
configcommandattheManagerprompt.Forexample:
HP2512# _ (EnterconfigattheManagerprompt.)
HP2512(config)#_ (TheGlobalConfigprompt.)
ContextConfigurationlevel:ProvidesallOperatorandManager
privileges,andenablesyoutomakeconfigurationchangesinaspecific
context,suchasoneormoreportsoraVLAN.ThepromptfortheContext
Configurationlevelincludesthesystemnameandtheselectedcontext.
Forexample:
HP2512(eth-1)#
HP2512(vlan-10)#
TheContextlevelisuseful,forexample,ifyouwanttoexecuteseveral
commandsdirectedatthesameportorVLAN,orifyouwanttoshorten
thecommandstringsforaspecificcontextarea.Toselectthislevel,enter
thespecificcontextattheGlobalConfigurationlevelprompt.For
example,toselectthecontextlevelforanexistingVLANwiththeVLAN
IDof10,youwouldenterthefollowingcommandandseetheindicated
result:
HP2512(config)# vlan 10
HP2512(vlan-10)#
U
s
i
n
g
t
h
e
C
o
m
m
a
n
d
L
i
n
e
I
n
t
e
r
f
a
c
e
(
C
L
I
)
3-5
UsingtheCLI
ChangingInterfaces. IfyouchangefromtheCLItothemenuinterface,or
thereverse,youwillremainatthesameprivilegelevel.Forexample,entering
themenucommandfromtheOperatorleveloftheCLItakesyoutothe
Operatorprivilegelevelinthemenuinterface.
Table3-1. PrivilegeLevelHierarchy
PrivilegeLevel ExampleofPromptandPermittedOperations
OperatorPrivilege
OperatorLevel HP2512> show<command>
setup
Viewstatusandconfigurationinformation.
ping<argument>
link-test<argument>
Performconnectivitytests.
enable MovefromtheOperatorleveltotheManagerlevel.
MovefromtheCLIinterfacetothemenuinterface.
menu
logoff
ExitfromtheCLIinterfaceandterminatetheconsole
session.
U
s
i
n
g
t
h
e
C
o
m
m
a
n
d
L
i
n
e
I
n
t
e
r
f
a
c
e
(
C
L
I
)
ManagerPrivilege
ManagerLevel HP2512# Performsystem-levelactionssuchassystemcontrol,monitoring,anddiagnostic
commands,plusanyoftheOperator-levelcommands.Foralistofavailable
commands,enter?attheprompt.
Global
Configuration
HP2512(config)# Executeconfigurationcommands,plusallOperatorandManagercommands.For
alistofavailablecommands,enter?attheprompt.
Level
Context HP2512(eth-5)# Executecontext-specificconfigurationcommands,suchasaparticularVLANor
Configuration HP2512(vlan-100)# switchport.Thisisusefulforshorteningthecommandstringsyoutype,andfor
Level enteringaseriesofcommandsforthesamecontext.Foralistofavailable
commands,enter?attheprompt.
3-6
UsingtheCLI
HowToMoveBetweenLevels
ChangeinLevels ExampleofPrompt,Command,andResult
Operatorlevel
to
Managerlevel
Managerlevel
to
Globalconfiguration
level
Globalconfiguration
level
toa
Contextconfiguration
level
level
toanother
level
Movefromanylevel
totheprecedinglevel
Movefromanylevel
totheManagerlevel
HP2512> enable
Password:_
Afteryouenterenable,thePasswordprompt
appears.AfteryouentertheManager
password,thispromptappears:
HP2512#_
HP2512# config
HP2512(config)#
HP2512(config)# vlan-10
HP2512(vlan-10)#
HP2512(vlan-10)# interface ethernet 3
HP2512(int-3)#
HP2512(int-3)# exit
HP2512(config)# exit
HP2512# exit
HP2512>
HP2512(int-3)# end
HP2512#
or
HP2512(config)# end
HP2512#
U
s
i
n
g
t
h
e
C
o
m
m
a
n
d
L
i
n
e
I
n
t
e
r
f
a
c
e
(
C
L
I
)
MovingBetweentheCLIandtheMenuInterface.Whenmoving
betweeninterfaces,theswitchretainsthecurrentprivilegelevel(Manageror
Operator).Thatis,ifyouareattheOperatorlevelinthemenuandselectthe
CommandLineInterface(CLI)optionfromtheMainMenu,theCLIprompt
appearsattheOperatorlevel.
ChangingParameterSettings.Regardlessofwhichinterfaceisused(CLI,
menuinterface,orwebbrowserinterface),themostrecentlyconfigured
versionofaparametersettingoverridesanyearliersettingsforthatparameter.
3-7
U
s
i
n
g
t
h
e
C
o
m
m
a
n
d
L
i
n
e
I
n
t
e
r
f
a
c
e
(
C
L
I
)
UsingtheCLI
Forexample,ifyouusetheCLItosetaManagerpassword,andthenlateruse
theSetupscreen(inthemenuinterface)tosetadifferentManagerpassword,
thenthefirstpasswordwillbereplacedbythesecondone.
ListingCommandsandCommandOptions
Atanyprivilegelevelyoucan:
Listallofthecommandsavailableatthatlevel
Listtheoptionsforaspecificcommand
ListingCommandsAvailableatAnyPrivilegeLevel
Atagivenprivilegelevelyoucanexecutethecommandsthatleveloffers,plus
allofthecommandsavailableatprecedinglevels.Similarly,atagivenprivilege
level,youcanlistallofthatlevelscommandsplusthecommandsmade
availableatprecedinglevels.Forexample,attheOperatorlevel,youcanlist
andexecuteonlytheOperatorlevelcommands.However,attheManager
level,youcanlistandexecutethecommandsavailableatboththeOperator
andManagerlevels.
Type"?"ToListAvailableCommands.Typingthe?symbolliststhe
commandsyoucanexecuteatthecurrentprivilegelevel.Forexample,typing
?attheOperatorlevelproducesthislisting:
Figure3-3. ExampleoftheOperatorLevelCommandListing
3-8
UsingtheCLI
Typing?attheManagerlevelproducesthislisting:
When --MORE--appears,use
theSpacebaror tolist
additionalcommands.
Figure3-4. ExampleoftheManager-LevelCommandListing
When --MORE-- appears,therearemorecommandsinthelisting.Tolistthe
nextscreenofcommands,presstheSpacebar.Tolisttheremaining
commandsone-by-one,repeatedlypress.
Typing?attheGlobalConfigurationlevelortheContextConfigurationlevel
producessimilarresults.
Use ToSearchfororCompleteaCommandWord.Youcanuse
tohelpyoufindCLIcommandsortoquicklycompletethecurrentwordina
command.Todoso,press immediatelyaftertypingthelastletterofthe
lastkeywordintheCLI(withnospacesallowed).Forexample,attheGlobal
Configurationlevel,ifyoupress immediatelyaftertyping"t",theCLI
displaystheavailablecommandoptionsthatbeginwith"t".Forexample:
HP2512(config)# t
telnet-server
time
trunk
telnet
HP2512(config)# t
U
s
i
n
g
t
h
e
C
o
m
m
a
n
d
L
i
n
e
I
n
t
e
r
f
a
c
e
(
C
L
I
)
3-9
U
s
i
n
g
t
h
e
C
o
m
m
a
n
d
L
i
n
e
I
n
t
e
r
f
a
c
e
(
C
L
I
)
UsingtheCLI
Asmentionedabove,ifyoutypepartofacommandwordandpress ,the
CLIcompletesthecurrentword(ifyouhavetypedenoughofthewordforthe
CLItodistinguishitfromotherpossibilities),includinghyphenatedexten-
sions.Forexample:
HP2512(config)# port
HP2512(config)# port-security _
Pressing afteracompletedcommandwordliststhefurtheroptionsfor
thatcommand.
HP2512(config)# stack
commander <commander-str>
join <mac-addr>
auto-join
transmission-interval <integer>
<cr>
HP2512(config)# stack
CommandOptionDisplays
ConventionsforCommandOptionDisplays.WhenyouusetheCLIto
listoptionsforaparticularcommand,youwillseeoneormoreofthefollowing
conventionstohelpyouinterpretthecommanddata:
Braces(< >)indicatearequiredchoice.
Squarebrackets([ ])indicateoptionalelements.
Verticalbars(| )separatealternative,mutuallyexclusiveoptionsina
command.
Thebraces(<>)showthatthetrunk
commandrequiresallthree
parameters.
Theverticalbar(|)showsthateither
trunkorlacpmustbeincluded.
Thesquarebrackets([])showthat
ethernetisoptional.
Figure3-5.ExampleofCommandOptionConventions
3-10
UsingtheCLI
Thus,ifyouwantedtocreateaporttrunkgroupusingports5-8,theabove
conventionsshowthatyoucoulddosousinganyofthefollowingformsof
thetrunkcommand:
HP2512(config)# trunk trk1 trunk 5-8
HP2512(config)# trunk trk1 trunk e 5-8
HP2512(config)# trunk trk1 lacp 5-8
HP2512(config)# trunk trk1 lacp e 5-8
ListingCommandOptions.YoucanusetheCLItoremindyouofthe
optionsavailableforacommandbyenteringcommandkeywordsfollowedby
?.Forexample,supposeyouwantedtoseethecommandoptionsforconfig-
uringport5:
i
Thisexampledisplaysthecommandoptions
forconfigur ngport5ontheswitch.
Figure3-6. ExampleofHowToListtheOptionsforaSpecificCommand
DisplayingCLI"Help"
CLIHelpprovidestwotypesofcontext-sensitiveinformation:
Commandlistwithabriefsummaryofeachcommandspurpose
Detailedinformationonhowtouseindividualcommands
DisplayingCommand-ListHelp.Youcandisplayalistingofcommand
Helpsummariesforallcommandsavailableatthecurrentprivilegelevel.That
is,whenyouareattheOperatorlevel,youcandisplaytheHelpsummaries
onlyforOperator-Levelcommands.AttheManagerlevel,youcandisplaythe
HelpsummariesforboththeOperator andManagerlevels,andsoon.
Syntax: help
Forexample,tolisttheOperator-Levelcommandswiththeirpurposes:
U
s
i
n
g
t
h
e
C
o
m
m
a
n
d
L
i
n
e
I
n
t
e
r
f
a
c
e
(
C
L
I
)
3-11
UsingtheCLI
U
s
i
n
g
t
h
e
C
o
m
m
a
n
d
L
i
n
e
I
n
t
e
r
f
a
c
e
(
C
L
I
)
Figure3-7. ExampleofContext-SensitiveCommand-ListHelp
DisplayingHelpforanIndividualCommand.YoucandisplayHelpfor
anycommandthatisavailableatthecurrentcontextlevelbyenteringenough
ofthecommandstringtoidentifythecommand,alongwithhelp.
Syntax: <commandstring>help
Forexample,tolist theHelpfortheinterfacecommandintheGlobal
Configurationprivilegelevel:
Figure3-8. ExampleofHowToDisplayHelpforaSpecificCommand
AsimilaractionliststheHelpshowingadditionalparameteroptionsfora
givencommand.ThefollowingexampleillustrateshowtolisttheHelpforan
interfacecommandactingonaspecificport:
3-12
UsingtheCLI
Figure3-9. ExampleofHelpforaSpecificInstanceofaCommand
Notethatifyoutrytolistthehelpforanindividualcommandfromaprivilege
levelthatdoesnotincludethatcommand,theswitchreturnsanerrormessage.
Forexample,tryingtolistthehelpfortheinterfacecommandwhileatthe
globalconfigurationlevelproducesthisresult:
HP2512# interface help
Invalid input: interface
ConfigurationCommandsandtheContext
ConfigurationModes
Youcanexecuteanyconfigurationcommandintheglobalconfigurationmode
orinselectedcontextmodes.However,usingacontextmodeenablesyouto
executecontext-specificcommandsfaster,withshortercommandstrings.
TheSwitch2512and2524offerinterface(portortrunkgroup)andVLAN
contextconfigurationmodes:
PortorTrunk-GroupContext.Includesport-ortrunk-specific
commandsthatapplyonlytotheselectedport(s)ortrunkgroup,plusthe
globalconfiguration,Manager,andOperatorcommands.Thepromptforthis
modeincludestheidentityoftheselectedport(s):
HP2512(config)# interface e 5-8 Commandexecutedat
configurationlevelfor
HP2512(config)# interface e trk1
enteringportortrk1static
trunk-groupcontext.
HP2512(eth-5-8)# Resultingpromptshowing
HP2512(eth-Trk1)#
portorstatictrunkcontexts.
U
s
i
n
g
t
h
e
C
o
m
m
a
n
d
L
i
n
e
I
n
t
e
r
f
a
c
e
(
C
L
I
)
3-13
UsingtheCLI
U
s
i
n
g
t
h
e
C
o
m
m
a
n
d
L
i
n
e
I
n
t
e
r
f
a
c
e
(
C
L
I
)
HP2512(eth-5-8)# ? Liststhecommandsyoucan
useintheportorstatictrunk
HP2512(eth-5-8)# ?
context,plustheManager,
Operator,andcontext
commandsyoucanexecute
atthislevel.
listingshow
onlyports5-8.
Theremainingcommandsinthelistingare
Manager,Operator,andcontextcommands.
Intheportcontext,thefirstblockofcommandsinthe"?"
thecontext-specificcommandsthatwillaffect
Figure3-10. Context-SpecificCommandsAffectingPortContext
3-14
UsingtheCLI
VLANContext. IncludesVLAN-specificcommandsthatapplyonlytothe
selectedVLAN,plusManagerandOperatorcommands.Thepromptforthis
modeincludestheVLANIDoftheselectedVLAN.Forexample,ifyouhad
alreadyconfiguredaVLANwithanIDof100intheswitch:
HP2512(config)# vlan 100 Commandexecutedatconfigura-
tionleveltoenterVLAN100
context.
HP2512(vlan-100)# ResultingpromptshowingVLAN
100context.
HP2512(vlan-100)# ? Listscommandsyoucanuseinthe
VLANcontext,plusManager,Oper-
ator,andcontextcommandsyou
canexecuteatthislevel.
IntheVLAN
context,the
firstbl
commandsin
showthe
commandsthat
vl
Theremaining
commandsin
context
commands.
ockof
the"?"listing
willaffectonly
an-100.
thelistingare
Manager,
Operator,and
Figure3-11. Context-SpecificCommandsAffectingVLANContext
U
s
i
n
g
t
h
e
C
o
m
m
a
n
d
L
i
n
e
I
n
t
e
r
f
a
c
e
(
C
L
I
)
3-15
CLIControlandEditing
CLIControlandEditing
U
s
i
n
g
t
h
e
C
o
m
m
a
n
d
L
i
n
e
I
n
t
e
r
f
a
c
e
(
C
L
I
)
Keystrokes Function
Jumpstothefirstcharacterofthecommandline.
or[<] Movesthecursorbackonecharacter.
Terminatesataskanddisplaysthecommandprompt.
Deletesthecharacteratthecursor.
Jumpstotheendofthecurrentcommandline.
or[>] Movesthecursorforwardonecharacter.
Deletesfromthecursortotheendofthecommandline.
or Repeatscurrentcommandlineonanewline.
or [v] Entersthenextcommandlineinthehistorybuffer.
or [^] Entersthepreviouscommandlineinthehistorybuffer.
or Deletesfromthecursortothebeginningofthecommandline.
Deletesthelastwordtyped.
Movesthecursorbackwardoneword.
Deletesfromthecursortotheendoftheword.
Movesthecursorforwardoneword.
or Deletesthefirstcharactertotheleftofthecursorinthecommand
line.
3-16
4
UsingtheHPWebBrowserInterface
ChapterContents
Overview ..................................................... 4-2
GeneralFeatures.............................................. 4-3
WebBrowserInterfaceRequirements .......................... 4-4
StartinganHPWebBrowserInterfaceSessionwiththeSwitch .. 4-5
UsingaStandaloneWebBrowserinaPCorUNIXWorkstation .... 4-5
UsingHPTopToolsforHubs&Switches ....................... 4-6
TasksforYourFirstHPWebBrowserInterfaceSession......... 4-8
ViewingtheFirstTimeInstallWindow ........................ 4-8
CreatingUsernamesandPasswordsintheBrowserInterface ...... 4-9
UsingthePasswords .................................... 4-11
UsingtheUserNames ................................... 4-11
IfYouLoseaPassword .................................. 4-11
OnlineHelpfortheHPWebBrowserInterface ................. 4-12
Support/MgmtURLsFeature .................................. 4-13
SupportURL .............................................. 4-14
HelpandtheManagementServerURL ........................ 4-14
StatusReportingFeatures .................................... 4-16
TheOverviewWindow ...................................... 4-16
ThePortUtilizationandStatusDisplays ....................... 4-17
PortUtilization ......................................... 4-17
PortStatus............................................. 4-19
TheAlertLog .............................................. 4-20
SortingtheAlertLogEntries ............................. 4-20
AlertTypes ............................................ 4-21
ViewingDetailViewsofAlertLogEntries .................. 4-22
TheStatusBar ............................................. 4-23
SettingFaultDetectionPolicy ................................ 4-24
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
4-1
Overview
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
Overview
TheHPwebbrowserinterfacebuiltintotheswitchletsyoueasilyaccessthe
switchfromabrowser-basedPConyournetwork.Thisletsyoudothe
following:
OptimizeyournetworkuptimebyusingtheAlertLogandotherdiagnostic
tools
Makeconfigurationchangestotheswitch
Maintainsecuritybyconfiguringusernamesandpasswords
Thischaptercoversthefollowing:
Generalfeatures(page4-3).
Systemrequirementsforusingthewebbrowserinterface(page4-4)
Startingawebbrowserinterfacesession(page4-5)
Tasksforyourfirstwebbrowserinterfacesession(page4-8):
Creatingusernamesandpasswordsinthewebbrowserinterface
(page4-9)
SelectingthefaultdetectionconfigurationfortheAlertLogoperation
(page4-24)
Gettingaccesstoonlinehelpforthewebbrowserinterface(page
4-12)
Descriptionofthewebbrowserinterface:
Overviewwindowandtabs(page4-16)
PortUtilizationandStatusdisplays(page4-17)
AlertLogandAlerttypes(page4-20)
SettingtheFaultDetectionPolicy(page4-24)
Not e Ifyouwantsecuritybeyondthatachievedwithusernamesandpasswords,
youcandisableaccesstothewebbrowserinterface.Thisisdonebyeither
executingnoweb-managementattheCommandPromptorchangingtheWeb
AgentEnabledparametersetting toNo(page5-22).
4-2
GeneralFeatures
GeneralFeatures
TheSeries2500switchesincludethesewebbrowserinterfacefeatures:
SwitchConfiguration:
Ports
VLANsandPrimaryVLAN
Faultdetection
Portmonitoring(mirroring)
Systeminformation
Enable/DisableMulticastFiltering(IGMP)andSpanningTree
IP
Stacking
SupportandmanagementURLs
SwitchSecurity:
Passwords
AuthorizedIPManagers
PortsecurityandIntrusionLog
SwitchDiagnostics:
Ping/LinkTest
Devicereset
Configurationreport
Switchstatus
Portutilization
Portcounters
Portstatus
Alertlog
Switchsysteminformationlisting
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
4-3
WebBrowserInterfaceRequirements
WebBrowserInterfaceRequirements
Youcanuseequipmentmeetingthefollowingrequirementstoaccesstheweb
browserinterfaceonyourintranet.
Table4-1. SystemRequirementsforAccessingtheHPWebBrowserInterface
PlatformEntityandOSVersion Minimum Recommended
PCPlatform 90MHzPentium 120MHzPentium
HP-UXPlatform(9.xor10.x) 100MHz 120MHz
RAM 16Mbytes 32Mbytes
ScreenResolution 800X600 1,024x768
ColorCount 256 65,536
InternetBrowser
(English-languagebrowseronly)
PCs:
Netscape
Communicator4.x
MicrosoftInternet
Explorer4.x
UNIX:NetscapeNavigator
4.5orlater
PCs:
Netscape
Communicator4.5or
later
MicrosoftInternet
Explorer5.0orlater
UNIX:Netscape
Navigator4.5orlater
PCOperatingSystem MicrosoftWindows95andWindowsNT
UNIXOperatingSystem StandardUNIXOS
HPTopToolsforHubs&Switches FortheHPProCurveSwitch2512and2524,use
(Optional) productHPJ2569Rorlater.
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
4-4
StartinganHPWebBrowserInterfaceSessionwiththeSwitch
StartinganHPWebBrowserInterface
SessionwiththeSwitch
Youcanstartawebbrowsersessioninthefollowingways:
UsingastandalonewebbrowseronanetworkconnectionfromaPCor
UNIXworkstation:
Directlyconnectedtoyournetwork
Connectedthroughremoteaccesstoyournetwork
UsingamanagementstationrunningHPTopToolsforHubs&Switches
onyournetwork
UsingaStandaloneWebBrowserinaPCorUNIX
Workstation
Thisprocedureassumesthatyouhaveasupportedwebbrowser(page4-4)
installedonyourPCorworkstation,andthatanIPaddresshasbeenconfig-
uredontheswitch.(FormoreonassigninganIPaddress,referto"IP
Configuration"onpage5-3.)
1. MakesuretheJava
TM
appletsareenabledforyourbrowser.Iftheyare
not,dooneofthefollowing:
InNetscape4.03,clickonEdit,Preferences...,Advanced,thenselect
EnableJavaandEnableJavaScriptoptions.
InMicrosoftInternetExplorer4.x,clickonView,InternetOptions,
Security,Custom, andscrolltotheJavaPermissions.Thenrefer
totheonlineHelpforspecificinformationonenablingtheJava
applets.
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
4-5
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
2. TypetheIPaddress(orDNSname)oftheswitchinthebrowserLocation
orAddressfieldandpress. (Itisnotnecessarytoinclude
http://.)
switch2512 (exampleofaDNS-typename)
10.11.12.195 (exampleofanIPaddress)
IfyouareusingaDomainNameServer(DNS),yourdevicemayhavea
nameassociatedwithit(forexample,switch2512)thatyoucantypeinthe
LocationorAddressfieldinsteadoftheIPaddress.UsingDNSnames
typicallyimprovesbrowserperformance.Seeyournetworkadministrator
foranynameassociatedwiththeswitch.
UsingHPTopToolsforHubs&Switches
HPTopToolsforHubs&Switchesisdesignedforinstallationonanetwork
managementworkstation.Forthisreason,theHPTopToolssystemrequire-
mentsaredifferentfromthesystemrequirementsforaccessingtheswitchs
webbrowserinterfacefromanon-managementPCorworkstation.ForHP
TopToolsrequirements,refertotheinformationprovidedwithHPTopTools
forHubs&Switches.
Thisprocedureassumesthat:
YouhaveinstalledtherecommendedwebbrowseronaPCorworkstation
thatservesasyournetworkmanagementstation.
ThenetworkeddeviceyouwanttoaccesshasbeenassignedanIPaddress
and(optionally)aDNSnameandhasbeendiscoveredbyHPTopTools
forHubs&Switches.(FormoreonassigninganIPaddress,referto"IP
Configuration"onpage5-3.)
ToestablishawebbrowsersessionwithHPTopToolsrunning,dothe
followingonthenetworkmanagementstation:
1. MakesuretheJava
TM
appletsareenabledforyourwebbrowser.Ifthey
arenot,refertothewebbrowseronlineHelpforspecificinformationon
enablingtheJavaapplets.
2. Dooneofthefollowingtasks:
OntheHPTopToolsMapsview,double-clickonthesymbolforthe
networkingdevicethatyouwanttoaccess.
InHPTopTools,intheTopologyInformationdialogbox,inthedevice
list,double-clickontheentryforthedeviceyouwanttoaccess(IP
addressorDNSname).
4-6
3. ThewebbrowserinterfaceautomaticallystartswiththeStatusOverview
windowdisplayedfortheselecteddevice,asshowninfigure4-1.
Not e IftheRegistrationwindowappears,clickontheStatustab.
ime
Alert
Log
First-T
InstallAlert
Figure4-1. ExampleofStatusOverviewScreen
Not e Theabovescreenappearssomewhatdifferentiftheswitchisconfiguredasa
stackCommander.Foranexample,seefigure1-3onpage1-5.
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
4-7
TasksforYourFirstHPWebBrowserInterfaceSession
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
TasksforYourFirstHPWebBrowser
InterfaceSession
Thefirsttimeyouaccessthewebbrowserinterface,therearethreetasksthat
youshouldperform:
ReviewtheFirstTimeInstallwindow
SetManagerandOperatorpasswords
Setaccesstothewebbrowserinterfaceonlinehelp
ViewingtheFirstTimeInstallWindow
Whenyouaccesstheswitchswebbrowserinterfaceforthefirsttime,the
AlertlogcontainsaFirstTimeInstallalert,asshowninfigure4-2.Thisgives
youinformationaboutfirsttimeinstallations,andprovidesanimmediate
opportunitytosetpasswordsforsecurityandtospecifyaFaultDetection
policy,whichdeterminesthetypesofmessagesthatwillbedisplayedinthe
AlertLog.
DoubleclickonFirstTimeInstallintheAlertlog(figure4-1onpage4-7).The
webbrowserinterfacethendisplaystheFirstTimeInstallwindow,below.
Figure4-2. First-TimeInstallWindow
4-8
Thiswindowisthelaunchingpointforthebasicconfigurationyouneedto
performtosetwebbrowserinterfacepasswordstomaintainsecurityand
FaultDetectionpolicy,whichdeterminesthetypesofmessagesthatwillbe
displayedintheAlertLog.
Tosetwebbrowserinterfacepasswords,clickonsecureaccesstothedevice
todisplaytheDevicePasswordsscreen,andthengotothenextpage.(You
canalsoaccessthepasswordscreenbyclickingontheSecuritytab.)
TosetFaultDetectionpolicy,clickonselectthefaultdetectionconfigurationin
thesecondbulletinthewindowandgotothesection,SettingFaultDetection
Policyonpage4-24.(Youcanalsoaccessthepasswordscreenbyclickingon
theConfigurationtab,andthen button.)
CreatingUsernamesandPasswordsintheBrowser
Interface
Youmaywanttocreatebothausernameandpasswordtocreateaccess
securityforyourswitch.Therearetwolevelsofaccesstotheinterfacethat
canbecontrolledbysettingusernamesandpasswords:
Operator.AnOperator-levelusernameandpasswordallowsread-only
accesstomostofthewebbrowserinterface,butpreventsaccesstothe
Securitywindow.
Manager.AManager-levelusernameandpasswordallowsfullread/
writeaccesstothewebbrowserinterface.
4-9
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
Figure4-3. TheDevicePasswordsWindow
Tosetthepasswords:
1. AccesstheDevicePasswordsscreenbyoneofthefollowingmethods:
IftheAlertLogincludesaFirstTimeInstallevententry,double
clickonthisevent,then,intheresultingdisplay,clickonthe
secureaccesstothedevicelink.
SelecttheSecuritytab.
2. ClickintheappropriateboxintheDevicePasswordswindowandenter
usernamesandpasswords.Youwillberequiredtorepeatthepassword
stringsintheconfirmationboxes.
Boththeusernamesandpasswordscanbeupto16printableASCII
characters.
3. Clickon toactivatetheusernamesandpasswords.
Not e Passwordsyouassigninthewebbrowserinterfacewilloverwriteprevious
passwordsassignedineitherthewebbrowserinterface,theCommand
Prompt,ortheswitchconsole.Thatis,themostrecentlyassignedpasswords
aretheswitchspasswords,regardlessofwhichinterfacewasusedtoassign
thestring.
4-10
UsingthePasswords
Figure4-4. ExampleofthePasswordWindowintheWebBrowserInterface
Themanagerandoperatorpasswordsareusedtocontrolaccesstoallswitch
interfaces.Onceset,youwillbepromptedtosupplythepasswordeverytime
youtrytoaccesstheswitchthroughanyofitsinterfaces.Thepasswordyou
enterdeterminesthecapabilityyouhaveduringthatsession:
Enteringthemanagerpasswordgivesyoufullread/writecapabilities
Enteringtheoperatorpasswordgivesyoureadandlimitedwritecapabil-
ities.
UsingtheUserNames
Ifyoualsosetusernamesinthewebbrowserinterfacescreen,youmust
supplythecorrectusernameforwebbrowserinterfaceaccess.Ifausername
hasnotbeenset,thenleavetheUserNamefieldinthepasswordwindow
blank.
NotethattheCommandPromptandswitchconsoleinterfacesuseonlythe
password,anddonotpromptyoufortheUserName.
IfYouLoseaPassword
Ifyoulosethepasswords,youcanclearthembypressingtheClearbuttonon
thefrontoftheswitch.Thisactiondeletesallpasswordandusername
protectionfromalloftheswitchsinterfaces.
TheClearbuttonisprovidedforyourconvenience,butitspresencemeans
thatifyouareconcernedwiththesecurityoftheswitchconfigurationand
operation,youshouldmakesuretheswitchisinstalledinasecurelocation,
suchasalockedwiringcloset.
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
4-11
OnlineHelpfortheHPWebBrowserInterface
OnlineHelpisavailableforthewebbrowserinterface.Youcanuseitby
clickingonthequestionmarkbuttonintheupperrightcornerofanyofthe
webbrowserinterfacescreens.
l TheHe pButton
Figure4-5. TheHelpButton
Context-sensitivehelpisprovidedforthescreenyouareon.
Not e IfyoudonothaveHPTopToolsforHubsandSwitchesinstalledonyour
networkanddonothaveanactiveconnectiontotheWorldWideWeb,then
Onlinehelpforthewebbrowserinterfacewillnotbeavailable.
FormoreonHelpaccessandoperation,refertoHelpandtheManagement
ServerURLonpage4-14.
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
4-12
Support/MgmtURLsFeature
TheSupport/MgmtURLswindowenablesyoutochangetheWorldWideWeb
UniversalResourceLocator(URL)fortwofunctions:
SupportURLasupportinformationsiteforyourswitch
ManagementServerURLthesiteforonlinehelpforthewebbrowser
interface,and,ifsetup,theURLofanetworkmanagementstationrunning
HPTopToolsforHubs&Switches.
:
i
l l
i
i )
1.Cl
3.EnterURLsfor
-thesupport nformationsourceyouwanttheswitchtoaccess
whenyouclickonthewebbrowserinterfaceSupporttabthe
defau tisHPsProCurvenetworkproductsWor dWideWeb
homepage
-theURLofthenetworkManagementserverorother
sourceoftheonlinehelpfilesforthiswebbrowser nter-
face.(ThedefaultaccessesHelponHPsWorldWdeWebsite.
ickHere
2.ClickHere
4.ClickonApplyChanges
Figure4-6. TheDefaultSupport/MgmtURLsWindow
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
4-13
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
SupportURL
ThisisthesitethattheswitchaccesseswhenyouclickontheSupporttabon
thewebbrowserinterface.ThedefaultURLis:
whichistheWorldWideWebsiteforHewlett-Packardsnetworkingproducts.
Clickonthe buttononthatpageandyoucangettosupportinformation
regardingyourswitch,includingwhitepapers,operatingsystem(OS)updates,
andmore.
YoucouldinsteadentertheURLforalocalsitethatyouuseforentering
reportsaboutnetworkperformance,orwhateverotherfunctionyouwould
liketobeabletoeasilyaccessbyclickingonthe tab.
HelpandtheManagementServerURL
Thisfieldspecifieswhichofthefollowingtwolocationstheswitchwilluseto
findonlineHelpforthewebbrowserinterface:
TheURLofonlineHelpprovidedbyHPontheworldwideweb
TheURLofanetworkmanagementstationrunningHPTopToolsforHubs
&Switches
ProvidingOnlineHelp.TheHelpfilesareautomaticallyavailableifyou
installHPTopToolsforHubs&Switchesonyournetworkorifyoualready
haveInternetaccesstotheWorldWideWeb.(TheHelpfilesareincludedwith
HPTopToolsforHubs&Switches,andarealsoautomaticallyavailablefrom
HPviatheWorldWideWeb.)
RetrievaloftheHelpfilesiscontrolledbyautomaticentriestotheManagement
ServerURLfieldontheConfiguration/Support/MgmtURLsscreen,shownin
figure4-6.TheswitchisshippedwiththeURLsettoretrieveonlineHelpfrom
theHPWorldWideWebsite.However,ifHPTopToolsforHubs&Switchesis
installedonamanagementstationonyournetworkanddiscoverstheswitch,
theManagementServerURLisautomaticallychangedtoretrievetheHelp
fromyourTopToolsmanagementstation.
IfOnlineHelpFailsToOperate. Dooneofthefollowing:
IfHPTopToolsforHubs&Switchesisinstalledandrunningonyour
network,entertheIPaddressorDNSnameofthenetworkmanagement
stationintheManagementServerURLfieldshowninfigure4-7onpage
4-15.
4-14
IfyouhaveWorldWideWebaccessfromyourPCorworkstation,anddo
nothaveHPTopToolsinstalledonyournetwork,enterthefollowingURL
intheManagementServerURLfieldshowninfigure4-7onpage4-15:
http://www.hp.com/rnd/device_help
EnterIPaddressofHPTopToolsnetwork
managementstation,orURLoflocationof
helpfilesonHPsWorldWideWebsitehere.
Figure4-7. HowToAccessWebBrowserInterfaceOnlineHelp
PolicyManagementandConfiguration. HPTopToolsforHubs&
Switchescanperformnetwork-widepolicymanagementandconfigurationof
yourswitch.TheManagementServerURLfieldidentifiesthemanagement
stationthatisperformingthatfunction.Formoreinformation,refertothe
documentationprovidedontheHPTopToolsforHubs&SwitchesCDshipped
withtheswitch.
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
4-15
StatusReportingFeatures
Browserelementscoveredinthissectioninclude:
TheOverviewwindow(below)
Portutilizationandstatus(page )
TheAlertlog(page )
TheStatusbar(page )
TheOverviewWindow
TheOverviewWindowisthehomescreenforanyentryintothewebbrowser
interface.Thefollowingfigureidentifiesthevariouspartsofthescreen.
l
PortStatus
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
AlertLog
Contro Bar
PortUtiliza-
tionGraphs
(page4-17)
ActiveTab
ActiveButton
AlertLog
(page4-20)
Indicators
(page4-19)
ButtonBar
TabBar
StatusBar
(page4-23)
Figure4-8. TheOverviewWindow
4-16
ThePortUtilizationandStatusDisplays
ThePortUtilizationandStatusdisplaysshowanoverviewofthestatusofthe
switchandtheamountofnetworkactivityoneachport.Thefollowingfigure
showsasamplereadingofthePortUtilizationandPortStatus.
li l
PortStatusIndicators
PortUti zationBarGraphs BandwidthDisplayContro
Legend
Figure4-9. TheGraphsArea
PortUtilization
ThePortUtilizationbargraphsshowthenetworktrafficontheportwitha
breakdownofthepackettypesthathavebeendetected(unicastpackets,non-
unicastpackets,anderrorpackets).TheLegendidentifiestraffictypesand
theirassociatedcolorsonthebargraph:
%UnicastRx&AllTx:Thisisallunicasttrafficreceivedandall
transmittedtrafficofanytype.Thisindicator(abluecoloronmany
systems)cansignifyeithertransmittedorreceivedtraffic.
%Non-UnicastPktsRx:Allmulticastandbroadcasttrafficreceivedby
theport.Thisindicator(agoldcoloronmanysystems)enablesyouto
knowat-a-glancethesourceofanynon-unicasttrafficthatiscausing
highutilizationoftheswitch.Forexample,ifoneportisreceivingheavy
broadcastormulticasttraffic,allportswillbecomehighlyutilized.By
color-codingthereceivedbroadcastandmulticastutilization,thebar
graphquicklyandeasilyidentifiestheoffendingport.Thismakesitfaster
andeasiertodiscovertheexactsourceoftheheavytrafficbecauseyou
donthavetoexamineportcounterdatafromseveralports.
%ErrorPktsRx:Allerrorpacketsreceivedbytheport.(Thisindicator
isareddishcoloronmanysystems.)Althougherrorsreceivedonaport
arenotpropagatedtotherestofthenetwork,aconsistentlyhighnumber
oferrorsonaspecificportmayindicateaproblemonthedeviceor
networksegmentconnectedtotheindicatedport.
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
4-17
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
MaximumActivityIndicator:Asthebarsinthegraphareachange
heighttoreflectthelevelofnetworkactivityonthecorrespondingport,
theyleaveanoutlinetoidentifythemaximumactivitylevelthathasbeen
observedontheport.
UtilizationGuideline. Anetworkutilizationof40%isconsideredthe
maximumthatatypicalEthernet-typenetworkcanexperiencebeforeencoun-
teringperformancedifficulties.Ifyouobserveutilizationthatisconsistently
higherthan40%onanyport,clickonthePortCountersbuttontogetadetailed
setofcountersfortheport.
TochangetheamountofbandwidththePortUtilizationbargraph
shows. Clickonthebandwidthdisplaycontrolbuttonintheupperleftcorner
ofthegraph.(Thebuttonshowsthecurrentscalesetting,suchas40%.)Inthe
resultingmenu,selectthebandwidthscaleyouwantthegraphtoshow(3%,
10%,25%,40%,75%,or100%),asshowninfigure3-7.
Notethatwhenviewingactivityonagigabitport,youmaywanttoselecta
lowervalue(suchas3%or10%).Thisisbecausethebandwidthutilizationof
currentnetworkapplicationsongigabitlinksistypicallyminimal,andmay
notappearonthegraphifthescaleissettoshowhighbandwidthutilization.
Figure4-10. ChangingtheGraphAreaScale
Todisplayvaluesforeachgraphbar. Holdthemousecursoroveranyof
thebarsinthegraph,andapop-updisplayisactivatedshowingtheport
identificationandnumericalvaluesforeachofthesectionsofthebar,as
showninfigure4-11(next).
Figure4-11. DisplayofNumericalValuesfortheBar
4-18
PortStatus
PortStatusIndicators
Legend
Figure4-12. ThePortStatusIndicatorsandLegend
ThePortStatusindicatorsshowasymbolforeachportthatindicatesthe
generalstatusoftheport.Therearefourpossiblestatuses:
PortConnectedtheportisenabledandisproperlyconnectedtoan
activenetworkdevice.
PortNotConnectedtheportisenabledbutisnotconnectedtoan
activenetworkdevice.Acablemaynotbeconnectedtotheport,orthe
deviceattheotherendmaybepoweredofforinoperable,orthecableor
connecteddevicecouldbefaulty.
PortDisabledtheporthasbeenconfiguredasdisabledthroughthe
webbrowserinterface,theswitchconsole,orSNMPnetworkmanage-
ment.
PortFault-Disabledafaultconditionhasoccurredontheportthat
hascausedittobeauto-disabled.NotethatthePortFault-Disabled
symbolwillbedisplayedinthelegendonlyifoneormoreoftheportsis
inthatstatus.Seechapter7,MonitoringandAnalyzingSwitchOperation
formoreinformation.
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
4-19
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
TheAlertLog
ThewebbrowserinterfaceAlertLog,showninthelowerhalfofthescreen,
showsalistofnetworkoccurrences,oralerts,thatweredetectedbythe
switch.TypicalalertsareBroadcastStorm,indicatinganexcessivenumberof
broadcastsreceivedonaport,andProblemCable,indicatingafaultycable.A
fulllistofalertsisshowninthetableonpage4-21.
Figure4-13. ExampleoftheAlertLog
Eachalerthasthefollowingfieldsofinformation:
StatusThelevelofseverityoftheeventgenerated.Severitylevelscan
beInformation,Normal,Warning,andCritical.Ifthealertisnew(hasnot
yetbeenacknowledged),theNewsymbolisalsointheStatuscolumn.
AlertThespecificeventidentification.
Date/TimeThedateandtimetheeventwasreceivedbytheweb
browserinterface.Thisvalueisshownintheformat:DD-MM-YY
HH:MM:SSAM/PM,forexample,16-Sep-997:58:44AM.
DescriptionAshortnarrativestatementthatdescribestheevent.For
example,ExcessiveCRC/Alignmenterrorsonport:8.
SortingtheAlertLogEntries
Thealertsaresorted,bydefault,bytheDate/Timefieldwiththemostrecent
alertlistedatthetopofthelist.Thesecondmostrecentalertisdisplayed
belowthetopalertandsoon.Ifalertsoccurredatthesametime,the
simultaneousalertsaresortedbyorderinwhichtheyappearintheMIB.
Thealertfieldthatisbeingusedtosortthealertlogisindicatedbywhich
columnheadingisinbold.Youcansortbyanyoftheothercolumnsbyclicking
onthecolumnheading.TheAlertandDescriptioncolumnsaresortedalpha-
betically,whiletheStatuscolumnissortedbyseveritytype,withmorecritical
severityindicatorsappearingabovelesscriticalindicators.
4-20
AlertTypes
Thefollowingtableliststhetypesofalertsthatcanbegenerated.
Table4-2. AlertStringsandDescriptions
AlertString AlertDescription
FirstTimeInstall Importantinstallationinformationforyourswitch.
Toomanyundersized/ Adeviceconnectedtothisportistransmittingpacketsshorterthan64bytesorlongerthan
giantpackets 1518bytes(longerthan1522bytesiftagged),withvalidCRCs(unlikerunts,whichhaveinvalid
CRCs).
Excessivejabbering Adeviceconnectedtothisportisincessantlytransmittingpackets(jabbering),detectedas
oversizedpacketswithCRCerrors.
ExcessiveCRC/alignment Ahighpercentageofdataerrorshasbeendetectedonthisport.Possiblecausesinclude:
errors
Faultycablingorinvalidtopology.
Duplexmismatch(full-duplexconfiguredononeendofthelink,half-duplexconfiguredon
theother)
AmalfunctioningNIC,NICdriver,ortransceiver
Excessivelatecollisions Latecollisions(collisionsdetectedaftertransmitting64bytes)havebeendetectedonthis
port.Possiblecausesinclude:
AnoverextendedLANtopology
Duplexmismatch(full-duplexconfiguredononeendofthelink,half-duplexconfiguredon
theother)
Amisconfiguredorfaultydeviceconnectedtotheport
Highcollisionordroprate Alargenumberofcollisionsorpacketdropshaveoccurredontheport.Possiblecauses
include:
Aextremelyhighleveloftrafficontheport
Duplexmismatch
AmisconfiguredormalfunctioningNICortransceiveronadeviceconnectedtothisport
Atopologyloopinthenetwork
Excessivebroadcasts Anextremelyhighpercentageofbroadcastswasreceivedonthisport.Thisdegradesthe
performanceofalldevicesconnectedtotheport.Possiblecausesinclude:
Anetworktopologyloopthisistheusualcause
Amalfunctioningdevice,NIC,NICdriver,orsoftwarepackage
NetworkLoop Networkloophasbeendetectedbytheswitch.
LossofLink Lostconnectiontooneormultipledevicesontheport.
Lossofstackmember The Commanderhaslosttheconnectiontoastackmember.
Securityviolation Asecurityviolationhasoccurred.
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
4-21
Not e Whentroubleshootingthesourcesofalerts,itmaybehelpfultocheckthe
switchsPortStatusandPortCounterwindowsandtheEventLoginthe
consoleinterface.
ViewingDetailViewsofAlertLogEntries
BydoubleclickingonAlertEntries,thewebbrowserinterfacedisplaysa
DetailVieworseparatewindowdetailinginformationabouttheevents.The
DetailViewcontainsadescriptionoftheproblemandapossiblesolution.It
alsoprovidesfourmanagementbuttons:
AcknowledgeEventremovestheNewsymbolfromthelogentry
DeleteEventremovesthealertfromtheAlertLog
CancelButtonclosesthedetailviewwithnochangetothestatusof
thealertandreturnsyoutotheOverviewscreen.
AsampleDetailViewdescribinganExcessiveCRC/AlignmentErroralertis
shownhere.
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
Figure4-14. ExampleofAlertLogDetailView
4-22
TheStatusBar
TheStatusBarisdisplayedintheupperleftcornerofthewebbrowser
interfacescreen.Figure4-15showsanexpandedviewofthestatusbar.
i StatusIndicator MostCriticalAlertDescr ption
ProductName
Figure4-15. ExampleoftheStatusBar
TheStatusbarconsistsoffourobjects:
StatusIndicator.Indicates,byicon,theseverityofthemostcriticalalert
inthecurrentdisplayoftheAlertLog.Thisindicatorcanbeoneofthree
shapesandcolorsasshowninthefollowingtable.
Table4-3. StatusIndicatorKey
Color SwitchStatus StatusIndicatorShape
Blue NormalActivity;"Firsttimeinstallation"
informationavailableintheAlertlog.
Green NormalActivity
Yellow Warning
Red Critical
SystemName.Thenameyouhaveconfiguredfortheswitchbyusing
Identityscreen,systemnamecommand,ortheswitchconsoleSystem
Informationscreen.
MostCriticalAlertDescription.Abriefdescriptionoftheearliest,
unacknowledgedalertwiththecurrenthighestseverityintheAlertLog,
appearingintherightportionoftheStatusBar.Ininstanceswhere
multiplecriticalalertshavethesameseveritylevel,onlytheearliest
unacknowledgedalertisdeployedintheStatusbar.
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
4-23
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
ProductName.Theproductnameoftheswitchtowhichyouare
connectedinthecurrentwebbrowserinterfacesession.
SettingFaultDetectionPolicy
OneofthepowerfulfeaturesinthewebbrowserinterfaceistheFault
Detectionfacility.Foryourswitch,thisfeaturecontrolsthetypesofalerts
reportedtotheAlertLogbasedontheirlevelofseverity.
SetthispolicyintheFaultDetectionwindow(figure4-16).
Figure4-16. TheFaultDetectionWindow
TheFaultDetectionscreencontainsalistboxforsettingfaultdetectionand
responsepolicy.Yousetthesensitivitylevelatwhichanetworkproblem
shouldgenerateanalertandsendittotheAlertLog.
ToprovidethemostinformationonnetworkproblemsintheAlertLog,the
recommendedsensitivitylevelforLogNetworkProblemsisHighSensitivity.The
FaultDetectionsettingsare:
4-24
HighSensitivity.Thispolicydirectstheswitchtosendallalertstothe
AlertLog.Thissettingismosteffectiveonnetworksthathavenoneor
fewproblems.
MediumSensitivity.Thispolicydirectstheswitchtosendalertsrelated
tonetworkproblemstotheAlertLog.Ifyouwanttobenotifiedof
problemswhichcauseanoticeableslowdownonthenetwork,usethis
setting.
LowSensitivity.Thispolicydirectstheswitchtosendonlythemost
severealertstotheAlertLog.Thispolicyismosteffectiveonanetwork
thatnormallyhasalotofproblemsandyouwanttobeinformedofonly
themostsevereones.
Never. DisablestheAlertLogandtransmissionofalerts(traps)tothe
managementserver(incaseswhereanetworkmanagementtoolsuchas
HPTopToolsforHubs&Switchesisinuse).Usethisoptionwhenyou
dontwanttousetheAlertLog.
TheFaultDetectionWindowalsocontainsthreeChangeControlButtons:
ApplyChanges.Thisbuttonstoresthesettingsyouhaveselectedforall
futuresessionswiththewebbrowserinterfaceuntilyoudecidetochange
them.
ClearChanges.Thisbuttonremovesyoursettingsandreturnsthe
settingsforthelistboxtothelevelitwasatinthelastsaveddetection-
settingsession.
ResettoDefaultSettings.Thisbuttonrevertsthepolicysettingto
MediumSensitivityforLogNetworkProblems.
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
4-25
U
s
i
n
g
t
h
e
H
P
W
e
b
B
r
o
w
s
e
r
I
n
t
e
r
f
a
c
e
4-26
5
ConfiguringIPAddressing,InterfaceAccess,
andSystemInformation
ChapterContents
Overview ..................................................... 5-2
IPConfiguration .............................................. 5-3
JustWantaQuickStart? ..................................... 5-4
IPAddressingwithMultipleVLANs............................ 5-4
IPAddressinginaStackingEnvironment ....................... 5-5
Menu:ConfiguringIPAddress,Gateway,Time-To-Live(TTL),
andTimep.................................................. 5-5
CLI:ConfiguringIPAddress,Gateway,Time-To-Live(TTL),
andTimep.................................................. 5-7
Web:ConfiguringIPAddressing .............................. 5-10
HowIPAddressingAffectsSwitchOperation................... 5-10
DHCP/BootpOperation.................................. 5-11
NetworkPreparationsforConfiguringDHCP/Bootp ......... 5-14
GloballyAssignedIPNetworkAddresses...................... 5-15
InterfaceAccess:Console/SerialLink,Web,andInboundTelnet 5-16
Menu:ModifyingtheInterfaceAccess ......................... 5-17
CLI:ModifyingtheInterfaceAccess ........................... 5-18
SystemInformation .......................................... 5-21
Menu:ViewingandConfiguringSystemInformation............. 5-22
CLI:ViewingandConfiguringSystemInformation .............. 5-23
Web:ConfiguringSystemParameters ......................... 5-25
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
5-1
ConfiguringIPAddressing,InterfaceAccess,andSystemInformation
Overview
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
Overview
Thischapterdescribestheswitchconfigurationfeaturesavailableinthemenu
interface,CLIandwebbrowserinterface. Forhelponhowto usethese
interfaces,referto:
Chapter2,UsingtheMenuInterface
Chapter3,UsingtheCommandLineInterface(CLI)
Chapter4,UsingtheHPWebBrowserInterface
WhyConfigureIPAddressing?Initsfactorydefaultconfiguration,the
switchoperatesasamultiportlearningbridgewithnetworkconnectivity
providedbytheportsontheswitch.However,toenablespecificmanagement
accessandcontrolthroughyournetwork,youwillneedIPaddressing.(See
table5-1onpage5-11.)
WhyConfigureInterfaceAccessandSystemInformation? Theinter-
faceaccessfeaturesintheswitchoperateproperlybydefault.However,you
canmodifyordisableaccessfeaturestosuityourparticularneeds.Similarly,
youcanchoosetoleavethesysteminformationparametersattheirdefault
settings.However,usingthesefeaturescanhelpyoutomoreeasilymanagea
groupofdevicesacrossyournetwork.
5-2
IPConfiguration
IPConfiguration
IPConfigurationFeatures
Feature Default Menu CLI Web
IPAddressandSubnetMask DHCP/Bootp page5-5 page5-7 page5-10
DefaultGatewayAddress none page5-5 page5-7 page5-10
PacketTime-To-Live(TTL) 64seconds page5-5 page5-7 n/a
TimeServer(Timep) DHCP page5-5 page5-7 n/a
IPAddressandSubnetMask. ConfiguringtheswitchwithanIPaddress
expandsyourabilitytomanagetheswitchanduseitsfeatures.Bydefault,the
switchisconfiguredtoautomaticallyreceiveIPaddressingonthedefault
VLANfromaDHCP/Bootpserverthathasbeenconfiguredcorrectlywith
informationtosupporttheswitch.(RefertoDHCP/BootpOperationonpage
5-11forinformationonsettingupautomaticconfigurationfromaserver.)
However,ifyouarenotusingaDHCP/BootpservertoconfigureIPaddressing,
usethemenuinterfaceortheCLItomanuallyconfiguretheinitialIPvalues.
Afteryouhavenetworkaccesstoadevice,youcanusethewebbrowser
interfacetomodifytheinitialIPconfigurationifneeded.
ForinformationonhowIPaddressingaffectsswitchperformance,referto
HowIPAddressingAffectsSwitchOperationonpage5-10.
DefaultGatewayOperation.Thedefaultgatewayisrequiredwhena
routerisneededfortaskssuchasreachingoff-subnetdestinationsorforward-
ingtrafficacrossmultipleVLANs.ThegatewayvalueistheIPaddressofthe
next-hopgatewaynodefortheswitch,whichisusediftherequesteddestina-
tionaddressisnotonalocalsubnet/VLAN. Iftheswitchdoesnothavea
manually-configureddefaultgatewayandDHCP/Bootpisconfiguredonthe
primaryVLAN,thenthedefaultgatewayvalueprovidedbytheDHCPorBootp
serverwillbeused.Iftheswitchhasamanuallyconfigureddefaultgateway,
thentheswitchusesthisgateway,evenifadifferentgatewayisreceivedvia
DHCPorBootpontheprimaryVLAN.(ThisisalsotrueforTimePandanon-
defaultTime-To-Liveand.) SeeNotesonpage5-4andWhichVLANIs
Primary?onpage9-53.
PacketTime-To-Live(TTL).Thisparameterspecifieshowlonginsec-
ondsanoutgoingpacketshouldexistinthenetwork.Inmostcases,thedefault
setting(64seconds)isadequate.
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
5-3
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
IPConfiguration
TimepOperation. Usethisoptionalparameterifyouwanttheswitchtoget
itstimeinformationfromanotherdeviceoperatingasaTimepserver.Inits
defaultTimepconfiguration,theswitchattemptstogetaTimepserveraddress
fromaDHCPserver.Otherconfigurationoptionsaretomanuallyassigna
TimepserveraddressortodisabletheTimepserverfeature.
JustWantaQuickStart?
IfyoujustwanttogivetheswitchanIPaddresssothatitcancommunicate
onyournetwork,orifyouarenotusingVLANs,HPrecommendsthatyouuse
theSwitchSetupscreentoquicklyconfigureIPaddressing.Todoso,doone
ofthefollowing:
EntersetupattheCLIManagerlevelprompt.
HP2512# setup
Select8.RunSetupintheMainMenuofthemenuinterface.
FormoreonusingtheSwitchSetupscreen,seetheInstallationandGetting
StartedGuideyoureceivedwiththeswitch.
IPAddressingwithMultipleVLANs
Inthefactory-defaultconfiguration,theswitchhasone,permanentdefault
VLAN(namedDEFAULT_VLAN)thatincludesallportsontheswitch.Inthis
state,whenyouassignanIPaddressandsubnetmasktotheswitch,youare
actuallyassigningtheIPaddressingtotheDEFAULT_VLAN.Youcanrename
theDEFAULT_VLAN,butyoucannotchangeitsVLANIDnumber(VID)or
removeitfromtheswitch.
Not es IfmultipleVLANsareconfigured,theneachVLANcanhaveitsownIP
address.ThisisbecauseeachVLANoperatesasaseparatebroadcast
domainandrequiresauniqueIPaddressandsubnetmask.Adefault
gateway(IP)addressfortheswitchisoptional,butrecommended.The
primaryVLANistheVLANusedforstackingoperation,aswellasfor
determiningthedefaultgatewayaddress,(packet)Time-To-Live(TTL),
andTimepviaDHCPorBootp.(OtherVLANscanalsouseDHCPorBootP
toacquireIPaddressing.However,theswitchsgateway,TTL,andTimeP
valueswillbeacquiredthroughtheprimaryVLANonly.Inthedefault
configuration,thedefaultVLAN(namedDEFAULT_VLAN)istheswitchs
primaryVLAN.However,withmultipleVLANsassignedtotheswitch,you
canselectanotherVLANtofunctionastheprimaryVLAN.Formoreon
VLANs,refertoPort-BasedVirtualLANs(StaticVLANs)onpage9-50.
5-4
IPConfiguration
TheIPaddressingusedintheswitchshouldbecompatiblewithyour
network.Thatis,theIPaddressmustbeuniqueandthesubnetmaskmust
beappropriatefortheIPnetwork.
Ifyouplantoconnecttoothernetworksthatusegloballyadministered
IPaddresses,refertoGloballyAssignedIPNetworkAddressesonpage
5-15.
Bydefault,theswitchusesDHCPtoacquiretheIPaddressoftheTimeP
server.IftheswitchdoesnothaveamanuallyconfiguredTimepsetting,
thenitattemptstogetitsTimePsettingthroughDHCPorBootpthrough
theprimaryVLAN.
Theswitchsearchesforthedefaultgatewaydevicethroughtheprimary
VLAN.Bydefault,theDEFAULT_VLANistheswitchsprimaryVLAN.
However,youcanusetheCLItoselectadifferentprimaryVLANifmore
thanoneVLANexistsontheswitch.Formoreinformation,seePort-
BasedVirtualLANs(StaticVLANs)onpage9-50.
IfyouchangetheIPaddressthrougheitherTelnetaccessortheweb
browserinterface,theconnectiontotheswitchwillbelost.Youcan
reconnectbyeitherrestartingTelnetwiththenewIPaddressorentering
thenewaddressastheURLinyourwebbrowser.
IPAddressinginaStackingEnvironment
IfyouareinstallingtheswitchintoanHPProCurvestackmanagement
environment,enteringanIPaddressmaynotberequired.SeeHPProCurve
StackManagementonpage9-5formoreinformation.
Menu:ConfiguringIPAddress,Gateway,Time-To-Live
(TTL),andTimep
Dooneofthefollowing:
TomanuallyenteranIPaddress,subnetmask,settheIPConfigparameter
toManualandthenmanuallyentertheIPaddressandsubnetmaskvalues
youwantfortheswitch.
TouseDHCPorBootp,usethemenuinterfacetoensurethattheIPConfig
parameterissettoDHCP/Bootp,thenrefertoDHCP/BootpOperationon
page5-11.
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
5-5
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
IPConfiguration
ToConfigureIPAddressing.
1. FromtheMainMenu,Select.
2.SwitchConfiguration...
5.IPConfiguration
Not e IfmultipleVLANsareconfigured,ascreenshowingallVLANsappearsinstead
ofthefollowingscreen.
Thedefaultsettingfor
TimePConfigisDHCP.
SettingittoManual,
thenpressing[v] or
causestheServer
Addressparameterto
appear.
Fordescriptionsofthese
parameters,seethe
onlineHelpforthis
screen.
BeforeusingtheDHCP/
Bootpoption,referto
DHCP/Bootp
Operationonpage5-11.
Figure5-1.ExampleoftheIPServiceConfigurationScreenwithoutMultiple
VLANsConfigured
2. Press(forEdit).
3. Iftheswitchneedstoaccessarouter,forexample,toreachoff-subnet
destinations,selecttheDefaultGatewayfieldandentertheIPaddressof
thegatewayrouter.
4. IfyouneedtochangethepacketTime-To-Live(TTL)setting,selectDefault
TTLandtypeinavaluebetween2and255(seconds).
5. Atthe TimePConfigfielddooneofthefollowing:
IfyouwanttheswitchtoobtaintheIPaddressoftheTimepserver
viaDHCPserver,keepthevalueasDHCP.
IfyouwanttomanuallyspecifytheIPaddressoftheTimepserver,
usetheSpacebartoselect Manual.
IfyoudonthaveaTimepserversetup,usetheSpacebartochange
thevaluetoDisabled.
5-6
IPConfiguration
6. Ifyouselected Manual,press or[v],andadditionalfieldswillbe
displayedforenteringtheIPaddressfortheTimepserver.
7. SelecttheTimePPollIntervalfieldifyouwanttochangethevalueforhow
oftentheswitchpollstheTimepserverfortimeinformation.
IfyouwanttohavetheswitchretrieveitsIPconfigurationfroma
DHCPorBootpserver,attheIPConfigfield,keepthevalueasDHCP/
Bootp andgotostep11.
IfyouwanttomanuallyconfiguretheIPinformation,usetheSpace
bartoselectManualandusethe keytomovetotheotherIP
configurationfields.
9. SelecttheIPAddress fieldandentertheIPaddressfortheswitch.
10. Selectthe SubnetMask fieldandenterthesubnetmaskfortheIPaddress.
11. Press,then(for Save).
CLI:ConfiguringIPAddress,Gateway,Time-To-Live
(TTL),andTimep
IPCommandsUsedinThisSection
showip page5-8
vlan<vlan-id>ip page5-9
address
ipdefault-gateway page5-9
ipttl page5-9
[no]iptimep page5-10
ForalistingofthefullCLIcommandset,includingsyntaxandoptions,see
theCLIcommandreferenceavailableontheHPProCurvewebsiteat:
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
5-7
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
IPConfiguration
ViewingtheCurrentIPConfiguration. Thefollowingcommanddisplays
theIPaddressingforeachVLANconfiguredintheswitch.Ifonlythe
DEFAULT_VLANexists,thenitsIPconfigurationappliestoallportsinthe
switch.WheremultipleVLANsareconfigured,theIPaddressingislistedper
VLAN.Thedisplayincludesswitch-widepackettime-to-live,and(ifconfig-
ured)theswitchsdefaultgatewayandTimepconfiguration.
Syntax: showip
Forexample,inthefactory-defaultconfiguration(noIPaddressingassigned),
theswitchsIPaddressingappearsas:
TheDefaultIP
Configurationon
aSwitch2512or
2524
Figure5-2.ExampleoftheSwitchsDefaultIPAddressing
WithmultipleVLANsandsomeotherfeaturesconfigured,showipprovides
additionalinformation:
ASwitch2512or
2524withIP
Addressingand
VLANsConfigured
Figure5-3.ExampleofShowIPListingwithNon-DefaultIPAddressingConfigured
(IfDHCP/BootpacquiresanIPaddressandSubnetMaskforVLAN_2,they
willappearintheappropriatecolumns.)
5-8
IPConfiguration
ConfigureanIPAddressandSubnetMask.Thefollowingcommand
includesboththeIPaddressandthesubnetmask.Youmusteitherincludethe
IDoftheVLANforwhichyouareconfiguringIPaddressingorgotothe
contextconfigurationlevelforthatVLAN.(IfyouarenotusingVLANsonthe
switchthatis,iftheonlyVLANisthedefaultVLANthentheVLANIDis
always1.)
Not e ThedefaultIPaddresssettingfortheDEFAULT_VLANisDHCP/Bootp.On
additionalVLANsyoucreate,thedefaultIPaddresssettingisDisabled.
Syntax: vlan<vlan-id>ipaddress<ip-address/mask-length>
or
vlan<vlan-id>ipaddress<ip-address><mask-bits>
or
vlan<vlan-id>ipaddressdhcp-bootp
ThisexampleconfiguresIPaddressingonthedefaultVLANwiththesubnet
maskspecifiedinmaskbits.
HP2512(config)# vlan 1 ip address 10.28.227.103/255.255.255.0
ThisexampleconfiguresthesameIPaddressingastheprecedingexample,
butspecifiesthesubnetmaskbymasklength.
HP2512(config)# vlan 1 ip address 10.28.227.103/24
ConfiguretheOptionalDefaultGateway. Youcanassignonedefault
gatewaytotheswitch.
Syntax:ipdefault-gateway<ip-address>
Forexample:
HP2512(config)# ip default-gateway 11.28.227.115
Youcanexecutethiscommandonlyfromtheglobalconfigurationlevel.
ConfigureTime-To-Live(TTL).Thiscommandsetsthetimethatapacket
outboundfromtheswitchcanexistonthenetwork.Thedefaultsettingis64
seconds.
Syntax: ipttl<number-of-seconds>
HP2512(config)# ip ttl 60
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
5-9
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
IPConfiguration
IntheCLI,youcanexecutethiscommandonlyfromtheglobalconfiguration
level.TheTTLrangeis2-255seconds.
ConfiguretheOptionalTimepServer.
Syntax: [no]iptimep<dhcp|manual<ip-address>>[interval<1-9999>]
YoucanspecifywhethertheaddressoftheTimepserverisassignedviaDHCP
ormanually,andtheintervalinminutesbetweenTimepqueries(1-9999
minutes;default720minutes).ThefollowingexamplesshowtheTimep
commandoptions:
HP2512(config)# ip timep manual 10.28.227.1 interval 60
HP2512(config)# ip timep manual 10.28.227.1
HP2512(config)# ip timep dhcp
HP2512(config)# ip timep dhcp interval 60
HP2512(config)# no ip timep
Web:ConfiguringIPAddressing
YoucanusethewebbrowserinterfacetoaccessIPaddressingonlyifthe
switchalreadyhasanIPaddressthatisreachablethroughyournetwork.
1. ClickontheConfigurationtab.
2. Clickon .
3. Ifyouneedfurtherinformationonusingthewebbrowserinterface,click
ontoaccesstheweb-basedhelpavailablefortheSwitch2512/2524.
HowIPAddressingAffectsSwitchOperation
WithoutanIPaddressandsubnetmaskcompatiblewithyournetwork,the
switchcanbemanagedonlythroughadirectterminaldeviceconnectionto
theConsoleRS-232port.Youcanusedirect-connectconsoleaccesstotake
advantageoffeaturesthatdonotdependonIPaddressing.However,torealize
thefullperformancecapabilitiesHPproactivenetworkingoffersthroughthe
switch,configuretheswitchwithanIPaddressandsubnetmaskcompatible
withyournetwork.Thefollowingtableliststhegeneralfeaturesavailablewith
andwithoutanetwork-compatibleIPaddressconfigured.
5-10
IPConfiguration
Table5-1. FeaturesAvailableWithandWithoutIPAddressingontheSwitch
FeaturesAvailableWithoutanIPAddress AdditionalHPProactiveNetworkingFeaturesAvailable
withanIPAddressandSubnetMask
Direct-connectaccesstotheCLIandthemenu
interface.
StackingCandidateorStackMember
DHCPorBootpsupportforautomaticIPaddress
configuration,andDHCPsupportforautomaticTimep
serverIPaddressconfiguration
SpanningTreeProtocol
Portsettingsandporttrunking
Console-basedstatusandcountersinformationfor
monitoringswitchoperationanddiagnosingproblems
throughtheCLIormenuinterface.
VLANs
GVRP
Serialdownloadsofoperatingsystem(OS)updates
andconfigurationfiles(Xmodem)
Linktest
Portmonitoring
Security
HPwebbrowserinterfaceaccess,withconfiguration,
security,anddiagnostictools,plustheAlertLogfor
discoveringproblemsdetectedintheswitchalong
withsuggestedsolutions
SNMPnetworkmanagementaccesssuchasHP
TopToolsnetworkconfiguration,monitoring,problem-
findingandreporting,analysis,andrecommendations
forchangestoincreasecontrolanduptime
StackingCommander*
TelnetaccesstotheCLIorthemenuinterface
IGMP
Timepserverconfiguration
TFTPdownloadofconfigurationsandOSupdates
Pingtest
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
*AlthoughaCommandercanoperatewithoutanIPaddress,doingsomakesitunavailableforin-bandaccessinan
IPnetwork.
DHCP/BootpOperation
Overview.DHCP/BootpisusedtoprovideconfigurationdatafromaDHCP
orBootpservertotheswitch.ThisdatacanbetheIPaddress,subnetmask,
defaultgateway,TimepServeraddress,andTFTPserveraddress.IfaTFTP
serveraddressisprovided,thisallows theswitchtoTFTPapreviouslysaved
configurationfilefromtheTFTPservertotheswitch.WitheitherDHCPor
Bootp,theserversmustbeconfiguredpriortotheswitchbeingconnectedto
thenetwork.
Not e TheSwitches2512and2524arecompatiblewithbothDHCPandBootp
servers.
TheDHCP/BootpProcess.WhenevertheIPConfigparameterintheswitch
orinanindividualVLANintheswitchisconfiguredtoDHCP/Bootp(the
default),orwhentheswitchisrebootedwiththisconfiguration:
5-11
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
IPConfiguration
1. DHCP/Bootprequestsareautomaticallybroadcastonthelocalnetwork.
(TheswitchsendsonetypeofrequesttowhicheitheraDHCPorBootp
servercanrespond.)
2. WhenaDHCPorBootpserverreceivestherequest,itreplieswitha
previouslyconfiguredIPaddressandsubnetmaskfortheswitch.The
switchalsoreceivesanIPGatewayaddressiftheserverhasbeenconfig-
uredtoprovideone.InthecaseofBootp,theservermustfirstbe
configuredwithanentrythathastheMACaddressoftheswitch.(To
determinetheswitchsMACaddress,seeappendixB,MACAddress
Management.Theswitchproperlyhandlesrepliesfromeithertypeof
server.Ifmultiplerepliesarereturned,theswitchtriestousethefirst
reply.)
Not e Ifyoumanuallyconfigureagatewayontheswitch,itwillignoreanygateway
addressreceivedviaDHCPorBootp.
IftheswitchisinitiallyconfiguredforDHCP/Bootpoperation(thedefault),
orifitisrebootedwiththisconfiguration,itimmediatelybeginssending
requestpacketsonthenetwork.Iftheswitchdoesnotreceiveareplytoits
DHCP/Bootprequests,itcontinuestoperiodicallysendrequestpackets,but
withdecreasingfrequency.Thus,ifaDHCPorBootpserverisnotavailable
oraccessibletotheswitchwhenDHCP/Bootpisfirstconfigured,theswitch
maynotimmediatelyreceivethedesiredconfiguration.Afterverifyingthat
theserverhasbecomeaccessibletotheswitch,reboottheswitchtore-start
theprocessimmediately.
DHCPOperation. AsignificantdifferencebetweenaDHCPconfiguration
andaBootpconfigurationisthatanIPaddressassignmentfromaDHCP
serverisautomatic.DependingonhowtheDHCPserverisconfigured,the
switchmayreceiveanipaddressthatistemporarilyleased.Periodicallythe
switchmayberequiredtorenewitsleaseoftheIPconfiguration.Thus,theIP
addressingprovidedbytheservermaybedifferenteachtimetheswitch
rebootsorrenewsitsconfigurationfromtheserver.However,youcanfixthe
addressassignmentfortheswitchbydoingeitherofthefollowing:
Configuretheservertoissueaninfinitelease.
UsingtheswitchsMACaddressasanidentifier,configuretheserverwith
aReservationsothatitwillalwaysassignthesameIPaddresstothe
switch.(ForMACaddressinformation,refertoappendixB,MAC
AddressManagement.)
Formoreinformationoneitheroftheseprocedures,refertothedocumenta-
tionprovidedwiththeDHCPserver.
5-12
IPConfiguration
BootpOperation.WhenaBootpserverreceivesarequestitsearchesits
BootpdatabaseforarecordentrythatmatchestheMACaddressintheBootp
requestfromtheswitch.Ifamatchisfound,theconfigurationdatainthe
associateddatabaserecordisreturnedtotheswitch.FormanyUnixsystems,
theBootpdatabaseiscontainedinthe/etc/bootptab file.IncontrasttoDHCP
operation,Bootpconfigurationsarealwaysthesameforaspecificreceiving
device.Thatis,theBootpserverrepliestoarequestwithaconfiguration
previouslystoredintheserveranddesignatedfortherequestingdevice.
BootpDatabaseRecordEntries.AminimalentryintheBootptablefile
/etc/bootptab toupdateanIPaddressandsubnetmasktotheswitchoraVLAN
configuredintheswitchwouldbesimilartothisentry:
j2512switch:\
ht=ether:\
ha=0030c1123456:\
ip=10.66.77.88:\
sm=255.255.248.0:\
gw=10.66.77.1:\
hn:\
vm=rfc1048
AnentryintheBootptablefile /etc/bootptab totelltheswitchorVLAN
wheretoobtainaconfigurationfiledownloadwouldbesimilartothisentry:
j2512switch:\
ht=ether:\
ha=0030c1123456:\
ip=10.66.77.88:\
sm=255.255.248.0:\
gw=10.66.77.1:\
lg=10.22.33.44:\
T144=switch.cfg:\
vm=rfc1048
where:
j2512switch isauser-definedsymbolicnametohelpyoufindthecorrectsectionofthe
bootptabfile.IfyouhavemultipleswitchesthatwillbeusingBootptogettheir
IPconfiguration,youshoulduseauniquesymbolicnameforeachswitch.
ht isthehardwaretype.FortheSwitches2512and2524,setthistoether(for
Ethernet).Thistagmustprecedethehatag.
ha isthehardwareaddress.Usetheswitch's(orVLAN's)12-digitMACaddress.
ip istheIPaddresstobeassignedtotheswitch(orVLAN).
sm isthesubnetmaskofthesubnetinwhichtheswitch(orVLAN)isinstalled.
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
5-13
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
IPConfiguration
gw istheIPaddressofthedefaultgateway.
lg TFTPserveraddress(sourceoffinalconfigurationfile)
T144 isthevendor-specifictagidentifyingtheconfigurationfiletodownload.
vm isarequiredentrythatspecifiestheBootpreportformat.FortheSwitches2512
and2524,setthisparametertorfc1048.
Not e TheaboveBootptableentryisasamplethatwillworkfortheSwitches2512
and2524whentheappropriateaddressesandfilenamesareused.
NetworkPreparationsforConfiguringDHCP/Bootp
Initsdefaultconfiguration,theswitchisconfiguredforDHCP/Bootpopera-
tion.However,theDHCP/BootpfeaturewillnotacquireIPaddressingforthe
switchunlessthefollowingtaskshavealreadybeencompleted:
ForBootpoperation:
ABootpdatabaserecordhasalreadybeenenteredintoanappropriate
Bootpserver.
Thenecessarynetworkconnectionsareinplace
TheBootpserverisaccessiblefromtheswitch
ForDHCPoperation:
ADHCPscopehasbeenconfiguredontheappropriateDHCPserver.
Thenecessarynetworkconnectionsareinplace
ADHCPserverisaccessiblefromtheswitch
Not e DesignatingaprimaryVLANotherthanthedefaultVLANaffectstheswitchs
useofinformationreceivedviaDHCP/Bootp.Formoreonthistopic,see
WhichVLANIsPrimary?onpage9-53.
AfteryoureconfigureorreboottheswitchwithDHCP/Bootpenabledina
networkprovidingDHCP/Bootpservice,theswitchdoesthefollowing:
ReceivesanIPaddressandsubnetmaskand,ifconfiguredintheserver,
agatewayIPaddressandtheaddressofaTimepserver.
IftheDHCP/Bootpreplyprovidesinformationfordownloadingaconfig-
urationfile,theswitchusesTFTPtodownloadthefilefromthedesignated
source,thenrebootsitself.(ThisassumesthattheswitchorVLANhas
connectivitytotheTFTPfileserverspecifiedinthereply,thattheconfig-
urationfileiscorrectlynamed,andthattheconfigurationfileexistsinthe
TFTPdirectory.)
5-14
IPConfiguration
GloballyAssignedIPNetworkAddresses
Ifyouintendtoconnectyournetworktoothernetworksthatuseglobally
administeredIPaddresses,Hewlett-Packardstronglyrecommendsthatyou
useIPaddressesthathaveanetworkaddressassignedtoyou.Thereisa
formalprocessforassigninguniqueIPaddressestonetworksworldwide.For
moreinformation:
Pleasecontactyourinternetserviceprovider(ISP).
IfyouneedmoreinformationthanyourISPcanprovide,contactoneofthe
followingorganizations:
Country PhoneNumber/E-Mail/URL
UnitedStates/ 1-310-823-9358
Countriesnotin
icann@icann.org
EuropeorAsia/Pacific
http://www.iana.org
Europe +31205354444
ncc@ripe.net
http://www.ripe.net
Asia/Pacific +61-7-3367-0490
info@apnic.net
http://www.apnic.net
CompanyName/Address
TheInternetCorporationforAssigned
NamesandNumbers(ICANN)
4676AdmiraltyWay,Suite330
MarinaDelRey,CA90292
USA
RIPENCC
Singel258
1016ABAmsterdam
TheNetherlands
Attention:IN-ADDR.ARPARegistration
AsiaPacificNetworkInformationCenter
Level1,33ParkRoad
POBox2131
Milton,QLD4064
Australia
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
Formoreinformation,refertoInternetworkingwithTCP/IP:Principles,
ProtocolsandArchitecturebyDouglasE.Comer(Prentice-Hall,Inc.,
publisher).
5-15
InterfaceAccess:Console/SerialLink,Web,andInboundTelnet
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
InterfaceAccess:Console/SerialLink,
Web,andInboundTelnet
InterfaceAccessFeatures
InactivityTime 0Minutes page5-17 page5-19
(disabled)
InboundTelnetAccess Enabled page5-17 page5-18
WebBrowserInterfaceAccess Enabled page5-17 page5-19
Terminaltype VT-100 page5-19
Event Logeventtypestolist All page5-19
(DisplayedEvents)
BaudRate SpeedSense page5-19
FlowControl XON/XOFF page5-19
Inmostcases,thedefaultconfigurationisacceptableforstandardoperation.
Not e Basicswitchsecurityisthroughpasswords.Youcangainadditionalsecurity
usingIPauthorizedmanagers.Howeverifunauthorizedaccesstotheswitch
throughin-bandmeans(Telnetorthewebbrowserinterface),thenyoucan
disallowin-bandaccess(asdescribedinthissection)andinstalltheswitchin
alockedenvironment.
5-16
Menu:ModifyingtheInterfaceAccess
Themenuinterfaceenablesyoutomodifytheseparameters:
InactivityTimeout
InboundTelnetEnabled
WebAgentEnabled
ToAccesstheInterfaceAccessParameters:
1. FromtheMainMenu,Select...
1.SystemInformation
InterfaceAccess
Parameters
Figure5-4.TheDefaultInterfaceAccessParametersAvailableintheMenu
Interface
2. Press(forEdit).ThecursormovestotheSystemNamefield.
3. Usethearrowkeys([v],[^],[<],[>])tomovetotheparametersyouwant
tochange.
Refertotheonlinehelpprovidedwiththisscreenforfurtherinformation
onconfigurationoptionsforthesefeatures.
4. Whenyouhavefinishedmakingchangestotheaboveparameters,press
,thenpress(forSave).
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
5-17
CLI:ModifyingtheInterfaceAccess
InterfaceAccessCommandsUsedinThisSection
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
showconsole below
[no]telnet-server below
[no]web-management page5-19
console page5-19
ListingtheCurrentConsole/SerialLinkConfiguration.Thiscom-
mandliststhecurrentinterfaceaccessparametersettings.
Syntax: showconsole
Thisexampleshowstheswitchsdefaultconsole/serialconfiguration.
l
InterfaceAccess
Enable/Disable
ConsoleContro
Options
EventLogEvent
TypesToList
Figure5-5.ListingofShowConsoleCommand
ReconfigureInboundTelnetAccess.Inthedefaultconfiguration,
inboundTelnetaccessisenabled.
Syntax:[no]telnet-server
TodisableinboundTelnetaccess:
HP2512(config)# no telnet-server
Tore-enableinboundTelnetaccess:
HP2512(config)# telnet-server
5-18
ReconfigureWebBrowserAccess.Inthedefaultconfiguration,web
browseraccessisenabled.
Syntax:[no]web-management
Todisablewebbrowseraccess:
HP2512(config)# no web-management
Tore-enablewebbrowseraccess:
HP2512(config)# web-management
ReconfiguretheConsole/SerialLinkSettings.Youcanreconfigureone
ormoreconsoleparameterswithoneconsolecommand.
Syntax: console
[terminal<vt100|ansi>]
[screen-refresh<1|3|5|10|20|30|45|60>]
[baud<speed-sense|1200|2400| 4800|9600|19200|38400|57600>]
[flow-control<xon/xoff|none>]
[inactivity-timer<01510 15 20 30 60 120>]
[events<none|all|non-info|critical|debug]
Not e IfyouchangetheBaudRateorFlowControlsettingsfortheswitch,you
shouldmakethecorrespondingchangesinyourconsoleaccessdevice.Oth-
erwise,youmayloseconnectivitybetweentheswitchandyourterminal
emulatorduetodifferencesbetweentheterminalandswitchsettingsforthese
twoparameters.
Allconsoleparameterchangesexcepteventsrequirethatyousavetheconfig-
urationwithwritememoryandthenexecutebootbeforethenewconsole
configurationwilltakeeffect.
Forexample,touseonecommandtoconfiguretheswitchwiththefollowing:
VT100operation
19,200baud
Noflowcontrol
10-minuteinactivitytime
Criticallogevents
youwouldusethefollowingcommandsequence:
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
5-19
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
iatel
reload.
TheswitchimplementstheEventLogchangeimmed y.Theswitchimplements
theotherconsolechangesafterexecutingwritememoryand
Figure5-6.ExampleofExecutingtheConsoleCommandwithMultipleParameters
Youcanalsoexecuteaseriesofconsolecommandsandthensavethe
configurationandboottheswitch.Forexample:
the
l
Savethe
switch.
Configure
individua
parameters.
changes.
Bootthe
Figure5-7.ExampleofExecutingaSeriesofConsoleCommands
5-20
SystemInformation
SystemInformation
SystemInformationFeatures
SystemName switchproduct page page page
name 5-22 5-23 5-25
SystemContact n/a page page page
5-22 5-23 5-25
SystemLocation n/a page page page
5-22 5-23 5-25
MACAgeInterval 300seconds page page
5-22 5-24
TimeZone 0 page page
5-22 5-24
DaylightTimeRule None page page
5-22 5-24
Time January1,1990at page
00:00:00atlast 5-25
powerreset
Configuringsysteminformationisoptional,butrecommended.
SystemName:Usingauniquenamehelpsyoutoidentifyindividualdevices
instackingenvironmentsandwhereyouareusinganSNMPnetworkmanage-
menttoolsuchasHPTopToolsforHubs&Switches.
SystemContactandLocation:Thisinformationishelpfulforidentifying
thepersonadministrativelyresponsiblefortheswitchandforidentifyingthe
locationsofindividualswitches.
MACAgeInterval:ThenumberofsecondsaMACaddresstheswitchhas
learnedremainsintheswitchsaddresstablebeforebeingagedout(deleted).
Agingoutoccurswhentherehasbeennotrafficfromthedevicebelongingto
thatMACaddressfortheconfiguredinterval.
TimeZone:ThenumberofminutesyourtimezonelocationistotheWest(+)
orEast(-)ofCoordinatedUniversalTime(formerlyGMT).Thedefault0
meansnotimezoneisconfigured.
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
5-21
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
SystemInformation
DaylightTimeRule:Specifiesthedaylightsavingstimeruletoapplyforyour
location.ThedefaultisNone.(Formoreonthistopic,seeappendixD,
DaylightSavingsTimeonHPProCurveSwitches.)
Time:UsedintheCLItospecifythetimeofday,thedate,andothersystem
parameters.
Menu:ViewingandConfiguringSystemInformation
Toaccessthesysteminformationparameters:
1. FromtheMainMenu,Select...
1.SystemInformation
SystemInformation
Figure5-8.TheSystemInformationConfigurationScreen(DefaultValues)
Not e Tohelpsimplifyadministration,itisrecommendedthatyouconfigure
SystemName toacharacterstringthatismeaningfulwithinyoursystem.
2. Press(forEdit).ThecursormovestotheSystemNamefield.
3. Refertotheonlinehelpprovidedwiththisscreenforfurtherinformation
,thenpress(forSave)andreturntotheMainMenu.
5-22
SystemInformation
CLI:ViewingandConfiguringSystemInformation
SystemInformationCommandsUsedinThisSection
showsystem-information below
hostname below
snmp-server below
[contact][location]
mac-age-time page5-24
timetimezone page5-24
timedaylight-time-rule page5-24
time(dateandtime) page5-25
ListingtheCurrentSystemInformation.Thiscommandliststhecurrent
systeminformationsettings.
Syntax: showsystem-information
Thisexampleshowstheswitchsdefaultconsoleconfiguration.
Figure5-9.ExampleofCLISystemInformationListing
ConfigureaSystemName,Contact,andLocationfortheSwitch.To
helpdistinguishoneswitchfromanother,configureaplain-languageidentity
fortheswitch.
Syntax: hostname<name-string>
snmp-server[contact<systemcontact>][location<systemlocation>]
Notethatnoblankspacesareallowedinthevariablesforthesecommands.
Forexample,tonametheswitchBluewithExt-4474asthesystemcontact,
andNorth-Data-Roomasthelocation:
HP2512(config)#hostnameBlue
HP2512(config)#snmp-servercontactExt-4474locationNorth-Data-Room
HP2512(config)#showsystem-information
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
5-23
SystemInformation
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
Newhostname,
contact,and
locationdatafrom
previous
commands.
Figure5-10.SystemInformationListingAfterExecutingthePrecedingCommands
ReconfiguretheAgeIntervalforLearnedMACAddresses.Thiscom-
mandcorrespondstotheMACAgeIntervalinthemenuinterface,andis
expressedinseconds.
Syntax: mac-age-time<10..1000000>(seconds)
Forexample,toconfiguretheageintervaltosevenminutes:
HP2512(config)# mac-age-time 420
ConfiguretheTimeZoneandDaylightTimeRule. Thesecommands:
Setthetimezoneyouwanttouse
Definethedaylighttimeruleforkeepingthecorrecttimewhendaylight-
saving-timeshiftsoccur.
Syntax: timetimezone<1440..-1440>
timedaylight-time-rule<none|alaska|continental-us-and-canada|
middle-europe-and-portugal|southern-hemisphere|western-europe|
user-defined>
Forexample,thiscommandconfiguresthetimezoneanddaylighttimerule
forVancouver,BritishColumbiainCanada(timezone8=480minutes):
HP2512(config)# time timezone 480 daylight-time-rule
continental-us-and-canada
5-24
SystemInformation
ConfiguretheTimeandDate.Theswitchusesthetimecommandtocon-
figureboththetimeofdayandthedate.Also,executingtimewithoutparam-
etersliststheswitchstimeofdayanddate.NotethattheCLIusesa24-hour
clockscheme;that is,hour(hh)valuesfrom1p.m.tomidnightareinputas
13-24,respectively.
Syntax: time[hh:mm[:ss]][mm/dd/[yy]yy]
Forexample,tosettheswitchto3:45p.m.onOctober1,2000:
HP2512(config)# time 15:45 10/01/00
Not e Executingreloadorbootresetsthetimeanddatetotheirdefaultstartupvalues.
Web:ConfiguringSystemParameters
Inthewebbrowserinterface,youcanenterthefollowingsysteminformation:
SystemName
SystemLocation
SystemContact
ForaccesstotheMACAgeIntervalandtheTimeparameters,usethemenu
interfaceortheCLI.
ConfigureSystemParametersintheWebBrowserInterface.
2. Clickon .
3. Enterthedatayouwantinthedisplayedfields.
4. Implementyournewdatabyclickingon .
Toaccesstheweb-basedhelpprovidedfortheswitch,clickonintheweb
browserscreen.
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
5-25
SystemInformation
C
o
n
f
i
g
u
r
i
n
g
I
P
A
d
d
r
e
s
s
i
n
g
,
I
n
t
e
r
f
a
c
e
A
c
c
e
s
s
,
a
n
d
5-26
6
OptimizingPortUsageThroughTraffic
ControlandPortTrunking
ChapterContents
Overview ..................................................... 6-2
ViewingPortStatusandConfiguringPortParameters........... 6-2
Menu:ViewingPortStatusandConfiguringPortParameters ...... 6-5
CLI:ViewingPortStatusandConfiguringPortParameters ........ 6-6
Web:ViewingPortStatusandConfiguringPortParameters ....... 6-9
PortTrunking................................................ 6-10
Switch2512and2524PortTrunkFeaturesandOperation ........ 6-11
TrunkConfigurationMethods ................................ 6-12
Menu:ViewingandConfiguringaStaticTrunkGroup............ 6-16
CLI:ViewingandConfiguringaStaticorDynamic
PortTrunkGroup .......................................... 6-18
UsingtheCLIToViewPortTrunks ........................ 6-18
UsingtheCLIToConfigureaStaticorDynamicTrunkGroup . 6-20
Web:ViewingExistingPortTrunkGroups ..................... 6-23
TrunkGroupOperationUsingLACP .......................... 6-24
DefaultPortOperation .................................. 6-25
LACPNotesandRestrictions ............................. 6-26
TrunkGroupOperationUsingtheTrunkOption............... 6-27
HowtheSwitchListsTrunkData ............................. 6-27
OutboundTrafficDistributionAcrossTrunkedLinks ............ 6-28
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
6-1
OptimizingPortUsageThroughTrafficControlandPortTrunking
Overview
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
Overview
Thischapterincludes:
Configuringports,includingmode(speedandduplex),flowcontrol,and
broadcastcontrolparameters(page6-2)
CreatingandmodifyingadynamicLACPorstaticporttrunkgroup(page
6-10)
Portnumbersinthestatusandconfigurationscreenscorrespondtotheport
numbersonthefrontoftheswitch.
ViewingPortStatusandConfiguringPort
Parameters
PortStatusandConfigurationFeatures
viewingportstatus n/a page6-5 page6-6 page6-9
configuringports 10/100TX, page6-5 page6-8 page6-9
Enabled,Auto
6-2
ViewingPortStatusandConfiguringPortParameters
Table6-1. StatusandParametersforEachPortType
Parameter
Description Statusor
IntrusionAlert Yes:Theswitchhasdetectedanattemptbyanunauthorizeddevicetocommunicatethroughthe
(read-only) indicatedport.
No:Eithernounauthorizeddeviceshavebeendetectedontheport,oranydetectedviolationshavebeen
cleared.
Formoreonintrusionsandintrusionalerts,seeConfiguringandMonitoringPortSecurityonpage7-9.
Enabled Yes(default):Theportisreadyforanetworkconnection.
No:Theportwillnotoperate,evenifproperlyconnectedinanetwork.Usethissetting,forexample,if
theportneedstobeshutdownfordiagnosticpurposesorwhileyouaremakingtopologychanges.
Status Up:Theportsensesalinkbeat.
(read-only)
Down:Theportisnotenabled,hasnocablesconnected,orisexperiencinganetworkerror.For
troubleshootinginformation,seetheinstallationmanualyoureceivedwiththeswitch.Seealsochapter
11,Troubleshooting(inthismanual).
Mode Theportsspeedandduplex(datatransferoperation)setting.
10/100Base-Tports:
Auto(default):Sensesspeedandnegotiateswiththeportattheotherendofthelinkfordatatransfer
operation(half-duplexorfull-duplex).
Note:Ensurethatthedeviceattachedtotheportisconfiguredforthesamesettingthatyouselect
here.Also,ifAutoisused,thedevicetowhichtheportisconnectedmustoperateincompliance
withtheIEEE802.3uAutoNegotiationstandardfor100Base-Tnetworks.Iftheotherdevicedoes
notcomplywiththe802.3ustandard,orisnotsettoAuto,thentheportconfigurationontheswitch
mustbemanuallysettomatchtheportconfigurationontheotherdevice.
ToseewhattheswitchnegotiatesfortheAutosetting,usetheCLIshowinterfacescommandorthe
3.PortStatusoptionunder1.StatusandCountersinthemenuinterface.
Auto-10:Allowstheporttonegotiatebetweenhalf-duplex(HDx)andfull-duplex(FDx)whilekeeping
speedat10Mbps. Alsonegotiatesflowcontrol(enabledordisabled).HPrecommendsAuto-10for
linksbetween10/100autosensingportsconnectedwithCat3cabling.(Cat5cablingisrequiredfor
100Mbpslinks.).
10HDx:10Mbps,Half-Duplex
10FDx:10Mbps,Full-Duplex
100HDx:100Mbps,Half-Duplex
100FXports:
100HDx(default):100Mbps,Half-Duplex
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
6-3
Parameter
Description Statusor
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
100/1000Base-Tports:
Auto(default):Sensesspeedandnegotiateswiththeportattheotherendofthelinkforportoperation
(MDI-XorMDI).
ToseewhattheswitchnegotiatesfortheAutosetting,usetheCLIshowinterfacescommandorthe
3.PortStatusoptionunder1.StatusandCountersinthemenuinterface.
1000Fdx:1000Mbps(1Gbps),Full-Duplexonly
100Fdx:100Mbps,Full-Duplex
Notes:
Changingtheportspeedonatransceiverportrequiresarebootoftheswitch.
Ensurethatthedeviceattachedtotheportisconfiguredforthesamesettingthatyouselecthere.
Also,ifAutoisused,thedevicetowhichtheportisconnectedmustalsobeconfiguredtoAuto
andoperateincompliancewiththeIEEE802.3abAutoNegotiationstandardfor1000Base-T
networks.
Gigabitfiber-opticports(Gigabit-SXandGigabit-LX):
1000FDx(default):1000Mbps(1Gbps),FullDuplexonly
Auto:Theportoperatesat1000FDxandauto-negotiatesflowcontrolwiththedeviceconnectedto
theport.
FlowControl Disabled(default):Theportwillnotgenerateflowcontrolpacketsanddropsreceivedflowcontrol
packets.
Enabled:Theportuses802.3xLinkLayerFlowControl,generatesflowcontrolpackets,andprocesses
receivedflowcontrolpackets.
WiththeportmodesettoAuto(thedefault)andFlowControlenabled,theswitchnegotiatesFlowControl
ontheindicatedport.IftheportmodeisnotsettoAuto,orifFlowControlisdisabledontheport,then
FlowControlisnotused.
BcastLimit Specifiesthetheoreticalmaximumofnetworkbandwidthpercentagethatcanbeusedforbroadcastand
multicasttraffic.Anybroadcastormulticasttrafficexceedingthatlimitwillbedropped.Zero(0)means
thefeatureisdisabled.
Note:Ifbroadcastlimitsareconfiguredonagroupofports,andthoseportsarelaterconfiguredas
atrunk,thenthebroadcastlimitforthetrunkwillbethehighestlimitthatwaspreviouslyconfigured
ontheindividualportsinthetrunk.
Group(menu) MenuInterface:Specifiesthestatictrunkgroup,ifany,towhichaportbelongs.
or
TrunkGroup
CLI:AppearsintheshowlacpcommandoutputtoshowtheLACPtrunk,ifany,towhichaportbelongs.
(CLI)
Note:AnLACPtrunkrequiresafull-duplexlink.Inmostcases,HPrecommendsthatyouleavethe
portModesettingatAuto(thedefault).SeetheLACPNoteonpage6-11.
Formoreonporttrunking,seePortTrunkingonpage6-10.
Type ThisparameterappearsintheCLIshowtrunklistingand,foraportinatrunkgroup,specifiesthetype
oftrunkgroup.ThedefaultTypeispassiveLACP,whichcanbedisplayedbyusingtheCLIshowlacp
command.
Formoreonporttrunking,seePortTrunkingonpage6-10.
6-4
Menu:ViewingPortStatusandConfiguringPort
Parameters
Fromthemenuinterface,youcanconfigureandviewallportparameter
settingsandviewallportstatusindicators.
UsingtheMenuToViewPortStatus. Themenuinterfacedisplaysthe
statusforportsand(if configured)atrunkgroup.
FromtheMainMenu,select:
1.StatusandCounters...
3.PortStatus
Inthisexample,
ports5and6have
previouslybeen
configuredasa
trunkgroup.
Figure6-11.ExampleofthePortStatusScreen
UsingtheMenuToConfigurePorts.
Not e Themenuinterfaceusesthesamescreenforconfiguringbothindividualports
andporttrunkgroups.Forinformationonporttrunkgroups,seePort
Trunkingonpage6-10.
1. FromtheMainMenu,Select:
2.Port/TrunkSettings
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
6-5
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
Figure6-12.ExampleofPort/TrunkSettingswithaTrunkGroupConfigured
2. Press(forEdit).ThecursormovestotheEnabledfieldforthefirstport.
3. Refertotheonlinehelpprovidedwiththisscreenforfurtherinformation
,thenpress(forSave).
CLI:ViewingPortStatusandConfiguringPort
Parameters
PortStatusandConfigurationCommands
showinterfaces below
showinterfaceconfig page6-7
interface page6-8
FromtheCLI,youcanconfigureandviewallportparametersettingsandview
allportstatusindicators.
UsingtheCLIToViewPortStatus. Usethefollowingcommandstodis-
playportstatusandconfiguration:
showinterfaces:Liststhefullstatusandconfigurationforallportsonthe
switch.
showinterfaceconfig:Listsasubsetofthedatashownbytheshow
interfacescommand(above);thatis,onlytheenabled/disabled,mode,and
flowcontrolstatusforallportsontheswitch.
6-6
Syntax: showinterfaces
showinterfaceconfig
Thenexttwofigureslistexamplesof theoutputoftheabovetwocommands
forthesameportconfigurationonaSwitch2512or2524.
Figure6-1.ExampleofaShowInterfaceCommandListing
Figure6-2.ExampleofaShowInterfaceConfigCommandListing
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
6-7
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
UsingtheCLIToConfigurePorts. Youcanconfigureoneormoreofthe
followingportparameters.Fordetailsoneachoption,seeTable6-1onpage
6-3.
Syntax: [no]interface<[ethernet]port-list>
[disable|enable]
[speed-duplex
<auto-10|10-full|10-half|100-full|100-half|auto|1000-full|>]
[flow-control]
[broadcast-limit<0-99>]
Notethatintheabovesyntaxyoucansubstituteanintforinterfaceandan
eforethernet;thatisinte<port-list>.
Forexample,toconfigureports1through4andport7for100Mbpsfull-duplex
withabroadcastlimitof20%,youwouldenterthiscommand:
HP2512(config)# int e 1-4,7 speed-duplex 100-full
broadcast-limit 20
Similarly,toconfigureasingleportwiththesettingsintheabovecommand,
youcouldeitherenterthesamecommandwithonlytheoneportidentified,
orgotothecontextlevelforthatportandthenenterthecommand.For
example,toenterthecontextlevelforport7andthenconfigurethatportfor
100FDxwithabroadcastlimitof20%:
HP2512(config)# int e 7
HP2512(eth-7)# speed-duplex 100-full broadcast-limit 20
Ifport8wasdisabled,andyouwantedtoenableitandconfigureitfor100FDx
withabroadcastlimitof20%,withflow-controlactiveandabroadcastlimit
of20%,youcoulddosowitheitherofthefollowingcommandsets.
Thiscommandenablesandconfiguresport8fromtheconfiglevel:
HP2512(config)# interface e 8 enable speed-duplex
100-full broadcast-limit 20 flow-control
Thesetwocommandsselectthecontextlevelforport8andthenapply
alloftheconfigurationcommandstoport8:
HP2512(config)# int e 8
HP2512(eth-8)# enable speed-duplex 100-full
flow-control broadcast-limit 20
6-8
Web:ViewingPortStatusandConfiguringPort
Parameters
Inthewebbrowserinterface:
2. Clickon .
3. Selecttheportsyouwanttomodifyandclickon .
4. Afteryoumakethedesiredchanges,clickon .
Notethatthewebbrowserinterfacedisplaysanexistingporttrunkgroup.
However,toconfigureaporttrunkgroup,youmustusetheCLIorthemenu
interface.Formoreonthistopic,seePortTrunkingonpage6-10.
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
6-9
PortTrunking
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
PortTrunking
PortStatusandConfigurationFeatures
viewingporttrunks n/a page6-16 page6-18 page6-23
configuringastatictrunk none page6-16 page6-21
group
configuringadynamicLACP LACPpassive page6-22
trunkgroup
Porttrunkingallowsyoutoassignuptofourphysicallinkstoonelogicallink
(trunk)thatfunctionsasasingle,higher-speedlinkprovidingdramatically
increasedbandwidth.Thiscapabilityappliestoconnectionsbetweenback-
bonedevicesaswellastoconnectionsinothernetworkareaswheretraffic
bottlenecksexist.Atrunkgroupisasetofuptofourportsconfiguredas
membersofthesameporttrunk.Notethattheportsinatrunkgroupdonot
havetobeconsecutive.Forexample:
Themultiplephysicallinksinatrunkbehaveasonelogicallink
Switch1:
.
.
.
.
.
.
Switch2:
Ports1,2,4,
and6
configured
asaport
trunk
port1
port2
port3
port4
port5
port6
port7
port1
port2
port3
port4
port5
port6
port7
Ports1,2,5
and7
configured
asaport
trunk
Figure6-3.ConceptualExampleofPortTrunking
Withfull-duplexoperationinafour-porttrunkgroup,trunkingenablesthe
followingbandwidthcapabilities:
Table6-2. BandwidthCapacityforTrunkGroupsConfiguredforFull-Duplex
10MbpsLinks 100MbpsLinks 1000MbpsLinks
2Ports Upto40Mbps
3Ports Upto60Mbps
4Ports Upto80Mbps
Upto400Mbps Upto4000Mbps
Upto600Mbps n/a*
Upto800Mbps n/a*
*
TheSwitches2512and2524offeramaximumoftwogigabitlinksifoptionalgigabit
transceiversareinstalled.
6-10
PortTrunking
PortConnectionsandConfiguration:Allporttrunklinksmustbepoint-
to-pointconnectionsbetweentheswitch2512or2524andanotherswitch,
router,server,orworkstationconfiguredforporttrunking.Nointervening,
non-trunkingdevicesareallowed.Itisimportanttonotethatportsonboth
endsofaporttrunkgroupmusthavethesamemode(speedandduplex)and
flowcontrolsettings.
Not e LinkConnections.Theswitchdoesnotsupportporttrunkingthroughan
intermediate,non-trunkingdevicesuchasahub,orusingmorethanonemedia
typeinaporttrunkgroup.Similarly,alllinksinthesametrunkgroupmust
havethesamespeed,duplex,andflowcontrol.
PortSecurityRestriction.Portsecuritydoesnotoperateonatrunkgroup.
Ifyouconfigureportsecurityononeormoreportsthatarelateraddedtoa
trunkgroup,theswitchwillresettheportsecurityparametersforthoseports
tothefactory-defaultconfiguration.
Ca u t i o n Toavoidbroadcaststormsorloopsinyournetworkwhileconfiguringa
trunk,firstdisableordisconnectallportsyouwanttoaddtoorremovefrom
thetrunk.Afteryoufinishconfiguringthetrunk,enableorre-connectthe
ports.
Switch2512and2524PortTrunkFeaturesand
Operation
TheSeries2500switchesoffertheseoptionsforporttrunking:
LACP(IEEE802.3adpage6-24)
Trunk(non-protocolpage6-27)
TheSeries2500switchessupportonetrunkgroupofuptofourports.(Using
theLinkAggregationControlProtocolLACPoption,youcaninclude
standbytrunkedportsinadditiontothemaximumoffouractivelytrunking
ports.)
L ACP No t e LACPoperationrequiresfull-duplex(FDx)links.Formostinstallations,HP
recommendsthatyouleavetheportModesettingsatAuto(thedefault).LACP
alsooperateswithAuto-10(ifnegotiationselectsHDx),10FDx,100FDx,and
1000FDxsettings.
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
6-11
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
PortTrunking
FaultTolerance: Ifalinkinaporttrunkfails,theswitchredistributes
trafficoriginallydestinedforthatlinktotheremaininglinksinthetrunk.The
trunkremainsoperableaslongasthereisatleastonelinkinoperation.Ifa
linkisrestored,thatlinkisautomaticallyincludedinthetrafficdistribution
again.TheLACPoptionalsooffersastandbylinkcapability,whichenables
youtokeeplinksinreserveforserviceifoneormoreoftheoriginalactive
linksfails.SeeTrunkGroupOperationUsingLACPonpage6-24.)
TrunkConfigurationMethods
DynamicLACPTrunk:Theswitchautomaticallynegotiatestrunkedlinks
betweenLACP-configuredportsonseparatedevices,andoffersonedynamic
trunkoption:LACP.ToconfiguretheswitchtoinitiateadynamicLACPtrunk
withanotherdevice,usetheinterfaceethernetcommandintheCLItosetthe
defaultLACPoptiontoActiveontheportsyouwanttouseforthetrunk.For
example,thefollowingcommandsetsports1-4toLACPactive:
HP2512(config)# int e 1-4 lacp active
Notethattheaboveexampleworksiftheportsarenotalreadyoperatingina
trunk.TochangetheLACPoptiononportsalreadyoperatingasatrunk,you
mustfirstremovethemfromthetrunk.Forexample,ifports1-4wereLACP-
activeandoperatinginatrunkwithanotherdevice,youwoulddothe
followingtochangethemtoLACP-passive:
HP2512(config)# no int e 1-4 lacp Removestheportsfrom
thetrunk.
HP2512(config)# int e 1-4 ConfiguresLACP
lacp passive passive.
StaticTrunk:TheswitchusesthelinksyouconfigurewiththePort/Trunk
SettingsscreeninthemenuinterfaceorthetrunkcommandintheCLItocreate
astaticporttrunk.Theswitchofferstwotypesofstatictrunks:LACPand
Trunk.
Table6-3. TrunkTypesUsedinStaticandDynamicTrunkGroups
Method
Trunking LACP Trunk
Dynamic Yes No
Static Yes Yes
6-12
PortTrunking
Table6-4. TrunkConfigurationProtocols
Protocol TrunkingOptions
LACP ProvidesdynamicandstaticLACPtrunkingoptions.
(802.3ad)
DynamicLACPUsetheswitch-negotiateddynamicLACPtrunkwhen:
TheportontheotherendofthetrunklinkisconfiguredforActiveorPassiveLACP.
Youwanttoachievefault-toleranceforhigh-availabilityapplicationswhereyouwantafour-linktrunk
withoneormorestandbylinksavailableincaseanactivelinkgoesdown.(Bothendsofthelinkmust
bedynamicLACP.)
StaticLACPUsethemanuallyconfiguredstaticLACPtrunkwhen:
TheportontheotherendofthetrunklinkisconfiguredforastaticLACPtrunk
Youwanttoconfigurenon-defaultspanningtree(STP)orIGMPparametersonanLACPtrunkgroup.
YouwantanLACPtrunkgrouptooperateinaVLANotherthanthedefaultVLANandGVRPisdisabled.
YouwanttouseamonitorportontheswitchtomonitoranLACPtrunk.
SeeTrunkGroupOperationUsingLACPonpage6-24.
Trunk Providesmanuallyconfigured,static-onlytrunkingto:
(non- MostHPswitchesandroutingswitchesnotrunningthe802.3adLACPprotocol.
protocol)
WindowsNTandHP-UXworkstationsandservers
UsetheTrunkoptionwhen:
Thedevicetowhichyouwanttocreateatrunklinkisusinganon-802.3adtrunkingprotocol
Youareunsurewhichtypeoftrunktouse,orthedevicetowhichyouwanttocreateatrunklinkis
usinganunknowntrunkingprotocol.
Youwanttouseamonitorportontheswitchtomonitortrafficonatrunk.
SeeTrunkGroupOperationUsingtheTrunkOptiononpage6-27.
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
6-13
PortTrunking
Table6-5. GeneralOperatingRulesforPortTrunks
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
Media:Allportsonbothendsofatrunkgroupmusthavethesamemediatypeandmode(speedandduplex).Theswitch
blocksanytrunkedlinksthatdonotconformtothisrule.(FortheSwitch2512and2524,HPrecommendsleavingtheport
ModesettingatAutoor,innetworksusingCat3cabling,Auto-10.)
PortConfiguration:ThedefaultportconfigurationontheSwitch2512/2524isAuto,whichenablesaporttosensespeed
andnegotiateduplexwithanAuto-enabledportonanotherdevice.HPrecommendsthatyouusetheAutosettingforall
portsyouplantousefortrunking. Otherwise,youmustmanuallyensurethatthemodesettingforeachportinatrunkis
compatiblewiththeotherportsinthetrunk.
RecommendedPortModeSettingforLACP
Allofthefollowingoperateonaper-portbasis,regardlessoftrunkmembership:
Enable/Disable
Flowcontrol(FlowCtrl)
Broadcastlimit(BcastLimit)(NotethattheswitchautomaticallyadjuststheBcastLimitsettingonindividualportsin
thetrunktomatchthetrunkedportwiththehighestbroadcastlimit.)Whenabroadcastlimitisconfiguredonatrunk,
removingaportfromthetrunksetsthebroadcastlimitforthatportto0(thedefault).
LACPisafull-duplexprotocol.SeeTrunkGroupOperationUsingLACPonpage6-24.
TrunkConfiguration:Allportsinthesametrunkgroupmustbethesametrunktype(LACP,orTrunk).AllLACPportsinthe
sametrunkgroupmustbeeitherallstaticLACPoralldynamicLACP.
AtrunkappearsasasingleportlabeledDyn1(foranLACPdynamictrunk)orTrk1(forastatictrunkofanytype:
LACP,orTrunk)onvariousmenuandCLIscreens.Foralistingofwhichscreensshowwhichtrunktypes,seeHowthe
SwitchListsTrunkDataonpage6-27.
ForSTPorVLANoperation,configurationforallportsinatrunkisdoneatthetrunklevel.(Youcannotseparatelyconfigure
individualportswithinatrunkforSTPorVLANoperation.)
TrafficDistribution:AlloftheswitchtrunkprotocolsusetheSA/DA(SourceAddress/DestinationAddress)methodof
distributingtrafficacrossthetrunkedlinks.SeeOutboundTrafficDistributionAcrossTrunkedLinksonpage6-28.
6-14
PortTrunking
SpanningTreeProtocol(STP):STPoperatesasaglobalsettingontheswitch(oneinstanceofSTPperswitch).However,
youcanadjustSTPparametersonaper-portbasis.AstatictrunkofanytypeappearsintheSTPconfigurationdisplay,
andyoucanconfigureSTPparametersforastatictrunkinthesamewaythatyouwouldconfigureSTPparameterson
anon-trunkedport.(NotethattheswitchliststhetrunkbynameTrk1anddoesnotlisttheindividualportsinthe
trunk.)Forexample,ifports1and2areconfiguredasastatictrunk,theyarelistedintheSTPdisplayasTRK1anddonot
appearasindividualportsintheSTPdisplays.
l
i
Inthisexamp eshowing
partoftheshowspanning-
treelisting,ports1and2
aremembersofTRK1and
donotappearasind vidual
portsintheport
configurationpartofthe
listing.
WhenSpanningTreeforwardsonatrunk,allportsinthetrunkwillbeforwarding.Conversely,whenSpanningTreeblocks
atrunk,allportsinthetrunkareblocked.
Note:AdynamicLACPtrunkoperatesonlywiththedefaultSTPsettingsanddoesnotappearintheSTPconfiguration
displayorshowipigmplisting.
Ifyouremoveaportfromastatictrunk,theportretainsthesameSTPsettingsthatwereconfiguredforthetrunk.
IPMulticastProtocol(IGMP):AstatictrunkofanytypeappearsintheIGMPconfigurationdisplay,andyoucanconfigure
IGMPforastatictrunkinthesamewaythatyouwouldconfigureIGMPonanon-trunkedport.(Notethattheswitchlists
thetrunkbynameTrk1anddoesnotlisttheindividualportsinthetrunk.)Also,creatinganewtrunkautomatically
placesthetrunkinIGMPAutostatusifIGMPisenabledforthedefaultVLAN. AdynamicLACPtrunkoperatesonlywith
thedefaultIGMPsettingsanddoesnotappearintheIGMPconfigurationdisplayorshowipigmplisting.
VLANs:CreatinganewtrunkautomaticallyplacesthetrunkintheDEFAULT_VLAN,regardlessofwhethertheportsin
thetrunkwereinanotherVLAN.Similarly,removingaportfromatrunkgroupautomaticallyplacestheportinthedefault
VLAN.YoucanconfigureastatictrunkinthesamewaythatyouconfigureaportformembershipinanyVLAN.
Note:ForadynamictrunktooperateinaVLANotherthanthedefaultVLAN(DEFAULT_VLAN),GVRPmustbeenabled.
SeeTrunkGroupOperationUsingLACPonpage6-24.
PortSecurity:Trunkgroups(andtheirindividualports)cannotbeconfiguredforportsecurity,andtheswitchexcludes
trunkedportsfromtheshowport-securitylisting.Ifyouconfigurenon-defaultportsecuritysettingsforaport,then
subsequentlyplacetheportinatrunk,theportsecurityforthatportreturnstothedefaultsettings.Ifyouremoveaport
fromatrunk,theportsecuritysettingsforthatportarereturnedtotheirdefaultvalues.
MonitorPort:
Note:Atrunkcannotbeamonitorport.AmonitorportcanmonitorastatictrunkbutcannotmonitoradynamicLACP
trunk.
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
6-15
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
PortTrunking
Menu:ViewingandConfiguringaStaticTrunkGroup
I mp o r t a n t Configureporttrunkingbeforeyouconnectthetrunkedlinkstoanother
switch,routingswitch,orserver.Otherwise,abroadcaststormcouldoccur.
(Ifyouneedtoconnecttheportsbeforeconfiguringthemfortrunking,you
cantemporarilydisabletheportsuntilthetrunkisconfigured.SeeUsingthe
CLIToConfigurePortsonpage6-8.)
ToViewand/orConfigureStaticPortTrunking:Thisprocedureuses
thePort/TrunkSettingsscreentoconfigureastaticporttrunkgrouponthe
switch.
1. FollowtheproceduresintheImportantnoteabove.
2.Port/TrunkSettings
3. Press(forEdit)andthenusethearrowkeystoaccesstheporttrunk
parameters.
Thesetwocolumnsprovide
statictrunkcontrol.
Figure6-4.ExampleoftheMenuScreenforConfiguringaPortTrunkGroup
4. IntheGroupcolumn,movethecursortotheportyouwanttoconfigure.
5. UsetheSpacebartochoosetheTrk1 trunkgroupassignmentforthe
selectedport.
Allportsinatrunkmusthavethesamemediatypeandmode(such
as10/100TXsetto100FDx,or100FXsetto100FDx).Theflowcontrol
settingsmustalsobethesameforallportsinagiventrunk.(The
6-16
PortTrunking
switchautomaticallyadjustsBroadcastLimitsettingstobethesame
forallportsinatrunk.)Toverifythesesettings,seeViewingPort
StatusandConfiguringPortParametersonpage6-2.
Youcanconfigurethetrunkgroupwithone,two,three,orfourports
pertrunk.IfmultipleVLANsareconfigured,allportswithinatrunk
willbeassignedtothesameVLANorsetofVLANs.(Withthe802.1Q
VLANcapabilitybuiltintotheswitch,morethanoneVLANcanbe
assignedtoatrunk.SeePort-BasedVirtualLANs(StaticVLANs)on
page9-50.)
(Toreturnaporttoanon-trunkstatus,keeppressingtheSpacebar
untilablankappearsinthehighlightedGroupvalueforthatport.)
Figure6-5.ExampleoftheConfigurationforaTwo-PortTrunkGroup
6. MovethecursortotheTypecolumnfortheselectedportandusethe
Spacebartoselectthetrunktype:
LACP
Trunk(thedefaulttypeifyoudonotspecifyatype)
Allportsinthesametrunkgrouponthesameswitchmusthavethesame
Type(LACP,orTrunk).
7. Whenyouarefinishedassigningportstothetrunkgroup,press,then
(forSave)andreturntotheMainMenu.(Itisnotnecessarytoreboot
theswitch.)
DuringtheSaveprocess,trafficontheportsconfiguredfortrunkingwill
bedelayedforseveralseconds.IftheSpanningTreeProtocolisenabled,
thedelaymaybeupto30seconds.
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
6-17
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
PortTrunking
8. Connectthetrunkedportsontheswitchtothecorrespondingportson
theoppositedevice.Ifyoupreviouslydisabledanyofthetrunkedports
ontheswitch,enablethemnow.(SeeViewingPortStatusandConfigur-
ingPortParametersonpage6-2.)
ChecktheEventLog(page11-11)toverifythatthetrunkedportsareoperating
properly.
CLI:ViewingandConfiguringaStaticorDynamicPort
TrunkGroup
TrunkStatusandConfigurationCommands
showtrunks below
showlacp page6-19
trunk page6-21
interfacelacp page6-22
UsingtheCLIToViewPortTrunks
Youcanlistthetrunktypeandgroupforallportsontheswitchorforselected
ports.YoucanalsolistLACP-onlystatusinformationforLACP-configured
ports.
ListingStaticTrunkTypeandGroupforAllPortsorSelectedPorts.
Syntax: showtrunks[<port-list>]
Omittingthe<port-list>parameterresultsinastatictrunkdatalistingforall
LANportsintheswitch.
Thisexampleusesaportlisttospecifyonlytheswitchportsanadministrator
wantstoview:
Figure6-6.ExampleofaShowTrunkListingforSpecificPorts
6-18
PortTrunking
Theshowtrunkcommandinthisexampledoesnotincludeaportlist.Asa
result,thelistingshowsstatictrunkgroupinformationforallswitchports.
Figure6-7.ExampleofaShowTrunkListingWithoutSpecifyingPorts
ListingStaticLACPandDynamicLACPTrunkData.Thiscommand
listsdataforonlytheLACP-configuredports.
Syntax: showlacp
Inthefollowingexample,ports1,2,and3havebeenpreviouslyconfigured
forastaticLACPtrunk.(FormoreonActive,seetable6-7onpage6-25.)
Figure6-8.ExampleofaShowLACPListing
DynamicLACPStandbyLinks. DynamicLACPtrunkingenablesyouto
configurestandbylinksforatrunkbyincludingmorethanfourportsina
dynamicLACPtrunkconfiguration.Whenfourports(trunklinks)areup,the
remaininglink(s)willbeheldinstandbystatus.IfatrunkedlinkthatisUp
fails,itwillbereplacedbyastandbylink,whichmaintainsyourintended
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
6-19
PortTrunking
bandwidthforthetrunk.Inthenextexample,ports1through5havebeen
configuredforthesameLACPtrunk.Noticethatoneofthelinksshows
Standbystatus,whiletheremainingfourlinksareUp.
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
UpLinks
StandbyLink
Figure6-9.ExampleofaDynamicLACPTrunkwithOneStandbyLink
UsingtheCLIToConfigureaStaticorDynamicTrunkGroup
I mp o r t a n t Configureporttrunkingbeforeyouconnectthetrunkedlinksbetween
switches.Otherwise,abroadcaststormcouldoccur.(Ifyouneedtoconnect
theportsbeforeconfiguringthemfortrunking,youcantemporarilydisable
theportsuntilthetrunkisconfigured.SeeUsingtheCLIToConfigurePorts
onpage6-8.)
OntheSwitches2512and2524,youcanconfigureoneporttrunkgrouphaving
uptofourlinks(withadditionalstandbylinksifyoureusingLACP).Options
include:
Ifnotrunkgroupexists,youcancreateatrunkgroupontheswitch
Ifatrunkgroupalreadyexistsontheswitch,youcanaddportstothe
trunkgroupordeleteportswithinthegroup.
Youcanremoveasubsetofportsfromatrunkgroup,ordeletethetrunk
groupentirelybyremovingallportsfromthegroup
6-20
PortTrunking
Youcanconfiguretrunkgrouptypesasfollows:
TrunkType TrunkGroupMembership
Trk1(Static) Dyn1(Dynamic)
LACP Yes Yes
Trunk Yes No
Not e TrunksconfiguredasFECarenotsupportedonProCurvescurrentversion
ofsoftware.Toconfigureporttrunkgroups,usestatictrunksorLACP.For
releasenotesdescribingthelatestsoftwareupdates,visittheProCurveNet-
workingwebsiteathttp://www.procurve.com.ClickonTechnicalsupport,
andthenclickonProductManuals.
Thefollowingexamplesshowhowtocreatedifferenttypesoftrunkgroups.
However,theSwitches2512and2524allowonlyonetrunkgroupatanytime.
ConfiguringaStaticTrunkorStaticLACPTrunkGroup.
Syntax: trunktrk1<trunk|lacp><port-list>
Thisexampleusesports5-8tocreateanon-protocolstatictrunkgroup.
HP2512(config)# trunk trk1 trunk 5-8
RemovingPortsfromaStaticTrunkGroup.Thiscommandremoves
oneormoreportsfromanexistingTrk1trunkgroup.
Ca u t i o n Removingaportfromatrunkcanresultinaloopandcauseabroadcaststorm.
WhenyouremoveaportfromatrunkwhereSTPisnotinuse,HPrecommends
thatyoudisabletheportordisconnectthelinkonthatport.
Syntax: notrunk<port-list>
Thisexampleremovesports7and8fromanexistingtrunkgroup.
HP2512(config)# no trunk 7-8
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
6-21
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
PortTrunking
EnablingaDynamicLACPTrunkGroup.Inthedefaultportconfigura-
tion,allportsontheswitcharesettoLACPpassive.However,toenablethe
switchtoautomaticallyformatrunkgroupthatisdynamiconbothendsof
thelink,theportsononeendofasetoflinksmustbeLACPactive.Theports
ontheotherendcanbeeitherLACPactiveorLACPpassive.Thiscommand
enablestheswitchtoautomaticallyestablisha(dynamic)LACPtrunkgroup
whenthedeviceontheotherendofthelinkis configuredforLACPpassive.
SwitchA
default).
passive(the
default).
i
SwitchB
default).
i
withportsset
toLACP
passive(the
SwitchB
withportsset
toLACP
DynamicLACPtrunkcannotautomaticallyformbecauseboth
endsofthel nksareLACPpassive.
(InthiscaseSTPblockingisneededtopreventaloop.
SwitchA
withportsset
toLACP
active.
withportsset
toLACP
passive(the
DynamicLACPtrunkautomaticallyformsbecauseboth
endsofthelinksareLACPandatleastoneend sLACP
active.(STPisnotneeded,andtheclearadvantagesare
increasedbandwidthandfault-tolerance.
Figure6-10.ExampleofCriteriaforAutomaticallyFormingaDynamicLACPTrunk
Syntax: interface<port-list>lacpactive
Thisexampleusesports5and6toenableadynamicLACPtrunkgroup.
HP2512(config)# interface 5-6 lacp active
6-22
PortTrunking
RemovingPortsfromaDynamicLACPTrunkGroup. Toremoveaport
fromdynamicLACPtrunkoperation,youmustturnoffLACPontheport.(On
aportinanoperating,dynamicLACPtrunk,youcannotchangebetweenLACP
dynamicandLACPpassivewithoutfirstremovingLACPoperationfromthe
port.)
Ca u t i o n UnlessSTPisrunningonyournetwork,removingaportfromatrunkcan
resultinaloop.Tohelppreventabroadcaststormwhenyouremoveaport
fromatrunkwhereSTPisnotinuse,HPrecommendsthatyoufirstdisconnect
thelinkonthatport.
Syntax: no interface<port-list>lacp
Inthisexample,port1belongstoanoperating,dynamicLACPtrunk.To
removeport1fromthedynamictrunkandreturnittopassiveLACP,youwould
dothefollowing:
HP2512>(config)# no interface 1 lacp
HP2512>(config)# interface 1 lacp passive
Notethatintheaboveexample,iftheportontheotherendofthelinkis
configuredforactiveLACPorstaticLACP,thetrunkedlinkwillbere-
establishedalmostimmediately.
Web:ViewingExistingPortTrunkGroups
Whilethewebbrowserinterfacedoesnotenableyoutoconfigureaporttrunk
group,itdoesprovideaviewofanexistingtrunkgroup.
Toviewanyporttrunkgroups:
ClickontheStatustab.
Clickon .
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
6-23
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
PortTrunking
TrunkGroupOperationUsingLACP
TheswitchcanautomaticallyconfigureadynamicLACPtrunkgrouporyou
canmanuallyconfigureastaticLACPtrunkgroup.Themethodsfordisplaying
Not e LACPrequiresfull-duplex(FDx)linksofthesamemediatype(10/100Base-T,
100FX,etc.)andspeed,andenforcesspeedandduplexconformanceacross
atrunkgroup.
LACPtrunkstatusinclude:
TrunkDisplayMethod StaticLACPTrunk DynamicLACPTrunk
CLIshowlacpcommand Includedinlisting. Includedinlisting.
CLIshowtrunkcommand Includedinlisting. Notincluded.
Port/TrunkSettingsscreeninmenuinterface Includedinlisting. Notincluded
Inmostcases,trunksconfiguredforLACPontheProCurve2512/2524
switchesoperateasdescribedintable6-6:
Table6-6. LACPTrunkTypes
Configuration
LACPPortTrunk Operation
DynamicLACP Thisoptionautomaticallyestablishesan802.3ad-complianttrunkgroup,withDyn1fortheportGroup
nameandLACPfortheportTypeparameter.
Underthefollowingconditions,theswitchautomaticallyestablishesadynamicLACPporttrunkgroup:
Theportsonbothendsofalinkhavecompatiblemodesettings(speedandduplex).
TheportononeendofalinkmustbeconfiguredforLACPActiveandtheportontheotherendof
thesamelinkmustbeconfiguredforeitherLACPPassive(thedefault)orLACPActive.Forexample:
PortX:
le:
PortY:
le:
Switch2
:
:
le:
i i
Switch1
LACPEnab Active
LACPEnab Active
PortA
LACPEnable:Active
PortB
LACPEnab Passive
Active-to-Active
Act ve-to-Pass ve
EitheroftheabovelinkconfigurationsallowadynamicLACPtrunklink.
StandbyLinks:Amaximumoffouroperatinglinksareallowedinthetrunk,but,withdynamicLACP,you
canconfigureoneormorebackuplinksthattheswitchautomaticallyactivatesifaprimarylinkfails.
Toconfigurealinkasastandbyforanexistingfour-portdynamicLACPtrunk,ensurethatbothportsin
thestandbylinkareconfiguredthesameaseitheroftheaboveexamples.
DisplayingDynamicLACPTrunkData:TolisttheconfigurationandstatusforadynamicLACPtrunk,
usetheCLIshowlacpcommand.
Note:Thedynamictrunkisautomaticallycreatedbytheswitch,andisnotlistedinthestatictrunk
listingsavailableinthemenuinterfaceorintheCLIshowtrunklisting.
6-24
PortTrunking
Configuration
LACPPortTrunk Operation
StaticLACP Thetrunkoperatesifthetrunkgroupontheoppositedeviceisrunningoneofthefollowingtrunking
protocols:
ActiveLACP
PassiveLACP
Trunk
ThisoptionusesTrk1fortheportGroupparameterandLACPfortheportTypeparameter.
DisplayingStaticLACPTrunkData:TolisttheconfigurationandstatusforastaticLACPtrunk,usethe
CLIshowlacpcommand.TolistastaticLACPtrunkwithitsassignedports,usetheCLIshowtrunk
commandordisplaythemenuinterfacePort/TrunkSettingsscreen.
StaticLACPdoesnotallowstandbyports.
DefaultPortOperation
Inthedefaultconfiguration,allportsareconfiguredforpassiveLACP.How-
ever,ifLACPisnotconfigured,theportwillnottrytodetectatrunkconfig-
urationandwilloperateasastandard,untrunkedport.Thefollowingtable
describestheelementsofper-portLACPoperation.Todisplaythisdatafora
particularswitch,executethefollowingcommandintheCLI:
HP2512> show lacp
Table6-7. LACPPortStatusData
StatusName Meaning
PortNumb ShowsthephysicalportnumberforeachportconfiguredforLACPoperation(1,2,3...).Unlistedport
numbersindicatethatthemissingportsareassignedtoastaticTrunkgroup,orarenotconfiguredfor
anytrunking.
LACPEnabled Active:TheportautomaticallysendsLACPprotocolpackets.
Passive:TheportdoesnotautomaticallysendLACPprotocolpackets,andrespondsonlyifitreceives
LACPprotocolpacketsfromtheoppositedevice.
AlinkhavingeithertwoactiveLACPportsoroneactiveportandonepassiveportcanperformdynamic
LACPtrunking.AlinkhavingtwopassiveLACPportswillnotperformLACPtrunkingbecausebothports
arewaitingforanLACPprotocolpacketfromtheoppositedevice.
Note:Inthedefaultswitchconfiguration,allportsareconfiguredforpassiveLACPoperation.
TrunkGroup Trk1:ThisporthasbeenmanuallyconfiguredintoastaticLACPtrunk.
TrunkGroupSameasPortNumber:TheportisconfiguredforLACP,butisnotamemberofaporttrunk.
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
6-25
PortTrunking
StatusName Meaning
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
PortStatus Up:TheporthasanactiveLACPlinkandisnotblockedorinStandbymode.
Down:Theportisenabled,butanLACPlinkisnotestablished.Thiscanindicate,forexample,aportthat
isnotconnectedtothenetworkoraspeedmismatchbetweenapairoflinkedports.
Disabled:Theportcannotcarrytraffic.
Blocked:LACP,orSTPhasblockedtheport.(TheportisnotinLACPStandbymode.)Thismaybedue
toatrunknegotiation(verybrief)oraconfigurationerrorsuchasdifferingportspeedsonthesamelink
orattemptingtoconnecttheSwitch2512/2524tomorethanonetrunk.
Standby:TheportisconfiguredfordynamicLACPtrunking,butthemaximumnumberofportsforthe
Dyn1trunkhasalreadybeenreachedoneithertheSwitch2512/2524orthedeviceontheotherendof
thetrunkedlinks.Thisportwillremaininreserve,orstandbyunlessLACPdetectsanother,activelink
inthetrunkbecomesdisabled,blocked,ordown.Inthiscase,LACPautomaticallyassignsaStandby
port,ifavailable,toreplacethefailedport.
LACPPartner Yes:LACPisenabledonbothendsofthelink.
No:LACPisenabledontheSwitch2512/2524,butisnotenabled,orLACPhasnotbeendetectedonthe
oppositedevice.
LACPStatus Success:LACPisenabledontheport,detectsandsynchronizeswithadeviceontheotherendofthe
link,andcanmovetrafficacrossthelink.
Failure:LACPisenabledonaportanddetectsadeviceontheotherendofthelink,butisnotableto
synchronizewiththisdevice,andthereforenotabletosendLACPpacketsacrossthelink.Thiscanbe
caused,forexample,byaninterveningdeviceonthelink(suchasahub),abadhardwareconnection,
oriftheLACPoperationontheoppositedevicedoesnotcomplywiththeIEEE802.3adstandard.
LACPNotesandRestrictions
ChangingTrunkingMethods.Theswitchsupportsonetrunkgroup.Thus,
aportbelongingtoanLACPdynamictrunk(Dyn1)cannotbeconfiguredasa
memberofastatictrunk(Trk1)withoutfirsteliminatingthedynamictrunk.
Also,toconvertatrunkfromstatictodynamic,youmustfirsteliminatethe
statictrunk.
StaticLACPTrunks.WhereaportisconfiguredforLACP(Activeor
Passive),butdoesnotbelongtoanexistingtrunkgroup,youcanaddthatport
toastatictrunk.DoingsodisablesdynamicLACPonthatport,whichmeans
youmustmanuallyconfigurebothendsofthetrunk.
VLANsandDynamicLACP. AdynamicLACPtrunkoperatesonlyinthe
defaultVLANunlessyouhaveenabledGVRPontheswitch.Ifyouwanttouse
LACPforatrunkonanon-defaultVLANandGVRPisdisabled,configurethe
trunkasastatictrunk.
STPandIGMP. Ifspanningtree(STP)and/orIGMPisenabledintheswitch,
adynamicLACPtrunkoperatesonlywiththedefaultsettingsforthese
featuresanddoesnotappearintheportlistingsforthesefeatures.
6-26
PortTrunking
Half-Duplexand/orDifferentPortSpeedsNotAllowedinLACP
Trunks.Theportsonbothsidesofatrunkmustbeconfiguredforthesame
speedandforfull-duplex(FDx).The802.3adLACPstandardspecifiesafull-
duplex(FDx)requirementforLACPtrunking.
AportconfiguredasLACPpassiveandnotassignedtoaporttrunkcanbe
configuredtohalf-duplex(HDx).However,inanyofthefollowingcases,a
portcannotbereconfiguredtoanHDxsetting:
IfaportissettoLACPActive,youcannotconfigureittoHDx.
IfaportisalreadyamemberofastaticordynamicLACPtrunk,youcannot
configureittoHDx.
IfaportisalreadysettoHDx,theswitchdoesnotallowyoutoconfigure
itforastaticordynamicLACPtrunk.
Dynamic/StaticLACPInteroperation:Aportconfiguredfordynamic
LACPcanproperlyinteroperatewithaportconfiguredforstatic(Trk1)LACP,
butanyportsconfiguredasstandbyLACPlinkswillbeignored.
TrunkGroupOperationUsingtheTrunkOption
Thismethodcreatesatrunkgroupthatoperatesindependentlyofspecific
trunkingprotocolsanddoesnotuseaprotocolexchangewiththedeviceon
theotherendofthetrunk.Withthischoice,theswitchsimplyusestheSA/DA
methodofdistributingoutboundtrafficacrossthetrunkedportswithout
regardforhowthattrafficishandledbythedeviceattheotherendofthe
trunkedlinks.Similarly,theswitchhandlesincomingtrafficfromthetrunked
linksasifitwerefromatrunkedsource.
UsetheTrunkoptionwhenyouaretryingtoestablishatrunkgroupbetween
theSwitch2512or2524andanotherdevice,buttheotherdevicestrunking
operationfailstointeroperateproperlywithLACPconfiguredontheSwitch
2512or2524.
HowtheSwitchListsTrunkData
StaticTrunkGroup:appearsinthemenuinterfaceandtheoutputfromthe
CLIshowtrunkandshowinterfacescommands.
DynamicLACPTrunkGroup:appearsintheoutputfromtheCLIshowlacp
command.
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
6-27
PortTrunking
InterfaceOption DynamicLACP StaticLACP
TrunkGroup TrunkGroup
StaticNon-Protocol
TrunkGroup
MenuInterface No Yes Yes
CLIshowtrunk No Yes Yes
CLIshowinterfaces No Yes Yes
CLIshowlacp Yes Yes No
CLIshowspanning-tree No Yes Yes
CLIshowigmp No Yes Yes
CLIshowconfig No Yes Yes
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
OutboundTrafficDistributionAcrossTrunkedLinks
Bothtrunkgroupoptions(LACPandTrunk)usesource-destinationaddress
pairs(SA/DA)fordistributingoutboundtrafficovertrunkedlinks.
SA/DA(sourceaddress/destinationaddress)causestheswitchtodistribute
outboundtraffictothelinkswithinthetrunkgrouponthebasisofsource/
destinationaddresspairs.Thatis,theswitchsendstrafficfromthesame
sourceaddresstothesamedestinationaddressthroughthesametrunkedlink,
andsendstrafficfromthesamesourceaddresstoadifferentdestination
addressthroughadifferentlink,dependingontherotationofpathassign-
mentsamongthelinksinthetrunk.Likewise,theswitchdistributestrafficfor
thesamedestinationaddressbutfromdifferentsourceaddressesthrough
differentlinks.Becausetheamountoftrafficcomingfromorgoingtovarious
nodesinanetworkcanvarywidely,itispossibleforonelinkinatrunkgroup
tobefullyutilizedwhileothersinthesametrunkhaveunusedbandwidth
capacityeventhoughtheaddressassignmentsareevenlydistributedacross
thelinksinatrunk.Inactualnetworkingenvironments,thisisrarelya
problem.However,ifitbecomesaproblem,youcanusetheHPTopToolsfor
Hubs&SwitchesnetworkmanagementsoftwareavailablefromHewlett-
Packardtoquicklyandeasilyidentifythesourcesofheavytraffic(toptalkers)
andmakeadjustmentstoimproveperformance.
Broadcasts,multicasts,andfloodsfromdifferentsourceaddressesaredis-
tributedevenlyacrossthelinks.Aslinksareaddedordeleted,theswitch
redistributestrafficacrossthetrunkgroup.Forexample,infigure6-11show-
ingathree-porttrunk,trafficcouldbeassignedasshownintable6-8.
6-28
PortTrunking
A W
C Y
B X
D Z
1
2
3
Switch Switch
Figure6-11.ExampleofPort-TrunkedNetwork
Table6-8. ExampleofLinkAssignmentsinaTrunkGroup(SA/DADistribution)
Source: Destination: Link:
NodeW 1 NodeA
NodeB NodeX 2
NodeC NodeY 3
NodeD NodeZ 1
NodeA NodeY 2
NodeB NodeW 3
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
6-29
PortTrunking
O
p
t
i
m
i
z
i
n
g
P
o
r
t
U
s
a
g
e
T
h
r
o
u
g
h
T
r
a
f
f
i
c
C
o
n
t
r
o
l
a
n
d
6-30
7
UsingPasswords,PortSecurity,andAuthorizedIP
ManagersToProtectAgainstUnauthorizedAccess
ChapterContents
Overview ..................................................... 7-3
UsingPasswordSecurity....................................... 7-4
Menu:SettingManagerandOperatorpasswords ................. 7-5
CLI:SettingManagerandOperatorPasswords................... 7-7
Web:ConfiguringUserNamesandPasswords ................... 7-8
ConfiguringandMonitoringPortSecurity ...................... 7-9
BasicOperation ............................................. 7-9
BlockingUnauthorizedTraffic ............................ 7-10
TrunkGroupExclusion.................................. 7-11
PlanningPortSecurity ...................................... 7-11
CLI:PortSecurityCommandOptionsandOperation ............ 7-13
CLI:DisplayingCurrentPortSecuritySettings.............. 7-16
CLI:ConfiguringPortSecurity ............................ 7-17
Web:DisplayingandConfiguringPortSecurityFeatures ......... 7-21
ReadingIntrusionAlertsandResettingAlertFlags.............. 7-22
NoticeofSecurityViolations ............................. 7-22
HowtheIntrusionLogOperates .......................... 7-22
KeepingtheIntrusionLogCurrentbyResettingAlertFlags... 7-23
............... 7-27
OperatingNotesforPortSecurity............................. 7-28
UsingIPAuthorizedManagers ............................... 7-30
AccessLevels .............................................. 7-31
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-1
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
UsingPasswords,PortSecurity,andAuthorizedIPManagersToProtectAgainstUnauthorizedAccess
ChapterContents
DefiningAuthorizedManagementStations ..................... 7-31
OverviewofIPMaskOperation ........................... 7-32
Menu:ViewingandConfiguringIPAuthorizedManagers ......... 7-33
CLI:ViewingandConfiguringAuthorizedIPManagers ........... 7-34
ListingtheSwitchsCurrentAuthorizedIPManager(s) ....... 7-34
ConfiguringIPAuthorizedManagersfortheSwitch.......... 7-35
Web:ConfiguringIPAuthorizedManagers..................... 7-36
BuildingIPMasks.......................................... 7-36
ConfiguringOneStationPerAuthorizedManagerIPEntry.... 7-36
ConfiguringMultipleStationsPerAuthorizedManager
IPEntry ............................................... 7-37
AdditionalExamplesforAuthorizingMultipleStations ....... 7-39
OperatingandTroubleshootingNotes ......................... 7-39
7-2
Overview
Overview
ManagerandOperatorpasswords(page7-4):Controlaccessand
privilegesforthecommandlineandmenuinterfaces(througheitherthe
consoleportorTelnet)andthewebbrowserinterfacethroughthenet-
work.Thefeaturesdescribedinthischapterenhancesecuritycontrols
againstunauthorizedaccessthroughthenetwork.
PortSecurity(page7-9):Enablesyoutospecifyonaper-portbasis
whichdevice(s)areauthorizedtoaccessthenetwork.
AuthorizedIPManagers(page7-30):Enhancessecurityontheswitch
byusingIPaddressesandmaskstodeterminewhichstations(PCsor
workstations)canaccesstheswitchthroughthenetwork.Thiscovers
accessthroughthefollowingmeans:
Telnet
Theswitchswebbrowserinterface
SNMP(withacorrectcommunityname)
FiletransfersusingTFTP(forconfigurationsandsoftwareupdates)
Thus,withauthorizedIPmanagersconfigured,havingthecorrectpasswords
isnotsufficientforaccessingtheswitchthroughthenetworkunlessthe
stationattemptingaccessisalsoincludedintheswitchsAuthorizedIP
Managersconfiguration.
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-3
UsingPasswordSecurity
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
PasswordFeatures
SetaPassword nopasswordsset page7-5 page7-7 page7-8
SetUserNames nousernamesset page7-8
DeletePassword n/a page7-6 page7-7 page7-8
Protection
ConsoleaccessincludesboththemenuinterfaceandtheCLI.Therearetwo
levelsofconsoleaccess:ManagerandOperator.Forsecurity,youcanseta
passwordoneachoftheselevels.
Level ActionsPermitted
Manager: Accesstoallconsoleinterfaceareas.
Thisisthedefaultlevel.Thatis,ifaManagerpasswordhasnotbeensetprior
tostartingthecurrentconsolesession,thenanyonehavingaccesstothe
consolecanaccessanyareaoftheconsoleinterface.
Operator: AccesstotheStatusandCountersmenu,theEventLog,andtheCLI*,butno
Configurationcapabilities.
OntheOperatorlevel,theconfigurationmenus,DownloadOS,andReboot
SwitchoptionsintheMainMenuarenotavailable.
*Allowsuseoftheping,link-test,show,menu,exit,andlogoutcommands,plustheenable
commandifyoucanprovidetheManagerpassword.
Tousepasswordsecurity:
1. SetaManagerpassword(andanOperatorpassword,ifapplicableforyour
system).
2. Exitfromthecurrentconsolesession.AManagerpasswordwillnowbe
neededforfullaccesstotheconsole.
Ifyoudosteps1and2,above,thenthenexttimeaconsolesessionisstarted
foreitherthemenuinterfaceortheCLI,apromptappearsforapassword.
AssumingthatbothaManagerpasswordandanOperatorpasswordhavebeen
set,thelevelofaccesstotheconsoleinterfacewillbedeterminedbywhich
passwordisenteredinresponsetotheprompt.
7-4
IfyousetaManagerpassword,youmayalsowanttoconfigurethe
InactivityTimeparameter(seepage5-16).Thiscausestheconsolesessionto
endafterthespecifiedperiodofinactivity,thusgivingyouaddedsecurity
againstunauthorizedconsoleaccess.
Not e Themanagerandoperatorpasswordscontrolaccesstothemenuinterface,
theCLI,andthewebbrowserinterface.
Not e IfthereisonlyaManagerpasswordset(withnoOperatorpassword),andthe
Managerpasswordisnotenteredcorrectlywhentheconsolesessionbegins,
accesstotheconsolewillbedenied.
IftherearebothaManagerpasswordandanOperatorpassword,butneither
isenteredcorrectly,accesstotheconsolewillbedenied.
IftheswitchhasneitheraManagerpasswordnoranOperatorpassword,
anyonehavingaccesstotheconsoleinterfacecanoperatetheconsolewith
fullmanagerprivileges.Also,ifonlyanOperatorpasswordisset,entering
theOperatorpasswordenablesfullmanagerprivileges.
Passwordsarecase-sensitive.
Therestofthissectioncovershowto:
SetPasswords
DeletePasswords
RecoverfromaLostPassword
Menu:SettingManagerandOperatorpasswords
1. FromtheMainMenuselect:
5.ConsolePasswords
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-5
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
Figure7-1. TheSetPasswordScreen
2. Tosetanewpassword:
a. Select SetManagerPassword or SetOperatorPassword.Youwillthen
bepromptedwith Enternewpassword.
b. Typeapasswordofupto16ASCIIcharacterswithnospacesand
press.(Rememberthatpasswordsarecase-sensitive.)
c. WhenpromptedwithEnternewpasswordagain,retypethenewpass-
wordandpress.
Afterapasswordisset,ifyousubsequentlystartanewconsolesession,you
willbepromptedtoenterthepassword.
ToDeletePasswordProtection(IncludingRecoveryfromaLost
Password):Thisproceduredeletesbothpasswords(ManagerandOpera-
tor).Ifyouhavephysicalaccesstotheswitch,pressandholdtheClearbutton
(onthefrontoftheswitch)foraminimumofonesecondtoclearallpassword
protection,thenenternewpasswordsasdescribedearlierinthischapter.If
youdonothavephysicalaccesstotheswitch,youwillneedtheManager
access:
1. EntertheconsoleattheManagerlevel.
2. GototheSetPasswordsscreenasdescribedabove.
3. SelectDeletePasswordProtection.Youwillthenseethefollowingprompt:
ContinueDeletionofpasswordprotection?No
4. PresstheSpacebartoselectYes,thenpress.
5. Press toclearthePasswordProtectionmessage.
7-6
ToRecoverfromaLostManagerPassword:Ifyoucannotstartacon-
solesessionatthemanagerlevelbecauseofalostManagerpassword,you
canclearthepasswordbygettingphysicalaccesstotheswitchandpressing
andholdingtheClearbuttonforaminimumofonesecond.Thisactiondeletes
allpasswordsandusernames(ManagerandOperator)usedbyboththe
consoleandthewebbrowserinterface.
CLI:SettingManagerandOperatorPasswords
PasswordCommandsUsedinThisSection
password below
ConfiguringManagerandOperatorPasswords. Thisprocedure
promptsyoutoenterapasswordtwicetohelpverifythatyouhavecorrectly
enteredthedesiredcharacters.
Syntax: password<manager|operator>
nopassword
Passwordentries
appearasasterisks.
Youmusttypeeach
passwordentry
twice.
ToDeletePasswordProtection.Thiscommandpromptsyoutoverifythat
youwanttoclearthepasswords,thenclearsboththeManagerandthe
Operatorpassword.
. Press (foryes)andpress
Figure7-2. ClearingtheManagerandOperatorPasswords
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-7
Web:ConfiguringUserNamesandPasswords
Inthewebbrowserinterfaceyoucanenterbothusernamesandpasswords.
BecauseusernamesdonotapplyinthemenuinterfaceandtheCLI,theyaffect
onlyyouraccesstotheswitchthroughthewebbrowserinterface.
ToConfigure(orRemove)UserNamesandPasswordsintheWeb
BrowserInterface.
1. ClickontheSecuritytab.
Clickon .
Tosetusernameandpasswordprotection,entertheusernamesand
passwordsyouwantintheappropriatefields.
Toremoveusernameandpasswordprotection,leavethefieldsblank.
3. Implementtheusernamesandpasswordsbyclickingon .
Toaccesstheweb-basedhelpprovidedfortheswitch,clickonintheweb
browserscreen.
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-8
ConfiguringandMonitoringPortSecurity
ConfiguringandMonitoringPort
Security
Feature Default Menu
n/a page7-21
CLI Web
DisplayingCurrentPortSecurity page7-16
ConfiguringPortSecurity disabled page7-17 page7-21
IntrusionAlertsandAlertFlags n/a page7-27 page7-25 page7-28
UsingPortSecurity,youcanconfigureeachswitchportwithauniquelistof
theMACaddressesofdevicesthatareauthorizedtoaccessthenetwork
throughthatport.Thisenablesindividualportstodetect,prevent,andlog
attemptsbyunauthorizeddevicestocommunicatethroughtheswitch.
Not e Thisfeaturedoesnotpreventintrudersfromreceivingbroadcastandmulti-
casttraffic.
BasicOperation
DefaultPortSecurityOperation. Thedefaultportsecuritysettingfor
eachportisoff,orcontinuous.Thatis,anydevicecanaccessaportwithout
causingasecurityreaction.
IntruderProtection. Aportthatdetectsanintruderblockstheintruding
devicefromtransmittingtothenetworkthroughthatport.
GeneralOperationforPortSecurity.Onaper-portbasis,youcan
configuresecuritymeasurestoblockunauthorizeddevices,andtosendnotice
ofsecurityviolations.Onceyouhaveconfiguredportsecurity,youcanthen
monitorthenetworkforsecurityviolationsthroughoneormoreofthe
following:
Alertflagsthatarecapturedbynetworkmanagementtoolssuchas
HPTopToolsforHubs&Switches
AlertLogentriesintheswitchswebbrowserinterface
EventLogentriesintheconsoleinterface
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-9
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
IntrusionLogentriesineitherthemenuinterface,CLI,orweb
browserinterface
Foranyport,youcanconfigurethefollowing:
Authorized(MAC)Addresses:Specifyuptoeightdevices(MAC
addresses)thatareallowedtosendinboundtrafficthroughtheport.
Thisfeature:
Closestheporttoinboundtrafficfromanyunauthorizeddevicesthat
areconnectedtotheport.
ProvidestheoptionforsendinganSNMPtrapnotifyingofan
attemptedsecurityviolationtoanetworkmanagementstationand,
optionally,disablestheport.(Formoreonconfiguringtheswitchfor
SNMPmanagement,seeTrapReceiversandAuthenticationTraps
onpagepage8-10.)
BlockingUnauthorizedTraffic
Unlessyouconfiguretheswitchtodisableaportonwhichasecurityviolation
isdetected,theswitchsecuritymeasuresblockunauthorizedtrafficwithout
disablingtheport.Thisimplementationenablesyoutoapplythesecurity
configurationtoportsonwhichhubs,switches,orotherdevicesare
connected,andtomaintainsecuritywhilealsomaintainingnetworkaccessto
authorizedusers.Forexample:
7-10
PhysicalTopology LogicalTopologyforAccesstoSwitchA
SwitchA
SwitchA
SwitchB
i
i
SwitchC
NOT
PortSecurity
i
PC1
i
i
PortSecurity
Configured
MACAddress
Author zedby
SwitchA
PC1
MACAddress
AuthorizedbySwitchA
PC2
MACAddressNOT
AuthorizedbySwitchA
PC3
MACAddressNOT
Author zedbySwitchA
MACAddress
Authorized
bySwitchA
Configured
SwitchB
MACAddress
Author zedby
SwitchA
MACAddress
AuthorizedbySwitchA
PC1canaccessSw tchA.
PCs2and3canaccessSwitchBandSwitchC,butare
blockedfromaccessingswitchAbytheportsecurity
settingsinswitchA.
SwitchCisnotauthor zedtoaccessSwitchA.
Figure7-3. ExampleofHowPortSecurityControlsAccess
Not e BroadcastandMulticasttrafficisnotunauthorizedtraffic,andcanberead
byintrudersconnectedtoaportonwhichyouhaveconfiguredportsecurity.
TrunkGroupExclusion
Portsecuritydoesnotoperateoneitherastaticordynamictrunkgroup.If
youconfigureportsecurityononeormoreportsthatarelateraddedtoatrunk
group,theswitchwillresettheportsecurityparametersforthoseportstothe
factory-defaultconfiguration.(PortsconfiguredforeitherActiveorPassive
LACP,andwhicharenotmembersofatrunk,canbeconfiguredforport
security.)
PlanningPortSecurity
1. Planyourportsecurityconfigurationandmonitoringaccordingtothe
following:
a. Onwhichportsdoyouwanttoconfigureportsecurity?
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-11
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
b. Whichdevices(MACaddresses)areauthorizedoneachport(upto8
perport)?
c. Foreachport,whatsecurityactionsdoyouwant?(Theswitch
automaticallyblocksintrudersdetectedonthatportfromtransmit-
tingtothenetwork.)Youcanconfiguretheswitchto(1)sendintru-
sionalarmstoanSNMPmanagementstationandto(2)optionally
disabletheportonwhichtheintrusionwasdetected.
d. Howdoyouwanttolearnofthesecurityviolationattemptstheswitch
detects?Youcanuseoneormoreofthesemethods:
Throughnetworkmanagement(Thatis,doyouwantanSNMP
trapsenttoanetmanagementstationwhenaportdetectsa
securityviolationattempt?)
ThroughtheswitchsIntrusionLog,availablethroughtheCLI,
menu,andwebbrowserinterface
ThroughtheEventLog(inthemenuinterfaceorthroughtheCLI
showlogcommand)
2. UsetheCLIorwebbrowserinterfacetoconfigureportsecurityoperating
andaddresscontrols.Thefollowingtabledescribestheparameters.
7-12
CLI:PortSecurityCommandOptionsandOperation
PortSecurityCommandsUsedinThisSection
showport-security page7-16:CLI:DisplayingCurrentPortSecuritySettings
port-security page7-17:CLI:ConfiguringPortSecurity
<[ethernet]port-list> page7-17:CLI:ConfiguringPortSecurity
[learn-modecontinuous] page7-18:AddinganAuthorizedDevicetoaPort
[learn-modestatic] page7-18:AddinganAuthorizedDevicetoaPort
[address-limit] page7-18:AddinganAuthorizedDevicetoaPort
[mac-address] page7-18:AddinganAuthorizedDevicetoaPort
[action] page7-18:AddinganAuthorizedDevicetoaPort
noport-security page7-20:RemovingaDeviceFromtheAuthorizedListfor
aPort
[clear-intrusion-flag] page7-25:CLI:CheckingforIntrusions,ListingIntrusion
Alerts,andResettingAlertFlags
ThissectiondescribestheCLIportsecuritycommandandhowtheswitch
acquiresandmaintainsauthorizedaddresses.
Not e Usetheglobalconfigurationleveltoexecuteport-securityconfiguration
commands.
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-13
Table7-1. PortSecurityParameters
Parameter Description
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
PortList <[ethernet]port-list> Identifiestheportorportsonwhichtoapplyaportsecuritycommand.

Learn learn-mode<static|continuous> Specifieshowtheportacquiresauthorizedaddresses.
Mode
Continuous(theDefault):Appearsinthefactory-defaultsettingorwhenyouexecutenoport-security.Allows
theporttolearnaddressesfrominboundtrafficfromanydevice(s)towhichitisconnected.Inthisstate,
theportacceptstrafficfromanydevice(s)towhichitisconnected.Addresseslearnedthiswayappear
intheswitchandportaddresstablesandageoutaccordingtotheAddressAgeIntervalintheSystem
Informationconfigurationscreen(page5-22).
Static:Enablesyoutousethemac-addressparametertospecifytheMACaddressesofthedevices
authorizedforaport,andtheaddress-limitparametertospecifythenumberofMACaddresses
authorizedfortheport.Youcanauthorizespecificdevicesfortheport,whilestillallowingtheportto
acceptother,non-specifieddevicesuntilthedevicelimithasbeenreached.Thatis,ifyouenterfewer
MACaddressesthanyouauthorized,theportauthorizestheremainingaddressesintheorderinwhich
itautomaticallylearnsthem.Forexample,Ifyouuseaddress-limit tospecifythreeauthorizeddevices,
butusemac-addresstospecifyonlyoneauthorizedMACaddress,theportaddstheonespecifically
authorizedMACaddresstoitsauthorized-deviceslistandthefirsttwoadditionalMACaddressesit
detects. Forexample,suppose:
Youusemac-addresstoauthorizeMACaddress0060b0-880a80forport4.
Youuseaddress-limittoallowthreedevicesonport4andtheportdetectsaseriesofMACaddresses
inthefollowingorder:
080090-1362f2
00f031-423fc1
080071-0c45a1
0060b0-880a80 (theaddressyouauthorizedwiththemac-addressparameter)
Intheabovecase,portfourwouldassumethefollowinglistofauthorizedaddresses:
080090-1362f2 (thefirstaddresstheportdetected)
00f031-423fc1 (thesecondaddresstheportdetected)
0060b0-880a80 (theaddressyouauthorizedwiththemac-addressparameter)
TheremainingMACaddresstheportdetects,080071-0c45a1,isnotallowedinthelistofauthorized
addresses,andsoishandledasanintruder.
PermanenceofAuthorizedAddressesInStaticMode:AMACaddressthatyouspecifically
authorizewiththemac-addressparametercannotage-out.Instead,itremainsintheportsauthorized-
deviceslistuntilyoutakeoneofthefollowingactions:RemoveitwithaCLIcommand;UsetheCLIto
disableportsecurityontheport;Resettheswitchtoitsdefaultconfiguration;Rebootwithoutfirst
executingwritememory.
WhileinStaticmode,ifaportaddsaMACaddressthatyouhavenotspecificallyauthorized(seeabove
example),thataddressremainsintheAuthorizedlistuntilyoutakeoneofthefollowingactions:Remove
itwithaCLIcommand;Removethelinkandreboottheswitchafterdevicedetection;Disableport
securityonthatport;Resettheswitchtoitsfactory-defaultconfiguration.
Caution: WhenyouusestaticwithadevicelimitgreaterthanthenumberofMACaddressesyouspecify
withmac-address,anunwanteddevicecanbecomeauthorized.Thiscanoccurbecausetheport,
inordertofulfillthenumberofdevicesallowedbytheaddress-limitparameter,automaticallyadds
devicesitdetectsuntilthespecifiedlimitisreached.
7-14
Parameter Description
Device address-limit<integer>
Limit
WhenLearnModeissettoStatic,specifieshowmanyauthorizeddevices(MACaddresses)toallow.Range:
1(thedefault)to8.
Action action<none|send-alarm|send-disable>
SpecifieswhetheranSNMPtrapissenttoanetworkmanagementstationwhenLearnModeissettostatic
andtheportdetectsanunauthorizeddevice,orwhenLearnModeissettocontinuousandthereisanaddress
changeonaport.
None(thedefault):PreventsanSNMPtrapfrombeingsent.
SendAlarm:CausestheswitchtosendanSNMPtraptoanetworkmanagementstation.
SendAlarmandDisable:Availableonlyinthestaticlearn-mode.CausestheswitchtosendanSNMPtrap
toanetworkmanagementstationanddisabletheport.
ForinformationonconfiguringtheswitchforSNMPmanagement,seechapter8.
Address
mac-address<mac-addr>
List
Availableforstatic learnmode.Allowsuptoeightauthorizeddevices(MACaddresses)perport,depending
onthevaluespecifiedintheaddress-limitparameter.
Ifyouusemac-addresswithstatic,butenterfewerdevicesthanyouspecifiedintheaddress-limitfield,the
portacceptsnotonlyyourspecifieddevices,butalsoasmanyotherdevicesasittakestoreachthedevice
limit.Forexample,ifyouspecifyfourdevices,butenteronlytwoMACaddresses,theportwillacceptthe
firsttwonon-specifieddevicesitdetects,alongwiththetwospecificallyauthorizeddevices.
Clear clear-intrusion-flag
Intrusion Clearstheintrusionflagforaspecificport.(SeeReadingIntrusionAlertsandResettingAlertFlagsonpage
Flag 7-22.)
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-15
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
CLI:DisplayingCurrentPortSecuritySettings
TheCLIusesthesamecommandtoprovidetwotypesofportsecuritylistings:
AllportsontheswitchwiththeirLearnModeand(alarm)Action
OnlythespecifiedportswiththeirLearnMode,AddressLimit,(alarm)
Action,andAuthorizedAddresses
UsingtheCLIToDisplayPortSecuritySettings.
Syntax: showport-security
showport-security<portnumber>
showport-security[<portnumber>-<portnumber]...[,<portnumber>]
Withoutportparameters,showport-securitydisplaysOperatingControlsettings
forallportsonaswitch.Forexample:
Figure7-4. ExamplePortSecurityListing(Ports7and8ShowtheDefaultSetting)
Withportnumbersincludedinthecommand,showport-securitydisplaysLearn
Mode,AddressLimit,(alarm)Action,andAuthorizedAddressesforthespec-
ifiedportsonaswitch.Thefollowingexampleliststhefullportsecurity
configurationforasingleport:
7-16
Figure7-5. ExampleofthePortSecurityConfigurationDisplayforaSinglePort
Thefollowingcommandexampleshowstheoptionforenteringarangeof
ports,includingaseriesofnon-contiguousports.Notethatnospacesare
allowedintheportnumberportionofthecommandstring:
HP2512(config)# show port-security 1-3,6,8
CLI:ConfiguringPortSecurity
UsingtheCLI,youcan:
Configureportsecurityandeditsecuritysettings.
Addordeletedevicesfromthelistofauthorizedaddressesforoneor
moreports.
CleartheIntrusionflagonspecificports
Syntax: port-security<port-list>
[learn-modecontinuous]
[learn-modestatic]
[address-limit<integer>]
[mac-address<mac-addr>][<mac-addr>...<mac-addr>]
[action<none|send-alarm|send-disable>]
[clear-intrusion-flag]
noport-security<port-list>mac-address<mac-addr>[<mac-addr>...
<mac-addr>]
Forinformationontheindividualcontrolparameters,seethePortSecurity
Parametertablesonpages7-14and7-15.
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-17
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
SpecifyingAuthorizedDevicesandIntrusionResponses.Thisexam-
pleconfiguresport1toautomaticallyacceptthefirstdevice(MACaddress)
itdetectsastheonlyauthorizeddeviceforthatport.(Thedefaultdevicelimit
is1.)Italsoconfigurestheporttosendanalarmtoanetworkmanagement
stationanddisableitselfifanintruderisdetectedontheport.
HP2512(config)# port-security 1 learn-mode static
action send-disable
Thenextexampledoesthesameastheprecedingexample,exceptthatit
specifiesaMACaddressof0c0090-123456astheauthorizeddeviceinsteadof
allowingtheporttoautomaticallyassignthefirstdeviceitdetectsasan
authorizeddevice.
mac-address 0c0090-123456 action send-disable
Thisexampleconfiguresport5to:
AllowtwoMACaddresses,00c100-7fec00and0060b0-889e00,asthe
authorizeddevices
Sendanalarmtoamanagementstationifanintruderisdetectedonthe
port
address-limit 2 mac-address 00c100-7fec00 0060b0-
889e00 action send-alarm
Ifyoumanuallyconfigureauthorizeddevices(MACaddresses)and/oran
alarmactiononaport,thosesettingsremainunlessyoueithermanually
changethemortheswitchisresettoitsfactory-defaultconfiguration.Youcan
turnoffauthorizeddevicesonaportbyconfiguringtheporttocontinuous
LearnMode,butsubsequentlyreconfiguringtheporttostaticLearnMode
restoresthoseauthorizeddevices.
AddinganAuthorizedDevicetoaPort.Tosimplyaddadevice(MAC
address)toaportsexistingAuthorizedAddresseslist,entertheportnumber
withthemac-addressparameterandthedevicesMACaddress.Thisassumes
thatLearnModeissettostaticandtheAuthorizedAddresseslistisnotfull
(asdeterminedbythecurrentAddressLimitvalue).Forexample,suppose
port2allowstwoauthorizeddevices,buthasonlyonedeviceinitsAuthorized
Addresslist:
7-18
i
is
lso
i
TheAddressLimithasnot
beenreached.
Althoughthe
AddressLimitisset
to2,onlyonedevice
hasbeenauthor zed
forthisport.Inth
caseyoucanadd
anotherwithout
havingtoa
increasetheAddress
Lim t.
Withtheaboveconfigurationforport1,thefollowingcommandaddsthe
0c0090-456456MACaddressasthesecondauthorizedaddress.
HP2512(config)# port-security 1 mac-address 0c0090-456456
Afterexecutingtheabovecommand,thesecurityconfigurationforport1
wouldbe:
TheAddressLimithasbeen
reached.
(ThemessageInconsistent valueappearsifthenewMACaddress
exceedsthecurrentAddressLimitorspecifiesadevicethatisalreadyonthe
list.Notethatifyouchangeaportfromstatictocontinuouslearnmode,the
portretainsinmemoryanyauthorizedaddressesithadwhileinstaticmode.
Ifyousubsequentlyattempttoconverttheportbacktostaticmodewiththe
sameauthorizedaddress(es),theInconsistent valuemessageappears
becausetheportalreadyhastheaddress(es)initsAuthorizedlist.)
Ifyouareaddingadevice(MACaddress)toaportonwhichtheAuthorized
Addresseslistisalreadyfull(ascontrolledbytheportscurrentAddressLimit
setting),thenyoumustincreasetheAddressLimitinordertoaddthedevice,
evenifyouwanttoreplaceonedevicewithanother.UsingtheCLI,youcan
simultaneouslyincreasethelimitandaddtheMACaddresswithasingle
command.Forexample,supposeport1allowsoneauthorizeddeviceand
alreadyhasadevicelisted:
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-19
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
Toaddasecondauthorizeddevicetoport1,executeaport-securitycommand
forforport1thatraisestheaddresslimitto2andspecifiestheadditional
devicesMACaddress.Forexample:
HP2512(config)# port-security 1 mac-address 0c0090-456456
address-limit 2
RemovingaDeviceFromtheAuthorizedListforaPort.Thiscom-
mandoptionremovesunwanteddevices(MACaddresses)fromtheAutho-
rizedAddresseslist.(AnAuthorizedAddresslistisavailableforeachportfor
whichLearnModeiscurrentlysettoStatic.SeetheAddressListentryin
thetableonpage7-15.)
Ca u t i o n Whenlearnmodeissettostatic,theAddressLimit(address-limit)parameter
controlshowmanydevicesareallowedintheAuthorizedAddresses(mac-
address)foragivenport.IfyouremoveaMACaddressfromtheAuthorized
AddresseslistwithoutalsoreducingtheAddressLimitby1,theportmay
subsequentlydetectandacceptasauthorizedaMACaddressthatyoudonot
intendtoincludeinyourAuthorizedAddresslist.Thus,ifyouusetheCLIto
removeadevicethatisnolongerauthorized,itisrecommendedthatyoufirst
reducetheAddressLimit(address-limit)integerby1,asshownbelow.This
preventsthepossibilityofthesamedeviceoranotherunauthorizeddeviceon
thenetworkfromautomaticallybeingacceptedasauthorizedforthatport.
Toremoveadevice(MACaddress)fromtheAuthorizedlistandwhenthe
currentnumberofdevicesequalstheAddressLimitvalue,youshouldfirst
reducetheAddressLimitvalueby1,thenremovetheunwanteddevice.
Not e Youcanreducetheaddresslimitbelowthenumberofcurrentlyauthorized
addressesonaport.Thisenablesyoutosubsequentlyremoveadevicefrom
theAuthorizedlistwithoutopeningthepossibilityforanunwanteddevice
toautomaticallybecomeauthorized.
7-20
Forexample,supposeport1isconfiguredasshownbelowandyouwantto
remove0c0090-123456fromtheAuthorizedAddresslist:
Whenremoving0c0090-123456,first
reducetheAddressLimitby1toprevent
theportfromautomaticallyadding
anotherdevicethatitdetectsonthe
network.
Thefollowingcommandservesthispurposebyremoving0c0090-123456and
reducingtheAddressLimitto1:
HP2512(config) # port-security 1 address-limit 1
HP2512(config) # no port-security 1 mac-address
0c0090-123456
Theabovecommandsequenceresultsinthefollowingconfigurationforport1:
Web:DisplayingandConfiguringPortSecurityFeatures
2. Clickon .
3. Selectthesettingsyouwantand,ifyouareusingtheStaticLearnMode,
addoredittheAuthorizedAddressesfield.
4. Implementyournewdatabyclickingon .
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-21
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
Toaccesstheweb-basedHelpprovidedfortheswitch,clickonintheweb
browserscreen.
ReadingIntrusionAlertsandResettingAlertFlags
NoticeofSecurityViolations
Whentheswitchdetectsanintrusiononaport,itsetsanalertflagforthat
portandmakestheintrusioninformationavailableasdescribedbelow.While
theswitchcandetectadditionalintrusionsforthesameport,itdoesnotlist
thenextchronologicalintrusionforthatportintheIntrusionLoguntilthe
alertflagforthatporthasbeenreset.
WhenasecurityviolationoccursonaportconfiguredforPortSecurity,the
switchrespondsinthefollowingwaystonotifyyou:
Theswitchsetsanalertflagforthatport.Thisflagremainssetuntil:
YouuseeithertheCLI,menuinterface,orwebbrowserinterfaceto
resettheflag.
Theswitchisresettoitsfactorydefaultconfiguration.
Theswitchenablesnotificationoftheintrusionthroughthefollowing
means:
IntheCLI:
The showintrusion-logcommanddisplaystheIntrusionLog
ThelogcommanddisplaystheEventLog
Inthemenuinterface:
ThePortStatusscreenincludesaper-portintrusionalert
TheEventLogincludesper-portentriesforsecurityviolations
Inthewebbrowserinterface:
TheAlertLogsStatus|Overviewwindowincludesentriesforper-
portsecurityviolations
TheIntrusionLogintheSecurity|IntrusionLogwindowlistsper-
portsecurityviolationentries
InHPTopToolsforHubs&SwitchesviaanSNMPtrapsenttoanet
managementstation
HowtheIntrusionLogOperates
Whentheswitchdetectsanintrusionattemptonaport,itentersarecordof
thiseventintheIntrusionLog.Nofurtherintrusionattemptsonthatportwill
appearintheLoguntilyouacknowledgetheearlierintrusioneventbyreset-
tingthealertflag.
7-22
TheIntrusionLogliststhe20mostrecentlydetectedsecurityviolation
attempts,regardlessofwhetherthealertflagsfortheseattemptshavebeen
reset.Thisgivesyouahistoryofpastintrusionattempts.Thus,forexample,
ifthereisanintrusionalertforport1andtheIntrusionLogshowstwoormore
entriesforport1,onlythemostrecententryhasnotbeenacknowledged(by
resettingthealertflag).Theotherentriesgiveyouahistoryofpastintrusions
detectedonport1.
Figure7-6. ExampleofMultipleIntrusionLogEntriesfortheSamePort
Thelogshowsthemostrecentintrusionatthetopofthelisting.Youcannot
deleteIntrusionLogentries(unlessyouresettheswitchtoitsfactory-default
configuration).Instead,ifthelogisfilledwhentheswitchdetectsanew
intrusion,theoldestentryisdroppedoffthelistingandthenewestentry
appearsatthetopofthelisting.
KeepingtheIntrusionLogCurrentbyResettingAlertFlags
Whenaviolationoccursonaport,analertflagissetforthatportandthe
violationisenteredintheIntrusionLog.Theswitchcandetectandhandle
subsequentintrusionsonthatport,butwillnotloganotherintrusiononthe
portuntilyouresetthealertflagforeitherallportsorfortheindividualport.
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-23
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
ResettingAlertFlags
Themenuinterfaceindicatesper-portintrusionsinthePortStatusscreen,and
providesdetailsandtheresetfunctionintheIntrusionLogscreen.
1.StatusandCounters
3.PortStatus
viol
TheIntrusionAlert
columnshows
Yesforanyport
onwhichasecurity
ationhasbeen
detected.
Figure7-7. ExampleofPortStatusScreenwithIntrusionAlertonPort3
2. Type(Intrusionlog)todisplaytheIntrusionLog.
i
Indi
i
thei
SystemT meofIntrusiononPort3
MACAddressof
IntrudingDevice
onPort3
catesthisintrusiononport3
occurredpr ortoareset(reboot)at
ndicatedtimeanddate.
Figure7-8. ExampleoftheIntrusionLogDisplay
7-24
Theaboveexampleshowstwointrusionsforport3andoneintrusionfor
port1.Inthiscase,onlythemostrecentintrusionatport3hasnotbeen
acknowledged(reset).Thisisindicatedbythefollowing:
BecausethePortStatusscreen(figure7-7onpage7-24)doesnot
indicateanintrusionforport1,thealertflagfortheintrusiononport
1hasalreadybeenreset.
Sincetheswitchcanshowonlyoneunclearedintrusionperport,the
olderintrusionforport3inthisexamplehasalsobeenpreviously
reset.
(Theintrusionlogholdsupto20intrusionrecordsanddeletesan
intrusionrecordonlywhenthelogbecomesfullandanewintrusion
issubsequentlydetected.)
Notealsothattheprior totextintherecordfortheearliestintrusion
meansthataswitchresetoccurredattheindicatedtimeandthatthe
intrusionoccurredpriortothereset.
3. Toacknowledgethemostrecentintrusionentryonport3andenablethe
switchtoenterasubsequentlydetectedintrusiononthisport,type(for
Resetalertflags).(Notethatifthereareunacknowledgedintrusionsontwo
ormoreports,thisstepresetsthealertflagsforallsuchports.)
Ifyouthenre-displaytheportstatusscreen,youwillseethattheIntrusion
Alertentryforport3haschangedtoNo.Thatis,yourevidencethatthe
IntrusionAlertflaghasbeenacknowledged(reset)isthattheIntrusionAlert
columnintheportstatusdisplaynolongershowsYesfortheportonwhich
theintrusionoccurred(port3inthisexample).(BecausetheIntrusionLog
providesahistoryofthelast20intrusionsdetectedbytheswitch,resetting
thealertflagsdoesnotchangeitscontent.Thus,displayingtheIntrusionLog
againwillresultinthesamedisplayasinfigure7-8,above.)
ResettingAlertFlags
Thefollowingcommandsdisplayportstatus,includingwhetherthereare
intrusionalertsforanyport(s),listthelast20intrusions,andeitherresetthe
alertflagonallportsorforaspecificportforwhichanintrusionwasdetected.
(Therecordoftheintrusionremainsinthelog.Formoreinformation,see
OperatingNotesforPortSecurityonpage7-28.)
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-25
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
Syntax: showinterface ListIntrusionAlertstatus.

showintrusion-log ListIntrusionLogcontent.
clearintrusion-log ClearIntrusionflagsonallports.
port-security<port-number>
clear-intrusion-flag ClearIntrusionflagonaspecificport.
Inthefollowingexample,executingshowinterfaceliststheswitchsportstatus,
whichindicatesanintrusionalertonport1.
IntrusionAlertonport1.
Figure7-9. ExampleofanUnacknowledgedIntrusionAlertinaPortStatus
Display
Ifyouwantedtoseethedetailsoftheintrusion,youwouldthenentertheshow
intrusion-logcommand.Forexample:
i
Intrusions
l
i
i
DatesandT mesof
MACAddressof atest
IntruderonPort1
Earlierintrusionson
port1thathavealready
beencleared(that s,
theAlertFlaghasbeen
resetatleasttwice
beforethemostrecent
intrus onoccurred.
Figure7-10. ExampleoftheIntrusionLogwithMultipleEntriesfortheSamePort
Theaboveexampleshowsthreeintrusionsforport1.Sincetheswitchcan
showonlyoneunclearedintrusionperport,theoldertwointrusionsinthis
examplehavealreadybeenclearedbyearlieruseoftheclearintrusion-logor
theport-security1clear-intrusion-flagcommand.(Theintrusionlogholdsupto
7-26
20intrusionrecords,anddeletesintrusionrecordsonlywhenthelogbecomes
fullandnewintrusionsaresubsequentlyadded.)Theprior totextinthe
recordforthethirdintrusionmeansthataswitchresetoccurredatthe
indicatedtimeandthattheintrusionoccurredpriortothereset.
Tocleartheintrusionfromport1andenabletheswitchtoenteranysubse-
quentintrusionforport1intheIntrusionLog,executetheport-security1clear-
intrusion-flagcommand.Ifyouthenre-displaytheportstatusscreen,youwill
seethattheIntrusionAlertentryforport1haschangedtoNo.Thatis,your
evidencethattheIntrusionAlertflaghasbeenresetistheIntrusionAlert
columnintheportstatusdisplaynolongershowsYesfortheportonwhich
theintrusionoccurred(port1inthisexample).(Executingshowintrusion-log
againwillresultinthesamedisplayasabove.)
HP2512(config)# port-security 1 clear-intrusion-flag
HP2512(config)# show interface
l IntrusionAlertonport1isnowc eared.
Figure7-11. ExampleofPortStatusScreenAfterAlertFlagsReset
TheEventLoglistsportsecurityintrusionsas:
W MM/DD/YY HH:MM:SS FFI: port 3 Security Violation
whereWistheseveritylevelofthelogentryandFFI isthesystemmodule
thatgeneratedtheentry.Forfurtherinformation,viewtheIntrusionLog.
FromtheCLI. Typethe logcommandfromtheManagerorConfiguration
level.
Syntax: log<search-text>
For<search-text>,youcanuseffi,security,orviolation. Forexample:
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-27
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
LogListingwith
SecurityViolation
Detected
LogListingwithNo
SecurityViolation
Detected
LogCommand
with
securityfor
SearchString
Figure7-12. ExampleofLogListingWithandWithoutDetectedSecurityViolation
FromtheMenuInterface: IntheMainMenu,clickon4.EventLoganduse
NextpageandPrevpagetoreviewtheEventLogcontents.
ForMoreEventLogInformation. SeeUsingtheEventLogToIdentify
ProblemSourcesonpage11-11.
ResettingAlertFlags
1. ChecktheAlertLogbyclickingontheStatustabandthe button.
IfthereisaSecurityViolationentry,dothefollowing:
a. ClickontheSecuritytab.
b. Clickon.PortswithIntrusionFlagindicatesanyports
forwhichthealertflaghasnotbeencleared.
c. Toclearthecurrentalertflags,clickon .
browserscreen.
OperatingNotesforPortSecurity
IdentifyingtheIPAddressofanIntruder. TheIntrusionLoglists
detectedintrudersbyMACaddress.IfyouareusingHPTopToolsforHubs&
Switchestomanageyournetwork,youcanusetheTopToolsinventoryreports
tolinkMACaddressestotheircorrespondingIPaddresses.(Inventoryreports
areorganizedbydevicetype;hubs,switches,servers,etc.)
7-28
ProxyWebServers.Ifyouareusingtheswitchswebbrowserinterface
throughaswitchportconfiguredforStaticportsecurity,andyourbrowser
accessisthroughaproxywebserver,thenitisnecessarytodothefollowing:
EnteryourPCorworkstationMACaddressintheportsAuthorized
Addresseslist.
EnteryourPCorworkstationsIPaddressintheswitchsIPAuthorized
Managerslist.SeeUsingIPAuthorizedManagersonpage7-30.)
Withoutbothoftheaboveconfigured,theswitchdetectsonlytheproxy
serversMACaddress,andnotyourPCorworkstationMACaddress,and
interpretsyourconnectionasunauthorized.
PriorToEntriesintheIntrusionLog. Ifyouresettheswitch(using
theResetbutton,DeviceReset,orRebootSwitch),theIntrusionLogwilllist
thetimeofallcurrentlyloggedintrusionsaspriortothetimeofthereset.
AlertFlagStatusforEntriesForcedOffoftheIntrusionLog. Ifthe
IntrusionLogisfullofentriesforwhichthealertflagshavenotbeenreset,a
newintrusionwillcausetheoldestentrytodropoffthelist,butwillnotchange
thealertflagstatusfortheportreferencedinthedroppedentry.Thismeans
that,evenifanentryisforcedoffoftheIntrusionLog,nonewintrusionscan
beloggedontheportreferencedinthatentryuntilyouresetthealertflags.
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-29
UsingIPAuthorizedManagers
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
AuthorizedIPManagerFeatures
Listing(Showing)Authorized n/a page7-33 page7-34 page7-36
Managers
ConfiguringAuthorizedIP None page7-33 page7-34 page7-36
Managers
BuildingIPMasks n/a page7-36 page7-36 page7-36
OperatingandTroubleshooting n/a page7-39 page7-39 page7-39
Notes
ThisfeatureenablesyoutoenhancesecurityontheswitchbyusingIP
addressestoauthorizewhichstations(PCsorworkstations)canaccessthe
switch.Thus,havingthecorrectpasswordsisnotsufficientforaccessingthe
switchthroughthenetworkunlessthestationattemptingaccessisalso
includedintheswitchsAuthorizedIPManagersconfiguration.Accesscon-
trolscover:
Theswitchswebbrowserinterface
Telnet(CLIormenuinterface)
SNMP(networkmanagement)
FiletransfersusingTFTP(forconfigurationsandsoftwareupdates)
Youcanconfigure:
Upto10authorizedmanageraddresses,whereeachaddressappliesto
eitherasinglemanagementstationoragroupofstations
ManagerorOperatoraccesslevel
Not e Thisfeaturedoesnotprotectaccesstotheswitchthroughamodemordirect
connectiontotheConsole(RS-232)port.Also,iftheIPaddressassignedto
anauthorizedmanagementstationisconfiguredinanotherstation,theother
stationcangainmanagementaccesstotheswitcheventhoughaduplicateIP
addressconditionexists.Forthesereasons,youshouldenhanceyournet-
workssecuritybykeepingphysicalaccesstotheswitchrestrictedtoautho-
rizedpersonnel,usingthepasswordfeaturesbuiltintotheswitch,and
preventingunauthorizedaccesstodataonyourmanagementstations.
7-30
AccessLevels
Foreachauthorizedmanageraddress,youcanconfigureeitheroftheseaccess
levels:
Manager:Enablesfullaccesstoallwebbrowserandconsoleinterface
screensforviewing,configuration,andallotheroperationsavailablein
theseinterfaces.
Operator:Allowsview-onlyaccessfromthewebbrowserandconsole
interfaces.(Thisisthesameaccessthatisallowedbytheswitchsopera-
tor-levelpasswordfeature.)
DefiningAuthorizedManagementStations
AuthorizingSingleStations:Thetableentryauthorizesasingleman-
agementstationtohaveIPaccesstotheswitch.Tousethismethod,just
entertheIPaddressofanauthorizedmanagementstationintheAutho-
rizedManagerIPcolumn,andleavetheIPMasksetto255.255.255.255.This
istheeasiestwaytousetheAuthorizedManagersfeature.(Formoreon
thistopic,seeConfiguringOneStationPerAuthorizedManagerIPEntry
onpage7-36.)
AuthorizingMultipleStations:ThetableentryusestheIPMaskto
authorizeaccesstotheswitchfromadefinedgroupofstations.Thisis
usefulifyouwanttoeasilyauthorizeseveralstationstohaveaccessto
theswitchwithouthavingtotypeinanentryforeverystation.Allstations
inthegroupdefinedbytheoneAuthorizedManagerIPtableentryandits
associatedIPmaskwillhavethesameaccesslevelManagerorOperator.
(Formoreonthistopic,seeConfiguringMultipleStationsPerAuthorized
ManagerIPEntryonpage7-37.)
Toconfiguretheswitchforauthorizedmanageraccess,entertheappropriate
AuthorizedManagerIPvalue,specifyanIPMask,andselecteitherManager
orOperatorfortheAccessLevel.TheIPMaskdetermineshowtheAuthorized
ManagerIPvalueisusedtoallowordenyaccesstotheswitchbyamanage-
mentstation.
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-31
OverviewofIPMaskOperation
ThedefaultIPMaskis255.255.255.255andallowsswitchaccessonlytoa
stationhavinganIPaddressthatisidenticaltotheAuthorizedManagerIP
parametervalue.(255inanoctetofthemaskmeansthatonlytheexactvalue
inthecorrespondingoctetoftheAuthorizedManagerIPparameterisallowed
intheIPaddressofanauthorizedmanagementstation.)However,youcan
alterthemaskandtheAuthorizedManagerIPparametertospecifyrangesof
authorizedIPaddresses.Forexample,amaskof255.255.255.0andanyvaluefor
theAuthorizedManagerIPparameterallowsarangeof0through255inthe
4thoctetoftheauthorizedIPaddress,whichenablesablockofupto254IP
addressesforIPmanagementaccess(excluding0forthenetworkand255for
broadcasts).Amaskof255.255.255.252usesthe4thoctetofagivenAuthorized
ManagerIPaddresstoauthorizefourIPaddressesformanagementstation
access.ThedetailsonhowtouseIPmasksareprovidedunderBuildingIP
Masksonpage7-36.
Not e TheIPMaskisamethodforrecognizingwhetheragivenIPaddressis
authorizedformanagementaccesstotheswitch.Thismaskservesadifferent
purposethanIPsubnetmasksandisappliedinadifferentmanner.
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-32
Menu:ViewingandConfiguringIPAuthorized
Managers
FromtheconsoleMainMenu,select:
7.IPAuthorizedManagers
1. Select i Addtoaddanauthor zedmanager
tothelist.
Figure7-13. ExampleofHowToAddanAuthorizedManagerEntry
5. Press (forSave)
4.
3.
ll
l
2. i
,then toconfiguretheIP
AuthorizedManagerentry.
UsetheSpacebartoselectManagerorOperator
access.
Usethedefaultmasktoallowaccessbyone
managementdevice,oreditthemasktoa ow
accessbyab ockofmanagementdevices.See
BuildingIPMasksonpage7-36.
EnteranAuthor zedManagerIPaddresshere.
Figure7-14. ExampleofHowToAddanAuthorizedManagerEntry(Continued)
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-33
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
EditingorDeletinganAuthorizedManagerEntry. GototheIPManag-
ersListscreen(figure7-13),highlightthedesiredentry,andpress(forEdit)
or(forDelete).
CLI:ViewingandConfiguringAuthorizedIPManagers
AuthorizedIPManagersCommandsUsedinThisSection
showipauthorized-managers below
ipauthorized-managers page7-35:ToAuthorizeManagerAccess
<ip-address>
page7-35:ToEditanExistingManagerAccessEntry
page7-36:ToDeleteanAuthorizedManagerEntry
mask<mask-bits>
<operator|manager>
ListingtheSwitchsCurrentAuthorizedIPManager(s)
Usetheshowipauthorized-managerscommandtolistIPstationsauthorizedto
accesstheswitch.Forexample:
Figure7-15. ExampleoftheShowIPAuthorized-ManagerDisplay
TheaboveexampleshowsanAuthorizedIPManagerListthatallowsstations
toaccesstheswitchasshownbelow:
IPMask AuthorizedStationIPAddress: AccessMode:
255.255.255.252 10.28.227.100through103 Manager
255.255.255.254 10.28.227.104through105 Manager
255.255.255.255 10.28.227.125 Manager
255.255.255.0 10.28.227.0through255 Operator
7-34
ConfiguringIPAuthorizedManagersfortheSwitch
Syntax: ipauthorized-managers<ipaddress>
[mask<mask-bits>]
<operator|manager>
ToAuthorizeManagerAccess.Thiscommandauthorizesmanager-level
accessforanystationhavinganIPaddressof10.28.227.0through
10.28.227.255:
HP2512(config)# ip authorized-managers
10.28.227.101 mask 255.255.255.0 manager
Similarly,thenextcommandauthorizesmanager-levelaccessforanystation
havinganIPaddressof10.28.227.101through103:
10.28.227.101 mask 255.255.255.252 manager
Ifyouomitthemaskwhenaddinganewauthorizedmanager,theswitch
automaticallyuses255.255.255.255forthemask.Ifyoudonotspecify
eitherManagerorOperatoraccess,theswitchautomaticallyassignsthe
Manageraccess.Forexample:
HP2512(config)# ip authorized-managers 10.28.227.105
Theresultofenteringtheaboveexampleis:
AuthorizedStationIPAddress:10.28.227.105
IPMask:255.255.255.255,whichauthorizesonlythespecifiedstation
(10.28.227.105inthiscase).(SeeConfiguringMultipleStationsPer
AuthorizedManagerIPEntryonpage7-37.)
AccessLevel:Manager
ToEditanExistingManagerAccessEntry. Tochangethemaskor
accesslevelforanexistingentry,usetheentrysIPaddressandenterthenew
value(s).(Noticethatanyparametersnotincludedinthecommandwillbeset
totheirdefault.):
10.28.227.101 mask 255.255.255.0 operator
TheabovecommandreplacestheexistingmaskandaccesslevelforIP
address10.28.227.101with255.255.255.0andoperator.
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-35
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
ThefollowingcommandreplacestheexistingmaskandaccesslevelforIP
address10.28.227.101with255.0.0.0andmanager(thedefaults)because
thecommanddoesnotspecifyeitheroftheseparameters.
HP2512(config)# ip authorized-managers 10.28.227.101
ToDeleteanAuthorizedManagerEntry. ThiscommandusestheIP
addressoftheauthorizedmanageryouwanttodelete:
HP2512(config)# no ip authorized-managers 10.28.227.101
Web:ConfiguringIPAuthorizedManagers
InthewebbrowserinterfaceyoucanconfigureIPAuthorizedManagersas
describedbelow.
ToAdd,Modify,orDeleteanIPAuthorizedManageraddress:
2. Clickon .
3. Entertheappropriateparametersettingsfortheoperationyouwant.
4. Clickon , ,ortoimplementtheconfigurationchange.
Forweb-basedhelponhowtousethewebbrowserinterfacescreen,clickon
thebuttonprovidedonthewebbrowserscreen.
BuildingIPMasks
TheIPMaskparametercontrolshowtheswitchusesanAuthorizedManager
IPvaluetorecognizetheIPaddressesofauthorizedmanagerstationsonyour
network.
ConfiguringOneStationPerAuthorizedManagerIPEntry
Thisistheeasiestwaytoapplyamask.Ifyouhavetenorfewermanagement
and/oroperatorstations,youcanconfigurethemquicklybysimplyaddingthe
addressofeachtotheAuthorizedManagerIPlistwith255.255.255.255forthe
correspondingmask.Forexample,asshowninfigure7-15onpage7-34,ifyou
configureanIPaddressof10.28.227.125withanIPmaskof255.255.255.255,onlya
stationhavinganIPaddressof10.28.227.125hasmanagementaccesstothe
switch.
7-36
Table7-2. AnalysisofIPMaskforSingle-StationEntries
2nd 3rd 1st
Octet Octet Octet
4th
Octet
Manager-LevelorOperator-LevelDeviceAccess
IPMask 255 255 255 255 The255ineachoctetofthemaskspecifiesthatonlytheexactvaluein
Authorized 10 28 227 125
thatoctetofthecorrespondingIPaddressisallowed.Thismaskallows
ManagerIP
managementaccessonlytoastationhavinganIPaddressof10.33.248.5.
ConfiguringMultipleStationsPerAuthorizedManagerIP
Entry
ThemaskdetermineswhethertheIPaddressofastationonthenetworkmeets
thecriteriayouspecify.Thatis,foragivenAuthorizedManagerentry,the
switchappliestheIPmasktotheIPaddressyouspecifytodeterminearange
ofauthorizedIPaddressesformanagementaccess.Asdescribedabove,that
rangecanbeassmallasoneIPaddress(if255issetforalloctetsinthemask),
orcanincludemultipleIPaddresses(ifoneormoreoctetsinthemaskareset
tolessthan255).
Ifabitinanoctetofthemaskison(setto1),thenthecorrespondingbitin
theIPaddressofapotentiallyauthorizedstationmustmatchthesamebitin
theIPaddressyouenteredintheAuthorizedManagerIPlist.Conversely,ifa
bitinanoctetofthemaskisoff(setto0),thenthecorrespondingbitinthe
IPaddressofapotentiallyauthorizedstationonthenetworkdoesnothaveto
matchitscounterpartintheIPaddressyouenteredintheAuthorizedManager
IPlist.Thus,intheexampleshownabove,a255inanIPMaskoctet(allbits
intheoctetareon)meansonlyonevalueisallowedforthatoctetthevalue
youspecifyinthecorrespondingoctetoftheAuthorizedManagerIPlist.A0
(allbitsintheoctetareoff)meansthatanyvaluefrom0to255isallowed
inthecorrespondingoctetintheIPaddressofanauthorizedstation.Youcan
alsospecifyaseriesofvaluesthatareasubsetofthe0-255rangebyusinga
valuethatisgreaterthan0,butlessthan255.
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-37
Table7-3. AnalysisofIPMaskforMultiple-StationEntries
2nd 3rd 1st
Octet Octet Octet
4th
Octet
Manager-LevelorOperator-LevelDeviceAccess
IPMask 255 255 255 0 The255inthefirstthreeoctetsofthemaskspecifythatonlytheexact
Authorized
ManagerIP
10 28 227 125
valueintheoctetofthecorrespondingIPaddressisallowed.However,
thezero(0)inthe4thoctetofthemaskallowsanyvaluebetween0and
255inthatoctetofthecorrespondingIPaddress.Thismaskallowsswitch
accesstoanydevicehavinganIPaddressof10.28.227.xxx,wherexxxis
anyvaluefrom0to255.
IPMask 255 255 255 249 Inthisexample(figure7-16,below),theIPmaskallowsagroupofupto
Authorized
IPAddress
10 28 227 125
4managementstationstoaccesstheswitch.Thisisusefuliftheonly
devicesintheIPaddressgroupallowedbythemaskaremanagement
stations.The249inthe4thoctetmeansthatbits0and3-7ofthe4th
octetarefixed.Conversely,bits1and2ofthe4thoctetarevariable.Any
valuethatmatchestheauthorizedIPaddresssettingsforthefixedbitsis
allowedforthepurposesofIPmanagementstationaccesstotheswitch.
Thus,anymanagementstationhavinganIPaddressof10.28.227.121,123,
125,or127canaccesstheswitch.
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
4thOctetofIPMask:
4thOctetofAuthorizedIPAddress: 5
249
BitNumbers Bit Bit Bit Bit Bit Bit Bit Bit
7 6 5 4 3 2 1 0
BitValues 128 64 32 16 8 4 2 1
4thOctetof Bits1and2inthemaskareoff,andbits0and3
IPMask(249) -7areon,creatingavalueof249inthe4thoctet
ofthemask.
4thOctetof
IPAuthorized
Address(125)
Whereamaskbitison,thecorrespondingbit
settingintheaddressofapotentiallyauthorized
stationmustmatchtheIPAuthorizedAddress
settingforthatsamebit.Whereamaskbitisoff
thecorrespondingbitsettingintheaddresscanbe
eitheronoroff.Inthisexample,inorderfora
stationtobeauthorizedtoaccesstheswitch:
ThefirstthreeoctetsofthestationsIPaddress
mustmatchtheAuthorizedIPAddress.
Bit0andBits3through6ofthe4thoctetinthe
stationsaddressmustbeon(value=1).
Bit7ofthe4thoctetinthestationsaddress
mustbeoff(value=0).
Bits1and2canbeeitheronoroff.
ThismeansthatstationswiththeIPaddress
13.28.227.X(whereXis121,123,125,or127)are
authorized.
Figure7-16. ExampleofHowtheBitmapintheIPMaskDefinesAuthorized
ManagerAddresses
7-38
AdditionalExamplesforAuthorizingMultipleStations
EntriesforAuthorized
ManagerList
Results
IPMask 255 255 0 255 ThiscombinationspecifiesanauthorizedIPaddressof10.33.xxx.1.Itcouldbe
Authorized
ManagerIP
10 33 248 1
applied,forexample,toasubnettednetworkwhereeachsubnetisdefinedbythe
thirdoctetandincludesamanagementstationdefinedbythevalueof1inthe
fourthoctetofthestationsIPaddress.
IPMask 255 238 255 250 Allows230,231,246,and247inthe2ndoctet,and194,195,198,199inthe4thoctet.
Authorized 10 247 100 195
ManagerIP
OperatingandTroubleshootingNotes
NetworkSecurityPrecautions:Youcanenhanceyournetworkssecu-
ritybykeepingphysicalaccesstotheswitchrestrictedtoauthorized
personnel,usingthepasswordfeaturesbuiltintotheswitch,andprevent-
ingunauthorizedaccesstodataonyourmanagementstations.
ModemandDirectConsoleAccess:ConfiguringauthorizedIPmanag-
ersdoesnotprotectagainstaccesstotheswitchthroughamodemor
directConsole(RS-232)portconnection.
DuplicateIPAddresses:IftheIPaddressconfiguredinanauthorized
managementstationisalsoconfiguredinanotherstation,theotherstation
cangainmanagementaccesstotheswitcheventhoughaduplicateIP
addressconditionexists.
WebProxyServers:Ifyouusethewebbrowserinterfacetoaccessthe
switchfromanauthorizedIPmanagerstation,itisrecommendedthatyou
avoidtheuseofawebproxyserverinthepathbetweenthestationand
theswitch.Thisisbecauseswitchaccessthroughawebproxyserver
requiresthatyoufirstaddthewebproxyservertotheAuthorizedManager
IPlist.Thisreducessecuritybyopeningswitchaccesstoanyonewho
usesthewebproxyserver.Thefollowingtwooptionsoutlinehowto
eliminateawebproxyserverfromthepathbetweenastationandthe
switch:
Evenifyouneedproxyserveraccessenabledinordertouse
otherapplications,youcanstilleliminateproxyserviceforweb
accesstotheswitch.Todoso,addtheIPaddressorDNSname
oftheswitchtothenon-proxy,orExceptionslistintheweb
browserinterfaceyouareusingontheauthorizedstation.
Ifyoudontneedproxyserveraccessatallontheauthorized
station,thenjustdisabletheproxyserverfeatureinthestations
webbrowserinterface.
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-39
U
s
i
n
g
P
a
s
s
w
o
r
d
s
,
P
o
r
t
S
e
c
u
r
i
t
y
,
a
n
d
A
u
t
h
o
r
i
z
e
d
I
P
7-40
8
ConfiguringforNetworkManagement
Applications
ChapterContents
Overview ..................................................... 8-2
SNMPManagementFeatures .................................. 8-3
ConfiguringforSNMPAccesstotheSwitch .................... 8-4
SNMPCommunities ........................................... 8-6
Menu:ViewingandConfiguringSNMPCommunities ............. 8-6
ToView,Edit,orAddSNMPCommunities: .................. 8-6
CLI:ViewingandConfiguringCommunityNames ................ 8-8
ListingCurrentCommunityNamesandValues ............... 8-8
ConfiguringIdentityInformation ........................... 8-9
ConfiguringCommunityNamesandValues .................. 8-9
TrapReceiversandAuthenticationTraps ..................... 8-10
CLI:ConfiguringandDisplayingTrapReceivers ................ 8-11
UsingtheCLIToListCurrentSNMPTrapReceivers ......... 8-11
ConfiguringTrapReceivers .............................. 8-12
UsingtheCLIToEnableAuthenticationTraps.................. 8-12
AdvancedManagement:RMONandExtendedRMONSupport... 8-13
RMON .................................................... 8-13
ExtendedRMON ........................................... 8-13
M
o
n
i
t
o
r
i
n
g
a
n
d
M
a
n
a
g
i
n
g
t
h
e
S
w
i
t
c
h
8-1
ConfiguringforNetworkManagementApplications
Overview
M
o
n
i
t
o
r
i
n
g
a
n
d
M
a
n
a
g
i
n
g
t
h
e
S
w
i
t
c
h
Overview
YoucanmanagetheswitchviaSNMPfromanetworkmanagementstation.
Forthispurpose,HPrecommendsHPTopToolsforHubs&Switchesan
easy-to-installandusenetworkmanagementapplicationthatrunsonyour
WindowsNT-orWindows2000-basedPC.HPTopToolsforHubs&Switches
providescontrolofyourswitchthroughitswebbrowserinterface.Inaddition,
it usestheRMONandExtendedRMONagentsstatisticalsamplingsoftware
thatisincludedintheswitchtoprovidepowerful,buteasy-to-usetraffic
monitoringandnetworkactivityanalysistools.FormoreonTopTools,seethe
"ReadMeFirst"documentshippedwithyourswitchandalsoavailableonHPs
ProCurvewebsiteat
AnoverviewofSNMPmanagementfortheswitch
ConfiguringtheSeries2500switchesfor:
SNMPmanagement
SNMPCommunities
TrapReceiversandAuthenticationTraps
InformationonadvancedmanagementthroughRMONandHPExtended
RMONSupport
ToimplementSNMPmanagement,youmusteitherconfiguretheswitchwith
anappropriateIPaddressor,ifyouareusingDHCP/Bootptoconfigurethe
switch,ensurethattheDHCPorBootpprocessprovidestheIPaddress.If
multipleVLANsareconfigured,eachVLANinterfaceshouldhaveitsownIP
networkaddress.ForDHCPusewithmultipleVLANs,seeWhichVLANIs
Primary?onpage9-53.
8-2
SNMPManagementFeatures
SNMPManagementFeatures
SNMPmanagementfeaturesontheswitchinclude:
SNMPversion2coverIP
SecurityviaconfigurationofSNMPcommunities
EventreportingviaSNMP
Version1traps
RMON:groups1,2,3,and9
ManagingtheswitchwithanSNMPnetworkmanagementtoolsuchasHP
TopToolsforHubs&Switches
SupportedStandardMIBsinclude:
BridgeMIB(RFC1493)
dot1dBase,dot1dTp,dot1dStp
EthernetMAUMIB(RFC1515)
dot3IfMauBasicGroup
InterfacesEvolutionMIB(RFC1573)
ifGeneralGroup,ifRcvAddressGroup,ifStackGroup
RMONMIB(RFC1757)
etherstats,events,alarms,andhistory
SNMPMIB-II(RFC1213)
system,interfaces,at,ip,icmp,tcp,udp,snmp
EntityMIB(RFC2037)
HPProprietaryMIBsinclude:
Statisticsformessageandpacketbuffers,tcp,telnet,andtimep
(netswtst.mib)
Portcounters,forwardingtable,andCPUstatistics(stat.mib)
TFTPdownload(downld.mib)
IntegratedCommunicationsFacilityAuthenticationManagerand
SNMPcommunities(icf.mib)
HPProCurveSwitchconfiguration(config.mib)
HPVLANconfigurationinformation(vlan.mib)supporting
hpVlanGeneralGroup
HPExtendedRMONMIBversion4toallowstatisticalsampling
M
o
n
i
t
o
r
i
n
g
a
n
d
M
a
n
a
g
i
n
g
t
h
e
S
w
i
t
c
h
8-3
M
o
n
i
t
o
r
i
n
g
a
n
d
M
a
n
a
g
i
n
g
t
h
e
S
w
i
t
c
h
ConfiguringforSNMPAccesstotheSwitch
HPEntityMIB(entity.mib)
TheswitchSNMPagentalsousescertainvariablesthatareincludedina
Hewlett-PackardproprietaryMIBfileyoucanaddtotheSNMPdatabase
inyournetworkmanagementtool.YoucancopytheMIBfilefromtheHP
TopToolsforHubs&SwitchesCD,orfromfollowingWorldWideWebsite:
Formoreinformation,refertotheReadMeFirstdocumentandthe
CustomerSupport/Warrantybookletincludedwithyourswitch.
ConfiguringforSNMPAccesstothe
Switch
SNMPaccessrequiresanIPaddressandsubnetmaskconfiguredonthe
switch.(SeeIPConfigurationonpage5-3.)IfyouareusingDHCP/Bootpto
configuretheswitch,ensurethattheDHCP/BootpprocessprovidestheIP
address.(SeeDHCP/BootpOperationonpage5-11.)
OnceanIPaddresshasbeenconfigured,thegeneralstepstoconfiguringfor
SNMPaccesstotheprecedingfeaturesare:
1. FromtheMainmenu,select
6.SNMPCommunityNames
2. ConfiguretheappropriateSNMPcommunities.(Thepubliccommunity
existsbydefaultandisusedbyHPsnetworkmanagementapplications.)
(FormoreonconfiguringSNMPcommunities,seeMenu:Viewingand
ConfiguringSNMPCommunitiesonpage8-6.)
3. Configuretheappropriatetrapreceivers.(Formoreonconfiguringtrap
receivers,seeCLI:ConfiguringandDisplayingTrapReceiversonpage
8-11.)
Insomenetworks,authorizedIPmanageraddressesarenotused.Inthiscase,
allmanagementstationsusingthecorrectcommunitynamemayaccessthe
switchwiththeViewandAccesslevelsthathavebeensetforthatcommunity.
Ifyouwanttorestrictaccesstooneormorespecificnodes,youcanusethe
switchsIPAuthorizedManagerfeature.(SeeUsingIPAuthorizedManagers
onpage7-30.)
8-4
ConfiguringforSNMPAccesstotheSwitch
Ca u t i o n Deletingthecommunitynamedpublicdisablesmanynetworkmanagement
functions(suchasauto-discovery,trafficmonitoring,SNMPtrapgeneration,
andthresholdsetting).Ifsecurityfornetworkmanagementisaconcern,itis
recommendedthatyouchangethewriteaccessforthepubliccommunity
toRestricted.
8-5
M
o
n
i
t
o
r
i
n
g
a
n
d
M
a
n
a
g
i
n
g
t
h
e
S
w
i
t
c
h
SNMPCommunities
M
o
n
i
t
o
r
i
n
g
a
n
d
M
a
n
a
g
i
n
g
t
h
e
S
w
i
t
c
h
SNMPCommunities
SNMPCommunityFeatures
showcommunityname n/a page8-6 page8-8
configureidentityinformation none page8-9
configurecommunitynames public page8-6 page8-9
MIBviewforacommunityname
(operator,manager)
writeaccessfordefault
communityname
" "
manager " "
"
unrestricted " "
UseSNMPcommunitiestorestrictaccesstotheswitchbySNMPmanagement
stationsbyadding,editing,ordeletingSNMPcommunities.Youcanconfigure
uptofiveSNMPcommunities,eachwitheitheranoperator-leveloramanager-
levelview,andeitherrestrictedorunrestrictedwriteaccess.
UsingSNMPrequiresthattheswitchhaveanIPaddressandsubnetmask
compatiblewithyournetwork.
Ca u t i o n Deletingorchangingthecommunitynamedpublicpreventsnetworkman-
agementapplications(suchasauto-discovery,trafficmonitoring,SNMPtrap
generation,andthresholdsetting)fromoperatingintheswitch.(Changingor
deletingthepublicnamealsogeneratesanEventLogmessage.)Ifsecurity
fornetworkmanagementisaconcern,itisrecommendedthatyouchangethe
writeaccessforthepubliccommunitytoRestricted.
Menu:ViewingandConfiguringSNMPCommunities
ToView,Edit,orAddSNMPCommunities:
6.SNMPCommunityNames
8-6
SNMPCommunities
Note:Thisscreengives
anoverviewofthe
SNMPcommunities
thatarecurrently
configured.Allfieldsin
thisscreenareread-
only.
i AddandEd toptionsare
usedtomodifytheSNMP
options.Seefigure8-2.
Figure8-1.TheSNMPCommunitiesScreen(DefaultValues)
2. Press(for Add)todisplaythefollowingscreen:
Ifyouareaddinga
community,the
fieldsinthisscreen
areblank.
Ifyouareeditingan
existingcommunity,
thevaluesforthe
currentlyselected
Communityappear
inthefields.
Typethevalueforthisfield..
UsetheSpacebartoselect
valuesforotherfields
Figure8-2.TheSNMPAddorEditScreen
NeedHelp?Ifyouneedinformationontheoptionsineachfield,press
tomovethecursortotheActionsline,thenselecttheHelpoption
ontheActionsline.WhenyouarefinishedwithHelp,press(forEdit)
toreturnthecursortotheparameterfields.
3. EnterthenameyouwantintheCommunityNamefield,andusetheSpace
bartoselecttheappropriatevalueineachoftheotherfields.(Usethe
keytomovefromonefieldtothenext.)
4. Press,then(for Save).
8-7
M
o
n
i
t
o
r
i
n
g
a
n
d
M
a
n
a
g
i
n
g
t
h
e
S
w
i
t
c
h
SNMPCommunities
CLI:ViewingandConfiguringCommunityNames
CommunityNameCommandsUsedinThisSection
M
o
n
i
t
o
r
i
n
g
a
n
d
M
a
n
a
g
i
n
g
t
h
e
S
w
i
t
c
h
showsnmp-server[<community-string>] below
snmp-server page8-9
[contact<contact-str>] page8-9
[location<location-str>] page8-9
[community<community-str>] page8-9
[host<community-str><ip-addr>] page8-12
[<none|debug|all|not-info|critical>]
[enabletraps<authentication> page8-12
ListingCurrentCommunityNamesandValues
ListingCommunityNames.Thiscommandliststhedataforcurrentlycon-
figuredSNMPcommunitynames(alongwithtrapreceiversandthesettingfor
authenticationtraps seeTrapReceiversandAuthenticationTrapson
page8-10).
Syntax: showsnmp-server[<community-string>]
Thisexampleliststhedataforallcommunitiesinaswitch;thatis,boththe
default"public"communitynameandanothercommunitynamed"red-team"
i
Settings
Default
Commun tyand
Settings
Non-Default
Communityand
TrapReceiver
Data(Seepage
8-10.)
Figure8-3.ExampleoftheSNMPCommunityListingwithTwoCommunities
Tolistthedataforonlyonecommunity,suchasthe"public"community,use
theabovecommandwiththecommunitynameincluded.Forexample:
8-8
SNMPCommunities
HP2512# show snmp-server public
ConfiguringIdentityInformation
Thiscommandenablesyoutoentercontact-personandlocationdatatohelp
identifytheswitch.
Syntax: snmp-server[contact<contact-str>][location<location-str>]
Bothfieldsallowupto48characters,withoutspaces.
Forexample,toconfiguretheswitchwith"Site-LAN-Ext.449"andalocation
of"Level-2-North",youwouldexecutethefollowingcommand:
HP2512(config)#snmp-servercontactSite-LANExt.449locationLevel-2-North
ConfiguringCommunityNamesandValues
Ifyouenteracommunitynamewithoutanoperatorormanagerdesignation,
theswitchautomaticallyassignsthecommunitytoOperatorfortheMIBview.
Also,ifyoudonotspecifyrestrictedorunrestrictedfortheread/writeMIB
access,theswitchautomaticallyrestrictsthecommunitytoreadaccessfor
theMIB.
AddingSNMPCommunitiesintheSwitch.ThefollowingSNMPcom-
mandexamplesuseaddsnmptoaddnewSNMPcommunities:
Syntax: snmp-servercommunity<community-name>
[operator|manager]
[restricted|unrestricted]
HP2512(config)# snmp-server community red-team
manager unrestricted
HP2512(config)# snmp-server community blue-team
operator restricted
M
o
n
i
t
o
r
i
n
g
a
n
d
M
a
n
a
g
i
n
g
t
h
e
S
w
i
t
c
h
8-9
M
o
n
i
t
o
r
i
n
g
a
n
d
M
a
n
a
g
i
n
g
t
h
e
S
w
i
t
c
h
TrapFeatures
snmp-serverhost(trapreceiver) public page8-12
snmp-serverenable(authenticationtrap) none page8-12
Atrapreceiverisamanagementstationdesignatedbytheswitchtoreceive
SNMPtrapssentfromtheswitch.Anauthenticationtrapisaspecialized
SNMPtrapsenttotrapreceiverswhenanunauthorizedmanagementstation
triestoaccesstheswitch.
Not e Fixedor"Well-Known"Traps:TheSeries2500switchesautomaticallysend
fixedtraps(suchas"coldStart","warmStart","linkDown",and"linkUp")totrap
receiversusingapubliccommunityname.Thesetrapscannotberedirected
toothercommunities.Thus,ifyouchangeordeletethedefaultpubliccom-
munityname,thesetrapswillbelost.
Thresholds:Theswitchautomaticallysendsallmessagesresultingfrom
thresholdstothenetworkmanagementstation(s)thatsetthethresholds,
regardlessofthetrapreceiverconfiguration.
Inthedefaultconfiguration,therearenotrapreceiversconfigured,andthe
authenticationtrapfeatureisdisabled.FromtheCLIyoucanconfigureupto
tenSNMPtrapreceiverstoreceiveSNMPtrapsfromtheswitch.Theswitch
canbeconfiguredtoalsosendeventlogmessagesastrapsifthefollowing
optionsareusedwiththesnmp-serverhostcommand:
EventLevel Description
None(default) Sendnologmessages.
All Sendalllogmessages.
NotINFO Sendthelogmessagesthatarenotinformation-only.
Critical Sendcritical-levellogmessages.
Debug ReservedforHP-internaluse.
8-10
CLI:ConfiguringandDisplayingTrapReceivers
TrapReceiverCommandsUsedinThisSection
showsnmp-server below
snmp-serverhost page8-12
<ip-addr><community-name>
[none|all|non-info|critical|debug]
snmp-serverenabletrapsauthentication page8-12
UsingtheCLIToListCurrentSNMPTrapReceivers
Thiscommandliststhecurrentlyconfiguredtrapreceiversandthesettingfor
authenticationtraps(alongwiththecurrentSNMPcommunitynamedata
seeSNMPCommunitiesonpage8-6).
Syntax: show snmp-server
Inthenextexample,theshowsnmp-servercommandshowsthattheswitch
hasbeenpreviouslyconfiguredtosendSNMPtrapstomanagementstations
belongingtothepublic,red-team,andblue-teamcommunities.
l
Community
M
o
n
i
t
o
r
i
n
g
a
n
d
M
a
n
a
g
i
n
g
t
h
e
S
w
i
t
c
h
Examp eof
NameData(See
page8-6.)
ExampleofTrap
ReceiverData
Authentication
TrapSetting
Figure8-4.ExampleofShowSNMP-ServerListing
8-11
M
o
n
i
t
o
r
i
n
g
a
n
d
M
a
n
a
g
i
n
g
t
h
e
S
w
i
t
c
h
ConfiguringTrapReceivers
Thiscommandspecifiestrapreceiversbycommunitymembership,manage-
mentstationIPaddress,andthetypeofEventLogmessagestosendtothe
trapreceiver.
Not e Ifyouspecifyacommunitynamethatdoesnotexistthatis,hasnotyetbeen
configuredontheswitchtheswitchstillacceptsthetrapreceiverassign-
ment.However,notrapswillbesenttothattrapreceiveruntilthecommunity
towhichitbelongshasbeenconfiguredontheswitch.
Syntax: snmp-serverhost
<community-str><ip-address>[<none|all|non-info|critical|debug>]
Forexample,toconfigureatrapreceiverinacommunitynamed"red-team"
withanIPaddressof10.28.227.130toreceiveonly"critical"logmessages:
HP2512(config)# snmp-server trap-receiver red-team
10.28.227.130 critical
Not e Ifyoudonotspecifytheeventlevel([<none|all|non-info|critical|debug>])
thentheswitchwillnotsendeventlogmessagesastraps."Well-Known"traps
andthresholdtraps(ifconfigured)willstillbesent..
UsingtheCLIToEnableAuthenticationTraps
Ifthisfeatureisenabled,anauthenticationtrapissenttotheconfiguredtrap
receiver(s)ifamanagementstationattemptsanunauthorizedaccessofthe
switch.Checktheeventlogintheconsoleinterfacetohelpdeterminewhy
theauthenticationtrapwassent.(RefertoUsingtheEventLogToIdentify
ProblemSourcesonpage11-11.)
Not e Forthisfeaturetooperate,oneormoretrapreceiversmustbeconfiguredon
theswitch.SeeCLI:ConfiguringandDisplayingTrapReceiversonpage8-11.
UsingtheCLIToEnableAuthenticationTraps.
Syntax: snmp-servertrapauthentication
HP2512(config)# snmp-server trap authentication
8-12
AdvancedManagement:RMONandExtendedRMONSupport
AdvancedManagement:RMONand
ExtendedRMONSupport
TheswitchsupportsRMON(RemoteMonitoring)andHPExtendedRMON
onallconnectednetworksegments.Thisallowsfortroubleshootingand
optimizingyournetwork.
RMON
ThefollowingRMONgroupsaresupported:
EthernetStatistics(exceptthenumbersofpacketsofdifferentframesizes)
Alarm
History(ofthesupportedEthernetstatistics)
Event
TheRMONagentautomaticallyrunsintheswitch.UsetheRMONmanage-
mentstationonyournetworktoenableordisablespecificRMONtrapsand
events.NotethatyoucanaccesstheEthernetstatistics,Alarm,andEvent
groupsfromtheHPTopToolsforHubs&Switchesnetworkmanagement
software.FormoreonTopTools,seethe"ReadMeFirst"documentshipped
withyourswitchandalsoavailableonHPsProCurvewebsiteat
ExtendedRMON
ExtendedRMONprovidesnetworkmonitoringandtroubleshootinginforma-
tionthatanalyzestrafficfromanetwork-wideperspective.ExtendedRMON
notifiesyouaboutnetworkproblemsandidentifiestheendnodeatfault.That
informationcanbeusedtosetupRMONtostudytheproblemmoreclosely,
ifdesired.Becauseitisbasedondetailedstatisticalsampling,Extended
RMONlessenstheloadondevicesandnetworkbandwidth.TheExtended
RMONagentrunsautomaticallyontheswitch.TouseExtendedRMON,
simplyuseTrafficMonitor(includedwithHPTopToolsforHubs&Switches)
onyournetworkmanagementstationtoenablesamplingontheportsyou
wanttomonitor.
M
o
n
i
t
o
r
i
n
g
a
n
d
M
a
n
a
g
i
n
g
t
h
e
S
w
i
t
c
h
8-13
AdvancedManagement:RMONandExtendedRMONSupport
M
o
n
i
t
o
r
i
n
g
a
n
d
M
a
n
a
g
i
n
g
t
h
e
S
w
i
t
c
h
8-14
9
ConfiguringAdvancedFeatures
ChapterContents
Overview ..................................................... 9-4
HPProCurveStackManagement ............................... 9-5
WhichDevicesSupportStacking? ............................. 9-6
ComponentsofHPProCurveStackManagement ................ 9-7
GeneralStackingOperation................................... 9-7
OperatingRulesforStacking .................................. 9-8
GeneralRules ........................................... 9-8
SpecificRules ........................................... 9-9
OverviewofConfiguringandBringingUpaStack ............... 9-11
GeneralStepsforCreatingaStack ........................ 9-13
UsingtheMenuInterfaceToViewStackStatusAndConfigure
Stacking .................................................. 9-15
UsingtheMenuInterfaceToViewandConfigureaCommander
Switch ................................................ 9-15
UsingtheMenuToManageaCandidateSwitch............. 9-17
UsingtheCommanderToManageTheStack ................... 9-19
ConvertingaCommanderorMembertoaMemberofAnother
ConfigurationChangesandMonitoringTraffic .............. 9-26
Stack ................................................. 9-27
MonitoringStackStatus ..................................... 9-28
UsingtheCLIToViewStackStatusandConfigureStacking...... 9-32
UsingtheCLIToViewStackStatus ....................... 9-34
UsingtheCLIToConfigureaCommanderSwitch........... 9-36
AddingtoaStackorMovingSwitchesBetweenStacks ....... 9-38
UsingtheCLIToRemoveaMemberfromaStack........... 9-43
ChangesandTrafficMonitoring........................... 9-45
SNMPCommunityOperationinaStack ....................... 9-46
UsingtheCLIToDisableorRe-EnableStacking ................ 9-47
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-1
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
ChapterContents
TransmissionInterval ....................................... 9-47
StackingOperationwithMultipleVLANsConfigured ............ 9-47
Web:ViewingandConfiguringStacking ....................... 9-48
StatusMessages............................................ 9-49
Port-BasedVirtualLANs(StaticVLANs) ...................... 9-50
OverviewofUsingVLANs ................................... 9-53
VLANSupportandtheDefaultVLAN...................... 9-53
WhichVLANIsPrimary? ................................ 9-53
Per-PortStaticVLANConfigurationOptions ................ 9-54
GeneralStepsforUsingVLANs........................... 9-56
NotesonUsingVLANs .................................. 9-56
Menu:ConfiguringVLANParameters.......................... 9-57
ToChangeVLANSupportSettings ........................ 9-57
AddingorEditingVLANNames ........................... 9-59
AddingorChangingaVLANPortAssignment ............... 9-60
CLI:ConfiguringVLANParameters ........................... 9-62
Web:ViewingandConfiguringVLANParameters ............... 9-68
VLANTaggingInformation .................................. 9-69
EffectofVLANsonOtherSwitchFeatures ..................... 9-73
SpanningTreeProtocolOperationwithVLANs ............. 9-73
IPInterfaces ........................................... 9-73
VLANMACAddresses ................................... 9-74
PortTrunks ............................................ 9-74
PortMonitoring ........................................ 9-74
VLANRestrictions .......................................... 9-75
SymptomsofDuplicateMACAddressesinVLAN
Environments .......................................... 9-76
GVRP ........................................................ 9-77
GeneralOperation .......................................... 9-78
Per-PortOptionsforHandlingGVRPUnknownVLANs ......... 9-80
Per-PortOptionsforDynamicVLANAdvertisingandJoining ..... 9-82
GVRPandVLANAccessControl.............................. 9-83
Port-LeaveFromaDynamicVLAN........................ 9-83
PlanningforGVRPOperation ................................ 9-84
ConfiguringGVRPOnaSwitch ............................... 9-84
Menu:ViewingandConfiguringGVRP ..................... 9-84
CLI:ViewingandConfiguringGVRP ....................... 9-86
Web:ViewingandConfiguringGVRP ...................... 9-89
GVRPOperatingNotes ...................................... 9-89
9-2
ChapterContents
MultimediaTrafficControlwithIPMulticast(IGMP) .......... 9-91
IGMPOperatingFeatures.................................... 9-92
CLI:ConfiguringandDisplayingIGMP ........................ 9-93
Web:EnablingorDisablingIGMP............................. 9-97
HowIGMPOperates ........................................ 9-97
RoleoftheSwitch ...................................... 9-98
NumberofIPMulticastAddressesAllowed................ 9-101
InteractionwithMulticastTraffic/SecurityFilters. .......... 9-101
SpanningTreeProtocol(STP) ............................... 9-102
Menu:ConfiguringSTP..................................... 9-103
CLI:ConfiguringSTP ...................................... 9-105
Web:EnablingorDisablingSTP............................. 9-108
HowSTPOperates ........................................ 9-108
STPFastMode........................................ 9-109
STPOperationwith802.1QVLANs....................... 9-110
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-3
Overview
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Overview
Thischapterdescribesthefollowingfeaturesandhowtoconfigurethemwith
theswitchsbuilt-ininterfaces:
HPProCurveStackManagement(Page9-5):Useyournetworkto
stackswitcheswithouttheneedforanyspecializedcablingpage9-5.
Port-BasedVLANsPage9-50:
GVRPPage9-77:
MultimediaTrafficControlwithIPMulticast(IGMP)Page9-91:
Usetheswitchtoreduceunnecessarybandwidthusageonaper-portbasis
byconfiguringIGMPcontrols.
SpanningTreeProtocol(STP)(Page9-102):UseSTPtoautomati-
callyblockloopsinyournetworkbyensuringthatthereisonlyoneactive
pathatatimebetweenanytwonodesonthenetwork.
Forgeneralinformationonhowtousetheswitchsbuilt-ininterfaces,see:
Chapter2,UsingtheMenuInterface
Chapter3,UsingtheCommandLineInterface(CLI)
Chapter4,UsingtheHPWebBrowserInterface
AppendixC,SwitchMemoryandConfiguration
9-4
HPProCurveStackManagement
StackingFeatures
Menu Feature Default CLI Web
viewstackstatus
viewstatusofasingleswitch n/a page9-29 page9-34 page9-48
thru
page9-31
viewcandidatestatus n/a page9-34
viewstatusofcommanderandits n/a page9-35
stack
viewstatusofallstacking-enabled n/a page9-35
switchesintheipsubnet
configurestacking
enable/disablecandidateAuto-Join enabled/Yes page9-18 page9-40
pushacandidateintoastack n/a page9-18 page9-40
configureaswitchtobeacommander n/a page9-15 page9-36
pushamemberintoanotherstack n/a page9-27 page9-42
removeamemberfromastack n/a page9-24 page9-43
or
page9-44
pullacandidateintoastack n/a page9-20 page9-39
pullamemberfromanotherstack n/a page9-22 page9-41
convertacommanderormembertoa n/a page9-27 page9-42
memberofanotherstack
accessmemberswitchesfor n/a page9-26 page9-45
configurationandtrafficmonitoring
disablestacking enabled page9-18 page9-47
transmissioninterval 60seconds page9-15 page9-47
HPProCurveStackManagement(termedstacking)enablesyoutouseasingle
IPaddressandstandardnetworkcablingtomanageagroupofupto16total
switchesinthesameIPsubnet(broadcastdomain).Usingstacking,youcan:
ReducethenumberofIPaddressesneededinyournetwork.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-5
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Simplifymanagementofsmallworkgroupsorwiringclosetswhile
scalingyournetworktohandleincreasedbandwidthdemand.
Eliminateanyspecializedcablesforstackingconnectivityand
removethedistancebarriersthattypicallylimityourtopologyoptions
whenusingotherstackingtechnologies.
AddswitchestoyournetworkwithouthavingtofirstperformIP
addressingtasks.
WhichDevicesSupportStacking?
AsofSeptember,2000,thefollowingHPdevicessupportstacking:
HPProCurveSwitch2512 HPProCurveSwitch2424M*
HPProCurveSwitch2524 HPProCurveSwitch2400M*
HPProCurveSwitch8000M* HPProCurveSwitch1600M*
HPProCurveSwitch4000M*
*RequiressoftwarereleaseC.08.03orlater,whichisincludedwiththe8000M,
4000M,2424M,and1600MmodelsasofJuly,2000.ReleaseC.08.03oralater
versionisalsoavailableontheHPProCurvewebsiteatwww.hp.com/go/
procurve.(ClickonFreeSoftwareUpdates.)
9-6
ComponentsofHPProCurveStackManagement
Table9-1.StackingDefinitions
Stack ConsistsofaCommanderswitchandanyMemberswitchesbelongingtothatCommandersstack.
Commander Aswitchthathasbeenmanuallyconfiguredasthecontrollingdeviceforastack.Whenthisoccurs,the
switchsstackingconfigurationappearsasCommander.
Candidate Aswitchthatisreadytojoin(becomeaMemberof)astackthrougheitherautomaticormanualmethods.
AswitchconfiguredasaCandidateisnotinastack.
Member AswitchthathasjoinedastackandisaccessiblefromthestackCommander.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Before:Stacknamed
"Engineering"consists
ofCommanderand
Switch"C".Switch"B"is
aCandidateeligibleto
jointhestack.
After:Switch"B"joinsthestack,thuschangingfroma
CandidatetoaMemberofthestack.
Stack
Commander:SwitchA
Member:SwitchC Member:SwitchB
StackName:
Engineering
StackName:
Engineering
Commander:SwitchA
Member:SwitchC
Figure9-1.IllustrationofaSwitchMovingfromCandidatetoMember
GeneralStackingOperation
AfteryouconfigureoneswitchtooperateastheCommanderofastack,
additionalswitchescanjointhestackbyeitherautomaticormanualmethods.
AfteraswitchbecomesaMember,youcanworkthroughtheCommander
switchtofurtherconfiguretheMemberswitchasnecessaryforallofthe
additionalsoftwarefeaturesavailableintheswitch.
TheCommanderswitchservesasthein-bandentrypointforaccesstothe
Memberswitches.Forexample,theCommandersIPaddressbecomesthe
pathtoallstackMembersandtheCommandersManagerpasswordcontrols
accesstoallstackMembers.
Candidate:SwitchB
9-7
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
l
CandidateSwitch
i
MemberSwitch1
IPAddress:NoneAssigned
ManagerPassword: eader
IPAddress:NoneAssigned
ManagerPassword:francois
WiringCloset"B"
WiringCloset"A"
UsetheCommandersconsoleorweb
browser nterfacetoaccesstheuser
interfaceonanyMemberswitchin
thesamestack.
NetworkBackbone
CommanderSwitch0
Non-MemberSwitch MemberSwitch2
IPAddress:14.28.227.100
IPAddress:14.28.227.105 IPAddress:NoneAssigned
ManagerPassword:leader
ManagerPassword:donald ManagerPassword:leader
Figure9-2.ExampleofStackingwithOneCommanderControllingAccessto
WiringClosetSwitches
InterfaceOptions. Youcanconfigurestackingthroughtheswitchsmenu
interface,CLI,orthewebbrowserinterface.Forinformationonhowtouse
thewebbrowserinterfacetoconfigurestacking,seetheonlineHelpforthe
webbrowserinterface.
WebBrowserInterfaceWindowforCommanderSwitches. Theweb
browserinterfacewindowforaCommanderswitchdiffersinappearance
fromthesamewindowfornon-commanderswitches.Seefigure1-3onpage
1-5.
OperatingRulesforStacking
GeneralRules
Stackingisanoptionalfeature(enabledinthedefaultconfiguration)
andcaneasilybedisabled.Stackinghasnoeffectonthenormal
operationoftheswitchinyournetwork.
AstackrequiresoneCommanderswitch.(OnlyoneCommander
allowedperstack.)
AllswitchesinaparticularstackmustbeinthesameIPsubnet
(broadcastdomain).Astackcannotcrossarouter.
Astackacceptsupto16switches(numbered0-15),includingthe
Commander(alwaysnumbered0).
9-8
ThereisnolimitonthenumberofstacksinthesameIPsubnet
(broadcastdomain),howeveraswitchcanbelongtoonlyonestack.
IfmultipleVLANsareconfigured,stackingusesonlytheprimary
VLANonanyswitch.Inthefactory-defaultconfiguration,the
DEFAULT_VLANistheprimaryVLAN.(SeeStackingOperationwith
MultipleVLANsConfiguredonpage9-47andWhichVLANIs
Primary?onpage9-53.)
Stackingallowsintermediatedevicesthatdonotsupportstacking.
Thisenablesyoutoincludeswitchesthataredistantfromthe
Commander.
SwitchwithStacking CandidateSwitch CommanderSwitch
DisabledorNotAvailable
MemberSwitch
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Figure9-3. ExampleofaNon-StackingDeviceUsedinaStackingEnvironment
SpecificRules
Table9-2outlinesthespecificrulesforswitchesoperatinginastack.
Table9-2.SpecificRulesforCommander,Candidate,andMemberSwitches
StackName
SNMPCommunities IPAddressingand NumberAllowed
PerStack
Passwords
Commander IPAddr:Requiresan Onlyone TheCommandersManager StandardSNMPcommunity
assignedIPaddress Commander andOperatorpasswordsare operation.TheCommander
andmaskforaccess switchisallowed assignedtoanyswitch alsooperatesasanSNMP
viathenetwork. perstack. becomingaMemberofthe proxytoMembersforall
StackName:Required
stack. SNMPcommunitiesconfig-
Ifyouchangethe
uredintheCommander.
Commanderspasswords,the
Commanderpropagatesthe
newpasswordstoallstack
Members.
9-9
StackName
SNMPCommunities IPAddressingand NumberAllowed
PerStack
Passwords
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Candidate IPAddr:Optional. n/a Passwordsoptional.Ifthe UsesstandardSNMP

ConfiguringanIP Candidatebecomesastack communityoperationifthe
addressallowsaccess Member,itassumesthe CandidatehasitsownIP
viaTelnetorweb CommandersManagerand addressing.
browserinterface Operatorpasswords.
whiletheswitchisnot
astackmember.Inthe
factorydefaultconfigu-
rationtheswitchauto-
maticallyacquiresan
IPaddressifyour
networkincludesDHCP
service.
Ifacandidatehasapassword,
itcannotbeautomatically
addedtoastack.Inthiscase,
ifyouwanttheCandidateina
stack,youmustmanuallyadd
ittothestack.
StackName:N/A
Member IPAddr:Optional.
ConfiguringanIP
addressallowsaccess
viaTelnetorweb
browserinterface
withoutgoingthrough
theCommanderswitch.
Thisisuseful,for
example,ifthestack
Commanderfailsand
youneedtoconverta
Memberswitchto
operateasareplace-
mentCommander.
StackName:N/A
Upto15Members
perstack.
Whentheswitchjoinsthe
stack,itautomatically
assumestheCommanders
ManagerandOperatorpass-
wordsanddiscardsanypass-
wordsitmayhavehadwhilea
Candidate.
Note:IfaMemberleavesa
stackforanyreason,itretains
thepasswordsassignedtothe
stackCommanderatthetime
ofdeparturefromthestack.
BelongstothesameSNMP
communitiesasthe
Commander(whichserves
asanSNMPproxytothe
Memberforcommunitiesto
whichtheCommander
belongs).Tojoinother
communitiesthatexclude
theCommander,the
Membermusthaveitsown
IPaddress.Lossofstack
membershipmeanslossof
membershipinanycommu-
nitythatisconfiguredonly
intheCommander.See
"SNMPCommunityOpera-
tioninaStack"onpage9-46.
Not e Inthedefaultstackconfiguration,theCandidateAutoJoinparameteris
enabled,buttheCommanderAutoGrabparameterisdisabled.Thisprevents
Candidatesfromautomaticallyjoiningastackprematurelyorjoiningthe
wrongstack(ifmorethanonestackCommanderisconfiguredinasubnetor
broadcastdomain).Ifyouplantoinstallmorethanonestackinasubnet,HP
recommendsthatyouleaveAutoGrabdisabledonallCommanderswitchesand
manuallyaddMemberstotheirstacks.Similarly,ifyouplantoinstallastack
inasubnet(broadcastdomain)wherestacking-capableswitchesarenot
intendedforstackmembership,youshouldsettheStackStateparameter(in
theStackConfigurationscreen)toDisabledonthoseparticularswitches.
9-10
OverviewofConfiguringandBringingUpaStack
Thisprocessassumesthat:
Allswitchesyouwanttoincludeinastackareconnectedtothesame
subnet(broadcastdomain).
IfVLANsareenabledontheswitchesyouwanttoincludeinthestack,
thentheportslinkingthestackedswitchesmustbeontheprimary
VLANineachswitch(which,inthedefaultconfiguration,isthe
defaultVLAN).IftheprimaryVLANistagged,theneachswitchinthe
stackmustusethesameVLANID(VID)fortheprimaryVLAN.(See
WhichVLANIsPrimary?onpage9-53,andStackingOperationwith
MultipleVLANsConfiguredonpage9-47.)
IfyouareincludinganHPProCurveSwitch8000M,4000M,2424M,
2400M,or1600Minastack,youmustfirstupdateallsuchdevicesto
softwareversionC.08.xx.(Youcangetacopyofthesoftwarefrom
HPsProCurvewebsiteand/orcopyitfromoneswitchtoanother.For
downloadinginstructions,seeappendixA,"FileTransfers",inthe
ManagementandConfigurationGuideyoureceivedwiththese
switchmodels.)
OptionsforConfiguringaCommanderandCandidates.Dependingon
howCommanderandCandidateswitchesareconfigured,Candidatescanjoin
astackeitherautomaticallyorbyaCommandermanuallyadding(pulling)
themintothestack.Inthedefaultconfiguration,aCandidatejoinsonlywhen
manuallypulledbyaCommander.YoucanreconfigureaCommanderto
automaticallypullinCandidatesthatareinthedefaultstackingconfigura-
tion.YoucanalsoreconfigureaCandidateswitchtoeitherpushitselfinto
aparticularCommandersstack,converttheCandidatetoaCommander(for
astackthatdoesnotalreadyhaveaCommander),ortooperateasastanda-
loneswitchwithoutstacking. Thefollowingtableshowsyourcontroloptions
foraddingMemberstoastack.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-11
Table9-3.StackingConfigurationGuide
JoinMethod
1
(default) No(default)
*
No(default) (default)
*
No
*
(default)orNo
N/A Disabled
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Commander
(IPAddressingRequired)
Candidate
(IPAddressingOptional)
AutoGrab AutoJoin Passwords
AutomaticallyaddCandidatetoStack
(Causesthefirst15eligible,discovered
switchesinthesubnettoautomatically
joinastack.)
Yes Yes
ManuallyaddCandidatetoStack
(Preventautomaticjoiningofswitches
youdontwantinthestack)
Yes Optional
Yes Optional
Yes Yes Configured
PreventaswitchfrombeingaCandidate Optional
*
TheCommandersManagerandOperatorpasswordspropagatetothecandidatewhenitjoinsthestack.
Theeasiestwaytoautomaticallycreateastackisto:
1. ConfigureaswitchasaCommander.
2. ConfigureIPaddressingandastacknameontheCommander.
3. SettheCommandersAutoGrabparametertoYes.
4. ConnectCandidateswitches(intheirfactorydefaultconfiguration)to
thenetwork.
Thisapproachautomaticallycreatesastackofupto16switches(including
theCommander).Howeverthisreplacesmanualcontrolwithanautomatic
processthatmaybringswitchesintothestackthatyoudidnotintendto
include.WiththeCommandersAutoGrabparametersettoYes,anyswitch
conformingtoallfourofthefollowingfactorsautomaticallybecomesastack
Member:
Defaultstackingconfiguration(StackStatesettoCandidate,andAutoJoin
settoYes)
Samesubnet(broadcastdomain)anddefaultVLANasthe
Commander(IfVLANsareusedinthestackenvironment,see
"StackingOperationwithaTaggedVLAN"onpage9-47.)
NoManagerpassword
14orfewerstackmembersatthemoment
9-12
GeneralStepsforCreatingaStack
Thissectiondescribesthegeneralstackcreationprocess.Forthedetailed
configurationprocesses,seepages9-15through9-39forthemenuinterface
andpages9-32through9-44fortheCLI.
1. Determinethenamingconventionsforthestack.Youwillneedastack
name.Also,tohelpdistinguishoneswitchfromanotherinthestack,you
canconfigureauniquesystemnameforeachswitch.Otherwise,the
systemnameforaswitchappearingintheStackingStatusscreenappears
asthestacknameplusanautomaticallyassignedswitchnumber.For
example:
ique
i
tabl
Stackwithun
systemnameforeach
switch.
Stacknamed"Online"
withnopreviously
configuredsystem
namesassignedto
ndividualswitches.
Forstatus
descriptions,seethe
eonpage9-49.
Figure9-4.UseofSystemNametoHelpIdentifyIndividualSwitches
2. ConfiguretheCommanderswitch.Doingthisfirsthelpstoestablish
consistencyinyourstackconfiguration,whichcanhelppreventstartup
problems.
AstackrequiresoneCommanderswitch.Ifyouplantoimplement
morethanonestackinasubnet(broadcastdomain),theeasiest
waytoavoidunintentionallyaddingaCandidatetothewrong
stackistomanuallycontrolthejoiningprocessbyleavingthe
CommandersAutoGrabparametersettoNo(thedefault).
TheCommanderassignsitsManagerandOperatorpasswordsto
anyCandidateswitchthatjoinsthestack.
SNMPcommunitynamesusedintheCommanderapplytostack
members.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-13
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
3. ForautomaticallyormanuallypullingCandidateswitchesintoastack,
youcanleavesuchswitchesintheirdefaultstackingconfiguration.Ifyou
needtoaccessCandidateswitchesthroughyournetworkbeforethey
jointhestack,assignIPaddressestothesedevices.Otherwise,IP
addressingisoptionalforCandidatesandMembers.(Notethatoncea
Candidatebecomesamember,youcanaccessitthroughtheCommander
toassignIPaddressingormakeotherconfigurationchanges.)
4. MakearecordofanyManagerpasswordsassignedtotheswitches
(intendedforyourstack)thatarenotcurrentlymembers.(Youwillhave
tousethesepasswordstoenabletheprotectedswitchestojointhe
stack.)
5. IfyouareusingVLANsinthestackingenvironment,youmustusethe
defaultVLANforstackinglinks.Formoreinformation,see"Stacking
OperationwithaTaggedVLAN"onpage9-47.
6. Ensurethatallswitchesintendedforthestackareconnectedtothesame
subnet(broadcastdomain).AssoonasyouconnecttheCommander,it
willbegindiscoveringtheavailableCandidatesinthesubnet.
IfyouconfiguredtheCommandertoautomaticallyaddMembers
(AutoGrabsettoYes),thenthefirst15discoveredCandidates
meetingbothofthefollowingcriteriawillautomaticallybecome
stackMembers:
AutoJoinparameter set to Yes (the default)
Manager password not configured
IfyouconfiguredtheCommandertomanuallyaddMembers(Auto
GrabsettoNothedefault),youcanbegintheprocessofselecting
andaddingthedesiredCandidates.
7. Ensurethatallswitchesintendedforthestackhavejoined.
8. Ifyouneedtoperformspecificconfigurationormonitoringtasksona
Member,usetheconsoleinterfaceontheCommandertoselectand
accesstheMember.
9-14
UsingtheMenuInterfaceToViewStackStatusAnd
ConfigureStacking
UsingtheMenuInterfaceToViewandConfigurea
CommanderSwitch
1. ConfigureanIPaddressandsubnetmaskontheCommanderswitch.
(SeeIPConfigurationonpage5-3.)
2. DisplaytheStackingMenubyselectingStackingintheMainMenu.
Figure9-5.TheDefaultStackingMenu
3. DisplaytheStackConfigurationmenubypressingtoselectStack
Configuration.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-15
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Figure9-6.TheDefaultStackConfigurationScreen
4. MovethecursortotheStackStatefieldbypressing(forEdit).Then
usetheSpacebartoselecttheCommanderoption.
5. PressthedownarrowkeytodisplaytheCommanderconfigurationfields
intheStackConfigurationscreen.
Figure9-7.TheDefaultCommanderConfigurationintheStackConfiguration
Screen
6. Enterauniquestackname(upto15characters;nospaces)andpressthe
downarrowkey.
7. EnsurethattheCommanderhasthedesiredAutoGrabsetting,thenpress
thedownarrowkey:
9-16
No(thedefault)preventsautomaticjoiningofCandidatesthat
havetheirAutoJoinsettoYes.
YesenablestheCommandertoautomaticallytakeaCandidate
intothestackasaMemberiftheCandidatehasAutoJoinsettoYes
(thedefaultCandidatesetting)anddoesnothaveapreviously
configuredpassword.
8. Acceptorchangethetransmissioninterval(default:60seconds),then
press toreturnthecursortotheActionsline.
9. Press(forSave)tosaveyourconfigurationchangesandreturntothe
Stackingmenu.
YourCommanderswitchshouldnowbereadytoautomaticallyormanually
acquireMemberswitchesfromthelistofdiscoveredCandidates,depending
onyourconfigurationchoices.
UsingtheMenuToManageaCandidateSwitch
Usingthemenuinterface,youcanperformtheseactionsonaCandidate
switch:
Add(push)theCandidateintoanexistingstack
ModifytheCandidatesstackingconfiguration(AutoJoinandTransmission
Interval)
ConverttheCandidatetoaCommander
DisablestackingontheCandidatesothatitoperatesasastandalone
switch
Initsdefaultstackingconfiguration,aCandidateswitchcaneitherautomati-
callyjoinastackorbemanuallyadded("pulled")intoastackbyaCommander,
dependingontheCommandersAutoGrabsetting. Thefollowingtableliststhe
Candidatesconfigurationoptions:
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-17
Table9-4.CandidateConfigurationOptionsintheMenuInterface
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Parameter DefaultSetting OtherSettings

StackState Candidate Commander,Member,orDisabled
AutoJoin Yes No
TransmissionInterval 60Seconds Range:1to300seconds
UsingtheMenuToPushaSwitchIntoaStack,ModifytheSwitchs
Configuration,orDisableStackingontheSwitch. UseTelnetorthe
webbrowserinterfacetoaccesstheCandidateifithasanIPaddress.Other-
wise,useadirectconnectionfromaterminaldevicetotheswitchsconsole
port.(Forinformationonhowtousethewebbrowserinterface,seetheonline
Helpprovidedforthebrowser.)
1. DisplaytheStackingMenubyselectingStackingintheconsoleMainMenu.
2. DisplaytheStackConfigurationmenubypressingtoselectStack
Configuration.
Figure9-8.TheDefaultStackConfigurationScreen
3. MovethecursortotheStackStatefieldbypressing(forEdit).
9-18
TodisablestackingontheCandidate,usetheSpacebartoselect
theDisabledoption,thengotostep5.
Note:UsingthemenuinterfacetodisablestackingonaCandidate
removestheCandidatefromallstackingmenus.
ToinserttheCandidateintoaspecificCommandersstack:
i. UsethespacebartoselectMember.
ii. Press oncetodisplaytheCommanderMACAddressparameter,
thenentertheMACaddressofthedesiredCommander.
TochangeAutoJoinorTransmissionInterval,use toselectthe
desiredparameter,and:
To change AutoJoin, use the Space bar.
To change TransmissionInterval, type in the new value in the range
of 1 to 300 seconds.
Note:Allswitchesinthestackmustbesettothesametransmis-
sionintervaltohelpensureproperstackingoperation.HPrecom-
mendsthatyouleavethisparametersettothedefault60seconds.
Thengotostep5.
5. presstoreturnthecursortotheActionsline.
6. Press(forSave)tosaveyourconfigurationchangesandreturntothe
Stackingmenu.
UsingtheCommanderToManageTheStack
TheCommandernormallyoperatesasyourstackmanagerandpointofentry
intootherswitchesinthestack.Thistypicallyincludes:
Addingnewstackmembers
Movingmembersbetweenstacks
Removingmembersfromastack
Accessingstackmembersforindividualconfigurationchangesandtraffic
monitoring
TheCommanderalsoimposesitspasswordsonallstackmembersandpro-
videsSNMPcommunitymembershiptothestack.(SeeSNMPCommunity
OperationinaStackonpage9-46.)
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-19
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
UsingtheCommandersMenuToManuallyAddaCandidatetoa
Stack. Inthedefaultconfiguration,youmustmanuallyaddstackMembers
fromtheCandidatepool.ReasonsforaswitchremainingaCandidateinstead
ofbecomingaMemberincludeanyofthefollowing:
AutoGrabintheCommanderissettoNo(thedefault).
AutoJoinintheCandidateissettoNo.
Note:WhenaswitchleavesastackandreturnstoCandidatestatus,its
AutoJoinparameterresetstoNosothatitwillnotimmediatelyrejoina
stackfromwhichithasjustdeparted.
AManagerpasswordissetintheCandidate.
Thestackisfull.
Unlessthestackisalreadyfull,youcanusetheStackManagementscreento
manuallyconvertaCandidatetoaMember.IftheCandidatehasaManager
password,youwillneedtouseittomaketheCandidateaMemberofthestack.
1. ToaddaMember,startattheMainMenuandselect:
9.Stacking...
4.StackManagement
YouwillthenseetheStackManagementscreen:
Forstatusdescriptions,
seethetableonpage
9-49.
Figure9-9.ExampleoftheStackManagementScreen
2. Press(forAdd)toaddaCandidate.Youwillthenseethisscreenlisting
theavailableCandidates:
9-20
TheCommanderautomaticallyselectsan
availableswitchnumber(SN).Youhavethe
optionofassigninganyotheravailablenumber.
CandidateList
Figure9-10. ExampleofCandidateListinStackManagementScreen
3. Eitheracceptthedisplayedswitchnumberorenteranotheravailable
number.(Therangeis0-15,with0reservedfortheCommander.)
4. UsethedownarrowkeytomovethecursortotheMACAddressfield,
thentypetheMACaddressofthedesiredCandidatefromtheCandidate
listinthelowerpartofthescreen.
IfthedesiredCandidatehasaManagerpassword,pressthedown
arrowkeytomovethecursortotheCandidatePasswordfield,
thentypethepassword.
IfthedesiredCandidatedoesnothaveapassword,gotostep6.
6. Press toreturntotheActionsline,thenpress(forSave)to
completetheAddprocessfortheselectedCandidate.Youwillthensee
ascreensimilartotheoneinfigure9-11,below,withthenewlyadded
Memberlisted.
Note:IfthemessageUnabletoaddstackmember:InvalidPasswordappearsin
theconsolemenusHelpline,thenyoueitheromittedtheCandidates
ManagerpasswordorincorrectlyenteredtheManagerpassword.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-21
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
NewMemberaddedinstep6.
seethetableonpage
9-49.
Figure9-11.ExampleofStackManagementScreenAfterNewMemberAdded
UsingtheCommandersMenuToMoveaMemberFromOneStackto
Another. Wheretwoormorestacksexistinthesamesubnet(broadcast
domain),youcaneasilymoveaMemberofonestacktoanotherstackifthe
destinationstackisnotfull.(IfyouareusingVLANsinyourstackenviron-
ment,see"StackingOperationwithaTaggedVLAN"onpage9-47.)This
procedureisnearlyidenticaltomanuallyaddingaCandidatetoastack(page
9-20).(IfthestackfromwhichyouwanttomovetheMemberhasaManager
password,youwillneedtoknowthepasswordtomakethemove.)
1. TomoveaMemberfromonestacktoanother,gototheMainMenuof
theCommanderinthedestinationstackanddisplaytheStackingMenu
byselecting
9.Stacking...
2. TolearnorverifytheMACaddressoftheMemberyouwanttomove,
displayalistingofallCommanders,Members,andCandidatesinthe
subnetbyselecting:
2.StackingStatus(All)
9-22
YouwillthenseetheStackingStatus(All)screen:
seethetableonpage49.
local
ThiscolumnliststheMAC
Addressesforswitches
discovered(inthe
subnet)thatareconfigured
forStacking.
UsingtheMACaddressesforthese
Members,youcanmovethembetween
stacksinthesamesubnet.
Figure9-12.ExampleofHowtheStackingStatus(All)ScreenHelpsYouFind
MemberMACAddresses
3. IntheStackingStatus(All)screen,findtheMemberswitchthatyouwant
tomoveandnoteitsMACaddress,thenpress(forBack)toreturnto
theStackingMenu.
4. DisplaytheCommandersStackManagementscreenbyselecting
4.StackManagement
(Foranexampleofthisscreen,seefigure9-9onpage9-20.)
5. Press(forAdd)toaddtheMember.Youwillthenseeascreenlisting
anyavailablecandidates.(Seefigure9-10onpage9-21.)Notethatyou
willnotseetheswitchyouwanttoaddbecauseitisaMemberofanother
stackandnotaCandidate.)
6. Eitheracceptthedisplayedswitchnumberorenteranotheravailable
number.(Therangeis0-15,with0reservedfortheCommander.)
7. UsethedownarrowkeytomovethecursortotheMACAddressfield,
thentypetheMACaddressofthedesiredMemberyouwanttomovefrom
anotherstack.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-23
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
IfthestackcontainingtheMemberyouaremovinghasaManager
password,pressthedownarrowkeytoselecttheCandidate
Passwordfield,thentypethepassword.
IfthestackcontainingtheMemberyouwanttomovedoesnot
haveapassword,gotostep9.
9. Press toreturntotheActionsline,thenpress(forSave)to
completetheAddprocessfortheselectedMember.Youwillthenseea
screensimilartotheoneinfigure9-9onpage9-20,withthenewlyadded
Memberlisted.
Not e: IfthemessageUnabletoaddstackmember:InvalidPasswordappearsintheconsole
menusHelpline,thenyoueitheromittedtheManagerpasswordforthestack
containingtheMemberorincorrectlyenteredtheManagerpassword.
YoucanpushaMemberfromonestacktoanotherbygoingtotheMembers
interfaceandenteringtheMACaddressofthedestinationstackCommander
intheMembersCommanderMACAddressfield.Usingthismethodmovesthe
MembertoanotherstackwithoutaneedforknowingtheManagerpassword
inthatstack,butalsoblocksaccesstotheMemberfromtheoriginal
Commander.
UsingtheCommandersMenuToRemoveaStackMember. These
rulesaffectremovalsfromastack:
WhenaCandidatebecomesaMember,itsAutoJoinparameteris
automaticallysettoNo.Thispreventstheswitchfromautomatically
rejoiningastackassoonasyouremoveitfromthestack.
WhenyouusetheCommandertoremoveaswitchfromastack,the
switchrejoinstheCandidatepoolforyourIPsubnet(broadcast
domain),withAutoJoinsettoNo.
WhenyouremoveaMemberfromastack,itfreesthepreviously
assignedswitchnumber(SN),whichthenbecomesavailablefor
assignmenttoanotherswitchthatyoumaysubsequentlyaddtothe
stack.Thedefaultswitchnumberusedforanaddisthelowest
unassignednumberintheMemberrange(1-15;0isreservedforthe
Commander).
ToremoveaMemberfromastack,usetheStackManagementscreen.
1. FromtheMainMenu,select:
9.Stacking...
9-24
4.StackManagement
YouwillthenseetheStackManagementscreen:
l
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
StackMemberList
seethetab eonpage
9-49.
Figure9-13.ExampleofStackManagementScreenwithStackMembersListed
2. UsethedownarrowkeytoselecttheMemberyouwanttoremovefrom
thestack.
Figure9-14.ExampleofSelectingaMemberforRemovalfromtheStack
3. Type(forDelete)toremovetheselectedMemberfromthestack.You
willthenseethefollowingprompt:
Figure9-15.ThePromptforCompletingtheDeletionofaMemberfromtheStack
4. TocontinuedeletingtheselectedMember,presstheSpacebaronceto
selectYesfortheprompt,thenpresstocompletethedeletion.The
StackManagementscreenupdatestoshowthenewstackMemberlist.
9-25
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
ConfigurationChangesandMonitoringTraffic
AfteraCandidatebecomesastackMember,youcanusethatstacks
CommandertoaccesstheMembersconsoleinterfaceforthesameconfigu-
rationandmonitoringthatyouwoulddothroughaTelnetordirect-connect
access.
9.Stacking...
5.StackAccess
YouwillthenseetheStackAccessscreen:
seethetableonpage
page9-49.
Figure9-16.ExampleoftheStackAccessScreen
UsethedownarrowkeytoselectthestackMemberyouwanttoaccess,then
press(foreXecute)todisplaytheconsoleinterfacefortheselectedMember.
Forexample,ifyouselectedswitchnumber1(systemname:CoralSea)infigure
9-16andthenpressed,youwouldseetheMainMenufortheswitchnamed
CoralSea.
9-26
MainMenuforstack
Membernamed"CoralSea"
(SN=1fromfigure9-16)
Figure9-17.TheeXecuteCommandDisplaystheConsoleMainMenuforthe
SelectedStackMember
2. Youcannowmakeconfigurationchangesand/orviewstatusdataforthe
selectedMemberinthesamewaythatyouwouldifyouweredirectly
connectedortelnettedintotheswitch.
3. WhenyouarefinishedaccessingtheselectedMember,dothefollowing
toreturntotheCommandersStackAccessscreen:
a. ReturntotheMembersMainMenu.
b. Press(forLogout),then(forYes).
c. Press .
YoushouldnowseetheCommandersStackAccessscreen.(Foran
example,seefigure9-16onpage9-26.)
ConvertingaCommanderorMembertoaMemberofAnother
Stack
Whenmovingacommander,thefollowingprocedurereturnsthestackmem-
berstoCandidatestatus(withAuto-JoinsettoNo)andconvertsthestack
CommandertoaMemberofanotherstack.Whenmovingamember,the
proceduresimplypullsaMemberoutofonestackandpushesitintoanother.
1. FromtheMainMenuoftheswitchyouwanttomove,select
9.Stacking
2. TodeterminetheMACaddressofthedestinationCommander,select
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-27
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
3. Press(forBack)toreturntotheStackingMenu.
4. TodisplayStackConfigurationmenufortheswitchyouaremoving,select
3.StackConfiguration
5. Press(forEdit)toselecttheStackStateparameter.
6. UsetheSpacebartoselectMember,thenpress[v]tomovetotheCom-
manderMACAddressfield.
7. EntertheMACaddressofthedestinationCommanderandpress.
8. Press(forSave).
MonitoringStackStatus
Usingthestackingoptionsinthemenuinterfaceforanyswitchinastack,you
canviewstackingdataforthatswitchorforallstacksinthesubnet(broadcast
domain).(IfyouareusingVLANsinyourstackenvironment,see"Stacking
OperationwithaTaggedVLAN"onpage9-47.)Thiscanhelpyouinsuchways
asdeterminingthestackingconfigurationforindividualswitches,identifying
stackMembersandCandidates,anddeterminingthestatusofindividual
switchesinastack.Seetable9-5onpage9-28.
Table9-5.StackStatusEnvironments
ScreenName Commander Member Candidate
StackStatus(ThisSwitch) Commandersstacking Membersstackingconfiguration Candidatesstacking
configuration
MemberStatus
configuration
DataonstackMembers:
DataidentifyingMembers
SwitchNumber Commander:
MACAddress CommanderStatus
SystemName CommanderIPAddress
DeviceType CommanderMACAddress
Status
StackStatus(All) Listsdevicesbystackname SameasforCommander. Sameasfor
orCandidatestatus(ifdevice Commander.
isnotastackMember).
Includes:
StackName
MACAddress
SystemName
Status
9-28
UsingAnyStackedSwitchToViewtheStatusforAllSwitcheswith
StackingEnabled.Thisproceduredisplaysthegeneralstatusofallswitches
intheIPsubnet(broadcastdomain)thathavestackingenabled.
1. GototheconsoleMainMenuforanyswitchconfiguredforstackingand
select:
9.Stacking...
YouwillthenseeaStackingStatusscreensimilartothefollowing:
seethetableonpage
9-49.
Figure9-18.ExampleofStackingStatusforAllDetectedSwitchesConfiguredfor
Stacking
ViewingCommanderStatus.ThisproceduredisplaystheCommanderand
stackconfiguration,plusinformationidentifyingeachstackmember.
TodisplaythestatusforaCommander,gototheconsoleMainMenuforthe
switchandselect:
9.Stacking...
1.StackingStatus(ThisSwitch)
YouwillthenseetheCommandersStackingStatusscreen:
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-29
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Figure9-19.ExampleoftheCommandersStackingStatusScreen
ViewingMemberStatus.ThisproceduredisplaystheMembersstacking
informationplustheCommandersstatus,IPaddress,andMACaddress.
TodisplaythestatusforaMember:
1. GototheconsoleMainMenuoftheCommanderswitchandselect
9.Stacking...
5.StackAccess
2. UsethedownarrowkeytoselecttheMemberswitchwhosestatusyou
wanttoview,thenpress(foreXecute).YouwillthenseetheMainMenu
fortheselectedMemberswitch.
3. IntheMembersMainMenuscreen,select
9.Stacking...
YouwillthenseetheMembersStackingStatusscreen:
9-30
Figure9-20.ExampleofaMembersStackingStatusScreen
ViewingCandidateStatus.ThisproceduredisplaystheCandidates
stackingconfiguration.
TodisplaythestatusforaCandidate:
1. UseTelnet(iftheCandidatehasavalidIPaddressforyournetwork)or
adirectserialportconnectiontoaccessthemenuinterfaceMainMenu
fortheCandidateswitchandselect
9.Stacking...
YouwillthenseetheCandidatesStackingStatusscreen:
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Figure9-21.ExampleofaCandidatesStackingScreen
9-31
UsingtheCLIToViewStackStatusandConfigure
Stacking
TheCLIenablesyoutodoallofthestackingtasksavailablethroughthemenu
interface.)
Table9-6.CLICommandsforConfiguringStackingonaSwitch
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
CLICommand Operation
showstack
[candidates|view|all]
Commander:ShowsCommandersstackingconfigurationandliststhestack
membersandtheirindividualstatus.
Member:ListsMembersstackingconfigurationandstatus,andthestatusandthe
IPaddressandsubnetmaskofthestackCommander.
Options:
candidates:(Commanderonly)ListsstackCandidates.
view:(Commanderonly)ListscurrentstackMembersandtheirindividual
status.
all:ListsallstackCommanders,MembersandCandidates,withtheirindividual
status.
[no]stack AnyStacking-CapableSwitch:Enablesordisablesstackingontheswitch.
Default:StackingEnabled
[no]stackcommander<stackname> CandidateorCommander:ConvertsaCandidatetoaCommanderorchangesthe
stacknameofanexistingcommander.
NoformeliminatesnamedstackandreturnsCommanderandstackMembers
toCandidatestatuswithAutoJoinsettoNo.
Noformpreventstheswitchfrombeingdiscoveredasastacking-capable
switch.
Default:SwitchConfiguredasaCandidate
[no]stackauto-grab Commander:CausesCommandertoautomaticallyaddtoitsstackanydiscovered
CandidateinthesubnetthatdoesnothaveaManagerpasswordandhasAuto-
JoinsettoYes.
Default:Disabled
Note:IftheCommandersstackalreadyhas15members,theCandidatecannot
joinuntilanexistingmemberleavesthestack.
9-32
CLICommand Operation
[no]stackmember
<switch-num>
[password<password-str>]
Commander:AddsaCandidatetostackmembership.Noformremovesa
Memberfromstackmembership.ToeasilydeterminetheMACaddressofa
Candidate,usetheshowstackcandidatescommand.TodeterminetheMAC
addressofaMemberyouwanttoremove,usetheshowstackviewcommand.The
password(password-str)isrequiredonlywhenaddingaCandidatethathasa
Managerpassword.
telnet<1..15> Commander:UsestheSN(switchnumberassignedbythestackCommander)
toaccesstheconsoleinterface(menuinterfaceorCLI)ofastackmember.Toview
UsedIn:CommanderOnly
thelistofSNassignmentsforastack,executetheshowstackcommandinthe
CommandersCLI.
[no]stackjoin<mac-addr> Candidate:CausestheCandidatetojointhestackwhoseCommanderhasthe
indicatedMACaddress.NoformisusedinaMembertoremoveitfromthestack
oftheCommanderhavingthespecifiedaddress.
Member:PushesthemembertoanotherstackwhoseCommanderhasthe
indicatedMACaddress.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
[no]stackauto-join Candidate:EnablesCandidatetoautomaticallyjointhestackofanyCommander
intheIPsubnetthathasAutoGrabenabled,ordisablesAuto-Joininthecandidate.
Default:AutoJoinenabled.
Note:IftheCandidatehasaManagerpasswordoriftheavailablestack(s)already
havethemaximumof15Members,theautomaticjoinwillnotoccur.
stacktransmission-interval AllStackMembers:specifiestheintervalinsecondsfortransmittingstacking
discoverypackets.
Default:60seconds
9-33
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
UsingtheCLIToViewStackStatus
Youcanlistthestackstatusforanindividualswitchandforotherswitches
thathavebeendiscoveredinthesamesubnet.
Syntax: showstack[candidates|view|all]
ViewingtheStatusofanIndividualSwitch.Thefollowingexample
illustrateshowtousetheCLIinaSwitch2524(or2512)todisplaythestack
statusforthatswitch.Inthiscase,theswitchisinthedefaultstacking
configuration.
Syntax: showstack
Figure9-22. ExampleofUsingtheShowStackCommandToListtheStacking
ConfigurationforanIndividualSwitch
ViewingtheStatusofCandidatestheCommanderHasDetected.
ThisexampleillustrateshowtoliststackcandidatestheCommanderhas
discoveredintheipsubnet(broadcastdomain).
Syntax: showstackcandidates
Figure9-23.ExampleofUsingtheShowStackCandidatesCommandToList
Candidates
9-34
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
ViewingtheStatusofallStack-EnabledSwitchesDiscoveredintheIP
Subnet.Thenextexamplelistsallthestack-configuredswitchesdiscovered
intheIPsubnet.BecausetheSwitch2524onwhichtheshowstackall
commandwasexecutedisacandidate,itisincludedintheOtherscategory.
Syntax: showstackall
Figure9-24.ResultofUsingtheShowStackAllCommandToListDiscovered
SwitchesintheIPSubnet
ViewingtheStatusoftheCommanderandCurrentMembersofthe
CommandersStack. Thenextexamplelistsallswitchesinthestackofthe
selectedswitch.
Syntax: showstackview
Figure9-25.ExampleoftheShowStackViewCommandToListtheStackAssigned
totheSelectedCommander
9-35
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
UsingtheCLIToConfigureaCommanderSwitch
Youcanconfigureanystacking-enabledswitchtobeaCommanderaslongas
theintendedstacknamedoesnotalreadyexistonthebroadcastdomain.
(WhenyouconfigureaCommander,youautomaticallycreateacorresponding
stack.)
Beforeyoubeginconfiguringstackingparameters:
1. ConfigureIPaddressingontheswitchintendedforstackcommanderand,
ifnotalreadyconfigured,ontheprimaryVLAN.(Formoreonconfiguring
IPaddressing,seeIPConfigurationonpage5-3.)
Not e TheprimaryVLANmusthaveanIPaddressinorderforstackingtooperate
properly.FormoreontheprimaryVLAN,seeWhichVLANIsPrimary?on
page9-53.
2. ConfigureaManagerpasswordontheswitchintendedforcommander.
(TheCommandersManagerpasswordcontrolsaccesstostackMem-
bers.)Formoreonpasswords,seechapter7,UsingPasswords,Port
Security,andAuthorizedManagersToProtectAgainstUnauthorized
Access.
ConfiguretheStackCommander. Assigningastacknametoaswitch
makesitaCommanderandautomaticallycreatesastack.
Syntax: stackcommander<name-str>
ThisexamplecreatesaCommanderswitchwithastacknameofBig_Waters.
(Notethatifstackingwaspreviouslydisabledontheswitch,thiscommand
alsoenablesstacking.)
HP2512(config)#stackcommanderBig_Waters
Asthefollowingshowstackdisplayshows,theCommanderswitchisnowready
toaddmemberstothestack.
9-36
TheCommanderappearsinthestackasSwitch
Number(SN)0.
The
thestack.
stackcommandercommand
configurestheCommanderandnames
Figure9-26.ExampleoftheCommandersShowStackScreenwithOnlythe
CommanderDiscovered
UsingaMembersCLItoConverttheMembertotheCommanderofa
NewStack. ThisprocedurerequiresthatyoufirstremovetheMemberfrom
itscurrentstack,thencreatethenewstack.IfyoudonotknowtheMAC
addressfortheCommanderofthecurrentstack,useshowstacktolistit.
Syntax: nostack
stackcommander<stackname>
Suppose,forexample,thataSwitch2512namedBeringSeaisaMemberof
astacknamedBig_Waters.TousetheswitchsCLItoconvertitfromastack
MembertotheCommanderofanewstacknamedLakes,youwouldusethe
followingcommands:
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-37
stack.
Convertstheformer
MembertotheCom-
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
RemovestheMember
fromtheBig_Waters
manderofthenew
Lakesstack.
Theoutputfromthiscommandtellsyouthe
MACaddressofthecurrentstackCommander.
Figure9-27.ExampleofUsingaMembersCLIToConverttheMembertothe
CommanderofaNewStack
AddingtoaStackorMovingSwitchesBetweenStacks
YoucanaddswitchestoastackbyaddingdiscoveredCandidatesorbymoving
switchesfromotherstacksthatmayexistinthesamesubnet.(Youcannot
addaCandidatethattheCommanderhasnotdiscovered.)
Initsdefaultconfiguration,theCommandersAuto-Grabparameterissetto
Notogiveyoumanualcontroloverwhichswitchesjointhestackandwhen
theyjoin.ThispreventstheCommanderfromautomaticallytryingtoadd
everyCandidateitfindsthathasAutoJoinsettoYes(thedefaultforthe
Candidate).
(IfyouwantanyeligibleCandidatetoautomaticallyjointhestackwhenthe
Commanderdiscoversit,configureAutoGrabintheCommandertoYes.When
youdoso,anyCandidatediscoveredwithAutoJoinsettoYes(thedefault)and
noManagerpasswordwilljointhestack,uptothelimitof15Members.)
9-38
UsingtheCommandersCLIToManuallyAddaCandidatetothe
Stack. Tomanuallyaddacandidate,youwilluse:
Aswitchnumber(SN)toassigntothenewmember.MemberSNsrange
from1to15.ToseewhichSNsarealreadyassignedtoMembers,useshow
stackview.YoucanuseanySNnotincludedinthelisting.(SNsare
viewableonlyonaCommanderswitch.)
TheMACaddressofthediscoveredCandidateyouareaddingtothestack.
Toseethisdata,usetheshowstackcandidateslisting.
Forexample:
Note:
ll
l
)
Whenmanuallyaddingaswitch,youmustassignanSN.
However,iftheCommanderautomatica yaddsanewMember,
itassignsanSNfromtheavailab epoolofunusedSNs.
Inthisstack,theonlySNsinuseare0and1,
soyoucanuseanySNnumberfrom2through
15fornewMembers.(TheSNof0isalways
reservedforthestackCommander.
Figure9-28.ExampleofHowToDetermineAvailableSwitchNumbers(SNs)
TodisplayalldiscoveredCandidateswiththeirMACaddresses,executeshow
stackcandidatesfromtheCommandersCLI.Forexample,tolistthediscov-
eredcandidatesfortheaboveCommander:
MACaddresses
ofdiscovered
Candidates.
Figure9-29.ExampleofHowToDetermineMACAddressesofDiscovered
Candidates
Knowingtheavailableswitchnumbers(SNs)andCandidateMACaddresses,
youcanproceedtomanuallyassignaCandidatetobeaMemberofthestack:
Syntax: stackmember<switch-number>mac-address<mac-addr>
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-39
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Forexample,iftheHP8000MintheabovelistingdidnothaveaManager
passwordandyouwantedtomakeitastackMemberwithanSNof2,you
wouldexecutethefollowingcommand:
HP2512(config)# stack member 2 mac-address 0060b0-dfla00
TheshowstackviewcommandthenliststheMemberaddedbytheabove
command:
command.
i
joi
in
SN(SwitchNumber)2isthe
newMemberaddedbythe
stackmember
Thenewmemberd dnothaveaSystemName
configuredpriorto ningthestack,andsoreceivesa
SystemNamecomposedofthestackname(assigned
theCommander)withitsSNnumberasasuffix.
Figure9-30.ExampleShowingtheStackAfterAddingaNewMember
UsingAutoJoinonaCandidate.Inthedefaultconfiguration,aCandi-
datesAutoJoinparameterissettoYes,meaningthatitwillautomatically
joinastackifthestacksCommanderdetectstheCandidateandtheCom-
mandersAutoGrabparameterissettoYes.YoucandisableAutoJoinona
Candidateifyouwanttopreventautomaticjoininginthiscase.Thereisalso
theinstancewhereaCandidatesAutoJoinisdisabled,forexample,whena
CommanderleavesastackanditsmembersautomaticallyreturntoCandidate
status,orifyoumanuallyremoveaMemberfromastack.Inthiscase,you
maywanttoresetAutoJointoYes.
Status: [no]stackauto-join
HP2512(config)# no stack auto-join DisablesAutoJoinona
Candidate.
HP 2512(config)# stack auto-join EnablesAutoJoinona
Candidate.
UsingaCandidateCLIToManuallyPushtheCandidateIntoa
Stack.Usethismethodifanyofthefollowingapply:
9-40
TheCandidatesAutoJoinissettoYes(andyoudonotwanttoenable
AutoGrabontheCommander)ortheCandidatesAutoJoinissettoNo.
EitheryouknowtheMACaddressoftheCommanderforthestackinto
whichyouwanttoinserttheCandidate,ortheCandidatehasavalidIP
addressandisoperatinginyournetwork.
Syntax: stackjoin<mac-addr>
where:<mac-addr>istheMACaddressoftheCommanderin
thedestinationstack.
UseTelnet(iftheCandidatehasanIPaddressvalidforyournetwork)ora
directserialportconnectiontoaccesstheCLIfortheCandidateswitch.For
example,supposethataCandidatenamedNorthSeawithAutoJoinoffand
avalidIPaddressof10.28.227.104isrunningonanetwork.YoucouldTelnet
totheCandidate,useshowstackalltodeterminetheCommandersMAC
address,andthenpushtheCandidateintothedesiredstack.
.
withthe
1. TelnettotheCandidatenamedNorthSea.
2. UseshowstackalltodisplaytheCommanders
MACaddress.
3. SettheCandidateCLItoConfigmode
4. Executestackjoin
CommandersMACaddresstopush
theCandidateintothestack.
MACAddressfor
StackCommander
Figure9-31.ExampleofPushingaCandidateIntoaStack
ToverifythattheCandidatesuccessfullyjoinedthestack,executeshowstack
allagaintoviewthestackingstatus.
UsingtheDestinationCommanderCLIToPullaMemberfrom
AnotherStack. ThismethodusestheCommanderinthedestinationstack
topulltheMemberfromthesourcestack.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-41
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Syntax: stackmember<switch-number>
InthedestinationCommander,useshowstackalltofindtheMACaddressof
theMemberyouwanttopullintothedestinationstack.Forexample,suppose
youcreatedanewCommanderwithastacknameofCold_Watersandyou
wantedtomoveaswitchnamedBeringSeaintothenewstack:
M h i t t t k thi it th C ld W
Figure9-32.ExampleofStackListingwithTwoStacksintheSubnet
Youwouldthenexecutethefollowingcommandtopullthedesiredswitch
intothenewstack:
HP2524(config)# stack member 1 mac-address 0060b0-df1a00
Where1isanunusedswitchnumber(SN).
SinceapasswordisnotsetontheCandidate,apasswordisnotneededinthis
example.
Youcouldthenuseshowstackallagaintoverifythatthemovetookplace.
UsingaMemberCLIToPushtheMemberintoAnotherStack.You
canusetheMembersCLItopushanHP2512or2524stackMemberintoa
destinationstackifyouknowtheMACaddressofthedestinationCommander.
Syntax: stackjoin<mac-addr>
where: <mac-addr>istheMACaddressoftheCommanderforthedesti-
nationstack.
ConvertingaCommandertoaMemberofAnotherStack.Removing
theCommanderfromastackeliminatesthestackandreturnsitsMembersto
theCandidatepoolwithAutoJoindisabled.
9-42
Syntax: nostackname<stackname>
stackjoin<mac-address>
IfyoudontknowtheMACaddressofthedestinationCommander,youcan
useshowstackalltoidentifyit.
Forexample,supposeyouhaveaSwitch2512operatingastheCommander
foratemporarystacknamedTest.Whenitistimetoeliminatethetemporary
TeststackandconverttheSwitch2512intoamemberofanexistingstack
namedBig_Waters,youwouldexecutethefollowingcommandsintheCLI
oftheSwitch2512:
i
i
EliminatestheTeststackandconverts
theCommandertoaCand date.
Helpsyoutoident fytheMACaddressofthe
CommanderfortheBig_Watersstack.
AddstheformerTestCommandertothe
Big_Watersstack.
Figure9-33.ExampleofCommandSequenceforConvertingaCommandertoa
Member
UsingtheCLIToRemoveaMemberfromaStack
YoucanremoveaMemberfromastackusingtheCLIofeithertheCommander
ortheMember.
Not e WhenyouremoveaMemberfromastack,theMembersAutoJoinparameter
issettoNo.
UsingtheCommanderCLIToRemoveaStackMember. Thisoption
requirestheswitchnumber(SN)andtheMACaddressoftheswitchto
remove.(BecausetheCommanderpropagatesitsManagerpasswordtoall
stackmembers,knowingtheManagerpasswordisnecessaryonlyforgaining
accesstotheCommander.)
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-43
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Syntax: [no]stackmember<switch-num>mac-address<mac-addr>
UseshowstackviewtolistthestackMembers.Forexample,supposethatyou
wantedtousetheCommandertoremovetheNorthSeaMemberfromthe
followingstack:
RemovethisMember
fromthestack.
Figure9-34.ExampleofaCommanderandThreeSwitchesinaStack
YouwouldthenexecutethiscommandtoremovetheNorthSeaswitchfrom
thestack:
HP2512(config)# no stack member 3 mac-address 0030c1-7fc700
where:
3istheNorthSeaMembersswitchnumber(SN)
0030c1-7fc700istheNorthSeaMembersMACaddress
UsingtheMembersCLIToRemovetheMemberfromaStack.
Syntax: nostackjoin<mac-addr>
Tousethismethod,youneedtheCommandersMACaddress,whichis
availableusingtheshowstackcommandintheMembersCLI.Forexample:
Stack
l
MACAddressofthe
Commanderforthe
toWhichthe
NorthSeaSwitch
Be ongs
CLIforNorthSea
StackMember
Figure9-35.ExampleofHowToIdentifytheCommandersMACAddressfroma
MemberSwitch
9-44
YouwouldthenexecutethiscommandintheNorthSeaswitchsCLIto
removetheswitchfromthestack:
North Sea(config)# no stack join 0030c1-7fec40
ChangesandTrafficMonitoring
AfteraCandidatebecomesaMember,youcanusethetelnetcommandfrom
theCommandertoaccesstheMembersCLIorconsoleinterfaceforthesame
configurationandmonitoringthatyouwoulddothroughaTelnetordirect-
connectaccessfromaterminal.
Syntax: telnet<switch-number>
where:unsignedintegeristheswitchnumber(SN)assignedbytheCom-
mandertoeachmember(range:1- 15).
TofindtheswitchnumberfortheMemberyouwanttoaccess,executethe
showstackviewcommandintheCommandersCLI.Forexample,supposethat
youwantedtoconfigureaporttrunkontheswitchnamedNorthSeainthe
stacknamedBig_Waters.DodosoyouwouldgototheCLIforthe
Big_WatersCommanderandexecuteshowstackviewtofindtheswitch
numberfortheNorthSeaswitch:
(SN)fortheNorth
i 3.
Theswitchnumber
Seaswitch s
Figure9-36.ExampleofaStackShowingSwitchNumber(SN)Assignments
ToaccesstheNorthSeaconsole,youwouldthenexecutethefollowingtelnet
command:
HP2512(config)# telnet 3
YouwouldthenseetheCLIpromptfortheNorthSeaswitch,allowingyou
toconfigureormonitortheswitchasifyouweredirectlyconnectedtothe
console.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-45
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
SNMPCommunityOperationinaStack
CommunityMembership
Inthedefaultstackingconfiguration,whenaCandidatejoinsastack,it
automaticallybecomesaMemberofanySNMPcommunitytowhichthe
Commanderbelongs,eventhoughanycommunitynamesconfiguredinthe
CommanderarenotpropagatedtotheMembersSNMPCommunitieslisting.
However,ifaMemberhasitsown(optional)IPaddressing,itcanbelongto
SNMPcommunitiestowhichotherswitchesinthestack,includingthe
Commander,donotbelong.Forexample:
TheCommanderandallMembersofthestack
CommanderSwitch
belongtotheblueandredcommunities.Onlyswitch
IPAddr:12.31.29.100
3belongstothegraycommunity.Switches1,2,and
CommunityNames:
3belongtothepubliccommunity
blue
IfMemberSwitch1ceasestobeastackMember,it
red
stillbelongstothepublicSNMPcommunitybecause
ithasIPaddressingofitsown.But,withthelossof
MemberSwitch1 MemberSwitch3 stackMembership,Switch1losesmembershipin
IPAddr:12.31.29.18 theblueandredcommunitiesbecausetheyarenot
CommunityNames:
IPAddr:12.31.29.15
specificallyconfiguredintheswitch.
CommunityNames:
public(thedefault) public(thedefault)
gray
losesmembershipinallSNMPcommunities.
MemberSwitch2
losesmembershipintheblueandredcommunities,
IPAddr:None
butbecauseithasitsownIPaddressingretains
CommunityNames:
membershipinthepublicandgraycommunities.
none
Figure9-37.ExampleofSNMPCommunityOperationwithStacking
SNMPManagementStationAccesstoMembersViatheCommander.
TouseamanagementstationforSNMPGetorSetaccessthroughthe
CommandersIPaddresstoaMember,youmustappend@sw<switchnumber>
tothecommunityname.Forexample,infigure9-37,youwouldusethe
followingcommandinyourmanagementstationtoaccessSwitch1sMIB
usingthebluecommunity:
snmpget<MIBvariable>10.31.29.100blue@sw1
Notethatbecausethegraycommunityisonlyonswitch3,youcouldnotuse
theCommanderIPaddressforgraycommunityaccessfromthemanagement
station.Instead,youwouldaccessswitch3directlyusingtheswitchsownIP
address.Forexample:
snmpget<MIBvariable>10.31.29.15gray
9-46
Notethatintheaboveexample(figure9-37)youcannotusethepublic
communitythroughtheCommandertoaccessanyoftheMemberswitches.
Forexample,youcanusethepubliccommunitytoaccesstheMIBinswitches
1and3byusingtheiruniqueIPaddresses.However,youmustusetheredor
bluecommunitytoaccesstheMIBforswitch2.
snmpget<MIBvariable>10.31.29.100blue@sw2
UsingtheCLIToDisableorRe-EnableStacking
Inthedefaultconfiguration,stackingisenabledontheProCurveSwitch2512
and2524.YoucanusetheCLItodisablestackingontheseswitchesatany
time.Disablingstackinghasthefollowingeffects:
DisablingaCommander: Eliminatesthestack,returnsthestackMem-
berstoCandidateswithAutoJoindisabled,andchangestheCommander
toastand-alone(nonstacking)switch.Youmustre-enablestackingonthe
switchbeforeitcanbecomeaCandidate,Member,orCommander.
DisablingaMember:RemovestheMemberfromthestackandchanges
ittoastand-alone(nonstacking)switch.Youmustre-enablestackingon
theswitchbeforeitcanbecomeaCandidate,Member,orCommander.
DisablingaCandidate:ChangestheCandidatetoastand-alone(non-
stacking)switch.
Syntax: nostack (Disablesstackingontheswitch.)
stack (Enablesstackingontheswitch.)
TransmissionInterval
Allswitchesinthestackmustbesettothesametransmissionintervaltohelp
ensureproperstackingoperation.HPrecommendsthatyouleavethisparam-
etersettothedefault60seconds.
Syntax: stacktransmission-interval<seconds>
StackingOperationwithMultipleVLANsConfigured
StackingusestheprimaryVLANinaswitch.Inthefactory-defaultconfigura-
tion,theDEFAULT_VLANistheprimaryVLAN.However,youcandesignate
anyVLANconfiguredintheswitchastheprimaryVLAN.(SeeWhichVLAN
IsPrimary?onpage9-53.)
Whenusingstackinginamultiple-VLANenvironment,thefollowingcriteria
applies:
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-47
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
StackingusesonlytheprimaryVLANoneachswitchinastack.
TheprimaryVLANcanbetaggedoruntaggedasneededinthe
stackingpathfromswitchtoswitch.
ThesameVLANID(VID)mustbeassignedtotheprimaryVLANin
eachstackedswitch.
Web:ViewingandConfiguringStacking
Figure9-38. ExampleoftheWebBrowserInterfaceforaCommander
ThewebbrowserinterfaceforaCommanderappearsasshownabove.The
interfaceforMembersandCandidatesappearsthesameasforanon-stacking
Series2500switch.
Tovieworconfigurestackingonthewebbrowserinterface:
2. Clickon todisplaythestackingconfigurationforanindividual
switch,andmakeanyconfigurationchangesyouwantforthatswitch.
9-48
3. Clickon to saveanyconfigurationchangesfortheindividual
switch.
4. IftheswitchisaCommander,usethe and
buttonsforviewingandusingstackfeatures.
browserscreen.
StatusMessages
Stackingscreensandlistingsdisplaythesestatusmessages:
Message Condition ActionorRemedy
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
CandidateAuto-join IndicatesaswitchconfiguredwithStackStatesetto
Candidate,AutoJoinsettoYes(thedefault),andno
Managerpassword.
Nonerequired
Candidate Candidatecannotautomaticallyjointhestackbecause
oneorbothofthefollowingconditionsapply:
Manuallyaddthecandidatetothe
stack.
CandidatehasAutoJoinsettoNo.
CandidatehasaManagerpassword.
CommanderDown MemberhaslostconnectivitytoitsCommander. Checkconnectivitybetweenthe
CommanderandtheMember.
CommanderUp TheMemberhasstackingconnectivitywiththe
Commander.
Nonerequired.
Mismatch ThismaybeatemporaryconditionwhileaCandidateis
tryingtojoinastack.IftheCandidatedoesnotjoin,then
stackconfigurationisinconsistent.
Initially,waitforanupdate.Ifcondi-
tionpersists,reconfigurethe
CommanderortheMember.
MemberDown AMemberhasbecomedetachedfromthestack.A
possiblecauseisaninterruptiontothelinkbetweenthe
MemberandtheCommander.
Checktheconnectivitybetween
theCommanderandtheMember.
MemberUp TheCommanderhasstackingconnectivitytotheMember. Nonerequired.
Rejected TheCandidatehasfailedtobeaddedtothestack. Thecandidatemayhaveapass-
word.Inthiscase,manuallyadd
thecandidate.Otherwise,thestack
mayalreadybefull.Astackcan
holdupto15Members(plusthe
Commander).
9-49
Port-BasedVirtualLANs(StaticVLANs)
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
VLANFeatures
viewexistingVLANs n/a page9-57 page9-63 page9-68
thru9-62
configuringstatic defaultVLANwith page9-57 page9-62 page9-68
VLANs VID=1 thru9-62
configuringdynamic disabled SeeGVRPonpage9-77.
VLANs
AVLANisagroupofportsdesignatedbytheswitchasbelongingtothesame
broadcastdomain.(Thatis,allportscarryingtrafficforaparticularsubnet
addresswouldnormallybelongtothesameVLAN.)
Not e Thissectiondescribes staticVLANs,whichareVLANsyoumanuallyconfig-
urewithaname,VLANID(VID),andportassignments.(Forinformationon
dynamicVLANs,seeGVRPonpage9-77.)
UsingaVLAN,youcangroupusersbylogicalfunctioninsteadofphysical
location.Thishelpstocontrolbandwidthusagebyallowingyoutogrouphigh-
bandwidthusersonlow-trafficsegmentsandtoorganizeusersfromdifferent
LANsegmentsaccordingtotheirneedforcommonresources.
Bydefault,theSeries2500switchesare802.1QVLANenabledandallowup
to30port-basedVLANs(default:8).ForinformationonGVRP,seeGVRPon
page9-77.(The802.1Qcompatibilityenablesyoutoassigneachswitchport
tomultipleVLANs,ifneeded,andtheport-basednatureoftheconfiguration
allowsinteroperationwitholderswitchesthatrequireaseparateportforeach
VLAN.)
GeneralUseandOperation. Port-basedVLANsaretypicallyusedto
enablebroadcasttrafficreductionandtoincreasesecurity.Agroupofnet-
workusersassignedtoaVLANformabroadcastdomainthatisseparatefrom
otherVLANsthatmaybeconfiguredonaswitch.Packetsareforwardedonly
betweenportsthataredesignatedforthesameVLAN.Thus,allportscarrying
trafficforaparticularsubnetaddressshouldbeconfiguredtothesameVLAN.
Cross-domainbroadcasttrafficintheswitchiseliminatedandbandwidthis
9-50
savedbynotallowingpacketstofloodoutallports.Anexternalrouteris
requiredtoenableseparateVLANsonaswitchtocommunicatewitheach
other.
Forexample,referringtofigure9-39,ifports1through4belongtoVLAN_1
andports5through8belongtoVLAN_2,trafficfromend-nodestationson
ports2through4isrestrictedtoonlyVLAN_1,whiletrafficfromports5
through7isrestrictedtoonlyVLAN_2.FornodesonVLAN_1tocommunicate
withVLAN_2,theirtrafficmustgothroughanexternalrouterviaports1and8.
SwitchwithTwo
l
Router
Port1
Port8
Externa
VLAN_2
VLAN_1
VLANsConfigured
Port2
Port3
Port4
Port5
Port6
Port7
Figure9-39.ExampleofRoutingBetweenVLANsviaanExternalRouter
Overlapping(Tagged)VLANs. AportontheSeries2500switchescanbe
amemberofmorethanoneVLANifthedevicetowhichtheyareconnected
complieswiththe802.1QVLANstandard.Forexample,aportconnectedtoa
centralserverusinganetworkinterfacecard(NIC)thatcomplieswiththe
802.1QstandardcanbeamemberofmultipleVLANs,allowingmembersof
multipleVLANstousetheserver.AlthoughtheseVLANscannotcommunicate
witheachotherthroughtheserver,theycanallaccesstheserveroverthe
sameconnectionfromtheswitch.WhereVLANsoverlapinthisway,VLAN
tagsareusedtodistinguishbetweentrafficfromdifferentVLANs.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-51
Switch
2524
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Switch2512or2524
Figure9-40.ExampleofOverlappingVLANsUsingtheSameServer
Similarly,using802.1Q-compliantswitches,youcanconnectmultipleVLANs
throughasingleswitch-to-switchlink.
2512
Switch
2512
Switch
Figure9-41.ExampleofConnectingMultipleVLANsThroughtheSameLink
IntroducingTaggedVLANTechnologyintoNetworksRunningLegacy
(Untagged)VLANs.Youcanintroduce802.1Q-compliantdevicesintonet-
worksthathavebuiltuntaggedVLANsbasedonearlierVLANtechnology.The
fundamentalruleisthatlegacy/untaggedVLANsrequireaseparatelinkfor
eachVLAN,while802.1Q,ortaggedVLANscancombineseveralVLANsinone
link.Thismeansthatonthe802.1Q-compliantdevice,separateports(config-
uredasuntagged)mustbeusedtoconnectseparateVLANstonon-802.1Q
devices.
9-52
Non-802.1Q-
compliantswitch
Switch
2512
Switch
2524
Switch
2524
Switch
2512
Switch
2524
UntaggedVLANLinks
TaggedVLANLink
Figure9-42.ExampleofTaggedandUntaggedVLANTechnologyintheSame
Network
FormoreinformationonVLANs,referto:
OverviewofUsingVLANs(page9-53)
Menu:ConfiguringVLANParameters(page9-57)
CLI:ConfiguringVLANParameters(page9-57)
Web:ViewingandConfiguringVLANParameters(page9-68)
VLANTaggingInformation(page9-69)
EffectofVLANsonOtherSwitchFeatures(page9-73)
VLANRestrictions(page9-75)
OverviewofUsingVLANs
VLANSupportandtheDefaultVLAN
Inthefactorydefaultconfiguration,VLANsupportisenabledandallportson
theswitchbelongtothedefaultVLAN(namedDEFAULT_VLAN).Thisplaces
allportsintheswitchintoonephysicalbroadcastdomain.Inthefactory-
defaultstate,thedefaultVLANistheprimaryVLAN.
Youcanpartitiontheswitchintomultiplevirtualbroadcastdomainsbyadding
oneormoreadditionalVLANsandmovingportsfromthedefaultVLANtothe
newVLANs.(Theswitchsupportsupto30VLANs.)Youcanchangethename
ofthedefaultVLAN,butyoucannotchangethedefaultVLANsVID(whichis
always1).AlthoughyoucanremoveallportsfromthedefaultVLAN,this
VLANisalwayspresent.
WhichVLANIs Primary?
Becausecertainfeaturesandmanagementfunctions,suchassingleIP-
addressstacking,runononlyoneVLANintheswitch,andbecauseDHCPand
Bootpcanrunper-VLAN,thereisaneedtoensurethatmultipleinstancesof
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-53
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
DHCPorBootpondifferentVLANsdonotresultinconflictingconfiguration
valuesfortheswitch.TheprimaryVLANistheVLANtheswitchusestorun
andmanagethesefeaturesanddata.Inthefactory-defaultconfiguration,the
switchdesignatesthedefaultVLAN(DEFAULT_VLAN)astheprimaryVLAN.
However,toprovidemorecontrolinyournetwork,youcandesignateanother
VLANasprimary.Tosummarize,designatinganon-defaultVLANasprimary
meansthat:
ThestackingfeaturerunsontheswitchsdesignatedprimaryVLAN
insteadofthedefaultVLAN
TheswitchreadsDHCPresponsesontheprimaryVLANinsteadofonthe
defaultVLAN.
ThedefaultVLANcontinuestooperateasastandardVLAN(except,as
notedabove,youcannotdeleteitorchangeitsVID).
AnyportsnotspecificallyassignedtoanotherVLANwillremainassigned
totheDefaultVLAN,regardlessofwhetheritistheprimaryVLAN.
CandidatesforprimaryVLANincludeanystaticVLANcurrentlyconfigured
ontheswitch.TodisplaythecurrentprimaryVLAN,usetheCLIshowvlan
command.
Not e Ifyoumanuallyconfigureagatewayontheswitch,itwillignoreanygateway
addressreceivedviaDHCPorBootp.
Per-PortStaticVLANConfigurationOptions
Thefollowingfigureandtableshowtheoptionsyouhaveforassigning
individualportstoastaticVLAN.NotethatGVRP,ifconfigured,affectsthese
optionsandVLANbehaviorontheswitch.Thedisplaybelowshowstheper-
portVLANconfigurationoptions.Table9-7brieflydescribestheseoptions.
9-54
ExampleofPer-Port
VLANConfiguration ExampleofPer-Port
withGVRPDisabled VLANConfiguration
(thedefault) withGVRPEnabled
EnablingGVRPcausesNotodisplayasAuto.
Figure9-43.ComparingPer-PortVLANOptionsWithandWithoutGVRP
Table9-7.Per-PortVLANConfigurationOptions
Parameter EffectonPortParticipationinDesignatedVLAN
Tagged AllowstheporttojoinmultipleVLANs.
Untagged AllowsVLANconnectiontoadevicethatisconfiguredforanuntagged
VLANinsteadofataggedVLAN.Theswitchallowsnomorethanone
untaggedVLANassignmentperport.
No No:AppearswhentheswitchisnotGVRP-enabled;preventstheportfrom
-or- joiningthatVLAN.
Auto
Auto:AppearswhenGVRPisenabledontheswitch;allowstheportto
dynamicallyjoinanyadvertisedVLANthathasthesameVID
Forbid PreventstheportfromjoiningtheVLAN,regardlessofwhetherGVRPis
enabledontheswitch.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-55
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
GeneralStepsforUsingVLANs
1. PlanyourVLANstrategyandcreateamapofthelogicaltopologythatwill
resultfromconfiguringVLANs.Includeconsiderationfortheinteraction
betweenVLANsandotherfeaturessuchasSpanningTreeProtocol,load
balancing,andIGMP.(RefertoEffectofVLANsonOtherSwitchFea-
turesonpage9-73.)IfyouplanonusingdynamicVLANs,includetheport
configurationplanningnecessarytosupportthisfeature.(SeeGVRPon
page9-77.)
Bydefault,VLANsupportisenabledandtheswitchisconfiguredforeight
VLANs.
2. ConfigureatleastoneVLANinadditiontothedefaultVLAN.
3. AssignthedesiredswitchportstothenewVLAN(s).
4. IfyouaremanagingVLANswithSNMPinanIPnetwork,eachVLANmust
haveanIPaddress.RefertoIPConfigurationonpage5-3.
NotesonUsingVLANs
IfyouareusingDHCP/Bootptoacquiretheswitchsconfiguration,packet
time-to-live,andTimePinformation,youmustdesignatetheVLANon
whichDHCPisconfiguredforthispurposeastheprimaryVLAN.(Inthe
factory-defaultconfiguration,theDEFAULT_VLANistheprimaryVLAN.)
IGMP,andsomeotherfeaturesoperateonaperVLANbasis.Thismeans
youmustconfiguresuchfeaturesseparatelyforeachVLANinwhichyou
wantthemtooperate.
YoucanrenamethedefaultVLAN,butyoucannotchangeitsVID(1)or
deleteitfromtheswitch.
AnyportsnotspecificallyassignedtoanotherVLANwillremainassigned
totheDEFAULT_VLAN.
TodeleteaVLANfromtheswitch,youmustfirstremovefromthatVLAN
anyportsassignedtoit.
ChangingthenumberofVLANssupportedontheswitchrequiresareboot.
OtherVLANconfigurationchangesaredynamic.
9-56
Menu:ConfiguringVLANParameters
Inthefactorydefaultstate,VLANsupportisenabled.Also,allportsonthe
switchbelongtothedefaultVLAN(DEFAULT_VLAN)andareinthesame
broadcast/multicastdomain. (ThedefaultVLANisalsothedefaultprimary
VLANseeWhichVLANIsPrimary?onpage9-53.)Youcanconfigureupto
29additionalstaticVLANsbyaddingnewVLANnames,andthenassigning
oneormoreportstoeachVLAN.(Theswitchacceptsamaximumof30VLANs,
includingthedefaultVLANandanydynamicVLANstheswitchcreatesifyou
enableGVRPpage9-77.)Notethateachportcanbeassignedtomultiple
VLANsbyusingVLANtagging.(SeeVLANTaggingInformationonpage
9-69.)
ToChangeVLANSupportSettings
Thissectiondescribes:
ChangingthemaximumnumberofVLANstosupport
ChangingtheprimaryVLANselection(SeeChangingthePrimaryVLAN
onpage9-65.)
EnablingordisablingdynamicVLANs(SeeGVRPonpage9-77.)
2.SwitchConfiguration
8.VLANMenu...
1.VLANSupport
Youwillthenseethefollowingscreen:
Figure9-44.TheDefaultVLANSupportScreen
2. Press(forEdit),thendooneormoreofthefollowing:
TochangethemaximumnumberofVLANs,typethenewnumber(1-30
allowed;default8).
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-57
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
ToselectanotherprimaryVLAN,selectthePrimaryVLANfieldandusethe
spacebartoselectfromtheexistingoptions.
ToenableordisabledynamicVLANs,selecttheGVRPEnabledfieldand
usetheSpacebartotogglebetweenoptions.(ForGVRPinformation,see
GVRPonpage9-77.)
Not e Foroptimalswitchmemoryutilization,setthenumberofVLANsatthe
numberyouwilllikelybeusingorafewmore.IfyouneedmoreVLANslater,
youcanincreasethisnumber,butaswitchrebootwillberequiredatthattime.
3. PressandthentosavetheVLANsupportconfigurationandreturn
totheVLANMenuscreen.
IfyouchangedthevalueforMaximumVLANstosupport,youwillseean
asterisknexttotheVLANSupportoption(seebelow).
iski
thenewMaximum
VLANssetting.
Anaster ndicates
youmustrebootthe
switchtoimplement
Figure9-45. VLANMenuScreenIndicatingtheNeedToReboottheSwitch
IfyouchangedtheVLANSupportoption,youmustrebootthe
switchbeforetheMaximumVLANschangecantakeeffect.You
cangoontoconfigureotherVLANparametersfirst,butremem-
bertoreboottheswitchwhenyouarefinished.
IfyoudidnotchangetheVLANSupportoption,arebootisnot
necessary.
4. PresstoreturntotheMainMenu.
9-58
AddingorEditingVLANNames
UsethisproceduretoaddanewVLANortoeditthenameofanexistingVLAN.
8.VLANMenu...
2.VLANNames
IfmultipleVLANsarenotyetconfiguredyouwillseeascreensimilarto
figure9-46:
DefaultVLAN
andVLANID
Figure9-46. TheDefaultVLANNamesScreen
2. Press(forAdd).YouwillthenbepromptedforanewVLANnameand
VLANID:
802.1QVLANID: 1
Name:_
3. TypeinaVID(VLANIDnumber).Thiscanbeanynumberfrom2to4095
thatisnotalreadybeingusedbyanotherVLAN.
RememberthataVLANmusthavethesameVIDineveryswitchinwhich
youconfigurethatsameVLAN.(YoucanuseGVRPtodynamicallyextend
VLANswithcorrectVIDnumberingtootherswitches.SeeGVRPon
page9-77.)
4. Press[v]tomovethecursortotheName lineandtypetheVLANname
(upto12characters,withnospaces)ofanewVLANthatyouwanttoadd,
thenpress.
5. Press(forSave).YouwillthenseetheVLANNamesscreenwiththe
newVLANlisted.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-59
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
l Examp eofaNew
VLANandID
Figure9-47.ExampleofVLANNamesScreenwithaNewVLANAdded
6. Repeatsteps2through5toaddmoreVLANs.
RememberthatyoucanaddVLANsuntilyoureachthenumberspecified
intheMaximumVLANstosupportfieldontheVLANSupportscreen(see
figure 9-44onpage9-57).ThisincludesanyVLANsaddeddynamicallydue
toGVRPoperation.
7. ReturntotheVLANMenutoassignportstothenewVLAN(s)asdescribed
inthenextsection,AddingorChangingaVLANPortAssignment.
AddingorChangingaVLANPortAssignment
UsethisproceduretoaddportstoaVLANortochangetheVLANassign-
ment(s)foranyport.(PortsnotspecificallyassignedtoaVLANareautomat-
icallyinthedefaultVLAN.)
8.VLANMenu...
3.VLANPortAssignment
YouwillthenseeaVLANPortAssignmentscreensimilartothefollowing:
9-60
to
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Default:Inthisexample,
theVLAN-22hasbeen
defined,butnoports
haveyetbeenassigned
toit.(Nomeansthe
portisnotassignedto
thatVLAN.)
UsingGVRP?Ifyouplan
onusingGVRP, any
portsyoudontwant
joinshouldbechanged
toForbid.
Aportcanbeassigned
toseveralVLANs,but
onlyoneofthose
assignmentscanbe
Untagged.
Figure9-48.ExampleofVLANPortAssignmentScreen
2. TochangeaportsVLANassignment(s):
a. Press(forEdit).
b. UsethearrowkeystoselectaVLANassignmentyouwanttochange.
c. PresstheSpacebartomakeyourassignmentselection(No,Tagged,
Untagged,orForbid).
Not e ForGVRPOperation:IfyouenableGVRPontheswitch,No
convertstoAuto,whichallowstheVLANtodynamicallyjoinan
advertisedVLANthathasthesameVID.SeePer-PortOptionsfor
DynamicVLANAdvertisingandJoiningonpage9-82.
UntaggedVLANs:OnlyoneuntaggedVLANisallowedperport.Also,
theremustbeatleastoneVLANassignedtoeachport.Inthefactory
defaultconfiguration,allportsareassignedtothedefaultVLAN
(DEFAULT_VLAN).
Forexample,ifyouwantports4and5tobelongtobothDEFAULT_VLAN
andVLAN-22,andports6and7tobelongonlytoVLAN-22,youwoulduse
thesettingsinfigure9-49.(ThisexampleassumesthedefaultGVRP
settingdisabledandthatyoudonotplantoenableGVRPlater.)
9-61
l
All
l
DefaultVLAN.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Ports4and5are
assignedtoboth
VLANs.
Ports6and7are
assignedon yto
VLAN-22.
otherportsare
assignedon ytothe
Figure9-49.ExampleofVLANAssignmentsforSpecificPorts
ForinformationonVLANtags(UntaggedandTagged),referto
VLANTaggingInformationonpage9-69.
d. IfyouarefinishedassigningportstoVLANs,pressandthen
(forSave)toactivatethechangesyou'vemadeandtoreturntothe
Configurationmenu.(TheconsolethenreturnstotheVLANmenu.)
3. ReturntotheMainmenu.
CLI:ConfiguringVLANParameters
Inthefactorydefaultstate,allportsontheswitchbelongtothedefaultVLAN
(DEFAULT_VLAN)andareinthesamebroadcast/multicastdomain.(The
defaultVLANisalsothedefaultprimaryVLANseeWhichVLANIsPri-
mary?onpage9-53.)Youcanconfigureupto29additionalstaticVLANsby
addingnewVLANnames,andthenassigningoneormoreportstoeachVLAN.
(Theswitchacceptsamaximumof30VLANs,includingthedefaultVLANand
anydynamicVLANstheswitchcreatesifyouenableGVRPpage9-77.)Note
thateachportcanbeassignedtomultipleVLANsbyusingVLANtagging.(See
VLANTaggingInformationonpage9-69.)
9-62
VLANCommandsUsedinthisSection
showvlans below
showvlan<vlan-id> page9-64
max-vlans<1..30> page9-65
primary-vlan<vlan-id> page9-65
[no]vlan<vlan-id> page9-66
name<vlan-name> page9-67
[no]tagged<port-list> page9-67
[no]untagged<port-list> page9-67
[no]forbid page9-67
auto<port-list> page9-67(AvailableifGVRPenabled.)
static-vlan<vlan-id> page9-67(AvailableifGVRPenabled.)
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
DisplayingtheSwitchsVLANConfiguration. Thenextcommandlists
theVLANscurrentlyrunningintheswitch,withVID,VLANname,andVLAN
status.DynamicVLANsappearonlyiftheswitchisrunningwithGVRP
enabledandoneormoreportshasdynamicallyjoinedanadvertisedVLAN.
(Inthedefaultconfiguration,GVRPisdisabled.(SeeGVRPonpage9-77.)
Syntax: showvlan
WhenGVRPisdisabled
(thedefault),Dynamic
VLANsdonotexiston
theswitchanddonot
appearinthislisting.
(SeeGVRPonpage
9-77.)
Figure9-50.ExampleofShowVLANListing(GVRPEnabled)
9-63
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
DisplayingtheConfigurationforaParticularVLAN. Thiscommand
usestheVIDtoidentifyanddisplaythedataforaspecificstaticordynamic
VLAN.
Syntax: showvlan<vlan-id>
Figure9-51.ExampleofShowVLANforaSpecificStaticVLAN
ShowVLANliststhis
datawhenGVRPis
enabledandatleast
oneportontheswitch
hasdynamically
joinedthedesignated
VLAN.
Figure9-52.ExampleofShowVLANforaSpecificDynamicVLAN
9-64
ChangingtheNumberofVLANsAllowedontheSwitch. Bydefault,
theswitchallowsamaximumof8VLANs.Youcanspecifyanyvaluefrom1
to30.(IfGVRPisenabled,thissettingincludesanydynamicVLANsonthe
switch.)Aspartofimplementinganewvalue,youmustexecuteawrite
memorycommand(tosavethenewvaluetothestartup-configfile)andthen
reboottheswitch.
Syntax: max-vlans<1..30>
Forexample,toreconfiguretheswitchtoallow10VLANs:
Notethatyoucan
executethese
threestepsat
anothertime.
Figure9-53.ExampleofCommandSequenceforChangingtheNumberofVLANs
ChangingthePrimaryVLAN. Inthefactory-defaultconfiguration,the
defaultVLAN(DEFAULT_VLAN)istheprimaryVLAN.However,youcan
designateanystaticVLANontheswitchastheprimaryVLAN.(Formoreon
theprimaryVLAN,seeWhichVLANIsPrimary?onpage9-53.)Toviewthe
availableVLANsandtheirrespectiveVIDs,useshowvlan.
Syntax: primary-vlan<vlan-id>
Forexample,tomakeVLAN22theprimaryVLAN:
HP2512(config)# primary-vlan 22
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-65
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
CreatingaNewStaticVLAN
ChangingtheVLANContextLevel.
Withthiscommand,enteringanewVIDcreatesanewstaticVLAN.Entering
theVIDornameofanexistingstaticVLANplacesyouinthecontextlevelfor
thatVLAN.
Syntax: vlan<vlan-id>[name<name-str>]CreatesanewstaticVLANifa
VLANwiththatVIDdoesnot
alreadyexist,andplacesyouin
thatVLANscontextlevel.Ifyou
donotusethenameoption,the
switchusesVLANandthenew
VIDtoautomaticallynamethe
VLAN.
IftheVLANalreadyexists,the
switchplacesyouinthecontext
levelforthatVLAN.
vlan<vlan-name> Placesyouinthecontextlevelfor
thatstaticVLAN.
Forexample,tocreateanewstaticVLANwithaVIDof100:
CreatingthenewVLAN.
Showingtheresult.
TogotoadifferentVLANcontextlevel,suchastothedefaultVLAN:
HP2512(vlan-100)# vlan default_vlan
HP2512(vlan-1) _
9-66
ConvertingaDynamicVLANtoaStaticVLAN.IfGVRPisrunningon
theswitchandaportdynamicallyjoinsaVLAN,youcanusethenext
commandtoconvertthedynamicVLANtoastaticVLAN.(ForGVRPand
dynamicVLANoperation,seeGVRPonpage9-77.)Thisisnecessaryifyou
wanttomaketheVLANpermanent.Notethatafteryouconvertadynamic
VLANtostatic,youmustconfiguretheswitchsper-portparticipationinthe
VLANinthesamewaythatyouwouldforanystaticVLAN.
Syntax: static-vlan<vlan-id>
IfyouneedaVIDreference,useshowvlantolisttheswitchscurrentlyexisting
VLANs.
Forexample,supposeadynamicVLANwithaVIDof125existsontheswitch.
ThefollowingcommandconvertstheVLANtoastaticVLAN.
HP2512(config)# static-vlan 125
ConfiguringStaticVLANNameandPer-PortSettings. Thevlan<vlan-
id>command,usedinconjunctionwiththeoptionslistedbelow,enablesyou
tochangethenameofanexistingstaticVLANandchangetheper-portVLAN
membershipsettingsasshowbelow.
Not e Youcanusetheseoptionsfromtheconfigurationlevelbybeginningthe
commandwithvlan<vlan-id>,orfromthecontextlevelofthespecificVLAN.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Syntax: name<vlan-name> Changesthenameoftheexisting

[no]tagged<port-list>
staticVLAN.(Nospacesallowedinthe
<vlan-name>entry.
Configurestheindicatedport(s)as
TaggedforthespecifiedVLAN.The
noversionsetstheport(s)to
[no]untagged<port-list>
eitherNoor(ifGVRPisenabled)toAuto.
UntaggedforthespecifiedVLAN.The
noversionsetstheport(s)to
[no]forbid<port-list>
eitherNoor(ifGVRPisenabled)toAuto.
forbiddentoparticipateinthe
designatedVLAN.Thenoversionsets
theport(s)toeitherNoor(ifGVRPis
auto<port-list>
enabled)toAuto.
AvailableifGVRPisenabledonthe
switch.Returnstheper-portsettings
forthespecifiedVLANtoAuto
9-67
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
operation.NotethatAutoisthedefault
per-portsettingforastaticVLANif
GVRPisrunningontheswitch.
(ForinformationondynamicVLANandGVRPoperation,seeGVRPonpage
9-77.)
Forexample,supposeyouhaveaVLANnamedVLAN100withaVIDof100,
andallportsaresettoNoforthisVLAN.TochangetheVLANnameto
Blue_Teamandsetports1-5toTagged,youcoulddosowiththesecom-
mands:
HP2512(config)# vlan 100 name Blue_Team
HP2512(config)# vlan 100 tagged 1-5
Tomovetothevlan100contextlevelandexecutethesamecommands:
HP2512(config)# vlan 100
HP2512(vlan-100)# name Blue_Team
HP2512(vlan-100)# tagged 1-5
Similarly,tochangethetaggedportsintheaboveexamplestoNo(orAuto,if
GVRPisenabled),youcoulduseeitherofthefollowingcommands.
Attheconfiglevel,use:
HP2512(config)# no vlan 100 tagged 1-5
- or-
AttheVLAN100contextlevel,use:
HP2512(vlan-100)# no tagged 1-5
Not e YoucannotusethesecommandswithdynamicVLANs.Attemptingtodoso
resultsinthemessageVLANalreadyexists.andnochangeoccurs.
Web:ViewingandConfiguringVLANParameters
Inthewebbrowserinterfaceyoucandothefollowing:
AddVLANs
RenameVLANs
RemoveVLANs
ConfigureGVRPsecurity
SelectanewPrimaryVLAN
9-68
ToconfigurestaticVLANportparameters,youwillneedtousethemenu
interface(availablebyTelnetfromthewebbrowserinterface)ortheCLI.
2. Clickon .
3. Clickon .
Forweb-basedHelponhowtousethewebbrowserinterfacescreen,clickon
the[?]buttonprovidedonthewebbrowserscreen.
VLANTaggingInformation
VLANtaggingenablestrafficfrommorethanoneVLANtousethesameport.
(EvenwhentwoormoreVLANsusethesameporttheyremainasseparate
domainsandcannotreceivetrafficfromeachotherwithoutgoingthroughan
externalrouter.)Asmentionedearlier,atagissimplyauniqueVLAN
identificationnumber(VLANID,orVID)assignedtoaVLANatthetimethat
youconfiguretheVLANnameintheswitch.IntheSeries2500switchesthe
tagcanbeanynumberfrom1to4095thatisnotalreadyassignedtoaVLAN.
WhenyousubsequentlyassignaporttoagivenVLAN,youmustimplement
theVLANtag(VID)iftheportwillcarrytrafficformorethanoneVLAN.
Otherwise,theportVLANassignmentcanremainuntaggedbecausethetag
isnotneeded.Onagivenswitch,thismeansyoushouldusetheUntagged
designationforaportVLANassignmentwheretheportisconnectedtonon
802.1Q-compliantdeviceorisassignedtoonlyoneVLAN.UsetheTagged
designationwhentheportisassignedtomorethanoneVLANortheportis
connectedtoadevicethatdoescomplywiththe802.1Qstandard.
Forexample,ifport7onan802.1Q-compliantswitchisassignedtoonlythe
RedVLAN,theassignmentcanremainuntaggedbecausetheportwill
forwardtrafficonlyfortheRedVLAN.However,ifboththeRedandGreen
VLANsareassignedtoport7,thenatleastoneofthoseVLANassignments
mustbetaggedsothatRedVLANtrafficcanbedistinguishedfromGreen
VLANtraffic.Thefollowingillustrationshowsthisconcept:
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-69
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Blue White
Red
Red
VLAN
Blue
VLAN
White
VLAN
VLAN VLAN
Red
VLAN
"X"
5 6
7
4
1
3
2
"Y"
5
4
1
3
2
Server Server
Green
Server
Server
Green Green
Switch Switch
Red VLAN: Untagged
Green VLAN: Tagged
Ports1-6:Untagged
Port7:RedVLANUntagged
GreenVLANTagged
Ports1-4:Untagged
Port5:RedVLANUntagged
GreenVLANTagged
Figure9-54.ExampleofTaggedandUntaggedVLANPortAssignments
InswitchX:
VLANsassignedtoportsX1-X6canallbeuntaggedbecausethereis
onlyoneVLANassignmentperport.RedVLANtrafficwillgooutonly
theRedports;GreenVLANtrafficwillgooutonlytheGreenports,
andsoon.Devicesconnectedtotheseportsdonothavetobe802.1Q-
compliant.
However,becauseboththeRedVLANandtheGreenVLANare
assignedtoportX7,atleastoneoftheVLANsmustbetaggedforthis
port.
InswitchY:
VLANsassignedtoportsY1-Y4canallbeuntaggedbecausethereis
onlyoneVLANassignmentperport.Devicesconnectedtotheseports
donothavetobe802.1Q-compliant.
BecauseboththeRedVLANandtheGreenVLANareassignedtoport
Y5,atleastoneoftheVLANsmustbetaggedforthisport.
Inbothswitches:Theportsonthelinkbetweenthetwoswitchesmustbe
configuredthesame.Asshowninfigure9-54(above),theRedVLANmust
beuntaggedonportX7andY5andtheGreenVLANmustbetaggedon
portX7andY5,orvice-versa.
9-70
Not e Each802.1Q-compliantVLANmusthaveitsownuniqueVIDnumber,andthat
VLANmustbegiventhesameVIDineverydeviceinwhichitisconfigured.
Thatis,iftheRedVLANhasaVIDof10inswitchX,then10mustalsobeused
fortheRedVIDinswitchY.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
VIDNumbers
Figure9-55.ExampleofVLANIDNumbersAssignedintheVLANNamesScreen
VLANtagginggivesyouseveraloptions:
SincethepurposeofVLANtaggingistoallowmultipleVLANsonthesame
port,anyportthathasonlyoneVLANassignedtoitcanbeconfiguredas
Untagged(thedefault).
AnyportthathastwoormoreVLANsassignedtoitcanhaveoneVLAN
assignmentforthatportasUntagged.AllotherVLANsassignedtothe
sameportmustbeconfiguredasTagged.(Therecanbenomorethan
oneUntaggedVLANonaport.)
Ifallendnodesonaportcomplywiththe802.1Qstandardandare
configuredtousethecorrectVID,then,youcanconfigureallVLAN
assignmentsonaportasTaggedifdoingsomakesiteasiertomanage
yourVLANassignments,orforsecurityreasons.
Forexample,inthefollowingnetwork,switchesXandYandserversS1and
S2are802.1Q-compliant.(ServerS3couldalsobe802.1Q-compliant,butit
makesnodifferenceforthisexample.)
9-71
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
S1 S2
Server Server
Red VLAN: Untagged Red VLAN: Untagged
Green VLAN: Tagged Green VLAN: Tagged
S3
VLAN VLAN
Red
VLAN
Red
VLAN
"X"
X1
X2
X3 X4
"Y"
Y1
Y4
Y2 Y5
Y3
Red VLAN: Untagged
Green VLAN: Tagged Green VLAN only
Server
Green Green
Switch Switch
Figure9-56. ExampleofNetworked802.1Q-CompliantDeviceswithMultiple
VLANsonSomePorts
TheVLANsassignedtoportsX3,X4,Y2,Y3,andY4canallbeuntagged
becausethereisonlyoneVLANassignedperport.PortX1hasmultipleVLANs
assigned,whichmeansthatoneVLANassignedtothisportcanbeuntagged
andanyothersmustbetagged.ThesameappliestoportsX2,Y1,andY5.
Port RedVLAN GreenVLAN Port RedVLAN
X1 Untagged Y1
X2 Untagged Y2 No*
X3 No* Untagged Y3 No*
X4 Untagged No* Y4 No*
Y5
SwitchX SwitchY
GreenVLAN
Tagged Untagged Tagged
Tagged Untagged
Untagged
Untagged
Untagged Tagged
*NomeanstheportisnotamemberofthatVLAN.Forexample,portX3isnot
amemberoftheRedVLANanddoesnotcarryRedVLANtraffic.Also,ifGVRP
wereenabled,AutowouldappearinsteadofNo.
Not e VLANconfigurationsonportsconnectedbythesamelinkmustmatch.
BecauseportsX2andY5areoppositeendsofthesamepoint-to-pointconnec-
tion,bothportsmusthavethesameVLANconfiguration;thatis,bothports
configuretheRedVLANasUntaggedandtheGreenVLANasTagged.
9-72
Tosummarize:
VLANsPer
Port
TaggingScheme
1 UntaggedorTagged.Ifthedeviceconnectedtotheportis802.1Q-compliant,
thentherecommendedchoiceisTagged.
2orMore 1VLANUntagged;allothersTagged
or
AllVLANsTagged
AgivenVLANmusthavethesameVIDonany802.1Q-compliantdeviceinwhichtheVLANis
configured.
Theportsconnectingtwo802.1QdevicesshouldhaveidenticalVLANconfigurations,as
shownforportsX2andY5,above.
EffectofVLANsonOtherSwitchFeatures
SpanningTreeProtocolOperationwithVLANs
BecausetheSeries2500switchesfollowthe802.1QVLANrecommendation
tousesingle-instancespanningtree,STPoperatesacrossallportsonthe
switch(regardlessofVLANassignments)insteadofonaper-VLANbasis.This
meansthatifredundantphysicallinksexistbetweentheswitchandanother
802.1Qdevice,allbutonelinkwillbeblocked,regardlessofwhetherthe
redundantlinksareinseparateVLANs.However,youcanuseporttrunking
topreventSTPfromunnecessarilyblockingports(andtoimproveoverall
networkperformance).RefertoSTPOperationwith802.1QVLANsonpage
9-110.
NotethatSTPoperatesdifferentlyindifferentdevices.Forexample,inthe
(non-802.1Q)HPSwitch2000andtheHPSwitch800T,STPoperatesonaper-
VLANbasis,allowingredundantphysicallinksaslongastheyareinseparate
VLANs.
IPInterfaces
Thereisaone-to-onerelationshipbetweenaVLANandanIPnetworkinter-
face.SincetheVLANisdefinedbyagroupofports,thestate(up/down)of
thoseportsdeterminesthestateoftheIPnetworkinterfaceassociatedwith
thatVLAN.WhenaVLANcomesupbecauseoneormoreofitsportsisup,the
IPinterfaceforthatVLANisalsoactivated.Likewise,whenaVLANis
deactivatedbecauseallofitsportsaredown,thecorrespondingIPinterface
isalsodeactivated.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-73
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
VLANMACAddresses
TheswitchhasoneuniqueMACaddressforeachofitsVLANinterfaces.You
cansendan802.2testpackettothisMACaddresstoverifyconnectivitytothe
switch.Likewise,youcanassignanIPaddresstotheVLANinterface,and
whenyouPingthataddress,ARPwillresolvetheIPaddresstothisMAC
address.Theswitchallowsupto30VLANMACaddresses(oneperpossible
VLAN).
PortTrunks
WhenassigningaporttrunktoaVLAN,allportsinthetrunkareautomatically
assignedtothesameVLAN.Youcannotsplittrunkmembersacrossmultiple
VLANs.Also,aporttrunkistagged,untagged,orexcludedfromaVLANinthe
samewayasforindividual,untrunkedports.
PortMonitoring
Ifyoudesignateaportontheswitchfornetworkmonitoring,thisportwill
appearinthePortVLANAssignmentscreenandcanbeconfiguredasa
memberofanyVLAN.Forinformationonhowbroadcast,multicast,and
unicastpacketsaretaggedinsideandoutsideoftheVLANtowhichthe
monitorportisassigned,seeVLAN-RelatedProblemsonpage11-9.
9-74
VLANRestrictions
AportmustbeamemberofatleastoneVLAN.Inthefactorydefault
configuration,allportsareassignedtothedefaultVLAN
(DEFAULT_VLAN;VID=1).
AportcanbeassignedtoseveralVLANs,butonlyoneofthoseassign-
mentscanbeuntagged.(TheUntaggeddesignationenablesVLANoper-
ationwithnon802.1Q-compliantdevices.)
AnexternalroutermustbeusedtocommunicatebetweentaggedVLANs.
DuplicateMACaddressesondifferentVLANsarenotsupportedandcan
causeVLANoperatingproblems.Theseduplicatesarepossibleandcom-
moninsituationsinvolvingSunworkstationswithmultiplenetwork
interfacecards,withDECnetrouters,andwithcertainHewlett-Packard
routersusingOSversionsearlierthanA.09.70whereanyofthefollowing
areenabled:
IPX
IPHost-Only
STP
XNS
DECnet
Currently,theproblemofduplicateMACaddressesinIPXandIPHost-
OnlyenvironmentsisaddressedthroughtheHProuterOSversion
describedunderHPRouterRequirementsonpage9-76.However,for
XNSandDECnetenvironments,asatisfactorysolutionisnotavailable
fromanyvendoratthistime.
Not e OperatingproblemsassociatedwithduplicateMACaddressesarelikelyto
occurinVLANenvironmentswhereXNSandDECnetareused.Forthis
reason,usingVLANsinXNSandDECnetenvironmentsisnotcurrently
supported.
BeforeyoucandeleteaVLAN,youmustfirstre-assignallportsinthe
VLANtoanotherVLAN.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-75
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
HPRouterRequirements.UsetheHewlett-PackardversionA.09.70(or
later)routerOSreleaseifanyofthefollowingHewlett-Packardroutersare
installedinnetworksinwhichyouwillbeusingVLANs:
HPRouter440(formerlyRouterER)
HPRouter470(formerlyRouterLR)
HPRouter480(formerlyRouterBR)
HPRouter650
ReleaseA.09.74isavailableontheWorldWideWebat
SymptomsofDuplicateMACAddressesinVLAN
Environments
Therearenodefinitiveeventsorstatisticstoindicatethepresenceofduplicate
MACaddressesinaVLANenvironment.However,onesymptomthatmay
occuristhattheduplicateMACaddresscanbeseeninthePortAddressTable
formorethanoneport.YoucandoasearchforthesuspectedMACaddress
intheswitchsaddresstableandifthereisaduplicateMACaddressproblem,
theaddresswillbefoundinthetableassociatedwithoneportatonemoment,
andthenlaterassociatedwithadifferentport.
9-76
GVRP
GVRP
Feature Default CLI Menu Web
viewGVRPconfiguration n/a page9-84 page9-86 page9-89
liststaticanddynamicVLANs n/a page9-88 page9-89
onaGVRP-enabledswitch
enableordisableGVRPonthe disabled page9-84 page9-87 page9-89
switch
enableordisableGVRPon enabled page9-84 page9-87
individualports
controlhowindividualports Learn page9-84 page9-87 page9-89
willhandleadvertisementsfor
newVLANs
convertadynamicVLANtoa n/a page9-89
staticVLAN
configurestaticVLANs DEFAULT_VLAN page9-57 page9-62 page9-89
(VID=1)
GVRPGARPVLANRegistrationProtocolisanapplicationoftheGeneric
AttributeRegistrationProtocolGARP.GVRPisdefinedintheIEEE802.1Q
standard,andGARPisdefinedintheIEEE802.1Pstandard.
Not e TounderstandanduseGVRPyoumusthaveaworkingknowledgeof802.1Q
VLANtagging.(SeePort-BasedVirtualLANs(StaticVLANs)onpage9-50.)
GVRPusesGVRPBridgeProtocolDataUnits(GVRPBPDUs)toadver-
tisestaticVLANs.Inthismanual,aGVRPBPDUistermedan advertisement.
GVRPenablestheSwitch2512/2524todynamicallycreate802.1Q-compliant
VLANsonlinkswithotherdevicesrunningGVRP.Thisenablestheswitchto
automaticallycreateVLANlinksbetweenGVRP-awaredevices.(AGVRPlink
canincludeintermediatedevicesthatarenotGVRP-aware.)Thisoperation
reducesthechancesforerrorsinVLANconfigurationbyautomaticallypro-
vidingVLANID(VID)consistencyacrossthenetwork.Thatis,youcanuse
GVRPtopropagateVLANstootherGVRP-awaredevicesinsteadofmanually
havingtosetupVLANsacrossyournetwork.Aftertheswitchcreatesa
dynamicVLAN,youcanoptionallyusetheCLIstatic<vlan-id>command
convertittoastaticVLANorallowittocontinueasadynamicVLANforas
longasneeded.YoucanalsouseGVRPtodynamicallyenableportmember-
shipinstaticVLANsconfiguredonaswitch.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-77
GVRP
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Not e TheremustbeonecommonVLAN(thatis,onecommonVID)connectingall
oftheGVRP-awaredevicesinthenetworktocarryGVRPpackets.HPrecom-
mendsthedefaultVLAN(DEFAULT_VLAN;VID=1),whichisautomatically
enabledandconfiguredasuntaggedoneveryportoftheSeries2500switches).
Thatis,onportsusedforGVRPlinks,leavethedefaultVLANsettoUntagged
andconfigureotherstaticVLANsonthesameportsaseitherTagged,Auto,or
Forbid.(AutoandForbidaredescribedunderPer-PortOptionsforDynamic
VLANAdvertisingandJoiningonpage9-82.
GeneralOperation
AGVRP-enabledportwithaTaggedorUntaggedstaticVLANsendsadvertise-
ments(BPDUs,orBridgeProtocolDataUnits)advertisingtheVLAN(actually,
itsVID).AnotherGVRP-awareportreceivingtheadvertisementsoveralink
candynamicallyjointheadvertisedVLAN.AlldynamicVLANsoperateas
TaggedVLANs.Also,aGVRP-enabledportcanforwardanadvertisementfor
aVLANitlearnedaboutfromotherportsonthesameswitch.However,the
forwardingportwillnotitselfjointhatVLANuntilanadvertisementforthat
VLANisreceivedonthatspecificport.
Coreswitchwithstatic 2.Port1receivesadvertise- 4.Port4receivesadvertise-
VLANs(VID=1,2,&3).Port2 mentofVIDs1,2,&3AND mentofVIDs1,2,&3AND
isamemberofVIDs1,2,&3. becomesamemberofVIDs becomesamemberofVIDs
1,2,&3. 1,2,&3.
1.Port2advertisesVIDs1,2, 3.Port3advertisesVIDs1,2, 5.Port5advertisesVIDs1,2,
&3. &3,butport3isNOTa &3,butport5isNOTa
memberofVIDs1,2,&3at memberofVIDs1,2,&3at
Port6isstaticallyconfigured
thispoint. thispoint.
tobeamemberofVID3.
GVRPOn
2
GVRPOn
3
1
GVRPOn
5
4
withGVRPOn
6
Switch1 Switch2 Switch3 StaticVLANcon-
figuredEndDevice
(NICorswitch)
11.Port2receives 9.Port3receivesadvertise- 7.Port5receivesadvertise- 6.Port6advertisesVID3.
advertisementofVID3.(Port mentofVID3ANDbecomes mentofVID3ANDbecomes
2isalreadystatically amemberofVID3.(Stillnot amemberofVID3.(Stillnot
configuredforVID3. amemberofVIDs1&2.) amemberofVIDs1&2.)
10.Port1advertisesVID3. 8.Port4advertisesVID3.
Figure9-57.ExampleofForwardingAdvertisementsandDynamicJoining
9-78
GVRP
NotethatifastaticVLANisconfiguredonatleastoneportofaswitch,and
thatporthasestablishedalinkwithanotherdevice,thenallotherportsofthat
switchwillsendadvertisementsforthatVLAN.
Forexample,inthefollowingfigure,TaggedVLANportsonswitchAand
switchC,belowadvertiseVLANs22and33toportsonotherGVRP-enabled
switchesthatcandynamicallyjointheVLANs.
SwitchA
SwitchB
Dynamic
Dynamic
Dynamic
:
Dynamic
Dynamic
:
i
:
1 5
12
11
2
7
3
6
GVRPOn
(NoGVRP)
SwitchC
GVRPOn
SwitchD
GVRPOn
Tagged
VLAN22
Tagged
VLAN22
VLAN22
VLAN33
SwitchE
GVRPOn
Tagged
VLAN33
VLAN33
SwitchC
Port5dynamicallyjoined VLAN22..
Ports11and12belongtoTaggedVLAN33.
VLAN22
VLAN22
SwitchE
Port2dynamicallyjo nedVLAN33.
LowerportdynamicallyjoinedVLAN22.
SwitchD
Port3dynamicallyjoinedVLAN33.
Port6dynamicallyjoinedVLAN22.
Figure9-58.ExampleofGVRPOperation
Not e AportcanlearnofadynamicVLANthroughdevicesthatarenotawareof
GVRP(SwitchB,above).VLANsmustbedisabledinGVRP-unawaredevices
toallowtaggedpacketstopassthrough.
AGVRP-awareportreceivingadvertisementshastheseoptions:
IfthereisnotalreadyastaticVLANwiththeadvertisedVIDonthe
receivingport,thendynamicallycreateaVLANwiththesameVIDasin
theadvertisement,andbeginmovingthatVLANstraffic.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-79
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
GVRP
IftheswitchalreadyhasastaticVLANassignmentwiththesameVIDas
intheadvertisement,andtheportisconfiguredtoAutoforthatVLAN,
thentheportwilldynamicallyjointheVLANandbeginmovingthat
VLANstraffic.(Formoredetailon Auto,seePer-PortOptionsfor
DynamicVLANAdvertisingandJoiningonpage9-82.)
IgnoretheadvertisementforthatVIDanddropallGVRPtrafficwiththat
VID.
DontparticipateinthatVLAN.
NotealsothataportbelongingtoaTaggedorUntaggedstaticVLANhasthese
configurableoptions:
SendVLANadvertisements,andalsoreceiveadvertisementsforVLANs
onotherportsanddynamicallyjointhoseVLANs.
SendVLANadvertisements,butignoreadvertisementsreceivedfrom
otherports.
AvoidGVRPparticipationbynotsendingadvertisementsanddropping
anyadvertisementsreceivedfromotherdevices.
IPAddressing.AdynamicVLANdoesnothaveanIPaddress,andmoves
trafficonthebasisofportmembershipinVLANs.However,afterGVRP
createsadynamicVLAN,youcanconvertittoastaticVLAN.Notethatitis
thennecessarytoassignportstotheVLANinthesamewaythatyouwould
forastaticVLANthatyoucreatedmanually.Inthestaticstateyoucan
configureIPaddressingontheVLANandaccessitinthesamewaythatyou
wouldanyotherstatic(manuallycreated)VLAN.
Per-PortOptionsforHandlingGVRPUnknown
VLANs
AnunknownVLANisaVLANthattheswitchlearnsofbyGVRP.For
example,supposethatinfigure9-58(page9-79),port1onswitchAis
connectedtoport5onswitchC.BecauseswitchAhasVLAN22statically
configured,whileswitchCdoesnothavethisVLANstaticallyconfigured,
VLAN22ishandledasanUnknownVLANonport5inswitchC.Con-
versely,ifVLAN22wasstaticallyconfiguredonswitchC,butport5wasnot
amember,port5wouldbecomeamemberwhenadvertisementsforVLAN22
werereceivedfromswitchA.
WhenyouenableGVRPonaswitch,youhavetheper-portjoin-requestoptions
listedintable9-8:
9-80
GVRP
Table9-8.OptionsforHandlingUnknownVLANAdvertisements:
Operation UnknownVLAN
Mode
Learn EnablestheporttodynamicallyjoinanyVLANforwhichitreceivesan
(theDefault) advertisement,andallowstheporttoforwardadvertisementsitreceives.
Block PreventstheportfromdynamicallyjoiningaVLANthatisnotstatically
configuredontheswitch.Theportwillstillforwardadvertisementsthat
werereceivedbytheswitchonotherports.Blockshouldtypicallybeused
onportsinunsecurenetworks,wherethereisexposuretoattacks,such
asportswhereintruderscanconnect.
Disable Causestheporttoignoreanddropalladvertisementsitreceivesfromany
source.
TheCLIshowgvrpcommandandthemenuinterfaceVLANSupportscreen
showaswitchscurrentGVRPconfiguration,includingtheUnknownVLAN
settings.
Default:
GVRPEnabled
(RequiredforUnknown
VLANoperation.)
UnknownVLANSettings
Learn
Figure9-59.ExampleofGVRPUnknownVLANSettings
TheaboveoptionsalsoinfluenceGVRPoperationonportswherestatic
VLANsareconfigured.(Seethenextsection.)
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-81
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
GVRP
Per-PortOptionsforDynamicVLANAdvertisingand
Joining
InitiatingAdvertisements. Asdescribedintheprecedingsection,to
enabledynamicjoins,GVRPmustbeenabledandaportmustbeconfigured
toLearn(thedefault).However,tosendadvertisementsinyournetwork,one
ormoreTaggedorUntaggedstaticVLANsmustbeconfiguredononeormore
switches(withGVRPenabled),dependingonyourtopology.
EnablingaStaticVLANforDynamicJoins.Youcanconfigureaportto
dynamicallyjoinastaticVLAN(thatsharesthesameVID)ifthatportsubse-
quentlyreceivesanadvertisementforthestaticVLAN.(Thisisdonebyusing
theAutoandLearnoptionsdescribedintable9-9,below.
ParametersforControllingVLANPropagationBehavior. Onanindi-
vidualport,youcanconfigureanexistingstaticVLANtoactivelyorpassively
participateindynamicVLANpropagationortoignoredynamicVLAN(GVRP)
operation.TheseoptionsarecontrolledbytheGVRPUnknownVLANand
thestaticVLANconfigurationparameters,asdescribedinthefollowingtable:
Table9-9.ControllingVLANBehavioronPortswithStaticVLANs
Per-PortUnknownVLAN Per-PortStaticVLANOptions
1
(GVRP)Configuration
TaggedorUntagged
2
Auto
2
Forbid
2
Learn Generateadvertisements. Receiveadvertisementsand Donotallowthe
(theDefault) Forwardadvertisementsforother
VLANs.
dynamicallyjoinany
advertisedVLANthathasthe
porttobecomea
memberofthis
Receiveadvertisementsand
sameVIDasthestaticVLAN. VLAN.
dynamicallyjoinanyadvertised
VLAN.
Block Generateadvertisements. Receiveadvertisementsand Donotallowthe
Forwardadvertisementsreceived
dynamicallyjoinany VLANonthisport.
fromotherportsforotherVLANs.
Donotdynamicallyjoinany
advertisedVLANthathasthe
sameVID.
advertisedVLAN.
Disable IgnoreGVRPanddropallGVRP IgnoreGVRPanddropallGVRP Donotallowthe
advertisements. advertisements. VLANonthisport.
1
EachportofaSeries2500switchmustbeaTaggedorUntaggedmemberofatleastoneVLAN.Thus,anyportconfigured
forGVRPtoLearnorBlockwillgenerateandforwardadvertisementsforthestaticVLAN(s)forwhichithasbeen
configuredasTaggedorUntagged.Bydefault,allportsareUntaggedmembersofthedefaultVLAN(VID=1).Seethe
Noteonpagepage9-78.
2
Toconfiguretagging,Auto,orForbid,seeConfiguringStaticVLANNameandPer-PortSettingsonpage9-67(forthe
CLI)orAddingorChangingaVLANPortAssignmentonpage9-60(forthemenu).
9-82
GVRP
Astheabovetableindicates,whenyouenableGVRP,aportthathasaTagged
orUntaggedstaticVLANhastheoptionforbothgeneratingadvertisements
anddynamicallyjoiningotherVLANs.
Not e Intable9-9,above,theUnknownVLANparametersareconfiguredonaper-
interfacebasisusingtheCLI.TheTagged,Untagged,Auto,andForbidoptions
areconfiguredintheVLANcontextusingeitherthemenuinterfaceortheCLI.
BecausedynamicVLANsoperateasTaggedVLANs,andbecauseataggedport
ononedevicecannotcommunicatewithanuntaggedportonanotherdevice,
HPrecommendsthatyouuseTaggedVLANsforthestaticVLANsyouwilluse
togenerateadvertisements.
GVRPandVLANAccessControl
WhenyouenableGVRPonaswitch,thedefaultGVRPparametersettings
allowalloftheswitchsportstotransmitandreceivedynamicVLANadver-
tisements(GVRPadvertisements)andtodynamicallyjoinVLANs.Thetwo
precedingsectionsdescribetheper-portfeaturesyoucanusetocontroland
limitVLANpropagation.Tosummarize,youcan:
Allowaporttoadvertiseand/orjoindynamicVLANs(thedefault).
AllowaporttosendVLANadvertisements,butnotreceivethemfrom
otherdevices;thatis,theportcannotdynamicallyjoinaVLANbutother
devicescandynamicallyjointheVLANsitadvertises.
PreventaportfromsendingdynamicVLANadvertisementsforspecific
VLANs
PreventaportfromparticipatinginGVRPoperation.
Port-LeaveFromaDynamicVLAN
AdynamicVLANcontinuestoexistonaportforaslongastheportcontinues
toreceiveadvertisementsofthatVLANfromanotherdeviceconnectedtothat
portoruntilyou:
ConverttheVLANtoastaticVLAN(SeeConvertingaDynamicVLANto
aStaticVLANonpage9-67.)
ReconfiguretheporttoBlockorDisable
DisableGVRP
Reboottheswitch
Thetime-to-livefordynamicVLANsis10seconds.Thatis,ifaporthas
notreceivedanadvertisementforanexistingdynamicVLANduringthe
last10seconds,theportremovesitselffromthatdynamicVLAN.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-83
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
GVRP
PlanningforGVRPOperation
ThesestepsoutlinetheprocedureforsettingupdynamicVLANsforaseg-
ment.
1. DeterminetheVLANtopologyyouwantforeachsegment(broadcast
domain)onyournetwork.
2. DeterminetheVLANsthatmustbestaticandtheVLANsthatcanbe
dynamicallypropagated.
3. Determinethedeviceordevicesonwhichyoumustmanuallycreatestatic
VLANsinordertopropagateVLANsthroughoutthesegment.
4. Determinesecurityboundariesandhowtheindividualportsintheseg-
mentwillhandledynamicVLANadvertisements.(Seetable9-8onpage
9-81andtable9-9onpage9-82.)
5. EnableGVRPonalldevicesyouwanttousewithdynamicVLANsand
configuretheappropriateUnknownVLANparameter(Learn,Block,or
Disable)foreachport.
6. ConfigurethestaticVLANsontheswitch(es)wheretheyareneeded,
alongwiththeper-VLANparameters(Tagged,Untagged,Auto,andForbid
seetable9-9onpage9-82)ontheappropriateports.
7. DynamicVLANswillthenappearautomatically,accordingtotheconfig-
urationoptionsyouhavechosen.
8. ConvertdynamicVLANstostaticVLANswhereyouwantdynamicVLANs
tobecomepermanent.
ConfiguringGVRPOnaSwitch
Theproceduresinthissectiondescribehowto:
ViewtheGVRPconfigurationonaswitch
EnableanddisableGVRPonaswitch
Specifyhowindividualportswillhandleadvertisements
TovieworconfigurestaticVLANsforGVRPoperation,refertoPort-Based
VirtualLANs(StaticVLANs)onpage9-50.
Menu:ViewingandConfiguringGVRP
9-84
GVRP
8.VLANMenu...
1.VLANSupport
Figure9-60.TheVLANSupportScreen(DefaultConfiguration)
2. DothefollowingtoenableGVRPanddisplaytheUnknownVLANfields:
a. Press(forEdit).
b. Use[v]tomovethecursortotheGVRPEnabledfield.
c. PresstheSpacebartoselectYes.
d. Press[v]againtodisplaytheUnknownVLANfields.
TheUnknownVLAN
fieldsenableyouto
configureeachportto:
Learn-Dynamically
joinanyadvertised
VLANandforwardall
advertisementsthe
portreceives.
Block-Donot
dynamicallyjoinany
VLAN,butstill
forward
advertisements.
Disable-Ignoreand
dropall
advertisements.
Figure9-61.ExampleShowingDefaultSettingsforHandlingAdvertisements
3. Usethearrowkeystoselecttheportyouwant,andtheSpacebartoselect
UnknownVLANoptionforanyportsyouwanttochange.
4. Whenyoufinishmakingconfigurationchanges,press ,then(for
Save)tosaveyourchangestotheStartup-Configfile.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-85
GVRP
CLI:ViewingandConfiguringGVRP
GVRPCommandsUsedinThisSection
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
showgvrp below
gvrp page9-87
unknown-vlans page9-87
DisplayingtheSwitchsCurrentGVRPConfiguration. Thiscommand
showswhetherGVRPisdisabled,alongwiththecurrentsettingsforthe
maximumnumberofVLANsandthecurrentPrimaryVLAN.(Formoreonthe
lasttwoparameters,seePort-BasedVirtualLANs(StaticVLANs)onpage
9-50.)
Syntax: showgvrp
Figure9-62. ExampleofShowGVRPListingwithGVRPDisabled
Thisexampleincludes
non-defaultsettingsfor
theUnknownVLANfield
forsomeports.
Figure9-63.ExampleofShowGVRPListingwithGVRPEnabled
9-86
GVRP
EnablingandDisablingGVRPontheSwitch.Thiscommandenables
GVRPontheswitch.
Syntax: gvrp
ThisexampleenablesGVRP:
HP2512(config)# gvrp
ThisexampledisablesGVRPoperationontheswitch:
HP2512(config)# no gvrp
EnablingandDisablingGVRPOnIndividualPorts. WhenGVRPis
enabledontheswitch,usetheunknown-vlanscommandtochangethe
UnknownVLANfieldforoneormoreports.Youcanusethiscommandat
eithertheManagerlevelortheinterfacecontextlevelforthedesiredport(s).
Syntax: showgvrp Showsthecurrentsettings.
interface<port-list>unknown-vlans
<learn|block|disable> ChangestheUnknownVLAN
fieldsettingforthespecified
port(s).
Forexample,toviewandchangetheconfigurationforports1-2toBlock:
HP2512(config)# interface 1-2 unknown-vlans block
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-87
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
GVRP
DisplayingtheStaticandDynamicVLANsActiveontheSwitch.The
showvlanscommandlistsallVLANspresentintheswitch.
Syntax: showvlans
Forexample,inthefollowingillustration,switchAhasonestaticVLAN(the
defaultVLAN),withGVRPenabledandport1configuredtoLearnfor
UnknownVLANs.SwitchBhasGVRPenabledandhasthreestaticVLANs:
thedefaultVLAN,VLAN-222,andVLAN-333.Inthisscenario,switchBwill
dynamicallyjoinVLAN-222andVLAN-333:
SwitchB SwitchA
GVRPenabled.
3StaticVLANs:
GVRPenabled.
1StaticVLANs:
DEFAULT_VLAN DEFAULT_VLAN
VLAN-222
VLAN-33
Theshowvlanscommandliststhedynamic(andstatic)VLANsinswitchB.
DynamicVLANs
Learnedfrom
SwitchA
throughPort1
Figure9-64.ExampleofListingShowingDynamicVLANs
9-88
GVRP
ConvertingaDynamicVLANtoaStaticVLAN. Ifaportontheswitch
hasjoinedadynamicVLAN,youcanusethefollowingcommandtoconvert
thatdynamicVLANtoastaticVLAN:
Syntax: static<dynamic-vlan-id>
Forexample,toconvertdynamicVLAN333(fromthepreviousexample)toa
staticVLAN:
HP2512(config)# static 333
Web:ViewingandConfiguringGVRP
Toview,enable,disable,orreconfigureGVRP:
2. Clickon anddothefollowing:
ToenableordisableGVRP,clickonGVRPEnabled.
TochangetheUnknownVLANfieldforanyport:
i. Clickon andmakethedesiredchanges.
ii. Clickon tosaveandimplementyourchangestothe
UnknownVLANfields.
GVRPOperatingNotes
AdynamicVLANmustbeconvertedtoastaticVLANbeforeitcanhave
anIPaddress.
ConvertingadynamicVLANtoastaticVLANandthenexecutingthewrite
memorycommandsavestheVLANinthestartup-configfileandmakesit
apermanentpartoftheswitchsVLANconfiguration.
Withinthesamebroadcastdomain,adynamicVLANcanpassthrougha
devicethatisnotGVRP-aware.Thisisbecauseahuboraswitchthatis
notGVRP-warewillfloodtheGVRP(multicast)advertisementpackets
outallports.
GVRPassignsdynamicVLANsasTaggedVLANs.ToconfiguretheVLAN
asUntagged,youmustfirstconvertittoastaticVLAN.
RebootingaswitchonwhichadynamicVLANexistsdeletesthatVLAN.
However,thedynamicVLANre-appearsaftertherebootifGVRPis
enabledandtheswitchagainreceivesadvertisementsforthatVLAN
throughaportconfiguredtoadddynamicVLANs.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-89
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
GVRP
ByreceivingadvertisementsfromotherdevicesrunningGVRP,theswitch
learnsofstaticVLANsonthoseotherdevicesanddynamically(automat-
ically)createstaggedVLANsonthelinkstotheadvertisingdevices.
Similarly,theswitchadvertisesitsstaticVLANstootherGVRP-aware
devices.
AGVRP-enabledswitchdoesnotadvertiseanyGVRP-learnedVLANsout
oftheport(s)onwhichitoriginallylearnedofthoseVLANs.
9-90
MultimediaTrafficControlwithIPMulticast(IGMP)
MultimediaTrafficControlwithIP
Multicast(IGMP)
IGMPFeatures
viewigmpconfiguration n/a page9-93
showigmpstatusformulticast n/a Yes
groupsusedbytheselected
VLAN
enablingordisablingIGMP disabled page9-95 page9-97
(RequiresVLANIDContext)
per-portpacketcontrol auto page9-96
IGMPtrafficpriority normal page9-96
querier enabled page9-97
InanetworkwhereIPmulticasttrafficistransmittedforvariousmultimedia
applications,youcanusetheswitchtoreduceunnecessarybandwidthusage
onaper-portbasisbyconfiguringIGMP(InternetGroupManagementProto-
colcontrols).Inthefactorydefaultstate(IGMPdisabled),theswitchforwards
allIGMPtraffictoallports,whichcancauseunnecessarybandwidthusage
onportsnotbelongingtomulticastgroups.EnablingIGMPallowstheports
todetectIGMPqueriesandreportpacketsandmanageIPmulticasttraffic
throughtheswitch.
IGMPisusefulinmultimediaapplicationssuchasLANTV,desktopconfer-
encing,andcollaborativecomputing,wherethereismultipointcommunica-
tion;thatis,communicationfromonetomanyhosts,orcommunication
originatingfrommanyhostsanddestinedformanyotherhosts.Insuch
multipointapplications,IGMPwillbeconfiguredonthehosts,andmulticast
trafficwillbegeneratedbyoneormoreservers(insideoroutsideofthelocal
network).Switchesinthenetwork(thatsupportIGMP)canthenbeconfig-
uredtodirectthemulticasttraffictoonlytheportswhereneeded.Ifmultiple
VLANsareconfigured,youcanconfigureIGMPonaper-VLANbasis.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-91
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
EnablingIGMPallowstheportstodetectIGMPqueriesandreportpackets
andmanageIPmulticasttrafficthroughtheswitch.Ifnootherquerieris
detected,theswitchwillthenalsofunctionasthequerier.(Ifyouneedto
disablethequerierfeature,youcandosothroughtheIGMPconfiguration
MIB.RefertoChangingtheQuerierConfigurationSettingonpage9-97.)
Not e IGMPconfigurationontheSwitch2512/2524operatesattheVLANcontext
level.IfyouarenotusingVLANs,thenconfigureIGMPinVLAN1(thedefault
VLAN)context.IGMPrequiresanIPaddressandsubnetmaskforanyVLAN
usedforIGMPtraffic.IftheswitchreliesonDHCPorBootptoacquireanIP
address,ensurethatanIPaddressinghasbeenassignedtotheappropriate
VLANsbyusingshowiporbyviewingthemenuinterfaceManagement
AddressInformationscreen(page10-6).
InorderforIGMPservicetotakeeffect,anIPaddressmustbeconfiguredand
activeontheVLANinwhichyouwantIGMPtooperate.IftheonlyVLANon
theswitchisthedefault VLAN(VLANID,orVID,of1),thenyoumust
configureanIPaddressforVLAN1.IfmultipleVLANsareconfigured,you
mustconfigureanIPaddressfortheVLAN(s)inwhichyouwanttoimplement
IGMP.RefertoIPConfigurationonpage5-3.
IGMPOperatingFeatures
Inthefactorydefaultconfiguration,IGMPisdisabled.IfmultipleVLANsare
notconfigured,youmustconfigureIGMPonthedefaultVLAN
(DEFAULT_VLAN;VID=1).IfmultipleVLANsareconfigured,youmust
configureIGMPonaper-VLANbasis.WhenyouuseeithertheCLIortheweb
browserinterfacetoenableIGMPontheswitchoraVLAN,theswitch
forwardsIGMPtrafficonlytoportsbelongingtomulticastgroups.Usingthe
consoleenablestheseadditionaloptions:
ForwardwithHighPriority.Disablingthisparameter(thedefault)
causestheswitchorVLANtoprocessIPmulticasttraffic,alongwithother
traffic,intheorderreceived(normalpriority).Enablingthisparameter
causestheswitchorVLANtogiveahigherprioritytoIPmulticasttraffic
thantoothertraffic.
Auto/Blocked/Forward:Youcanusetheconsoletoconfigureindividual
ports toanyofthefollowingstates:
Auto(thedefault):CausestheswitchtointerpretIGMPpacketsand
tofilterIPmulticasttrafficbasedontheIGMPpacketinformationfor
portsbelongingtoamulticastgroup.ThismeansthatIGMPtraffic
willbeforwardedonaspecificportonlyifanIGMPhostormulticast
routerisconnectedtotheport.
9-92
Blocked:CausestheswitchtodropallIGMPtransmissionsreceived
fromaspecificportandtoblockalloutgoingIPMulticastpacketsfor
thatport.ThishastheeffectofpreventingIGMPtrafficfrommoving
throughspecificports.
Forward:CausestheswitchtoforwardallIGMPandIPmulticast
transmissionsthroughtheport.
Querier:Inthedefaultstate(enabled),eliminatestheneedforamulticast
router.Inmostcases,HPrecommendsthatyouleavethisparameterin
thedefaultenabledstateevenifyouhaveamulticastrouterperforming
thequerierfunctioninyourmulticastgroup.Formoreinformation,see
HowIGMPOperatesonpage9-97.
Not e WheneverIGMPisenabled,theswitchgeneratesanEventLogmessage
indicatingwhetherquerierfunctionalityisenabled.
Formoreinformation,refertoHowIGMPOperatesonpage9-97.
CLI:ConfiguringandDisplayingIGMP
IGMPCommandsUsedinThisSection
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
showipigmpconfiguration page9-94
ipigmp page9-95
high-priority-forward page9-96
auto<[ethernet]<port-list> page9-96
blocked<[ethernet]<port-list> page9-96
forward<[ethernet]<port-list> page9-96
querier page9-97
showipigmp SeeIPMulticast(IGMP)Statusonpage10-17
ForalistingofthefullCLIcommandset,includingsyntaxandoptions,see
theCLIcommandreferenceavailableontheHPProCurvewebsiteat:
http://www.hp.com
9-93
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
ViewingtheCurrentIGMPConfiguration. ThiscommandliststheIGMP
configurationforallVLANsconfiguredontheswitchorforaspecificVLAN.
Syntax: showipigmpconfig IGMPconfigurationforall
VLANsontheswitch
showipigmp<vid>config IGMPconfigurationfora
specificVLANontheswitch,
includingper-portdata
(ForIGMPoperatingstatus,seeInternetGroupManagementProtocol
(IGMP)Statusonpage10-17.)
Forexample,supposeyouhavethefollowingVLANandIGMPconfigurations
ontheswitch:
VLANName Forwardwith Querier VLANID IGMP
Enabled HighPriority
1 DEFAULT_VLAN Yes No No
22 VLAN-2 Yes Yes Yes
33 VLAN-3 No No No
YoucouldusetheCLItodisplaythisdataasfollows:
Figure9-65.ExampleListingofIGMPConfigurationforAllVLANsintheSwitch
ThefollowingversionoftheshowipigmpcommandincludestheVLANID(vid)
designation,andcombinestheabovedatawiththeIGMPper-portconfigura-
tion:
9-94
fortheSelected
IGMPConfiguration
VLAN
IGMPConfiguration
OntheIndividual
PortsintheVLAN
Figure9-66.ExampleListingofIGMPConfigurationforASpecificVLAN
EnablingorDisablingIGMPonaVLAN.YoucanenableIGMPona
VLAN,alongwiththelast-savedordefaultIGMPconfiguration(whichever
wasmostrecentlyset),oryoucandisableIGMPonaselectedVLAN.Note
thatthiscommandmustbeexecutedinaVLANcontext.
Syntax: [no]ipigmp
Forexample,herearemethodstoenableanddisableIGMPonthedefault
VLAN(VID=1).
HP2512(config)# vlan 1 ip igmp EnablesIGMPonVLAN1.
HP2512(vlan-1)# ip igmp Sameasabove.
HP2512(config)# no vlan 1 ip igmp DisablesIGMPonVLAN1.
Not e IfyoudisableIGMPonaVLANandthenlaterre-enableIGMPonthatVLAN,
theswitchrestoresthelast-savedIGMPconfigurationforthatVLAN.Formore
onhowswitchmemoryoperates,seeAppendixC,SwitchMemoryand
Configuration.
YoucanalsocombinetheipigmpcommandwithotherIGMP-relatedcom-
mands,asdescribedinthefollowingsections.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-95
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
ConfiguringPer-PortIGMPPacketControl.Usethiscommandinthe
VLANcontexttospecifyhoweachportshouldhandleIGMPtraffic.
Syntax: vlan<vid>ipigmp
[auto<port-list>|blocked<port-list>|forward<port-list>]
Default: auto
Forexample,supposeyouwantedtoconfigureIGMPasfollowsforVLAN1
onthe10/100portsontheSwitch2512:
Ports1-7 auto Filtermulticasttraffic.ForwardIGMPtraffictohostsontheseports
thatbelongtothemulticastgroupforwhichthetrafficisintended.
(Alsoforwardanymulticasttrafficthroughanyoftheseportsthatis
connectedtoamulticastrouter.)
Port8 forward Forwardallmulticasttrafficthroughthisport.
Ports9-12 blocked Dropallmulticasttrafficreceivedfromdevicesontheseports,and
preventanyoutgoingmulticasttrafficfrommovingthroughthese
ports.
Dependingontheprivilegelevel,youcoulduseoneofthefollowingcom-
mandstoconfigureIGMPonVLAN1withtheabovesettings:
HP2512(config)# vlan 1 ip igmp auto 1-7 forward 8 blocked 9-12
HP2512(vlan-1)# ip igmp auto 1-7 forward 8 blocked 9-12
ThefollowingcommanddisplaystheVLANandper-portconfigurationresult-
ingfromtheabovecommands.
HP2512> show ip igmp 1 config
ConfiguringIGMPTrafficPriority.Thiscommandassignshighpriority
toIGMPtrafficorreturnsahigh-prioritysettingtonormalpriority.
Syntax: vlan <vid> ip igmp high-priority-forward
Default: normal
HP2512(config)# vlan 1 ip igmp Configureshighpriorityfor
high-priority-forward IGMPtrafficonVLAN1.
HP2512(vlan-1)# vlan 1 ip igmp Sameasabovecommand,
high-priority-forward butintheVLAN1context
level.
HP2512(vlan 1)# no ip igmp ReturnsIGMPtrafficto
high-priority-forward normalpriority.
9-96
HP2512> show ip igmp config Showcommandtodisplay
resultsofabovehigh-priority
commands.
ConfiguringtheQuerierFunction. Thedefaultquerierfunctionis
enabled.Thiscommanddisablesorre-enablesthequerierfunction.
Syntax: [no]vlan<vid>ipigmpquerier
Default: Yes
HP2512(config)# no vlan 1 ip Disablesthequerierfunction
igmp querier onVLAN1.
HP2512> show ip igmp config Showcommandtodisplay
resultsofabovequerier
command.
Web:EnablingorDisablingIGMP
InthewebbrowserinterfaceyoucanenableordisableIGMPonaper-VLAN
basis.ToconfigureotherIGMPfeatures,telnettotheswitchconsoleanduse
theCLI.
ToEnableorDisableIGMP
2. Clickon.
3. IfmorethanoneVLANisconfigured,usetheVLANpull-downmenuto
selecttheVLANonwhichyouwanttoenableordisableIGMP.
4. UsetheMulticastFiltering(IGMP)menutoenableordisableIGMP.
5. Clickon toimplementtheconfigurationchange.
HowIGMPOperates
TheInternetGroupManagementProtocol(IGMP)isaninternalprotocolof
theInternetProtocol(IP)suite.IPmanagesmulticasttrafficbyusing
switches,multicastrouters,andhoststhatsupportIGMP.(InHewlett-Pack-
ardsimplementationofIGMP,amulticastrouterisnotnecessaryaslongas
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-97
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
aswitchisconfiguredtosupportIGMPwiththequerierfeatureenabled.)Aset
ofhosts,routers,and/orswitchesthatsendorreceivemulticastdatastreams
toorfromthesamesource(s)istermedamulticastgroup,andalldevicesin
thegroupusethesamemulticastgroupaddress.Themulticastgrouprunning
version2ofIGMPusesthreefundamentaltypesofmessagestocommunicate:
Query:Amessagesentfromthequerier(multicastrouterorswitch)
askingforaresponsefromeachhostbelongingtothemulticastgroup.If
amulticastroutersupportingIGMPisnotpresent,thentheswitchmust
assumethisfunctioninordertoelicitgroupmembershipinformation
fromthehostsonthenetwork.(Ifyouneedtodisablethequerierfeature,
youcandosothroughtheCLI,usingtheIGMPconfigurationMIB.See
ChangingtheQuerierConfigurationSettingonpageConfiguringthe
QuerierFunctiononpage9-97.)
Report:Amessagesentbyahosttothequeriertoindicatethatthehost
wantstobeorisamemberofagivengroupindicatedinthereport
message.
LeaveGroup:Amessagesentbyahosttothequeriertoindicatethatthe
hosthasceasedtobeamemberofaspecificmulticastgroup.
Thus,IGMPidentifiesmembersofamulticastgroup(withinasubnet)and
allowsIGMP-configuredhosts(androuters)tojoinorleavemulticastgroups.
IGMPData.Todisplaydatashowingactivegroupaddresses,reports,que-
ries,querieraccessport,andactivegroupaddressdata(port,type,and
access),seeIPMulticast(IGMP)Statusonpage10-17.
RoleoftheSwitch
WhenIGMPisenabledontheswitch,itexaminestheIGMPpacketsitreceives:
TolearnwhichofitsportsarelinkedtoIGMPhostsandmulticastrouters/
queriersbelongingtoanymulticastgroup
Tobecomeaquerierifamulticastrouter/querierisnotdiscoveredonthe
network
Oncetheswitchlearnstheportlocationofthehostsbelongingtoanypartic-
ularmulticastgroup,itcandirectgrouptraffictoonlythoseports,resulting
inbandwidthsavingsonportswheregroupmembersdonotreside.The
followingexampleillustratesthisoperation.
Figure9-67onpage9-99showsanetworkrunningIGMP.
PCs1and4,switch2,andalloftheroutersaremembersofanIPmulticast
group.(Theroutersoperateasqueriers.)
9-98
Switch1ignoresIGMPtrafficanddoesnotdistinguishbetweenIPmulti-
castgroupmembersandnon-members.Thus,itissendinglargeamounts
ofunwantedmulticasttrafficouttheportstoPCs2and3.
Switch2isrecognizingIGMPtrafficandlearnsthatPC4isintheIP
multicastgroupreceivingmulticastdatafromthevideoserver(PCX).
Switch2thensendsthemulticastdataonlytotheportforPC4,thus
avoidingunwantedmulticasttrafficontheportsforPCs5and6.
Multicast
DataStream
PCX
Video
Server
Router
PC1
Vi
Router
PC2
PC3 PC4
Video PC6
IGMP
RunningHere
Router
deo
Client
Switch1
Router
Switch2
Client
PC5
isNOT
RunningHere
IGMPIS
Figure9-67.TheAdvantageofUsingIGMP
Thenextfigure(9-68)showsanetworkrunningIPmulticastingusingIGMP
withoutamulticastrouter.Inthiscase,theIGMP-configuredswitchrunsasa
querier.
PCs2,5,and6aremembersofthesameIPmulticastgroup.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-99
IGMPisconfiguredonswitches3and4.Eitheroftheseswitchescanoperate
asquerierbecauseamulticastrouterisnotpresentonthenetwork.(Ifan
IGMPswitchdoesnotdetectaquerier,itautomaticallyassumesthisrole,
assumingthequerierfeatureisenabledthedefaultwithinIGMP.)
PC1
PC2
PC5
IGMPIS
IGMP
IGMPIS
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Switch4
PC6
Multicast
DataStream
RunningHere
Switch1
Switch2
isNOT
RunningHere
Switch3
RunningHere
Figure9-68.IsolatingIPMulticastTrafficinaNetwork
Intheabovefigure,themulticastgrouptrafficdoesnotgotoswitch1and
beyondbecauseeithertheportonswitch3thatconnectstoswitch1has
beenconfiguredasblockedortherearenohostsconnectedtoswitch1
orswitch2thatbelongtothemulticastgroup.
ForPC1tobecomeamemberofthesamemulticastgroupwithout
floodingIPmulticasttrafficonallportsofswitches1and2,IGMPmust
beconfiguredonbothswitches1and2,andtheportonSwitch3that
connectstoSwitch1mustbeunblocked.
9-100
Not e: IPMulticastFilters. IPmulticastaddressesoccurintherangefrom
224.0.0.0through239.255.255.255(whichcorrespondstotheEthernetmulti-
castaddressrangeof01005e-000000through01005e-7fffff).Devicessuchas
theHPSwitch1600M/2400M/2424M/4000M/8000MhavingstaticTraffic/Secu-
rityfiltersconfiguredwithaMulticastfiltertypeandaMulticastAddress
inthisrangewillcontinueineffectunlessIGMPlearnsofamulticastgroup
destinationinthisrange.Inthatcase,IGMPtakesoverthefilteringfunction
forthemulticastdestinationaddress(es)foraslongastheIGMPgroupis
active.IftheIGMPgroupsubsequentlydeactivates,thestaticfilterresumes
controlovertraffictothemulticastaddressformerlycontrolledbyIGMP.
(NotethattheSwitch2512and2524donothavetraffic/securityfilters.)
ReservedAddressesExcludedfromIPMulticast(IGMP)Filtering.
TraffictoIPmulticastgroupsintheIPaddressrangeof224.0.0.0to224.0.0.255
willalwaysbefloodedbecauseaddressesinthisrangearewellknownor
reservedaddresses.Thus,ifIPMulticastisenabledandthereisanIP
multicastgroupwithinthereservedaddressrange,traffictothatgroupwill
befloodedinsteadoffilteredbytheswitch.
NumberofIPMulticastAddressesAllowed
MulticastfiltersandIGMPfilters(addresses)togethercantotalupto255in
theswitch.IfmultipleVLANsareconfigured,theneachfilteriscountedonce
perVLANinwhichitisused.
InteractionwithMulticastTraffic/SecurityFilters.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-101
SpanningTreeProtocol(STP)
STPFeatures
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
viewingtheSTPconfiguration n/a page page

9-103 9-105
enable/disableSTP disabled page page page
9-103 9-106 9-108
reconfiguringgeneraloperation priority:32768 page page
maxage:20s 9-103 9-106
hellotime:2s
fwd.delay:15s
reconfiguringper-portSTP pathcost:var page page
priority:128 9-103 9-107
mode:norm
monitoringSTP n/a page page n/a
10-15 10-15
TheswitchusestheIEEE802.1DSpanningTreeProtocol(STP),when
enabled,toensurethatonlyonepathatatimeisactivebetweenanytwonodes
onthenetwork.Innetworkswherethereismorethanonephysicalpath
betweenanytwonodes,STPensuresasingleactivepathbetweenthemby
blockingallredundantpaths.EnablingSTPisnecessaryinsuchnetworks
becausehavingmorethanonepathbetweenapairofnodescausesloopsin
thenetwork,whichcanresultinduplicationofmessages,leadingtoabroad-
caststormthatcanbringdownthenetwork.
Not e YoushouldenableSTPinanyswitchthatispartofaredundantphysicallink
(looptopology).(ItisrecommendedthatyouenableSTPonallswitches
belongingtoalooptopology.)ThistopiciscoveredinmoredetailunderHow
STPOperatesonpage9-108.
AsrecommendedintheIEEE802.1QVLANstandard,theSwitches2512and
2524usesingle-instanceSTP;asinglespanningtreeiscreatedtomakesure
therearenonetworkloopsassociatedwithanyoftheconnectionstothe
switch,regardlessofwhetherVLANsareconfiguredontheswitch.Thus,these
switchesdonotdistinguishbetweenVLANswhenidentifyingredundant
physicallinks.IfVLANsareconfiguredontheswitch,seeSTPOperationwith
802.1QVLANsonpage9-110.
9-102
STPFastModeforOvercomingServerAccessFailures.Ifanendnode
isconfiguredtoautomaticallyaccessaserver,thedurationoftheSTPstartup
sequencecanresultinaserveraccessfailure.Onportswherethisisa
problem,configuringSTPFastModecaneliminatethefailure.Formore
information,seeSTPFastModeonpage9-109.Also,formoreinformation
onSTP,seeHowSTPOperatesonpage9-108.
Inthefactorydefaultconfiguration,STPisoff.Ifaredundantlink(loop)exists
betweennodesinyournetwork,youshouldenableSpanningTree.
Not e STPretainsitscurrentparametersettingswhendisabled.Thus,ifyou
disableSTP,thenlaterre-enableit,theparametersettingswillbethesame
asbeforeSTPwasdisabled.
Ca u t i o n Becausetheswitchautomaticallygivesfasterlinksahigherpriority,the
defaultSTPparametersettingsareusuallyadequateforspanningtree
operation.AlsobecauseincorrectSTPsettingscanadverselyaffectnetwork
performance,youshouldnotmakechangesunlessyouhaveastrongunder-
standingofhowSTPoperates.FormoreonSTP,seetheIEEE802.1Dstandard.
Menu:ConfiguringSTP
4.SpanningTreeOperation
2. Press(forEdit) tohighlighttheSpanningTreeEnabledparameter.
3. PresstheSpacebartoselectYes.(ThisenablesSTP.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-103
)
l
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Read-On yFields
Figure9-69.ExampleoftheSTPConfigurationScreen
4. IftheremainingSTPparametersettingsareadequateforyournetwork,
gotostep8.
5. Useorthearrowkeystoselectthenextparameteryouwanttochange,
thentypeinthenewvalueorpresstheSpaceBartoselectavalue.(Ifyou
needinformationonSTPparameters,presstoselecttheActions
line,thenpressHtogethelp.)
6. Repeatstep5foreachadditionalparameteryouwanttochange.
ForinformationontheModeparameter,seeSTPFastModeonpage
9-109.
7. Whenyouarefinishededitingparameters,press toreturntothe
Actions line.
8. PresstosavethecurrentlydisplayedSTPparametersettings,then
returntotheMainMenu.
9-104
CLI:ConfiguringSTP
STPCommandsUsedinThisSection
showspanning-treeconfig Below
spanning-tree page9-106
forward-delay<4-30> page9-106
hello-time<1-10> page9-106
maximum-age<6-40> page9-106
priority<0-65535> page9-106
ethernet<port-list> page9-107
path-cost<1-65535> page9-107
priority<0-255> page9-107
mode<norm|fast> page9-107
showspanningtree SeeSpanningTreeProtocol(STP)Informationonpage10-15
ViewingtheCurrentSTPConfiguration. RegardlessofwhetherSTPis
disabled(thedefault),thiscommandliststheswitchsfullSTPconfiguration,
includinggeneralsettingsandportsettings.
Syntax: showspanning-treeconfiguration
Default: Seefigure9-70,below.
Inthedefaultconfiguration,STPappearsasshownhere:
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Figure9-70.ExampleoftheDefaultSTPConfigurationListing
9-105
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
EnablingorDisablingSTP. EnablingSTPimplementsthespanning-tree
protocolforallphysicalportsontheswitch,regardlessofwhethermultiple
VLANsareconfigured.DisablingSTPremovesprotectionagainstredundant
loopsthatcansignificantlysloworhaltanetwork.
Syntax: [no]spanning-tree
Default: Disabled
ThiscommandenablesSTPwiththecurrentparametersettingsordisables
STPwithoutlosingthemost-recentlyconfiguredparametersettings.(Tolearn
howtheswitchhandlesparameterchanges,howtotestchangeswithout
losingtheprevioussettings,andhowtoreplaceprevioussettingswithnew
settings,seeappendixC,SwitchMemoryandConfiguration.)When
enablingSTP,youcanalsoincludetheSTPgeneralandper-portparameters
describedinthenexttwosections.Whenyouusethenoformofthe
command,youcandosoonlytodisableSTP.(STPparametersettingsarenot
changedwhenyoudisableSTP,andcannotbeincludedwiththenospanning-
treecommand.
Ca u t i o n BecauseincorrectSTPsettingscanadverselyaffectnetworkperformance,
HPrecommendsthatyouusethedefaultSTPparametersettings.Youshould
notchangethesesettingsunlessyouhaveastrongunderstandingofhowSTP
operates.FormoreonSTP,seetheIEEE802.1Dstandard.
HP2512(config)# spanning tree EnablesSTPontheswitch.
ReconfiguringGeneralSTPOperationontheSwitch.Thiscommand
enablesSTP(ifitisnotalreadyenabled)andconfiguresoneormoreofthe
followingparameters:
Table9-10.GeneralSTPOperatingParameters
Name Default Function Range
priority 32768 0-65535 Specifiesthepriorityvalueusedalongwiththe
switchMACaddresstodeterminewhichdeviceis
root.Thelowerapriorityvalue,thehigherthe
priority.
maximum-age 20seconds 6-40
seconds
Maximumreceivedmessageagetheswitchallows
forSTPinformationbeforediscardingthemessage,
hello-time 2seconds 1-10 Timebetweenmessagestransmittedwhenthe
switchistheroot.
forward-delay 15seconds 4-30
seconds
Timetheswitchwaitsbeforetransitioningfromthe
listeningtothelearningstate,andbetweenthe
learningstatetotheforwardingstate.
9-106
YoucanalsoincludeoneormoreoftheSTPper-portparametersinthis
command.SeeReconfiguringPer-PortSTPOperationontheSwitchonpage
9-107.
Syntax: spanning-tree
priority<0-65355>
maximum-age<6-40seconds>
hello-time<1-10seconds>
forward-delay<4-30seconds>
Default: Seetable9-10,above.
Forexample,toenableSTPwithamaximum-ageof30secondsandahello-
timeof3seconds:
HP2512(config)# spanning tree maximum-age 30 hello-time 3
ReconfiguringPer-PortSTPOperationontheSwitch.Thiscommand
enablesSTP(ifnotalreadyenabled)andconfiguresthefollowingper-port
parameters:
Table9-11.Per-PortSTPParameters
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Name Range Function Default

path-cost Ethernet:
10/100Tx:
100Fx:
100
10
10
1-65535 Assignsanindividualportcostthattheswitchuses
todeterminewhichportsaretheforwardingports.
Gigabit: 5
priority 128 0-255 UsedbySTPtodeterminetheport(s)tousefor
forwarding.Theportwiththelowestnumberhas
thehighestpriority.
mode norm norm
-or-
fast
Specifieswhetheraportprogressesthroughthe
listening,learning,andforwarding(orblocking)
states(normmode)ortransitionsdirectlytothe
forwardingstate(fastmode).
(ForinformationonwhentouseFastmode,see
STPFastModeonpage9-109.)
YoucanalsoincludeSTPgeneralparametersinthiscommand.SeeRecon-
figuringGeneralSTPOperationontheSwitchonpage9-106.
Syntax: spanning-treeethernet<port-list>
path-cost<1-65535>
priority<0-255>
mode<norm|fast>
Default: Seetable9-11,above.
9-107
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Forexample,thefollowingenablesSTP(ifitisnotalreadyenabled)and
configuresports5and6toapathcostof15,apriorityof100,andfastmode:
HP2512(config)# spanning-tree ethernet 5-6 path-cost 15
priority 100 mode fast
Web:EnablingorDisablingSTP
InthewebbrowserinterfaceyoucanenableordisableSTPontheswitch.To
configureotherSTPfeatures,telnettotheswitchconsoleandusetheCLI.
ToenableordisableSTPontheswitch:
1. ClickontheConfigurationtab
2. Clickon.
3.
4. Clickon toimplement theconfigurationchange.
HowSTPOperates
Theswitchautomaticallysensesportidentityandtype,andautomatically
definesportcostandpriorityforeachtype.Theconsoleinterfaceallowsyou
toadjusttheCostandPriorityforeachport,aswellastheModeforeachport
andtheglobalSTPparametervaluesfortheswitch.
Whileallowingonlyoneactivepaththroughanetworkatanytime,STPretains
anyredundantphysicalpathtoserveasabackup(blocked)pathincasethe
existingactivepathfails.Thus,ifanactivepathfails,STPautomatically
activates(unblocks)anavailablebackuptoserveasthenewactivepathfor
aslongastheoriginalactivepathisdown.Forexample:
9-108
ActivepathfromnodeAtonodeB:1>3
Backup(redundant)pathfromnodeAtonodeB:4>2>3
A
B
1
pathcost:
100
3
4
pathcost:200
2
node
switchA
node
switchD switchB switchC
pathcost:100
pathcost:100
Figure9-71.ExampleofRedundantPathsBetweenTwoNodes
STPFastMode
ForstandardSTPoperation,whenanetworkconnectionisestablishedona
devicethatisrunningSTP,theportusedfortheconnectiongoesthrougha
sequenceofstates(ListeningandLearning)beforegettingtoitsfinalstate
(ForwardingorBlocking,asdeterminedbytheSTPnegotiation).This
sequencetakestwotimestheforwarddelayvalueconfiguredfortheswitch.
Thedefaultis15secondsonHPswitches,pertheIEEE802.1Dstandard
recommendation,resultinginatotalSTPnegotiationtimeof30seconds.Each
switchportgoesthroughthisstart-upsequencewheneverthenetworkcon-
nectionisestablishedontheport.Thisincludes,forexample,whentheswitch
orconnecteddeviceispoweredup,orthenetworkcableisconnected.
AproblemcanarisefromthislongSTPstart-upsequencebecausesomeend
nodesareconfiguredtoautomaticallytrytoaccessanetworkserverwhen-
evertheendnodedetectsanetworkconnection.Typicalserveraccess
includestoNovellservers,DHCPservers,andXterminalservers.Iftheserver
accessisattemptedduringthetimethattheswitchportisnegotiatingitsSTP
state,theserveraccesswillfail.Toprovidesupportforthisendnodebehavior,
theSwitches2512and2524offeraconfigurationmode,calledFastMode,
thatcausestheswitchporttoskipthestandardSTPstart-upsequenceand
puttheportdirectlyintotheForwardingstate,thusallowingtheserver
accessrequesttobeforwardedwhentheendnodeneedsit.
Ifyouencounterendnodesthatrepeatedlyindicateserveraccessfailurewhen
attemptingtobringuptheirnetworkconnection,andyouhaveenabledSTP
ontheswitch,trychangingtheconfigurationoftheswitchportsassociated
withthoseendnodestoSTPFastMode.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-109
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
Ca u t i o n TheFastModeconfigurationshouldbeusedonlyonswitchportsconnected
toendnodes.ChangingtheModetoFastonportsconnectedtohubs,switches,
orroutersmaycauseloopsinyournetworkthatSTPmaynotbeableto
immediatelydetect,inallcases.Thiswillcausetemporaryloopsinyour
network.Afterthefaststart-upsequence,though,theswitchportsoperate
accordingtotheSTPstandard,andwilladjusttheirstatetoeliminatecontinu-
ingnetworkloops.
ToConfigureFastModeforaSwitchPort:
IntheCLI,usethiscommand:spanningtreemode<portlist>fast
Forexample,toconfigureFastmodeforports1-3and5:
HP2512(config)# spanning-tree ethernet 1-3,5 mode fast
Inthemenuinterface,gototheMainMenuandfollowthestepsunder
Menu:ConfiguringSTPonpage9-103.
STPOperationwith802.1QVLANs
AsrecommendedintheIEEE802.1QVLANstandard,whenspanningtreeis
enabledontheswitch,asinglespanningtreeisconfiguredforallportsacross
theswitch,includingthoseinseparateVLANs.Thismeansthatifredundant
physicallinksexistinseparateVLANs,spanningtreewillblockallbutoneof
thoselinks.However,ifyouneedtouseSTPontheSwitch2512orSwitch
2524inaVLANenvironmentwithredundantphysicallinks,youcanprevent
blockedredundantlinksbyusingaporttrunk.Thefollowingexampleshows
howyoucanuseaporttrunkwith802.1Q(tagged)VLANsandSTPwithout
unnecessarilyblockinganylinksorlosinganybandwidth.
9-110
Problem:
Solution:
STPenabledwith2
STPenabledwith
separate(non-trunked)
onetrunkedlink.
linksblocksaVLANlink.
Nodes1and2cannot Nodes1and2cancommunicate
communicatebecause becauseSTPseesthetrunkasa
STPisblockingthelink. singlelinkand802.1Q(tagged)VLANs
enabletheuseofone(trunked)link
forbothVLANs.
Figure9-72.ExampleofUsingaTrunkedLinkwithSTPandVLANs
Formoreinformation,refertoSpanningTreeProtocolOperationwith
VLANsonpage9-73.
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-111
C
o
n
f
i
g
u
r
i
n
g
A
d
v
a
n
c
e
d
F
e
a
t
u
r
e
s
9-112
10
MonitoringandAnalyzingSwitchOperation
ChapterContents
Overview .................................................... 10-2
StatusandCountersData .................................... 10-3
MenuAccessToStatusandCounters ......................... 10-4
GeneralSystemInformation ................................. 10-5
MenuAccess ........................................... 10-5
CLIAccess............................................. 10-5
SwitchManagementAddressInformation...................... 10-6
MenuAccess ........................................... 10-6
CLIAccess............................................. 10-6
PortStatus................................................ 10-7
Menu:DisplayingPortStatus ............................. 10-7
CLIAccess............................................. 10-7
WebAccess ............................................ 10-7
ViewingPortandTrunkGroupStatistics ...................... 10-8
MenuAccesstoPortandTrunkStatistics.................. 10-9
CLIAccessToPortandTrunkGroupStatistics ............ 10-10
WebBrowserAccessToViewPortandTrunkGroup
Statistics ............................................. 10-10
ViewingtheSwitchsMACAddressTables.................... 10-11
MenuAccesstotheMACAddressViewsandSearches ...... 10-12
CLIAccessforMACAddressViewsandSearches .......... 10-14
SpanningTreeProtocol(STP)Information.................... 10-15
MenuAccesstoSTPData ............................... 10-15
CLIAccesstoSTPData................................. 10-16
InternetGroupManagementProtocol(IGMP)Status ........... 10-17
VLANInformation ......................................... 10-18
WebBrowserInterfaceStatusInformation .................... 10-20
PortMonitoringFeatures ................................... 10-21
Menu:ConfiguringPortMonitoring .......................... 10-22
CLI:ConfiguringPortMonitoring ............................ 10-24
Web:ConfiguringPortMonitoring ........................... 10-26
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
10-1
Overview
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
Overview
TheSeries2500switcheshaveseveralbuilt-intoolsformonitoring,analyzing,
andtroubleshootingswitchandnetworkoperation:
Status:Includesoptionsfordisplayinggeneralswitchinformation,man-
agementaddressdata,portstatus,MACaddressesdetectedoneachport,
andSTP,IGMP,andVLANdata.
Counters:Displaydetailsoftrafficvolumeonindividualports.
EventLog:Listsswitchoperatingevents.
AlertLog:Listsnetworkoccurrencesdetectedbytheswitch(inthe
Status|Overviewscreenofthewebbrowserinterface).
Configurabletrapreceivers:UsesSNMPtoenablemanagementsta-
tionsonyournetworktoreceiveSNMPtrapsfromtheswitch.
PortorVLANmonitoring(mirroring):Copyalltrafficfromthespec-
ifiedportsorVLANtoadesignatedmonitoringport.
Not e Linktest,pingtest,browseconfiguration,andtheCommandpromptanalysis
toolsintroubleshootingsituationsaredescribedinchapter8,Troubleshoot-
ing.SeeDiagnosticToolsonpage14.
10-2
StatusandCountersData
Thissectiondescribesthestatusandcountersscreensavailablethroughthe
switchconsoleinterfaceand/orthewebbrowserinterface.
Not e YoucanaccessallconsolescreensfromthewebbrowserinterfaceviaTelnet
totheconsole.TelnetaccesstotheswitchisavailableintheDeviceView
windowundertheConfigurationtab.
Interface Page StatusorCountersType Purpose
MenuAccesstoStatusand Menu
Counters
GeneralSystemInformation Menu,CLI
ManagementAddress
Information
PortStatus
PortandTrunkStatistics
AddressTable
(AddressForwardingTable)
PortAddressTable
STPInformation
IGMPStatus
VLANInformation
PortStatusOverview
Menu,CLI
Menu,CLI,
Web
Menu,CLI,
Web
Menu,CLI
Menu,CLI
Menu,CLI
Menu,CLI
Menu,CLI
Web
Accessmenuinterfaceforstatusandcounterdata. 10-4
Listsswitch-leveloperatinginformation. 10-5
ListstheMACaddress,IPaddress,andIPXnetworknumberfor 10-6
eachVLANor,ifnoVLANsareconfigured,fortheswitch.
Displaystheoperationalstatusofeachport. 10-7
Summarizesportactivity. 10-8
ListstheMACaddressesofnodestheswitchhasdetectedonthe 10-11
network,withthecorrespondingswitchport.
ListstheMACaddressesthattheswitchhaslearnedfromthe 10-11
selectedport.
ListsSpanningTreeProtocoldatafortheswitchandforindividual 10-15
ports.IfVLANsareconfigured,reportsonaper-VLANbasis.
ListsIGMPgroups,reports,queries,andportonwhichquerieris 10-17
located.
ForeachVLANconfiguredintheswitch,lists802.1QVLANIDand 10-18
up/downstatus.
ShowsportutilizationandtheAlertLog. 10-20
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
10-3
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
MenuAccessToStatusandCounters
BeginningattheMainMenu,displaytheStatusandCountersmenubyselect-
ing:
1.StatusandCounters
Figure10-1. TheStatusandCountersMenu
Eachoftheabovemenuitemsaccessestheread-onlyscreensdescribedon
thefollowingpages.Refertotheonlinehelpforadescriptionoftheentries
displayedinthesescreens.
10-4
GeneralSystemInformation
MenuAccess
FromtheconsoleMainMenu,select:
1.StatusandCounters
1.GeneralSystemInformation
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
Figure10-2. ExampleofGeneralSwitchInformation
Thisscreendynamicallyindicateshowindividualswitchresourcesarebeing
used.SeetheonlineHelpfordetails.
CLIAccess
Syntax: showsystem-information
10-5
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
SwitchManagementAddressInformation
MenuAccess
1StatusandCounters...
2.SwitchManagementAddressInformation
Figure10-3. ExampleofManagementAddressInformationwithVLANsConfigured
Thisscreendisplaysaddressesthatareimportantformanagementofthe
switch.IfmultipleVLANsarenotconfigured,thisscreendisplaysasingleIP
addressfortheentireswitch.SeetheonlineHelpfordetails.
CLIAccess
Syntax: showmanagement
10-6
PortStatus
Thewebbrowserinterfaceandtheconsoleinterfaceshowthesameport
statusdata.
Menu:DisplayingPortStatus
1.StatusandCounters...3.PortStatus
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
Figure10-4. ExampleofPortStatusontheMenuInterface
CLIAccess
Syntax: showinterfaces
WebAccess
1. ClickontheStatustab.
2. Clickon .
10-7
ViewingPortandTrunkGroupStatistics
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n

viewingportandtrunkstatistics n/a page10-9 page10-10 page10-10
forallports
viewingadetailedsummaryfora n/a page10-9 page10-10 page10-10
particularportortrunk
resettingcounters n/a page10-9 page10-10 page10-10
Thesefeaturesenableyoutodeterminethetrafficpatternsforeachportsince
thelastrebootorresetoftheswitch.Youcandisplay:
AgeneralreportoftrafficonallLANportsandtrunkgroupsintheswitch
Adetailedsummaryof trafficonaselectedportortrunkgroup.
Youcanalsoresetthecountersforaspecificport.
Themenuinterfaceandthewebbrowserinterfaceprovideadynamicdisplay
ofcounterssummarizingthetrafficoneachport.TheCLIletsyouseeastatic
snapshotofportortrunkgroupstatisticsataparticularmoment.
Asmentionedabove,rebootingorresettingtheswitchresetsthecountersto
zero.Youcanalsoresetthecounterstozeroforthecurrentsession.Thisis
usefulfortroubleshooting. SeetheNoteOnReset,below.
No t e o n Re s e t TheResetactionresetsthecounterdisplaytozeroforthecurrentsession,
butdoesnotaffectthecumulativevaluesintheactualhardwarecounters.(In
compliancewiththeSNMPstandard,thevaluesinthehardwarecountersare
notresettozerounlessyoureboottheswitch.)Thus,usingtheReset action
resetsthedisplayedcounterstozeroforthecurrentsessiononly.Exitingfrom
theconsolesessionandstartinganewsessionrestoresthecounterdisplays
totheaccumulatedvaluesinthehardwarecounters.
10-8
MenuAccesstoPortandTrunkStatistics
ToaccessthisscreenfromtheMainMenu,select:
4.PortCounters
Figure10-5. ExampleofPortCountersontheMenuInterface
Toviewdetailsaboutthetrafficonaparticularport,usethe[v]keytohighlight
thatportnumber,thenselectShowDetails.Forexample,selectingport2
displaysascreensimilartofigure10-6,below.
Figure10-6. ExampleoftheDisplayforShowdetailsonaSelectedPort
ThisscreenalsoincludestheResetactionforthecurrentsession.(Seethe
NoteonResetonpage10-8.)
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
10-9
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
CLIAccessToPortandTrunkGroupStatistics
ToDisplaythePortCounterSummaryReport. Thiscommandprovides
anoverviewofportactivityforallportsontheswitch.
Syntax: showstatistics
ToDisplayaDetailedTrafficSummaryforaSpecificPort.Thiscom-
mandprovidestrafficdetailsfortheportyouspecify.
Syntax: showstatistics<port-number>
ToResetthePortCountersforaSpecificPort.Thiscommandresets
thecountersforthespecifiedportstozeroforthecurrentsession.(Seethe
NoteonResetonpage10-8.)
Syntax: clearstatistics<[ethernet]port-list>
WebBrowserAccessToViewPortandTrunkGroupStatistics
1. ClickontheStatustab.
2. Clickon .
3. Toresetthecountersforaspecificport,clickanywhereintherowfor
thatport,thenclickon .
10-10
ViewingtheSwitchsMACAddressTables
viewingMACaddressesonall n/a page10-12 page10-14
ports
viewingMACaddressesona n/a page10-13 page10-14
specificport
viewingMACaddressesona n/a page10-14
specificVLAN
searchingforaMACaddress n/a page10-13 page10-14
Thesefeatureshelpyoutoview:
TheMACaddressesthattheswitchhaslearnedfromnetworkdevices
attachedtotheswitch
TheportonwhicheachMACaddresswaslearned
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
10-11
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
MenuAccesstotheMACAddressViewsandSearches
Switch-LevelMAC-AddressViewingandSearching. Thisfeaturelets
youdeterminewhichswitchportisbeingusedtocommunicatewithaspecific
deviceonthenetwork.Thelistingincludes:
TheMACaddressesthattheswitchhaslearnedfromnetworkdevices
attachedtotheswitch
TheportonwhicheachMACaddresswaslearned
1.StatusandCounters
5.AddressTable
Figure10-7. ExampleoftheAddressTable(Switch4000M)
Topagethroughthelisting,useNextpageandPrevpage.
IdentifyingthePortConnectionforaSpecificDevice. Thisfeature
usesadevicesMACaddressthatyouentertoidentifytheportusedbythat
device.
1. Proceedingfromfigure10-10-7,press(forSearch),todisplaythe
followingprompt:
Enter MAC address: _
10-12
2. TypetheMACaddressyouwanttolocateandpress.Theaddress
andportnumberarehighlightediffound.Iftheswitchdoesnotfindthe
address,itleavestheMACaddresslistingempty.
LocatedMAC
Addressand
Corresponding
PortNumber
Figure10-8. ExampleofMenuIndicatingLocatedMACAddress
Port-LevelMACAddressViewingandSearching. Thisfeaturedisplays
andsearchesforMACaddressesonthespecifiedportinsteadofforallports
ontheswitch.
1.StatusandCounters
6.PortAddressTable
PromptforSelecting
thePortToSearch
Figure10-9. ListingMACAddressesforaSpecificPort
2. UsetheSpacebartoselecttheportyouwanttolistorsearchforMAC
addresses,thenpresstolisttheMACaddressesdetectedonthatport.
DeterminingWhetheraSpecificDeviceIsConnectedtotheSelected
Port. Proceedingfromstep2,above:
1. Press(forSearch),todisplaythefollowingprompt:
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
10-13
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
Enter MAC address: _
2. TypetheMACaddressyouwanttolocateandpress.Theaddressis
highlightediffound.Iftheswitchdoesnotfindtheaddress,itleavesthe
MACaddresslistingempty.
CLIAccessforMACAddressViewsandSearches
Syntax: showmac-address
[vlan<vlan-id>]
[ethernet]<port-list>]
[<mac-addr>]
ToListAllLearnedMACAddressesontheSwitch,withThePort
NumberonWhichEachMACAddressWasLearned.
HP2512> show mac-address
ToListAllLearnedMACAddressesononeormoreports,withTheir
CorrespondingPortNumbers. Forexample,tolistthelearnedMAC
addressonports1through5andport7:
HP2512> show mac-address 1-5,7
ToListAllLearnedMACAddressesonaVLAN,withTheirPort
Numbers. ThiscommandliststheMACaddressesassociatedwiththeports
foragivenVLAN.Forexample:
HP2512> show mac-address vlan 100
Not e TheSeries2500switcheshaveaSingleForwardingDatabasearchitecture.
ThismeanstheswitcheshaveonlyasingleMACaddresstable,andnota
separateMACaddresstableperVLAN.
ToFindthePortOnWhichtheSwitchLearnedaSpecificMAC
Address. Forexample,tofindtheportonwhichtheswitchlearnsaMAC
addressof0060b0-889e00:
HP2512> show mac-address 0060b0-889e00
10-14
SpanningTreeProtocol(STP)Information
MenuAccesstoSTPData
7.SpanningTreeInformation
STPmustbeenabledontheswitchtodisplaythefollowingdata:
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
Figure10-10.ExampleofSpanningTreeInformation
Usethisscreentodeterminecurrentswitch-levelSTPparametersettingsand
statistics.
YoucanusetheShowportsactionatthebottomofthescreentodisplayport-
levelinformationandparametersettingsforeachportintheswitch(including
porttype,cost,priority,operatingstate,anddesignatedbridge)asshownin
figure10-10-11.
10-15
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
Figure10-11.ExampleofSTPPortInformation
CLIAccesstoSTPData
ThisoptionliststheSTPconfiguration,rootdata,andper-portdata(cost,
priority,state,anddesignatedbridge).
Syntax: showspanning-tree
HP2512> show spanning-tree
10-16
InternetGroupManagementProtocol(IGMP)Status
TheswitchusestheCLItodisplaythefollowingIGMPstatusonaper-VLAN
basis:
ShowCommand Output
showipigmp GlobalcommandlistingIGMPstatusforallVLANsconfigured
intheswitch:
VLANID(VID)andname
ActivegroupaddressesperVLAN
Numberofreportandquerypacketspergroup
QuerieraccessportperVLAN
showipigmp<vlan-id> Per-VLANcommandlistingaboveIGMPstatusforspecified
VLAN(VID)
showipigmpgroup<ip-addr> Liststheportscurrentlyparticipatinginthespecifiedgroup,
withporttype,Accesstype,AgeTimerdataandLeaveTimer
data.
Forexample,supposethatshowipigmplistedanIGMPgroupaddressof
224.0.1.22.Youcouldgetadditionaldataonthatgroupbyexecutingthe
following:
Figure10-12.ExampleofIGMPGroupData
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
10-17
VLANInformation
TheswitchusestheCLItodisplaythefollowingVLANstatus:
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
ShowCommand Output
showvlan Lists:
MaximumnumberofVLANstosupport
ExistingVLANs
Status(staticordynamic)
PrimaryVLAN
showvlan<vlan-id> ForthespecifiedVLAN,lists:
Name,VID,andstatus(static/dynamic)
Per-Portmode(tagged,untagged,forbid,no/auto)
UnknownVLANsetting(Learn,Block,Disable)
Portstatus(up/down)
Forexample,supposethatyourswitchhasthefollowingVLANs:
Ports VLAN VID
1-12 DEFAULT_VLAN 1
1,2 VLAN-33 33
3,4 VLAN-44 44
ThenextthreefiguresshowhowyoucouldlistdataontheaboveVLANs.
ListingtheVLANID(VID)andStatusforALLVLANsintheSwitch.
Figure10-13.ExampleofVLANListingfortheEntireSwitch
10-18
ListingtheVLANID(VID)andStatusforSpecificPorts.
Becauseports1and
2arenotmembersof
VLAN-44,itdoesnot
appearinthislisting.
Figure10-14.ExampleofVLANListingforSpecificPorts
ListingIndividualVLANStatus.
10-19
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
WebBrowserInterfaceStatusInformation
ThehomescreenforthewebbrowserinterfaceistheStatusOverview
screen,asshownbelow.Asthetitleimplies,itprovidesanoverviewofthe
statusoftheswitch,includingsummarygraphsindicatingthenetworkutili-
zationoneachoftheswitchports,symbolicportstatusindicators,andthe
AlertLog,whichinformsyouofanyproblemsthatmayhaveoccurredonthe
switch.
Formoreinformationonthisscreen,seechapter4,UsingtheHPWeb
BrowserInterface.
Port
PortStatus
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
Utilization
Graphs
Indicators
AlertLog
Figure10-15.ExampleofaWebBrowserInterfaceStatusOverviewScreen
10-20
PortMonitoringFeatures
displaymonitoring disabled page10-22 page10-24 page10-26
configuration
configurethemonitorport(s) ports:none page10-22 page10-25 page10-26
orVLAN
VLANs:DEFAULT_VLAN
selectingorremovingports noneselected page10-22 page10-25 page10-26
orVLANs
Youcandesignateaportformonitoringtrafficofoneormoreotherportsor
ofasingleVLANconfiguredontheswitch.Theswitchmonitorsthenetwork
activitybycopyingalltrafficfromthespecifiedmonitoringsources(portsor
VLAN)tothedesignatedmonitoringport,towhichanetworkanalyzercanbe
attached.
Not e Porttrunkgroupscannotbeusedasamonitoringport.
Itispossible,whenmonitoringmultipleportsinnetworkswithhightraffic
levels,tocopymoretraffictoamonitorportthanthelinkcansupport.Inthis
case,somepacketsmaynotbecopiedtothemonitorport.
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
10-21
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
Menu:ConfiguringPortMonitoring
Thisproceduredescribesconfiguringtheswitchformonitoringwhenmoni-
toringisdisabled.(Ifmonitoringhasalreadybeenenabled,thescreenswill
appeardifferentlythanshowninthisprocedure.)
1. FromtheConsoleMainMenu,Select:
3.NetworkMonitoringPort
ing Enablemonitor
bysettingthis
parametertoYes.
Figure10-16.TheDefaultNetworkMonitoringConfigurationScreen
2. IntheActionsmenu,press(for Edit).
3. Ifmonitoringiscurrentlydisabled(thedefault)thenenableitbypressing
theSpacebar(or)toselect Yes.
4. Pressthedownarrowkeytodisplayascreensimilartothefollowingand
movethecursortotheMonitoringPort parameter.
10-22
Movethecursortothe
MonitoringPortparameter.
Figure10-17.HowToSelectaMonitoringPort
5. UsetheSpacebartoselecttheporttouseformonitoring,thenpressthe
downarrowkeytoselecttheMonitorparameter.(Thedefaultsettingis
Ports,whichyouwilluseifyouwanttomonitoroneormoreindividual
portsontheswitch.)
Tomonitorindividualports:
i. Leavethe Monitor parametersettoPorts andpressthedown
arrowkeytomovethecursortothe Actioncolumnforthe
individualports.
ii. PresstheSpacebartoselect Monitorforeachportthatyouwant
monitored.(Usethedownarrowkeytomovefromoneportto
thenextinthe Action column.)
iii. Press,thenpress(for Save)tosaveyourchangesand
exitfromthescreen.
TomonitorallportsinaVLAN:
i. PresstheSpacebartoselectVLANintheMonitorparameter,.
ii. PressthedownarrowkeytomovetotheVLANparameter(figure
10-18onpagepage10-24).
iii. PresstheSpacebaragaintoselecttheVLANthatyouwantto
monitor.
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
10-23
iv. Press,thenpress(forSave)tosaveyourchangesand
exitfromthescreen.
Note:Thisscreen
appearsinsteadofthe
oneinfigure10-17ifthe
Monitorparameterisset
toVLAN
i
ExampleofaVLAN
Monitor ngParameter
Figure10-18.ExampleofSelectingaVLANtoMonitor
7. ReturntotheMainMenu.
CLI:ConfiguringPortMonitoring
PortMonitoringCommandsUsedinThisSection
showmirror-port below
mirror-port page10-25
monitor(VLAN) page10-25
monitor(Port) page10-25
Youmustusethefollowingconfigurationsequencetoconfigureportmonitor-
ingintheCLI:
1. Assignamonitoring(mirror)port.
2. Designatetheport(s)and/oraVLANtomonitor.
DisplayingthePortMonitoringConfiguration. Thiscommandliststhe
portassignedtoreceivemonitoredtrafficandtheportsbeingmonitored.
Syntax: showmirror-port
Forexample,ifyouassignport12asthemonitoringportandconfigurethe
switchtomonitorports1-3,showmirror-portdisplaysthefollowing:
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
10-24
Portreceivingmonitoredtraffic.
MonitoredPorts
Figure10-19.ExampleofMonitoredPortListing
ConfiguringtheMonitorPort. Thiscommandassignsorremovesamon-
itoringport,andmustbeexecutedfromtheglobalconfigurationlevel.Remov-
ingthemonitorportdisablesportmonitoringandresetsthemonitoring
parameterstotheirfactory-defaultsettings.
Syntax: [no]mirror-port[<port-num>]
Forexample,toassignport12asthemonitoringport:
HP2512(config)# mirror-port 12
Toturnoffportmonitoring:
HP2512(config)# no mirror-port
SelectingorRemovingPortsorVLANsAsMonitoringSources.After
youconfigureamonitorportyoucanuseeithertheglobalconfigurationlevel
ortheinterfacecontextleveltoselectportsorVLANsasmonitoringsources.
Youcanalsouseeitherleveltoremovemonitoringsources.
Syntax: [no]monitor[vlan<vlan-id>|interfaceethernet<port-list>]
Forexample,withamonitoring(mirror)portconfigured(above),youcould
selectports1and2formonitoring:
l
i l l,
ing
Fromtheglobalconfig evel,selectsports
orVLANasmonitoringsources.
Fromthe nterfaceorVLANcontext eve
selectstheportsorVLANasmonitor
sources.
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
Figure10-20.ExamplesofSelectingPortsandVLANsasMonitoringSources
10-25
M
o
n
i
t
o
r
i
n
g
a
n
d
A
n
a
l
y
z
i
n
g
S
w
i
t
c
h
O
p
e
r
a
t
i
o
n
Fromtheglobalconfiglevel,removes
portsorVLANasmonitoringsources.
FromtheinterfaceorVLANcontextlevel,
removestheportsorVLANasmonitoring
sources.
Figure10-21.ExamplesofRemovingPortsandVLANsasMonitoringSources
Web:ConfiguringPortMonitoring
Toenableportmonitoring:
2. Clickon.
3. Doeitherofthefollowing:
TomonitoraVLAN:
i. ClickontheradiobuttonforMonitor1VLAN.
ii. SelecttheVLANtomonitor.
Tomonitoroneormoreports.
i. ClickontheradiobuttonforMonitorSelectedPorts.
ii. Selecttheport(s)tomonitor.
4. Clickon .
Toremoveportmonitoring:
1. ClickontheMonitoringOffradiobutton.
2. Clickon .
10-26
11
Troubleshooting
ChapterContents
Overview .................................................... 11-2
TroubleshootingApproaches.................................. 11-3
BrowserorConsoleAccessProblems.......................... 11-4
UnusualNetworkActivity .................................... 11-6
GeneralProblems....................................... 11-6
IGMP-RelatedProblems ................................. 11-7
ProblemsRelatedtoSpanning-TreeProtocol(STP).......... 11-8
Stacking-RelatedProblems............................... 11-8
TimeporGatewayProblems ............................. 11-8
VLAN-RelatedProblems ................................. 11-9
UsingtheEventLogToIdentifyProblemSources............. 11-11
Menu:EnteringandNavigatingintheEventLog ............... 11-12
CLI: ..................................................... 11-13
DiagnosticTools ............................................ 11-14
PingandLinkTests ........................................ 11-14
Web:ExecutingPingorLinkTests....................... 11-15
CLI:PingorLinkTests ................................. 11-16
DisplayingtheConfigurationFile ............................ 11-18
CLI:ViewingtheConfigurationFile ...................... 11-18
Web:ViewingtheConfigurationFile...................... 11-18
CLIAdministrativeandTroubleshootingCommands ........... 11-19
RestoringtheFactory-DefaultConfiguration ................. 11-20
CLI:ResettingtotheFactory-DefaultConfiguration ........ 11-20
Clear/Reset:ResettingtotheFactory-DefaultConfiguration . 11-20
T
r
o
u
b
l
e
s
h
o
o
t
i
n
g
11-1
T
r
o
u
b
l
e
s
h
o
o
t
i
n
g
Troubleshooting
Overview
Overview
Thischapteraddressesperformance-relatednetworkproblemsthatcanbe
causedbytopology,switchconfiguration,andtheeffectsofotherdevicesor
theirconfigurationsonswitchoperation.(Forswitch-specificinformationon
hardwareproblemsindicatedbyLEDbehavior,cablingrequirements,and
otherpotentialhardware-relatedproblems,refertotheinstallationguideyou
receivedwiththeswitch.)
TroubleshootingApproaches(page11-3)
BrowserorConsoleInterfaceProblems(page11-4)
UnusualNetworkActivity(page11-6)
GeneralProblems(page11-6)
IGMP-RelatedProblems(page11-7)
SpanningTreeProtocol(STP)RelatedProblems(page11-8)
VLAN-RelatedProblems(page11-9)
UsingtheEventLogToIdentifyProblemSources(page11-11)
Diagnosticsandmanagementtools(page11-14),including:
Linktest(page11-14)
Pingtest(page11-15)
Browseconfiguration(page11-18)
Commandprompt(page11-13)
Restoringthefactorydefaultconfiguration(page11-20)
Forinformationonsupportandwarrantyprovisions,seetheSupportand
Warrantybookletshippedwiththeswitch.
11-2
Troubleshooting
TroubleshootingApproaches
TroubleshootingApproaches
Usetheseapproachestodiagnoseswitchproblems:
ChecktheswitchLEDsforindicationsofproperswitchoperation:
EachswitchporthasaLinkLEDthatshouldlightwheneveranactive
networkdeviceisconnectedtotheport.
Problemswiththeswitchhardwareandsoftwareareindicatedby
flashingtheFaultandotherswitchLEDs.
SeetheInstallationGuideshippedwiththeswitchforadescription
oftheLEDbehaviorandinformationonusingtheLEDsfortrouble-
shooting.
Checkthenetworktopology/installation.SeetheInstallationGuide
shippedwiththeswitchfortopologyinformation.
Checkcablesfordamage,correcttype,andproperconnections.Seethe
InstallationGuideshippedwiththeswitchforcorrectcabletypesand
connectorpin-outs.
UseHPTopToolsforHubs&Switches(ifinstalledonyournetwork)to
helpisolateproblemsandrecommendsolutions.HPTopToolsisshipped
atnoextracostwiththeswitch.
UsethePortUtilizationGraphandAlertLoginthewebbrowserinterface
includedintheswitchtohelpisolateproblems.Seechapter3,Usingthe
HPWebBrowserInterfaceforoperatinginformation.Thesetoolsare
availablethroughthewebbrowserinterface:
PortUtilizationGraph
AlertLog
PortStatusandPortCountersscreens
Diagnostictools(Linktest,Pingtest,configurationfilebrowser)
Forhelpinisolatingproblems,usetheeasy-to-accessswitchconsolebuilt
intotheswitchorTelnettotheswitchconsole.Seechapter4,Usingthe
SwitchConsoleInterfaceforoperatinginformation.Thesetoolsare
availablethroughtheswitchconsole
StatusandCountersscreens
EventLog
Diagnosticstools(Linktest,Pingtest,configurationfilebrowser,and
advancedusercommands)
T
r
o
u
b
l
e
s
h
o
o
t
i
n
g
11-3
Troubleshooting
BrowserorConsoleAccessProblems
T
r
o
u
b
l
e
s
h
o
o
t
i
n
g
Cannotaccessthewebbrowserinterface:
AccessmaybedisabledbytheWebAgentEnabledparameterintheswitch
console.Checkthesettingonthisparameterbyselecting:
1.SystemInformation
TheswitchmaynothavethecorrectIPaddress,subnetmaskorgateway.
VerifybyconnectingaconsoletotheswitchsConsoleportandselecting:
1.IPConfiguration
Note:IfDHCP/Bootpisusedtoconfiguretheswitch,theIPaddressing
canbeverifiedbyselecting:
alsochecktheDHCP/BootpserverconfigurationtoverifycorrectIP
addressing.
IfyouareusingDHCPtoacquiretheIPaddressfortheswitch,theIP
addressleasetimemayhaveexpiredsothattheIPaddresshaschanged.
FormoreinformationonhowtoreserveanIPaddress,refertothe
documentationfortheDHCPapplicationthatyouareusing.
IfoneormoreIP-Authorizedmanagersareconfigured,theswitchallows
webbrowseraccessonlytoadevicehavinganauthorizedIPaddress.For
moreinformationonIPAuthorizedmanagers,seeUsingIPAuthorized
Managersonpage30.
Javaappletsmaynotberunningonthewebbrowser.Theyarerequired
fortheswitchwebbrowserinterfacetooperatecorrectly.Seetheonline
HelponyourwebbrowserforhowtoruntheJavaapplets.
11-4
Troubleshooting
CannotTelnetintotheswitchconsolefromastationonthenetwork:
TelnetaccessmaybedisabledbytheInboundTelnetEnabledparameterin
theSystemInformationscreenofthemenuinterface:
1.SystemInformation
TheswitchmaynothavethecorrectIPaddress,subnetmask,orgateway.
VerifybyconnectingaconsoletotheswitchsConsoleportandselecting:
5.IPConfiguration
Note:IfDHCP/Bootpisusedtoconfiguretheswitch,seetheNote,above.
IfyouareusingDHCPtoacquiretheIPaddressfortheswitch,theIP
addressleasetimemayhaveexpiredsothattheIPaddresshaschanged.
FormoreinformationonhowtoreserveanIPaddress,refertothe
documentationfortheDHCPapplicationthatyouareusing.
IfoneormoreIP-Authorizedmanagersareconfigured,theswitchallows
inboundtelnetaccessonlytoadevicehavinganauthorizedIPaddress.
FormoreinformationonIPAuthorizedmanagers,seeEnhancingSecu-
rityByConfiguringAuthorizedIPManagersonpageUsingIPAutho-
rizedManagersonpage30.
T
r
o
u
b
l
e
s
h
o
o
t
i
n
g
11-5
T
r
o
u
b
l
e
s
h
o
o
t
i
n
g
Troubleshooting
UnusualNetworkActivity
11-6
Networkactivitythatexceedsacceptednormsmayindicateahardware
problemwithoneormoreofthenetworkcomponents,possiblyincludingthe
switch.UnusualnetworkactivityisusuallyindicatedbytheLEDsonthefront
oftheswitchormeasuredwiththeswitchconsoleinterfaceorwithanetwork
managementtoolsuchastheHPTopToolsforHubs&Switches.Refertothe
InstallationGuideyoureceivedwiththeswitchforinformationonusing
LEDstoidentifyunusualnetworkactivity.
Atopologyloopcanalsocauseexcessivenetworkactivity.Theeventlog"FFI"
messagescanbeindicativeofthistypeofproblem.
GeneralProblems
Thenetworkrunsslow;processesfail;userscannotaccessserversor
otherdevices.Broadcaststormsmaybeoccurringinthenetwork.These
maybeduetoredundantlinksbetweennodes.
Ifyouareconfiguringaporttrunk,finishconfiguringtheportsinthe
trunkbeforeconnectingtherelatedcables.Otherwiseyoumayinad-
vertentlycreateanumberofredundantlinks(i.e.topologyloops)
thatwillcausebroadcaststorms.
TurnonSpanningTreeProtocoltoblockredundantlinks(i.e.topol-
ogyloops)
CheckforFFImessagesintheEventLog.
DuplicateIPAddresses. ThisisindicatedbythisEventLogmessage:
ip:InvalidARPsource:IPaddressonIPaddress
where:bothinstancesofIPaddressarethesameaddress,indicatingthe
switchsIPaddresshasbeenduplicatedsomewhereonthenetwork.
DuplicateIPAddressesinaDHCPNetwork.IfyouuseaDHCPserver
toassignIPaddressesinyournetworkandyoufindadevicewithavalidIP
addressthatdoesnotappeartocommunicateproperlywiththeserverorother
devices,aduplicateIPaddressmayhavebeenissuedbytheserver.Thiscan
occurifaclienthasnotreleasedaDHCP-assignedIPaddressafterthe
intendedexpirationtimeandtheserverleasestheaddresstoanotherdevice.
Thiscanalsohappen,forexample,iftheserverisfirstconfiguredtoissueIP
addresseswithanunlimitedduration,thenissubsequentlyconfiguredtoissue
Troubleshooting
IPaddressesthatwillexpireafteralimitedduration.Onesolutionisto
configurereservationsintheDHCPserverforspecificIPaddressestobe
assignedtodeviceshavingspecificMACaddresses.Formoreinformation,
refertothedocumentationfortheDHCPserver.
OneindicationofaduplicateIPaddressinaDHCPnetworkisthisEventLog
message:
ip:InvalidARPsource:IPaddressonIPaddress
where:bothinstancesofIPaddressarethesameaddress,indicatingthe
IPaddressthathasbeenduplicatedsomewhereonthenetwork.
TheSwitchHasBeenConfiguredforDHCP/BootpOperation,ButHas
NotReceivedaDHCPorBootpReply. Whentheswitchisfirstconfig-
uredforDHCP/Bootpoperation,orifitisrebootedwiththisconfiguration,it
immediatelybeginssendingrequestpacketsonthenetwork.Iftheswitchdoes
notreceiveareplytoitsDHCP/Bootprequests,itcontinuestoperiodically
sendrequestpackets,butwithdecreasingfrequency.Thus,ifaDHCPorBootp
serverisnotavailableoraccessibletotheswitchwhenDHCP/Bootpisfirst
configured,theswitchmaynotimmediatelyreceivethedesiredconfiguration.
Afterverifyingthattheserverhasbecomeaccessibletotheswitch,rebootthe
switchtore-starttheprocess.
IGMP-RelatedProblems
IPMulticast(IGMP)TrafficThatIsDirectedByIGMPDoesNotReach
IGMPHostsoraMulticastRouterConnectedtoaPort.IGMPmust
beenabledontheswitchandtheaffectedportmustbeconfiguredforAuto
orForwardoperation.
IPMulticastTrafficFloodsOutAllPorts;IGMPDoesNotAppearTo
FilterTraffic. TheIGMPfeaturedoesnotoperateiftheswitchorVLANdoes
nothaveanIPaddressconfiguredmanuallyorobtainedthroughDHCP/Bootp.
ToverifywhetheranIPaddressisconfiguredfortheswitchorVLAN,doeither
ofthefollowing:
TryUsingtheWebBrowserInterface: Ifyoucanaccesstheweb
browserinterface,thenanIPaddressisconfigured.
TryToTelnettotheSwitchConsole:IfyoucanTelnettotheswitch,
thenanIPaddressisconfigured.
UsingtheSwitchConsoleInterface:FromtheMainMenu,checkthe
ManagementAddressInformationscreenbyclickingon
1.StatusandCounters
T
r
o
u
b
l
e
s
h
o
o
t
i
n
g
11-7
T
r
o
u
b
l
e
s
h
o
o
t
i
n
g
Troubleshooting
ProblemsRelatedtoSpanning-TreeProtocol(STP)
Ca u t i o n IfyouenableSTP,itisrecommendedthatyouleavetheremainderoftheSTP
parametersettingsattheirdefaultvaluesuntilyouhavehadanopportunity
toevaluateSTPperformanceinyournetwork.BecauseincorrectSTPsettings
canadverselyaffectnetworkperformance,youshouldavoidmakingchanges
withouthavingastrongunderstandingofhowSTPoperates.Tolearnthe
detailsofSTPoperation,refertotheIEEE802.1dstandard.
BroadcastStormsAppearingintheNetwork. Thiscanoccurwhen
therearephysicalloops(redundantlinks)inthetopology.Wherethisexists,
youshouldenableSTPonallbridgingdevicesinthetopologyinorderforthe
looptobedetected.
STPBlocksaLinkinaVLANEvenThoughThereAreNoRedundant
LinksinthatVLAN. In802.1Q-compliantswitchessuchastheSwitch2512
andSwitch2524,STPblocksredundantphysicallinkseveniftheyarein
separateVLANs.Asolutionistouseonlyone,multiple-VLAN (tagged)link
betweenthedevices.Also,ifportsareavailable,youcanimprovetheband-
widthinthissituationbyusingaporttrunk.See"STPOperationwith802.1Q
VLANs"onpage9-110.
Stacking-RelatedProblems
TheStackCommanderCannotLocateanyCandidates.Stackingoper-
atesontheprimaryVLAN,whichinthedefaultconfigurationisthe
DEFAULT_VLAN.However,ifanotherVLANhasbeenconfiguredasthe
primaryVLAN,andtheCommanderisnotontheprimaryVLAN,thenthe
CommanderwillnotdetectCandidatesontheprimaryVLAN.
TimeporGatewayProblems
TheSwitchCannotFindtheTimepServerortheConfigured
Gateway.TimepandGatewayaccessarethroughtheprimaryVLAN,which
inthedefaultconfigurationistheDEFAULT_VLAN.IftheprimaryVLANhas
beenmovedtoanotherVLAN,itmaybedisabledordoesnothaveports
assignedtoit.
11-8
Troubleshooting
VLAN-RelatedProblems
MonitorPort.WhenusingthemonitorportinamultipleVLANenviron-
ment,itcanbeusefultoknowhowbroadcast,multicast,andunicasttraffic
istagged.Thefollowingtabledescribesthetaggingtoexpect.
WithinSame WithinSame Outsideof Outsideof
TaggedVLAN UntaggedVLAN TaggedMonitor UntaggedMonitor
asMonitorPort asMonitorPort PortVLAN PortVLAN
Broadcast Tagged Untagged Untagged Untagged
Multicast Tagged Untagged Untagged Untagged
UnicastFlood Tagged Untagged Untagged Untagged
UnicastNot Untagged Untagged Untagged Untagged
toMonitor
Port
Unicastto Tagged Untagged N/ADropped N/ADropped
MonitorPort
NoneofthedevicesassignedtooneormoreVLANsonan802.1Q-
compliantswitcharebeingrecognized.IfmultipleVLANsarebeingused
onportsconnecting802.1Q-compliantdevices,inconsistentVLANIDsmay
havebeenassignedtooneormoreVLANs.ForagivenVLAN,thesameVLAN
IDmustbeusedonallconnected802.1Q-compliantdevices.
LinkConfiguredforMultipleVLANsDoesNotSupportTrafficforOne
orMoreVLANs. OneormoreVLANsmaynotbeproperlyconfiguredas
TaggedorUntagged.AVLANassignedtoaportconnectingtwo802.1Q-
compliantdevicesmustbeconfiguredthesameonbothports.Forexample,
VLAN_1andVLAN_2usethesamelinkbetweenswitchXandswitchY.
X-3
PortX-3
SwitchY SwitchX
LinksupportingVLAN_1
andVLAN_2
VLANPortAssignment
Port VLAN_1 VLAN_2
UntaggedTagged
PortY-7
VLANPortAssignment
Port VLAN_1 VLAN_2
Y-7 UntaggedTagged
T
r
o
u
b
l
e
s
h
o
o
t
i
n
g
Figure11-1. ExampleofCorrectVLANPortAssignmentsonaLink
11-9
T
r
o
u
b
l
e
s
h
o
o
t
i
n
g
Troubleshooting
1. IfVLAN_1(VID=1)isconfiguredasUntaggedonport3onswitchX,
thenitmustalsobeconfiguredasUntaggedonport7onswitchY.
MakesurethattheVLANID(VID)isthesameonbothswitches.
2. Similarly,ifVLAN_2(VID=2)isconfiguredasTaggedonthelinkporton
switchA,thenitmustalsobeconfiguredasTaggedonthelinkport
onswitchB.MakesurethattheVLANID(VID)isthesameonboth
switches.
DuplicateMACAddressesAcrossVLANs.DuplicateMACaddresseson
differentVLANsarenotsupportedandcancauseVLANoperatingproblems.
Therearenoexpliciteventsorstatisticstoindicatethepresenceofduplicate
MACaddressesinaVLANenvironment.However,onesymptomthatmay
occuristhataduplicateMACaddresscanappearinthePortAddressTable
ofoneport,andthenlaterappearonanotherport.(Thiscanalsooccurina
LANwherethereareredundantpathsbetweennodesandSpanningTreeis
turnedoff.)Formoreinformation,refertoVLANRestrictionsonpage9-75.
11-10
Troubleshooting
UsingtheEventLogToIdentifyProblemSources
UsingtheEventLogToIdentifyProblem
Sources
TheEventLogrecordsoperatingeventsassingle-lineentrieslistedinchrono-
logicalorder,andservesasatoolforisolatingproblems.EachEventLogentry
iscomposedoffivefields:
Severity Date TimeSystemModuleEventMessage
I 08/05/98 10:52:32 ports: port1enabled
Severityisoneofthefollowingcodes:
I (information)indicatesroutineevents.
W (warning)indicatesthataservicehasbehavedunexpectedly.
C (critical)indicatesthatasevereswitcherrorhasoccurred.
D (debug)reservedforHPinternaldiagnosticinformation.
Dateisthedateinmm/dd/yyformatthattheentrywasplacedinthelog.
Timeisthetimeinhh:mm:ssformatthattheentrywasplacedinthelog.
SystemModuleistheinternalmodule(suchasportsforportmanager)that
generatedthelogentry.IfVLANsareconfigured,thenaVLANnamealso
appearsforaneventthatisspecifictoanindividualVLAN.Table11-1onpage
11-12liststheindividualmodules.
EventMessageisabriefdescriptionoftheoperatingevent.
Theeventlogholdsupto1000linesinchronologicalorder,fromtheoldestto
thenewest.Eachlineconsistsofonecompleteeventmessage.Oncethelog
hasreceived1000entries,itdiscardsthecurrentoldestlineeachtimeanew
lineisreceived.Theeventlogwindowcontains14logentrylinesandcanbe
positionedtoanylocationinthelog.
Theeventlogwillbeerasedifpowertotheswitchisinterrupted.
(Theeventlogisnoterasedbyusingthe RebootSwitch commandintheMain
Menu.)
T
r
o
u
b
l
e
s
h
o
o
t
i
n
g
11-11
Troubleshooting
Table11-1. EventLogSystemModules
EventDescription EventDescription Module Module
addrMgr Addresstable mgr Consolemanagement
chassis switchhardware ports Changeinportstatus;statictrunks
bootp bootpaddressing snmp SNMPcommunications
console Consoleinterface stack Stacking
dhcp DHCPaddressing stp SpanningTree
download filetransfer sys,system Switchmanagement
FFI Find,Fix,andInform)-- availableinthe telnet Telnetactivity
consoleeventlogandwebbrowser
interfacealertlog
garp GARP/GVRP tcp Transmissioncontrol
igmp IPMulticast tftp FiletransferfornewOSorconfig.
ip IP-related timep Timeprotocol
ipx NovellNetware vlan VLANoperations
lacp DynamicLACPtrunks Xmodem Xmodemfiletransfer
T
r
o
u
b
l
e
s
h
o
o
t
i
n
g
Menu:EnteringandNavigatingintheEventLog
FromtheMainMenu,selectEventLog.
RangeofEventsintheLog
RangeofLogEventsDisplayed
LogStatusLine
Figure11-2. ExampleofanEventLogDisplay
11-12
Troubleshooting
Thelogstatuslineatthebottomofthedisplayidentifieswhereinthe
sequenceofeventmessagesthedisplayiscurrentlypositioned.
TodisplayvariousportionsoftheEventLog,eitherprecedingorfollowingthe
currentlyvisibleportion,useeithertheactionslistedatthebottomofthe
display(Nextpage,Prevpage,orEnd),orthekeysdescribedinthefollowing
table:
Table11-2. EventLogControlKeys
Key Action
Advancethedisplaybyonepage(nextpage).
Rollbackthedisplaybyonepage(previouspage).
[v] Advancedisplaybyoneevent(downoneline).
[^] Rollbackdisplaybyoneevent(uponeline).
Advancetotheendofthelog.
DisplayHelpfortheeventlog.
CLI:
UsingtheCLI,youcanlist
Eventsrecordedsincethelastbootoftheswitch
Alleventsrecorded
Evententriescontainingaspecifickeyword,eithersincethelastbootor
alleventsrecorded
Syntax: showlogging[-a][<search-text>]
HP2512>showlogging Listsrecordedlogmessagessince
lastreboot.
HP2512>showlogging-a Listsallrecordedlogmessages.
HP2512> show logging -a system Listsalllogmessageshaving
"system"inthetextormodule
name.
HP2512>showloggingsystem Listsalllogmessagessincethe
lastrebootthathave"system"in
thetextormodulename.
T
r
o
u
b
l
e
s
h
o
o
t
i
n
g
11-13
Troubleshooting
DiagnosticTools
T
r
o
u
b
l
e
s
h
o
o
t
i
n
g
DiagnosticTools
DiagnosticFeatures
CLI Feature Default Menu Web
PingTest n/a page11-16 page11-15
LinkTest n/a page11-16 page11-15
DisplayConfigFile n/a page11-18 page11-18
Admin.andTroubleshooting n/a page11-19
Commands
Factory-DefaultConfig page11-20 page11-20
(Buttons)
PingandLinkTests
ThePingtestandtheLinktestarepoint-to-pointtestsbetweenyourswitch
andanotherIEEE802.3-compliantdeviceonyournetwork.Thesetestscan
tellyouwhethertheswitchiscommunicatingproperlywithanotherdevice.
Not e TorespondtoaPingtestoraLinktest,thedeviceyouaretryingtoreachmust
beIEEE802.3-compliant.
PingTest.Thisisatestofthepathbetweentheswitchandanotherdevice
onthesameoranotherIPnetworkthatcanrespondtoIPpackets(ICMPEcho
Requests).
LinkTest.Thisisatestoftheconnectionbetweentheswitchandadesig-
natednetworkdeviceonthesameLAN(orVLAN,ifconfigured).Duringthe
linktest,IEEE802.2testpacketsaresenttothedesignatednetworkdevice
inthesameVLANorbroadcastdomain.Theremotedevicemustbeableto
respondwithan802.2TestResponsePacket.
11-14
Troubleshooting
DiagnosticTools
Web:ExecutingPingorLinkTests
2.Clickhere.
1.Clickhere.
Li
T
r
o
u
b
l
e
s
h
o
o
t
i
n
g
4.ForaPingtest,enter
theIPaddressofthe
targetdevice.Fora
nktest,enterthe
MACaddressofthe
target device.
3.SelectPingTest(the
default)orLinkTest
5. Selectthenumberoftries
(packets)andthetimeoutfor
eachtryfromthedrop-down
menus.
6.ClickonStarttobeginthetest.
Figure11-12.LinkandPingTestScreenontheWebBrowserInterface
SuccessesindicatesthenumberofPingorLinkpacketsthatsuccessfully
completedthemostrecenttest.
FailuresindicatesthenumberofPingorLinkpacketsthatwereunsuccessful
inthelasttest.Failuresindicateconnectivityornetworkperformanceprob-
lems(suchasoverloadedlinksordevices).
DestinationIP/MACAddressisthenetworkaddressofthetarget,ordestination,
devicetowhichyouwanttotestaconnectionwiththeswitch.AnIPaddress
isintheX.X.X.XformatwhereXisadecimalnumberbetween0and255.A
MACaddressismadeupof12hexadecimaldigits,forexample,0060b0-080400.
11-15
Troubleshooting
DiagnosticTools
NumberofPacketstoSendisthenumberoftimesyouwanttheswitchto
attempttotestaconnection.
TimeoutinSecondsisthenumberofsecondstoallowperattempttotesta
connectionbeforedeterminingthatthecurrentattempthasfailed.
TohaltaLinkorPingtestbeforeitconcludes,clickontheStopbutton.
Toresetthescreentoitsdefaultsettings,clickontheDefaultsbutton.
CLI:PingorLinkTests
PingTests. Youcanissuesingleormultiplepingtestswithvaryingrepeti-
tionsandtimeoutperiods.Thedefaultsandrangesare:
Repetitions:1(1- 999)
Timeout:5seconds(1- 256seconds)
Syntax: ping<ip-address>[repetitions<1-999>][timeout<1-256>]
T
r
o
u
b
l
e
s
h
o
o
t
i
n
g
Pingwith
Repetitions
andTimeout
BasicPing
Operation
PingFailure
Pingwith
Repetitions
Figure11-13.ExamplesofPingTests
Tohaltapingtestbeforeitconcludes,press .
11-16
Troubleshooting
DiagnosticTools
LinkTests.Youcanissuesingleormultiplelinktestswithvaryingrepeti-
tionsandtimeoutperiods.Thedefaultsare:
Repetitions:1(1-9999)
Timeout:5seconds(1-256seconds)
Syntax: link<mac-address>[repetitions<1-999>][timeout<1-256>]
i
Ti
BasicLinkTest
LinkTestw th
Repetitions
LinkTestwith
Repetitionsand
meout
LinkTestOvera
SpecificVLAN
LinkTestOvera
SpecificVLAN;
TestFail
Figure11-14.ExampleofLinkTests
T
r
o
u
b
l
e
s
h
o
o
t
i
n
g
11-17
Troubleshooting
DiagnosticTools
DisplayingtheConfigurationFile
Thecompleteswitchconfigurationiscontainedinafilethatyoucanbrowse
fromeitherthewebbrowserinterfaceortheCLI.Itmaybeusefulinsome
troubleshootingscenariostoviewtheswitchconfiguration.
CLI:ViewingtheConfigurationFile
UsingtheCLI,youcandisplayeithertherunningconfigurationorthestartup
configuration.(Formoreonthesetopics,seeappendixC,"SwitchMemory
andConfiguration".)
Syntax: writeterminal Displaystherunningconfiguration.
showconfig Displaysthestartupconfiguration.
Web:ViewingtheConfigurationFile
Todisplaytherunningconfiguration, throughthewebbrowserinterface:
1. ClickontheDiagnosticstab.
2. Clickon
3. Usetheright-sidescrollbartoscrollthroughtheconfigurationlisting.
T
r
o
u
b
l
e
s
h
o
o
t
i
n
g
11-18
Troubleshooting
DiagnosticTools
CLIAdministrativeandTroubleshootingCommands
Thesecommandsprovideinformationorperformactionsthatyoumayfind
helpfulintroubleshootingoperatingproblemswiththeswitch.
Not e FormoreontheCLI,refertochapter3,"UsingtheCommandLineReference
(CLI).
Syntax: showversion Showsthesoftwareversion
currentlyrunningontheswitch.
showboot-history Displaystheswitchshutdown
history.
showhistory Displaysthecurrentcommand
history.
[no]page Togglesthepagingmodefor
displaycommandsbetween
continuouslistingandper-page
listing.
Setup DisplaystheSwitchSetupscreen
fromthemenuinterface
Repeat Repeatedlyexecutestheprevious
commanduntilakeyispressed.
kill Terminatesallotheractive
sessions.
T
r
o
u
b
l
e
s
h
o
o
t
i
n
g
11-19
Troubleshooting
RestoringtheFactory-DefaultConfiguration
T
r
o
u
b
l
e
s
h
o
o
t
i
n
g
RestoringtheFactory-Default
Configuration
Aspartofyourtroubleshootingprocess,itmaybecomenecessarytoreturn
theswitchconfigurationtothefactorydefaultsettings.Thisprocessmomen-
tarilyinterruptstheswitchoperation,clearsanypasswords,clearstheconsole
eventlog,resetsthenetworkcounterstozero,performsacompleteselftest,
andrebootstheswitchintoitsfactorydefaultconfigurationincludingdeleting
anIPaddress.Therearetwomethodsforresettingtothefactory-default
configuration:
CLI
Clear/Resetbuttoncombination
Not e HPrecommendsthatyousaveyourconfigurationtoaTFTPserverbefore
resettingtheswitchtoitsfactory-defaultconfiguration.Youcanalsosaveyour
configurationviaXmodem,toadirectlyconnectedPC.
CLI:ResettingtotheFactory-DefaultConfiguration
ThiscommandoperatesatanylevelexcepttheOperatorlevel.
Syntax: erasestartup-configuration Deletesthestartup-configfilein
flashsothattheswitchwill
rebootwithitsfactory-default
configuration.
Clear/Reset:ResettingtotheFactory-DefaultConfiguration
Toexecutethefactorydefaultreset,performthesesteps:
1. Usingpointedobjects,simultaneouslypressboththeResetandClear
buttonsonthefrontoftheswitch.
2. ContinuetopresstheClearbuttonwhilereleasingtheResetbutton.
3. WhentheSelfTestLEDbeginstoflash,releasetheClearbutton.
Theswitchwillthencompleteitsselftestandbeginoperatingwiththe
configurationrestoredtothefactorydefaultsettings.
11-20
A
TransferringanOperatingSystemorStartup
ConfigurationFile
AppendixContents
Overview .................................................... A-2
DownloadinganOperatingSystem(OS)....................... A-2
UsingTFTPToDownloadtheOSFilefromaServer............. A-3
Menu:TFTPDownloadfromaServer...................... A-4
CLI:TFTPDownloadfromaServer ....................... A-5
UsingtheSNMP-BasedSoftwareUpdateUtility................. A-6
Series2500Switch-to-SwitchDownload....................... A-6
Menu:Switch-to-SwitchDownload ........................ A-6
CLI:Switch-To-SwitchDownload ......................... A-7
UsingXmodemtoDownloadtheOSFileFromaPC ............. A-7
Menu:XmodemDownload ............................... A-7
CLI:XmodemDownloadfromaPCorUnixWorkstation ..... A-8
TroubleshootingTFTPDownloads ............................ A-9
TransferringSwitchConfigurations .......................... A-10
T
r
a
n
s
f
e
r
r
i
n
g
a
n
O
p
e
r
a
t
i
n
g
S
y
s
t
e
m
o
r
S
t
a
r
t
u
p
A-1
TransferringanOperatingSystemorStartupConfigurationFile
Overview
T
r
a
n
s
f
e
r
r
i
n
g
a
n
O
p
e
r
a
t
i
n
g
S
y
s
t
e
m
o
r
S
t
a
r
t
u
p
Overview
Youcandownloadnewswitchsoftware(operatingsystemOS)andupload
ordownloadswitchconfigurationfiles.Thesefeaturesareusefulforacquiring
periodicswitchsoftwareupgradesandforstoringorretrievingaswitch
configuration.
Thisappendixincludesthefollowinginformation:
downloadinganoperatingsystem(thispage)
transferringswitchconfigurations(pageA-10)
DownloadinganOperatingSystem(OS)
HPperiodicallyprovidesswitchoperatingsystem(OS)updatesthroughthe
NetworkCitywebsite(http://www.hp.com/go/network_city)andtheHPFTP
LibraryService.Formoreinformation,seethesupportandwarrantybooklet
shippedwiththeswitch.AfteryouacquirethenewOSfile,youcanuseone
ofthefollowingmethodsfordownloadingtheoperatingsystem(OS)codeto
theswitch:
TheTFTPfeature(DownloadOS)commandintheMainMenuoftheswitch
consoleinterface(pageA-3)
HPsSNMPDownloadManagerincludedinHPTopToolsforHubs&
Switches
Aswitch-to-switchfiletransfer
Xmodemtransfermethod
Not e DownloadinganewOSdoesnotchangethecurrentswitchconfiguration.The
switchconfigurationiscontainedinaseparatefilethatcanalsobetransferred,
forexample,forarchivepurposesortobeusedinanotherswitchofthesame
model.SeeTransferringSwitchConfigurationsonpageA-10.
A-2
UsingTFTPToDownloadtheOSFilefromaServer
Thisprocedureassumesthat:
AnOSfilefortheswitchhasbeenstoredonaTFTPserveraccessibleto
theswitch.(TheOSfileistypicallyavailablefromHPselectronicser-
vicesseethesupportandwarrantybookletshippedwiththeswitch.)
Theswitchisproperlyconnectedtoyournetworkandhasalreadybeen
configuredwithacompatibleIPaddressandsubnetmask.
TheTFTPserverisaccessibletotheswitchviaIP.
Beforeyouusetheprocedure,dothefollowing:
ObtaintheIPaddressoftheTFTPserverinwhichtheOSfilehasbeen
stored.
IfVLANsareconfiguredontheswitch,determinethenameoftheVLAN
inwhichtheTFTPserverisoperating.
DeterminethenameoftheOSfilestoredintheTFTPserverfortheswitch
(forexample,A_01_01.swi).
Not e IfyourTFTPserverisaUnixworkstation,ensurethatthecase(upperor
lower)thatyouspecifyforthefilenameisthesamecaseasthecharacters
intheOSfilenamesontheserver.
T
r
a
n
s
f
e
r
r
i
n
g
a
n
O
p
e
r
a
t
i
n
g
S
y
s
t
e
m
o
r
S
t
a
r
t
u
p
A-3
T
r
a
n
s
f
e
r
r
i
n
g
a
n
O
p
e
r
a
t
i
n
g
S
y
s
t
e
m
o
r
S
t
a
r
t
u
p
Thedownloadcantakeseveralminutes,dependingonthebaudrateused
forthetransfer.
6. Whenthedownloadfinishes,theswitchautomaticallyrebootsitselfand
beginsrunningthenewOSversion.
7. Toconfirmthattheoperatingsystemdownloadedcorrectly:
a. FromtheMainMenu,select
1.StatusandCounters
1.GeneralSystemInformation
b. Checkthe Firmwarerevision line.
CLI:XmodemDownloadfromaPCorUnixWorkstation
Syntax: copyxmodemflash<unix|pc>
Forexample,todownloadanOSfilenamedF_01_03.swifromaPC:
1. ExecutethefollowingcommandintheCLI:
2. ExecutetheterminalemulatorcommandstobegintheXmodemtransfer.
Thedownloadcantakeseveralminutes,dependingonthebaudrateused
inthetransfer.
Whenthedownloadfinishes,theswitchautomaticallyrebootsitselfand
beginsrunningthenewOSversion.
3. Toconfirmthattheoperatingsystemdownloadedcorrectly:
HP2512> show system
ChecktheFirmwarerevisionline.
A-8
TroubleshootingTFTPDownloads
TroubleshootingTFTPDownloads
IfaTFTPdownloadfails,theDownloadOSscreenindicatesthefailure.
MessageIndicating
causeofTFTPDownload
Failure
FigureA-18. ExampleofMessageforDownloadFailure
Tofindmoreinformationonthecauseofadownloadfailure,examinethe
messagesintheswitchsEventLogbyexecutingthisCLIcommand:
HP2512# show log tftp
(FormoreontheEventLog,seeUsingtheEventLogToIdentifyProblem
Sourcesonpage11-11.)
Someofthecausesofdownloadfailuresinclude:
IncorrectorunreachableaddressspecifiedfortheTFTPServerparameter.
Thismayincludenetworkproblems.
IncorrectVLAN.
IncorrectnamespecifiedfortheRemoteFileNameparameter,orthe
specifiedfilecannotbefoundontheTFTPserver.Thiscanalsooccurif
theTFTPserverisaUnixmachineandthecase(upperorlower)forthe
filenameontheserverdoesnotmatchthecaseforthefilenameentered
forthe RemoteFileName parameterintheDownloadOSscreen.
OneormoreoftheswitchsIPconfigurationparametersareincorrect.
ForaUnixTFTPserver,thefilepermissionsfortheOSfiledonotallow
thefiletobecopied.
T
r
a
n
s
f
e
r
r
i
n
g
a
n
O
p
e
r
a
t
i
n
g
S
y
s
t
e
m
o
r
S
t
a
r
t
u
p
A-9
T
r
a
n
s
f
e
r
r
i
n
g
a
n
O
p
e
r
a
t
i
n
g
S
y
s
t
e
m
o
r
S
t
a
r
t
u
p
TransferringSwitchConfigurations
Anotherconsolesession(througheitheradirectconnectiontoaterminal
deviceorthroughTelnet)wasalreadyrunningwhenyoustartedthe
sessioninwhichthedownloadwasattempted.
Not e Ifanerroroccursinwhichnormalswitchoperationcannotberestored,the
switchautomaticallyrebootsitself.Inthiscase,anappropriatemessageis
displayedinthecopyrightscreenthatappearsaftertheswitchreboots.
TransferFeatures
useTFTPtocopyaconfiguration n/a below
fromaremotehosttothestartup-
configfile
useTFTPtocopythestartup- n/a pageA-11
configfiletoaremotehost
useXmodemtocopya n/a pageA-11
configurationfromaserially
connectedhosttothestartup-
configfile
UseXmodemtocopythestartup- n/a pageA-12
configfiletoaseriallyconnected
host
UsingtheCLIcommandsdescribedinthissection,youcancopyswitch
configurationstoandfromaswitch.
TFTP:RetrievingaConfigurationfromaRemoteHost.
Syntax: copytftpstartup-config<ip-address><remote-file>
Thiscommandcopiesaconfigurationfromaremotehosttothestartup-config
fileintheswitch.(SeeappendixC,"SwitchMemoryandConfiguration"for
informationonthestartup-configfile.)
Forexample,todownloadaconfigurationfilenamedsw2512intheconfigs
directoryondrive"d"inaremotehosthavinganIPaddressof13.28.227.105:
HP2512# copy tftp startup-config 13.28.227.105
d:\configs\sw2512
A-10
TFTP:CopyingaConfigurationtoaRemoteHost.
Syntax: copystartup-configtftp<ip-addr><remote-file>
Thiscommandcopiestheswitchsstartupconfiguration(startup-configfile)
toaremoteTFTPhost.
Forexample,touploadthecurrentstartupconfigurationtoafilenamed
sw2512intheconfigsdirectoryondrive"d"inaremotehosthavinganIP
addressof13.28.227.105:
HP2512# copy startup-config tftp 13.28.227.105
d:\configs\sw2512
Xmodem:CopyingaConfigurationfromtheSwitchtoaSerially
ConnectedPCorUnixWorkstation.Tousethismethod,theswitchmust
beconnectedviatheserialporttoaPCorUnixworkstationtowhichyou
wanttocopytheconfigurationfile.Youwillneedtoselectafilename,andto
knowthedriveanddirectorylocationwhereyouwanttostoretheconfigura-
tionfile.
Syntax: copystartup-configxmodem<pc|unix>
Forexample,tocopyaconfigurationfiletoaPCseriallyconnectedtothe
switch:
1. Executethefollowingcommand:
2. Afteryouseetheaboveprompt,press.
3. Executetheterminalemulatorcommandstobeginthefiletransfer.
T
r
a
n
s
f
e
r
r
i
n
g
a
n
O
p
e
r
a
t
i
n
g
S
y
s
t
e
m
o
r
S
t
a
r
t
u
p
A-11
T
r
a
n
s
f
e
r
r
i
n
g
a
n
O
p
e
r
a
t
i
n
g
S
y
s
t
e
m
o
r
S
t
a
r
t
u
p
Xmodem:CopyingaConfigurationfromaSeriallyConnectedPCor
UnixWorkstation.Tousethismethod,theswitchmustbeconnectedvia
theserialporttoaPCorUnixworkstationonwhichisstoredtheconfiguration
fileyouwanttocopy.Tocompletethecopying,youwillneedtoknowthe
nameofthefiletocopy,andthedriveanddirectorylocationofthefile.
Syntax: copyxmodemstartup-config<pc|unix>
Forexample,tocopyaconfigurationfilefromaPCseriallyconnectedtothe
switch:
1. Executethefollowingcommand:
2. Afteryouseetheaboveprompt,press.
3. Executetheterminalemulatorcommandstobeginthefiletransfer.
Whenthefiletransferfinishes,theswitchautomaticallyrebootsitselfwiththe
newconfiguration.
A-12
B
MACAddressManagement
AppendixBContents
Overview ......................................................B-1
DeterminingMACAddresses .....................................B-2
Menu:ViewingtheSwitchsMACAddresses.....................B-3
CLI:ViewingthePortandVLANMACAddresses.................B-4
Overview
TheswitchassignsMACaddressesintheseareas:
Formanagementfunctions:
OneBaseMACaddressassignedtothedefaultVLAN(VID=1)
AdditionalMACaddress(es)correspondingtoadditionalVLANsyou
configureintheswitch
Forinternalswitchoperations:OneMACaddressperport(See"CLI:
ViewingthePortandVLANMACAddresses"onpageB-4.)
MACaddressesareassignedatthefactory.Theswitchautomatically
implementstheseaddressesforVLANsandportsastheyareaddedtothe
switch.
Not e TheswitchsbaseMACaddressisalsoprintedonalabelaffixedtotheback
oftheswitch.
M
A
C
A
d
d
r
e
s
s
M
a
n
a
g
e
m
e
n
t
B-1
DeterminingMACAddresses
M
A
C
A
d
d
r
e
s
s
M
a
n
a
g
e
m
e
n
t
MACAddressViewingMethods
viewswitchsbase(defaultvlan)MACaddress n/a B-3 B-4
andtheaddressingforanyaddedVLANs
viewportMACaddresses(hexadecimalformat) n/a B-4
UsethemenuinterfacetoviewtheswitchsbaseMACaddressandtheMAC
addressassignedtoanynon-defaultVLANyouhaveconfiguredontheswitch.
Not e TheswitchsbaseMACaddressisusedforthedefaultVLAN(VID=1)thatis
alwaysavailableontheswitch.
UsetheCLItoviewtheswitchsportMACaddressesinhexadecimalformat.
B-2
Menu:ViewingtheSwitchsMACAddresses
TheManagementAddressInformationscreenliststheMACaddressesfor:
Baseswitch(defaultVLAN;VID=1)
AnyadditionalVLANsconfiguredontheswitch.
Also,theBaseMACaddressappearsonalabelonthebackoftheswitch.
Not e TheBaseMACaddressisusedbythefirst(default)VLANintheswitch.This
isusuallytheVLANnamedDEFAULT_VLANunlessthenamehasbeen
changed(byusingtheVLANNamesscreen).OntheSwitch2512/2524,theVID
(VLANidentificationnumber)forthedefaultVLANisalways"1",andcannot
bechanged.
ToViewtheMACAddress(andIPAddress)assignmentsforVLANs
ConfiguredontheSwitch:
1. FromtheMainMenu,Select
1.StatusandCounters
IftheswitchhasonlythedefaultVLAN,thefollowingscreenappears.If
theswitchhasmultiplestaticVLANs,eachislistedwithitsaddressdata.
SwitchBase(orDefault
VLAN)MACaddress
CurrentIPAddress
AssignedtotheSwitch
FigureB-1. ExampleoftheManagementAddressInformationScreen
M
A
C
A
d
d
r
e
s
s
M
a
n
a
g
e
m
e
n
t
B-3
M
A
C
A
d
d
r
e
s
s
M
a
n
a
g
e
m
e
n
t
CLI:ViewingthePortandVLANMACAddresses
TheMACaddressassignedtoeachswitchportisusedinternallybysuch
featuresasFlowControlandtheSpanningTreeProtocol.Determiningthe
MACaddressassignmentsforindividualportscansometimesbeusefulwhen
diagnosingswitchoperation.Todisplaytheseaddresses,usethewalkmib
commandatthecommandprompt:
Not e ThisproceduredisplaystheMACaddressesforallportsandexistingVLANs
intheswitch,regardlessofwhichVLANyouselect.
1. IftheswitchisattheCLIOperatorlevel,usetheenablecommandtoenter
theManagerleveloftheCLI.
2. TypethefollowingcommandtodisplaytheMACaddressforeachporton
theswitch:
HP2512# walkmib ifPhysAddress
(Theabovecommandisnotcase-sensitive.)
Thefollowingfigureisanexampleofthedisplay:
;
VID=1)
ifPhysAddress.1-12: FixedPorts1-12
ifPhysAddress.13-14: TransceiverPorts
ifPhysAddress.29 BaseMACAddress(MAC
AddressfordefaultVLAN
ifPhysAddress.50&61 MACAddressesfor
non-defaultVLANs.
FigureB-2. ExampleofPortMACAddressAssignments
B-4
C
SwitchMemoryandConfiguration
AppendixContents
Overview .................................................... C-2
OverviewofConfigurationFileManagement .................. C-2
UsingtheCLIToImplementConfigurationChanges ........... C-4
UsingtheMenuandWebBrowserInterfacesToImplement
ConfigurationChanges ....................................... C-7
UsingtheMenuInterfaceToImplementConfigurationChanges .. C-7
UsingSaveandCancelintheMenuInterface ............... C-8
RebootingfromtheMenuInterface ....................... C-9
ConfigurationChanges ..................................... C-10
S
w
i
t
c
h
M
e
m
o
r
y
a
n
d
C
o
n
f
i
g
u
r
a
t
i
o
n
C-1
Overview
S
w
i
t
c
h
M
e
m
o
r
y
a
n
d
C
o
n
f
i
g
u
r
a
t
i
o
n
Overview
Thisappendixdescribesthefollowing:
Howswitchmemorymanagesconfigurationchanges
HowtheCLIimplementsconfigurationchanges
Howthemenuinterfaceandwebbrowserinterfaceimplementconfigu-
rationchanges
OverviewofConfigurationFile
Management
Theswitchmaintainstwoconfigurationfiles,therunning-configfileandthe
startup-configfile.
Running-ConfigFile
)
thisfile.
configfile,youmust
write
memory
(Controlsswitchoperation.Whentheswitchreboots,
thecontentsofthisfileareerasedandreplacedbythe
contentsofthestartup-configfile.
Startup-ConfigFile
(Preservesthemostrecentlysavedconfiguration
throughanysubsequentreboot.)
Volatile Memory
Flash (Non-Volatile) Memory
CLIconfiguration
changesarewrittento
TousetheCLIto
savethelatestversionof
thisfiletothestartup-
executethe
command.
Menuinterfaceconfigu-
rationchangesaresimul-
taneouslywrittentoboth
ofthesefiles.
FigureC-10.ConceptualIllustrationofSwitchMemoryOperation
RunningConfigFile:Existsinvolatilememoryandcontrolsswitch
operation.IfnoconfigurationchangeshavebeenmadeintheCLIsince
theswitchwaslastbooted,therunning-configfileisidenticaltothe
startup-configfile.
Startup-configFile:Existsinflash(non-volatile)memoryandisused
topreservethemostrecently-savedconfigurationasthe"permanent"
configuration.
C-2
OverviewofConfigurationFileManagement
Rebootingtheswitchreplacesthecurrentrunning-configfilewithanew
running-configfilethatisanexactcopyofthecurrentstartup-configfile.
Not e Anyofthefollowingactionsrebootstheswitch:
ExecutingthebootorthereloadcommandintheCLI
ExecutingtheRebootcommandinthemenuinterface
PressingtheResetbuttononthefrontoftheswitch
Removing,thenrestoringpowertotheswitch
OptionsforSavingaNewConfiguration. Makingoneormorechanges
totherunning-configfilecreatesanewoperatingconfiguration.Savinganew
configurationmeanstooverwrite(replace)thecurrentstartup-configfilewith
thecurrentrunning-configfile.Thismeansthatiftheswitchsubsequently
rebootsforanyreason,itwillresumeoperationusingthenewconfiguration
insteadoftheconfigurationpreviouslydefinedinthestartup-configfile.There
arethreewaystosaveanewconfiguration:
IntheCLI:Usethewritememorycommand.Thisoverwritesthecurrent
startup-configfilewiththecontentsofthecurrentrunning-configfile.
Inthemenuinterface:UsetheSavecommand.Thisoverwritesboththe
running-configfileandthestartup-configfilewiththechangesyouhave
specifiedinthemenuinterfacescreen.
Inthewebbrowserinterface:Usethe buttonorother
appropriatebutton.Thisoverwritesboththerunning-configfileandthe
startup-configfilewiththechangesyouhavespecifiedinthewebbrowser
interfacewindow.
NotethatusingtheCLIinsteadofthemenuorwebbrowserinterfacegives
youtheoptionofchangingtherunningconfigurationwithoutaffectingthe
startupconfiguration.Thisallowsyoutotestthechangewithoutmakingit
"permanent".Whenyouaresatisfiedthatthechangeissatisfactory,youcan
makeitpermanentbyexecutingthewritememorycommand.Forexample,
supposeyouusethefollowingcommandtodisableport5:
HP2512(config)# interface ethernet 5 disable
Theabovecommanddisablesport5intherunning-configfile,butnotinthe
startup-configfile.Port5remainsdisabledonlyuntiltheswitchreboots.If
youwantport5toremaindisabledthroughthenextreboot,usewritememory
tosavethecurrentrunning-configfiletothestartup-configfileinflash
memory.
HP2512(config)# write memory
S
w
i
t
c
h
M
e
m
o
r
y
a
n
d
C
o
n
f
i
g
u
r
a
t
i
o
n
C-3
S
w
i
t
c
h
M
e
m
o
r
y
a
n
d
C
o
n
f
i
g
u
r
a
t
i
o
n
UsingtheCLIToImplementConfigurationChanges
StoringandRetrievingConfigurationFiles.Youcanstoreorretrievea
backupcopyofthestartup-configfileonanotherdevice.Formoreinforma-
tion,seeappendixA,"TransferringanOperatingSystemorStartup-Config
File"
UsingtheCLIToImplement
ConfigurationChanges
TheCLIoffersthesecapabilities:
Accesstothefullsetofswitchconfigurationfeatures(Foracomplete
listing,seetheCommandLineInterfaceDictionary.)
Theoptionoftestingconfigurationchangesbeforemakingthemperma-
nent
HowToUsetheCLIToViewtheCurrentConfigurationFiles. Use
showcommandstoviewtheconfigurationforindividualfeatures,suchasport
statusorSpanningTreeProtocol.However,tovieweithertheentirestartup-
configfileortheentirerunning-configfile,usethefollowingcommands:
showstartup-config:Displaysthecurrentstartup-configfile.
writeterminal:Displaysthecurrentrunning-configfile.
Not e Theshowstartup-configandwriteterminalcommandsdisplaytheconfiguration
settingsthatdifferfromtheswitchsfactory-defaultconfiguration.
HowToUsetheCLIToReconfigureSwitchFeatures.Usethisproce-
duretopermanentlychangetheswitchconfiguration(thatis,toenterachange
inthestartup-configfile).
1. UsetheappropriateCLIcommandstoreconfigurethedesiredswitch
parameters.Thisupdatestheselectedparametersintherunning-config
file.
2. Usetheappropriateshowcommandstoverifythatyouhavecorrectly
madethedesiredchanges.
3. Observetheswitchsperformancewiththenewparametersettingsto
verifytheeffectofyourchanges.
4. Whenyouaresatisfiedthatyouhavethecorrectparametersettings,use
thewritememorycommandtocopythechangestothestartup-configfile.
C-4
Syntax: write memory
Forexample,thedefaultportmodesettingisauto.Supposethatyournetwork
usesCat3wiringandyouwanttoconnecttheswitchtoanotherautosensing
devicecapableof100Mbpsoperation.Because100MbpsoverCat3wiring
canintroducetransmissionproblems,therecommendedportmodeisauto-10,
whichallowstheporttonegotiatefull-orhalf-duplex,butrestrictsspeedto
10Mbps.Thefollowingcommandconfiguresport5toauto-10modeinthe
running-configfile,allowingyoutoobserveperformanceonthelinkwithout
makingthemodechangepermanent.
HP2512(config)# interface e 5 speed-duplex auto-10
Afteryouaresatisfiedthatthelinkisoperatingproperly,youcansavethe
changetotheswitchspermanentconfiguration(thestartup-configfile)by
executingthefollowingcommand:
HP2512(config)# write memory
Thenewmode(auto-10)onport5isnowsavedinthestartup-configfile,and
thestartup-configandrunning-configfilesareidentical.Ifyousubsequently
reboottheswitch,theauto-10modeconfigurationonport5willremainbecause
itisincludedinthestartup-configfile.
HowToCancelChangesYouHaveMadetotheRunning-ConfigFile.
IfyouusetheCLItochangeparametersettingsintherunning-configfile,and
thendecidethatyoudontwantthosechangestoremain,youcanuseeither
ofthefollowingmethodstoremovethem:
Manuallyentertheearliervaluesyouhadforthechangedsettings.(This
isrecommendedifyouwanttorestoreasmallnumberofparameter
settingstotheirpreviousboot-upvalues.)
Updatetherunning-configfiletomatchthestartup-configfilebyreboot-
ingtheswitch.(Thisisrecommendedifyouwanttorestorealarger
numberofparametersettingstotheirpreviousboot-upvalues.)
IfyouusetheCLItochangeaparametersetting,andthenexecutetheboot
commandwithoutfirstexecutingthewritememorycommandtosavethe
change,theswitchpromptsyoutospecifywhethertosavethechangesinthe
currentrunning-configfile.Forexample:
S
w
i
t
c
h
M
e
m
o
r
y
a
n
d
C
o
n
f
i
g
u
r
a
t
i
o
n
C-5
S
w
i
t
c
h
M
e
m
o
r
y
a
n
d
C
o
n
f
i
g
u
r
a
t
i
o
n
l i ll
HP2512(config)# interface e 1 disable
Disab esport1intherunn ngconfiguration,whichcausesport1toblocka traffic.
HP2512(config)# boot
Device will be rebooted, do you want to continue [y/n]? y
Press
ill i
tocontinuetherebootingprocess.
Youw thenseeth sprompt.
Do you want to save current configuration [y/n]?
Theabovepromptmeansthatoneormoreparametersettingsintherunning-
configfiledifferfromtheircounterpartsinthestartup-configfileandyouneed
tochoosewhichconfigfiletoretainandwhichtodiscard.
Ifyouwanttoupdatethestartup-configfiletomatchtherunning-config
file,pressfor"yes".(Thismeansthatthechangesyouenteredinthe
running-configfilewillbesavedinthestartup-configfile.)
Ifyouwanttodiscardthechangesyoumadetotherunning-configfileso
thatitwillmatchthestartup-configfile,thenpressfor"no".(Thismeans
thattheswitchwilldiscardthechangesyouenteredintherunning-config
fileandwillupdatetherunning-configfiletomatchthestartup-config
file.)
Not e IfyouusetheCLItomakeachangetotherunning-configfile,youmustuse
thewritememorycommandtosavethechangetothestartup-configfile.That
is,ifyouusetheCLItochangeaparametersetting,butthenreboottheswitch
fromeithertheCLIorthemenuinterfacewithoutfirstexecutingthewrite
memorycommandintheCLI,thecurrentstartup-configfilewillreplacethe
running-configfile,andanychangesintherunning-configfilewillbelost.
Also,whereaparametersettingisaccessiblefromboththeCLIandthemenu
interface,ifyouchangethesettingintheCLI,thenewvaluewillappearinthe
menuinterfacedisplayforthatparameter.However,onlythewritememory
commandintheCLIwillactuallysavethechangetothestartup-configfile.
UsingtheSavecommandinthemenuinterfacewillnotsaveachangemade
totherunningconfigbytheCLI.
HowToResetthestartup-configandrunning-configFilestothe
FactoryDefaultConfiguration. Thiscommandrebootstheswitch,
replacingthecontentsofthecurrentstartup-configandrunning-configfiles
withthefactory-defaultstartupconfiguration.
C-6
UsingtheMenuandWebBrowserInterfacesToImplementConfigurationChanges
Syntax: erase startup-config
Forexample:
HP2512(config)# erase startup-config
Configuration will be deleted and device rebooted, continue [y/n]?
Presstoreplacethecurrentconfigurationwiththefactorydefaultconfig-
urationandreboottheswitch.Presstoretainthecurrentconfigurationand
preventareboot.
UsingtheMenuandWebBrowser
InterfacesToImplementConfiguration
Changes
Themenuandwebbrowserinterfacesoffertheseadvantages:
Quick,easymenuorwindowaccesstoasubsetofswitchconfiguration
features(Seethe"MenuFeaturesList"onpage2-14andthewebbrowser
"GeneralFeatures"listonpage.)
Viewingseveralrelatedconfigurationparametersinthesamescreen,with
theirdefaultandcurrentsettings
Immediatelychangingboththerunning-configfileandthestartup-config
filewithasinglecommand
UsingtheMenuInterfaceToImplementConfiguration
Changes
Youcanusethemenuinterfacetosimultaneouslysaveandimplementasubset
ofswitchconfigurationchangeswithouthavingtoreboottheswitch.Thatis,
whenyousaveaconfigurationchangeinthemenuinterface,yousimulta-
neouslychangeboththerunning-configfileandthestartup-configfile.
Not e TheonlyexceptiontothisoperationaretwoVLAN-relatedparameterchanges
thatrequirearebootdescribedunder"RebootingToActivateConfiguration
Changes"onpageC-9.
S
w
i
t
c
h
M
e
m
o
r
y
a
n
d
C
o
n
f
i
g
u
r
a
t
i
o
n
C-7
UsingSaveandCancelintheMenuInterface
Foranyconfigurationscreeninthemenuinterface,theSavecommand:
1. Implementsthechangesintherunning-configfile
2. Savesyourchangestothestartup-configfile
Ifyoudecidenottosaveandimplementthechangesinthescreen,select
Canceltodiscardthemandcontinueswitchoperationwiththecurrentoper-
ation.Forexample,supposeyouhavemadethechangesshownbelowinthe
SystemInformationscreen:
l
(forSave
ll
(for
C )
S
w
i
t
c
h
M
e
m
o
r
y
a
n
d
C
o
n
f
i
g
u
r
a
t
i
o
n
Tosaveand
implementthe
changesforal
parametersinthis
screen,pressthe
key,thenpress
).To
cancela changes,
pressthekey,
thenpress
ancel
Figure2-11. ExampleofPendingConfigurationChangesthatCanBeSavedor
Cancelled
Not e IfyoureconfigureaparameterintheCLIandthengotothemenuinterface
withoutexecutingawritememorycommand,thosechangesarestoredonlyin
therunningconfiguration(evenifyouexecuteaSaveoperationinthemenu
interface).Ifyouthenexecuteaswitchrebootcommandinthemenuinter-
face,theswitchdiscardstheconfigurationchangesmadewhileusingtheCLI.
ToensurethatchangesmadewhileusingtheCLIaresaved,executewrite
memoryintheCLIbeforerebootingtheswitch.
C-8
RebootingfromtheMenuInterface
Terminatesthecurrentsessionandperformsaresetoftheoperating
system
Activatesanyconfigurationchangesthatrequireareboot
Resetsstatisticalcounterstozero
(Notethatstatisticalcounterscanberesettozerowithoutrebootingthe
switch.SeeDisplayingPortCountersonpage10-9.)
ToReboottheswitch,usetheRebootSwitchoptionintheMainMenu.(Note
thattheRebootSwitchoptionisnotavailableifyoulogoninOperatormode;
thatis,ifyouenteranOperatorpasswordinsteadofamanagerpasswordat
thepasswordprompt.)
RebootSwitchoption
Figure11-73.TheRebootSwitchOptionintheMainMenu
RebootingToActivateConfigurationChanges. Configurationchanges
formostparametersbecomeeffectiveassoonasyousavethem.However,
youmustreboottheswitchinordertoimplementachangeintheMaximum
VLANstosupportparameter.
(Toaccesstheseparameters,gototheMainmenuandselect 2.Switch
Configuration,then8.VLANMenu,then1.VLANSupport.)
S
w
i
t
c
h
M
e
m
o
r
y
a
n
d
C
o
n
f
i
g
u
r
a
t
i
o
n
C-9
Ifconfigurationchangesrequiringareboothavebeenmade,theswitch
displaysanasterisk(*)nexttothemenuiteminwhichthechangehasbeen
made.Forexample,ifyouchangeandsaveparametervaluesfortheMaximum
VLANstosupportparameter,anasteriskappearsnexttotheVLANSupportentryin
theVLANMenuscreen,andalsonexttothetheSwitchConfiguration... entryin
theMainmenu,asshowninfigure4-6:
Asteri
effect.
S
w
i
t
c
h
M
e
m
o
r
y
a
n
d
C
o
n
f
i
g
u
r
a
t
i
o
n
Reminderto
reboottheswitch
toactivate
configuration
changes.
skindicates
aconfiguration
changethat
requiresareboot
inordertotake
Figure11-74.IndicationofaConfigurationChangeRequiringaReboot
ConfigurationChanges
Youcanusethewebbrowserinterfacetosimultaneouslysaveandimplement
asubsetofswitchconfigurationchangeswithouthavingtoreboottheswitch.
Thatis,whenyousaveaconfigurationchange(inmostcases,byclickingon
or ,yousimultaneouslychangeboththerunning-
configfileandthestartup-configfile.
Not e IfyoureconfigureaparameterintheCLIandthengotothebrowserinterface
withoutexecutingawritememorycommand,thosechangeswillbesavedto
thestartup-configfileifyouclickon or intheweb
browserinterface.
C-10
D
DaylightSavingsTimeonHPProCurve
Switches
ThisinformationappliestothefollowingHPProCurveswitches:
2512 1600M 212M HPAdvanceStack
2524 2400M 224M
Switches
2424M
HPAdvanceStack
4000M
Routers
8000M
HPProCurveswitchesprovideawaytoautomaticallyadjustthesystemclock
forDaylightSavingsTime(DST)changes.Forthefollowingswitches,HP
ProCurveSwitch212M,224M,1600M,2400M,2424M,4000M,and8000M,the
userdefinesthemonthanddatetobeginandendthechangefromstandard
time.Inadditiontothevalue"none"(notimechanges),therearefivepre-
definedsettings,named:
Alaska
CanadaandContinentalUS
MiddleEuropeandPortugal
SouthernHemisphere
WesternEurope
Thepre-definedsettingsfollowtheserules:
Alaska:
BeginDSTat2amthefirstSundayonorafterApril24th.
EndDSTat2amthefirstSundayonorafterOctober25th.
CanadaandContinentalUS:
BeginDSTat2amthefirstSundayonorafterApril1st.
EndDSTat2amthefirstSundayonorafterOctober25th.
D
a
y
l
i
g
h
t
S
a
v
i
n
g
s
T
i
m
e
o
n
H
P
P
r
o
C
u
r
v
e
S
w
i
t
c
h
e
s
D-1
DaylightSavingsTimeonHPProCurveSwitches
MiddleEuropeandPortugal:
BeginDSTat2amthefirstSundayonorafterMarch25th.
EndDSTat2amthefirstSundayonorafterSeptember24th.
SouthernHemisphere:
BeginDSTat2amthefirstSundayonorafterOctober25th.
EndDSTat2amthefirstSundayonorafterMarch1st.
WesternEurope:
BeginDSTat2amthefirstSundayonorafterMarch23rd.
EndDSTat2amthefirstSundayonorafterOctober23rd.
Asixthoptionnamed"Userdefined"allowstheusertocustomizetheDST
configurationbyenteringthebeginningmonthanddateplustheendingmonth
anddateforthetimechange.Themenuinterfacescreenlookslikethis(all
month/dateentriesareattheirdefaultvalues):
D
a
y
l
i
g
h
t
S
a
v
i
n
g
s
T
i
m
e
o
n
H
P
P
r
o
C
u
r
v
e
S
w
i
t
c
h
e
s
FigureD-1. MenuInterfacewith"User-Defined"DaylightTimeRuleOption
D-2
DaylightSavingsTimeonHPProCurveSwitches
Beforeconfiguringa"Userdefined"DaylightTimeRule,itisimportantto
understandhowtheswitchtreatstheentries.Theswitchknowswhichdates
areSundays,andusesanalgorithmtodetermineonwhichdatetochangethe
systemclock,giventheconfigured"Beginningday"and"Endingday":
IftheconfigureddayisaSunday,thetimechangesat2amonthatday.
IftheconfigureddayisnotaSunday,thetimechangesat2amonthefirst
Sundayaftertheconfiguredday.
Thisistrueforboththe"Beginningday"andthe"Endingday".
Withthatalgorithm,oneshouldusethevalue"1"torepresent"firstSundayof
themonth",andavalueequalto"numberofdaysinthemonthminus6"to
represent"lastSundayofthemonth".Thisallowsasingleconfigurationfor
everyyear,nomatterwhatdateistheappropriateSundaytochangetheclock.
D-3
D
a
y
l
i
g
h
t
S
a
v
i
n
g
s
T
i
m
e
o
n
H
P
P
r
o
C
u
r
v
e
S
w
i
t
c
h
e
s
Index
Numerics
802.1QVLANstandard9-102
802.3uautonegotiationstandard6-3
A
A.09.70routerrelease9-76
access
manager8-6
operator8-6
accesslevels,authorizedIPmanagers7-31
Actionsline2-92-11
locationonscreen2-9
activepath9-102
address
authorizedforportsecurity7-10
addresstable,port10-12
address,networkmanager8-4
advertisement9-77
alertlog4-20
alerttypes4-21
disabling4-25
settingthesensitivitylevel4-24
sortingtheentries4-20
analysis,traffic8-2
APNIC5-15
Asia-PacificNIC5-15
asterisk2-10
authenticationtrap8-10,8-12
authenticationtrap,configuring8-12
authorizedaddresses
forIPmanagementsecurity7-31
forportsecurity7-10
authorizedIPmanagers
accesslevels7-31
buildingIPmasks7-36
configuringinbrowserinterface7-357-36
configuringinconsole7-33
definitionsofsingleandmultiple7-31
effectofduplicateIPaddresses7-39
IPmaskformultiplestations7-37
IPmaskforsinglestation7-36
IPmaskoperation7-32
operatingnotes7-39
overview7-30
troubleshooting7-39
auto
See GVRP
autonegotiation6-4
autoportsetting9-92
Auto-106-11,6-14
auto-discovery8-5
auto-negotiation6-3
B
bandwidth
displayingutilization4-17
bandwidthsavings,withIGMP9-98
blockedlinkfromSTPoperation9-110
blockedport
fromIGMPoperation9-92
fromSTPoperation9-108
Bootp5-3,5-11,8-2
Bootptablefile5-13
Bootptabfile5-13
effectofnoreply11-6
operation5-13
usingwithUnixsystems5-13
Bootp/DHCPdifferences5-12
BPDU9-77
bridgeprotocoldataunit9-77
broadcastdomain9-50
broadcastlimit6-4
broadcaststorm6-11,9-102,11-8
browserinterface
Seewebbrowserinterface
browsers4-4
C
Clearbutton4-11
restoringfactorydefaultconfiguration11-20
todeletepasswordprotection7-7
CLI
contextlevel6-8
commandlineinterface
I
n
d
e
x
Index1
I
n
d
e
x
SeeCLI
communities,SNMP8-7
configuration2-7,9-108
Bootp5-13
console5-16
copyingA-10
downloadA-2
factorydefault5-2,9-57,9-62,9-103,C-6
IP5-3
networkmonitoring10-21
permanentC-5
permanentchangedefinedC-3
port6-1
portsecurity7-11
porttrunkgroups6-1
quick2-8
restoringfactorydefaults11-20
savingfrommenuinterface2-10
seriallink5-16
SNMP8-4,8-6
spanningtree9-102
spanningtreeprotocol9-108
startup2-10
system5-21
Telnetaccessconfiguration5-16
transferringA-10
trapreceivers8-10
viewingC-4
VLAN9-50
webbrowseraccess5-16
configurationfile
browsingfortroubleshooting11-18
connectioninactivitytime7-5
console11-6
configuring5-16
endingasession2-5
features1-3
Mainmenu2-7
navigation2-92-10
operation2-10
startingasession2-4
statusandcountersaccess2-7
troubleshootingaccessproblems11-4
console,forconfiguring
authorizedIPmanagers7-33
CPUutilization10-5
D
dateformat11-11
date,configure5-25
defaultgateway5-3
defaulttrunktype6-17
DevicePasswordsWindow4-9
DHCP5-11
addressproblems11-6
effectofnoreply11-6
DHCP/Bootpdifferences5-12
DHCP/Bootpprocess5-12
diagnosticstools11-14
browsingtheconfigurationfile11-18
pingandlinktests11-14
DNSname4-6
domain9-57,9-62
DomainNameServer4-6
download
SNMP-basedA-6
switch-to-switchA-6
troubleshootingA-9
XmodemA-7
downloadOSA-6
download,TFTPA-2A-4
duplicateIPaddress
effectonauthorizedIPmanagers7-39
duplicateMACaddress9-759-76,11-10
Dyn1
See LACP
E
endingaconsolesession2-5
eventlog2-7,11-11
intrusionalerts7-27
navigation11-12
severitylevel11-11
useduringtroubleshooting11-11
extendedRMON8-13
extendedRMONA8-13
F
factorydefaultconfiguration
restoring11-20,C-6
failure,OSdownloadA-9
fastmode
spanningtree9-109
2Index
faultdetection4-9
faultdetectionpolicy4-9,4-24
faultdetectionpolicy,setting4-24
faultdetectionwindow4-24
fault-tolerance6-12
filters
effectofIGMP9-101
maximumallowed9-101
firmwareversion10-5
flashmemory2-10
flowcontrol6-4
flowcontrol,terminal5-16
forbid
See GVRP
format,date11-11
format,time11-11
forwardingport,IGMP9-92
G
GARP
SeeGVRP
gateway5-3,5-5
gateway(IP)address5-4,5-6
GVRP
advertisement9-78,9-90
advertisement,defined9-77
advertisement,responsesto9-79
advertisements,generating9-83
auto9-82
benefit9-77
block9-81
BPDU9-78
CLI,configuring9-86
commonVIDrequired9-78
configurableportoptions9-80
configuringlearn,block,disable9-81
convertdynamictostatic9-80
convertingtostaticVLAN9-77
disable9-81
dynamicVLANandreboots9-89
dynamicVLANsalwaystagged9-78
forbid9-82
GARP9-77
generaloperation9-78
IPaddressing9-80
learn9-81
learn,block,disable9-82
menu,configuring9-84
non-GVRPaware9-89
non-GVRPdevice9-89
operatingnotes9-89
per-portstaticconfiguration9-78
portcontroloptions9-83
port-leavefromdynamic9-83
reboot,switch9-83
recommendedtagging9-83
requiredVLAN9-78
standard9-77
tagged,dynamicVLAN9-78
unknownVLAN9-83
unknownVLAN,options9-80
VLANbehavior9-54
VLAN,dynamicadds9-60
H
Help2-11,4-14
Helpline,about2-9
Helpline,locationonscreens2-9
help,onlineinoperable4-14
host-only9-75
HPextendedRMON8-13
HPProCurve
supportURL4-14
HPproprietaryMIB8-3
HPRouter4409-76
HPRouter4709-76
HPRouter4809-76
HPRouter6509-76
HPTopTools
SeeTopTools
HPwebbrowserinterface1-5
I
ICANN5-15
IEEE802.1d9-102,11-8
IEEE802.3ab6-4
IGMP
benefits9-91
configuration9-97
configureperVLAN9-92
effectonfilters9-101
example9-989-100
high-priorityforwarding9-92
I
n
d
e
x
Index3
I
n
d
e
x
hostnotreceiving11-7
IPaddressrequired9-92
IPmulticastaddressrange9-101
leavegroup9-98
maximumaddresscount9-101
multicastgroup9-98,9-100
multimedia9-91
notworking11-7
operation9-979-98
portstates9-92
query9-98
report9-98
statistics10-17
status9-98
traffic9-92
inactivitytimeout5-17
InboundTelnetEnabledparameter11-5
inconsistentvalue,message7-19
interfaceslisted1-2
intrusionalarms
entriesdroppedfromlog7-29
eventlog7-27
priorto7-29
IntrusionLog
priorto7-25,7-27
invalidinput3-13
IP
addressforIGMP9-92
CLIaccess5-7
configuration5-3
DHCP/Bootp5-3
duplicateaddress11-6
duplicateaddress,DHCPnetwork11-6
effectwhenaddressnotused5-10
gateway5-3
gateway(IP)address5-4
globalassignment5-15
globallyassignedaddressing5-15
menuaccess5-5
stacking5-5
subnetmask5-3,5-7
usingforwebbrowserinterface4-6
webaccess5-10
IPhost-only9-75
IPmasks
building7-36
formultipleauthorizedmanagerstations7-37
forsingleauthorizedmanagerstation7-36
operation7-32
IP,forSNMP8-2
IPX
networknumber10-6
J
Java4-54-6
L
LACP
active6-22,6-25
CLIaccess6-18
defaultportoperation6-25
described6-13,6-24
Dyn16-14
dynamic6-24
enablingdynamictrunk6-22
full-duplexrequired6-4,6-11,6-24
IGMP6-26
nohalf-duplex6-27
outboundtrafficdistribution6-28
overview6-12
passive6-22,6-25
removingportfromdynamictrunk6-23
restrictions6-26
standbylink6-24
status,terms6-25
STP6-26
VLANs6-26
learningbridge5-2
leavegroup
SeeIGMP
legacyVLAN9-52
linkspeed,porttrunk6-11
linktest11-14
fortroubleshooting11-14
link,serial5-16
loadbalancing
Seeporttrunk
loop,network6-11,9-102,9-108
lostpassword4-11
M
MACaddress5-13,10-5,B-1
4Index
duplicate9-759-76,11-8,11-10
learned10-1110-12
portB-1,B-3
switchB-1
VLAN9-74,B-1
management
interfacesdescribed1-2
serverURL4-134-14
serverURLdefault4-15
manageraccess8-6
managerpassword4-9,4-11,7-4,7-6
Manual,IPaddress5-7
mediatype,porttrunk6-11
memory
flash2-10
startupconfiguration2-10
menuinterface
configurationchanges,saving2-10
message
inconsistentvalue7-19
VLANalreadyexists9-68
MIB8-4
MIBlisting8-3
MIB,HPproprietary8-3
MIB,standard8-3
MicrosoftInternetExplorer4-5
mirroring
Seeportmonitoring.
Monitorparameter10-23
monitoringaVLAN10-24
monitoringtraffic10-21
monitoring,traffic8-2
multicastgroup
SeeIGMP
multimedia
SeeIGMP
multipleVLAN8-2
multi-portbridge5-2
N
navigation,consoleinterface2-92-10
navigation,eventlog11-13
Netscape4-5
networkmanagementfunctions8-5
networkmanageraddress8-4
networkmonitoring
trafficoverload10-21
VLANmonitoringparameter10-24
NetworkMonitoringPortscreen10-21
networkslow11-6
notesonusingVLANs9-56
O
onlinehelp4-14
onlinehelplocation4-14
operatingnotes
portsecurity7-28
operatoraccess8-6
operatorpassword4-9,4-11,7-4,7-6
OS
versionA-5A-6,A-8
OSdownload
failureindicationA-9
switch-to-switchdownloadA-6
troubleshootingA-9
usingTFTPA-3
out-of-band1-3
P
password4-9,4-11
browser/consoleaccess7-5
case-sensitive7-6
creating4-9
delete2-7,4-11,7-6
deletingwiththeClearbutton7-7
ifyoulosethepassword4-11,7-7
incorrect7-5
length7-6
lost4-11
manager4-9
operator4-9
set2-7
setting4-10,7-5
usingtoaccessbrowserandconsole4-11
pathcost9-109
pingtest11-14
fortroubleshooting11-14
port
1000Mbps,full-duplexonly6-4
addresstable10-12
AddressTablescreen9-76
autonegotiation6-4
I
n
d
e
x
Index5
I
n
d
e
x
auto,IGMP9-92
auto-negotiation6-3
blockedbySTPoperation9-108
blocked,IGMP9-92
CLIaccess6-6
contextlevel6-8
cost
Seespanningtreeprotocol.
counters10-8
counters,reset10-8
fiber-optic6-4
forwarding,IGMP9-92
full-duplex,LACP6-4
MACaddressB-3B-4
menuaccess6-5
monitoring9-74
numbering6-2
securityconfiguration7-9
Seeporttrunk
speedchange,transceiver6-4
state,IGMPcontrol9-92
trafficpatterns10-8
utilization4-17
webbrowserinterface4-17
webbrowseraccess6-9
PortConfiguration6-1
portsecurity
authorizedaddressdefinition7-10
basicoperation7-9
configuring7-11
configuringinbrowserinterface7-21,7-28
eventlog7-27
intrusionalert6-3
noticeofsecurityviolations7-22
operatingnotes7-28
overview7-9
porttrunkrestriction6-11
priorto7-29
proxywebserver7-29
trunkrestriction6-15
porttrunk6-10
bandwidthcapacity6-10
caution6-11,6-16,6-23
CLIaccess6-18
defaulttrunktype6-17
enablingdynamicLACP6-22
IGMP6-15
LACP6-4
LACP,fullduplexrequired6-11
limit6-10
linkrequirements6-11
mediarequirements6-14
mediatype6-11
menuaccesstostatictrunk6-16
monitorportrestrictions6-15
nonconsecutiveports6-10
portsecurityrestriction6-15
removingportfromstatictrunk6-21
requirements6-14
SA/DA6-28
Seealso LACP
SeeLACP
spanningtreeprotocol6-15
statictrunk6-14
statictrunk,overview6-12
STP6-15
STPoperation6-14
trafficdistribution6-14
Trk16-14
trunk(non-protocol)option6-13
trunkoptiondescribed6-27
types6-13
VLAN6-15,9-74
VLANoperation6-14
webbrowseraccess6-23
porttrunkgroup
interfaceaccess6-1
powerinterruption,effectoneventlog11-11
primaryVLAN
SeeVLAN
priorto7-25,7-27,7-29
priority9-92
Seespanningtree
proprietaryMIB8-3
proxy
webserver7-29
publicSNMPcommunity8-48-5
Q
query
SeeIGMP
quickconfiguration2-8
quickstart5-4
6Index
R
reboot2-8,2-10,2-12,9-83
reboot,actionscausingC-3
reconfigure2-10
redundantpath9-102,9-108
spanningtree9-103
report
SeeIGMP
reset2-12,C-9
Resetbutton
restoringfactorydefaultconfiguration11-20
resetportcounters10-8
resettingtheswitch
factorydefaultreset11-20
restrictedaccess8-6
restrictedwriteaccess8-6
RFC
SeeMIB
RFC12138-3
RFC14938-3
RFC15158-3
RFC15738-3
RFC17578-3
RIPENCC5-15
RMON8-3
RMONgroupssupported8-13
RMON,extended8-13
router9-76,9-97
gateway5-6
routerreleaseA.09.709-76
RS-2321-3
S
security4-11,5-16
perport7-9
securityviolations
noticesof7-22
SelfTestLED
behaviorduringfactorydefaultreset11-20
serialnumber10-5
server
accessfailure9-103
Timep5-6
settingapassword7-5
settingfaultdetectionpolicy4-24
setupscreen5-4
severitycode,eventlog11-11
slownetwork11-6
SNMP8-2
CLIcommands8-6
communities8-4,8-68-7
Communitiesscreen8-6
community
configure8-4
IP8-2
publiccommunity8-58-6
restrictedaccess8-6
traps8-3
SNMP-baseddownloadA-6
softwareversion10-5
sortingalertlogentries4-20
spanningtree9-102
blockedlink9-110
blockedport9-108
causingduplicateMACaddress9-75
descriptionofoperation9-108
enablingfromthebrowserinterface9-108
fastmode9-109
globalinformation10-15
informationscreen10-15
linkpriority9-103
portcost9-108
portpriorityautomaticsetting9-108
problemsrelatedto11-8
statistics10-15
usingwithporttrunking6-15
VLANeffecton9-73
stacking
benefits9-59-6
minimumsoftwareversion,otherHP
switches9-11
primary9-48
standardMIB8-3
startingaconsolesession2-4
staticVLAN,convertto9-77
statisticalsampling8-2,8-13
statistics2-7,10-3
statistics,clearcounters2-12,C-9
statusandcounters
accessfromconsole2-7
statusandcountersmenu10-4
statusoverviewscreen4-7
STP
Seespanningtree
I
n
d
e
x
Index7
8 Index
I
n
d
e
x
server access failure 9-103
subnet 9-98
subnet address 9-50
subnet mask 5-5, 5-7
See also IP
Sun workstation 9-75
support
changing default URL 4-14
URL 4-13
URL Window 4-13
switch console
See console
switch setup menu 2-8
switch-to-switch download A-6
system configuration screen 5-21
System Name parameter 5-22
T
tagged VLAN
See VLAN
TCP/IP reference book 5-15
Telnet 2-4
Telnet, enable/disable 5-17
Telnet, problem 11-5
terminal access, lose connectivity 5-19
terminal type 5-16
TFTP
download A-2, A-4
OS download A-3
threshold setting 8-5
time format 11-11
Time Protocol parameter 5-6
time server 5-3
time, configure 5-25
TimeP 5-3 5-5
Timep 5-4, 5-6
Timep Poll Interval 5-6
Timep Server 5-6
Time-To-Live 5-3, 5-5
top talker 6-28
TopTools 1-6
TopTools system requirements 4-5
TopTools, main screen 1-6
traffic analysis 8-2
traffic monitoring 8-2, 8-5
traffic, monitoring 10-21
traffic, port 10-8
transceiver, fiber-optic 6-4
transceiver, speed change 6-4
trap 4-25
authentication 8-10
authentication trap 8-12
CLI access 8-11
event levels 8-10
limit 8-10
receiver 8-10
SNMP 8-10
Trap Receivers Configuration screen 8-10
trap receiver 8-4, 8-10
configuring 8-12
troubleshooting
approaches 11-3
authorized IP managers 7-39
browsing the configuration file 11-18
console access problems 11-4
diagnosing unusual network activity 11-6
diagnostics tools 11-14
OS download A-9
ping and link tests 11-14
restoring factory default configuration 11-20
unusual network activity 11-6
using the event log 11-11
web browser access problems 11-4
trunk
See port trunk
TTL 5-3, 5-5
types of alert log entries 4-21
U
unauthorized access 8-12
Universal Resource Locator
See URL
Unix, Bootp 5-13
unrestricted write access 8-6
unusual network activity 11-6
up time 10-5
URL 4-14
browser interface online help location 4-14
HP ProCurve 4-14
management 4-14
management server 4-13 4-14
support 4-13 4-14
user name
cleared 7-7
Index 9
I
n
d
e
x
user name, using for browser or console
access 4-9, 4-11
using the passwords 4-11
utilization, port 4-17
V
value, inconsistent 7-19
version, OS A-5 A-6, A-8
VID
See VLAN
virtual stacking
transmission interval range 9-18 9-19
VLAN 5-4, 9-50, 9-73 9-76, 10-23 10-24, 11-10, B-1
802.1Q 9-110
address 8-2
Bootp 5-13
configuring Bootp 5-13
convert dynamic to static 9-77
DEFAULT_ VLAN 9-53
deleting 9-75
device not seen 11-9
DHCP, primary VLAN 9-54
duplicate MAC address 9-75
dynamic 9-50, 9-56 9-57, 9-62
effect on spanning tree 9-73
event log entries 11-11
ID 3-15
IGMP configuration 9-92
limit 9-57, 9-62
link blocked 11-8
MAC address 9-74
monitoring 10-2, 10-24
multiple 8-2
multiple VLANs on port 9-71
network monitoring 10-21
notes on using 9-56
number allowed, including dynamic 9-60
OS download A-3
port assignment 9-60
port configuration 9-72, 11-9
port monitoring 9-74
port restriction 9-75
port trunk 9-74
primary 5-3, 9-11, 9-36, 9-48, 9-54
primary VLAN 9-53
primary, CLI command 9-63, 9-65
primary, select in menu 9-58
primary, web configure 9-68
primary, with DHCP 9-56
reboot required 2-8
restrictions 9-75
spanning tree operation 9-110
stacking, primary VLAN 9-54
static 9-50, 9-54, 9-57, 9-62
support enable/disable 2-8
switch capacity 9-50
tagged 9-51
tagging 9-69, 9-71
tagging broadcast, multicast, and unicast
traffic 11-9
unknown VLAN 9-83
untagged 9-52, 9-61
VID 9-50, 9-71
VID, default VLAN 9-54
VLAN already exists, message 9-68
VLAN ID
See VLAN 3-15
VT-100 terminal 5-16
W
warranty 1-ii
web agent enabled 4-2
web agent,
advantages 1-5
web browser access configuration 5-16
web browser enable/disable 5-17
web browser interface
access parameters 4-9
alert log 4-7, 4-20
alert log details 4-22
alert types 4-21
bandwidth adjustment 4-18
bar graph adjustment 4-18
configuration, support URL 4-14
disable access 4-2
enabling 4-5
error packets 4-17
fault detection policy 4-9, 4-24
fault detection window 4-24
features 1-5
first-time install 4-8
first-time tasks 4-8
help via TopTools 4-14
main screen 4-16
10 Index
I
n
d
e
x
management server URL 4-14
online help 4-14
online help location specifying 4-14
online help, inoperable 4-14
overview 4-16
Overview window 4-16
password lost 4-11
password, setting 4-10
port status 4-19
port utilization 4-17
port utilization and status displays 4-17
screen elements 4-16
security 4-2, 4-9
standalone 4-5
status bar 4-23
status indicators 4-23
status overview screen 4-7
system requirements 4-4 4-5
troubleshooting access problems 11-4
URL default 4-15
URL, management server 4-15
URL, support 4-15
web browser interface
authorized IP managers 7-35 7-36
IGMP 9-97
port security 7-21
STP 9-108
web server, proxy 7-29
web site, HP 8-4
world wide web site, HP
See HP ProCurve
write access 8-6
write memory 9-89
X
Xmodem OS download A-7
XNS 9-75

Management and Configuration Guide ProCurve Switch 2500 Series

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Management and Configuration Guide ProCurve Switch 2500 Series

Uploaded by

Copyright:

Available Formats

Management and

PortList <[ethernet]port-list> Identifiestheportorportsonwhichtoapplyaportsecuritycommand.

Syntax: showinterface ListIntrusionAlertstatus.

Candidate IPAddr:Optional. n/a Passwordsoptional.Ifthe UsesstandardSNMP

Parameter DefaultSetting OtherSettings

Syntax: name<vlan-name> Changesthenameoftheexisting

viewingtheSTPconfiguration n/a page page

Name Range Function Default

Feature Default Menu CLI Web

You might also like