Page 1 2500 switches www.hp.com/go/procurve...
Page 3 HP ProCurve Switches 2512 and 2524 Software Release F.01or Greater Management and Configuration Guide...
Page 4 Hewlett-Packard. Warranty See the Customer Support/Warranty booklet included with the product. A copy of the specific warranty terms applicable to your Hewlett-Packard products and replacement parts can be obtained from your HP Sales and Service Office or authorized dealer.
Page 5: Preface
Interface (hereafter referred to as the “web browser interface”), use the online help available for the web browser interface. For more information on web browser Help options, refer to “Online Help for the HP Web Browser Interface” on page 4-12.
Page 7: Table Of Contents
Rebooting the Switch ........
Page 8 Using a Standalone Web Browser in a PC or UNIX Workstation ..4-5 Using HP TopTools for Hubs & Switches ..... . . 4-6 Tasks for Your First HP Web Browser Interface Session .
Page 9 Web: Configuring IP Addressing ......5-10 How IP Addressing Affects Switch Operation ....5-10 DHCP/Bootp Operation .
Page 10 Trunk Operation Using the “FEC” Option ..... . 6-27 How the Switch Lists Trunk Data ......6-28 Outbound Traffic Distribution Across Trunked Links .
Page 11 Listing the Switch’s Current Authorized IP Manager(s) ..7-34 Configuring IP Authorized Managers for the Switch ..7-35 Web: Configuring IP Authorized Managers ..... 7-36 Building IP Masks .
Page 12 Overview ........... . . 9-4 HP ProCurve Stack Management ....... 9-5 Which Devices Support Stacking? .
Page 13 VLAN Tagging Information ........9-69 Effect of VLANs on Other Switch Features ..... 9-73 Spanning Tree Protocol Operation with VLANs .
Page 14 Planning for GVRP Operation ....... . 9-84 Configuring GVRP On a Switch ....... 9-84 GVRP Operating Notes .
Page 15 CLI Access ..........10-5 Switch Management Address Information ..... . 10-6 Menu Access .
Page 16 Menu: Switch-to-Switch Download ......A-6 CLI: Switch-To-Switch Download ......A-7 Menu: Xmodem Download .
Page 17 Transferring Switch Configurations ......A-10 B: MAC Address Management Appendix B Contents ......... B-1 Overview .
Page 18 Contents...
Page 19: Chapter Contents
Advantages of Using the CLI ........1-4 Advantages of Using the HP Web Browser Interface ... . . 1-5...
Page 20: Overview
For information on how to access the web browser interface Help, see “Online Help for the Web Browser Interface” on page 4-12. To use HP TopTools for Hubs & Switches, refer to the HP TopTools User’s Guide and the TopTools online help, which are available electronically with the TopTools software.
Page 21: Advantages Of Using The Menu Interface
• Software downloads Offers out-of-band access (through the RS-232 connection) to the switch, so network bottlenecks, crashes, lack of configured or correct IP address, and network downtime do not slow or prevent access Enables Telnet (in-band) access to the menu functionality.
Page 22: Advantages Of Using The Cli
To monitor and analyze switch operation, see chapter 10, "Monitoring and Analyzing Switch Operation". For information on individual CLI commands, refer to the Index or to the "Command Line Interface Reference Guide" available on HP’s ProCurve website at http://www.hp.com/go/procurve Operator Level...
Page 23: Advantages Of Using The Hp Web Browser Interface
Advantages of Using the HP Web Browser Interface Figure 1-3. Example of the HP Web Browser Interface Easy access to the switch from anywhere on the network Familiar browser interface--locations of window objects consistent with commonly used browsers, uses mouse clicking for navigation, no...
Page 24: Advantages Of Using Hp Toptools For Hubs & Switches
Advantages of Using HP TopTools for Hubs & Switches You can operate HP TopTools from a PC on the network to monitor traffic, manage your hubs and switches, and proactively recommend network changes to increase network uptime and optimize performance. Easy to install and use, HP TopTools for Hubs &...
Page 25 Advantages of Using HP TopTools for Hubs & Switches • Notifies you when HP hubs use “self-healing” features to fix or limit common network problems. • Provides a list of discovered devices, with device type, connectivity status, the number of new or open alerts for each device, and the type of management for each device.
Page 26 Selecting a Management Interface Advantages of Using HP TopTools for Hubs & Switches...
Page 27: Chapter Contents
Rebooting the Switch ........
Page 28: Using The Menu Interface
Event Log, and the Operator level in the CLI. After you configure passwords on the switch and log off of the interface, access to the menu interface (and the CLI and web browser interface) will require entry of either the Manager or Operator password.
Page 29: Starting And Ending A Menu Session
This section assumes that either a terminal device is already configured and connected to the switch (see the Installation Guide shipped with your switch) or that you have already configured an IP address on the switch (required for Telnet access).
Page 30: How To Start A Menu Interface Session
• A PC terminal emulator or terminal • Telnet (You can also use the stack Commander if the switch is a stack member. See "HP ProCurve Stack Management" on ). Do one of the following: • If you are using Telnet, go to step 3.
Page 31: How To End A Menu Session And Exit From The Console
For a description of Main Menu features, see “Main Menu Features” on page 2-7. N o t e To configure the switch to start with the menu interface instead of the CLI, go to the Manager level prompt, enter the setup...
Page 32 Telnet session. If you have made configuration changes that require a switch reboot— that is, if an asterisk (*) appears next to a configured item or next to Switch Configuration in the Main menu: Return to the Main menu.
Page 33: Main Menu Features
The Main Menu gives you access to these Menu interface features: Status and Counters: Provides access to display screens showing switch information, port status and counters, port and VLAN address tables, and spanning tree information. (See chapter 10, “Monitoring and Analyzing Switch Operation”.)
Page 34 Stacking: Enables you to use a single IP address and standard network cabling to manage a group of up to 16 switches in the same subnet (broadcast domain). See “HP ProCurve Stack Management” on page 9-5. Logout: Closes the Menu interface and console session, and disconnects Telnet access to the switch.
Page 35: Screen Structure And Navigation
Screen Structure and Navigation Menu interface screens include these three elements: Parameter fields and/or read-only information such as statistics Navigation and configuration actions, such as Save, Edit, and Cancel Help line to describe navigation options, individual parameters, and read- only data For example, in the following System Information screen: Screen title –...
Page 36 (or flash) memory, and it is therefore not necessary to reboot the switch after making these changes. But if an asterisk appears next to any menu item you reconfigure, the switch will not activate or save the change for that item until you reboot the switch.
Page 37 To get Help on individual parameter descriptions. In most screens there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press [H], and a separate help screen is displayed. For example: Highlight on any item in the Actions line indicates that the...
Page 38: Rebooting The Switch
To Reboot the switch, use the Reboot Switch option in the Main Menu. (Note that the Reboot Switch option is not available if you log on in Operator mode; that is, if you enter an Operator password instead of a manager password at the password prompt.)
Page 39 Rebooting To Activate Configuration Changes. Configuration changes for most parameters become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the VLANs to support parameter select 2. Switch Configuration, then 8. VLAN Menu, then...
Page 40: Menu Features List
Using the Menu Interface Menu Features List Menu Features List Status and Counters • General System Information • Switch Management Address Information • Port Status • Port Counters • Address Table • Port Address Table • Spanning Tree Information Switch Configuration •...
Page 41: Where To Go From Here
Where To Go From Here Where To Turn See the Installation and Getting Started Guide shipped with the switch. “HP ProCurve Stack Management” on page 9-5 Chapter 10, "Monitoring and Analyzing Switch Operation" "Using Password Security" on page 7-4 "Using the Event Log To Identify Problem Sources"...
Page 42 Using the Menu Interface Where To Go From Here 2-16...
Page 43 Using the Command Line Interface (CLI) Chapter Contents Overview............3-2 Accessing the CLI .
Page 44: Using The Command Line Interface (Cli)
Overview The CLI is a text-based command interface for configuring and monitoring the switch. The CLI gives you access to the switch’s full set of commands while providing the same password protection that is used in the web browser interface and the menu interface.
Page 45: Privilege Levels At Logon
CLI levels. (For more on setting passwords, see "Using Password Security" on page 7-4.) When you use the CLI to log on to the switch, and passwords are set, you will be prompted to enter a password. For example: Password Prompt Figure 3-1.
Page 46: Privilege Level Operation
Using the CLI C a u t i o n HP strongly recommends that you configure a Manager password. If a Man- ager password is not configured, then the Manager level is not password- protected, and anyone having in-band or out-of-band access to the switch may be able to reach the Manager level and compromise switch and network security.
Page 47: Manager Privileges
Global Configuration level: Provides all Operator and Manager level privileges, and enables you to make configuration changes to any of the switch’s software features. The prompt for the Global Configuration level includes the system name and " config command at the Manager prompt. For example: (Enter config at the Manager prompt.)
Page 48: Changing Interfaces
Execute context-specific configuration commands, such as a particular VLAN or switch port. This is useful for shortening the command strings you type, and for entering a series of commands for the same context. For a list of available commands, enter at the prompt.
Page 49: How To Move Between Levels
—or— Moving Between the CLI and the Menu Interface. When moving between interfaces, the switch retains the current privilege level (Manager or Operator). That is, if you are at the Operator level in the menu and select the Command Line Interface (CLI) option from the Main Menu, the CLI prompt appears at the Operator level.
Page 50: Listing Commands And Command Options
Using the Command Line Interface (CLI) Using the CLI For example, if you use the CLI to set a Manager password, and then later use the Setup screen (in the menu interface) to set a different Manager password, then the first password will be replaced by the second one. Listing Commands and Command Options At any privilege level you can: List all of the commands available at that level...
Page 51: Use [Tab] To Search For Or Complete A Command Word
Typing ? at the Manager level produces this listing: When - - MORE - - appears, use the Space bar or [Return] to list additional commands. Figure 3-4. Example of the Manager-Level Command Listing When - - MORE - - appears, there are more commands in the listing. To list the next screenfull of commands, press the Space bar.
Page 52: Command Option Displays
Using the Command Line Interface (CLI) Using the CLI As mentioned above, if you type part of a command word and press [Tab], the CLI completes the current word (if you have typed enough of the word for the CLI to distinguish it from other possibilities), including hyphenated exten- sions.
Page 53: Displaying Cli "Help
Help summaries for both the Operator and Manager levels, and so on. help Syntax: For example, to list the Operator-Level commands with their purposes: Using the Command Line Interface (CLI) Using the CLI This example displays the command options for configuring port 5 on the switch. 3-11...
Page 54: Displaying Help For An Individual Command
Using the Command Line Interface (CLI) Using the CLI Figure 3-7. Example of Context-Sensitive Command-List Help Displaying Help for an Individual Command. You can display Help for any command that is available at the current context level by entering enough of the command string to identify the command, along with help.
Page 55: Configuration Commands And The Context Configuration Modes
Note that if you try to list the help for an individual command from a privilege level that does not include that command, the switch returns an error message. For example, trying to list the help for the interface command while at the...
Page 56 Using the Command Line Interface (CLI) Using the CLI Figure 3-10. Context-Specific Commands Affecting Port Context 3-14 Lists the commands you can use in the port or static trunk context, plus the Manager, Operator, and context commands you can execute at this level.
Page 57: Vlan Context
VLAN, plus Manager and Operator commands. The prompt for this mode includes the VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch: In the VLAN...
Page 58: Cli Control And Editing
Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing Keystrokes [Ctrl] [A] [Ctrl] [B] or [ <] [Ctrl] [C] [Ctrl] [D] [Ctrl] [E] [Ctrl] [F] or [ >] [Ctrl] [K] [Ctrl] [L] or [Ctrl] [R] [Ctrl] [N] or [ v] [Ctrl] [P] or [ ^] [Ctrl] [U] or [Ctrl] [X]...
Page 59: Using The Hp Web Browser Interface
Using a Standalone Web Browser in a PC or UNIX Workstation ..5 Using HP TopTools for Hubs & Switches ......6 Tasks for Your First HP Web Browser Interface Session .
Page 60: Overview
Using the HP Web Browser Interface Overview Overview The HP web browser interface built into the switch lets you easily access the switch from a browser-based PC on your network. This lets you do the following: Optimize your network uptime by using the Alert Log and other diagnostic...
Page 61: General Features
Port security and Intrusion Log Switch Diagnostics: • Ping/Link Test • Device reset • Configuration report Switch status • Port utilization • Port counters • Port status • Alert log Switch system information listing Using the HP Web Browser Interface General Features...
Page 62: Web Browser Interface Requirements
Color Count Internet Browser (English-language browser only) PC Operating System UNIX® Operating System HP TopTools for Hubs & Switches (Optional) System Requirements for Accessing the HP Web Browser Interface Minimum 90 MHz Pentium 100 MHz 16 Mbytes 800 X 600 PCs: •...
Page 63: Starting An Hp Web Browser Interface Session With The Switch
• Directly connected to your network • Connected through remote access to your network Using a management station running HP TopTools for Hubs & Switches on your network Using a Standalone Web Browser in a PC or UNIX Workstation This procedure assumes that you have a supported web browser (page 4-4) installed on your PC or workstation, and that an IP address has been config- ured on the switch.
Page 64: Using Hp Toptools For Hubs & Switches
Using HP TopTools for Hubs & Switches HP TopTools for Hubs & Switches is designed for installation on a network management workstation. For this reason, the HP TopTools system require- ments are different from the system requirements for accessing the switch’s web browser interface from a non-management PC or workstation.
Page 65 N o t e The above screen appears somewhat different if the switch is configured as a stack Commander. For an example, see figure 1-3 on page 1-5. Starting an HP Web Browser Interface Session with the Switch First-Time Install Alert...
Page 66: Tasks For Your First Hp Web Browser Interface Session
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Tasks for Your First HP Web Browser Interface Session The first time you access the web browser interface, there are three tasks that you should perform: Review the “First Time Install”...
Page 67: Creating Usernames And Passwords In The Browser Interface
Tasks for Your First HP Web Browser Interface Session This window is the launching point for the basic configuration you need to perform to set web browser interface passwords to maintain security and Fault Detection policy, which determines the types of messages that will be displayed in the Alert Log.
Page 68 Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Figure 4-3. The Device Passwords Window To set the passwords: Access the Device Passwords screen by one of the following methods: • If the Alert Log includes a “First Time Install” event entry, double click on this event, then, in the resulting display, click on the secure access to the device link.
Page 69: Using The Passwords
Tasks for Your First HP Web Browser Interface Session Using the Passwords Figure 4-4. Example of the Password Window in the Web Browser Interface The manager and operator passwords are used to control access to all switch interfaces. Once set, you will be prompted to supply the password every time you try to access the switch through any of its interfaces.
Page 70: Online Help For The Hp Web Browser Interface
Context-sensitive help is provided for the screen you are on. N o t e If you do not have HP TopTools for Hubs and Switches installed on your network and do not have an active connection to the World Wide Web, then Online help for the web browser interface will not be available.
Page 71: Support/Mgmt Urls Feature
- the URL of the network Management server or other source of the online help files for this web browser inter- face. (The default accesses Help on HP’s World Wide Web site.) Figure 4-6. The Default Support/Mgmt URLs Window Using the HP Web Browser Interface 1.
Page 72: Support Url
4-6. The switch is shipped with the URL set to retrieve online Help from the HP World Wide Web site. However, if HP TopTools for Hubs & Switches is installed on a management station on your network and discovers the switch, the Management Server URL is automatically changed to retrieve the Help from your TopTools management station.
Page 73: Policy Management And Configuration
If you have World Wide Web access from your PC or workstation, and do not have HP TopTools installed on your network, enter the following URL in the Management Server URL field shown in figure 4-7 on page 4-15: http://www.hp.com/rnd/device_help...
Page 74: Status Reporting Features
Using the HP Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: The Overview window (below) Port utilization and status (page ) The Alert log (page ) The Status bar (page ) The Overview Window The Overview Window is the home screen for any entry into the web browser interface.The following figure identifies the various parts of the screen.
Page 75: The Port Utilization And Status Displays
The Port Utilization and Status Displays The Port Utilization and Status displays show an overview of the status of the switch and the amount of network activity on each port. The following figure shows a sample reading of the Port Utilization and Port Status.
Page 76: Utilization Guideline
Using the HP Web Browser Interface Status Reporting Features Maximum Activity Indicator: As the bars in the graph area change height to reflect the level of network activity on the corresponding port, they leave an outline to identify the maximum activity level that has been observed on the port.
Page 77: Port Status
Note that the Port Fault-Disabled symbol will be displayed in the legend only if one or more of the ports is in that status. See chapter 7, “Monitoring and Analyzing Switch Operation” for more information.
Page 78: The Alert Log
Using the HP Web Browser Interface Status Reporting Features The Alert Log The web browser interface Alert Log, shown in the lower half of the screen, shows a list of network occurrences, or alerts, that were detected by the switch. Typical alerts are Broadcast Storm, indicating an excessive number of broadcasts received on a port, and Problem Cable, indicating a faulty cable.
Page 79: Alert Types
Lost connection to one or multiple devices on the port. Loss of stack member The Commander has lost the connection to a stack member. Security violation A security violation has occurred. Alert Strings and Descriptions Using the HP Web Browser Interface Status Reporting Features 4-21...
Page 80: Viewing Detail Views Of Alert Log Entries
Status Reporting Features N o t e When troubleshooting the sources of alerts, it may be helpful to check the switch’s Port Status and Port Counter windows and the Event Log in the console interface. Viewing Detail Views of Alert Log Entries By double clicking on Alert Entries, the web browser interface displays a Detail View or separate window detailing information about the events.
Page 81: The Status Bar
Normal Activity Yellow Warning Critical System Name. The name you have configured for the switch by using Identity screen, system name command, or the switch console System Information screen. Most Critical Alert Description. A brief description of the earliest, unacknowledged alert with the current highest severity in the Alert Log, appearing in the right portion of the Status Bar.
Page 82: Setting Fault Detection Policy
Using the HP Web Browser Interface Status Reporting Features Product Name. The product name of the switch to which you are connected in the current web browser interface session. Setting Fault Detection Policy One of the powerful features in the web browser interface is the Fault Detection facility.
Page 83 Never. Disables the Alert Log and transmission of alerts (traps) to the management server (in cases where a network management tool such as HP TopTools for Hubs & Switches is in use). Use this option when you don’t want to use the Alert Log.
Page 84 Using the HP Web Browser Interface Status Reporting Features 4-26...
Page 85: Configuring Ip Addressing, Interface Access, And System Information
Web: Configuring IP Addressing ......5-10 How IP Addressing Affects Switch Operation ....5-10 DHCP/Bootp Operation .
Page 86: Overview
Chapter 2, “Using the Menu Interface” Chapter 3, “Using the Command Line Interface (CLI)” Chapter 4, Using the HP Web Browser Interface” Why Configure IP Addressing? In its factory default configuration, the switch operates as a multiport learning bridge with network connectivity provided by the ports on the switch.
Page 87: Ip Configuration
VLANs. The gateway value is the IP address of the next-hop gateway node for the switch, which is used if the requested destina- tion address is not on a local subnet/VLAN. If the switch does not have a manually-configured default gateway and DHCP/Bootp is configured on the primary VLAN, then the default gateway value provided by the DHCP or Bootp server will be used.
Page 88: Just Want A Quick Start
If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, HP recommends that you use the Switch Setup screen to quickly configure IP addressing. To do so, do one of the following: Enter setup at the CLI Manager level prompt.
Page 89: Ip Addressing In A Stacking Environment
URL in your web browser. IP Addressing in a Stacking Environment If you are installing the switch into an HP ProCurve stack management environment, entering an IP address may not be required. See “HP ProCurve Stack Management”...
Page 90 TTL and type in a value between 2 and 255 (seconds). At the TimeP Config field do one of the following: • If you want the switch to obtain the IP address of the Timep server via DHCP server, keep the value as DHCP. •...
Page 91: Cli: Configuring Ip Address, Gateway, Time-To-Live (Ttl)
5-9 ip ttl page 5-9 [no] ip timep page 5-10 For a listing of the full CLI command set, including syntax and options, see the CLI command reference available on the HP ProCurve website at: http://www.hp.com/go/procurve IP Configuration...
Page 92 IP Configuration Viewing the Current IP Configuration. The following command displays the IP addressing for each VLAN configured in the switch. If only the DEFAULT_VLAN exists, then its IP configuration applies to all ports in the switch. Where multiple VLANs are configured, the IP addressing is listed per VLAN.
Page 93 ID of the VLAN for which you are configuring IP addressing or go to the context configuration level for that VLAN. (If you are not using VLANs on the switch—that is, if the only VLAN is the default VLAN—then the VLAN ID is always “1”.) N o t e The default IP address setting for the DEFAULT_VLAN is DHCP/Bootp.
Page 94: Web: Configuring Ip Addressing
Console RS-232 port. You can use direct-connect console access to take advantage of features that do not depend on IP addressing. However, to realize the full performance capabilities HP proactive networking offers through the switch, configure the switch with an IP address and subnet mask compatible with your network.
Page 95: Dhcp/Bootp Operation
DHCP/Bootp Operation Overview. DHCP/Bootp is used to provide configuration data from a DHCP or Bootp server to the switch. This data can be the IP address, subnet mask, default gateway, Timep Server address, and TFTP server address. If a TFTP server address is provided, this allows the switch to TFTP a previously saved configuratin file from the TFTP server to the switch.
Page 96 If the switch is initially configured for DHCP/Bootp operation (the default), or if it is rebooted with this configuration, it immediately begins sending request packets on the network. If the switch does not receive a reply to its DHCP/Bootp requests, it continues to periodically send request packets, but with decreasing frequency.
Page 97 Bootp Database Record Entries. A minimal entry in the Bootp table file /etc/bootptab to update an IP address and subnet mask to the switch or a VLAN configured in the switch would be similar to this entry:...
Page 98: Network Preparations For Configuring Dhcp/Bootp
IP address and the address of a Timep server. If the DHCP/Bootp reply provides information for downloading a config- uration file, the switch uses TFTP to download the file from the designated source, then reboots itself. (This assumes that the switch or VLAN has...
Page 99: Globally Assigned Ip Network Addresses
Configuring IP Addressing, Interface Access, and System Information Globally Assigned IP Network Addresses If you intend to connect your network to other networks that use globally administered IP addresses, Hewlett-Packard strongly recommends that you use IP addresses that have a network address assigned to you. There is a formal process for assigning unique IP addresses to networks worldwide.
Page 100: Interface Access: Console/Serial Link, Web, And Inbound Telnet
IP authorized managers. However if unauthorized access to the switch through in-band means (Telnet or the web browser interface), then you can disallow in-band access (as described in this section) and install the switch in a locked environment. 5-16...
Page 101: Menu: Modifying The Interface Access
Inactivity Timeout Inbound Telnet Enabled Web Agent Enabled To Access the Interface Access Parameters: From the Main Menu, Select... 2. Switch Configuration... 1. System Information Interface Access Parameters Figure 5-4. The Default Interface Access Parameters Available in the Menu Interface Press [E] (for Edit).
Page 102: Cli: Modifying The Interface Access
[no] web-management console Listing the Current Console/Serial Link Configuration. This com- mand lists the current interface access parameter settings. Syntax: This example shows the switch’s default console/serial configuration. Interface Access Enable/Disable Console Control Options Figure 5-5. Listing of Show Console Command Reconfigure Inbound Telnet Access.
Page 103 Syntax: N o t e If you change the Baud Rate or Flow Control settings for the switch, you should make the corresponding changes in your console access device. Oth- erwise, you may lose connectivity between the switch and your terminal emulator due to differences between the terminal and switch settings for these two parameters.
Page 104 Configure individual parameters. Save the changes. Boot the switch. Figure 5-7. Example of Executing a Series of Console Commands 5-20 The switch implements the Event Log change immediately. The switch implements write memory the other console changes after executing reload...
Page 105: System Information
System Name: Using a unique name helps you to identify individual devices in stacking environments and where you are using an SNMP network manage- ment tool such as HP TopTools for Hubs & Switches. System Contact and Location: This information is helpful for identifying the person administratively responsible for the switch and for identifying the locations of individual switches.
Page 106: Menu: Viewing And Configuring System Information
Daylight Time Rule: Specifies the daylight savings time rule to apply for your location. The default is None. (For more on this topic, see appendix D, “Daylight Savings Time on HP ProCurve Switches.) Time: Used in the CLI to specify the time of day, the date, and other system parameters.
Page 107: Cli: Viewing And Configuring System Information
[contact <system contact>] [location <system location>] Note that no blank spaces are allowed in the variables for these commands. For example, to name the switch “Blue” with “Ext-4474” as the system contact, and “North-Data-Room” as the location: HP2512(config)# hostname Blue...
Page 108 Configuring IP Addressing, Interface Access, and System Information System Information Figure 5-10. System Information Listing After Executing the Preceding Commands Reconfigure the Age Interval for Learned MAC Addresses. This com- mand corresponds to the MAC Age Interval in the menu interface, and is expressed in seconds.
Page 109: Web: Configuring System Parameters
Also, executing time without param- eters lists the switch’s time of day and date. Note that the CLI uses a 24-hour clock scheme; that is, hour (hh) values from 1 p.m. to midnight are input as 13 - 24, respectively.
Page 110 Configuring IP Addressing, Interface Access, and System Information System Information 5-26...
Page 111: Optimizing Port Usage Through Traffic Control And Port Trunking
Trunk Operation Using the “FEC” Option ......27 How the Switch Lists Trunk Data ......28...
Page 112: Overview
Creating and modifying a dynamic LACP or static port trunk group (page 6-10) Port numbers in the status and configuration screens correspond to the port numbers on the front of the switch. Viewing Port Status and Configuring Port Parameters Port Status and ConfigurationFeatures...
Page 113 • Auto-10: Allows the port to negotiate between half-duplex (HDx) and full-duplex (FDx) while keeping speed at 10 Mbps. Also negotiates flow control (enabled or disabled). HP recommends Auto-10 for links between 10/100 autosensing ports connected with Cat 3 cabling. (Cat 5 cabling is required for 100 Mbps links.).
Page 114 CLI: Appears in the (CLI) Note: An LACP trunk requires a full-duplex link. In most cases, HP recommends that you leave the port Mode setting at Auto (the default). See the LACP Note on page 6-11. For more on port trunking, see “Port Trunking” on page 6-10.
Page 115: Menu: Viewing Port Status And Configuring Port Parameters
For information on port trunk groups, see “Port Trunking” on page 6-10. From the Main Menu, Select: 2. Switch Configuration... 2. Port/Trunk Settings Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters...
Page 116: Cli: Viewing Port Status And Configuring Port Parameters
Lists the full status and configuration for all ports on the switch. show interface config: Lists a subset of the data shown by the show interfaces command (above); that is, only the enabled/disabled, mode, and flow control status for all ports on the switch. below page 6-7 page 6-8...
Page 117 The next two figures list examples of the output of the above two commands for the same port configuration on a Switch 2512 or 2524. Figure 6-1. Example of a Show Interface Command Listing Figure 6-2. Example of a Show Interface Config Command Listing...
Page 118 Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Using the CLI To Configure Ports. You can configure one or more of the following port parameters. For details on each option, see Table 6-1 on page 6-3.
Page 119: Web: Viewing Port Status And Configuring Port Parameters
Optimizing Port Usage Through Traffic Control and Port Trunking Web: Viewing Port Status and Configuring Port Parameters In the web browser interface: Click on the Configuration tab. Click on [Port Configuration]. Select the ports you want to modify and click on [Modify Selected Ports]. After you make the desired changes, click on [Apply Settings].
Page 120: Port Trunking
A trunk group is a set of up to four ports configured as members of the same port trunk. Note that the ports in a trunk group do not have to be consecutive. For example: Switch 1: Ports 1 - 4 configured as a port trunk group.
Page 121: Switch 2512 And 2524 Port Trunk Features And Operation
L A C P N o t e LACP operation requires full-duplex (FDx) links. For most installations, HP recommends that you leave the port Mode settings at Auto (the default). LACP also operates with Auto-10 (if negotiation selects HDx), 10FDx, 100FDx, and 1000FDx settings.
Page 122: Trunk Configuration Methods
Static Trunk: The switch uses the links you configure with the Port/Trunk Settings screen in the menu interface or the trunk command in the CLI to create a static port trunk. The switch offers three types of static trunks: LACP, Trunk, and FEC.
Page 123 See “Trunk Group Operation Using LACP” on page 6-24. Trunk Provides manually configured, static-only trunking to: (non- • Most HP switches and routing switches not running the 802.3ad LACP protocol. protocol) • Windows NT and HP-UX workstations and servers Use the Trunk option when: –...
Page 124 Media: All ports on both ends of a trunk group must have the same media type and mode (speed and duplex). The switch blocks any trunked links that do not conform to this rule. (For the Switch 2512 and 2524, HP recommends leaving the port...
Page 125 IP Multicast Protocol (IGMP): A static trunk of any type appears in the IGMP configuration display, and you can configure IGMP for a static trunk in the same way that you would configure IGMP on a non-trunked port. (Note that the switch lists the trunk by name—Trk1—and does not list the individual ports in the trunk.) Also, creating a new trunk automatically...
Page 126: Menu: Viewing And Configuring A Static Trunk Group
I m p o r t a n t Configure port trunking before you connect the trunked links to another switch, routing switch, or server. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured.
Page 127 Trunk (the default type if you do not specify a type) – FEC (Fast EtherChannel All ports in the same trunk group on the same switch must have the same Type (LACP, Trunk, or FEC). When you are finished assigning ports to the trunk group, press [Enter], then [S] (for Save) and return to the Main Menu.
Page 128: Check The Event Log (Page 11-11) To Verify That The Trunked Ports Are Operating Properly
Using the CLI To View Port Trunks You can list the trunk type and group for all ports on the switch or for selected ports. You can also list LACP-only status information for LACP-configured ports. Listing Static Trunk Type and Group for All Ports or Selected Ports.
Page 129 Port Trunking The show trunk command in this example does not include a port list. As a result, the listing shows static trunk group information for all switch ports. Figure 6-7. Example of a Show Trunk Listing Without Specifying Ports Listing Static LACP and Dynamic LACP Trunk Data.
Page 130: Using The Cli To Configure A Static Or Dynamic Trunk Group
If no trunk group exists, you can create a trunk group on the switch If a trunk group already exists on the switch, you can add ports to the trunk group or delete ports within the group. You can remove a subset of ports from a trunk group, or delete the trunk...
Page 131 Removing a port from a trunk can result in a loop and cause a broadcast storm. When you remove a port from a trunk where STP is not in use, HP recommends that you disable the port or disconnect the link on that port.
Page 132 Enabling a Dynamic LACP Trunk Group. In the default port configura- tion, all ports on the switch are set to LACP passive. However, to enable the switch to automatically form a trunk group that is dynamic on both ends of the link, the ports on one end of a set of links must be LACP active.
Page 133: Web: Viewing Existing Port Trunk Groups
Unless STP is running on your network, removing a port from a trunk can result in a loop. To help prevent a broadcast storm when you remove a port from a trunk where STP is not in use, HP recommends that you first disconnect the link on that port.
Page 134: Trunk Group Operation Using Lacp
Displaying Dynamic LACP Trunk Data: To list the configuration and status for a dynamic LACP trunk, show lacp use the CLI Note: The dynamic trunk is automatically created by the switch, and is not listed in the static trunk listings available in the menu interface or in the CLI show trunk listing. 6-24...
Page 135: Default Port Operation
LACP trunking. A link having two passive LACP ports will not perform LACP trunking because both ports are waiting for an LACP protocol packet from the opposite device. Note: In the default switch configuration, all ports are configured for passive LACP operation. Trunk Group Trk1: This port has been manually configured into a static LACP trunk.
Page 136: Lacp Notes And Restrictions
LACP Partner Yes: LACP is enabled on both ends of the link. No: LACP is enabled on the Switch 2512/2524, but is not enabled, or LACP has not been detected on the opposite device. LACP Status Success: LACP is enabled on the port, detects and synchronizes with a device on the other end of the link, and can move traffic across the link.
Page 137: Trunk Group Operation Using The "Trunk" Option
Half-Duplex and/or Different Port Speeds Not Allowed in LACP Trunks. The ports on both sides of a trunk must be configured for the same speed and for full-duplex (FDx). In most cases,HP recommends the ing. The 802.3ad LACP standard specifies a full-duplex (FDx) requirement for LACP trunking.
Page 138: How The Switch Lists Trunk Data
SA/DA (source address/destination address) causes the switch to distribute outbound traffic to the links within the trunk group on the basis of source/ destination address pairs. That is, the switch sends traffic from the same source address to the same destination address through the same trunked link,...
Page 139 In actual networking environments, this is rarely a problem. However, if it becomes a problem, you can use the HP TopTools for Hubs & Switches network management software available from Hewlett- Packard to quickly and easily identify the sources of heavy traffic (top talkers) and make adjustments to improve performance.
Page 140 Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking 6-30...
Page 141: Managers To Protect Against Unauthorized Access
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Chapter Contents Overview ........... . . 7-3 Using Password Security .
Page 142 Listing the Switch’s Current Authorized IP Manager(s) ..7-34 Configuring IP Authorized Managers for the Switch ..7-35 Web: Configuring IP Authorized Managers ..... 7-36 Building IP Masks .
Page 143: Overview
File transfers using TFTP (for configurations and software updates) Thus, with authorized IP managers configured, having the correct passwords is not sufficient for accessing the switch through the network unless the station attempting access is also included in the switch’s Authorized IP Managers configuration.
Page 144: Using Password Security
Access to the Status and Counters menu, the Event Log, and the CLI*, but no Configuration capabilities. On the Operator level, the configuration menus, Download OS, and Reboot Switch options in the Main Menu are not available. page 7-7 page 7-8 —...
Page 145: Menu: Setting Manager And Operator Passwords
If there are both a Manager password and an Operator password, but neither is entered correctly, access to the console will be denied. If the switch has neither a Manager password nor an Operator password, anyone having access to the console interface can operate the console with full manager privileges.
Page 146 To Delete Password Protection (Including Recovery from a Lost Password): This procedure deletes both passwords (Manager and Opera- tor). If you have physical access to the switch, press and hold the Clear button (on the front of the switch) for a minimumof one second to clear all password protection, then enter new passwords as described earlier in this chapter.
Page 147: Cli: Setting Manager And Operator Passwords
Manager password, you can clear the password by getting physical access to the switch and pressing and holding the Clear button for a minimum of one second. This action deletes all passwords and user names (Manager and Operator) used by both the console and the web browser interface.
Page 148: Web: Configuring User Names And Passwords
To remove user name and password protection, leave the fields blank. Implement the user names and passwords by clicking on [Apply Changes]. To access the web-based help provided for the switch, click on [?] in the web browser screen. tab.
Page 149: Configuring And Monitoring Port Security
Configuring Port Security Intrusion Alerts and Alert Flags Using Port Security, you can configure each switch port with a unique list of the MAC addresses of devices that are authorized to access the network through that port. This enables individual ports to detect, prevent, and log attempts by unauthorized devices to communicate through the switch.
Page 150: Blocking Unauthorized Traffic
8-10.) Blocking Unauthorized Traffic Unless you configure the switch to disable a port on which a security violation is detected, the switch security measures block unauthorized traffic without disabling the port. This implementation enables you to apply the security...
Page 151: Trunk Group Exclusion
Port security does not operate on either a static or dynamic trunk group. If you configure port security on one or more ports that are later added to a trunk group, the switch will reset the port security parameters for those ports to the factory-default configuration. (Ports configured for either Active or Passive LACP, and which are not members of a trunk, can be configured for port security.)
Page 152 SNMP management station and to (2) optionally disable the port on which the intrusion was detected. d. How do you want to learn of the security violation attempts the switch detects? You can use one or more of these methods: –...
Page 153: Cli: Port Security Command Options And Operation
[address-limit] [mac-address] [action] no port-security [clear-intrusion-flag] This section describes the CLI port security command and how the switch acquires and maintains authorized addresses. N o t e Use the global configuration level to execute port-security configuration commands. Configuring and Monitoring Port Security page 7-16: “CLI: Displaying Current Port Security Settings”...
Page 154 Addresses learned this way appear in the switch and port address tables and age out according to the Address Age Interval in the System Information configuration screen (page 5-22).
Page 155 None (the default): Prevents an SNMP trap from being sent. Send Alarm: Causes the switch to send an SNMP trap to a network management station. Send Alarm and Disable: Available only in the to a network management station and disable the port.
Page 156: Cli: Displaying Current Port Security Settings
With port numbers included in the command, show port-security displays Learn Mode, Address Limit, (alarm) Action, and Authorized Addresses for the spec- ified ports on a switch. The following example lists the full port security configuration for a single port:...
Page 157: Cli: Configuring Port Security
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Figure 7-5. Example of the Port Security Configuration Display for a Single Port The following command example shows the option for entering a range of ports, including a series of non-contiguous ports. Note that no spaces are allowed in the port number portion of the command string: HP2512(config)# show port-security 1-3,6,8 CLI: Configuring Port Security...
Page 158 If you manually configure authorized devices (MAC addresses) and/or an alarm action on a port, those settings remain unless you either manually change them or the switch is reset to its factory-default configuration. You can “turn off” authorized devices on a port by configuring the port to continuous Learn Mode, but subsequently reconfiguring the port to static Learn Mode restores those authorized devices.
Page 159 Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Although the Address Limit is set to 2, only one device has been authorized for this port. In this case you can add another without having to also increase the Address Limit.
Page 160 Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security To add a second authorized device to port 1, execute a port-security command for for port 1 that raises the address limit to 2 and specifies the additional device’s MAC address.
Page 161: Web: Displaying And Configuring Port Security Features
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access For example, suppose port 1 is configured as shown below and you want to remove 0c0090-123456 from the Authorized Address list: The following command serves this purpose by removing 0c0090-123456 and reducing the Address Limit to 1: HP2512(config) # port-security 1 address-limit 1 HP2512(config) # no port-security 1 mac-address...
Page 162: Reading Intrusion Alerts And Resetting Alert Flags
– – • In HP TopTools for Hubs & Switches via an SNMP trap sent to a net management station How the Intrusion Log Operates When the switch detects an intrusion attempt on a port, it enters a record of this event in the Intrusion Log.
Page 163: Keeping The Intrusion Log Current By Resetting Alert Flags
The log shows the most recent intrusion at the top of the listing. You cannot delete Intrusion Log entries (unless you reset the switch to its factory-default configuration). Instead, if the log is filled when the switch detects a new intrusion, the oldest entry is dropped off the listing and the newest entry appears at the top of the listing.
Page 164: Menu: Checking For Intrusions, Listing Intrusion Alerts, And Resetting Alert Flags
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Menu: Checking for Intrusions, Listing Intrusion Alerts, and Resetting Alert Flags The menu interface indicates per-port intrusions in the Port Status screen, and provides details and the reset function in the Intrusion Log screen.
Page 165: Cli: Checking For Intrusions, Listing Intrusion Alerts, And Resetting
Note also that the “ prior to ” text in the record for the earliest intrusion means that a switch reset occurred at the indicated time and that the intrusion occurred prior to the reset. To acknowledge the most recent intrusion entry on port 3 and enable the switch to enter a subsequently detected intrusion on this port, type [R] (for ).
Page 166 Figure 7-10. Example of the Intrusion Log with Multiple Entries for the Same Port The above example shows three intrusions for port 1. Since the switch can show only one uncleared intrusion per port, the older two intrusions in this example have already been cleared by earlier use of the clear intrusion-log or the port-security 1 clear-intrusion-flag command.
Page 167: Using The Event Log To Find Intrusion Alerts
To clear the intrusion from port 1 and enable the switch to enter any subse- quent intrusion for port 1 in the Intrusion Log, execute the port-security 1 clear- intrusion-flag command.
Page 168: Web: Checking For Intrusions, Listing Intrusion Alerts, And Resetting Alert Flags
Operating Notes for Port Security Identifying the IP Address of an Intruder. The Intrusion Log lists detected intruders by MAC address. If you are using HP TopTools for Hubs & Switches to manage your network, you can use the TopTools inventory reports to link MAC addresses to their corresponding IP addresses.
Page 169 MAC address, and not your PC or workstation MAC address, and interprets your connection as unauthorized. “Prior To” Entries in the Intrusion Log. If you reset the switch (using the Reset button, Device Reset, or Reboot Switch), the Intrusion Log will list the time of all currently logged intrusions as “prior to”...
Page 170: Using Ip Authorized Managers
Manager or Operator access level N o t e This feature does not protect access to the switch through a modem or direct connection to the Console (RS-232) port. Also, if the IP address assigned to an authorized management station is configured in another station, the other station can gain management access to the switch even though a duplicate IP address condition exists.
Page 171: Access Levels
Authorized Manager IP value, specify an IP Mask, and select either for the Access Level. The IP Mask determines how the Authorized Operator Manager IP value is used to allow or deny access to the switch by a manage- ment station. Using IP Authorized Managers .
Page 172: Overview Of Ip Mask Operation
Using IP Authorized Managers Overview of IP Mask Operation The default IP Mask is 255.255.255.255 and allows switch access only to a station having an IP address that is identical to the Authorized Manager IP parameter value. (“255” in an octet of the mask means that only the exact value in the corresponding octet of the Authorized Manager IP parameter is allowed in the IP address of an authorized management station.) However, you can...
Page 173: Menu: Viewing And Configuring Ip Authorized Managers
Menu: Viewing and Configuring IP Authorized Managers From the console Main Menu, select: 2. Switch Configuration . . . 7. IP Authorized Managers Figure 7-13. Example of How To Add an Authorized Manager Entry 2. Enter an Authorized Manager IP address here.
Page 174: Cli: Viewing And Configuring Authorized Ip Managers
<ip-address> mask <mask-bits> <operator | manager> Listing the Switch’s Current Authorized IP Manager(s) Use the show ip authorized-managers command to list IP stations authorized to access the switch. For example: Figure 7-15. Example of the Show IP Authorized-Manager Display...
Page 175: Configuring Ip Authorized Managers For The Switch
Similarly, the next command authorizes manager-level access for any station having an IP address of 10.28.227.101 through 103: If you omit the mask when adding a new authorized manager, the switch automatically uses 255.255.255.255 for the mask. If you do not specify either Manager or Operator access, the switch automatically assigns the Manager access.
Page 176: Web: Configuring Ip Authorized Managers
For web-based help on how to use the web browser interface screen, click on the [?] button provided on the web browser screen. Building IP Masks The IP Mask parameter controls how the switch uses an Authorized Manager IP value to recognize the IP addresses of authorized manager stations on your network.
Page 177: Configuring Multiple Stations Per Authorized Manager Ip Entry
The mask determines whether the IP address of a station on the network meets the criteria you specify. That is, for a given Authorized Manager entry, the switch applies the IP mask to the IP address you specify to determine a range of authorized IP addresses for management access. As described above, that...
Page 178 (0) in the 4th octet of the mask allows any value between 0 and 255 in that octet of the corresponding IP address. This mask allows switch access to any device having an IP address of 10.28.227.xxx, where xxx is any value from 0 to 255.
Page 179: Additional Examples For Authorizing Multiple Stations
Even if you need proxy server access enabled in order to use other applications, you can still eliminate proxy service for web access to the switch. To do so, add the IP address or DNS name of the switch to the non-proxy, or “Exceptions” list in the web browser interface you are using on the authorized station.
Page 180 Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers 7-40...
Page 181: Chapter Contents
SNMP Management Features........8-3 Configuring for SNMP Access to the Switch ......8-4 SNMP Communities .
Page 182: Overview
Overview You can manage the switch via SNMP from a network management station. For this purpose, HP recommends HP TopTools for Hubs & Switches — an easy-to-install and use network management application that runs on your Windows NT- or Windows 2000-based PC. HP TopTools for Hubs & Switches provides control of your switch through its web browser interface.
Page 183: Snmp Management Features
Event reporting via SNMP • Version 1 traps • RMON: groups 1, 2, 3, and 9 Managing the switch with an SNMP network management tool such as HP TopTools for Hubs & Switches Supported Standard MIBs include: • Bridge MIB (RFC 1493) dot1dBase, dot1dTp, dot1dStp •...
Page 184: Configuring For Snmp Access To The Switch
The switch SNMP agent also uses certain variables that are included in a Hewlett-Packard proprietary MIB file you can add to the SNMP database in your network management tool. You can copy the MIB file from the HP TopTools for Hubs & Switches CD, or from following World Wide Web site: http://www.hp.com/go/procurve...
Page 185 Configuring for Network Management Applications Configuring for SNMP Access to the Switch C a u t i o n Deleting the community named “public” disables many network management functions (such as auto-discovery, traffic monitoring, SNMP trap generation, and threshold setting). If security for network management is a concern, it is recommended that you change the write access for the “public”...
Page 186: Snmp Communities
SNMP communities, each with either an operator-level or a manager- level view, and either restricted or unrestricted write access. Using SNMP requires that the switch have an IP address and subnet mask compatible with your network. C a u t i o n Deleting or changing the community named “public”...
Page 187 Note: This screen gives an overview of the SNMP communities that are currently configured. All fields in this screen are read- only. Figure 8-1. The SNMP Communities Screen (Default Values) Press [A] (for Add) to display the following screen: If you are adding a community, the fields in this screen are blank.
Page 188: Cli: Viewing And Configuring Community Names
— see “Trap Receivers and Authentication Traps” on page 8-10). Syntax: This example lists the data for all communities in a switch; that is, both the default "public" community name and another community named "red-team" Default Community and...
Page 189: Configuring Identity Information
Configuring Community Names and Values If you enter a community name without an operator or manager designation, the switch automatically assigns the community to Operator for the MIB view. Also, if you do not specify restricted or unrestricted for the read/write MIB access, the switch automatically restricts the community to read access for the MIB.
Page 190: Trap Receivers And Authentication Traps
(trap receiver) snmp-server enable (authentication trap) A trap receiver is a management station designated by the switch to receive SNMP traps sent from the switch. An authentication trap is a specialized SNMP trap sent to trap receivers when an unauthorized management station tries to access the switch.
Page 191: Cli: Configuring And Displaying Trap Receivers
(along with the current SNMP community name data — see “SNMP Communities” on page 8-6). Syntax: In the next example, the show snmp-server command shows that the switch has been previously configured to send SNMP traps to management stations belonging to the “public”, “red-team”, and “blue-team” communities.
Page 192: Configuring Trap Receivers
If this feature is enabled, an authentication trap is sent to the configured trap receiver(s) if a management station attempts an unauthorized access of the switch. Check the event log in the console interface to help determine why the authentication trap was sent. (Refer to “Using the Event Log To Identify Problem Sources”...
Page 193: Advanced Management: Rmon And Hp Extended Rmon Support
RMON lessens the load on devices and network bandwidth. The Extended RMON agent runs automatically on the switch. To use Extended RMON, simply use Traffic Monitor (included with HP TopTools for Hubs & Switches) on your network management station to enable sampling on the ports you want to monitor.
Page 194 Configuring for Network Management Applications Advanced Management: RMON and HP Extended RMON Support 8-14...
Page 195: Chapter Contents
Overview ........... . . 9-4 HP ProCurve Stack Management ......9- 5 Which Devices Support Stacking? .
Page 196 Planning for GVRP Operation ....... 9- 84 Configuring GVRP On a Switch ......9- 84 Menu: Viewing and Configuring GVRP .
Page 197 Role of the Switch ........
Page 198: Overview
This chapter describes the following features and how to configure them with the switch’s built-in interfaces: HP ProCurve Stack Management (Page 9-5): Use your network to stack switches without the need for any specialized cabling—page 9-5. Port-Based VLANs — Page 9-50: GVRP —...
Page 199: Hp Procurve Stack Management
HP ProCurve Stack Management (termed stacking) enables you to use a single IP address and standard network cabling to manage a group of up to 16 total switches in the same IP subnet (broadcast domain). Using stacking, you can: Reduce the number of IP addresses needed in your network.
Page 200: Which Devices Support Stacking
*Requires software release C.08.03 or later, which is included with the 8000M, 4000M, 2424M, and 1600M models as of July, 2000. Release C.08.03 or a later version is also available on the HP ProCurve website at www.hp.com/go/ procurve. (Click on...
Page 201: Components Of Hp Procurve Stack Management
A switch that has been manually configured as the controlling device for a stack. When this occurs, the switch’s stacking configuration appears as Commander. Candidate A switch that is ready to join (become a Member of) a stack through either automatic or manual methods. A switch configured as a Candidate is not in a stack. Member A switch that has joined a stack and is accessible from the stack Commander.
Page 202: Operating Rules For Stacking
Figure 9-2. Example of Stacking with One Commander Controlling Access to Wiring Closet Switches Interface Options. You can configure stacking through the switch’s menu interface, CLI, or the web browser interface. For information on how to use the web browser interface to configure stacking, see the online Help for the web browser interface.
Page 203: Specific Rules
There is no limit on the number of stacks in the same IP subnet (broadcast domain), however a switch can belong to only one stack. If multiple VLANs are configured, stacking uses only the primary VLAN on any switch. In the factory-default configuration, the DEFAULT_VLAN is the primary VLAN.
Page 204 Candidates from automatically joining a stack prematurely or joining the wrong stack (if more than one stack Commander is configured in a subnet or broadcast domain). If you plan to install more than one stack in a subnet, HP recommends that you leave manually add Members to their stacks.
Page 205: Overview Of Configuring And Bringing Up A Stack
2400M, or 1600M in a stack, you must first update all such devices to software version C.08.xx. (You can get a copy of the software from HP’s ProCurve website and/or copy it from one switch to another. For downloading instructions, see appendix A, "File Transfers", in the Management and Configuration Guide you received with these switch models.)
Page 206 Configuring Advanced Features HP ProCurve Stack Management Table 9-3. Stacking Configuration Guide Join Method Automatically add Candidate to Stack (Causes the first 15 eligible, discovered switches in the subnet to automatically join a stack.) Manually add Candidate to Stack (Prevent automatic joining of switches you don’t want in the stack)
Page 207: General Steps For Creating A Stack
9-32 through 9-44 for the CLI. Determine the naming conventions for the stack. You will need a stack name. Also, to help distinguish one switch from another in the stack, you can configure a unique system name for each switch. Otherwise, the system name for a switch appearing in the Stacking Status screen appears as the stack name plus an automatically assigned switch number.
Page 208 Configuring Advanced Features HP ProCurve Stack Management For automatically or manually pulling Candidate switches into a stack, you can leave such switches in their default stacking configuration. If you need to access Candidate switches through your network before they join the stack, assign IP addresses to these devices. Otherwise, IP addressing is optional for Candidates and Members.
Page 209: Using The Menu Interface To View Stack Status And Configure Stacking
Configure Stacking Using the Menu Interface To View and Configure a Commander Switch Configure an IP address and subnet mask on the Commander switch. (See “IP Configuration” on page 5-3.) Display the Stacking Menu by selecting Figure 9-5. The Default Stacking Menu...
Page 210 Configuring Advanced Features HP ProCurve Stack Management Figure 9-6. The Default Stack Configuration Screen Move the cursor to the Stack State field by pressing [E] (for use the Space bar to select the Press the downarrow key to display the Commander configuration fields in the Stack Configuration screen.
Page 211: Using The Menu To Manage A Candidate Switch
) to save your configuration changes and return to the Save Stacking menu. Your Commander switch should now be ready to automatically or manually acquire Member switches from the list of discovered Candidates, depending on your configuration choices. Using the Menu To Manage a Candidate Switch...
Page 212 Auto Join Transmission Interval 60 Seconds Using the Menu To “Push” a Switch Into a Stack, Modify the Switch’s Configuration, or Disable Stacking on the Switch. Use Telnet or the web browser interface to access the Candidate if it has an IP address. Other- wise, use a direct connection from a terminal device to the switch’s console...
Page 213: Using The Commander To Manage The Stack
1 to 300 seconds. Note: All switches in the stack must be set to the same transmis- sion interval to help ensure proper stacking operation. HP recom- mends that you leave this parameter set to the default 60 seconds.
Page 214 Member include any of the following: Auto Grab Auto Join Note: When a switch leaves a stack and returns to Candidate status, its Auto Join stack from which it has just departed. A Manager password is set in the Candidate.
Page 215 Figure 9-10. Example of Candidate List in Stack Management Screen Either accept the displayed switch number or enter another available number. (The range is 0 - 15, with 0 reserved for the Commander.) Use the downarrow key to move the cursor to the MAC Address field, then type the MAC address of the desired Candidate from the Candidate list in the lower part of the screen.
Page 216 Configuring Advanced Features HP ProCurve Stack Management Figure 9-11. Example of Stack Management Screen After New Member Added Using the Commander’s Menu To Move a Member From One Stack to Another. Where two or more stacks exist in the same subnet (broadcast domain), you can easily move a Member of one stack to another stack if the destination stack is not full.
Page 217 Press [A] (for any available candidates. (See figure 9-10 on page 9-21.) Note that you will not see the switch you want to add because it is a Member of another stack and not a Candidate.) Either accept the displayed switch number or enter another available number.
Page 218 When you use the Commander to remove a switch from a stack, the switch rejoins the Candidate pool for your IP subnet (broadcast domain), with...
Page 219 [Enter] to complete the deletion. The Stack Management screen updates to show the new stack Member list. Configuring Advanced Features HP ProCurve Stack Management For status descriptions, see the table on page 9-49. Stack Member List...
Page 220: Using The Commander To Access Member Switches For Configuration Changes And Monitoring Traffic
Use the downarrow key to select the stack Member you want to access, then press [X] (for For example, if you selected switch number 1 (system name: 9-16 and then pressed [X], you would see the Main Menu for the switch named Coral Sea. 9-26 ) to display the console interface for the selected Member.
Page 221: Converting A Commander Or Member To A Member Of
Commander to a Member of another stack. When moving a member, the procedure simply pulls a Member out of one stack and pushes it into another. From the Main Menu of the switch you want to move, select 9. Stacking To determine the MAC address of the destination Commander, select 2.
Page 222: Monitoring Stack Status
Press [S] (for Save). Monitoring Stack Status Using the stacking options in the menu interface for any switch in a stack, you can view stacking data for that switch or for all stacks in the subnet (broadcast domain). (If you are using VLANs in your stack environment, see "Stacking Operation with a Tagged VLAN"...
Page 223 Using Any Stacked Switch To View the Status for All Switches with Stacking Enabled. This procedure displays the general status of all switches in the IP subnet (broadcast domain) that have stacking enabled. Go to the console Main Menu for any switch configured for stacking and select: 9. Stacking ...
Page 224 Viewing Member Status. This procedure displays the Member’s stacking information plus the Commander’s status, IP address, and MAC address. To display the status for a Member: Go to the console Main Menu of the Commander switch and select 9. Stacking ... 5. Stack Access...
Page 225 Main Menu for the Candidate switch and select 9. Stacking ... 1. Stacking Status (This Switch) You will then see the Candidate’s Stacking Status screen: Figure 9-21. Example of a Candidate’s Stacking Screen Configuring Advanced Features HP ProCurve Stack Management 9-31...
Page 226: Using The Cli To View Stack Status And Configure Stacking
“No” form eliminates named stack and returns Commander and stack Members to Candidate status with Auto Join set to No. “No” form prevents the switch from being discovered as a stacking-capable switch. Default: Switch Configured as a Candidate...
Page 227 Manager password. telnet <1..15> Commander: Uses the SN (switch number— assigned by the stack Commander) to access the console interface (menu interface or CLI) of a stack member. To view the list of SN assignments for a stack, execute the show stack command in the Used In: Commander Only Commander’s CLI.
Page 228: Using The Cli To View Stack Status
Viewing the Status of an Individual Switch. The following example illustrates how to use the CLI in a Switch 2524 (or 2512) to display the stack status for that switch. In this case, the switch is in the default stacking configuration.
Page 229 Viewing the Status of all Stack-Enabled Switches Discovered in the IP Subnet. The next example lists all the stack-configured switches discovered in the IP subnet. Because the Switch 2524 on which the show stack all command was executed is a candidate, it is included in the “Others” category.
Page 230: Using The Cli To Configure A Commander Switch
HP ProCurve Stack Management Using the CLI To Configure a Commander Switch You can configure any stacking-enabled switch to be a Commander as long as the intended stack name does not already exist on the broadcast domain. (When you configure a Commander, you automatically create a corresponding stack.)
Page 231 Suppose, for example, that a Switch 2512 named “Bering Sea” is a Member of a stack named “Big_Waters”. To use the switch’s CLI to convert it from a stack Member to the Commander of a new stack named “Lakes”, you would use the...
Page 232: Adding To A Stack Or Moving Switches Between Stacks
Configuring Advanced Features HP ProCurve Stack Management Removes the Member from the “Big_Waters” stack. Converts the former Member to the Com- mander of the new “Lakes” stack. Figure 9-27. Example of Using a Member’s CLI To Convert the Member to the...
Page 233 Using the Commander’s CLI To Manually Add a Candidate to the Stack. To manually add a candidate, you will use: A switch number (SN) to assign to the new member. Member SNs range from 1 to 15. To see which SNs are already assigned to Members, use show stack view.
Page 234 Configuring Advanced Features HP ProCurve Stack Management For example, if the HP 8000M in the above listing did not have a Manager password and you wanted to make it a stack Member with an would execute the following command: The show stack view command then lists the Member added by the above...
Page 235 Use Telnet (if the Candidate has an IP address valid for your network) or a direct serial port connection to access the CLI for the Candidate switch. For example, suppose that a Candidate named “North Sea” with Auto Join off and a valid IP address of 10.28.227.104 is running on a network.
Page 236 Using a Member CLI To “Push” the Member into Another Stack. You can use the Member’s CLI to “push” an HP 2512 or 2524 stack Member into a destination stack if you know the MAC address of the destination Commander.
Page 237: Using The Cli To Remove A Member From A Stack
For example, suppose you have a Switch 2512 operating as the Commander for a temporary stack named “Test”. When it is time to eliminate the temporary “Test” stack and convert the Switch 2512 into a member of an existing stack named “Big_Waters”, you would execute the following commands in the CLI of the Switch 2512: Figure 9-33.
Page 238 Remove this Member from the stack. Figure 9-34. Example of a Commander and Three Switches in a Stack You would then execute this command to remove the “North Sea” switch from the stack: where: • is the “North Sea” Member’s switch number ( •...
Page 239: Using The Cli To Access Member Switches For Configuration Changes And Traffic Monitoring
To find the switch number for the Member you want to access, execute the show stack view you wanted to configure a port trunk on the switch named “North Sea” in the stack named “Big_Waters”. Do do so you would go to the CLI for the “Big_Waters”...
Page 240: Snmp Community Operation In A Stack
<MIB variable> 10.31.29.100 blue@sw1 Note that because the gray community is only on switch 3, you could not use the Commander IP address for gray community access from the management station. Instead, you would access switch 3 directly using the switch’s own IP address.
Page 241: Using The Cli To Disable Or Re-Enable Stacking
(Enables stacking on the switch.) Transmission Interval All switches in the stack must be set to the same transmission interval to help ensure proper stacking operation. HP recommends that you leave this param- eter set to the default 60 seconds. stack transmission-interval <seconds>...
Page 242: Web: Viewing And Configuring Stacking
Configuring Advanced Features HP ProCurve Stack Management Stacking uses only the primary VLAN on each switch in a stack. The primary VLAN can be tagged or untagged as needed in the stacking path from switch to switch. The same VLAN ID (VID) must be assigned to the primary VLAN in each stacked switch.
Page 243: Status Messages
If the switch is a Commander, use the [Stack Closeup] and [Stack Management] buttons for viewing and using stack features. To access the web-based Help provided for the switch, click on [?] in the web browser screen. Status Messages...
Page 244: Port-Based Virtual Lans (Static Vlans)
VLANs configuring dynamic VLANs A VLAN is a group of ports designated by the switch as belonging to the same broadcast domain. (That is, all ports carrying traffic for a particular subnet address would normally belong to the same VLAN.)
Page 245 An external router is required to enable separate VLANs on a switch to communicate with each other. For example, referring to figure 9-39, if ports 1 through 4 belong to VLAN_1...
Page 246 Figure 9-40. Example of Overlapping VLANs Using the Same Server Similarly, using 802.1Q-compliant switches, you can connect multiple VLANs through a single switch-to-switch link. Figure 9-41. Example of Connecting Multiple VLANs Through the Same Link Introducing Tagged VLAN Technology into Networks Running Legacy (Untagged) VLANs.
Page 247: Overview Of Using Vlans
VLANs and moving ports from the default VLAN to the new VLANs. (The switch supports up to 30 VLANs.) You can change the name of the default VLAN, but you cannot change the default VLAN’s VID (which is always “1”).
Page 248: Per-Port Static Vlan Configuration Options
Port-Based Virtual LANs (Static VLANs) DHCP or Bootp on different VLANs do not result in conflicting configuration values for the switch. The primary VLAN is the VLAN the switch uses to run and manage these features and data. In the factory-default configuration, the switch designates the default VLAN (DEFAULT_VLAN) as the primary VLAN.
Page 249 Untagged Allows VLAN connection to a device that is configured for an untagged VLAN instead of a tagged VLAN. The switch allows no more than one untagged VLAN assignment per port. : Appears when the switch is not GVRP-enabled; prevents the port from - or - joining that VLAN.
Page 250: General Steps For Using Vlans
Any ports not specifically assigned to another VLAN will remain assigned to the DEFAULT_VLAN. To delete a VLAN from the switch, you must first remove from that VLAN any ports assigned to it. Changing the number of VLANs supported on the switch requires a reboot.
Page 251: Menu: Configuring Vlan Parameters
29 additional static VLANs by adding new VLAN names, and then assigning one or more ports to each VLAN. (The switch accepts a maximum of 30 VLANs, including the default VLAN and any dynamic VLANs the switch creates if you enable GVRP—page 9-77.) Note that each port can be assigned to multiple...
Page 252 If you need more VLANs later, you can increase this number, but a switch reboot will be required at that time. Press [Enter] and then [S] to save the VLAN support configuration and return to the VLAN Menu screen.
Page 253: Adding Or Editing Vlan Names
Type in a VID (VLAN ID number). This can be any number from 2 to 4095 that is not already being used by another VLAN. Remember that a VLAN must have the same VID in every switch in which you configure that same VLAN. (You can use GVRP to dynamically extend VLANs with correct VID numbering to other switches.
Page 254: Adding Or Changing A Vlan Port Assignment
(Ports not specifically assigned to a VLAN are automat- ically in the default VLAN.) From the Main Menu select: 2. Switch Configuration 8. VLAN Menu . . . You will then see a VLAN Port Assignment screen similar to the following:...
Page 255 Untagged, or Forbid). N o t e For GVRP Operation: If you enable GVRP on the switch, “No” converts to “Auto”, which allows the VLAN to dynamically join an advertised VLAN that has the same VID. See “Per-Port Options for Dynamic VLAN Advertising and Joining”...
Page 256: Cli: Configuring Vlan Parameters
Return to the Main menu. CLI: Configuring VLAN Parameters In the factory default state, all ports on the switch belong to the default VLAN (DEFAULT_VLAN) and are in the same broadcast/multicast domain. (The default VLAN is also the default primary VLAN—see “Which VLAN Is Pri- mary?”...
Page 257 9-67 (Available if GVRP enabled.) Displaying the Switch’s VLAN Configuration. The next command lists the VLANs currently running in the switch, with VID, VLAN name, and VLAN status. Dynamic VLANs appear only if the switch is running with GVRP enabled and one or more ports has dynamically joined an advertised VLAN.
Page 258 Figure 9-51. Example of “Show VLAN” for a Specific Static VLAN Show VLAN lists this data when GVRP is enabled and at least one port on the switch has dynamically joined the designated VLAN. Figure 9-52. Example of “Show VLAN” for a Specific Dynamic VLAN 9-64 show vlan <vlan-id>...
Page 259 Changing the Number of VLANs Allowed on the Switch. By default, the switch allows a maximum of 8 VLANs. You can specify any value from 1 to 30. (If GVRP is enabled, this setting includes any dynamic VLANs on the switch.) As part of implementing a new value, you must execute a write...
Page 260 VLAN with that VID does not already exist, and places you in that VLAN’s context level. If you do not use the name option, the switch uses “VLAN” and the new VID to automatically name the VLAN. If the VLAN already exists, the switch places you in the context level for that VLAN.
Page 261 VLAN in the same way that you would for any static VLAN. Syntax: If you need a VID reference, use show vlan to list the switch’s currently existing VLANs. For example, suppose a dynamic VLAN with a VID of 125 exists on the switch.
Page 262: Web: Viewing And Configuring Vlan Parameters
In the web browser interface you can do the following: Add VLANs Rename VLANs Remove VLANs Configure GVRP security Select a new Primary VLAN 9-68 operation. Note that Auto is the default per-port setting for a static VLAN if GVRP is runing on the switch.
Page 263: Vlan Tagging Information
(VLAN ID, or VID) assigned to a VLAN at the time that you configure the VLAN name in the switch. In the Series 2500 switches the tag can be any number from 1 to 4095 that is not already assigned to a VLAN.
Page 264 Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Figure 9-54. Example of Tagged and Untagged VLAN Port Assignments In switch X: • VLANs assigned to ports X1 - X6 can all be untagged because there is only one VLAN assignment per port. Red VLAN traffic will go out only the Red ports;...
Page 265 VLAN must be given the same VID in every device in which it is configured. That is, if the Red VLAN has a VID of 10 in switch X, then 10 must also be used for the Red VID in switch Y.
Page 266 VLAN assigned per port. Port X1 has multiple VLANs assigned, which means that one VLAN assigned to this port can be untagged and any others must be tagged. The same applies to ports X2, Y1, and Y5. Switch X Port Red VLAN...
Page 267: Effect Of Vlans On Other Switch Features
9-110. Note that STP operates differently in different devices. For example, in the (non-802.1Q) HP Switch 2000 and the HP Switch 800T, STP operates on a per- VLAN basis, allowing redundant physical links as long as they are in separate VLANs.
Page 268: Vlan Mac Addresses
Port-Based Virtual LANs (Static VLANs) VLAN MAC Addresses The switch has one unique MAC address for each of its VLAN interfaces. You can send an 802.2 test packet to this MAC address to verify connectivity to the switch. Likewise, you can assign an IP address to the VLAN interface, and when you Ping that address, ARP will resolve the IP address to this MAC address.
Page 269: Vlan Restrictions
DECnet Currently, the problem of duplicate MAC addresses in IPX and IP Host- Only environments is addressed through the HP router OS version described under “HP Router Requirements” on page 9-76. However, for XNS and DECnet environments, a satisfactory solution is not available from any vendor at this time.
Page 270: Symptoms Of Duplicate Mac Addresses In Vlan Environments
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) HP Router Requirements. Use the Hewlett-Packard version A.09.70 (or later) router OS release if any of the following Hewlett-Packard routers are installed in networks in which you will be using VLANs: HP Router 440 (formerly Router ER)
Page 271: Gvrp
VLANs. In this manual, a GVRP BPDU is termed an advertisement. GVRP enables the Switch 2512/2524 to dynamically create 802.1Q-compliant VLANs on links with other devices running GVRP. This enables the switch to automatically create VLAN links between GVRP-aware devices. (A GVRP link can include intermediate devices that are not GVRP-aware.) This operation...
Page 272: General Operation
N o t e There must be one common VLAN (that is, one common VID) connecting all of the GVRP-aware devices in the network to carry GVRP packets. HP recom- mends the default VLAN (DEFAULT_VLAN; VID = 1), which is automatically enabled and configured as untagged on every port of the Series 2500 switches).
Page 273 Note that if a static VLAN is configured on at least one port of a switch, and that port has established a link with another device, then all other ports of that switch will send advertisements for that VLAN. For example, in the following figure, Tagged VLAN ports on switch “A” and switch “C”, below advertise VLANs 22 and 33 to ports on other GVRP-enabled...
Page 274: Per-Port Options For Handling Gvrp "Unknown Vlans
“C” does not have this VLAN statically configured, VLAN 22 is handled as an “Unknown VLAN” on port 5 in switch “C”. Con- versely, if VLAN 22 was statically configured on switch C, but port 5 was not a member, port 5 would become a member when advertisements for VLAN 22 were received from switch “A”.
Page 275 Prevents the port from dynamically joining a VLAN that is not statically configured on the switch. The port will still forward advertisements that were received by the switch on other ports. Block should typically be used on ports in unsecure networks, where there is exposure to “attacks”, such as ports where intruders can connect.
Page 276: Per-Port Options For Dynamic Vlan Advertising And Joining
Each port of a Series 2500 switch must be a Tagged or Untagged member of at least one VLAN. Thus, any port configured for GVRP to Learn or Block will generate and forward advertisements for the static VLAN(s) for which it has been configured as Tagged or Untagged .
Page 277: Gvrp And Vlan Access Control
Because dynamic VLANs operate as Tagged VLANs, and because a tagged port on one device cannot communicate with an untagged port on another device, HP recommends that you use Tagged VLANs for the static VLANs you will use to generate advertisements.
Page 278: Planning For Gvrp Operation
“Unknown VLAN” parameter (Learn, Block, or Disable) for each port. Configure the static VLANs on the switch(es) where they are needed, along with the per-VLAN parameters (Tagged, Untagged, Auto, and Forbid— see table 9-9 on page 9-82) on the appropriate ports.
Page 279 2. Switch Configuration . . . 8. VLAN Menu . . . Figure 9-60. The VLAN Support Screen (Default Configuration) Do the following to enable GVRP and display the Unknown VLAN fields: Press [E] (for Edit). b. Use [ v] to move the cursor to the GVRP Enabled field.
Page 280: Cli: Viewing And Configuring Gvrp
Displaying the Switch’s Current GVRP Configuration. This command shows whether GVRP is disabled, along with the current settings for the maximum number of VLANs and the current Primary VLAN. (For more on the last two parameters, see “Port-Based Virtual LANs (Static VLANs)” on page 9-50.)
Page 281 This example disables GVRP operation on the switch: Enabling and Disabling GVRP On Individual Ports. When GVRP is enabled on the switch, use the unknown-vlans command to change the Unknown VLAN field for one or more ports. You can use this command at either the Manager level or the interface context level for the desired port(s).
Page 282 VLANs present in the switch. Syntax: For example, in the following illustration, switch “A” has one static VLAN (the default VLAN), with GVRP enabled and port 1 configured to Learn for Unknown VLANs. Switch “B” has GVRP enabled and has three static VLANs: the default VLAN, VLAN-222, and VLAN-333.
Page 283: Web: Viewing And Configuring Gvrp
VLAN configuration. Within the same broadcast domain, a dynamic VLAN can pass through a device that is not GVRP-aware. This is because a hub or a switch that is not GVRP-ware will flood the GVRP (multicast) advertisement packets out all ports.
Page 284 Configuring Advanced Features GVRP By receiving advertisements from other devices running GVRP, the switch learns of static VLANs on those other devices and dynamically (automat- ically) creates tagged VLANs on the links to the advertising devices. Similarly, the switch advertises its static VLANs to other GVRP-aware devices.
Page 285: Multimedia Traffic Control With Ip Multicast (Igmp)
IGMP (Internet Group Management Proto- col controls). In the factory default state (IGMP disabled), the switch forwards all IGMP traffic to all ports, which can cause unnecessary bandwidth usage on ports not belonging to multicast groups.
Page 286: Igmp Operating Features
VLAN) context. IGMP requires an IP address and subnet mask for any VLAN used for IGMP traffic. If the switch relies on DHCP or Bootp to acquire an IP address, ensure that an IP addressing has been assigned to the appropriate VLANs by using Address Information”...
Page 287: Cli: Configuring And Displaying Igmp
Querier: In the default state (enabled), eliminates the need for a multicast router. In most cases, HP recommends that you leave this parameter in the default “enabled” state even if you have a multicast router performing the querier function in your multicast group.
Page 288 Multimedia Traffic Control with IP Multicast (IGMP) Viewing the Current IGMP Configuration. This command lists the IGMP configuration for all VLANs configured on the switch or for a specific VLAN. Syntax: (For IGMP operating status, see “Internet Group Management Protocol (IGMP) Status”...
Page 289 N o t e If you disable IGMP on a VLAN and then later re-enable IGMP on that VLAN, the switch restores the last-saved IGMP configuration for that VLAN. For more on how switch memory operates, see appendic C, “Switch Memory and Configuration”.
Page 290 VLAN context to specify how each port should handle IGMP traffic. Syntax: Default: For example, suppose you wanted to configure IGMP as follows for VLAN 1 on the 10/100 ports on the Switch 2512: Ports 1-7 Port 8 Ports 9-12...
Page 291: Web: Enabling Or Disabling Igmp
Default: Web: Enabling or Disabling IGMP In the web browser interface you can enable or disable IGMP on a per-VLAN basis. To configure other IGMP features, telnet to the switch console and use the CLI. To Enable or Disable IGMP Click on the Configuration tab.
Page 292: Role Of The Switch
The following example illustrates this operation. Figure 9-67 on page 9-99 shows a network running IGMP. PCs 1 and 4, switch 2, and all of the routers are members of an IP multicast group. (The routers operate as queriers.) 9-98 querier feature enabled.) A set...
Page 293 Thus, it is sending large amounts of unwanted multicast traffic out the ports to PCs 2 and 3. Switch 2 is recognizing IGMP traffic and learns that PC 4 is in the IP multicast group receiving multicast data from the video server (PC X).
Page 294 Running Here Figure 9-68. Isolating IP Multicast Traffic in a Network In the above figure, the multicast group traffic does not go to switch 1 and beyond because either the port on switch 3 that connects to switch 1 has been configured as blocked or there are no hosts connected to switch 1 or switch 2 that belong to the multicast group.
Page 295: Number Of Ip Multicast Addresses Allowed
Number of IP Multicast Addresses Allowed Multicast filters and IGMP filters (addresses) together can total up to 255 in the switch. If multiple VLANs are configured, then each filter is counted once per VLAN in which it is used. Interaction with Multicast Traffic/Security Filters.
Page 296: Spanning Tree Protocol (Stp)
N o t e You should enable STP in any switch that is part of a redundant physical link (loop topology). (It is recommended that you enable STP on all switches belonging to a loop topology.) This topic is covered in more detail under “How STP Operates”...
Page 297: Menu: Configuring Stp
STP was disabled. C a u t i o n Because the switch automatically gives faster links a higher priority, the default STP parameter settings are usually adequate for spanning tree operation. Also because incorrect STP settings can adversely affect network performance, you should not make changes unless you have a strong under- standing of how STP operates.
Page 298 Configuring Advanced Features Spanning Tree Protocol (STP) Read-Only Fields Figure 9-69. Example of the STP Configuration Screen If the remaining STP parameter settings are adequate for your network, go to step 8. Use [Tab] or the arrow keys to select the next parameter you want to change, then type in the new value or press the Space Bar to select a value.
Page 299: Cli: Configuring Stp
See “Spanning Tree Protocol (STP) Information” on page 10-15 Viewing the Current STP Configuration. Regardless of whether STP is disabled (the default), this command lists the switch’s full STP configuration, including general settings and port settings. show spanning-tree configuration...
Page 300 C a u t i o n Because incorrect STP settings can adversely affect network performance, HP recommends that you use the default STP parameter settings. You should not change these settings unless you have a strong understanding of how STP operates.
Page 301 STP (if not already enabled) and configures the following per-port parameters: Table 9-11.Per-Port STP Parameters Name Default Range path-cost Ethernet: 100 1 - 65535 Assigns an individual port cost that the switch uses 10/100Tx: 100 Fx: Gigabit: priority 0 - 255 mode...
Page 302: Web: Enabling Or Disabling Stp
5 and 6 to a path cost of Web: Enabling or Disabling STP In the web browser interface you can enable or disable STP on the switch. To configure other STP features, telnet to the switch console and use the CLI.
Page 303: Stp Fast Mode
(Forwarding or Blocking, as determined by the STP negotiation). This sequence takes two times the forward delay value configured for the switch. The default is 15 seconds on HP switches, per the IEEE 802.1D standard recommendation, resulting in a total STP negotiation time of 30 seconds. Each switch port goes through this start-up sequence whenever the network con- nection is established on the port.
Page 304: Stp Operation With 802.1Q Vlans
VLANs, spanning tree will block all but one of those links. However, if you need to use STP on the Switch 2512 or Switch 2524 in a VLAN environment with redundant physical links, you can prevent blocked redundant links by using a port trunk.
Page 305 Problem: STP enabled with 2 separate (non-trunked) links blocks a VLAN link. Nodes 1 and 2 cannot communicate because STP is blocking the link. Figure 9-72. Example of Using a Trunked Link with STP and VLANs For more information, refer to “Spanning Tree Protocol Operation with VLANs”...
Page 306 Configuring Advanced Features Spanning Tree Protocol (STP) 9-112...
Page 307: Chapter Contents
CLI Access ..........10-5 Switch Management Address Information ..... . 10-6 Menu Access .
Page 308: Overview
Counters: Display details of traffic volume on individual ports. Event Log: Lists switch operating events. Alert Log: Lists network occurrences detected by the switch (in the Status | Overview screen of the web browser interface). Configurable trap receivers: Uses SNMP to enable management sta- tions on your network to receive SNMP traps from the switch.
Page 309: Status And Counters Data
N o t e You can access all console screens from the web browser interface via Telnet to the console. Telnet access to the switch is available in the Device View window under the Configuration tab. Status or Counters Type...
Page 310: Menu Access To Status And Counters
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access To Status and Counters Beginning at the Main Menu, display the Status and Counters menu by select- ing: 1. Status and Counters Figure 10-1. The Status and Counters Menu Each of the above menu items accesses the read-only screens described on the following pages.
Page 311: General System Information
From the console Main Menu, select: 1. Status and Counters 1. General System Information Figure 10-2. Example of General Switch Information This screen dynamically indicates how individual switch resources are being used. See the online Help for details. CLI Access show system-information...
Page 312: Switch Management Address Information
Figure 10-3. Example of Management Address Information with VLANs Configured This screen displays addresses that are important for management of the switch. If multiple VLANs are not configured, this screen displays a single IP address for the entire switch. See the online Help for details.
Page 313: Port Status
1. Status and Counters . . .3. Port Status Figure 10-4. Example of Port Status on the Menu Interface CLI Access show interfaces Syntax: Web Access Click on the Status tab. Click on [Port Status]. Monitoring and Analyzing Switch Operation Status and Counters Data 10-7...
Page 314: Viewing Port And Trunk Group Statistics
These features enable you to determine the traffic patterns for each port since the last reboot or reset of the switch. You can display: A general report of traffic on all LAN ports and trunk groups in the switch A detailed summary of traffic on a selected port or trunk group.
Page 315: Menu Access To Port And Trunk Statistics
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to Port and Trunk Statistics To access this screen from the Main Menu, select: 1. Status and Counters . . . 4. Port Counters Figure 10-5. Example of Port Counters on the Menu Interface To view details about the traffic on a particular port, use the [ v] key to highlight that port number, then select Show Details.
Page 316: Cli Access To Port And Trunk Group Statistics
CLI Access To Port and Trunk Group Statistics To Display the Port Counter Summary Report. This command provides an overview of port activity for all ports on the switch. Syntax: To Display a Detailed Traffic Summary for a Specific Port. This com- mand provides traffic details for the port you specify.
Page 317: Viewing The Switch's Mac Address Tables
VLAN searching for a MAC address These features help you to view: The MAC addresses that the switch has learned from network devices attached to the switch The port on which each MAC address was learned Monitoring and Analyzing Switch Operation...
Page 318: Menu Access To The Mac Address Views And Searches
Menu Access to the MAC Address Views and Searches Switch-Level MAC-Address Viewing and Searching. This feature lets you determine which switch port is being used to communicate with a specific device on the network. The listing includes: The MAC addresses that the switch has learned from network devices...
Page 319 Type the MAC address you want to locate and press [Enter]. The address and port number are highlighted if found. If the switch does not find the address, it leaves the MAC address listing empty. Located MAC Address and Corresponding Port Number Figure 10-8.
Page 320: Cli Access For Mac Address Views And Searches
Status and Counters Data Type the MAC address you want to locate and press [Enter]. The address is highlighted if found. If the switch does not find the address, it leaves the MAC address listing empty. CLI Access for MAC Address Views and Searches...
Page 321: Spanning Tree Protocol (Stp) Information
1. Status and Counters . . . 7. Spanning Tree Information STP must be enabled on the switch to display the following data: Figure 10-10.Example of Spanning Tree Information Use this screen to determine current switch-level STP parameter settings and statistics.
Page 322: Cli Access To Stp Data
Monitoring and Analyzing Switch Operation Status and Counters Data Figure 10-11.Example of STP Port Information CLI Access to STP Data This option lists the STP configuration, root data, and per-port data (cost, priority, state, and designated bridge). Syntax: 10-16 show spanning-tree...
Page 323: Internet Group Management Protocol (Igmp) Status
Internet Group Management Protocol (IGMP) Status The switch uses the CLI to display the following IGMP status on a per-VLAN basis: Show Command Output show ip igmp Global command listing IGMP status for all VLANs configured in the switch: • VLAN ID (VID) and name •...
Page 324: Vlan Information
1, 2 3, 4 The next three figures show how you could list data on the above VLANs. Listing the VLAN ID (VID) and Status for ALL VLANs in the Switch. Figure 10-13.Example of VLAN Listing for the Entire Switch 10-18...
Page 325 Listing the VLAN ID (VID) and Status for Specific Ports. Because ports 1 and 2 are not members of VLAN-44, it does not appear in this listing. Figure 10-14.Example of VLAN Listing for Specific Ports Listing Individual VLAN Status. Monitoring and Analyzing Switch Operation Status and Counters Data 10-19...
Page 326: Web Browser Interface Status Information
Alert Log, which informs you of any problems that may have occurred on the switch. For more information on this screen, see chapter 4, “Using the HP Web Browser Interface”. Port...
Page 327: Port Monitoring Features
You can designate a port for monitoring traffic of one or more other ports or of a single VLAN configured on the switch. The switch monitors the network activity by copying all traffic from the specified monitoring sources (ports or VLAN) to the designated monitoring port, to which a network analyzer can be attached.
Page 328: Menu: Configuring Port Monitoring
Monitoring and Analyzing Switch Operation Port Monitoring Features Menu: Configuring Port Monitoring This procedure describes configuring the switch for monitoring when moni- toring is disabled. (If monitoring has already been enabled, the screens will appear differently than shown in this procedure.) From the Console Main Menu, Select: 2.
Page 329 Press the downarrow keyto move to the VLAN parameter (figure 10-18 on page page 10-24). iii. Press the Space bar again to select the VLAN that you want to monitor. Monitoring and Analyzing Switch Operation Port Monitoring Features Move the cursor to the Monitoring Port parameter.
Page 330: Cli: Configuring Port Monitoring
Syntax: For example, if you assign port 12 as the monitoring port and configure the switch to monitor ports 1 - 3, show mirror-port displays the following: 10-24 exit from the screen.
Page 331 For example, with a monitoring (mirror) port configured (above), you could select ports 1 and 2 for monitoring: Figure 10-20.Examples of Selecting Ports and VLANs as Monitoring Sources Monitoring and Analyzing Switch Operation Port Monitoring Features Port receiving monitored traffic.
Page 332: Web: Configuring Port Monitoring
Monitoring and Analyzing Switch Operation Port Monitoring Features Figure 10-21.Examples of Removing Ports and VLANs as Monitoring Sources Web: Configuring Port Monitoring To enable port monitoring: Click on the Configuration tab. Click on [Monitor Port]. Do either of the following: •...
Page 333 Troubleshooting Chapter Contents Overview ........... . 11-2 Troubleshooting Approaches .
Page 334: Overview
Overview This chapter addresses performance-related network problems that can be caused by topology, switch configuration, and the effects of other devices or their configurations on switch operation. (For switch-specific information on hardware problems indicated by LED behavior, cabling requirements, and other potential hardware-related problems, refer to the installation guide you received with the switch.)
Page 335: Troubleshooting Approaches
Installation Guide shipped with the switch for correct cable types and connector pin-outs. Use HP TopTools for Hubs & Switches (if installed on your network) to help isolate problems and recommend solutions. HP TopTools is shipped at no extra cost with the switch.
Page 336: Browser Or Console Access Problems
DHCP/Bootp server configuration to verify correct IP addressing. If you are using DHCP to acquire the IP address for the switch, the IP address “lease time” may have expired so that the IP address has changed. For more information on how to “reserve” an IP address, refer to the documentation for the DHCP application that you are using.
Page 337 Note: If DHCP/Bootp is used to configure the switch, see the Note, above. If you are using DHCP to acquire the IP address for the switch, the IP address “lease time” may have expired so that the IP address has changed.
Page 338: Unusual Network Activity
Unusual network activity is usually indicated by the LEDs on the front of the switch or measured with the switch console interface or with a network management tool such as the HP TopTools for Hubs & Switches. Refer to the Installation Guide you received with the switch for information on using LEDs to identify unusual network activity.
Page 339: Igmp-Related Problems
Filter Traffic. The IGMP feature does not operate if the switch or VLAN does not have an IP address configured manually or obtained through DHCP/Bootp. To verify whether an IP address is configured for the switch or VLAN, do either of the following: Try Using the Web Browser Interface: If you can access the web browser interface, then an IP address is configured.
Page 340: Problems Related To Spanning-Tree Protocol (Stp)
STP Blocks a Link in a VLAN Even Though There Are No Redundant Links in that VLAN. In 802.1Q-compliant switches such as the Switch 2512 and Switch 2524, STP blocks redundant physical links even if they are in separate VLANs. A solution is to use only one, multiple-VLAN (tagged) link between the devices.
Page 341: Vlan-Related Problems
“Tagged” or “Untagged”. A VLAN assigned to a port connecting two 802.1Q- compliant devices must be configured the same on both ports. For example, VLAN_1 and VLAN_2 use the same link between switch “X” and switch “Y”. Link supporting VLAN_1 and VLAN_2 Switch “X”...
Page 342 Similarly, if VLAN_2 (VID=2) is configured as “Tagged on the link port on switch “A”, then it must also be configured as “Tagged” on the link port on switch “B”. Make sure that the VLAN ID (VID) is the same on both switches.
Page 343: Using The Event Log To Identify Problem Sources
The event log window contains 14 log entry lines and can be positioned to any location in the log. The event log will be erased if power to the switch is interrupted. (The event log is not erased by using the Reboot Switch command in the Main Menu.) Troubleshooting...
Page 344: Menu: Entering And Navigating In The Event Log
Troubleshooting Using the Event Log To Identify Problem Sources Table 11-1. Event Log System Modules Module Event Description addrMgr Address table chassis switch hardware bootp bootp addressing console Console interface dhcp DHCP addressing download file transfer Find, Fix, and Inform) -- available in the...
Page 345: Cli
Display Help for the event log. CLI: Using the CLI, you can list Events recorded since the last boot of the switch All events recorded Event entries containing a specific keyword, either since the last boot or all events recorded Syntax: show logging [-a] [<search-text>]...
Page 346: Diagnostic Tools
To respond to a Ping test or a Link test, the device you are trying to reach must be IEEE 802.3-compliant. Ping Test. This is a test of the path between the switch and another device on the same or another IP network that can respond to IP packets (ICMP Echo Requests).
Page 347: Web: Executing Ping Or Link Tests
Destination IP/MAC Address is the network address of the target, or destination, device to which you want to test a connection with the switch. An IP address is in the X.X.X.X format where X is a decimal number between 0 and 255. A MAC address is made up of 12 hexadecimal digits, for example, 0060b0-080400.
Page 348: Cli: Ping Or Link Tests
Troubleshooting Diagnostic Tools Number of Packets to Send is the number of times you want the switch to attempt to test a connection. Timeout in Seconds is the number of seconds to allow per attempt to test a connection before determining that the current attempt has failed.
Page 349 Link Tests. You can issue single or multiple link tests with varying repititions and timeout periods. The defaults are: Repetitions: 1 (1 - 9999) Timeout: 5 seconds (1 - 256 seconds) link <mac-address> [repetitions <1 - 999>] [timeout <1 - 256>] Syntax: Basic Link Test Link Test with...
Page 350: Displaying The Configuration File
Diagnostic Tools Displaying the Configuration File The complete switch configuration is contained in a file that you can browse from either the web browser interface or the CLI. It may be useful in some troubleshooting scenarios to view the switch configuration.
Page 351: Cli Administrative And Troubleshooting Commands
CLI Administrative and Troubleshooting Commands These commands provide information or perform actions that you may find helpful in troubleshooting operating problems with the switch. N o t e For more on the CLI, refer to chapter 3, "Using the Command Line Reference (CLI).
Page 352: Restoring The Factory-Default Configuration
Clear/Reset button combination N o t e HP recommends that you save your configuration to a TFTP server before resetting the switch to its factory-default configuration. You can also save your configuration via Xmodem, to a directly connected PC.
Page 353: Configuration File
Troubleshooting TFTP Downloads ....... . A-9 Transferring Switch Configurations ....... A-10...
Page 354: Overview
(OS) code to the switch: The TFTP feature (Download OS) command in the Main Menu of the switch console interface (page A-3) HP’s SNMP Download Manager included in HP TopTools for Hubs & Switches A switch-to-switch file transfer Xmodem transfer method N o t e Downloading a new OS does not change the current switch configuration.
Page 355: Using Tftp To Download The Os File From A Server
This procedure assumes that: An OS file for the switch has been stored on a TFTP server accessible to the switch. (The OS file is typically available from HP’s electronic ser- vices—see the support and warranty booklet shipped with the switch.) The switch is properly connected to your network and has already been configured with a compatible IP address and subnet mask.
Page 356: Menu: Tftp Download From A Server
Transferring an Operating System or Startup Configuration File Downloading an Operating System (OS) Menu: TFTP Download from a Server In the console Main Menu, select Download OS to display this screen: Figure A-15. Example of the Download OS Screen (Default Values) Press [E] (for Edit).
Page 357: Cli: Tftp Download From A Server
When the switch finishes downloading the OS file from the server, it displays this progress message: Validating and Writing System Software to FLASH . . . After the switch reboots, it displays the CLI or Main Menu, depending on the Logon Default setting last configured in the menu’s Switch Setup screen.
Page 358: Using The Snmp-Based Software Update Utility
HP TopTools for Hubs & Switches includes a software update utility for updating on HP ProCurve switch products such as the Series 2500 switches. For further information, refer to the HP TopTools for Hubs & Switches User Guide, provided electronically with the HP TopTools software.
Page 359: Cli: Switch-To-Switch Download
CLI: Switch-To-Switch Download Syntax: copy tftp flash <ip-addr> flash For example, to download an OS file from a Switch 2512 with an IP address of 10.28.227.103: Running Total of Bytes Downloaded Figure 8-17.Switch-To-Switch OS Download Using the CLI Using Xmodem to Download the OS File From a PC...
Page 360: Cli: Xmodem Download From A Pc Or Unix Workstation
Downloading an Operating System (OS) The download can take several minutes, depending on the baud rate used for the transfer. When the download finishes, the switch automatically reboots itself and begins running the new OS version. To confirm that the operating system downloaded correctly: From the Main Menu, select 1.
Page 361: Troubleshooting Tftp Downloads
Figure A-18. Example of Message for Download Failure To find more information on the cause of a download failure, examine the messages in the switch’s Event Log by executing this CLI command: (For more on the Event Log, see “Using the Event Log To Identify Problem Sources”...
Page 362: Transferring Switch Configurations
N o t e If an error occurs in which normal switch operation cannot be restored, the switch automatically reboots itself. In this case, an appropriate message is displayed in the copyright screen that appears after the switch reboots.
Page 363 13.28.227.105: Xmodem: Copying a Configuration from the Switch to a Serially Connected PC or Unix Workstation. To use this method, the switch must be connected via the serial port to a PC or Unix workstation to which you want to copy the configuration file.
Page 364 Transferring Switch Configurations Xmodem: Copying a Configuration from a Serially Connected PC or Unix Workstation. To use this method, the switch must be connected via the serial port to a PC or Unix workstation on which is stored the configuration file you want to copy.
Page 365: Appendix B Contents
Determining MAC Addresses ........B-2 Menu: Viewing the Switch’s MAC Addresses ..... B-3 CLI: Viewing the Port and VLAN MAC Addresses .
Page 366: Determining Mac Addresses
VLAN you have configured on the switch. N o t e The switch’s base MAC address is used for the default VLAN (VID = 1) that is always available on the switch. Use the CLI to view the switch’s port MAC addresses in hexadecimal format.
Page 367: Menu: Viewing The Switch's Mac Addresses
Base switch (default VLAN; VID = 1) Any additional VLANs configured on the switch. Also, the Base MAC address appears on a label on the back of the switch. N o t e The Base MAC address is used by the first (default) VLAN in the switch. This is usually the VLAN named “DEFAULT_VLAN”...
Page 368: Cli: Viewing The Port And Vlan Mac Addresses
This procedure displays the MAC addresses for all ports and existing VLANs in the switch, regardless of which VLAN you select. If the switch is at the CLI Operator level, use the enable command to enter the Manager level of the CLI.
Page 369: Appendix Contents
Switch Memory and Configuration Appendix Contents Appendix Contents ......... . . C-1 Overview .
Page 370: Overview
Running Config File: Exists in volatile memory and controls switch operation. If no configuration changes have been made in the CLI since the switch was last booted, the running-config file is identical to the startup-config file. Startup-config File: Exists in flash (non-volatile) memory and is used to preserve the most recently-saved configuration as the "permanent"...
Page 371 5: The above command disables port 5 in the running-config file, but not in the startup-config file. Port 5 remains disabled only until the switch reboots. If you want port 5 to remain disabled through the next reboot, use to save the current running-config file to the startup-config file in flash memory.
Page 372: Using The Cli To Implement Configuration Changes
How To Use the CLI To Reconfigure Switch Features. Use this proce- dure to permanently change the switch configuration (that is, to enter a change in the startup-config file). Use the appropriate CLI commands to reconfigure the desired switch parameters.
Page 373 Syntax: For example, the default port mode setting is uses Cat 3 wiring and you want to connect the switch to another autosensing device capable of 100 Mbps operation. Because 100 Mbps over Cat 3 wiring can introduce transmission problems, the recommended port mode is which allows the port to negotiate full- or half-duplex, but restricts speed to 10 Mbps.
Page 374 If you use the CLI to make a change to the running-config file, you must use write memory is, if you use the CLI to change a parameter setting, but then reboot the switch from either the CLI or the menu interface without first executing the...
Page 375: Using The Menu And Web Browser Interfaces To Implement Configuration Changes
Syntax: For example: Press [Y] to replace the current configuration with the factory default config- uration and reboot the switch. Press [N] to retain the current configuration and prevent a reboot. Using the Menu and Web Browser Interfaces To Implement Configuration...
Page 376 (even if you execute a Save operation in the menu interface). If you then execute a switch reboot command in the menu inter- face, the switch discards the configuration changes made while using the CLI.
Page 377: Rebooting From The Menu Interface
To Reboot the switch, use the Reboot Switch option in the Main Menu. (Note that the Reboot Switch option is not available if you log on in Operator mode; that is, if you enter an Operator password instead of a manager password at the password prompt.)
Page 378: Using The Web Browser Interface To Implement Configuration Changes
Configuration Changes You can use the web browser interface to simultaneously save and implement a subset of switch configuration changes without having to reboot the switch. That is, when you save a configuration change (in most cases, by clicking on [Apply Changes] or [Apply Settings], you simultaneously change both the running- config file and the startup-config file.
Page 379: D: Daylight Savings Time On Hp Procurve Switches
This information applies to the following HP ProCurve switches: • 2512 • 2524 HP ProCurve switches provide a way to automatically adjust the system clock for Daylight Savings Time (DST) changes. For the following switches, HP ProCurve Switch 212M, 224M, 1600M, 2400M, 2424M, 4000M, and 8000M, the user defines the month and date to begin and end the change from standard time.
Page 380 Daylight Savings Time on HP ProCurve Switches Middle Europe and Portugal: • Begin DST at 2am the first Sunday on or after March 25th. • End DST at 2am the first Sunday on or after September 24th. Southern Hemisphere: •...
Page 381 Before configuring a "User defined" Daylight Time Rule, it is important to understand how the switch treats the entries. The switch knows which dates are Sundays, and uses an algorithm to determine on which date to change the system clock, given the configured "Beginning day" and "Ending day": If the configured day is a Sunday, the time changes at 2am on that day.
Page 383 Index Numerics 802.1Q VLAN standard … 9-102 802.3u auto negotiation standard … 6-3 A.09.70 router release … 9-76 access manager … 8-6 operator … 8-6 access levels, authorized IP managers … 7-31 Actions line … 2-9–2-11 location on screen … 2-9 active path …...
Page 384 … 11-14 DNS name … 4-6 domain … 9-57, 9-62 Domain Name Server … 4-6 download SNMP-based … A-6 switch-to-switch … A-6 troubleshooting … A-9 Xmodem … A-7 download OS … A-6 download, TFTP … A-2–A-4 duplicate IP address effect on authorized IP managers …...
Page 385 HP Router 470 … 9-76 HP Router 480 … 9-76 HP Router 650 … 9-76 HP TopTools See TopTools HP web browser interface … 1-5 ICANN … 5-15 IEEE 802.1d … 9-102, 11-8 IEEE 802.3ab … 6-4 IGMP benefits … 9-91 configuration …...
Page 386 configure per VLAN … 9-92 effect on filters … 9-101 example … 9-98–9-100 filter override … 9-101 high-priority forwarding … 9-92 host not receiving … 11-7 IP address required … 9-92 IP multicast address range … 9-101 leave group … 9-98 maximum address count …...
Page 387 … 2-10 message inconsistent value … 7-19 VLAN already exists … 9-68 MIB … 8-4 MIB listing … 8-3 MIB, HP proprietary … 8-3 MIB, standard … 8-3 Microsoft Internet Explorer … 4-5 mirroring See port monitoring. Monitor parameter … 10-23 monitoring a VLAN …...
Page 388 Address Table screen … 9-76 auto negotiation … 6-4 auto, IGMP … 9-92 auto-negotiation … 6-3 blocked by STP operation … 9-108 blocked, IGMP … 9-92 CLI access … 6-6 context level … 6-8 cost See spanning tree protocol. counters … 10-8 counters, reset …...
Page 389 … 10-15 using with port trunking … 6-15 VLAN effect on … 9-73 stacking benefits … 9-5–9-6 minimum software version, other HP switches … 9-11 primary … 9-48 standard MIB … 8-3 starting a console session … 2-4 static VLAN, convert to … 9-77 statistical sampling …...
Page 390 Unix, Bootp … 5-13 unrestricted write access … 8-6 unusual network activity … 11-6 up time … 10-5 URL … 4-14 browser interface online help location … 4-14 HP ProCurve … 4-14 management … 4-14 management server … 4-13–4-14 support … 4-13–4-14...
Page 391 … 9-75 spanning tree operation … 9-110 stacking, primary VLAN … 9-54 static … 9-50, 9-54, 9-57, 9-62 support enable/disable … 2-8 switch capacity … 9-50 tagged … 9-51 tagging … 9-69, 9-71 tagging broadcast, multicast, and unicast traffic … 11-9 unknown VLAN …...
Page 392 IP managers … 7-35–7-36 IGMP … 9-97 port security … 7-21 STP … 9-108 web server, proxy … 7-29 web site, HP … 8-4 world wide web site, HP See HP ProCurve write access … 8-6 write memory … 9-89 Xmodem OS download …...

This manual is also suitable for:

Procurve 2512 Procurve 2524

HP ProCurve series 2500 Management And Configuration Manual

Preface

1 : Selecting a Management Interface

Chapter Contents

Overview

Understanding Management Interfaces

Advantages of Using the Menu Interface

Advantages of Using the CLI

Advantages of Using the HP Web Browser Interface

Advantages of Using HP Toptools for Hubs & Switches

Using the Menu Interface

Overview

Starting and Ending a Menu Session

Main Menu Features

Screen Structure and Navigation

Rebooting the Switch

Menu Features List

Where to Go from here

Accessing the CLI

Using the CLI

Using the Command Line Interface (CLI)

Overview

CLI Control and Editing

Using the HP Web Browser Interface

Chapter Contents

Overview

General Features

Web Browser Interface Requirements

Starting an HP Web Browser Interface Session with the Switch

Tasks for Your First HP Web Browser Interface Session

Support/Mgmt Urls Feature

Status Reporting Features

Configuring IP Addressing, Interface Access, and System Information

Chapter Contents

Overview

IP Configuration

Interface Access: Console/Serial Link, Web, and Inbound Telnet

And Inbound Telnet

System Information

Optimizing Port Usage through Traffic Control and Port Trunking

Chapter Contents

Overview

Viewing Port Status and Configuring Port Parameters

Port Trunking

7 : Using Passwords, Port Security, and Authorized IP

Managers to Protect against Unauthorized Access

Chapter Contents

Overview

Using Password Security

Configuring and Monitoring Port Security

Using IP Authorized Managers

8 : Configuring for Network Management Applications

Chapter Contents

Overview

SNMP Management Features

Configuring for SNMP Access to the Switch

SNMP Communities

Trap Receivers and Authentication Traps

Advanced Management: RMON and HP Extended RMON Support

RMON Support

9 : Configuring Advanced Features

Chapter Contents

Overview

HP Procurve Stack Management

Port-Based Virtual Lans (Static Vlans)

Gvrp

Multimedia Traffic Control with IP Multicast (IGMP)

Spanning Tree Protocol (STP)

Chapter Contents

10 : Monitoring and Analyzing Switch Operation

Overview

Status and Counters Data

Quick Links

Troubleshooting

Related Manuals for HP HP ProCurve series 2500

Summary of Contents for HP HP ProCurve series 2500