HP ProCurve 4108gl Bundle, Management And Configuration Manual

Page 1: ...hp procurve switch 4108gl management and configuration guide www hp com go hpprocurve ...

Page 2: ......

Page 3: ...HP Procurve Switch 4108GL Management and Configuration Guide Software Release G 01 xx or Later ...

Page 4: ... is a registered trademark of Netscape Corporation Disclaimer The information contained in this document is subject to change without notice HEWLETT PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE Hewlett Packard shall not be liable for errors contained herein or f...

Page 5: ...the online help available for the web browser interface For more information on web browser Help options refer to Online Help for the HP Web Browser Interface on page 4 12 If you need further information on Hewlett Packard switch technology refer to HP s Procurve website at http www hp com go hpprocurve Just Want a Quick Start IP Addressing If you just want to give the switch an IP address so that...

Page 6: ...rve Switch 4108GL Installation and Getting Started Guide shipped with the switch to guide you in the following Physically installing the switch in your network Quickly assigning an IP address and subnet mask set a Manager pass word and optionally configure other basic features ...

Page 7: ...ages of Using the CLI 1 4 Advantages of Using the HP Web Browser Interface 1 5 Advantages of Using HP TopTools for Hubs Switches 1 6 Using the Menu Interface Contents 2 1 Overview 2 2 Starting and Ending a Menu Session 2 3 How To Start a Menu Interface Session 2 4 How To End a Menu Session and Exit from the Console 2 5 Main Menu Features 2 7 Screen Structure and Navigation 2 9 Rebooting the Switch...

Page 8: ...ting an HP Web Browser Interface Session with the Switch 4 5 Using a Standalone Web Browser in a PC or UNIX Workstation 4 5 Using HP TopTools for Hubs Switches 4 6 Tasks for Your First HP Web Browser Interface Session 4 8 Viewing the First Time Install Window 4 8 Creating Usernames and Passwords in the Browser Interface 4 9 Online Help for the HP Web Browser Interface 4 12 Support Mgmt URLs Featur...

Page 9: ...5 11 Displaying the Current Flash Image Data 5 12 OS Downloads 5 14 Local OS Replacement and Removal 5 15 Rebooting the Switch 5 17 Operating Notes 5 19 Interface Access and System Information Chapter Contents 6 1 Overview 6 2 Interface Access Console Serial Link Web and Inbound Telnet 6 3 Menu Modifying the Interface Access 6 4 CLI Modifying the Interface Access 6 5 System Information 6 8 Menu Vi...

Page 10: ...ol or Turning Off Time Protocol Operation 8 3 General Steps for Running a Time Protocol on the Switch 8 3 Disabling Time Synchronization 8 4 SNTP Viewing Selecting and Configuring 8 4 Menu Viewing and Configuring SNTP 8 5 CLI Viewing and Configuring SNTP 8 8 TimeP Viewing Selecting and Configuring 8 13 Menu Viewing and Configuring TimeP 8 14 CLI Viewing and Configuring TimeP 8 16 SNTP Unicast Time...

Page 11: ...ey 9 26 Controlling Web Browser Interface Access When Using TACACS Authentication 9 28 Messages 9 28 Operating Notes 9 29 Troubleshooting TACACS Operation 9 29 Using Authorized IP Managers for Increased Management Security Chapter Contents 10 1 Overview 10 2 Using Authorized IP Managers 10 4 Access Levels 10 5 Defining Authorized Management Stations 10 5 Menu Viewing and Configuring IP Authorized ...

Page 12: ...ion Using LACP 11 25 Trunk Group Operation Using the Trunk Option 11 28 Trunk Operation Using the FEC Option 11 29 How the Switch Lists Trunk Data 11 29 Outbound Traffic Distribution Across Trunked Links 11 30 Configuring for Network Management Applications Chapter Contents 12 1 Overview 12 2 SNMP Management Features 12 2 Configuring for SNMP Access to the Switch 12 4 SNMP Communities 12 5 Trap Re...

Page 13: ...inging Up a Stack 13 10 Using the Menu Interface To View Stack Status and Configure Stacking 13 14 Using the Commander To Manage The Stack 13 18 Monitoring Stack Status 13 27 Using the CLI To View Stack Status and Configure Stacking 13 31 SNMP Community Operation in a Stack 13 45 Using the CLI To Disable or Re Enable Stacking 13 46 Transmission Interval 13 46 Stacking Operation with Multiple VLANs...

Page 14: ... 42 Multimedia Traffic Control with IP Multicast IGMP Chapter Contents 15 1 Overview 15 2 General Operation and Features 15 3 IGMP Terms 15 4 IGMP Operating Features 15 5 CLI Configuring and Displaying IGMP 15 6 Web Enabling or Disabling IGMP 15 10 How IGMP Operates 15 11 Operation With or Without IP Addressing 15 12 Automatic Fast Leave IGMP 15 13 Forced Fast Leave IGMP 15 14 Configuring Per Port...

Page 15: ... and Trunk Group Statistics and Flow Control Status 17 9 Viewing the Switch s MAC Address Tables 17 12 Spanning Tree Protocol STP Information 17 17 Internet Group Management Protocol IGMP Status 17 19 VLAN Information 17 20 Web Browser Interface Status Information 17 22 Port Monitoring Features 17 23 Menu Configuring Port Monitoring 17 24 CLI Configuring Port Monitoring 17 25 Web Configuring Port ...

Page 16: ...tem OS A 2 General OS Download Rules A 2 Using TFTP To Download an OS Image from a Server A 3 UsingXmodemtoDownloadanOSImageFromaPCorUNIXWorkstation A 6 Switch to Switch Download A 9 Using the HP TopTools for Hubs Switches Utility A 11 Troubleshooting TFTP Downloads A 12 Transferring Switch Configurations A 13 Copying Diagnostic Data to a Remote Host PC or Unix Workstation A 16 MAC Address Managem...

Page 17: ...ment Interface Contents Overview 1 2 Understanding Management Interfaces 1 2 Advantages of Using the Menu Interface 1 3 Advantages of Using the CLI 1 4 Advantages of Using the HP Web Browser Interface 1 5 Advantages of Using HP TopTools for Hubs Switches 1 6 ...

Page 18: ... status information and a subset of switch commands through a standard web browser such as Netscape Navigator or Microsoft Internet Explorer page 1 5 HP TopTools for Hubs Switches an easy to use browser based network management tool that works with HP proactive networking features built into managed HP hubs and switches This manual describes how to use the menu interface chapter 2 the CLI chapter ...

Page 19: ...ack of configured or correct IP address and network downtime do not slow or prevent access Enables Telnet in band access to the menu functionality Allows faster navigation avoiding delays that occur with slower display of graphical objects over a web browser interface Provides more security configuration information and passwords are not seen on the network IP addressing VLANs and GVRP Port Securi...

Page 20: ...s Provides help at each level for determining available options and vari ables CLI Usage For information on how to use the CLI refer to chapter 3 Using the Command Line Interface CLI To perform specific procedures such as configuring IP addressing or VLANs use the Contents listing at the front of the manual to locate the information you need To monitor and analyze switch operation see chapter XXXX...

Page 21: ...nterface locations of window objects consistent with commonly used browsers uses mouse clicking for navigation no terminal setup Many features have all their fields in one screen so you can view all values at once More visual cues using colors status bars device icons and other graphical objects instead of relying solely on alphanumeric values Display of acceptable ranges of values available in co...

Page 22: ...k changestoincrease networkuptime andoptimize performance Easy to install and use HP TopTools for Hubs Switches is the answer to your management challenges Figure 1 4 Example of HP TopTools Main Screen HP TopTools for Hubs Switches enables greater control uptime and performance in your network For networked devices Enables fast installation of hubs and switches Enables you to proactively manage yo...

Page 23: ...P and security configuration device configuration report and other device features Enables policy based management through the Quality of Service feature QoS to establish traffic priority policies for controlling and improving throughput across all the HP switches in your network that support this feature For network traffic Watches the network for problems and displays real time information about...

Page 24: ...1 8 Selecting a Management Interface Advantages of Using HP TopTools for Hubs Switches Selecting a Management Interface ...

Page 25: ...2 2 Starting and Ending a Menu Session 2 3 How To Start a Menu Interface Session 2 4 How To End a Menu Session and Exit from the Console 2 5 Main Menu Features 2 7 Screen Structure and Navigation 2 9 Rebooting the Switch 2 12 Menu Features List 2 14 Where To Go From Here 2 15 ...

Page 26: ...h For a detailed list of menu features see the Menu Features List on page 2 14 Privilege Levels and Password Security HP strongly recommends that you configure a Manager password to help prevent unauthorized access to your network A Manager password grantsfull read write accessto the switch An Operator password if configured grants access to status and counter Event Log and the Operator level in t...

Page 27: ...u Interface and the CLI Command Line Interface both use the switch console To enter the menu from the CLI use the menu command To enter the CLI from the Menu interface select Command Line CLI option Starting and Ending a Menu Session You can access the menu interface using any of the following A direct serial connection to the switch s console port as described in the installation guide you receiv...

Page 28: ... following If you are using Telnet go to step 3 If you are using a PC terminal emulator or a terminal press Enter one or more times until a prompt appears 3 When the switch screen appears do one of the following If a password has been configured the password prompt appears Password _ Type the Manager password and press Enter Entering the Manager password gives you manager level access to the switc...

Page 29: ...rameter to Menu For more infor mation see the Installation and Getting Started Guide you received with the switch How To End a Menu Session and Exit from the Console The method for ending a menu session and exiting from the console depends on whether during the session you made any changes to the switch configu ration that require a switch reboot to activate Most changes via the menu interface nee...

Page 30: ... If you have made configuration changes that require a switch reboot thatis ifan asterisk appears nexttoa configured item or nexttoSwitch Configuration in the Main Menu a Return to the Main Menu b Press 6 to select Reboot Switch and follow the instructions on the reboot screen Rebooting the switch terminates the menu session and if you are using Telnet disconnects the Telnet session See Rebooting ...

Page 31: ...nfiguration screens for displaying and changing the current configuration settings See the Con tents listing at the front of this manual For a listing of features and parameters configurable through the menu interface see the Menu Fea tures List on page 2 14 Console Passwords Provides access to the screen used to set or change Manager level and Operator level passwords and to delete Manager and Op...

Page 32: ...erface on page 5 9 Download OS Enables you to download a new software version to the switch See Appendix A File Transfers Run Setup Displays the Switch Setup screen for quickly configuring basic switch parameters such as IP addressing default gateway logon default interface spanning tree and others See the Installation and Getting Started guide shipped with your switch Stacking Enables you to use ...

Page 33: ...ions that use forms for data entry When you first enter these screens you see the current configuration for the item you have selected To change the configuration the basic operation is to 1 Press E to select the Edit action 2 Navigate through the screen making all the necessary configuration changes See Table 4 1 on the next page 3 Press Enter to return to the Actions line From there you can save...

Page 34: ...change another parameter value return to step 3 6 If you are finished editing parameters in the displayed screen press Enter to return to the Actions line and do one of the following To save and activate configuration changes press S for the Save action This saves the changes in the startup configuration and also implements the change in the currently running configuration See Chapter 5 Switch Mem...

Page 35: ...each screen Use the arrow keys or v to select an action or data field The help line under the Actions items describes the currently selected action or data field For guidance on how to navigate in a screen Seetheinstructionsprovided at the bottom of the screen or refer to Screen Structure and Navigation on page 2 9 Pressing H or highlighting Help and pressing Enter displays Help for the parameters...

Page 36: ...hanges that require a reboot Resets statistical counters to zero Note that statistical counters can be reset to zero without rebooting the switch To Reboot the switch use the Reboot Switch option in the Main Menu Note that the Reboot Switch option is not available if you log on in Operator mode that is if you enter an Operator password instead of a manager password at the password prompt Figure 2 ...

Page 37: ...the value for the Maximum VLANs to support parameter an asterisk appears next to the VLAN Support entry in the VLAN Menu screen and also next to the the Switch Configuration entry in the Main Menu as shown in figure 4 6 Figure 2 7 Indication of a Configuration Change Requiring a Reboot To activate changes indicated by the asterisk go to the Main Menu and select the Reboot Switch option N ot e Exec...

Page 38: ...Information Switch Configuration System Information Port Trunk Settings Network Monitoring Port Spanning Tree Operation IP Configuration SNMP Community Names IP authorized Managers VLAN Menu Console Passwords Event Log Command Line CLI Reboot Switch Download OS Run Setup Stacking Stacking Status This Switch Stacking Status All Stack Configuration Stack Management Available in Stack Commander Only ...

Page 39: ...HP Procurve Stack Management To view and monitor switch status and counters Chapter 17 Monitoring and Analyzing Switch Operation To learn how to configure and use passwords Chapter9 ConfiguringUsernameand Password Security To learn how to use the Event Log Using the Event Log To Identify Problem Sources on page 18 16 To learn how the CLI operates Chapter 3 Using the Command Line Interface CLI To d...

Page 40: ...2 16 Using the Menu Interface Where To Go From Here Using the Menu Interface ...

Page 41: ...ls at Logon 3 3 Privilege Level Operation 3 4 Operator Privileges 3 4 Manager Privileges 3 5 How To Move Between Levels 3 7 Listing Commands and Command Options 3 8 Listing Commands Available at Any Privilege Level 3 8 Command Option Displays 3 10 Displaying CLI Help 3 11 Configuration Commands and the Context Configuration Modes 3 13 CLI Control and Editing 3 16 ...

Page 42: ...d by directly connecting a terminal device to the switch or in band by using Telnet either from a terminal device or through the web browser interface Also if you are using the menu interface you can access the CLI by selecting the Command Line CLI option in the Main Menu Using the CLI The CLI offers these privilege levels to help protect the switch from unautho rized access 1 Operator 2 Manager 3...

Page 43: ...CLI To implement this control you must set at least a Manager password Without a Manager password configured anyone having serial port Telnet or web browser access to the switch can reach all CLI levels For more on setting passwords see page 9 3 When you use the CLI to log on to the switch and passwords are set you will be prompted to enter a password For example Figure 3 1 Example of CLI Log On S...

Page 44: ...his reason it is recommended that you protect the switch from physical access by unauthorized persons If you are concerned about switch security and operation you should install the switch in a secure location such as a locked wiring closet Privilege Level Operation Figure 3 2 Privilege Level Access Sequence Operator Privileges At the Operator level you can examine the current configuration and mo...

Page 45: ...ou to make configuration changes to any of the switch s software features The prompt for the Global Configuration level includes the system name and config To select this level enter the config command at the Manager prompt For example HP4108 _ Enter config at the Manager prompt HP4108 config _ The Global Config prompt Context Configuration level Provides all Operator and Manager privileges and en...

Page 46: ...o the Manager level Move from the CLI interface to the menu interface Exit from the CLI interface and terminate the console session Terminate the current session same as logout Manager Privilige Manager Level HP4108 Perform system level actions such as system control monitoring and diagnostic commands plus any of the Operator level commands For a list of available commands enter at the prompt Glob...

Page 47: ... example if you use the menu interface to configure an IP address of X Change in Levels Example of Prompt Command and Result Operator level to Manager level HP4108 enable Password _ After you enter enable the Password prompt appears After you enter the Manager password the system prompt appears with the symbol HP4108 _ Manager level to Global configuration level HP4108 config HP4108 config Global ...

Page 48: ...lege level you can List all of the commands available at that level List the options for a specific command Listing Commands Available at Any Privilege Level At a given privilege level you can list and execute the commands that level offers plus all of the commands available at preceding levels For example at the Operator level you can list and execute only the Operator level commands However at t...

Page 49: ...ration level or the Context Configuration level produces similar results Use Tab To Search for or Complete a Command Word You can use Tab to help you find CLI commands or to quickly complete the current word in a command To do so type one or more consecutive characters in a command and then press Tab with no spaces allowed For example at the Global Configuration level if you press Tab immediately ...

Page 50: ...config stack Tab commander commander str join mac addr auto join transmission interval integer cr HP4108 config stack Command Option Displays Conventions for Command Option Displays When you use the CLI to listoptionsfor a particular command youwill see one or more ofthe following conventions to help you interpret the command data Braces indicate a required choice Square brackets indicate optional...

Page 51: ...for configuring port C5 Figure 3 6 Example of How To List the Options for a Specific Command Displaying CLI Help CLI Help provides two types of context sensitive information Command list with a brief summary of each command s purpose Detailed information on how to use individual commands Displaying Command List Help You can display a listing of command Help summaries for all commands available at ...

Page 52: ...level by entering enough of the command string to identify the command along with help Syntax command string help For example to list the Help for the interface command in the Global Configuration privilege level Figure 3 8 Example of How To Display Help for a Specific Command A similar action lists the Help showing additional parameter options for a given command The following example illustrates...

Page 53: ...mand in the global configuration mode or in selected context modes However using a context mode enables you to execute context specific commands faster with shorter command strings The Switch 4108GL offers interface port or trunk group and VLAN context configuration modes Port or Trunk Group Context Includes port or trunk specific commands that apply only to the selected port s or trunk group plus...

Page 54: ...C8 HP4108 eth C5 C8 Lists the commands you can use in the port or static trunk context plus the Manager Operator and context commands you can execute at this level In the port context the first block of commands in the listingshow thecontext specific commandsthatwillaffect only ports C3 C6 The remaining commands in the listing are Manager Operator and context commands ...

Page 55: ... the switch Figure 3 11 Context Specific Commands Affecting VLAN Context HP4108 config vlan 100 Command executed at configura tion level to enter VLAN 100 context HP4108 vlan 100 Resulting prompt showing VLAN 100 context HP4108 vlan 100 Lists commands you can use in the VLAN context plus Manager Oper ator and context commands you can execute at this level In the VLAN context the first block of com...

Page 56: ...e cursor forward one character Ctrl K Deletes from the cursor to the end of the command line Ctrl L or Ctrl R Repeats current command line on a new line Ctrl N or v Enters the next command line in the history buffer Ctrl P or Enters the previous command line in the history buffer Ctrl U or Ctrl X Deletes from the cursor tothe beginning of the command line Ctrl W Deletes the last word typed Esc B M...

Page 57: ...e Install Window 4 8 Creating Usernames and Passwords in the Browser Interface 4 9 Using the Passwords 4 11 Using the User Names 4 11 If You Lose a Password 4 12 Online Help for the HP Web Browser Interface 4 12 Support Mgmt URLs Feature 4 13 Support URL 4 14 Help and the Management Server URL 4 14 Status Reporting Features 4 16 The Overview Window 4 16 The Port Utilization and Status Displays 4 1...

Page 58: ...face session page 4 5 Tasks for your first web browser interface session page 4 8 Creating usernames and passwords in the web browser interface page 4 9 Selecting the fault detection configuration for the Alert Log operation page 4 24 Getting access to online help for the web browser interface page 4 12 Description of the web browser interface Overview window and tabs page 4 16 Port Utilization an...

Page 59: ...ation Ports VLANs and Primary VLAN Fault detection Port monitoring mirroring System information Enable Disable Multicast Filtering IGMP and Spanning Tree IP Stacking Support and management URLs Switch Security Passwords Switch Diagnostics Ping Link Test Device reset Configuration report Switch status Port utilization Port counters Port status Alert log Switch system information listing ...

Page 60: ...m 90 MHz Pentium 120 MHz Pentium HP UX Platform 9 x or 10 x 100 MHz 120 MHz RAM 16 Mbytes 32 Mbytes Screen Resolution 800 X 600 1 024 x 768 Color Count 256 65 536 Internet Browser English language browser only PCs Netscape Communicator 4 x Microsoft Internet Explorer 4 x UNIX Netscape Navigator 4 5 or later PCs Netscape Communicator 5 x Microsoft Internet Explorer 5 0 UNIX Netscape Navigator 5 x P...

Page 61: ...or Hubs Switches on your network Using a Standalone Web Browser in a PC or UNIX Workstation This procedure assumes that you have a supported web browser page 4 4 installed on your PC or workstation and that an IP address has been config ured on the switch For more on assigning an IP address refer to IP Configuration on page 7 3 1 Make sure the JavaTM applets are enabled for your browser If they ar...

Page 62: ...e switch s web browser interface from a non management PC or workstation For HP TopTools requirements refer to the information provided with HP TopTools for Hubs Switches This procedure assumes that Youhave installed the recommended web browser on a PC orworkstation that serves as your network management station The networked device you want to access has been assigned an IP address and optionally...

Page 63: ...arts with the Status Overview window displayed for the selected device as shown in figure 4 1 N ot e If the Registration window appears click on the Status tab Figure 4 1 Example of Status Overview Screen N ot e The above screen appears somewhat different if the switch is configured as a stack Commander For an example see figure 1 3 on page 1 5 Alert Log First Time Install Alert ...

Page 64: ...ing the First Time Install Window When you access the switch s web browser interface for the first time the Alert log contains a First Time Install alert as shown in figure 4 2 This gives you information about first time installations and provides an immediate opportunity to set passwords for security and to specify a Fault Detection policy which determines the types of messages that will be displ...

Page 65: ...Fault Detection policy click on select the fault detection configuration in the second bullet in the window and go to the section Setting Fault Detection Policy on page 4 24 You can also access the password screen by clicking on the Configuration tab and then Fault Detection button Creating Usernames and Passwords in the Browser Interface You may want to create both a username and password to crea...

Page 66: ...des a First Time Install event entry double click on this event then in the resulting display click on the secure access to the device link Select the Security tab 2 Click in the appropriate box in the Device Passwords window and enter user names and passwords You will be required to repeat the password strings in the confirmation boxes Both the user names and passwords can be up to 16 printable A...

Page 67: ...re used to control access to all switch interfaces Once set you will be prompted to supply the password every time you try to access the switch through any of its interfaces The password you enter determines the capability you have during that session Entering the manager password gives you full read write capabilities Entering the operator password gives you read and limited write capabil ities U...

Page 68: ...ke sure the switch is installed in a secure location such as a locked wiring closet Online Help for the HP Web Browser Interface Online Help is available for the web browser interface You can use it by clicking on the question mark button in the upper right corner of any of the web browser interface screens Figure 4 5 The Help Button Context sensitive help is provided for the screen you are on N o...

Page 69: ...er interface and ifsetup theURL ofa network managementstationrunning HP TopTools for Hubs Switches Figure 4 6 The Default Support Mgmt URLs Window 3 Enter URLs for the support information source you want the switch to access when you click on the web browser interface Support tab the default is HP s ProCurve network products World Wide Web home page the URL of the network Management server or othe...

Page 70: ... of a network management station running HP TopTools for Hubs Switches Providing Online Help The Help files are automatically available if you install HP TopTools for Hubs Switches on your network or if you already have Internet access to the World Wide Web The Help files are included with HP TopTools for Hubs Switches and are also automatically available from HP via the World Wide Web Retrieval o...

Page 71: ...gure 4 7 How To Access Web Browser Interface Online Help Policy Management and Configuration HP Top Tools for Hubs Switches can perform network wide policy management and configuration of your switch The Management Server URL field identifies the management station that is performing that function For more information refer to the documentation provided on the HP TopTools for Hubs Switches CD ship...

Page 72: ...page 4 17 The Alert log page 4 20 The Status bar page 4 23 The Overview Window The Overview Window is the home screen for any entry into the web browser interface The following figure identifies the various parts of the screen Figure 4 8 The Overview Window Alert Log Control Bar Port Utiliza tion Graphs page 4 17 Active Tab Active Button Alert Log page 4 20 Port Status Indicators page 4 19 Button ...

Page 73: ... traffic Non Unicast Pkts Rx All multicast and broadcast traffic received by the port This indicator a gold color on many systems enables you to know at a glance the source of any non unicast traffic that is causing high utilization of the switch For example if one port is receiving heavy broadcast or multicast traffic all ports will become highly utilized By color coding the received broadcast an...

Page 74: ...ion bar graph shows Click onthebandwidthdisplaycontrolbuttoninthe upperleftcorner of the graph The button shows the current scale setting such as 40 In the resulting menu select the bandwidth scale you want the graph to show 3 10 25 40 75 or 100 as shown in figure figure 4 10 Note that when viewing activity on a gigabit port you may want to select a lower value such as 3 or 10 This is because the ...

Page 75: ...to an active network device A cable may not be connected to the port or the device at the other end may be powered off or inoperable or the cable or connected device could be faulty Port Disabled the port has been configured as disabled through the web browser interface the switch console or SNMP network manage ment Port Fault Disabled a fault condition has occurred on the port that has caused it ...

Page 76: ...ification Date Time The date and time the event was received by the web browser interface This value is shown in the format DD MM YY HH MM SS AM PM for example 16 Sep 99 7 58 44 AM Description A short narrative statement that describes the event For example Excessive CRC Alignment errors on port 8 Sorting the Alert Log Entries The alerts are sorted by default by the Date Time field with the most r...

Page 77: ...red on the other A malfunctioning NIC NIC driver or transceiver Excessive late collisions Late collisions collisions detected after transmitting 64 bytes have been detected on this port Possible causes include An overextended LAN topology Duplex mismatch full duplex configured on one end of the link half duplex configured on the other A misconfigured or faulty device connected to the port High col...

Page 78: ...interface displays a Detail View or separate window detailing information about the events The Detail View contains a description of the problem and a possible solution It also provides four management buttons Acknowledge Event removes the New symbol from the log entry Delete Event removes the alert from the Alert Log Cancel Button closes the detail view with no change to the status of the alert a...

Page 79: ...3 Status Indicator Key System Name The name you have configured for the switch by using Identity screen system name command or the switch console System Information screen Most Critical Alert Description A brief description of the earliest unacknowledged alert with the current highest severity in the Alert Log appearing in the right portion of the Status Bar In instances where multiple critical al...

Page 80: ...ontrols the types of alerts reported to the Alert Log based on their level of severity Set this policy in the Fault Detection window figure 4 16 Figure 4 16 The Fault Detection Window The Fault Detection screen contains a list box for setting fault detection and response policy You set the sensitivity level at which a network problem should generate an alert and send it to the Alert Log To provide...

Page 81: ...k that normally has a lot of problems and you want to be informed of only the most severe ones Never Disables the Alert Log and transmission of alerts traps to the management server in cases where a network management tool such as HP TopTools for Hubs Switches is in use Use this option when you don t want to use the Alert Log The Fault Detection Window also contains three Change Control Buttons Ap...

Page 82: ...4 26 Using the HP Web Browser Interface Status Reporting Features Using the HP Web Browser Interface ...

Page 83: ...ent Configuration Changes 5 7 Using the Menu Interface To Implement Configuration Changes 5 8 Using Save and Cancel in the Menu Interface 5 8 Rebooting from the Menu Interface 5 9 Using the Web Browser Interface To Implement Configuration Changes 5 11 Using Primary and Secondary Flash Image Options 5 11 Displaying the Current Flash Image Data 5 12 OS Downloads 5 14 Local OS Replacement and Removal...

Page 84: ...guration File Management The switch maintains two configuration files the running config file and the startup config file Figure 5 1 Conceptual Illustration of Switch Memory Operation Running Config File Controls switch operation When the switch reboots the contents of this file are erased and replaced by the contents of the startup config file Startup Config File Preserves the most recently saved...

Page 85: ...iguration Making one or more changes to the running config file creates a new operating configuration Saving a new configuration meansto overwrite replace thecurrentstartup config file with the current running config file This means that if the switch subsequently reboots for any reason it will resume operation using the new configuration instead of the configuration previously defined in the star...

Page 86: ...can store or retrieve a backup copy of the startup config file on another device For more informa tion see appendix A Transferring an Operating System or Startup Config File Using the CLI To Implement Configuration Changes The CLI offers these capabilities Access to the full set of switch configuration features The option of testing configuration changes before making them perma nent How To Use th...

Page 87: ... Mbps operation Because 100 Mbps over Cat 3 wiring can introduce transmission problems the recommended port mode is auto 10 which allows the port to negotiate full or half duplex but restricts speed to 10 Mbps The following command configures port 5 to auto 10 mode in the running config file allowing you to observe performance on the link without making the mode change permanent HP4108 config inte...

Page 88: ... to choose which config file to retain and which to discard If you want to update the startup config file to match the running config file press Y for yes This means that the changes you entered in the running config file will be saved in the startup config file If you want to discard the changes you made to the running config file so thatitwillmatch thestartup configfile thenpress N for no Thisme...

Page 89: ...d above unless you also make a configuration change in the menu interface only the writememory command in the CLI will actually save the change to the startup config file How To Reset the startup config and running config Files to the Factory Default Configuration This command reboots the switch replacing the contents of the current startup config and running config files with the factory default ...

Page 90: ...u save a configuration change in the menu interface you simulta neously change both the running config file and the startup config file N ot e The only exception to this operation are two VLAN related parameter changes that require a reboot described under Rebooting To Activate Configuration Changes on page 5 10 Using Save and Cancel in the Menu Interface For any configuration screen in the menu i...

Page 91: ...while using the CLI are saved execute write memory in the CLI before rebooting the switch Rebooting from the Menu Interface Terminates the current session and performs a reset of the operating system Activates any configuration changes that require a reboot Resets statistical counters to zero Note that statistical counters can be reset to zero without rebooting the switch See Displaying Port Count...

Page 92: ...ge in the Maximum VLANs to support parameter To access these parameters go to the Main menu and select 2 Switch Configuration then 8 VLAN Menu then 1 VLAN Support If configuration changes requiring a reboot have been made the switch displays an asterisk next to the menu item in which the change has been made For example if you change and save parameter values for the Maximum VLANs to support param...

Page 93: ...pply Changes or Apply Settings you simultaneously change both the running config file and the startup config file N ot e If you reconfigure a parameter in the CLI and then go to the browser interface without executing a write memory command those changes will be saved to the startup config file if you click on Apply Changes or Apply Settings in the web browser interface Using Primary and Secondary...

Page 94: ...time The following tasks involve primary secondary flash options Displaying the current flash image data and determining which OS ver sions are available OS downloads Local OS replacement and removal erasing System booting Displaying the Current Flash Image Data Use the commands in this section to Determine whether there are flash images in both primary and secondary flash Determine whether the im...

Page 95: ...running on the version stored in the secondary flash image Figure 5 7 Example Showing Different Flash Image Versions Determining Which Flash Image Versions Are Installed The show ver sion command displays which software version the switch is currently running and whether that version booted from primary or secondary flash Thus if the switch booted from primary flash you will see the version number...

Page 96: ...or other cause interrupts a flash image download the switch reboots with the image previ ously stored in primary flash In the unlikely event that the primary image is corrupted asa resultofaninterruption the switch will rebootfromsecondary flash and you can either copy the secondary image into primary or download another image to primary from an external source See Appendix A File Transfers 1 In t...

Page 97: ...he switch overwrites the file in the destination location with a copy of the file from the source location This means you do not have to erase the current image at the destination location before copying in a new image Ca ut ion Verify that there is an acceptable OS image in the source flash location from which you are going to copy Use the show flash command or if necessary the procedure under De...

Page 98: ... ary ensure that you have a valid OS file in the other flash image location secondary orprimary Ifthe switch hasonlyone flash imageloaded in either primary or secondary flash and you erase that image then the switch does not have an OS stored in flash In this case if you do not reboot or power cycle the switch you can recover by using xmodem or tftp to download another OS Syntax erase flash primar...

Page 99: ... the options inherrent in a dual flash image system Generally using boot provides more comprehensive self testing using reload gives you a faster reboot time Table 5 2 Comparing the Boot and Reload Commands The prompt shows which flash location will be erased Actions Included In Boot Included In Reload Note Save all configuration changes since the last boot or reload Optional with prompt Yes autom...

Page 100: ...out the pause to display Boot from primary flash Booting from a Specified Flash This version of the boot command gives you the option of specifying whether to reboot from primary or secondary flash and is the required command for rebooting from secondary flash This option also executes the complete set of subsystem self tests Syntax boot system flash primary secondary For example to reboot the swi...

Page 101: ...ng Configuration Changes Operating Notes Default Boot Source The switch reboots from primary flash by default unless you specify the secondary flash Boot Attempts from an Empty Flash Location In this case the switch aborts the attempt and displays Image does not exist Operation aborted Interaction of Primary and Secondary Flash Images with the Current Configuration The switch has one startup confi...

Page 102: ...sh Image Options Switch Memory and Configuration while using a version Y of the OS and then reboot the switch with an earlier OS version X that does not include all of the features found in Y the OS simply ignores the parameters for any features that it does not support ...

Page 103: ... 6 2 Interface Access Console Serial Link Web and Inbound Telnet 6 3 Menu Modifying the Interface Access 6 4 CLI Modifying the Interface Access 6 5 System Information 6 8 Menu Viewing and Configuring System Information 6 9 CLI Viewing and Configuring System Information 6 10 Web Configuring System Parameters 6 13 ...

Page 104: ...the Menu Interface Chapter 3 Using the Command Line Interface CLI Chapter 4 Using the HP Web Browser Interface Why Configure Interface Access and System Information The inter face access features in the switch operate properly by default However you can modify or disable access features to suit your particular needs Similarly you can choose to leave the system information parameters at their defau...

Page 105: ...rity using IP authorized managers However if unauthorized access to the switch through in band means Telnet or the web browser interface then you can disallow in band access as described in this section and install the switch in a locked environment Feature Default Menu CLI Web Inactivity Time 0 Minutes disabled page 6 4 page 6 6 Inbound Telnet Access Enabled page 6 4 page 6 5 Web Browser Interfac...

Page 106: ...meters 1 From the Main Menu Select 2 Switch Configuration 1 System Information Figure 6 1 The Default Interface Access Parameters Available in the Menu Interface 2 Press E for Edit The cursor moves to the System Name field 3 Use the arrow keys v to move to the parameters you want to change Refer to the online help provided with this screen for further information on configuration options for these...

Page 107: ...Syntax show console This example shows the switch s default console serial configuration Figure 6 2 Listing of Show Console Command Reconfigure Inbound Telnet Access In the default configuration inbound Telnet access is enabled Syntax no telnet server To disable inbound Telnet access HP4108 config no telnet server To re enable inbound Telnet access HP4108 config telnet server show console below no...

Page 108: ...200 38400 57600 flow control xon xoff none inactivity timer 0 1 5 10 15 20 30 60 120 events none all non info critical debug N ot e If you change the Baud Rate or Flow Control settings for the switch you should make the corresponding changes in your console access device Oth erwise you may lose connectivity between the switch and your terminal emulatorduetodifferencesbetweentheterminal andswitch s...

Page 109: ...th Multiple Parameters You can also execute a series of console commands and then save the configuration and boot the switch For example Figure 6 4 Example of Executing a Series of Console Commands TheswitchimplementstheEventLogchangeimmediately Theswitchimplements the other console changes after executing write memory and reload Configure the individual parameters Save the changes Boot the switch...

Page 110: ...r of seconds a MAC address the switch has learned remains in the switch s address table before being aged out deleted Aging out occurs when there has been no traffic from the device belonging to that MAC address for the configured interval Time Sync Method Selects the method TimeP or SNTP the switch will use for time synchronization For more on this topic refer to Chapter 8 Time Protocols Feature ...

Page 111: ...e appendix D Daylight Savings Time on HP ProCurve Switches Time Used in the CLI to specify the time of day the date and other system parameters Menu Viewing and Configuring System Information To access the system information parameters 1 From the Main Menu Select 2 Switch Configuration 1 System Information Figure 6 5 The System Information Configuration Screen Default Values N ot e To help simplif...

Page 112: ...urn to the Main Menu CLI Viewing and Configuring System Information System Information Commands Used in This Section Listing the Current System Information Thiscommandliststhecurrent system information settings Syntax show system information This example shows the switch s default console configuration Figure 6 6 Example of CLI System Information Listing show system information below hostname belo...

Page 113: ...the switch Syntax hostname name string snmp server contact system contact location system location Note that no blank spaces are allowed in the variables for these commands For example to name the switch Blue with Ext 4474 as the system contact and North Data Room as the location Figure 6 7 System Information Listing After Executing the Preceding Commands New hostname contact and location data fro...

Page 114: ...ka continental us and canada middle europe and portugal southern hemisphere western europe user defined For example this command configures the time zone and daylight time rule for Vancouver British Columbia in Canada time zone 8 480 minutes HP4108 config time timezone 480 daylight time rule continental us and canada Configure the Time and Date The switch uses the time command to con figure both t...

Page 115: ...ystem Location System Contact For access to the MAC Age Interval and the Time parameters use the menu interface or the CLI Configure System Parameters in the Web Browser Interface 1 Click on the Configuration tab 2 Click on System Info 3 Enter the data you want in the displayed fields 4 Implement your new data by clicking on Apply Changes To access the web based help provided for the switch click ...

Page 116: ...6 14 Interface Access and System Information System Information Interface Access and System Information ...

Page 117: ...Addressing in a Stacking Environment 7 5 Menu Configuring IP Address Gateway and Time To Live TTL 7 5 CLI Configuring IP Address Gateway Time To Live TTL and Timep 7 7 Web Configuring IP Addressing 7 9 How IP Addressing Affects Switch Operation 7 9 DHCP Bootp Operation 7 10 Network Preparations for Configuring DHCP Bootp 7 13 Globally Assigned IP Network Addresses 7 14 ...

Page 118: ...to Chapter 2 Using the Menu Interface Chapter 3 Using the Command Line Interface CLI Chapter 4 Using the HP Web Browser Interface Why Configure IP Addressing In its factory default configuration the switch operates as a multiport learning bridge with network connectivity provided by the ports on the switch However to enable specific management access and control through your network you will need ...

Page 119: ...ateway is required when a router is needed for tasks such as reaching off subnet destinations or forward ing traffic across multiple VLANs The gateway value is the IP address of the next hop gateway node for the switch which is used if the requested destina tion address is not on a local subnet VLAN If the switch does not have a manually configured default gateway and DHCP Bootp is configured on t...

Page 120: ...addressing to the DEFAULT_VLAN N ot e s If multiple VLANs are configured then each VLAN can have its own IP address This is because each VLAN operates as a separate broadcast domain and requires a unique IP address and subnet mask A default gateway IP address for the switch is optional but recommended In the factory default configuration the default VLAN named DEFAULT_VLAN is the switch s primary ...

Page 121: ...t be required See HP Procurve Stack Management on page 13 1 for more information Menu Configuring IP Address Gateway and Time To Live TTL Do one of the following To manually enter an IP address subnet mask set the IPConfig parameter to Manual and then manually enter the IP address and subnetmask values you want for the switch To use DHCP or Bootp use the menu interface to ensure that the IP Config...

Page 122: ...P addressing select IP Config and do one of the following If you want to have the switch retrieve its IP configuration from a DHCP or Bootp server at the IP Config field keep the value as DHCP Bootp and go to step 8 If you want to manually configure the IP information use the Space bar to select Manual and use the Tab key to move to the other IP configuration fields 6 Select the IP Address field a...

Page 123: ...N exists then its IP configuration applies to all ports in the switch Where multiple VLANs are configured the IP addressing is listed per VLAN The display includes switch wide packet time to live and if config ured the switch s default gateway and Timep configuration Syntax show ip For example in the factory default configuration no IP addressing assigned the switch s IP addressing appears as Figu...

Page 124: ...nal VLANs you create the default IP address setting is Disabled Syntax vlan vlan id ip address ip address mask length or vlan vlan id ip address ip address mask bits or vlan vlan id ip address dhcp bootp This example configures IP addressing on the default VLAN with the subnet mask specified in mask bits HP4108 config vlan 1 ip address 10 28 227 103 255 255 255 0 This example configures the same I...

Page 125: ...n the Configuration tab 2 Click on IP Configuration 3 If you need further information on using the web browser interface click on to access the web based help available for the Switch 2512 2524 How IP Addressing Affects Switch Operation Without an IP address and subnet mask compatible with your network the switch can be managed only through a direct terminal device connection to the Console RS 232...

Page 126: ...access to the CLI and the menu interface Stacking Candidate or Stack Member DHCP or Bootp support for automatic IP address configuration and DHCP support for automatic Timep server IP address configuration Spanning Tree Protocol Port settings and port trunking Console based status and counters information for monitoring switch operation and diagnosing problems through the CLI or menu interface VLA...

Page 127: ...quests it continues to periodically send request packets but with decreasing frequency Thus if a DHCP or Bootp server is not available or accessible to the switch when DHCP Bootp is first configured the switch may not immediately receive the desired configuration After verifying that the server has become accessible to the switch reboot the switch to re start the process immediately DHCP Operation...

Page 128: ...h or a VLAN configured in the switch would be similar to this entry j4108switch ht ether ha 0030c1123456 ip 10 66 77 88 sm 255 255 248 0 gw 10 66 77 1 hn vm rfc1048 An entry in the Bootp table file etc bootptab to tell the switch or VLAN where to obtain a configuration file download would be similar to this entry j4108switch ht ether ha 0030c1123456 ip 10 66 77 88 sm 255 255 248 0 gw 10 66 77 1 lg...

Page 129: ...n the default VLAN affects the switch s use of information received via DHCP Bootp For more on this topic see Which VLAN Is Primary on page 14 7 After you reconfigure or reboot the switch with DHCP Bootp enabled in a network providing DHCP Bootp service the switch does the following Receives an IP address and subnet mask and if configured in the server a gateway IP address and the address of a Tim...

Page 130: ...anizations For more information refer to the latest edition of Internetworking with TCP IP Principles Protocols and Architecture by Douglas E Comer Prentice Hall Inc publisher Country Phone Number E Mail URL Organization Name Address United States Countries not in Europe or Asia Pacific 1 310 823 9358 icann icann org http www icann org The Internet Corporation for Assigned Names and Numbers ICANN ...

Page 131: ... 5 CLI Viewing and Configuring SNTP 8 8 Viewing the Current SNTP Configuration 8 8 Configuring Enabling or Disabling the SNTP Mode 8 9 TimeP Viewing Selecting and Configuring 8 13 Menu Viewing and Configuring TimeP 8 14 CLI Viewing and Configuring TimeP 8 16 Viewing the Current TimeP Configuration 8 16 Configuring Enabling or Disabling the TimeP Mode 8 17 SNTP Unicast Time Polling with Multiple SN...

Page 132: ...ocol at any time In the factory default configuration the time synchronization option is set to TimeP with the TimeP mode itself set to Disabled TimeP Time Synchronization You can either manually assign the switch to use a TimeP server or use DHCP to assign the TimeP server In either case the switch can get its time synchro nization updates from only one designated Timep server This option enhance...

Page 133: ...erver command This option provides increased security over the Broadcast mode by specifying which time server to use instead of using the first one detected through a broadcast Overview Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation General Steps for Running a Time Protocol on the Switch 1 Select the time synchronization protocol SNTP or TimeP the default 2 Enable...

Page 134: ...ormation screen of the Menu interface set the Time Synch Method parameter to None then press Enter then S for Save In the Global config level of the CLI execute no timesync SNTP Viewing Selecting and Configuring SNTP Feature Default Menu CLI Web view the SNTP time synchronization configuration n a page 8 5 page 8 8 select SNTP as the time synchronization method timep page 8 6 page 8 9 ff disable t...

Page 135: ...ted and ignores any others However if the Poll Interval expires three times without the switch detecting a time update from the original server it the switch accepts a broadcast time update from the next server it detects Poll Interval seconds In Unicast Mode Specifies how often the switch polls the designated SNTP server for a time update In Broadcast Mode Specifies how often the switch polls the...

Page 136: ... bar to select SNTP then press v once to display and move to the SNTP Mode field 5 Do one of the following Use the Space bar to select the Broadcast mode then press v to move the cursor to the Poll Interval field and go to step 6 For Broadcast mode details see SNTP Operating Modes on page 2 Use the Space bar to select the Unicast mode then do the following i Press to move the cursor to the Server ...

Page 137: ...g of 3 and testing SNTP operation to determine whether any change is necessary Note Using the menu to enter the IP address for an SNTP server when the switch already has one or more SNTP servers config ured causes the switch to delete the primary SNTP server from the server list and to select a new primary SNTP server from the IP address es in the updated list For more on this topic see SNTP Unica...

Page 138: ...xample if you configured the switch with SNTP as the time synchroni zation method then enabled SNTP in broadcast mode with the default poll interval show sntp lists the following Figure 8 5 Example of SNTP Configuration When SNTP Is the Selected Time Synchronization Method In the factory default configuration where TimeP is the selected time synchronization method show sntp still lists the SNTP co...

Page 139: ... 10 sntp server ip addr Required only for unicast mode page 8 10 sntp poll interval 30 720 Enabling the SNTP mode also enables the SNTP poll interval default 720 seconds page 8 12 Enabling SNTP in Broadcast Mode Becausethe switch providesan SNTP polling interval default 720 seconds you need only these two commands for minimal SNTP broadcast configuration Syntax timesync sntp Selects SNTP as the ti...

Page 140: ...ith another To add a second or third server you must use the CLI For more on SNTP operation with multiple servers see SNTP UnicastTime Polling with Multiple SNTP Servers on page 20 Syntax timesync sntp Selects SNTP as the time synchronization method sntp unicastConfigures the SNTP mode for Unicast operation sntp server ip addr version Specifies the SNTP server The default server version is 3 no sn...

Page 141: ...u specify uses SNTP version 4 or later use the sntp server command to specify the correct version number For example suppose you learned that SNTP version 4 was in use on the server you specified above IP address 10 28 227 141 You would use the following commands to delete the server IP address and then re enter it with the correct version number for that server Figure 8 9 Example of Specifying th...

Page 142: ...ration Syntax no timesync For example suppose SNTP is running as the switch s time synchronization protocol with Broadcast as the SNTP mode and the factory default polling interval You would halt time synchronization with this command HP4108 config no timesync If you then viewed the SNTP configuration you would see the following Figure 8 10 Example of SNTP with Time Sychronization Disabled Disabli...

Page 143: ...on is disabled because no sntp has disabled the SNTP Mode parameter TimeP Feature Default Menu CLI Web view the Timep time synchronization configuration n a page 8 14 page 16 select Timep as the time syncronization method TIMEP page 13 pages 17 ff disable time synchronization timep page 15 page 19 enable the Timep mode Disabled DHCP page 15 page 17 manual page 15 page 18 none disabled page 15 page...

Page 144: ... a Timep server IP address via DHCP If the switch receives a server address it polls the server for updates according to the Timep poll interval Ifthe switch does notreceive a Timep server IP address itcannot perform time synchronization updates Manual When Timep is selected as the time synchronization method the switch attempts to poll the specified server for updates according to the Timep poll ...

Page 145: ...he Space bar to select TIMEP then press v once to display and move to the TimeP Mode field 5 Do one of the following Use the Space bar to select the DHCP mode then press v to move the cursor to the Poll Interval field and go to step 6 Use the Space bar to select the Manual mode i Press to move the cursor to the Server Address field ii Enter the IP address of the TimeP server you want the switch to...

Page 146: ...new time protocol configuration in both the startup config and running config files CLI Viewing and Configuring TimeP CLI Commands Described in this Section Thissection describeshowto use the CLIto view enable andconfigure TimeP parameters Viewing the Current TimeP Configuration This command lists both the time synchronization method TimeP SNTP or None and the TimeP configuration even if SNTP is n...

Page 147: ...means to configure it for either broadcast or unicast mode Remember that to run TimeP as the switch s time synchronization protocol you must also select TimeP as the time synchronization method by using the CLI timesync command or the Menu interface Time Sync Method parameter Syntax timesync timepSelects TimeP as the time protocol ip timep dhcp manual Enables the selected TimeP mode no ip timepDis...

Page 148: ... operation you must also specify the IP address of the TimeP server The switch allows only one TimeP server To enable the TimeP protocol Syntax timesync timepSelects Timep ip timep manual ip addr Activates TimeP in Manual mode with a spec ified TimeP server no ip timepDisables TimeP Note To change from one TimeP server to another you must 1 use the no ip timep command to disable TimeP mode and the...

Page 149: ...The default is 720 minutes and the range is 1 to 9999 minutes This parameter is separate from the poll interval parameter used for SNTP operation Syntax ip timep dhcp interval 1 9999 ip timep manual interval 1 9999 For example to change the poll interval to 60 minutes HP4108 config ip timep interval 60 Disabling Time Synchronization Without Changing the TimeP Configuration The recommended method f...

Page 150: ...nfiguration as shown below and disables time synchronization on the switch Figure 8 18 Example of Disabling Time Synchronization by Disabling the TimedP Mode Parameter SNTPUnicastTimePollingwithMultiple SNTP Servers When running SNTP unicast time polling as the time synchronization method the switch requests a time update from the server you configured with either the Server Address parameter in t...

Page 151: ...address the second lowest decimal value assigned as the next address and the third lowest decimal value as the last address If the first octet is the same between two of the addresses the second octet is compared and so on For example Adding and Deleting SNTP Server Addresses Adding Addresses As mentioned earlier you can configure one SNTP server address using either the Menu interface or the CLI ...

Page 152: ...e you must delete the unwanted address before you configure the new one Deleting Addresses To delete an address you must use the CLI If there are multiple addresses and you delete one of them the switch re orders the address priority See Address Prioritization on page 21 Syntax no sntp server ip addr For example to delete the primary address in the above example and automatically convert the secon...

Page 153: ...eady has the following three SNTP server IP addresses configured 10 28 227 141 primary 10 28 227 153 secondary 10 29 227 100 tertiary If you use the Menu interface to add 10 28 227 160 the new prioritized list will be SNTP Messages in the Event Log If an SNTP time change of more than three seconds occurs the switch s event log records the change SNTP time changes of less than three seconds do not ...

Page 154: ...8 24 Time Protocols SNTP Messages in the Event Log Time Protocols ...

Page 155: ...edure 9 11 Configuring TACACS on the Switch 9 14 Before You Begin 9 14 Viewing the Switch s Current Authentication Configuration 9 14 Viewing the Switch s Current TACACS Server Contact Configuration 9 15 Configuring the Switch s Authentication Methods 9 16 Configuring the Switch s TACACS Server Access 9 19 How Authentication Operates 9 24 General Authentication Process Using a TACACS Server 9 24 L...

Page 156: ...atures Table 9 1 shows the protection each security feature offers for a given type of access and the hierarchy the switch applies when using security features to process access attempts For example the switch provides Telnet manage ment access security as follows 1 If local user name password protection is configured the correct user name and password must be entered If incorrect passwords are en...

Page 157: ...gured and available step 2 below The preceding information outlines generalaccesssecurity To understand the options offered by each security feature refer to the appropriate sections in this chapter and chapter 10 Configuring Username and Password Security on page 9 3 TACACS Authentication for Central Control of Switch Access Security on page 9 8 Using Authorized IP Managers in chapter 10 Configur...

Page 158: ...tivity Time parameter see page 6 4 This causes the console session to end after the specified period of inactivity thus giving you added security against unauthorized console access N ot e The manager and operator passwords and optional user names control access to the menu interface CLI and web browser interface If you configure only a Manager password with no Operator password and the Manager pa...

Page 159: ...y an Operator password entering the Operator password enables full manager privileges Passwords are case sensitive The rest of this section covers how to Set passwords Delete passwords Recover from a lost password Menu Configuring Passwords As noted earlier in this section user names are optional Configuring a user name requires the web browser interface 1 From the Main Menu select 5 Console Passw...

Page 160: ... new passwords as described earlier in this chapter If you do not have physical access to the switch you will need Manager Level access 1 Enter the console at the Manager level 2 Go to the Set Passwords screen as described above 3 Select Delete Password Protection You will then see the following prompt Continue Deletion of password protection No 4 Press the Space bar to select Yes then press Enter...

Page 161: ...ds In the web browser interface you can enter passwords and optional user names To Configure or Remove User Names and Passwords in the Web Browser Interface 1 Click on the Security tab Click on Device Passwords 2 Do one of the following To set user name and password protection enter the user names and passwords you want in the appropriate fields To remove user name and password protection leave th...

Page 162: ...CS Operation Feature Default Menu CLI Web view the switch s authentication configuration n a page 14 view the switch s TACACS server contact configuration n a page 15 configure the switch s authentication methods disabled page 16 configure the switch to contact TACACS server s disabled page 19 B Switch 4108GL Configured for TACACS Operation Terminal A Directly Accessing the Switch Via Switch s Con...

Page 163: ...nd to specify the privilege level to allow if access is granted This release does not support TACACS authorization or accounting services In release G 01 xx TACACS does not affect web browser interface access See Controlling Web Browser Interface Access on page 28 Terminology Used in TACACS Applications NAS Network Access Server This is an industry term for a TACACS aware device that communicates ...

Page 164: ...h basis For more on local authentication see the password and username informationin the Configuration and Management Guideonthe Documentation CD ROM shipped with your Switch 4108GL TACACS Authentication This method enables you to use a TACACS server in your network to assign a unique password user name and privilege level to each individual or group who needs access to one or more switches or oth...

Page 165: ...nding on the process and parameter settings you use to set up and test TACACS authentication in your network you could accidentally lock all users including yourself out of access to a switch While recovery is simple it may pose an inconvenience that can be avoided To prevent an unintentional lockout on a Switch 4108GL use a procedure that configures and tests TACACS protection for one access type...

Page 166: ...umentationyoureceived with your TACACS server application If you are a first time user of the TACACS service HP recommends that you configure only the minimum feature set required by the TACACS application to provide service in your network environment After you have success with the minimum feature set you may then want to try additional features that the application offers The IP address es of t...

Page 167: ...ured to operate on your network and can communicate with your first choice TACACS server At a minimum this requires IP addressing and a successful ping test from the switch to the server 7 On a remote terminal device use Telnet to attempt to access the switch If the attempt fails use the console access to check the TACACS configuration on the switch If you make changes in the switch configu ration...

Page 168: ...hentication A command for configuring the switch s authenti cation methods tacacs server A command for configuring the switch s contact with TACACS servers CLI Commands Described in this Section Viewing the Switch s Current Authentication Configuration This command lists the number of login attempts the switch allows in a single login session and the primary secondary access methods configured for...

Page 169: ...addresses of the first choice and backup TACACS servers the switch can contact Syntax show tacacs For example if the switch was configured for a first choice and two backup TACACS server addresses the default timeout period and paris 1 for a global encryption key show tacacs would produce a listing similar to the following Figure 9 6 Example of the Switch s TACACS Configuration Listing Configurati...

Page 170: ...tion console or telnet n a n a Specifies whether the command is configuring authentication for the console port or Telnet access method for the switch enable or login n a n a Specifies the privilege level for the access method being configured login Operator read only privileges enable Manager read write privileges local or tacacs local n a Specifies the primary method of authentication for the ac...

Page 171: ...mary for TACACS authentication is not recommended as it defeats the purpose of using the TACACS authentication If you want Enable Primary log in attempts to go to a TACACS server then you should configure both Login Primary and Enable Primary for Tacacs authentication instead of configuring Login Primary to Local authentication Access Method and Privilege Level Authentication Options Effect on Acc...

Page 172: ...ACACS server Secondary using Local HP4108 config aaa authentication console enable tacacs local Console Enable Manager or Read Write Access Primary Secondary Telnet Login Operator or Read Only Access Primary using TACACS server Secondary using Local HP4108 config aaa authenticationtelnet login tacacs local Telnet Login Operator or Read Only Access Primary Secondary Telnet Enable Manager or Read Wr...

Page 173: ...igured to access multiple TACACS servers having different encryption keys you can configure the switch to use different encryp tion keys for different TACACS servers The timeout value in seconds for attempts to contact a TACACS server If the switch sends an authentication request but does not receive a response within the period specified by the timeout value the switch resends the request to the ...

Page 174: ...timeout 1 255 Changes the wait period for a TACACS server response Default 5 seconds N ot e on En cr yp tion Ke ys Encryption keys configured in the switch must exactly match the encryption keys configured in TACACS servers the switch will attempt to use for authentication If you configure a global encryption key the switch uses it only with servers for which you have not also configured a server ...

Page 175: ...hoice backup TACACS server The above position assignments are fixed Thus if you remove one server and replace it with another the new server assumes the priority position that the removed server had For example suppose you configured three servers A B and C configured in order First Choice A Second Choice B Third Choice C If you removed server B and then entered server X the TACACS server order of...

Page 176: ...oth servers then use tacacs server host ip addr to re enter the 10 server first then the 15 server The servers would then be listed with the new first choice server that is Figure 9 5 Example of the Switch After Assigning a Different First Choice Server timeout 1 255 5 sec 1 255 sec Specifies how long the switch waits for a TACACS server to respond to an authentication request If the switch does n...

Page 177: ...ncryption Key on page 26 To configure north01 as a global encryption key HP4108 config tacacs server key north01 To configure north01 as a per server encryption key HP4108 config tacacs server host 10 28 227 63 key north01 An encryption key can contain up to 100 characters without spaces and is likely to be case sensitive in most TACACS server applications To delete a global encryption key from th...

Page 178: ...erally as described below For specific operating details refer to the documentation you received with your TACACS server application Figure 9 6 Using a TACACS Server for Authentication Using figure 9 6 above after either switch detects an operator s logon request from a remote or directly connected terminal the following events occur 1 The switch queries the first choice TACACS server for authenti...

Page 179: ...the server passes access permission through the switch to the terminal If the username password pair entered at the requesting terminal does not match a username password pair previously stored in the server access is denied In this case the terminal is again prompted to enter a username and repeat steps 2 through 4 In the default configuration the switch allows up to three attempts to authenticat...

Page 180: ...hout a successful authentica tion the login session is terminated and the operator at the requesting terminal must initiate a new session before trying again Note The switch s menu allows you to configure only the local Operator and Manager passwords and not any usernames In this case all prompts for local authentication will request only a local password However if you use the CLI or the web brow...

Page 181: ...gured in the corresponding TACACS server If the key is the same for all TACACS servers the switch will use for authentication then configure a global key in the switch If the key is different for one or more of these servers use server specific keys in the switch If you configure both a global key and one or more per server keys the per server keys will override the global key for the specified se...

Page 182: ...tion CLI Message Meaning Connecting to Tacacs server The switch is attempting to contact the TACACS server identified in the switch s tacacs server configuration as the first choice or only TACACS server Connecting to secondary Tacacs server The switch was not able to contact the first choice TACACS server and is now attempting to contact the next secondary TACACS server identified in the switch s...

Page 183: ...he switch does not attempt TACACS authentication for a management station that the Authorized IP Manager list excludes because independent of TACACS the switch already denies access to such stations When TACACS is not enabled on the switch or when the switch s only designated TACACS serversare notaccessible setting a local Operator password without also setting a local Manager password does not pr...

Page 184: ...9 30 Using Passwords and TACACS To Protect Against Unauthorized Access TACACS Authentication for Central Control of Switch Access Security Using Passwords and TACACS ...

Page 185: ... Authorized Managers 10 7 CLI Viewing and Configuring Authorized IP Managers 10 8 Listing the Switch s Current Authorized IP Manager s 10 8 Configuring IP Authorized Managers for the Switch 10 9 Web Configuring IP Authorized Managers 10 10 Building IP Masks 10 10 Configuring One Station Per Authorized Manager IP Entry 10 10 Configuring Multiple Stations Per Authorized Manager IP Entry 10 11 Additi...

Page 186: ... more comprehensive security fabric than if you use only one or two of these options Table 10 1 lists these features with the security coverage they provide Table 10 1 Management Access Security Features Table 10 1 shows the protection each security feature offers for a given type of access and the hierarchy the switch applies when using security features to process access attempts For example the...

Page 187: ...itch uses local user name password protection step 3 below 3 If local user name password protection is configured the correct user name and password must be entered If incorrect passwords are entered the switch denies access If a manager password is not configured the switch allows manager level read write access The preceding information outlines generalaccesssecurity To understand the options of...

Page 188: ...each address applies to either a single management station or a group of stations Manager or Operator access level Ca ut ion Configuring Authorized IP Managers does not protect access to the switch through a modem or direct connection to the Console RS 232 port Also if the IP address assigned to an authorized management station is configured in another station the other station can gain management...

Page 189: ...es the IP Mask to authorize access to the switch from a defined group of stations This is useful if you want to easily authorize several stations to have access to the switch without having to type in an entry for every station All stations in the group defined by the one Authorized Manager IP table entry and its associatedIPmaskwillhavethesameaccesslevel ManagerorOperator For more onthis topic se...

Page 190: ...to 254 IP addresses for IP management access excluding 0 for the network and 255 for broadcasts A mask of 255 255 255 252 uses the 4th octet of a given Autho rized Manager IP address to authorize four IP addresses for management station access The details on how to use IP masks are provided under Building IP Masks on page 10 10 N ot e The IP Mask is a method for recognizing whether a given IP addr...

Page 191: ...n Authorized Manager Entry Figure 10 2 Example of How To Add an Authorized Manager Entry Continued 1 Select Add to add an authorized manager to the list 5 Press Enter then S for Save to configure the IP Authorized Manager entry 4 Use the Space bar to select Manager or Operator access 3 Use the default mask to allow access by one management device or edit the mask to allow access by a block of mana...

Page 192: ... stations authorized to access the switch For example Figure 10 3 Example of the Show IP Authorized Manager Display The above example shows an Authorized IP Manager List that allows stations to access the switch as shown below show ip authorized managers below ip authorized managers page 10 9 To Authorize Manager Access page 10 9 To Edit an Existing Manager Access Entry page 10 10 To Delete an Aut...

Page 193: ...itch automatically uses 255 255 255 255 for the mask If you do not specify either Manager or Operator access the switch automatically assigns the Manager access For example HP4108 config ip authorized managers 10 28 227 105 The result of entering the above example is Authorized Station IP Address 10 28 227 105 IP Mask 255 255 255 255 which authorizes only the specified station 10 28 227 105 in thi...

Page 194: ...zed Addresses 3 Enter the appropriate parameter settings for the operation you want 4 Click on Add Replace or Delete to implement the configuration change For web based help on how to use the web browser interface screen click on the button provided on the web browser screen Building IP Masks The IP Mask parameter controls how the switch uses an Authorized Manager IP value to recognize the IP addr...

Page 195: ...list Conversely if a bit in an octet of the mask is off set to 0 then the corresponding bit in the IP address of a potentially authorized station on the network does not have to match its counterpart in the IP address you entered in the Authorized Manager IP list Thus in the example shown above a 255 in an IP Mask octet all bits in the octet are on means only one value is allowed for that octet th...

Page 196: ...h octet are variable Any value that matches the authorized IP address settings for the fixed bits is allowed for the purposes ofIP management station access to the switch Thus any managementstation having an IPaddress of10 28 227 121 123 125 or 127 can access the switch Authorized IP Address 10 28 227 125 4th Octet of IP Mask 4th Octet of Authorized IP Address 249 5 Bit Numbers Bit 7 Bit 6 Bit 5 B...

Page 197: ...s is because switch access through a web proxy server requires thatyou first addthe web proxy server to theAuthorizedManager IP list This reduces security by opening switch access to anyone who uses the web proxy server The following two options outline how to eliminate a web proxy server from the path between a station and the switch Even if you need proxy server access enabled in order to use ot...

Page 198: ...10 14 Using Authorized IP Managers for Increased Management Security Using Authorized IP Managers Using Authorized IP Managers ...

Page 199: ...atures and Operation 11 11 Trunk Configuration Methods 11 12 Menu Viewing and Configuring a Static Trunk Group 11 16 CLI Viewing and Configuring a Static or Dynamic Port Trunk Group 11 18 Using the CLI To View Port Trunks 11 18 Using the CLI To Configure a Static or Dynamic Trunk Group 11 21 Web Viewing Existing Port Trunk Groups 11 24 Trunk Group Operation Using LACP 11 25 Default Port Operation ...

Page 200: ...us and ConfigurationFeatures N ot e O n Co nn e ct i n g Tr an sc eiv er s t o Fi x ed Co nf igu r a tio n De vi ce s If the switch either fails to show a link between an installed transceiver and another device or demonstrates errors or other unexpected behavior on the link check the port configuration on both devices for a speed and or duplex mismatch To check the speed and duplex setting on the...

Page 201: ...sfer operation half duplex or full duplex Note Ensure that the device attached to the port is configured for the same setting that you select here Also if Auto is used the device to which the port is connected must operate in compliance with the IEEE 802 3u Auto Negotiation standard for 100Base T networks If the other device does not comply with the 802 3u standard or is not set to Auto then the p...

Page 202: ...e port Flow Control Disabled default The portwill notgenerate flowcontrol packets and drops any flow control packets it receives Enabled The port uses 802 3x Link Layer Flow Control generates flow control packets and processes received flow control packets Withtheportmode setto Auto the default and FlowControl enabled the switchnegotiates FlowControl on the indicated port If the port mode is not s...

Page 203: ...tatus The menu interface displays the status for ports and if configured a trunk group From the Main Menu select 1 Status and Counters 4 Port Status Figure 11 1 Example of the Port Status Screen Using the Menu To Configure Ports N ot e The menu interface uses the same screen for configuring both individual ports and port trunk groups For information on port trunk groups see Port Trunking on page 1...

Page 204: ...ters press Enter then press S for Save CLI Viewing Port Status and Configuring Port Parameters Port Status and Configuration Commands From the CLI you can configure and view all port parameter settings and view all port status indicators Using the CLI To View Port Status Use the following commands to dis play port status and configuration show interfaces Lists the full status and configuration for...

Page 205: ...eters Ports Traffic Control and Trunking Syntax show interfaces brief show interface config The next two figures list examples of the output of the above two commands for the same port configuration Figure 11 3 Example of a Show Interface Command Listing Figure 11 4 Example of a Show Interface Config Command Listing ...

Page 206: ...imilarly to configure a single port with the settings in the above command you could either enter the same command with only the one port identified or go to the context level for that port and then enter the command For example to enter the context level for port C6 and then configure that port for 100FDx HP4108 config int e c6 HP4108 eth C6 speed duplex 100 full If port C8 was disabled and you w...

Page 207: ...20 for all ports on the switch HP4108 config broadcast limit 20 Web Viewing Port Status and Configuring Port Parameters In the web browser interface 1 Click on the Configuration tab 2 Click on Port Configuration 3 Select the ports you want to modify and click on Modify Selected Ports 4 After you make the desired changes click on Apply Settings Note that the web browser interface displays an existi...

Page 208: ...unking With full duplex operation in a four port trunk group trunking enables the following bandwidth capabilities Table 11 2 Bandwidth Capacity for Trunk Groups Configured for Full Duplex Feature Default Menu CLI Web viewing port trunks n a page 11 16 page 11 18 page 11 24 configuring a static trunk group none page 11 16 page 11 21 configuring a dynamic LACP trunk group LACP passive page 11 23 10...

Page 209: ...to the factory default configuration Ca ut ion To avoid broadcast storms or loops in your network while configuring a trunk first disable or disconnect all ports you want to add to or remove from the trunk After you finish configuring the trunk enable or re connect the ports Switch 4108GL Port Trunk Features and Operation The Switch 4108GL offers these options for port trunking LACP IEEE 802 3ad p...

Page 210: ... ports you want to use for the trunk For example the following command sets ports C1 C4 to LACP active HP4108 config int e c1 c4 lacp active Note that the above example works if the ports are not already operating in a trunk To change the LACP option on ports already operating as a trunk you must first remove them from the trunk For example if ports C1 C4 were LACP active and operating in a trunk ...

Page 211: ...P trunk group You want an LACP trunk group to operate in a VLAN other than the default VLAN and GVRP is disabled You want to use a monitor port on the switch to monitor an LACP trunk See Trunk Group Operation Using LACP on page 11 25 Trunk non protocol Provides manually configured static only trunking to Most HP switches and routing switches not running the 802 3ad LACP protocol Windows NT and HP ...

Page 212: ...owing operate on a per port basis regardless of trunk membership Enable Disable Flow control Flow Ctrl LACP is a full duplex protocol See Trunk Group Operation Using LACP on page 11 25 Trunk Configuration All ports in the same trunk group must be the same trunk type LACP Trunk or FEC All LACP ports in the same trunk group must be either all static LACP or all dynamic LACP A trunk appears as a sing...

Page 213: ...ch lists the trunk by name such as Trk1 and does not list the individual ports in the trunk Also creating a new trunk automatically places the trunk in IGMP Auto status if IGMP is enabled for the default VLAN A dynamic LACP trunk operates only with the default IGMP settings and does not appear in the IGMP configuration display or show ip igmp listing VLANs Creating a new trunk automatically places...

Page 214: ... View and or Configure Static Port Trunking This procedure uses the Port Trunk Settings screen to configure a static port trunk group on the switch 1 Follow the procedures in the Important note above 2 From the Main Menu Select 2 Switch Configuration 2 Port Trunk Settings 3 Press E for Edit and then use the arrow keys to access the port trunk parameters Figure 11 6 Example of the Menu Screen for C...

Page 215: ...th the 802 1Q VLAN capability built into the switch more than one VLAN can be assigned to a trunk See Port Based Virtual LANs Static VLANs on page 14 4 To return a port to a non trunk status keep pressing the Space bar until a blank appears in the highlighted Group value for that port Figure 11 7 Example of the Configuration for a Two Port Trunk Group 6 Move the cursor to the Type column for the s...

Page 216: ...page 11 2 Check the Event Log page Using the Event Log To Identify Problem Sources on page 18 16 to verify that the trunked ports are operating properly CLI Viewing and Configuring a Static or Dynamic Port Trunk Group Trunk Status and Configuration Commands Using the CLI To View Port Trunks You can list the trunk type and group for all ports on the switch or for selected ports You can also list LA...

Page 217: ...nts to view Figure 11 8 Example of a Show Trunk Listing for Specific Ports The show trunk command in this example does not include a port list and thus shows static trunk group information for all switch ports Figure 11 9 Example of a Show Trunk Listing Without Specifying Ports Listing Static LACP and Dynamic LACP Trunk Data This command lists data for only the LACP configured ports Syntax show la...

Page 218: ...e than four ports in a dynamic LACP trunk configuration When four ports trunk links are up the remaining link s will be held in standby status If a trunked link that is Up fails it will be replaced by a standby link which maintains your intended bandwidth for the trunk See also the Standby entry under Port Status in Table 11 7 LACP Port Status Data on page 11 27 In the next example ports A1 throug...

Page 219: ...s as follows The following examples show how to create different types of trunk groups Configuring a Static Trunk Static FEC or Static LACP Trunk Group Syntax trunk trk1 trk2 trk3 trk4 trk5 trk6 trunk fec lacp port list This example uses ports C4 C6 to create a non protocol static trunk group with the group name of Trk2 HP4108 config trunk trk2 trunk c4 c6 Removing Ports from a Static Trunk Group ...

Page 220: ...11 22 Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Ports Traffic Control and Trunking HP4108 config no trunk c4 c5 ...

Page 221: ... link is configured for LACP passive Figure 11 12 Example of Criteria for Automatically Forming a Dynamic LACP Trunk Syntax interface port list lacp active This example uses ports C4 and C5 to enable a dynamic LACP trunk group HP4108 config interface c4 c5 lacp active Switch A withportsset to LACP passive the default Switch B withportsset to LACP passive the default Dynamic LACP trunk cannot autom...

Page 222: ...n use HP recommends that you first disable the port or disconnect the link on that port Syntax no interface port list lacp In this example port C6 belongs to an operating dynamic LACP trunk To remove port C6 from the dynamic trunk and return it to passive LACP you would do the following HP4108 config no interface c6 lacp HP4108 config interface c6 lacp passive Note that in the above example if the...

Page 223: ...es full duplex FDx links of the same media type 10 100Base T 100FX etc and speed and enforces speed and duplex conformance across a trunk group LACP trunk status include In most cases trunks configured for LACP on the Switch 4108GL operate as described in table 11 6 Trunk Display Method Static LACP Trunk Dynamic LACP Trunk CLI show lacp command Included in listing Included in listing CLI show trun...

Page 224: ...mary link fails To configure a link as a standby for an existing four port dynamic LACP trunk ensure that the ports in the standby link are configured the same as either of the above examples Displaying Dynamic LACP Trunk Data To list the configuration and status for a dynamic LACP trunk use the CLI show lacp command Note The dynamic trunk is automatically created by the switch and is not listed i...

Page 225: ...t trunk Port Status Up The port has an active LACP link and is not blocked or in Standby mode Down The port is enabled but an LACP link is not established This can indicate for example a port that is not connected to the network or a speed mismatch between a pair of linked ports Disabled The port cannot carry traffic Blocked LACP STP or FEC has blocked the port The port is not in LACP Standby mode...

Page 226: ...Not Allowed in LACP Trunks The ports on both sides of an LACP trunk must be configured for the same speed and for full duplex FDx The 802 3ad LACP standard speci fies a full duplex FDx requirement for LACP trunking A port configured as LACP passive and not assigned to a port trunk can be configured to half duplex HDx However in any of the following cases a port cannot be reconfigured to an HDx set...

Page 227: ...nectivity to a FEC compliant server switch or router Enable quick convergence to remaining links when a failure is detected on a trunked port link Depending on the capabilities of the device on the other end of the trunk negotiate the forwarding mechanism on the trunk to the non protocol option When auto negotiated to the SA DA forwarding mechanism provide higher performance on the trunk for broad...

Page 228: ...ing to various nodes in a network can vary widely it is possible for one link in a trunk group to be fully utilized while others in the same trunk have unused bandwidth capacity even though the address assignments are evenly distributed across the links in a trunk In actual networking environments this is rarely a problem However if it becomes a problem you can use the HP TopTools for Hubs Switche...

Page 229: ...ontrol and Trunking Figure 11 13 Example of Port Trunked Network Table 11 8 Example of Link Assignments in a Trunk Group SA DA Distribution Source Destination Link Node A Node W 1 Node B Node X 2 Node C Node Y 3 Node D Node Z 1 Node A Node Y 2 Node B Node W 3 Switch Switch A W C Y B X D Z 1 2 3 C C C ...

Page 230: ...11 32 Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Ports Traffic Control and Trunking ...

Page 231: ...LI To Enable Authentication Traps 12 11 Advanced Management RMON 12 11 CDP 12 12 Introduction 12 12 Outgoing Packets 12 14 Incoming CDP Packets 12 15 Configuring CDP on the Switch 12 18 CLI Viewing and Configuring CDP 12 18 Viewing the Switch s Current CDP Configuration 12 19 Viewing the Current Contents of the Switch s CDP Neighbors Table 12 19 Clearing Resetting the CDP Neighbors Table 12 20 Con...

Page 232: ... at http www hp com go procurve This chapter includes An overview of SNMP management for the switch Configuring the Switch 4108GL for SNMP management SNMP Communities Trap Receivers and Authentication Traps Information on advanced management through RMON Support To implement SNMP management you must either configure the switch with an appropriate IP address or if you are using DHCP Bootp to config...

Page 233: ...timep netswtst mib Port counters forwarding table and CPU statistics stat mib TFTP download downld mib Integrated Communications Facility Authentication Manager and SNMP communities icf mib HP ProCurve Switch configuration config mib HP VLAN configuration information vlan mib supporting hpVlanGeneralGroup HP Entity MIB entity mib The switch SNMP agent also uses certain variables that are included ...

Page 234: ...P communities see Menu Viewing and Configuring SNMP Communities on page 12 5 3 Configure the appropriate trap receivers For more on configuring trap receivers see CLI Configuring and Displaying Trap Receivers on page 12 9 In some networks authorized IP manager addresses are not used In this case all management stations using the correct community name may access the switch with the View and Access...

Page 235: ...twork man agement applications such as auto discovery traffic monitoring SNMP trap generation and threshold setting from operating in the switch Changing or deleting the public name also generates an Event Log message If security for network management is a concern it is recommended that you change the write access for the public community to Restricted Menu Viewing and Configuring SNMP Communitie...

Page 236: ...d and use the Space bar to select the appropriate value in each of the other fields Use the Tab key to move from one field to the next 4 Press Enter then S for Save CLI Viewing and Configuring Community Names Community Name Commands Used in This Section Add and Edit options are used to modify the SNMP options See figure 8 2 Note This screen gives an overview of the SNMP communities that are curren...

Page 237: ...er community named red team Figure 12 3 Example of the SNMP Community Listing with Two Communities To list the data for only one community such as the public community use the above command with the community name included For example HP4108 show snmp server public Configuring Identity Information This command enables you to enter contact person and location data to help identify the switch snmp s...

Page 238: ...stricted for the read write MIB access the switch automat ically restricts the community to read access for the MIB The following SNMP command examples use add snmp to add new SNMP communities Syntax snmp server community community name operator manager restricted unrestricted HP4108 config snmp server community red team manager unrestricted HP4108 config snmp server community blue team operator r...

Page 239: ...onfigure up to ten SNMP trap receivers to receive SNMP traps from the switch The switch can be configured to also send event log messages as traps if the following opotions are used with the snmp server host command CLI Configuring and Displaying Trap Receivers Trap Receiver Commands Used in This Section Using the CLI To List Current SNMP Trap Receivers This command lists the currently configured ...

Page 240: ...to the trap receiver N ot e If you specify a community name that does not exist that is has not yet been configured on the switch the switch still accepts the trap receiver assign ment However no traps will be sent to that trap receiver until the community to which it belongs has been configured on the switch Syntax snmp server host community str ip address none all non info critical debug For exa...

Page 241: ...ers must be configured on the switch See CLI Configuring and Displaying Trap Receivers on page 12 9 Using the CLI To Enable Authentication Traps Syntax snmp server trap authentication HP4108 config snmp server trap authentication Advanced Management RMON The switch supports RMON Remote Monitoring on all connected network segments This allows for troubleshooting and optimizing your network The foll...

Page 242: ...ke advantage of CDP in Switch 4108GL you should have a working knowledge of SNMP operation and an SNMP utility capable of polling the switches for CDP data HP s implementation of CDP places specific data into the switch s Management Information Base MIB However retrieval of this data for network mapping is dependent on the operation of your SNMP utility Refer to the documentation provided with the...

Page 243: ... the particular SNMP utility For information on the object identifiers in the CDP MIB see CDP Neighbor Data and MIB Objects on page 25 CDP Terminology CDP Device A switch server router workstation or other device running CDP CDP Aware A device that has CDP in its operating code with CDP either enabled or disabled in that device CDP Disabled A CDP aware device on which CDP is currently disabled Non...

Page 244: ...the network provides data on itself to the CDP neighbors to which it is directly connected However there are instances where a packet is forwarded beyond the immediate neighbor or simply dropped Switch A with CDP Running The Neighborstable in switches A B and D contain information on switch C only because it is the only neighbor for these switches The Neighbors table in switch C contains informati...

Page 245: ...e but still forward CDP packets as if they were transparent to CDP operation See CDP Capable Hubs on page 28 However an intervening CDP aware device that is CDP disabled is not transparent For example in figure 12 7 the CDP Switch A Switch 4108GL with CDP Running and Forwarding CDP Packets to Down stream Devices Switch B CDP Aware Switch with CDP Running Switch C CDP Aware Switch with CDP Disabled...

Page 246: ...evice X Such as a Non CDP Hub or Switch CDP Workstation 2 Host 2 CDP Running Non CDP Device Y Such as a Non CDP Hub or Switch CDP Workstation 3 Host 3 CDP Running CDP Switch B CDP Running CDP Neighbor Table Port Data B1 Switch A data B7 Switch C data No CDP data for Switch D because it has dis abled CDP operation Port A1 Port B1 CDP Switch C CDP Running CDP Neighbor Table Port Data C3 Switch B dat...

Page 247: ... have data on its immediate CDP neighbors including those reached through a device that is transparent to CDP but not to other CDP devices in the network Table 12 1 How Devices Handle Incoming CDP Packets Note that no CDP devices appear on port B5 which is connected to a device on which CDP is present but disabled Status of Device Receiving a CDP Packet Action of Receiving Device Running CDP Store...

Page 248: ...y forward CDP neighbors data out all ports except the port on which the data was received Configuring CDP on the Switch On a Switch 4108GL you can View the switch s current global and per port CDP configuration List the current contents of the switch s CDP Neighbors table that is view a listing of the CDP devices of which the switch is aware Enable or disable CDP Default Enabled Specify the hold t...

Page 249: ...ing the Current Contents of the Switch s CDP Neighbors Table This command lists the neighboring CDP devices the switch has detected Devices are listed by the port on which they were detected The entry for a specific deviceincludesa subsetoftheinformationcollectedfromthe device s CDP packet For more on this topic see CDP Neighbor Data and MIB Objects on page 12 25 Syntax show cdp neigbors detail Th...

Page 250: ...le This command removes any records of CDP neighbor devices from the switch s CDP MIB objects Syntax cdp clear If you execute cdp clear and then execute show cdp neighbors before the switch receives a CDP packet from any neighbor device the displayed table appears empty HP 4108GL HP Switch 2524 HP J4813A Marketing 0030c5 38dc59 Management Workstation Mgmt NIC 099a05 09df9 HP Switch 4000M HP J4821A...

Page 251: ...m other neighboring CDP devices Disabling CDP operation clears the switch s CDP Neighbors table prevents the switch from transmitting outbound CDP packets to advertise itself to neighboring CDP devices and causes the switch to drop inbound CDPpackets from other devices without entering the data in the CDP Neighbors table Syntax no cdp run For example to disable CDP on the switch Switch 4108GL conf...

Page 252: ...try in the switch B CDP Neighbors table remains until the cdp holdtime time to live set in switch A expires Until then the show cdp neighbors command continues to list switch A on port B5 of switch B Syntax no cdp enable ethernet port list For example to disable CDP on port A1 of a Switch 4108GL Switch 4108GL config no cdp enable a1 Changing the Transmission Interval for Outbound CDP Packets The d...

Page 253: ...oring CDP devices Switch 4108GL config cdp holdtime 60 Effect of Spanning Tree STP On CDP Packet Transmission If STP has blocked a port on the switch that port does not transmit CDP packets However the portstillreceives CDP packets ifthe device onthe other end of the link has CDP enabled Thus for example if switch A has two ports linked to switch B which is a CDP neighbor and also the STP root dev...

Page 254: ...r on only one port in the root switch s CDP Neighbors table How the Switch Selects the IP Address To Include in Outbound CDP Packets A switch with CDP enabled uses the following prioritizedcriteria to determine which IP address to include in its outbound CDP packets 1 If only one VLAN on theport has an IP address the switch uses that IP address 2 If the Primary VLAN on the port has an IP address t...

Page 255: ...nunder Viewingthe CurrentContentsofthe Switch sCDPNeighbors Table on page 12 19 you can list a subset of data for each CDP device currently found in the switch s CDP Neighbors table Table 12 2 CDP Neighbors Data describes the CDP Neighbor data set available in the Switch 4108GL Switch X CDP Enabled on Port A1 CDP Neighbor Table Port Data A1 10 28 227 103 Switch Y CDP Enabled on Port C5 CDP Neighbo...

Page 256: ...m Name parameter Device MAC Address Yes Yes Included in the Device Name entry Destination Port Number Yes Yes On the Switch 4108GL the receiving device the number of the port through which the CDP packet arrived Source Port Number No Yes On the source neighbor device the number of the port through which the CDP packet was sent Product Name ASCII string Yes Yes Platform name designated by vendor Ca...

Page 257: ... CDP devices can be neighbors on the same port if they are connected to the switch through a non CDP device CDP Version Data The Switch 4108GL use CDP V1 but do not include IP prefix information which is a router function not a switch application Port Trunking with CDP Where a static or LACP trunk forms the link between the switch and another CDP device only one physical link in the trunk is used ...

Page 258: ...ard CDP packets as if the hub itself were transparent to CDP Such hubs will appear in the switch s CDP Neighbor table and will also maintain a CDP neighbor table similar to that for switches For more information refer to the documentation provided for the specific hub Troubleshooting CDP Operation Turnto UsingtheEventLogToIdentify Problem Sources on page 18 16 ...

Page 259: ...13 14 Using the Menu To Manage a Candidate Switch 13 16 Using the Commander To Manage The Stack 13 18 Using the Commander To Access Member Switches for Configuration Changes and Monitoring Traffic 13 25 Converting a Commander or Member to a Member of Another Stack 13 26 Monitoring Stack Status 13 27 Using the CLI To View Stack Status and Configure Stacking 13 31 Using the CLI To View Stack Status ...

Page 260: ...rve Stack Management Chapter Contents HP Procurve Stack Management Transmission Interval 13 46 Stacking Operation with Multiple VLANs Configured 13 46 Web Viewing and Configuring Stacking 13 47 Status Messages 13 48 ...

Page 261: ...etwork to stack switches without the need for any specialized cabling page 13 4 For general information on how to use the switch s built in interfaces see Chapter 2 Using the Menu Interface Chapter 3 Using the Command Line Interface CLI Chapter 4 Using the HP Web Browser Interface Chapter 5 Switch Memory and Configuration ...

Page 262: ...ck n a page 13 34 view status of all stacking enabled switches in the ip subnet n a page 13 34 configure stacking enable disable candidate Auto Join enabled Yes page 13 17 page 13 39 push a candidate into a stack n a page 13 17 page 13 39 configure aswitch to be a commander n a page 13 14 page 13 35 push a member into another stack n a page 13 26 page 13 41 remove a member from a stack n a page 13...

Page 263: ... network without having to first perform IP addressing tasks Which Devices Support Stacking As of May 2001 the following HP devices support stacking HP Procurve Switch 4108GL HP Procurve Switch 2512 HP Procurve Switch 2524 HP Procurve Switch 8000M HP Procurve Switch 4000M HP Procurve Switch 2424M HP Procurve Switch 2400M HP Procurve Switch 1600M Requiressoftware release C 08 03 or later which isin...

Page 264: ...stack Members and the Commander s Manager password controls access to all stack Members Stack Consists of a Commander switch and any Member switches belonging to that Commander s stack Commander A switch that has been manually configured as the controlling device for a stack When this occurs the switch s stacking configuration appears as Commander Candidate A switch that is ready to join become a ...

Page 265: ...abled in the default configuration and can easily be disabled Stacking has no effect on the normal operation of the switch in your network A stack requires one Commander switch Only one Commander allowed per stack All switches in a particular stack must be in the same IP subnet broadcast domain A stack cannot cross a router A stack accepts up to 16 switches numbered 0 15 including the Commander al...

Page 266: ...d in a Stacking Environment Specific Rules Table 9 Table 13 2 outlines the specific rules for switches operating in a stack Table 13 2 Specific Rules for Commander Candidate and Member Switche Commander Switch Switch with Stacking Disabled or Not Available Member Switch Candidate Switch IP Addressing and Stack Name Number Allowed Per Stack Passwords SNMP Communities Commander IP Addr Requires an a...

Page 267: ...e Commander s Manager and Operator passwords Ifa candidatehasapassword it cannot be automatically added to a stack In this case if you want the Candidate in a stack you must manually add it to the stack Uses standard SNMP community operation if the Candidate has its own IP addressing Member IP Addr Optional Configuring an IP address allows access via Telnet or web browser interface without going t...

Page 268: ...ware version C 08 xx or later You can get a copy of the software fromHP sProcurvewebsiteand orcopyitfromoneswitchtoanother For downloading instructions see appendix A File Transfers in the Management and Configuration Guide you received with these switch models Options for Configuring a Commander and Candidates Depending on how Commander and Candidate switches are configured Candidates can join a ...

Page 269: ...tors automatically becomes a stack Member Defaultstacking configuration StackState setto Candidate andAutoJoin set to Yes Same subnet broadcast domain and default VLAN as the Commander If VLANs are used in the stack environment see Stacking Operation with a Tagged VLAN on page 13 46 No Manager password 14 or fewer stack members at the moment Join Method1 Commander IP Addressing Required Candidate ...

Page 270: ...ample Figure 13 4 Use of System Name to Help Identify Individual Switches 2 Configure the Commander switch Doing this first helps to establish consistency in your stack configuration which can help prevent startup problems AstackrequiresoneCommanderswitch Ifyouplantoimplement more than one stack in a subnet broadcast domain the easiest way to avoid unintentionally adding a Candidate to the wrong s...

Page 271: ...in the stacking environment you must use the default VLAN for stacking links For more information see Stacking Operation with a Tagged VLAN on page 13 46 6 Ensure that all switches intended for the stack are connected to the same subnet broadcast domain As soon as you connect the Commander it will begin discovering the available Candidates in the subnet If you configured the Commander to automatic...

Page 272: ...g Using the Menu Interface To View and Configure a Commander Switch 1 Configure an IP address and subnet mask on the Commander switch See Chapter 7 Configuring IP Addressing 2 Display the Stacking Menu by selecting Stacking in the Main Menu Figure 13 5 The Default Stacking Menu 3 Display the Stack Configuration menu by pressing 3 to select Stack Configuration ...

Page 273: ...Commander has the desired Auto Grab setting then press the downarrow key No the default prevents automatic joining of Candidates that have their Auto Join set to Yes Yes enables the Commander to automatically take a Candidate into the stack as a Member if the Candidate has Auto Join set to Yes the default Candidate setting and does not have a previously configured password 8 Accept or change the t...

Page 274: ...k Modify the Candidate s stacking configuration Auto Join and Transmission Interval Convert the Candidate to a Commander Disable stacking on the Candidate so that it operates as a standalone switch In its default stacking configuration a Candidate switch can either automati cally join a stack or be manually added pulled into a stackby a Commander depending on the Commander s Auto Grab setting The ...

Page 275: ...n from a terminal device to the switch s console port For information on how to use the web browser interface see the online Help provided for the browser 1 Display the Stacking Menu by selecting Stacking in the console Main Menu 2 Display the Stack Configuration menu by pressing 3 to select Stack Configuration Figure 13 8 The Default Stack Configuration Screen 3 Move the cursor to the Stack State...

Page 276: ...in the new value in the range of 1 to 300 seconds Note All switches in the stack must be set to the same transmis sion interval to help ensure proper stacking operation HP recom mends that you leave this parameter set to the default 60 seconds Then go to step 5 5 press Enter to return the cursor to the Actions line 6 Press S for Save to save your configuration changes and return to the Stacking me...

Page 277: ...n parameter resets to No so that it will not immediately rejoin a stack from which it has just departed A Manager password is set in the Candidate The stack is full Unless the stack is already full you can use the Stack Management screen to manually convert a Candidate to a Member If the Candidate has a Manager password you will need to use it to make the Candidate a Member of the stack 1 To add a...

Page 278: ...ssword press the downarrow key to move the cursor to the Candidate Password field then type the password If the desired Candidate does not have a password go to step 6 6 Press Enter to return to the Actions line then press S for Save to complete the Add process for the selected Candidate You will then see a screen similar to the one in figure 13 11 below with the newly added Member listed Note If ...

Page 279: ...ion with a Tagged VLAN on page 13 46 This procedure is nearly identical to manually adding a Candidate to a stack page 13 19 If the stack from which you want to move the Member has a Manager password you will need to know the password to make the move 1 To move a Member from one stack to another go to the Main Menu of the Commander in the destination stack and display the Stacking Menu by selectin...

Page 280: ... add the Member You will then see a screen listing any available candidates See figure 13 10 on page 13 20 Note that you will not see the switch you want to add because it is a Member of another stack and not a Candidate 6 Either accept the displayed switch number or enter another available number The range is 0 15 with 0 reserved for the Commander 7 Use the downarrow key to move the cursor to the...

Page 281: ... address of the destination stack Commander in the Member s Commander MAC Address field Using this method moves the Member to another stack without a need for knowing the Manager password in that stack but also blocks access to the Member from the original Commander Using the Commander s Menu To Remove a Stack Member These rules affect removals from a stack When a Candidate becomes a Member its Au...

Page 282: ... 14 Example of Selecting a Member for Removal from the Stack 3 Type D for Delete to remove the selected Member from the stack You will then see the following prompt Figure 13 15 The Prompt for Completing the Deletion of a Member from the Stack 4 To continue deleting the selected Member press the Space bar once to select Yes for the prompt then press Enter to complete the deletion The Stack Managem...

Page 283: ...you would do through a Telnet or direct connect access 1 From the Main Menu select 9 Stacking 5 Stack Access You will then see the Stack Access screen Figure 13 16 Example of the Stack Access Screen Use the downarrow key to select the stack Member you want to access then press X for eXecute to display the console interface for the selected Member Forexample ifyou selected switchnumber 1 systemname...

Page 284: ... b Press 0 for Logout then Y for Yes c Press Return You should now see the Commander s Stack Access screen For an example see figure 13 16 on page 13 25 Converting a Commander or Member to a Member of Another Stack When moving a commander the following procedure returns the stack mem bers to Candidate status with Auto Join set to No and converts the stack Commander to a Member of another stack Whe...

Page 285: ...in your stack environment see Stacking Operation with a Tagged VLAN on page 13 46 This can help you in such ways as determining the stacking configuration for individual switches identifying stack Members and Candidates and determining the status of individual switches in a stack See table 13 5 on page 13 27 Table 13 5 Stack Status Environments Screen Name Commander Member Candidate Stack Status T...

Page 286: ...lect 9 Stacking 2 Stacking Status All You will then see a Stacking Status screen similar to the following Figure 13 18 Example of Stacking Status for All Detected Switches Configured for Stacking Viewing Commander Status This procedure displays the Commander and stack configuration plus information identifying each stack member To display the status for a Commander go to the console Main Menu for ...

Page 287: ...us IP address and MAC address To display the status for a Member 1 Go to the console Main Menu of the Commander switch and select 9 Stacking 5 Stack Access 2 Use the downarrow key to select the Member switch whose status you want to view then press X for eXecute You will then see the Main Menu for the selected Member switch 3 In the Member s Main Menu screen select 9 Stacking 1 Stacking Status Thi...

Page 288: ... Candidate s stacking configuration To display the status for a Candidate 1 Use Telnet if the Candidate has a valid IP address for your network or a direct serial port connection to access the menu interface Main Menu for the Candidate switch and select 9 Stacking 1 Stacking Status This Switch You will then see the Candidate s Stacking Status screen Figure 13 21 Example of a Candidate s Stacking S...

Page 289: ...r individual status all Lists all stack Commanders Members and Candidates with their individual status no stack Any Stacking Capable Switch Enables or disables stacking on the switch Default Stacking Enabled no stackcommander stackname Candidate or Commander Converts a Candidate to a Commander or changes the stack name of an existing commander No form eliminates named stack and returns Commander a...

Page 290: ... view the list of SN assignments for a stack execute the show stack command in the Commander s CLI no stack join mac addr Candidate Causes the Candidate to join the stack whose Commander has the indicated MAC address No formis used ina Memberto remove it fromthestack of the Commander having the specified address Member Pushes the member to another stack whose Commander has the indicated MAC addres...

Page 291: ...strates how to use the CLI in a to display the stack status for that switch In this case the switch is in the default stacking configuration Syntax show stack Figure 13 22 Example of Using the Show Stack Command To List the Stacking Configuration for an Individual Switch Viewing the Status of Candidates the Commander Has Detected This example illustrates how to list stack candidates the Commander ...

Page 292: ...e show stack all command was executed is a candidate it is included in the Others category Syntax show stack all Figure 13 24 Result of Using the Show Stack All Command To List Discovered Switches in the IP Subnet Viewing the Status of the Commander and Current Members of the Commander s Stack The next example lists all switches in the stack of the selected switch Syntax show stack view Figure 13 ...

Page 293: ... IP address in order for stacking to operate properly For more on the primary VLAN see Which VLAN Is Primary on page 14 7 2 Configure a Manager password on the switch intended for commander The Commander s Manager password controls access to stack Mem bers For more on passwords see chapter 7 Using Passwords Port Security and Authorized Managers To Protect Against Unauthorized Access Configure the ...

Page 294: ... current stack then create the new stack If you do not know the MAC address for the Commander of the current stack use show stack to list it Syntax no stack stack commander stack name Suppose for example thata HP4108named Bering Sea isa Member ofa stack named Big_Waters Tousethe switch sCLItoconvertitfroma stackMember tothe Commander of a newstack named Lakes you would use the following commands T...

Page 295: ...o to give you manual control over which switches join the stack and when they join This prevents the Commander from automatically trying to add every Candidate it finds that has Auto Join set to Yes the default for the Candidate If you want any eligible Candidate to automatically join the stack when the Commander discovers it configure Auto Grab in the Commander to Yes When you do so any Candidate...

Page 296: ...play all discovered Candidates with their MAC addresses execute show stack candidates from the Commander s CLI For example to list the discov ered candidates for the above Commander Figure 13 29 Example of How To Determine MAC Addresses of Discovered Candidates Knowing the available switch numbers SNs and Candidate MAC addresses you can proceed to manually assign a Candidate to be a Member of the ...

Page 297: ...r is set to Yes You can disable Auto Join on a Candidate if you want to prevent automatic joining in this case There is also the instance where a Candidate s Auto Join is disabled for example when a Commander leaves a stack and its members automatically return to Candidate status or if you manually remove a Member from a stack In this case you may want to reset Auto Join to Yes Status no stack aut...

Page 298: ... suppose that a Candidate named North Sea with Auto Join off and a valid IP address of 10 28 227 104 is running on a network You could Telnet to the Candidate use show stack all to determine the Commander s MAC address and then push the Candidate into the desired stack Figure 13 31 Example of Pushing a Candidate Into a Stack To verify that the Candidate successfully joined the stack execute show s...

Page 299: ...e new stack HP4108 config stack member 1 mac address 0060b0 df1a00 Where 1 is an unused switch number SN Since a password is not set on the Candidate a password is not needed in this example You could then use show stack all again to verify that the move took place Using a Member CLI To Push the Member into Another Stack You can use the Member s CLI to push a Switch 4108GL stack Member into a dest...

Page 300: ... Example of Command Sequence for Converting a Commander to a Member Using the CLI To Remove a Member from a Stack You can remove a Member from a stack using the CLI of either the Commander or the Member N ot e When you remove a Member from a stack the Member s Auto Join parameter is set to No Using the Commander CLI To Remove a Stack Member This option requires the switch number SN and the MAC add...

Page 301: ... from the stack Switch 4108GL config no stack member 3 mac address 0030c1 7fc700 where 3 is the North Sea Member s switch number SN 0030c1 7fc700 is the North Sea Member s MAC address Using the Member s CLI To Remove the Member from a Stack Syntax no stack join mac addr To use this method you need the Commander s MAC address which is available using the show stack command in the Member s CLI For e...

Page 302: ...he switch number SN assigned by the Com mander to each member range 1 15 To find the switch number for the Member you want to access execute the show stack view command in the Commander s CLI For example suppose that you wanted to configure a port trunk on the switch named North Sea in the stack named Big_Waters Do do so you would go to the CLI for the Big_Waters Commander and execute show stack v...

Page 303: ...t because the gray community is only on switch 3 you could not use the Commander IP address for gray community access from the management station Instead you would access switch 3 directly using the switch s own IP address For example snmpget MIB variable 10 31 29 15 gray Commander Switch IP Addr 12 31 29 100 Community Names blue red Member Switch 2 IP Addr None Community Names none Member Switch ...

Page 304: ... You must re enable stacking on the switch before it can become a Candidate Member or Commander Disabling a Member Removes the Member from the stack and changes it to a stand alone nonstacking switch You must re enable stacking on the switch before it can become a Candidate Member or Commander Disabling a Candidate Changes the Candidate to a stand alone non stacking switch Syntax no stack Disables...

Page 305: ...e for a Commander appears as shown above The interface for Members and Candidates appears the same as for a non stacking Switch 4108GL To view or configure stacking on the web browser interface 1 Click on the Configuration tab 2 Click on Stacking to display the stackingconfiguration for an individual switch and make any configuration changes you want for that switch 3 Click on Apply Changes to sav...

Page 306: ...n the Commander and the Member Commander Up The Member has stacking connectivity with the Commander None required Mismatch This may be a temporary condition while a Candidate is trying to join a stack If the Candidate does not join then stack configuration is inconsistent Initially waitforanupdate Ifcondi tion persists reconfigure the Commander or the Member Member Down A Member has become detache...

Page 307: ...g VLAN Names 14 13 Adding or Changing a VLAN Port Assignment 14 14 CLI Configuring VLAN Parameters 14 16 Web Viewing and Configuring VLAN Parameters 14 22 VLAN Tagging Information 14 23 Effect of VLANs on Other Switch Features 14 27 Spanning Tree Protocol Operation with VLANs 14 27 IP Interfaces 14 27 VLAN MAC Addresses 14 28 Port Trunks 14 28 Port Monitoring 14 28 VLAN Restrictions 14 29 GVRP 14 ...

Page 308: ...and GVRP Contents Port Based Virtual LANs VLANs and GVRP Configuring GVRP On a Switch 14 37 Menu Viewing and Configuring GVRP 14 37 CLI Viewing and Configuring GVRP 14 39 Web Viewing and Configuring GVRP 14 42 GVRP Operating Notes 14 42 ...

Page 309: ...nd how to configure them with the switch s built in interfaces Port Based VLANs Page 14 4 GVRP Page 14 30 For general information on how to use the switch s built in interfaces see Chapter 2 Using the Menu Interface Chapter 3 Using the Command Line Interface CLI Chapter 4 Using the HP Web Browser Interface Chapter 5 Switch Memory and Configuration ...

Page 310: ...LAN enabled and allow up to 30 port based VLANs default 8 For informationon GVRP see GVRP onpage14 30 The 802 1Q compatibility enables you to assign each switch port to multiple VLANs if needed and the port based nature of the configuration allows interoperation with older switches that require a separate port for each VLAN General Use and Operation Port based VLANs are typically used to enable br...

Page 311: ...al router via ports A1 and A8 Figure 14 1 Example of Routing Between VLANs via an External Router Overlapping Tagged VLANs A port on the Switch 4108GL can be a mem ber of more than one VLAN if the device to which they are connected complies with the 802 1Q VLAN standard For example a port connected to a central server using a network interface card NIC that complies with the 802 1Q standard can be...

Page 312: ...me Link Introducing Tagged VLAN Technology into Networks Running Legacy Untagged VLANs You can introduce 802 1Q compliant devices into net works that have built untagged VLANs based on earlier VLAN technology The fundamental rule is that legacy untagged VLANs require a separate link for each VLAN while 802 1Q or tagged VLANs can combine several VLANs in one link This means that on the 802 1Q compl...

Page 313: ...This places all ports in the switch into one physical broadcast domain In the factory default state the default VLAN is the primary VLAN You can partition the switch into multiple virtual broadcast domains by adding one or more additional VLANs and moving ports from the default VLAN to the new VLANs The switch supports up to 30 VLANs You can change the name of the default VLAN but you cannot chang...

Page 314: ...cifies DHCP as the source for these values The default VLAN continues to operate as a standard VLAN except as noted above you cannot delete it or change its VID Any ports not specifically assigned to another VLAN will remain assigned to the Default VLAN regardless of whether it is the primary VLAN Candidates for primary VLAN include any static VLAN currently configured on the switch A dynamic GVRP...

Page 315: ...Parameter Effect on Port Participation in Designated VLAN Tagged Allows the port to join multiple VLANs Untagged Allows VLAN connection to a device that is configured for an untagged VLAN instead of a tagged VLAN The switch allows no more than one untagged VLAN assignment per port No or Auto No Appears when the switch is not GVRP enabled prevents the port from joining that VLAN Auto Appears when G...

Page 316: ...ou are managing VLANs with SNMP in an IP network each VLAN must have an IP address Refer to IP Configuration on IP Configuration on page 7 3 Notes on Using VLANs If you are using DHCP Bootp to acquire the switch s configuration packet time to live and TimeP information you must designate the VLAN on which DHCP is configured for this purpose as the primary VLAN In the factory default configuration ...

Page 317: ... parameter adding new VLAN names and VIDs and then assigning one or more ports to each VLAN The switch accepts a maximum of 30 VLANs including the default VLAN and any dynamic VLANs the switch creates if you enable GVRP page 14 30 Note that each port can be assigned to multiple VLANs by using VLAN tagging See VLAN Tagging Information on page 14 23 To Change VLAN Support Settings This section descr...

Page 318: ... you need more VLANs later you can increase this number but a switch reboot will be required at that time 3 Press Enter and then S to save the VLAN support configuration and return to the VLAN Menu screen If you changed the value for Maximum VLANs to support you will see an asterisk next to the VLAN Support option see below Figure 14 7 VLAN Menu Screen Indicating the Need To Reboot the Switch If y...

Page 319: ...nd VLAN ID 802 1Q VLAN ID 1 Name _ 3 Type in a VID VLAN ID number This can be any number from 2 to 4094 that is not already being used by another VLAN The switch reserves 1 for the default VLAN Remember that a VLAN must have the same VID in every switch in which you configure that same VLAN GVRP dynamically extends VLANs with correct VID numbering to other switches See GVRP on page 14 30 4 Press v...

Page 320: ...s includes any VLANs added dynamically due to GVRP operation 7 Return to the VLAN Menu to assign ports to the new VLAN s as described in the next section Adding or Changing a VLAN Port Assignment Adding or Changing a VLAN Port Assignment Use this procedure to add ports to a VLAN or to change the VLAN assign ment s for any port Ports not specifically assigned to a VLAN are automat ically in the def...

Page 321: ...4 35 Untagged VLANs Only one untagged VLAN is allowed per port Also there must be at least one VLAN assigned to each port In the factory default configuration all ports are assigned to the default VLAN DEFAULT_VLAN For example if you want ports A4 and A5 to belong to both DEFAULT_VLAN and VLAN 22 and ports A6 and A7 to belong only to VLAN 22 you would use the settings in figure page 14 16 This exa...

Page 322: ...he factory default state all ports on the switch belong to the default VLAN DEFAULT_VLAN and are in the same broadcast multicast domain The default VLAN is also the default primary VLAN see Which VLAN Is Pri mary on page 14 7 You can configure up to 29 additional static VLANs by adding new VLAN names and then assigning one or more ports to each VLAN The switch accepts a maximum of 30 VLANs includi...

Page 323: ...VLAN In the default configuration GVRP is disabled See GVRP on page 14 30 Syntax show vlan Figure 14 12 Example of Show VLAN Listing GVRP Enabled show vlans below show vlan vlan id page 14 18 max vlans 1 30 page 14 19 primary vlan vlan id page 14 19 no vlan vlan id page 14 20 name vlan name page 14 21 no tagged port list page 14 21 no untagged port list page 14 21 no forbid page 14 21 auto port li...

Page 324: ...LAN This command uses the VID to identify and display the data for a specific static or dynamic VLAN Syntax show vlan vlan id Figure 14 13 Example of Show VLAN for a Specific Static VLAN Figure 14 14 Example of Show VLAN for a Specific Dynamic VLAN Show VLAN lists this data when GVRP is enabled and at least oneportontheswitch has dynamically joined the designated VLAN ...

Page 325: ...nd then reboot the switch Syntax max vlans 1 30 For example to reconfigure the switch to allow 10 VLANs Figure 14 15 Example of Command Sequence for Changing the Number of VLANs Changing the Primary VLAN In the factory default configuration the default VLAN DEFAULT_VLAN is the primary VLAN However you can designate any static VLAN on the switch as the primary VLAN For more on the primary VLAN see ...

Page 326: ...VLAN with that VID does not already exist and places you in that VLAN s context level If you do not use the name option the switch uses VLAN and the new VID to automatically name the VLAN If the VLAN already exists the switch places you in the context level for that VLAN vlan vlan name Places you in the context level for that static VLAN For example to create a new static VLAN with a VID of 100 Fi...

Page 327: ...below changes the name of an existing static VLAN and changes the per port VLAN membership settings N ot e You can use these options from the configuration level by beginning the command with vlan vlan id or from the context level of the specific VLAN Syntax name vlan name Changes the name of the existing static VLAN Avoid spaces and the following characters in the vlan name entry 2 and no tagged ...

Page 328: ...lan 100 tagged 1 5 Similarly to change the tagged ports in the above examples to No or Auto if GVRP is enabled you could use either of the following commands At the config level use HP4108 config no vlan 100 tagged 1 5 or At the VLAN 100 context level use HP4108 vlan 100 no tagged 1 5 N ot e You cannot use these commands with dynamic VLANs Attempting to do so results in the message VLAN already ex...

Page 329: ...o a VLAN When yousubsequently assign a portto a givenVLAN you mustimplementthe VLAN tag VID if the port will carry traffic for more than one VLAN Otherwise the port VLAN assignment can remain untagged because the tag is not needed On a given switch this means you should use the Untagged designation for a port VLAN assignment where the port is connected to non 802 1Q compliant device or is assigned...

Page 330: ...signed to ports Y1 Y4 can all be untagged because there is only one VLAN assignmentper port Devices connected to these ports do not have to be 802 1Q compliant Because both the Red VLAN and the Green VLAN are assigned to port Y5 at least one of the VLANs must be tagged for this port In both switches The ports on the link between the two switches must be configured the same As shown in figure 14 17...

Page 331: ...port any port that has only one VLAN assigned to it can be configured as Untagged the default Any port that has two or more VLANs assigned to it can have one VLAN assignment for that port as Untagged All other VLANs assigned to the same port must be configured as Tagged There can be no more than one Untagged VLAN on a port If all end nodes on a port comply with the 802 1Q standard and are configur...

Page 332: ... the same point to point connec tion both ports must have the same VLAN configuration that is both ports configure the Red VLAN as Untagged and the Green VLAN as Tagged Red VLAN Untagged Red VLAN Untagged Red VLAN Untagged Green VLAN Tagged Green VLAN Tagged Green VLAN Tagged Green VLAN only Server S1 Server S2 Server S3 Green VLAN Green VLAN Red VLAN Red VLAN Switch X X1 X2 X3 X4 Switch Y Y1 Y4 Y...

Page 333: ...ple in the non 802 1Q HP Switch 2000 and the HP Switch 800T STP operates on a per VLAN basis allowing redundant physical links as long as they are in separate VLANs IP Interfaces There is a one to one relationship between a VLAN and an IP network inter face Since the VLAN is defined by a group of ports the state up down of those ports determines the state of the IP network interface associated wit...

Page 334: ...up to 30 VLAN MAC addresses one per possible VLAN Port Trunks When assigning a port trunk to a VLAN all ports in the trunk are automatically assigned to the same VLAN You cannot split trunk members across multiple VLANs Also a port trunk is tagged untagged or excluded from a VLAN in the same way as for individual untrunked ports Port Monitoring If you designate a port on the switch for network mon...

Page 335: ...N oper ation with non 802 1Q compliant devices An external router must be used to communicate between tagged VLANs on the switch Before you can delete a VLAN you must first re assign all ports in the VLAN to another VLAN HP Router Requirements Use the Hewlett Packard version A 09 70 or later router OS release if any of the following Hewlett Packard routers are installed in networks in which you wi...

Page 336: ...r errors in VLAN configuration by automatically pro viding VLAN ID VID consistency across the network That is you can use GVRP to propagate VLANs to other GVRP aware devices instead of manually having to set up VLANs across your network After the switch creates a dynamic VLAN you can optionally use the CLI static vlan id command to convert it to a static VLAN or allow it to continue as a dynamic V...

Page 337: ... all other ports of that switch will send advertisements for that VLAN Operating Note When a GVRP aware porton a switch learns a VID through GVRP from another device the switch begins advertising that VID out all of its ports except the port on which the VID was learned Core switch with static VLANs VID 1 2 3 Port 2 is a member of VIDs 1 2 3 1 Port 2 advertises VIDs 1 2 3 2 Port 1 receives adverti...

Page 338: ...namically create the VLAN and become a member If the switch already has a static VLAN assignment with the same VID as in the advertisement and the port is configured to Auto for that VLAN then the port will dynamically join the VLAN and begin moving that VLAN s traffic For more detail on Auto see Per Port Options for Dynamic VLAN Advertising and Joining on page 14 35 Ignore the advertisement for t...

Page 339: ...te you can configure IP addressing on the VLAN and access it in the same way that you would any other static manually created VLAN Per Port Options for Handling GVRP Unknown VLANs An unknown VLAN is a VLAN that the switch learns of by receiving an advertisement for that VLAN on a port that is not already a member of that VLAN If the port is configured to learn unknown VLANs then the VLAN is dynami...

Page 340: ... it receives an advertisement and allows the port to advertise other other VLANs it knows Block Prevents the port from dynamically joining a VLAN that is not statically configured on that port The port will still forward advertisements that were received by the switch on other ports Block should typically be used on ports in unsecure networks where there is exposure to attacks such as ports where ...

Page 341: ...Options Per Specified VLAN on Each Port 1 Port Activity Tagged or Untagged Per VLAN 2 Port Activity Auto2 Per VLAN PortActivity Forbid Per VLAN 2 Learn the Default Generate advertisements Forwardoutboundadvertisements for other VLANs Receive advertisements and forward them to other ports on the switch for outbound transmission Allow the port to dynamically join the specified VLAN if the port recei...

Page 342: ...mic VLAN adver tisements GVRP advertisements and to dynamically join VLANs The two preceding sections describe the per port features you can use to control and limit VLAN propagation To summarize you can Allow a port to advertise and or join dynamic VLANs Learn mode the default Allow a port to send VLAN advertisements but not receive them from other devices that is the port cannot dynamically join...

Page 343: ...GVRP on all devices you want to use with dynamic VLANs and configure the appropriate Unknown VLAN parameter Learn Block or Disable for each port 6 Configure the static VLANs on the switch es where they are needed along with the per VLAN parameters Tagged Untagged Auto and Forbid see table 14 3 on page 14 35 on each port 7 Dynamic VLANs will then appear automatically according to the config uration...

Page 344: ... Showing Default Settings for Handling Advertisements 3 Use the arrow keys to select the port you want and the Space bar to select Unknown VLAN option for any ports you want to change 4 When you finish making configuration changes press Enter then S for Save to save your changes to the Startup Config file The Unknown VLAN fields enable you to configure each port to Learn Dynamically join any adver...

Page 345: ...rent settings for the maximum number of VLANs and the current Primary VLAN For more on the last two parameters see Port Based Virtual LANs Static VLANs on page 14 4 Syntax show gvrp Shows the current settings Figure 14 25 Example of Show GVRP Listing with GVRP Disabled Figure 14 26 Example of Show GVRP Listing with GVRP Enabled show gvrp below gvrp page 14 40 unknown vlans page 14 40 This example ...

Page 346: ... config no gvrp Enabling and Disabling GVRP On Individual Ports When GVRP is enabled on the switch use the unknown vlans command to change the Unknown VLAN field for one or more ports You can use this command at either the Manager level or the interface context level for the desired port s Syntax interface port list unknown vlans Changes the Unknown VLAN learn block disable field setting for the s...

Page 347: ...to Learn for Unknown VLANs Switch A has GVRP enabled and has three static VLANs the default VLAN VLAN 222 and VLAN 333 In this scenario switch B will dynamically join VLAN 222 and VLAN 333 The show vlans command lists the dynamic and static VLANs in switch B after it has learned and joined VLAN 222 and VLAN 333 Figure 14 27 Example of Listing Showing Dynamic VLANs Switch A GVRP enabled 3 Static VL...

Page 348: ...port i Click on GVRP Security and make the desired changes ii Click on Apply to save and implement your changes to the Unknown VLAN fields For web based Help on how to use the web browser interface screen click on the button provided on the web browser screen GVRP Operating Notes A dynamic VLAN must be converted to a static VLAN before it can have an IP address The total number of VLANs on the swi...

Page 349: ... as Untagged you must first convert it to a static VLAN Rebooting a switch on which a dynamic VLAN exists deletes that VLAN However the dynamic VLAN re appears after the reboot if GVRP is enabled and the switch again receives advertisements for that VLAN through a port configured to add dynamic VLANs By receiving advertisements from other devices running GVRP the switch learns of static VLANs on t...

Page 350: ...14 44 Port Based Virtual LANs VLANs and GVRP GVRP Port Based Virtual LANs VLANs and GVRP ...

Page 351: ...5 Enhancements 15 5 CLI Configuring and Displaying IGMP 15 6 How IGMP Operates 15 11 Operation With or Without IP Addressing 15 12 Automatic Fast Leave IGMP 15 13 Forced Fast Leave IGMP 15 14 Configuration Options for Forced Fast Leave 15 15 Listing the Forced Fast Leave Configuration 15 15 Configuring Per Port Forced Fast Leave IGMP 15 17 Querier Operation 15 18 The Switch Excludes Well Known or ...

Page 352: ...uilt in interfaces Multimedia Traffic Control with IP Multicast IGMP Use the switch to reduce unnecessary bandwidth usage on a per port basis by configuring IGMP controls For general information on how to use the switch s built in interfaces see Chapter 2 Using the Menu Interface Chapter 3 Using the Command Line Interface CLI Chapter 4 Using the HP Web Browser Interface Appendix C Switch Memory an...

Page 353: ...ica tion that is communication from one to many hosts or communication originating from many hosts and destined for many other hosts In such multipoint applications IGMP will be configured on the hosts and multicast traffic will be generated by one or more servers inside or outside of the local network Switches in the network that support IGMP can then be config ured to direct the multicast traffi...

Page 354: ...racks which ports are connected to devices IGMP clients that belong to specific multicast groups and triggers updates of this information A querier uses data received from the queries to determine whether to forward or block multicast traffic on specific ports When the switch has an IP address on a given VLAN it automatically operates as a Querier for that VLAN if it does not detect a multicast ro...

Page 355: ...uto the default Causes the switch to interpret IGMP packets and to filter IP multicast traffic based on the IGMP packet information for ports belonging to a multicast group This means that IGMP traffic will be forwarded on a specific port only if an IGMP host or multicast router is connected to the port Blocked Causes the switch to drop all IGMP transmissions received from a specific port and to b...

Page 356: ...39 255 255 255 Also incoming IGMP packets intended for reserved or well known multicastaddresses automatically flood through all ports except the port on which the packets entered the switch For more on this topic see The Switch Excludes Well Known or Reserved Multicast Addresses from IP Multicast Filtering on page 15 19 For more information refer to How IGMP Operates on page 15 11 CLI Configuring...

Page 357: ...n the switch including per port data For IGMP operating status see Internet Group Management Protocol IGMP Status on page 17 19 For example suppose you have the following VLAN and IGMP configurations on the switch You could use the CLI to display this data as follows Figure 15 1 Example Listing of IGMP Configuration for All VLANs in the Switch The following versionofthe showipigmp command includes...

Page 358: ...no ip igmp For example here are methods to enable and disable IGMP on the default VLAN VID 1 HP4108 config vlan 1 ip igmp Enables IGMP on VLAN 1 HP4108 vlan 1 ip igmp Same as above HP4108 config no vlan 1 ip igmp Disables IGMP on VLAN 1 N ot e If you disable IGMP on a VLAN and then later re enable IGMP on that VLAN the switch restoresthe last savedIGMP configuration forthatVLAN For more on how swi...

Page 359: ...tion result ing from the above commands HP4108 show ip igmp vlan 1 config Configuring IGMP Traffic Priority This command assigns high priority to IGMP traffic or returns a high priority setting to normal priority The traffic will be serviced at its inbound priority Syntax vlan vid ip igmp high priority forward Default normal HP4108 config vlan 1 ip igmp Configures high priority for high priority f...

Page 360: ...querier function igmp querier on VLAN 1 HP4108 show ip igmp config Show command to display results of above querier command Web Enabling or Disabling IGMP In the web browser interface you can enable or disable IGMP on a per VLAN basis To configure other IGMP features telnet to the switch console and use the CLI To Enable or Disable IGMP 1 Click on the Configuration tab 2 Click on Device Features 3...

Page 361: ...P configuration MIB See Changing the Querier Configuration Setting on page Configuring the Querier Function on page 15 10 Report Join A message sent by a host to the querier to indicate that the host wants to be or is a member of a given group indicated in the report message Leave Group A message sent by a host to the querier to indicate that the host has ceased to be a member of a specific multic...

Page 362: ...er See the following table Table 15 1 Comparison of IGMP Operation With and Without IP Addressing IGMP Function Available With IP Addressing Configured on the VLAN Available Without IP Addressing Operating Differences Without an IP Address Forward multicast group traffic to any port on the VLAN that has received a join request for that multicast group Yes None Forward join requests reports to the ...

Page 363: ...ally operates on a port if an IGMP client connects to the port and there are no other end nodesdetected on that port In this case whenthe clientleaves a multicast group Fast Leave IGMP automatically accelerates the blocking of further unnecessary multicast traffic from that group to the former IGMP client This improves performance by reducing the amount of multicast traffic going through the port ...

Page 364: ... Leave IGMP ForcedFast LeaveIGMPspeedsupthe processofblockingunnecessaryIGMP traffic to a switch port that is connected to multiple end nodes This feature does not activate on ports where the switch detects only one end node Instead the regular Fast Leave described in the preceding section activates For example in figure 15 3 even if you configured Forced Fast Leave on all ports in the switch the ...

Page 365: ...n Base and includes the state enabled or disabled for each port and the Forced Leave Interval for all ports on the switch To List the Forced Fast Leave State for all Ports in the Switch Go to the switch s command prompt and use the walkmib command as shown below 1 From the Main Menu select 5 Diagnostics 4 Command Prompt 2 Do one of the following If VLANs are not enabled on the switch go to step 3 ...

Page 366: ...on VLAN Numbers on page 15 15 Go to the switch s command prompt and use the getmib command as shown below Syntax getmib hpSwitchIgmpPortForcedLeaveState vlan number port number OR getmib 1 3 6 1 4 1 11 2 14 11 5 1 7 1 15 3 1 5 vlan number port number For example the following command to list the state for port A6 which in this case belongs to the default VLAN produces the indicated listing The 2 a...

Page 367: ...in a given VLAN See the Note on VLAN Numbers on page 15 15 Syntax setmib hpSwitchIgmpPortForcedLeaveState vlan number port number i 1 2 OR setmib 1 3 6 1 4 1 11 2 14 11 5 1 7 1 15 3 1 5 vlan number port number i 1 2 where 1 Forced Fast Leave enabled 2 Forced Fast Leave disabled For example suppose that your switch has a six port gigabit module in slot A and port C1 is a member of the default VLAN ...

Page 368: ...her Querier on the VLAN you can also use the Command Prompt to disable the Querier capability for that VLAN N ot e A Querier is required for proper IGMP operation For this reason if you disable the Querier function on a switch ensure that there is an IGMP Querier and preferably a backup Querier available on the same VLAN If the switch becomes the Querier for a particular VLAN for example the DEFAU...

Page 369: ...fic groups of consecutive addresses in this range are termed well known addresses and are reserved for predefined host groups IGMP does not filter these addresses so any packets the switch receives for such addresses are flooded out all ports assigned to the VLAN on which they were received except the port on which the packets entered the VLAN The following table lists the 32 well known addressgro...

Page 370: ... the IGMP group is active If the IGMP group subsequently deactivates the switch returns filtering control to the static filter This operation applies to the HP Procurve Switch 1600M 2400M 2424M 4000M and 8000M but not to the Series 2500 switches and the Switch 4108GL which do not have static traffic security filters Reserved Addresses Excluded from IP Multicast IGMP Filtering Traffic to IP multica...

Page 371: ...STP 16 Spanning Tree Protocol STP Chapter Contents Overview 16 2 Menu Configuring STP 16 4 CLI Configuring STP 16 5 Web Enabling or Disabling STP 16 9 How STP Operates 16 9 STP Fast Mode 16 10 STP Operation with 802 1Q VLANs 16 12 ...

Page 372: ...tion on how to use the interfaces see Chapter 2 Using the Menu Interface Chapter 3 Using the Command Line Interface CLI Chapter 4 Using the HP Web Browser Interface For information on how to use switch memory see chapter 5 Switch Memory and Configuration N ot e You should enable STP in any switch that is part of a redundant physical link loop topology It is recommended that you enable STP on all s...

Page 373: ... in a server access failure On ports where this is a problem configuring STP Fast Mode can eliminate the failure For more information see STP Fast Mode on page 16 10 The next sections describe how to configure STP on the switch For more information on STP operation see How STP Operates on page 16 9 In the factory default configuration STP is off If a redundantlink loop exists between nodes in your...

Page 374: ... STP Configuration Screen 4 If the remaining STP parameter settings are adequate for your network go to step 8 5 Use Tab orthearrow keystoselectthe nextparameteryouwanttochange then type in the new value or press the Space Bar to select a value If you need information on STP parameters press Enter to select the Actions line then press H to get help 6 Repeat step 5 for each additional parameter you...

Page 375: ...sts the switch s full STP configuration including general settings and port settings Syntax show spanning tree configuration In the default configuration STP appears similar to the following show spanning tree config Below spanning tree page 16 6 forward delay 4 30 page 16 7 hello time 1 10 page 16 7 maximum age 6 40 page 16 7 priority 0 65535 page 16 7 ethernet port list page 16 8 path cost 1 655...

Page 376: ...panning tree Default Disabled This command enables STP with the current parameter settings or disables STPwithouglosing the most recently configuredparametersettings To learn how the switch handles parameter changes how to test changes without losing the previous settings and how to replace previous settings with new settings see Chapter 5 Switch Memory and Configuration When enabling STP you can ...

Page 377: ...unning enabled on the switch Syntax spanning tree priority 0 65355 maximum age 6 40 seconds hello time 1 10 seconds forward delay 4 30 seconds Default See table 16 1 above Name Default Range Function priority 32768 0 65535 Specifies the priority value used along with the switch MAC address to determine which device is root The lower a priority value the higher the priority maximum age 20 seconds 6...

Page 378: ...255 mode norm fast Default See table 16 2 above For example the following configures ports C5 and C6 to a path cost of 15 a priority of 100 and fast mode HP4108 config spanning tree c5 c6 path cost 15 priority 100 mode fast Name Default Range Function path cost Ethernet 100 10 100Tx 10 100 Fx 10 Gigabit 5 1 65535 Assignsanindividualportcostthattheswitchuses to determine which ports are the forward...

Page 379: ...screen click on the button provided on the web browser screen How STP Operates The switch automatically senses port identity and type and automatically defines port cost and priority for each type The console interface allows you to adjust the Cost and Priority for each port as well as the Mode for each port and the global STP parameter values for the switch While allowing only one active path thr...

Page 380: ...e switch or connected device is powered up or the network cable is connected A problem can arise from this long STP start up sequence because some end nodes are configured to automatically try to access a network server when ever the end node detects a network connection Typical server access includes to Novell servers DHCP servers and X terminal servers If the server access is attempted during th...

Page 381: ...hes or routers may cause loops in your network that STP may not be able to immediately detect in all cases This will cause temporary loops in your network After the fast start up sequence though the switch ports operate according to the STP standard and will adjust their state to eliminate continu ing network loops To Enable or Disable Fast Mode for a Switch Port You can use either the CLI or the ...

Page 382: ...AN environment with redundant physical links you can prevent blocked redun dant links by using a port trunk The following example shows how you can use a port trunk with 802 1Q tagged VLANs and STP without unnecessarily blocking any links or losing any bandwidth Figure 16 4 Example of Using a Trunked Link with STP and VLANs For more information refer to Spanning Tree Protocol Operation with VLANs ...

Page 383: ...16 13 Spanning Tree Protocol STP How STP Operates Spanning Tree Protocol STP ...

Page 384: ...16 14 Spanning Tree Protocol STP How STP Operates Spanning Tree Protocol STP ...

Page 385: ...le Information 17 7 Port Status 17 8 Viewing Port and Trunk Group Statistics and Flow Control Status 17 9 Viewing the Switch s MAC Address Tables 17 12 Spanning Tree Protocol STP Information 17 17 Internet Group Management Protocol IGMP Status 17 19 VLAN Information 17 20 Web Browser Interface Status Information 17 22 Port Monitoring Features 17 23 Menu Configuring Port Monitoring 17 24 CLI Config...

Page 386: ...details of traffic volume on individual ports page 17 9 Event Log Lists switch operating events Using the Event Log To Identify Problem Sources on page 16 Alert Log Lists network occurrences detected by the switch in the Status Overview screen of the web browser interface page 4 20 Configurable trap receivers Uses SNMP to enable management sta tions on your network to receive SNMP traps from the s...

Page 387: ...17 6 Module Information Menu CLI Lists the module type and description for each slot in which a module is installed 17 7 Port Status Menu CLI Web Displays the operational status of each port 17 8 Port and Trunk Statistics and Flow Control Status Menu CLI Web Summarizes port activity and lists per port flow control status 17 9 VLAN Address Table Menu CLI Lists the MAC addresses of nodes the switch ...

Page 388: ...us and Counters Beginning at the Main Menu display the Status and Counters menu by select ing 1 Status and Counters Figure 17 1 The Status and Counters Menu Each of the above menu items accesses the read only screens described on the following pages Refer to the online help for a description of the entries displayed in these screens ...

Page 389: ...l System Information Menu Access From the console Main Menu select 1 Status and Counters 1 General System Information Figure 17 2 Example of General Switch Information This screen dynamically indicates how individual switch resources are being used See the online Help for details CLI Access Syntax show system information ...

Page 390: ...lect 1 Status and Counters 2 Switch Management Address Information Figure 17 3 Example of Management Address Information with VLANs Configured This screen displays addresses that are important for management of the switch If multiple VLANs are not configured this screen displays a single IP address for the entire switch See the online Help for details CLI Access Syntax show management ...

Page 391: ...Module Information Use this feature to determine which slots have modules installed and which type s of modules are installed Menu Displaying Port Status From the Main Menu select 1 Status and Counters 3 Module Information Figure 17 4 Example of Module Information in the Menu Interface CLI Access Syntax show module ...

Page 392: ...he web browser interface and the console interface show the same port status data Menu Displaying Port Status From the Main Menu select 1 Status and Counters 4 Port Status Figure 17 5 Example of Port Status on the Menu Interface CLI Access Syntax show interfaces brief Web Access 1 Click on the Status tab 2 Click on Port Status ...

Page 393: ...ooting or resetting the switch resets the counters to zero You can also reset the counters to zero for the current session This is useful for troubleshooting See the Note On Reset below N ot e on R es et The Reset action resets the counter display to zero for the current session but does not affect the cumulative values in the actual hardware counters In compliance with the SNMP standard the value...

Page 394: ...nters Figure 17 6 Example of Port Counters on the Menu Interface To view details about the traffic on a particular port use the v key to highlight that port number then select Show Details For example selecting port A2 displays a screen similar to figure 17 7 below Figure 17 7 Example of the Display for Show details on a Selected Port This screen also includes the Reset action for the current sess...

Page 395: ...ecific Ports This com mand provides traffic details for the port s you specify Syntax show interfaces ethernet port list To Reset the Port Counters for a Specific Port This command resets the counters for the specified ports to zero for the current session See the Note on Reset on page 17 9 Syntax clear statistics ethernet port list Web Browser Access To View Port and Trunk Group Statistics 1 Clic...

Page 396: ...ou to view The MAC addresses that the switch has learned from network devices attached to the switch The port on which each MAC address was learned Feature Default Menu CLI Web viewing MAC addresses on all ports on a specific VLAN n a page 17 13 page 17 15 viewing MAC addresses on a specific port n a page 17 14 page 17 15 searching for a MAC address n a page 17 14 page 17 16 ...

Page 397: ...vice on the network The per VLAN listing includes The MAC addresses that the switch has learned from network devices attached to the switch The port on which each MAC address was learned 1 From the Main Menu select 1 Status and Counters 5 VLAN Address Table 2 The switch then prompts you to select a VLAN 3 Use the Space bar to select the VLAN you want then press Enter The switch then displays the M...

Page 398: ...nt to locate and press Enter The address and port number are highlighted if found If the switch does not find the MAC address on the currently selected VLAN it leaves the MAC address listing empty Figure 17 9 Example of Menu Indicating Located MAC Address 3 Press P for Prev page to return to the full address table listing Port Level MAC Address Viewing and Searching This feature displays and searc...

Page 399: ...display the following prompt Enter MAC address _ 2 Type the MAC address you want to locate and press Enter The address is highlighted if found If the switch does not find the address it leaves the MAC address listing empty 3 Press P for Prev page to return to the previous per port listing CLI Access for MAC Address Views and Searches Syntax show mac address vlan vlan id ethernet port list mac addr...

Page 400: ...n a VLAN with Their Port Numbers This command lists the MAC addresses associated with the ports for a given VLAN For example HP4108 show mac address vlan 100 N ot e The Switch 4108GL has a Single Forwarding Database architecture This means the switches have only a single MAC address table and not a separate MAC address table per VLAN To Find the Port On Which the Switch Learned a Specific MAC Addr...

Page 401: ...tion STP must be enabled on the switch to display the following data Figure 17 11 Example of Spanning Tree Information Use this screen to determine current switch level STP parameter settings and statistics You can use the Show ports action at the bottom of the screen to display port level information and parameter settings for each port in the switch including port type cost priority operating st...

Page 402: ...a Monitoring and Analyzing Switch Operation Figure 17 12 Example of STP Port Information CLI Access to STP Data This option lists the STP configuration root data and per port data cost priority state and designated bridge Syntax show spanning tree HP4108 show spanning tree ...

Page 403: ...data on that group by executing the following Figure 17 13 Example of IGMP Group Data Show Command Output show ip igmp GlobalcommandlistingIGMPstatusforallVLANsconfigured in the switch VLAN ID VID and name Active group addresses per VLAN Number of report and query packets per group Querier access port per VLAN show ip igmp vlan id Per VLAN command listing above IGMP status for specified VLAN VID s...

Page 404: ...N 44 44 The next three figures show how you could list data on the above VLANs Listing the VLAN ID VID and Status for ALL VLANs in the Switch Figure 17 14 Example of VLAN Listing for the Entire Switch Show Command Output show vlan Lists Maximum number of VLANs to support Existing VLANs Status static or dynamic Primary VLAN show vlan vlan id For the specified VLAN lists Name VID and status static d...

Page 405: ...Switch Operation Listing the VLAN ID VID and Status for Specific Ports Figure 17 15 Example of VLAN Listing for Specific Ports Listing Individual VLAN Status Figure 17 16 Example of Port Listing for an Individual VLAN Because ports A1 and A2 are not members of VLAN 44 itdoesnotappear in this listing ...

Page 406: ... provides an overview of the status of the switch including summary graphs indicating the network utili zation on each of the switch ports symbolic port status indicators and the Alert Log which informs you of any problems that may have occurred on the switch For more information on this screen see chapter 4 Using the HP Web Browser Interface Figure 17 17 Example of a Web Browser Interface Status ...

Page 407: ...monitoring port to which a network analyzer can be attached N ot e Port trunk groups cannot be used as a monitoring port It is possible when monitoring multiple ports in networks with high traffic levels to copy more traffic to a monitor port than the link can support In this case some packets may not be copied to the monitor port Feature Default Menu CLI Web display monitoring configuration disab...

Page 408: ...rently than shown in this procedure 1 From the Console Main Menu Select 2 Switch Configuration 3 Network Monitoring Port Figure 17 18 The Default Network Monitoring Configuration Screen 2 In the Actions menu press E for Edit 3 If monitoring is currently disabled the default then enable it by pressing the Space bar or Y to select Yes 4 Press the downarrow key to display a screen similar to the foll...

Page 409: ... to monitor 7 Press the Space bar to select Monitor for each port that you want moni tored Use the downarrow key to move from one port to the next in the Action column 8 When you finish selecting ports to monitor press Enter then press S for Save to save your changes and exit from the screen 9 Return to the Main Menu CLI Configuring Port Monitoring Port Monitoring Commands Used in This Section Mov...

Page 410: ...you assign port A6 as the monitoring port and configure the switch to monitor ports A1 A3 show monitor displays the following Figure 17 20 Example of Monitored Port Listing Configuring the Monitor Port This command assigns or removes a mon itoring port and must be executed from the global configuration level Remov ing the monitor port disables port monitoring and resets the monitoring parameters t...

Page 411: ...oring Figure 17 21 Examples of Selecting Ports as Monitoring Sources Figure 17 22 Examples of Removing Ports as Monitoring Sources Web Configuring Port Monitoring To enable port monitoring 1 Click on the Configuration tab 2 Click on Monitor Port 3 To monitor one or more ports a Click on the radio button for Monitor Selected Ports b Select the port s to monitor 4 Click on Apply Changes From the glo...

Page 412: ...Features Monitoring and Analyzing Switch Operation To remove port monitoring 1 Click on the Monitoring Off radio button 2 Click on Apply Changes For web based Help on how to use the web browser interface screen click on the button provided on the web browser screen ...

Page 413: ...eration 18 13 Using the Event Log To Identify Problem Sources 18 16 Menu Entering and Navigating in the Event Log 18 17 CLI 18 18 Diagnostic Tools 18 19 Port Auto Negotiation 18 19 Ping and Link Tests 18 19 Web Executing Ping or Link Tests 18 21 CLI Ping or Link Tests 18 22 Displaying the Configuration File 18 24 CLI Viewing the Configuration File 18 24 Web Viewing the Configuration File 18 24 CLI...

Page 414: ... hardware problems indicated by LED behavior cabling requirements and other potential hardware related problems refer to the installation guide you received with the switch N ot e HP periodically places switch software updates on the HP Procurve website HP recommends that you check this website for software updates that may have fixed a problem you are experiencing For information on support and w...

Page 415: ...les for compliance to the relevant IEEE 802 3 specification See the Installation Guide shipped with the switch for correct cable types and connector pin outs Use HP TopTools for Hubs Switches if installed on your network to help isolate problems and recommend solutions HP TopTools is shipped at no extra cost with the switch Use the Port Utilization Graph and Alert Log in the web browser interface ...

Page 416: ... verify correct IP addressing If you are using DHCP to acquire the IP address for the switch the IP address lease time may have expired so that the IP address has changed For more information on how to reserve an IP address refer to the documentation for the DHCP application that you are using If one or more IP Authorized managers are configured the switch allows web browser access only to a devic...

Page 417: ...ting 2 Switch Configuration 5 IP Configuration Note If DHCP Bootp is used to configure the switch see the Note above If you are using DHCP to acquire the IP address for the switch the IP address lease time may have expired so that the IP address has changed For more information on how to reserve an IP address refer to the documentation for the DHCP application that you are using If one or more IP ...

Page 418: ...evices Broadcast storms may be occurring in the network These may be due to redundant links between nodes If you are configuring a port trunk finish configuring the ports in the trunk before connecting the related cables Otherwise you may inad vertently create a number of redundant links i e topology loops that will cause broadcast storms Turn on Spanning Tree Protocol to block redundant links i e...

Page 419: ...CP Bootp requests it continues to periodically send requestpackets butwithdecreasing frequency Thus if a DHCPor Bootp server is not available or accessible to the switch when DHCP Bootp is first configured the switch may not immediately receive the desired configuration After verifying that the server has become accessible to the switch reboot the switch to re start the process Troubleshooting CDP...

Page 420: ...ce See Effect of Spanning Tree STP On CDP Packet Transmission on page 12 23 IGMP Related Problems IP Multicast IGMP Traffic That Is Directed By IGMP Does Not Reach IGMP Hosts or a Multicast Router Connected to a Port IGMP must be enabled on the switch and the affected port must be configured for Auto or Forward operation IP Multicast Traffic Floods Out All Ports IGMP Does Not Appear To Filter Traf...

Page 421: ...links even if they are in separate VLANs A solution is to use only one multiple VLAN tagged link between the devices Also if ports are available you can improve the bandwidth in this situation by using a port trunk See STP Operation with 802 1Q VLANs on page 16 12 Stacking Related Problems The Stack Commander Cannot Locate any Candidates Stacking oper ates on the primary VLAN which in the default ...

Page 422: ...on Taking this step means you will have to reconfigure the switch to return it to operation in your network No Communication Between the Switch and the TACACS Server Application If the switch can access the server device that is it can ping the server then a configuration error may be the problem Some possiblities include The server IP address configured with the switch s tacacs server host comman...

Page 423: ...d to allow fewer login attempts than you have configured in the switch with the aaa authentication num attempts command TimeP SNTP or Gateway Problems The Switch Cannot Find the Time Server or the Configured Gateway TimeP SNTP and Gateway access are through the primary VLAN which in the default configuration is the DEFAULT_VLAN If the primary VLAN has been moved to another VLAN it may be disabled ...

Page 424: ...he same link between switch X and switch Y Figure 18 1 Example of Correct VLAN Port Assignments on a Link 1 If VLAN_1 VID 1 is configured as Untagged on port 3 on switch X then it must also be configured as Untagged on port 7 on switch Y Make sure that the VLAN ID VID is the same on both switches 2 Similarly if VLAN_2 VID 2 is configured as Tagged on the link port on switch A then it must also be ...

Page 425: ...s but different VLANs are received on different ports You can avoid this problem by creating redundant paths using port trunks or spanning tree Figure 18 2 Example of Duplicate MAC Address Troubleshooting TACACS Operation Event Log When troubleshooting TACACS operation checkthe switch s Event Log for indications of problem areas All Users Are Locked Out of Access to the Switch If the switch is fun...

Page 426: ...on Taking this step means you will have to reconfigure the switch to return it to operation in your network No Communication Between the Switch and the TACACS Server Application If the switch can access the server device that is it can ping the server then a configuration error may be the problem Some possiblities include The server IP address configured with the switch s tacacs server host comman...

Page 427: ...vided with your TACACS server application Unknown Users Allowed to Login to the Switch Your TACACS appli cation may be configured to allow access to unknown users by assigning them the privileges included in a default user profile Refer to the documentation provided with your TACACS server application System Allows Fewer Login Attempts than Specified in the Switch Configuration Your TACACS server ...

Page 428: ... in the log System Module is the internal module such as ports for port manager that generated the log entry If VLANs are configured then a VLAN name also appears for an event that is specific to an individual VLAN Table 18 1 on page 18 17 lists the individual modules Event Message is a brief description of the operating event The event log holds up to 1000 lines in chronological order from the ol...

Page 429: ...c trunks bootp bootp addressing snmp SNMP communications console Console interface stack Stacking dhcp DHCP addressing stp Spanning Tree download file transfer sys system Switch management FFI Find Fix and Inform available in the console event log and web browser interface alert log telnet Telnet activity garp GARP GVRP tcp Transmission control igmp IP Multicast tftp File transfer for new OS or co...

Page 430: ...itch All events recorded Event entries containing a specific keyword either since the last boot or all events recorded Syntax show logging a search text HP4108 show logging Lists recorded logmessages since last reboot HP4108 show logging a Lists all recorded log messages including those before the last reboot HP4108 show logging a system Lists log messages with system in the text or modulename HP4...

Page 431: ...ally configure the switch port to the same setting as the end node port See Chapter 11 Optimizing Port Usage Through Traffic Con trol and Port Trunking Ping and Link Tests The Ping test and the Link test are point to point tests between your switch and another IEEE 802 3 compliant device on your network These tests can tell you whether the switch is communicating properly with another device Featu...

Page 432: ...other device on the same or another IP network that can respond to IP packets ICMP Echo Requests Link Test This is a test of the connection between the switch and a desig nated network device on the same LAN or VLAN if configured During the link test IEEE 802 2 test packets are sent to the designated network device in the same VLAN or broadcast domain The remote device must be able to respond with...

Page 433: ...loaded links or devices DestinationIP MAC Address is the network address of the target or destination device to which you want to test a connection with the switch An IP address is in the X X X X format where X is a decimal number between 0 and 255 A MACaddressismadeupof12hexadecimaldigits forexample 0060b0 080400 4 For a Ping test enter the IP address of the target device For a Link test enter th...

Page 434: ...ludes click on the Stop button To reset the screen to its default settings click on the Defaults button CLI Ping or Link Tests Ping Tests You can issue single or multiple ping tests with varying repiti tions and timeout periods The defaults and ranges are Repetitions 1 1 999 Timeout 5 seconds 1 256 seconds Syntax ping ip address repetitions 1 999 timeout 1 256 Figure 18 5 Examples of Ping Tests To...

Page 435: ...out periods The defaults are Repetitions 1 1 999 Timeout 5 seconds 1 256 seconds Syntax link mac address repetitions 1 999 timeout 1 256 vlan vlan id Figure 18 6 Example of Link Tests Basic Link Test Link Test with Repetitions Link Test with Repetitions and Timeout Link Test Over a Specific VLAN Link Test Over a Specific VLAN Test Fail ...

Page 436: ...ration File Using the CLI you can display either the running configuration or the startup configuration For more on these topics see appendix C Switch Memory and Configuration Syntax write terminal Displays the running configuration show config Displays the startup configuration Web Viewing the Configuration File To display the running configuration through the web browser interface 1 Click on the...

Page 437: ...ax show version Shows the software version currently running on the switch and the flash image from which the switch booted primary or secondary show boot history Displays the switch shutdown history show history Displays the current command history no page Toggles the paging mode for display commands between continuous listing and per page listing setup Displays the Switch Setup screen from the m...

Page 438: ...tch to itsfactory defaultconfiguration You can also save your configuration via Xmodem to a directly connected PC CLI Resetting to the Factory Default Configuration This command operates at any level except the Operator level Syntax erase startup configuration Deletes the startup config file in flash so that the switch will reboot with its factory default configuration N ot e The erase startup con...

Page 439: ... Xmodem capability such as the Hyper Terminal program included in Windows PC software A copy of a good OS image file for the switch N ot e The following procedure requires the use of Xmodem and copies an OS image into primary flash only This procedure assumes you are using HyperTerminal as your terminal emu lator If you use a different terminal emulator you may need to adapt this procedure to the ...

Page 440: ...n Configure iv Change the baud rate to 115200 v Click on OK In the next window click on OK again vi Select Call Connect vii Press Enter one or more times to display the prompt 5 Start the Console Download utility by typing do at the prompt and pressing Enter do 6 You will then see this prompt 7 At the above prompt a Type y for Yes b Select Transfer File in HyperTerminal c Enter the appropriate fil...

Page 441: ...h Image Troubleshooting Figure 18 7 Example of Xmodem Download in Progress 8 When the download completes the switch reboots from primary flash using the OS image you downloaded in the preceding steps plus the most recent startup config file ...

Page 442: ...18 30 Troubleshooting Restoring a Flash Image Troubleshooting ...

Page 443: ... Xmodem Download from a PC or Unix Workstation to Primary or Secondary Flash A 8 Switch to Switch Download A 9 Menu Switch to Switch Download to Primary Flash A 9 CLI Switch To Switch Downloads A 10 Using the HP TopTools for Hubs Switches Utility A 11 Troubleshooting TFTP Downloads A 12 Transferring Switch Configurations A 13 Copying Diagnostic Data to a Remote Host PC or Unix Workstation A 16 Cop...

Page 444: ...m OS updates through the HP Procurve website http www hp com go hpprocurve For more informa tion see the support and warranty booklet shipped with the switch After you acquire a new OS file you can use one of the following methods for down loading the operating system OS code to the switch OS Download Features General OS Download Rules An OS image you download via the menu interface always goes to...

Page 445: ...load an OS Image from a Server This procedure assumes that An OS file for the switch has been stored on a TFTP server accessible to the switch The OS file is typically available from the HP Procurve website at http www hp com go hpprocurve The switch is properly connected to your network and has already been configured with a compatible IP address and subnet mask The TFTP server is accessible to t...

Page 446: ...en Default Values 2 Press E for Edit 3 Ensure that the Method field is set to TFTP the default 4 In the TFTP Server field type in the IP address of the TFTP server in which the OS file has been stored 5 In the Remote File Name field type the name of the OS file If you are using a UNIX system remember that the filename is case sensitive 6 Press Enter then X for eXecute to begin the OS download The ...

Page 447: ...s stored in primary flash Also using the Reboot Switch command intheMainMenualwaysrebootstheswitchfromprimaryflash Rebooting the switch from the CLI gives you more options See Rebooting the Switch on page 5 17 8 After you reboot the switch confirm that the operating system down loaded correctly a From the Main Menu select 1 StatusandCounters and from the Status and Counters menu select 1 General S...

Page 448: ...m that the operating system downloaded correctly execute show system and check the Firmware revision line If you need information on primary secondary flash memory and the boot commands see Using Primary and Secondary Flash Image Options on page 5 11 Using Xmodem to Download an OS Image From a PC or UNIX Workstation This procedure assumes that The switch is connected via the Console RS 232 port to...

Page 449: ...ecute the terminal emulator command s to begin Xmodem binary transfer For example using HyperTerminal a Click on Transfer then Send File b Type the file path and name in the Filename field c In the Protocol field select Xmodem d Click on the Send button The download will then commence It can take several minutes depend ing on the baud rate set in the switch and in your terminal emulator 6 After th...

Page 450: ...ands to begin the Xmodem transfer For example using HyperTerminal a Click on Transfer then Send File b Type the file path and name in the Filename field c In the Protocol field select Xmodem d Click on the Send button The download can take several minutes depending on the baud rate used in the transfer 3 When the download finishes you must reboot the switch to implement the newly dowloaded OS To d...

Page 451: ... 3 In the TFTP Server field enter the IP address of the remote Switch 4108GL containing the OS you want to download 4 For the Remote File Name enter one of the following To download the OS in the primary flash of the source switch type flash in lowercase characters To download the OS in the secondary flash of the source switch type os secondary 5 Press Enter then X for eXecute to begin the OS down...

Page 452: ...source switch s primary flash to either the primary or secondary flash in the destination switch Syntax copy tftp flash ip addr flash primary secondary If you do not specify either a primary or secondary flash location for the destination the download automatically goes to primary flash For example to download an OS file from primary flash in a Switch 4108GL with an IP address of 10 28 227 103 to ...

Page 453: ...e secondary flash in the destination switch you would execute the following command in the destination switch s CLI Figure A 5 Switch to Switch from Either Flash in Source to Either Flash in Destination Using the HP TopTools for Hubs Switches Utility HP TopTools for Hubs Switches includes a software update utility for updating on HP ProCurve switch products such as the Series 2500 switches For fur...

Page 454: ...ntify Problem Sources on 18 16 Some of the causes of download failures include Incorrect or unreachable address specified for the TFTP Server parameter This may include network problems Incorrect VLAN Incorrect name specified for the Remote File Name parameter or the specified file cannot be found on the TFTP server This can also occur if the TFTP server is a Unix machine and the case upper or low...

Page 455: ...and from a switch TFTP Copying a Configuration from a Remote Host Syntax copy tftp startup config running config ip address remote file This command copies a configuration from a remote host to the startup config file in the switch See Chapter 5 Using Primary and Secondary Flash Image Options for information on the startup config file For example to download a configuration file named sw4108 in th...

Page 456: ... sw2512 Xmodem Copying a Configuration File from the Switch to a Serially Connected PC or Unix Workstation To use this method the switch must be connected via the serial port to a PC or Unix workstation to which you want to copy the configuration file You will need to Determine a filename to use Know the directory path you will use to store the the configuration file Syntax copy startup config run...

Page 457: ...ation of the file Syntax copy xmodem startup config pc unix For example to copy a configuration file from a PC serially connected to the switch 1 Execute the following command 2 After you see the above prompt press Enter 3 Execute the terminal emulator commands to begin the file transfer 4 When the download finishes you must reboot the switch to implement the newly dowloaded OS To do so use one of...

Page 458: ...rash Crash Log Processor Specific operating data useful for determining the reason for a system crash Copying Command Output to a Destination Device This command directs the displayed output of a CLI command to a file in a destination device Syntax copy command output cli command tftp ip address filepath filename copy command output cli command xmodem For example to use Xmodem to copy the output o...

Page 459: ... content to a PC orUNIX workstationonthe network Youcancopy individualslotinformation or the master switch information If you do not specify either the command defaults to the master data Syntax copy crash data slot id master xmodem copy crash data slot id master tftp ip address filename where slot id a h and retrieves the crash log or crash data from the processor on the module in the specified s...

Page 460: ...s to the master data Syntax copy crash log slot id master tftp ip address filepath and filename copy crash log slot id master xmodem where slot id a h and retrieves the crash log or crash data from the processor on the module in the specified slot master Retrieves crash log or crash data from the switch s chassis processor For example to copy the Crash Log for slot C to a file in a PC connected to...

Page 461: ... address assigned to the default VLAN VID 1 Additional MAC address es corresponding to additional VLANs you configure in the switch For internal switch operations One MAC address per port See CLI Viewing the Port and VLAN MAC Addresses on page B 4 MAC addresses are assigned at the factory The switch automatically implements these addresses for VLANs and ports as they are added to the switch N ot e...

Page 462: ...ned to any non default VLAN you have configured on the switch N ot e The switch s base MAC address is used for the default VLAN VID 1 that is always available on the switch Use the CLI to view the switch s port MAC addresses in hexadecimal format Feature Default Menu CLI Web view switch s base default vlan MAC address and the addressing for any added VLANs n a B 3 B 4 viewportMACaddresses hexadeci...

Page 463: ...T_VLAN unless the name has been changed by using the VLAN Names screen On the Switch 4108GL the VID VLAN identification number for the default VLAN is always 1 and cannot be changed To View the MAC Address and IP Address assignments for VLANs Configured on the Switch 1 From the Main Menu Select 1 Status and Counters 2 Switch Management Address Information If the switch has only the default VLAN th...

Page 464: ...the first six MAC addresses in the allotment and so on The switch s base MAC address is assigned to VLAN VID 1 and appears in the walkmib listing after the MAC addresses for the ports If multiple VLANs are configured the MAC addresses assigned to these VLANs appear after the base MAC address To display the switch s MAC addresses use the walkmib command at the command prompt N ot e This procedure d...

Page 465: ... Assignments ifPhysAddress 226 237 MAC Addresses for non default VLANs ifPhysAddress 1 6 Ports A1 A6 in Slot 1 Addresses 7 24 in slot 1 and 25 48 in slot 2 are unused ifPhysAddress 49 51 Ports C1 C3 in Slot 3 Addresses 52 72 in slot 3 are unused ifPhysAddress 205 Base MAC Address MAC Address for default VLAN VID 1 ...

Page 466: ...B 6 MAC Address Management Determining MAC Addresses MAC Address Management ...

Page 467: ...ion to the value none no time changes there are five pre defined settings named Alaska Canada and Continental US Middle Europe and Portugal Southern Hemisphere Western Europe The pre defined settings follow these rules Alaska Begin DST at 2am the first Sunday on or after April 24th End DST at 2am the first Sunday on or after October 25th Canada and Continental US Begin DST at 2am the first Sunday ...

Page 468: ...n or after March 1st Western Europe Begin DST at 2am the first Sunday on or after March 23rd End DST at 2am the first Sunday on or after October 23rd A sixth option named User defined allows you to customize the DST config uration by entering the beginning month and date plus the ending month and date for the time change The menu interface screen looks like this all month date entries are at their...

Page 469: ...nning day and Ending day If the configured day is a Sunday the time changes at 2am on that day If the configured day is not a Sunday the time changes at 2am on the first Sunday after the configured day This is true for both the Beginning day and the Ending day With that algorithm one should use the value 1 to represent first Sunday of the month and a value equal to number of days in the month minu...

Page 470: ......

Page 471: ... 9 10 10 configuring in console 10 7 definitions of single and multiple 10 5 effect of duplicate IP addresses 10 13 IP mask for multiple stations 10 11 IP mask for single station 10 10 IP mask operation 10 5 operating notes 10 13 overview 10 4 troubleshooting 10 13 auto See GVRP auto negotiation 11 4 auto port setting 15 5 Auto 10 11 11 11 14 auto discovery 12 4 auto negotiation 11 3 B bandwidth d...

Page 472: ... 8 reboot to activate 2 13 restoring factory defaults 18 26 saving from menu interface 2 10 serial link 6 3 SNMP 12 4 12 5 spanning tree protocol 16 9 startup 2 10 system 6 8 Telnet access configuration 6 3 transferring A 13 trap receivers 12 8 viewing 5 4 VLAN 14 4 web browser access 6 3 configuration file browsing for troubleshooting 18 24 connection inactivity time 9 4 console 18 6 configuring ...

Page 473: ... See GVRP format date 18 16 format time 18 16 forwarding port IGMP 15 5 G GARP See GVRP gateway 7 3 7 5 gateway IP address 7 4 7 6 gateway manual config 14 8 global config level 7 8 GVRP advertisement 14 43 advertisement defined 14 30 advertisement responses to 14 32 advertisements generating 14 36 auto 14 35 benefit 14 30 block 14 34 CLI configuring 14 39 configurable port options 14 33 configuri...

Page 474: ...ter 18 5 interfaces listed 1 2 invalid input 3 13 IP authorized IP managers 10 4 CLI access 7 7 configuration 7 3 DHCP Bootp 7 3 duplicate address 18 6 duplicate address DHCP network 18 6 effect when address not used 7 9 gateway 7 3 14 8 gateway IP address 7 4 global assignment 7 14 globally assigned addressing 7 14 menu access 7 5 stacking 7 5 subnet mask 7 3 7 6 using for web browser interface 4...

Page 475: ... exists 14 22 MIB 12 3 MIB listing 12 3 MIB HP proprietary 12 3 MIB standard 12 3 Microsoft Internet Explorer 4 5 mirroring See port monitoring monitoring traffic 17 23 monitoring traffic 12 2 multicast group See IGMP multimedia See IGMP multiple VLAN 12 2 multi port bridge 7 2 N navigation console interface 2 9 2 10 navigation event log 18 18 Netscape 4 5 network management functions 12 4 network...

Page 476: ...runk restriction 11 15 port trunk 11 10 bandwidth capacity 11 10 caution 11 11 11 16 11 24 CLI access 11 18 default trunk type 11 17 enabling dynamic LACP 11 23 FEC 11 13 11 29 IGMP 11 15 LACP 11 4 LACP full duplex required 11 11 limit 11 10 link requirements 11 11 media requirements 11 14 media type 11 11 menu access to static trunk 11 16 monitor port restrictions 11 15 nonconsecutive ports 11 10...

Page 477: ... CLI commands 12 5 communities 12 4 12 6 Communities screen 12 5 community configure 12 4 IP 12 2 public community 12 4 12 5 restricted access 12 5 traps 12 2 SNMP based download A 11 SNTP broadcast mode 8 2 8 9 broadcast mode requirement 8 3 configuration 8 4 disabling 8 10 enabling and disabling 8 9 event log messages 8 23 menu interface operation 8 23 operating modes 8 2 poll interval 8 12 See ...

Page 478: ... access 9 19 configuration timeout 9 24 configuration viewing 9 15 encryption key 9 12 9 19 9 20 9 23 encryption key general operation 9 26 encryption key global 9 23 general operation 9 8 IP address server 9 19 local manager password requirement 9 29 messages 9 28 NAS 9 9 overview 9 2 precautions 9 11 preparing to configure 9 14 preventing switch lockout 9 19 privilege level code 9 12 server acce...

Page 479: ... unusual network activity 18 6 using the event log 18 16 web browser access problems 18 4 trunk See port trunk trunk group FEC 11 26 TTL 7 3 7 5 types of alert log entries 4 21 U unauthorized access 12 11 Universal Resource Locator See URL Unix Bootp 7 12 unrestricted write access 12 5 unusual network activity 18 6 up time 17 5 URL 4 14 browser interface online help location 4 14 HP ProCurve 4 14 ...

Page 480: ...access configuration 6 3 web browser enable disable 6 4 web browser interface access parameters 4 9 alert log 4 7 4 20 alert log details 4 22 alert types 4 21 bandwidth adjustment 4 18 bar graph adjustment 4 18 configuration support URL 4 14 disable access 4 2 enabling 4 5 error packets 4 17 fault detection policy 4 9 4 24 fault detection window 4 24 features 1 5 first time install 4 8 first time ...

Page 481: ...Index 11 Index write memory effect on menu interface 2 13 X Xmodem OS download A 6 ...

Page 482: ......

Page 483: ...hout notice Copyright Hewlett Packard Company 2001 All right reserved Reproduction adaptation or translation without prior written permission is prohibited except as allowed under the copyright laws Product of U S A April 2001 Manual Part Number 5969 2378 5969 2378 ...