HP ProCurve Switches and Hubs HP ProCurve Switches 1600M, 2424M, 4000M, and 8000M Management and Configuration Guide L e s s Wo r k , M o r e N e t w o r k http://www.hp.
HP ProCurve Switches 1600M, 2424M, 4000M, and 8000M Management and Configuration Guide
© Copyright 1999 Hewlett-Packard Company All Rights Reserved. This document contains information which is protected by copyright. Reproduction, adaptation, or translation without prior permission is prohibited, except as allowed under the copyright laws. Publication Number 5969-2320 September 1999 Disclaimer The information contained in this document is subject to change without notice.
Preface Preface Use of This Guide and Other ProCurve Switch Documentation This guide describes how to use the browser interface and console interface for the HP ProCurve Switches 1600M, 2424M, 4000M, and 8000M - hereafter referred to individually as the “Switch 1600M, Switch 2424M, Switch 4000M, and Switch 8000M” and collectively as the “Switches 1600M/ 2424M/4000M/ 8000M”).
Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii Use of This Guide and Other ProCurve Switch Documentation . . . . . . iii 1 Selecting a Management Interface Understanding Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Advantages of Using the HP Web Browser Interface . . . . . . . . . . . . . 1-2 Advantages of Using the Switch Console . . . . . . . . . . . . . . . . . . . . . . . .
Support URLs Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12 Support URL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12 Management Server URL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13 The Web Browser Interface Screen Layout . . . . . . . . . . . . . . . . . . . . 3-14 The Overview Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Commands Available . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15 Set and Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17 Set Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17 Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18 5 Using HP TopTools or Other SNMP Tools To Monitor and Manage the Switch SNMP Management Features . . . . . . . .
Configuring IP Authorized Managers in the Web Browser Interface 6-23 Configuring IP Authorized Managers in the Console Interface . . . . . 6-23 Building IP Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-24 Configuring One Station Per Authorized Manager IP Entry . . . . 6-25 Configuring Multiple Stations Per Authorized Manager IP Entry 6-25 Additional Examples for Authorizing Multiple Stations . . . . . . . 6-27 Operating and Troubleshooting Notes . . . . . . . .
Configuring VLAN Parameters from the Switch Console . . . . . . . . . To Activate VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding or Editing VLAN Names . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding or Changing a VLAN Port Assignment . . . . . . . . . . . . . . . 6-56 6-56 6-58 6-60 VLAN Tagging Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-62 Effect of VLANs on Other Switch Features . . . . . . . . . . . . . . . .
How IGMP Operates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Role of the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Number of IP Multicast Addresses Allowed . . . . . . . . . . . . . . . . Interaction with Multicast Traffic/Security Filters. . . . . . . . . . . Changing the Querier Configuration Setting . . . . . . . . . . . . . . . 6-100 6-101 6-104 6-104 6-105 Automatic Broadcast Control (ABC) Features . . . . . . . . . . . . . . .
Supporting CoS with an 802.1Q Tagged VLAN Environment . . . . . 6-151 Using the Default VLAN to Create a Single Tagged VLAN . . . . 6-151 Operating and Troubleshooting Notes . . . . . . . . . . . . . . . . . . . . . . . . 6-152 7 Monitoring and Analyzing Switch Operation Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1 Status and Counters Screens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Unusual Network Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5 General Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5 Automatic Broadcast Control Problems . . . . . . . . . . . . . . . . . . . . . 8-6 IGMP-Related Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7 Switch Mesh Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7 STP-Related Problems . . . . . . . .
B MAC Address Management Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1 Determining the MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1 The Base and VLAN MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . B-2 Switch Port MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1 Selecting a Management Interface Selecting a Management Interface This chapter describes the following: ■ Management interfaces for the Switches 1600M/2424M/4000M/8000M ■ Advantages of using each interface Understanding Management Interfaces Management interfaces enable you to reconfigure the switch and to monitor switch status and performance.
Selecting a Management Interface Selecting a Management Interface Advantages of Using the HP Web Browser Interface Advantages of Using the HP Web Browser Interface Figure 1-1.
Selecting a Management Interface Advantages of Using the Switch Console Selecting a Management Interface Advantages of Using the Switch Console Figure 1-2.
Selecting a Management Interface Selecting a Management Interface Advantages of Using HP TopTools for Hubs & Switches Advantages of Using HP TopTools for Hubs & Switches You can operate HP TopTools from a PC on the network to monitor traffic, manage your hubs and switches, and proactively recommend network changes to increase network uptime and optimize performance. Easy to install and use, HP TopTools for Hubs & Switches is the answer to your management challenges. Figure 1-3.
Selecting a Management Interface Advantages of Using HP TopTools for Hubs & Switches Identifies users by port and lets you assign easy-to-remember names to any network device. ■ Enables you to configure and monitor network devices from your PC. Network Traffic ■ Watches the network for problems. ■ Shows traffic and “top talker” nodes on screen. ■ Uses traffic monitor diagrams to make bottlenecks easy to see. ■ Improves network reliability through real-time fault isolation.
2 Configuring an IP Address on the Switch This chapter helps you to quickly assign an IP (Internet Protocol) address and subnet mask to the switch. In the factory default configuration, the switch does not have an IP address and subnet mask, so it can be managed only by using a direct connection to the switch console.
Configuring an IP Address on the Switch Methods for Configuring an IP Address and Subnet Mask Methods for Configuring an IP Address and Subnet Mask Configuring an IP Address on the Switch If the switch has not already been configured with an IP address and subnet mask compatible with your network, use either of the following two methods to do so: ■ Manually through the switch console: This is the easiest method if you have direct-connect or modem access to a terminal emulator on a PC (such as HyperTermi
Configuring an IP Address on the Switch Manually Configuring an IP Address Configuring an IP Address on the Switch Figure 2-1. The Internet (IP) Service Screen 3. Press [E] to select Edit, then use the down arrow key ([v]) to select IP Config [DHCP/BOOTP]. 4. Use the Space bar to display Manual for this field. 5. Press the down arrow key ([v]) to display the three IP configuration parameters and select the IP Address field. 6. Enter the IP address you want to assign to the switch. 7.
Configuring an IP Address on the Switch Manually Configuring an IP Address Where To Go From Here Configuring an IP Address on the Switch The above procedure configures your switch with an IP address and subnet mask. With the proper network connections, you can now manage the switch from a network management station or from a PC equipped with a web browser. ■ To access the switch using a web browser, refer to chapter 3, “Using the HP Web Browser Interface”.
3 Using the HP Web Browser Interface Overview The HP web browser interface built into the switch lets you easily access the switch from a browser-based PC on your network. This lets you do the following: ■ optimize your network uptime by using the Alert Log and other diagnostic tools ■ make configuration changes to the switch ■ maintain security by configuring usernames and passwords Using the web browser interface to configure the switch is covered in chapter 6, “Configuring the Switch”.
Using the HP Web Browser Interface Web Browser Interface Requirements Web Browser Interface Requirements You can use equipment meeting the following requirements to access the web browser interface on your intranet. Table 3-1. System Requirements for Accessing the HP Web Browser Interface Platform Entity and OS Version Minimum Recommended PC Platform 90 MHz Pentium 120 MHz Pentium HP-UX Platform (9.x or 10.
Using the HP Web Browser Interface Starting an HP Web Browser Interface Session with the Switch Starting an HP Web Browser Interface Session with the Switch You can start a web browser session in the following ways: ■ ■ Note Using a standalone web browser on a network connection from a PC or UNIX workstation: • directly connected to your network. • connected through remote access to your network. Using a management station running HP TopTools for Hubs & Switches on your network.
Using the HP Web Browser Interface Starting an HP Web Browser Interface Session with the Switch 2. Type the IP address (or DNS name) of the switch in the browser Location or Address field and press [Enter]. (It is not necessary to include http://.) switch4000 [Enter] (example of a DNS-type name) 10.11.12.
Using the HP Web Browser Interface Starting an HP Web Browser Interface Session with the Switch 3. The web browser interface automatically starts with the Status Overview window displayed for the selected device, as shown in figure 3-1. First-Time Install Alert Alert Log Using the HP Web Browser Interface Figure 3-1.
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Tasks for Your First HP Web Browser Interface Session The first time you access the web browser interface, there are three tasks that you should perform: ■ Review the “First Time Install” window ■ Set Manager and Operator passwords ■ Set access to the web browser interface online help Viewing the “First Time Install” Window When you access the switch’s web browser interface for the first time, the Alert log conta
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session This window is the launching point for the basic configuration you need to perform to set web browser interface passwords to maintain security and Fault Detection policy, which determines the types of messages that will be displayed in the Alert Log. To set web browser interface passwords, click on the jump string secure access to the device to display the Device Passwords screen, and then go to the next page.
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Creating Usernames and Passwords in the Browser Interface You may want to create both a username and password to create access security for your switch. There are two levels of access to the interface that can be controlled by setting user names and passwords: Operator. An Operator-level user name and password allows read-only access to most of the web browser interface, but prevents access to the Security window.
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session 2. Click in the appropriate box in the Device Passwords window and enter user names and passwords. You will be required to repeat the password strings in the confirmation boxes. Both the user names and passwords can be up to 16 printable ASCII characters. 3. Note Click on [Apply Changes] to activate the user names and passwords.
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Online Help for the HP Web Browser Interface Online Help is available for the web browser interface. You can use it by clicking on the question mark in the upper right corner of any of the web browser interface screens. Context-sensitive help is provided for the screen you are on. Providing Online Help.
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Enter IP address of HP TopTools network management station, or URL of location of help files on HP’s World Wide Web site here. Figure 3-4. How To Access Web Browser Interface Online Help If you do not have HP TopTools for Hubs and Switches installed on your network and do not have an active connection to the World Wide Web, then Online help for the web browser interface will not be available.
Using the HP Web Browser Interface Support URLs Feature Support URLs Feature The Support/Mgmt URLs window enables you to change the World Wide Web Universal Resource Locator (URL) for two functions: ■ Support URL – a support information site for your switch ■ Management Server URL – the site for online help for the web browser interface, and, if set up, the URL of a network management station running HP TopTools for Hubs & Switches. Using the HP Web Browser Interface 1. Click Here 3.
Using the HP Web Browser Interface Support URLs Feature Click on the [Support] button on that page and you can get to support information regarding your switch, including white papers, operating system (OS) updates, and more. You could instead enter the URL for a local site that you use for entering reports about network performance, or whatever other function you would like to be able to easily access by clicking on the [Support] tab.
Using the HP Web Browser Interface The Web Browser Interface Screen Layout The Web Browser Interface Screen Layout This section describes the elements of the web browser interface screen layout starting with the first screen you see, the Status, Overview window. The Overview Window The Overview Window is the home screen for any entry into the web browser interface.The following figure identifies the various parts of the screen.
Using the HP Web Browser Interface The Web Browser Interface Screen Layout Tab Bar. The row of tabs displaying all the top level menus for the web browser interface. ■ Active Tab. The current tab selected. The tab is darkened and all the buttons under the tab are displayed. ■ Status Bar. The region above the Tab Bar that displays status and device name information. ■ Port Utilization and Status Displays.
Using the HP Web Browser Interface The Web Browser Interface Screen Layout The Port Utilization and Status Displays The Port Utilization and Status displays show an overview of the status of the switch and the amount of network activity on each port. The following figure shows a sample reading of the Port Utilization and Port Status. Bandwidth Display Control Port Utilization Bar Graphs Port Status Indicators Legend Figure 3-7.
Using the HP Web Browser Interface The Web Browser Interface Screen Layout A network utilization of 40% is considered the maximum that a typical Ethernet-type network can experience before encountering performance difficulties. If you observe utilization that is consistently higher than 40% on any port, click on the Port Counters button to get a detailed set of counters for the port.
Using the HP Web Browser Interface The Web Browser Interface Screen Layout Port Status The Port Status indicators show a symbol for each port that indicates the general status of the port. There are four possible statuses: ■ Port Connected – the port is enabled and is properly connected to an active network device. ■ Port Not Connected – the port is enabled but is not connected to an active network device.
Using the HP Web Browser Interface The Web Browser Interface Screen Layout Figure 3-10. The Alert Log Each alert has the following fields of information: ■ Status – The level of severity of the event generated. Severity levels can be Information, Normal, Warning, and Critical. If the alert is new (has not yet been acknowledged), the New symbol is also in the Status column. ■ Alert – The specific event identification. ■ Date/Time – The date and time the event was received by the web browser interface.
Using the HP Web Browser Interface The Web Browser Interface Screen Layout Alert Types The following table lists the types of alerts that can be generated. Using the HP Web Browser Interface Table 3-2. Alert Strings and Descriptions Alert String Alert Description First Time Install Important installation information for your switch.
Using the HP Web Browser Interface The Web Browser Interface Screen Layout Note When troubleshooting the sources of alerts, it may be helpful to check the switch’s Port Status and Port Counter windows (page 7-8 and page 7-10) and the Event Log in the console interface (page 8-12). Viewing Detail Views of Alert Log Entries By double clicking on Alert Entries, the web browser interface displays a Detail View or separate window detailing information about the events.
Using the HP Web Browser Interface The Web Browser Interface Screen Layout The Alert Control Bar The Alert Control Bar appears at the bottom of the Alert Log and contains buttons that enable you to manage the Overview Window. The buttons in the control bar are: ■ Refresh – redraws the Alert Log screen and displays new alerts that have occurred since you opened or last refreshed this window. ■ Open Event – displays the detailed view of the highlighted alert; the same as double-clicking on the alert.
Using the HP Web Browser Interface The Web Browser Interface Screen Layout The Tab Bar The Tab bar in the web browser interface contains six tabs, four of which launch button bars which launch specific functional windows. One tab, Identity, launches a dedicated functional window with no buttons. Another tab, Support, launches a separate web page with support information. To navigate through the different features of the web browser interface, click on the appropriate tab in the Tab Bar.
Using the HP Web Browser Interface The Web Browser Interface Screen Layout Configuration Tab Using the HP Web Browser Interface This tab displays the Configuration Button bar which contains buttons that launch screens for setting or changing some of the switch configuration. The buttons are: 3-24 ■ Device View. Displays a graphical representation of the front panel of the device, allowing you enable and disable ports on the device by clicking on port graphics and an enable or disable port button.
Using the HP Web Browser Interface The Web Browser Interface Screen Layout Security Tab This tab displays the Security Button bar which contains buttons that enable you to view and set switch security features. The buttons displayed are: ■ Device Passwords. Enables you to set operator and manager-level user names and passwords for the switch. ■ Authorized Addresses.
Using the HP Web Browser Interface The Web Browser Interface Screen Layout Support Tab This tab displays the web page for support information. The URL for this page is set in the Configuration | Support/Mgmt URLs option. By default, it is set to Hewlett-Packard’s ProCurve web site, but you can change it to the URL for another location, such as an internal support resource. See also page 3-10 and “Support URLs Feature” on page 3-12.
Using the HP Web Browser Interface The Web Browser Interface Screen Layout ■ System Name. The name you have configured for the switch in the Identity screen or through the switch console System Information screen. ■ Most Critical Alert Description. A short narrative description of the earliest, unacknowledged alert with the current highest severity in the Alert Log, appearing in the right portion of the Status Bar.
Using the HP Web Browser Interface The Web Browser Interface Screen Layout To provide the most information on network problems in the Alert Log, the recommended sensitivity level for Log Network Problems is High Sensitivity. The Fault Detection settings are: ■ High Sensitivity. This policy directs the switch to send all alerts to the Alert Log. This setting is most effective on networks that have none or few problems. ■ Medium Sensitivity.
4 Using the Switch Console Interface This chapter describes the following features: ■ overview of the switch console (page 4-1) ■ starting and ending a console session (page 4-2) ■ the Main Menu (page 4-4) ■ screen structure and navigation (page 4-6) ■ using password security (page 4-9) ■ rebooting the switch (page 4-12) ■ using the command prompt (page 4-14) Overview About the Switch Console.
Using the Switch Console Interface Starting and Ending a Console Session Starting and Ending a Console Session You can access the switch console interface using either: Note ■ a direct serial connection to the switch’s console port, as described in the installation guide you received with the switch ■ through a Telnet from a networked PC running a Telnet application or running the web browser interface. (Telnet access to the switch is available from the web browser interface.
Using the Switch Console Interface Starting and Ending a Console Session • If no password has been set, you will see this prompt: Press any key to continue. Press any key to display the Main Menu (figure 4-1). If there is any system-down information to report, the switch displays it in this step and in the Event Log. For a description of Main Menu features, refer to “Main Menu Features” on page 4-4.
Using the Switch Console Interface Main Menu Features Main Menu Features Figure 4-1. The Main Menu Using the Switch Console Interface The Main Menu gives you access to these console interface features: 4-4 ■ Status and Counters: Provides access to display screens providing information on switch and port status, network activity, the address tables, and spanning tree operation. (Refer to chapter 7, “Monitoring and Analyzing Switch Operation”.
Using the Switch Console Interface Main Menu Features ■ Event Log: Enables you to read progress and error messages that are useful for checking and troubleshooting switch operation. (Refer to “Using the Event Log To Identify Problem Sources” in chapter 8, “Troubleshooting”.) ■ Diagnostics: Provides access to screens for doing Link and Ping connectivity testing, listing the current switch configuration, and to a command prompt for executing system management, monitoring, and troubleshooting commands.
F IP 3DJH 7XHVGD\ 6HSWHPEHU 30 Using the Switch Console Interface Screen Structure and Navigation Screen Structure and Navigation Console screens include these three elements: ■ Parameter fields and/or read-only information such as statistics ■ Navigation and configuration actions, such as Save, Edit, and Cancel ■ Help line to describe navigation options, individual parameters, and readonly data For example, in the System Information screen on the next page: System name Screen
Using the Switch Console Interface Screen Structure and Navigation Table 4-1. How To Navigate in the Console Actions: Execute an action from the “Actions –>" list at the bottom of the screen: Use either of the following methods: • Use the arrow keys ( [<] ,or [>] ) to highlight the action you want to execute, then press [Enter]. • Press the key corresponding to the capital letter in the action name. For example, in a configuration menu, press [E] to select Edit and begin editing parameter values.
F IP 3DJH 7XHVGD\ 6HSWHPEHU 30 Using the Switch Console Interface Screen Structure and Navigation To get Help on individual parameter descriptions. In all screens except the Command Prompt screen there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press [H], and a separate help screen is displayed. For example: Highlight on any item in the Actions line indicates that the Actions line is active.
Using the Switch Console Interface Using Password Security Using Password Security There are two levels of console access: Manager and Operator. For security, you can set a password on each of these levels. Level Actions Permitted Manager: Access to all console interface areas. This is the default level. That is, if a Manager password has not been set prior to starting the current console session, then anyone having access to the console can access any area of the console interface.
Using the Switch Console Interface Using Password Security Note If there is only a Manager password set (with no Operator password), and the Manager password is not entered correctly when the console session begins, the switch operates on the Operator level. If there are both a Manager password and an Operator password, but neither is entered correctly, access to the console will be denied.
Using the Switch Console Interface Using Password Security 2. 3. To set a new password: a. Select Set Manager Password or Set Operator Password. You will then be prompted with Enter new password. b. Type a password of up to 16 ASCII characters with no spaces and press [Enter]. (Remember that passwords are case-sensitive.) c. When prompted with Enter new password again, retype the new password and press [Enter].
Using the Switch Console Interface Rebooting the Switch Rebooting the Switch Rebooting the switch terminates the current console session and performs a reset of the operating system. Rebooting the switch also activates certain configuration changes that require a reboot and resets statistical counters to zero. (Note that statistical counters can be reset to zero without rebooting the switch. See “Displaying Port Counters from the Console Interface” on page 7-12.
Using the Switch Console Interface Rebooting the Switch Rebooting To Activate Configuration Changes. Configuration changes for some parameters become effective as soon as you save them. However, you must reboot the switch in order to implement any changes to any parameters in the following areas: ■ Console/Serial Link (under 2. Switch Management Access Configuration menu) ■ VLAN Names (under 3. Switch Configuration | 5. Advanced Feature | 4.
Using the Switch Console Interface The Command Prompt The Command Prompt In addition to the menu-based part of the console interface, under the Diagnostics Menu, a command-line based interface is available. The commands are primarily for the expert user and for diagnostics purposes, although there are commands for setting some basic items on the switch such as the date and time.
Using the Switch Console Interface The Command Prompt Commands Available The following commands are available from the command prompt (this information can also be displayed by entering help or he at the command prompt. When you see -- MORE -- at the bottom of the screen: ■ To advance the display one line at a time, use [Enter]. ■ To advance the display one screen at a time, use the Space bar. ■ To stop the help listing, press [Q]: Table 4-1.
Using the Switch Console Interface The Command Prompt Using the Switch Console Interface Command 4-16 Description Ping ping [count] [wait]; Sends IP ’Echo Request’ packets to the device identified by . count sets the number of packets, wait sets the time to wait for a response in seconds. Print print ; Sends the output from the command to a printer or file.
Using the Switch Console Interface The Command Prompt Set and Show Commands Most of the commands at the command prompt are useful for diagnostics purposes, but the set commands can be used to configure some of the switch’s basic features, and the show commands can be used to display switch and port status and activity information. These commands can be run from UNIX scripts so they can be executed on an automatic, timed basis.
Using the Switch Console Interface The Command Prompt Command Description set system set system ; Configures the switch identification parameters, where can be: • contact -- sets a user-defined name for someone to contact for switch administration. • location -- sets a user-defined switch location description. • name -- sets a user-defined identification name for the switch. Show Commands Table 4-3.
5 You can manage the switch via SNMP from a network management station. Included with your switch is a CD-ROM containing a copy of HP TopTools for Hubs & Switches, an easy-to-install and use network management application that runs on your Windows NT- or Windows 95-based PC. HP TopTools for Hubs & Switches provides control of your switch through its graphical interface.
Using HP TopTools or Other SNMP Tools To Monitor and Manage the Switch SNMP Management Features Monitoring and Managing the Switch ■ Monitoring data normally associated with the SNMP agent (“Get” operations).
Using HP TopTools or Other SNMP Tools To Monitor and Manage the Switch SNMP Configuration Process This requires that you configure the switch with the appropriate IP address. (Refer to chapter 2, “Configure an IP Address on the Switch”. If you are using DHCP/Bootp to configure the switch, ensure that the DHCP/Bootp process provides the IP address. (Refer to “DHCP/Bootp Operation” on page 6-9.) The general steps to configuring for SNMP access to the preceding features are: 1. From the Main menu, select 2.
Monitoring and Managing the Switch Using HP TopTools or Other SNMP Tools To Monitor and Manage the Switch Advanced Management: RMON and HP Extended RMON Support Caution Deleting the community named “public” disables many network management functions (such as auto-discovery, traffic monitoring, and threshold setting). If security for network management is a concern, it is recommended that you change the write access for the “public” community to “Restricted”.
6 Configuring the Switch Overview ■ Chapter 3, “Using the HP Web Browser Interface” ■ Chapter 4, “Using the Switch Console Interface” Why Reconfigure? In its factory default configuration, the switch operates as a multiport learning bridge with network connectivity provided by the ports on the switch and/or on the particular modules you have installed.
Configuring the Switch Overview Configuration Features Configuring the Switch Table 6-1.
Configuring the Switch Overview Note In the factory default configuration, the Spanning Tree Protocol (STP—which automatically blocks redundant links) is disabled. Generally, you should enable STP to prevent broadcast storms if there are redundant links in your network that are not part of a switch mesh. However, due to the requirements of the 802.1Q VLAN standard, STP blocks unmeshed redundant physical links even if they are in separate VLANs. This could result in blocking links unnecessarily.
Configuring the Switch IP Configuration IP Configuration Configuring the switch with an IP address expands your ability to manage the switch, and also enhances the switch features that can be used.
Configuring the Switch IP Configuration Configuring IP Addressing from the Web Browser Interface 1. Click here. 2. Click here. 3. If multiple VLANs are configured, select a VLAN. Configuring the Switch 4.To enable manual entry of the IP address, set this to “Manual”. 5. Enter an IP address, subnet mask, and, if needed, the IP address of the default gateway. 6.Click on this to activate the changes you made in steps 3 - 5. Figure 6-7.
Configuring the Switch Configuring the Switch IP Configuration Parameter Description IP Address IP address for the switch (or VLAN) IP interface. If DHCP/Bootp is selected for IP Configuration, this is a read-only field displaying the value received from a DHCP or Bootp server. Subnet Mask The same subnet mask that is used by all devices in the IP subnet being configured.
Configuring the Switch IP Configuration The default setting for Time Protocol Config is DHCP. Setting it to Manual, then pressing [v] or [Tab] causes the Timep Server Address parameter to appear. Configuring the Switch The default setting for IP Config is DHCP/Bootp. Using the Space bar to set it to Manual, then pressing [v] or [Tab] causes the IP Address, Subnet Mask, and Gateway parameters to appear. For descriptions of these parameters, refer to the online Help for this screen.
Configuring the Switch IP Configuration 9. If you want to reach off-subnet destinations, select the Gateway field and enter the IP address of the gateway router. 10. Press [Enter], then [S] (for Save). 11. Return to the Main Menu.
Configuring the Switch IP Configuration DHCP/Bootp Operation Overview DHCP/Bootp is used to download configuration data from a DHCP or Bootp server respectively to the switch or to a VLAN configured on the switch. With DHCP you can have the switch automatically retrieve the IP address with no configuration required on either the switch or the DHCP server.
Configuring the Switch IP Configuration Configuring the Switch DHCP Operation. A significant difference between a DHCP configuration and a Bootp configuration is that an IP address assignment from a DHCP server is automatic, requiring no configuration of the DHCP server. Using that automatic feature, though, the address is temporarily leased. Periodically the switch may be required to renew its lease of the IP configuration.
Configuring the Switch IP Configuration An entry in the Bootp table file /etc/bootptab to tell the switch or VLAN where to obtain a configuration file download would be similar to this entry: j4121switch:\ ht=ether:\ ha=040009123456:\ ip=55.66.77.88:\ sm=255.255.248.0:\ gw=55.66.77.1:\ lg=11.22.33.44:\ T144=”switch.cfg”:\ vm=rfc1048 j4121switch is a user-defined symbolic name to help you find the correct section of the bootptab file.
Configuring the Switch IP Configuration Configuring DHCP/Bootp In its default configuration, the switch is configured for DHCP/Bootp operation. However, if an IP address has previously been configured or if the IP Config parameter has been set to Disabled, then you will need to use this procedure to reconfigure the parameter to enable DHCP/Bootp operation.
Configuring the Switch IP Configuration Globally Assigned IP Network Addresses If you intend to connect your network to other networks that use globally administered IP addresses, Hewlett-Packard strongly recommends that you use IP addresses that have a network address assigned to you. There is a formal process for assigning unique IP addresses to networks worldwide. Contact one of the following companies: Country Phone Number/E-Mail/URL Company Name/Address Network Solutions, Inc.
Configuring the Switch SNMP Communities SNMP Communities From the switch console only you can add, edit, or delete SNMP communities. Use this feature to restrict access to the switch by SNMP management stations. You can configure up to five SNMP communities, each with either an operator-level or a manager-level view, and either restricted or unrestricted write access.
Configuring the Switch SNMP Communities To View, Edit, or Add SNMP Communities: 1. From the Console Main Menu, Select: 2. Switch Management Access Configuration (IP, SNMP, Console)... 2. SNMP Community Names/Authorized Managers Configuring the Switch Add and Edit options are used to modify the SNMP options. See figure 6-6-10. Note: This screen gives an overview of the SNMP communities that are currently configured. All fields in this screen are read-only. Figure 6-9.
Configuring the Switch SNMP Communities If you are adding a community, the fields in this screen are blank. If you are editing an existing community, the values for the currently selected Community appear in the fields. Type the value for these fields. Configuring the Switch Use the Space bar to select values for other fields Figure 6-10. The SNMP Add or Edit Screen Note 6-16 In the default configuration, no manager addresses are configured.
Configuring the Switch Trap Receivers Trap Receivers From the switch console only you to configure up to ten IP management stations (trap receivers) to receive SNMP trap packets sent from the switch. Trap packets describe specific event types. (These events are the same as the log messages displayed in the event log.) The Address and Community define which management stations receive the traps. To configure Trap Receivers from the switch console: 1. From the Console Main Menu, select 2.
Configuring the Switch Trap Receivers Press [E] (for Edit). The cursor moves to the Send Authentication Traps field. 3. Press the Space bar to enable (Yes) or disable (No) sending authentication traps, then press [Tab] to move the cursor to the Address field. 4. Type in the IP address of a network management station to which you want the switch to send SNMP trap packets, then press [Tab] to move the cursor to the Community field. 5.
Configuring the Switch Console/Serial Link Console/Serial Link From the switch console only you can configure the following console terminal emulation and communication characteristics: ■ Enable or disable inbound Telnet access (default: enabled) ■ Enable or disable HP web browser interface access (default: enabled) ■ Specify: Terminal type (default: VT-100) • Console screen refresh interval for statistics screens (the frequency with which statistics are updated on the screen—default: 3 seconds) •
Configuring the Switch Console/Serial Link Configuring the Console/Serial Link from the Switch Console This screen allows you to: ■ Enable or disable inbound Telnet and web browser interface access ■ Determine which log events will be displayed ■ Modify console and serial link parameters To Access Console/Serial Link Features: 1. From the Console Main Menu, Select... Configuring the Switch 2. Switch Management Access Configuration (IP, SNMP, Console)... 4.
Configuring the Switch Enhancing Security By Configuring Authorized IP Managers Enhancing Security By Configuring Authorized IP Managers This feature enables you to enhance security on the switch by using IP addresses to authorize which stations (PCs or workstations) are allowed to: Access the switch’s web browser interface ■ Telnet into the switch’s console interface ■ Perform TFTP transfers of configurations and software updates into the switch This feature does not affect SNMP access to the switch
Configuring the Switch Enhancing Security By Configuring Authorized IP Managers Configuring the Switch Defining Authorized Management Stations ■ Authorizing Single Stations: The table entry authorizes a single management station to have IP access to the switch. To use this method, just enter the IP address of an authorized management station in the Authorized Manager IP column, and leave the IP Mask set to 255.255.255.255. This is the easiest way to use the Authorized Managers feature.
Configuring the Switch Enhancing Security By Configuring Authorized IP Managers Configuring IP Authorized Managers in the Web Browser Interface 1. Click here. 2. Click here. 3. Enter an Authorized Manager IP address here. 4. Use the default mask to allow access by one management station, or edit the mask to allow access by a group of management stations (page 6-24). 5. Select Manager level or Operator level access (page 6-21.) 6. Click here to add your entry to the list. Figure 6-13.
Configuring the Switch Enhancing Security By Configuring Authorized IP Managers Configuring the Switch 1. Select Add to add an authorized manager to the list. Figure 6-14. Example of How To Add an Authorized Manager Entry 2. Enter an Authorized Manager IP address here. 3. Use the default mask to allow access by one management device, or edit the mask to allow access by a block of management devices. See “Building IP Masks” below. 4. Select Manager or Operator access. 5.
Configuring the Switch Enhancing Security By Configuring Authorized IP Managers Configuring One Station Per Authorized Manager IP Entry This is the easiest way to apply a mask. If you have ten or fewer management and/or operator stations, you can configure them quickly by simply adding the address of each to the Authorized Manager IP list with 255.255.255.255 for the corresponding mask. For example, as shown in figure 6-13 on page 6-23, if you configure an IP address of 11.33.248.5 with an IP mask of 255.
Configuring the Switch Enhancing Security By Configuring Authorized IP Managers Configuring the Switch Table 6-3. Analysis of IP Mask for Multiple-Station Entries 1st Octet 2nd Octet 3rd Octet 4th Octet Manager-Level or Operator-Level Device Access IP Mask 255 255 255 0 Authorized Manager IP 11 33 248 5 The “255” in the first three octets of the mask specify that only the exact value in the octet of the corresponding IP address is allowed.
Configuring the Switch Enhancing Security By Configuring Authorized IP Managers Additional Examples for Authorizing Multiple Stations Entries for Authorized Results Manager List IP Mask 255 255 0 Authorized Manager IP 10 IP Mask 255 238 255 250 Authorized Manager IP 10 33 255 248 1 This combination specifies an authorized IP address of 10.33.xxx.1.
Configuring the Switch System Information System Information From the web browser interface and the switch console you can configure basic switch management information, including system data, address aging, and time zone parameters. Configuring System Parameters from the Web Browser Interface Configuring the Switch In the web browser interface, you can enter the system information shown below. For access to the Address Age Interval and the Time parameters, use the console. 1. Click here. 2.
Configuring the Switch System Information Configuring System Information from the Console To Access System Information: 1. From the Console Main Menu, Select... 3. Switch Configuration... 1. System Information Configuring the Switch System Name Figure 6-18. The System Configuration Screen (Default Values) Note To help simplify administration, it is recommended that you configure System Name to a character string that is meaningful within your system.
Configuring the Switch Port Settings Port Settings From the web browser interface and switch console you can configure the operating state for each port. Also optionally enables you to restrict the amount of broadcast traffic on the port. The read-only fields in this screen display the port numbers and port types. Port numbers in the configuration correspond to port numbers on the front of the switch. Configuring the Switch The following table shows the settings available for each port type.
Configuring the Switch Port Settings Parameter Description For 100FX ports: 100HDx (default): 100 Mbps, Half-Duplex 100FDx: 100 Mbps, Full-Duplex For 10 FL ports: 10HDx:(default): 10 Mbps, Half-Duplex 10FDx: 10 Mbps, Full-Duplex Maximizes circuit efficiency by enabling negotiation of packet parameters with the device to which the port is connected. Disabled (default): The port will not generate flow control packets and drops received flow control packets. Enabled: The port uses 802.
Configuring the Switch Port Settings Configuring Port Parameters from the Web Browser Interface Configuring the Switch 1. Click Here 2. Click Here 3. Select a port to configure. 4. Click on “Modify Selected Ports”. Figure 6-19. Example of Port Configuration Screen on the Web Browser Interface 5. Select configuration changes. (Note: For Broadcast Limit, type in a value from 0 to 99.) 6. Click on “Apply Settings” to activate changes. Figure 6-20.
Configuring the Switch Port Settings Configuring Port Parameters from the Switch Console To Access Port Settings: 1. From the Console Main Menu, Select: 3. Switch Configuration... 2. Port Settings Configuring the Switch Figure 6-21. Example of the Port Settings Screen 2. Press [E] (for Edit). The cursor moves to the Enabled field for the first port. 3. Refer to the online help provided with this screen for further information on configuration options for these features. 4.
Configuring the Switch Network Monitoring Port Features Network Monitoring Port Features From the web browser interface and switch console you can designate a port for monitoring traffic on one or more other ports or on a VLAN configured on the switch. The switch monitors the network activity by copying all traffic from the specified ports or VLAN to the designated monitoring port.
Configuring the Switch Network Monitoring Port Features • To monitor a single port, click on that port, then click on Apply Changes. • To monitor a several ports: Press and hold [Ctrl]. b. Click on the ports that you want to monitor, then release [Ctrl]. The selected series of ports should now be highlighted. c. Click on Apply Changes Configuring the Switch a. Figure 6-23. Selecting the Port(s) To Monitor To monitor a VLAN, click on this menu, select the desired VLAN, then click on Apply Changes.
Configuring the Switch Network Monitoring Port Features Configuring Port Monitoring from the Switch Console To Access Port Monitoring: This procedure describes configuring the switch for monitoring when monitoring is disabled. (If monitoring has already been enabled, the screens will appear differently than shown in this procedure.) 1. From the Console Main Menu, Select: 3. Switch Configuration... Configuring the Switch 3. Network Monitoring Port Enable monitoring by setting this parameter to “Yes”.
Configuring the Switch Network Monitoring Port Features Move the cursor to the Monitoring Port parameter. Configuring the Switch Figure 6-26. Example of Selecting a Monitoring Port 5. Use the Space bar to select which port to use for the monitoring port, then press [v] to move to the Monitor parameter. (The default setting is Ports, which you will use if you want to monitor one or more individual ports on the switch.) 6.
Configuring the Switch Network Monitoring Port Features Note: This screen appears instead of the one in figure 6-20 if the Monitor parameter is set to VLAN Configuring the Switch Example of a VLAN Monitoring Parameter Figure 6-27. Example of Selecting a VLAN to Monitor 7. 6-38 Return to the Main Menu.
Configuring the Switch Spanning Tree Protocol (STP) Spanning Tree Protocol (STP) Note You should enable STP in any switch that is part of a redundant physical link (loop topology). (It is recommended that you enable STP on all switches belonging to a loop topology.) This topic is covered in more detail under “How STP Operates” on page 6-42. As recommended in the IEEE 802.
Configuring the Switch Spanning Tree Protocol (STP) Enabling STP from the Web Browser Interface This procedure enables or disables STP on the switch. Configuring the Switch 1. Click Here 2. Click Here 3. To enable or disable STP, click on the drop-down menu, then click on your selection (On or Off). 4. Click on Apply Changes to activate your choice. Figure 6-28.
Configuring the Switch Spanning Tree Protocol (STP) Configuring STP from the Switch Console In most cases, the default STP parameter settings are adequate. In cases where they are not, use this procedure to make configuration changes. Caution If you enable STP, it is recommended that you leave the remainder of the STP parameter settings at their default values until you have had an opportunity to evaluate STP performance in your network.
Configuring the Switch Spanning Tree Protocol (STP) 5. Use [Tab] or the arrow keys to select the next parameter you want to change, then type in the new value or press the Space Bar to select a value. (If you need information on STP parameters, press [Enter] to select the Actions line, then press H to get help.) 6. Repeat step 5 for each additional parameter you want to change. Configuring the Switch For information on the Mode parameter, see “STP Fast Mode” below. 7.
Configuring the Switch Spanning Tree Protocol (STP) STP Fast Mode For standard STP operation, when a network connection is established on a device that is running STP, the port used for the connection goes through a sequence of states (Listening and Learning) before getting to its final state (Forwarding or Blocking, as determined by the STP negotiation). This sequence takes two times the forward delay value configured for the switch. The default is 15 seconds on HP switches, per the IEEE 802.
Configuring the Switch Spanning Tree Protocol (STP) 4. Repeat steps 2 and 3 for all the switch ports you want to change that are connected to end nodes. 5. When you have finished the configuration changes, press [Enter] to return to the Actions line and press [S] to save the new configuration. STP Operation with 802.1Q VLANs Configuring the Switch As recommended in the IEEE 802.
Configuring the Switch Spanning Tree Protocol (STP) STP Operation with Switch Meshing As noted earlier in this section, STP sees a switch mesh domain as a single path. This makes switch meshing a useful tool for preventing STP from blocking redundant physical links in separate VLANs. (A switch mesh domain is a member of all VLANs configured on the switch.) In some cases, switch meshing will automatically change STP Cost and Priority information.
Configuring the Switch Traffic/Security Filter Features Traffic/Security Filter Features From the switch console only, you can enhance bandwidth usage and inband security on the switch by configuring static per-port filters to forward desired traffic or drop unwanted traffic, as described below. Table 6-4.
Configuring the Switch Traffic/Security Filter Features 2. In the Actions line, press [A] (for Add) to display the Traffic/Security Filters Configuration screen shown in figure 6-32. Filter Type Parameter Figure 6-33. Example of the Traffic/Security Filters Configuration Screen 6-47 Configuring the Switch Figure 6-32.
Configuring the Switch Traffic/Security Filter Features 3. Configuring the Switch 4. Press the Space bar to select the type of filter you want to configure. The options are: • Multicast (the default) • Protocol • Source Port Press [v] once to highlight the next line.
Configuring the Switch Traffic/Security Filter Features b. Press the Space bar to select the filter action for that port ( Forward filtered packets--the default--or Drop filtered packets). c. Do one of the following: – To configure the filter action for another destination port, return to step a. – If you are finished configuring actions for the current filter, go to step 6. 6. Press [Enter] to return to the Actions line, then press [S] (for Save ) to save the current filter configuration. 7.
Configuring the Switch Traffic/Security Filter Features Caution If Spanning Tree is enabled, then the Spanning Tree multicast MAC address should not be filtered. (STP will not operate properly if the multicast MAC address is filtered.) Protocol Filters Configuring the Switch This filter type enables the switch to restrict traffic of a particular protocol type to a specific destination port or ports on the switch (or to be dropped for all ports on the switch).
Configuring the Switch Port-Based Virtual LANs (VLANs) Port-Based Virtual LANs (VLANs) A VLAN is a group of ports designated by the switch as belonging to the same broadcast domain. (That is, all ports carrying traffic for a particular subnet address would normally belong to the same VLAN.) Using a VLAN, you can group users by logical function instead of physical location.
Configuring the Switch Port-Based Virtual LANs (VLANs) Switch with Two VLANs Configured VLAN_1 Port 1 Port 2 Port 3 Port 4 External Router Port 8 Port 5 Port 6 Port 7 VLAN_2 Configuring the Switch Figure 6-35. Example of Routing Between VLANs via an External Router Overlapping (Tagged) VLANs. A port on the Switches 1600M/2424M/ 4000M/8000M can be a member of more than one VLAN if the device to which they are connected complies with the 802.1Q VLAN standard.
Configuring the Switch Port-Based Virtual LANs (VLANs) Similarly, using 802.1Q-compliant switches, you can connect multiple VLANs through a single switch-to-switch link. Introducing Tagged VLAN Technology into Networks Running Legacy (Untagged) VLANs. You can introduce 802.1Q-compliant devices into networks that have built untagged VLANs based on earlier VLAN technology. The fundamental rule is that legacy/untagged VLANs require a separate link for each VLAN, while 802.
Configuring the Switch Port-Based Virtual LANs (VLANs) Overview of Using VLANs VLAN Support and the Default VLAN Configuring the Switch In the factory default configuration, VLAN support is de-activated and all the ports are only in the switch physical broadcast domain, which is given the name DEFAULT_VLAN. You can partition the switch into multiple virtual broadcast domains by adding one or more additional VLANs and moving ports from the default VLAN to the new VLANs.
Configuring the Switch Port-Based Virtual LANs (VLANs) ■ If you enable VLAN support and configure VLANs, then subsequently disable VLAN support, all VLANs except the DEFAULT_VLAN will be cleared from the switch and all ports will be reassigned to the default VLAN. Depending on the network topology, this could result in redundant links causing broadcast storms unless the Spanning Tree Protocol is enabled. ■ Changes to the VLAN configuration are dynamic.
Configuring the Switch Port-Based Virtual LANs (VLANs) Configuring VLAN Parameters from the Switch Console In the factory default state, VLANs are disabled and all ports belong to the same broadcast/multicast domain. This domain is called DEFAULT_VLAN and appears in the “VLAN Names” screen after you activate VLAN support and reboot the switch. You can create up to 29 additional VLANs by adding new VLAN names, and then assigning one or more ports to each VLAN.
Configuring the Switch Port-Based Virtual LANs (VLANs) Note 2. Press [Enter] or [1] to select VLAN Support and you will see a screen with the Activate VLANs field set to No. 3. Press [E] (for Edit), then press the Space bar to select Yes. 4. Press the [Tab] or Down Arrow [v] key to reveal the Total Number of VLANs field. 5. Use the default number of VLANs (8), or enter the maximum number of VLANs you will be configuring (up to 30). 6. Press [Enter] and then [S] to save the VLAN configuration.
Configuring the Switch Port-Based Virtual LANs (VLANs) Note After the reboot, all changes to the VLAN configuration, including adding and deleting VLANs, changing port assignments, and configuring various features on the VLANs are dynamic and require no additional switch reboot. 8. Add one or more new VLANs now, as described in the next section, “Adding or Editing VLAN Names”. Adding or Editing VLAN Names Use this procedure to add a new VLAN or to edit the name of an existing VLAN. 1.
Configuring the Switch Port-Based Virtual LANs (VLANs) 3. Type the name (up to 12 characters, with no spaces) of a new VLAN that you want to add. 4. Press [v] to move the cursor to the 802.1Q VLAN ID line and type in a VLAN ID number, then press [Enter]. (This can be any number between 1 and 4095 that is not already being used by another VLAN.) Remember that a VLAN must have the same VLAN ID in every switch in which you configure that same VLAN. 5. Press [S] (for Save).
Configuring the Switch Port-Based Virtual LANs (VLANs) Adding or Changing a VLAN Port Assignment Use this procedure to add ports to a VLAN or to change the VLAN assignment(s) for any port. (Ports not specifically assigned to a VLAN are automatically in the default VLAN.) 1. From the Main Menu select: 3. Switch Configuration 5. Advanced Features 6. VLAN Menu . . . 3.
Configuring the Switch Port-Based Virtual LANs (VLANs) 2. To change a port’s VLAN assignment(s): a. Press [E] (for Edit). b. Use the arrow keys to select a VLAN assignment you want to change. c. Press the Space bar to make your assignment selection (No, Tagged, or Untagged). Note Only one untagged VLAN is allowed per port. Also, there must be at least one VLAN assigned to each port. In the factory default configuration, all ports are assigned to the default VLAN (DEFAULT_VLAN).
Configuring the Switch Port-Based Virtual LANs (VLANs) VLAN Tagging Information Configuring the Switch VLAN tagging enables traffic from more than one VLAN to use the same port. (Even when two or more VLANs use the same port they remain as separate domains and cannot receive traffic from each other without going through a router.) As mentioned earlier, a “tag” is simply a unique VLAN identification number (VLAN ID) assigned to a VLAN at the time that you configure the VLAN name in the switch.
Configuring the Switch Port-Based Virtual LANs (VLANs) ■ ■ Note • VLANs assigned to ports X1 - X6 can all be untagged because there is only one VLAN assignment per port. Red VLAN traffic will go out only the Red ports; Green VLAN traffic will go out only the Green ports, and so on. Devices connected to these ports do not have to be 802.1Qcompliant. • However, because both the Red VLAN and the Green VLAN are assigned to port X7, at least one of the VLANs must be tagged for this port.
Configuring the Switch Port-Based Virtual LANs (VLANs) Configuring the Switch VLAN ID Numbers Figure 6-46. Example of VLAN ID Numbers Assigned in the VLAN Names Screen VLAN tagging gives you several options: ■ Since the purpose of VLAN tagging is to allow multiple VLANs on the same port, any port that has only one VLAN assigned to it can be configured as “Untagged” (the default). ■ Any port that has two or more VLANs assigned to it can have one VLAN assignment for that port as “Untagged”.
Configuring the Switch Port-Based Virtual LANs (VLANs) Server S2 Server S1 Red VLAN: Untagged Green VLAN: Tagged X1 Switch "X" X4 Red VLAN X2 Red VLAN: Untagged Green VLAN: Tagged Red VLAN: Untagged Green VLAN: Tagged Y1 Y5 Switch "Y" Y4 X3 Green VLAN Y2 Green VLAN only Server S3 Y3 Red VLAN Green VLAN The VLANs assigned to ports X3, X4, Y2, Y3, and Y4 can all be untagged because there is only one VLAN assigned per port.
Configuring the Switch Port-Based Virtual LANs (VLANs) To summarize: VLANs Per Port Tagging Scheme 1 Untagged or Tagged 2 or More 1 VLAN Untagged; all others Tagged or All VLANs Tagged Configuring the Switch A given VLAN must have the same VLAN ID on any 802.1Q-compliant device in which the VLAN is configured. The ports connecting two 802.1Q devices should have identical VLAN configurations, as shown for ports X2 and Y5, above.
Configuring the Switch Port-Based Virtual LANs (VLANs) VLAN MAC Addresses The switch has one unique MAC address for each of its VLAN interfaces. You can send an 802.2 test packet to this MAC address to verify connectivity to the switch. Likewise, you can assign an IP address to the VLAN interface, and when you Ping that address, ARP will resolve the IP address to this MAC address.
Configuring the Switch Port-Based Virtual LANs (VLANs) VLAN Restrictions A port must be a member of at least one VLAN. In the factory default configuration, all ports are assigned to the default VLAN (DEFAULT_VLAN). ■ A port can be assigned to several VLANs, but only one of those assignments can be untagged. (The “Untagged” designation enables VLAN operation with non 802.1Q-compliant devices.) ■ An external router must be used to communicate between VLANs.
Configuring the Switch Port-Based Virtual LANs (VLANs) HP Router Requirements. Use the Hewlett-Packard version A.09.70 (or later) router OS release if any of the following Hewlett-Packard routers are installed in networks in which you will be using VLANs: HP Router 440 (formerly Router ER) HP Router 470 (formerly Router LR) HP Router 480 (formerly Router BR) HP Router 650 Release A.09.70 (or later) is available electronically through the HP BBS service and the World Wide Web.
Configuring the Switch Load Balancing: Port Trunking Load Balancing: Port Trunking The multiple ports in a trunk behave as one logical port Switch 1 Configuring the Switch port 1 port 2 port 3 ... port n Switch 2 port a port b port c ... port n port w port x port y port z ... port n Switch 3 port 5 port 6 port 7 port 8 ... port n Figure 6-48.
Configuring the Switch Load Balancing: Port Trunking are evenly distributed across the links in a trunk. In actual networking environments, this is rarely a problem. However, if it becomes a problem, you can use the HP TopTools for Hubs & Switches network management software available from Hewlett-Packard to quickly and easily identify the sources of heavy traffic (top talkers) and make adjustments to improve performance.
Configuring the Switch Load Balancing: Port Trunking then port A3 will be a member of the Blue VLAN instead of the original Red VLAN. Configuring the Switch However, if filters were in use on port A3, it will return to filtering as it did before joining the trunk: • If, for example, port A3 was configured with filters to drop specific packets before it became a member of trunk 1 and . . .
Configuring the Switch Load Balancing: Port Trunking Trunk Configuration Options There are three trunk configuration types from which to select: Traffic Distribution Method Recommended Switch 1600M/2424M/4000M/ 8000M Configuration for Trunking to: Trunk Source Address/Destination • Another Switch 1600M/2424M/4000M/8000M Address (SA/DA) • HP Switch 2000A/B • HP Switch 800T • SA/DA forwarding devices such as the Sun Trunk Server and some vendors’ switches • Windows NT and HP-UX workstations and servers S
Configuring the Switch Configuring the Switch Load Balancing: Port Trunking Figure 6-49.
Configuring the Switch Load Balancing: Port Trunking 4. In the Group column, move the cursor to the port you want to configure. 5. Use the Space bar (or type the trunk name, such as trk5) to choose a trunk assignment for the selected port. All ports in a trunk should have the same media type and mode (such as 10/100TX set to 100HDx, or 100FX set to 100FDx). The flow control and broadcast limit settings should also be the same for all ports in a given trunk.
Configuring the Switch Load Balancing: Port Trunking 6. Move the cursor to the Type column for the selected port and use the Space bar to select the trunk type: – Trunk (Source Address/Destination Address trunk; the default type if you do not select a type)—page 6-77. – SA-Trunk (Source-Address trunk)—page 6-78 – FEC (Fast EtherChannel® trunk)—page 6-79 Configuring the Switch All ports in the same trunk must have the same Type (Trunk, SA-Trunk, or FEC). Figure 6-51.
Configuring the Switch Load Balancing: Port Trunking Operating Information This section describes port usage and how traffic is distributed by the various trunking options. Trunk Operation Using the “Trunk” Option This method provides the best means for evenly distributing traffic over trunked links to devices. A B C D Switch 1 2 3 W X Y Z Switch Figure 6-52.
Configuring the Switch Load Balancing: Port Trunking Trunk Operation Using the “SA-Trunk” Option This option is less efficient than the SA/DA option described above. However, it is useful for trunking to devices that do not have built-in support for the SA/DA-trunking method. Configuring the Switch Configuring the SA-Trunk option for a port trunk causes the switch to distribute traffic in a sequential manner to the links within the trunk on the basis of source address only.
Configuring the Switch Load Balancing: Port Trunking Trunk Operation Using the “FEC” Option This is the most flexible method for distributing traffic over trunked links when connecting to devices that use the FEC (Fast EtherChannel®) technology. HP FEC trunks offer the following benefits: Provide trunked connectivity to a FEC-compliant server, switch, or router. ■ Enable quick convergence to remaining links when a failure is detected on a trunked port link.
Configuring the Switch Load Balancing: Switch Meshing Load Balancing: Switch Meshing Configuring the Switch Switch meshing is a load-balancing technology that enhances reliability and performance in these ways: ■ Provides significantly better bandwidth utilization than either Spanning Tree Protocol (STP) or standard port trunking.
Configuring the Switch Load Balancing: Switch Meshing Because Redundant Paths Are Active, Meshing Adjusts Quickly to Link Failures. If a link in the mesh fails, the fast convergence time designed into meshing typically has an alternate route selected in less than a second for traffic that was destined for the failed link. Meshing Allows Scalable Responses to Increasing Bandwidth Demand. As more bandwidth is needed in a LAN backbone, another switch and another set of links can be added.
Configuring the Switch Load Balancing: Switch Meshing Switch Meshing Fundamentals Meshed Switch Domain. This is a group of switches exchanging meshing protocol packets. Paths between these switches can have multiple redundant links without creating broadcast storms. A meshed switch can have some ports in the meshed domain and others outside the meshed domain. Meshed links must be point-to-point switch links. Hub links between meshed switch links are not allowed.
Configuring the Switch Load Balancing: Switch Meshing Mesh Domain Mesh Domain Non-Mesh Ports Switch Non-Mesh Configuring the Switch Mesh Domain Mesh Domain Non-Mesh Ports Non-Mesh Link Figure 6-55. Example of Multiple Meshed Switch Domains Separated by a NonMesh Switch or a Non-Mesh Link Configuration Requirements. Before configuring switch meshing on any ports in the Switches 1600M/2424M/4000M/8000M, it is necessary to activate VLAN support.
Configuring the Switch Load Balancing: Switch Meshing Further Information: ■ For further operating information and restrictions, refer to “Operating Notes for Switch Meshing” on page 6-87. ■ For further explanation and examples of switch meshing, refer to HP’s Network City site at the following URL on the world wide web: http://www.hp.
Configuring the Switch Load Balancing: Switch Meshing Configuring the Switch Figure 6-56. Example of the Screen for Configuring Ports for Load Balancing 4. In the Group column, move the cursor to the port you want to assign to the switch mesh. 5. Use the Space bar (or press [M]) to choose Mesh for the selected port. If you are configuring switch meshing, all meshed ports in the switch will belong to the same mesh domain. (See figure 6-54 on page 6-82.
Configuring the Switch Configuring the Switch Load Balancing: Switch Meshing Figure 6-57. Example of Mesh Group Assignments for Several Ports 6. Note When you are finished assigning ports to the switch mesh, press [Enter], then [S] (for Save) and return to the Main Menu. For meshed ports, leave the “Type” setting blank. (Meshed ports do not accept a Type setting.) 7. To activate the mesh assignment(s) from the Main Menu, reboot the switch by pressing the following keys: a. [6] (for Reboot Switch) b.
Configuring the Switch Load Balancing: Switch Meshing Operating Notes for Switch Meshing In a switch mesh domain traffic is distributed across the available paths with an effort to keep latency the same from path to path.
Configuring the Switch Load Balancing: Switch Meshing W Switches A, B, C, & D are Edge Switches B W A E C W D Configuring the Switch Switch Mesh Domain W Figure 6-58. Example of a Broadcast Path Through a Switch Mesh Domain Any mesh switches that are not edge switches will flood the broadcast packets only through ports (paths) that link to separate edge switches in the controlled broadcast tree. The edge switches that receive the broadcast will flood the broadcast out all non-meshed ports.
Configuring the Switch Load Balancing: Switch Meshing retain device addresses longer. Because the switches in a mesh exchange address information, this will help to decrease the number of unicast packets with unknown destinations, which will improve latency within the mesh. Also, in an IP environment, it is recommended that you configure meshed switches with their own IP addresses. This makes the discovery mechanism more robust, which contributes to decreased latency.
Configuring the Switch Load Balancing: Switch Meshing Configuring the Switch Figure 6-60. Connecting a Switch Mesh Domain to Non-Meshed Devices STP should be configured on non-mesh devices that use redundant links to interconnect with other devices or with multiple switch mesh domains. For example: Non-Mesh Switch STP Block STP Block Mesh Domain Mesh Domain Non-Mesh Switch Figure 6-61.
Configuring the Switch Load Balancing: Switch Meshing Caution Because the switch automatically gives faster links a higher priority, the default STP parameter settings are usually adequate for spanning tree operation. Because incorrect STP settings can adversely affect network performance, you should avoid making changes without having a strong understanding of how STP operates. For more on STP, refer to “Spanning Tree Protocol (STP)” (page 6-39), and examine the IEEE 802.1d standard.
Configuring the Switch Load Balancing: Switch Meshing Red Blue VLAN VLAN D (Blue VLAN) (Red VLAN) A Red VLAN Red VLAN Red VLAN Blue VLAN Blue VLAN Blue VLAN (Red VLAN) B C (Blue VLAN) Configuring the Switch (Red VLAN) E Red Blue VLAN VLAN Switch Mesh Domain All ports inside the mesh domain are members of all VLANs. Figure 6-62.
Configuring the Switch Load Balancing: Switch Meshing Server Farm Server Farm Switches SW 1 through SW 12 form the maximum size switch mesh domain. SW 1 SW 2 Note that more than one link is allowed between any two switches in the domain. SW 4 SW 5 SW 6 SW 7 SW 8 SW 9 SW 10 SW 11 Configuring the Switch SW 3 SW 12 Figure 6-63.
Configuring the Switch Configuring the Switch Load Balancing: Switch Meshing 6-94 ■ Connecting Mesh Domains: To connect two separate switch meshing domains, you must use non-meshed ports. (The non-meshed link can be a port trunk or a single link.) Refer to figure 6-55 on page 6-83. ■ Fast EtherChannel® (FEC): This cannot be configured on a meshed port. (You can configure FEC on non-meshed ports in a switch that also has meshed ports.
Configuring the Switch IP Multicast (IGMP) Features—Multimedia Traffic Control IP Multicast (IGMP) Features— Multimedia Traffic Control IGMP is useful in multimedia applications such as LAN TV, desktop conferencing, and collaborative computing, where there is multipoint communication; that is, communication from one to many hosts, or communication originating from many hosts and destined for many other hosts.
Configuring the Switch IP Multicast (IGMP) Features—Multimedia Traffic Control Configuring IGMP from the Web Browser Interface Configuring the Switch 1. Click Here 2. Click Here 3. If multiple VLANs are configured, select the VLAN in which you want to configure IGMP. 4. To enable or disable IGMP, click on the drop-down menu, click on your selection (On or Off), and then click on Apply Changes Figure 6-65.
Configuring the Switch IP Multicast (IGMP) Features—Multimedia Traffic Control Parameter Description Multicast Filtering Determines whether the switch or VLAN uses IGMP on a per-port basis (IGMP) to manage IP Multicast traffic. If multiple VLANs are configured, you can configure IGMP separately for each VLAN. To access a VLAN using the HP web browser interface, enter that VLAN’s IP address as the URL. Default: Off When Off, all ports on the switch or VLAN simply forward IP multicast traffic.
Configuring the Switch IP Multicast (IGMP) Features—Multimedia Traffic Control Configuring IGMP from the Switch Console In the factory default configuration, IGMP is disabled. If multiple VLANs are configured, you can configure IGMP on a per-VLAN basis. When you use either the console or the web browser interface to enable IGMP on the switch or a VLAN, the switch forwards IGMP traffic only to ports belonging to multicast groups.
Configuring the Switch IP Multicast (IGMP) Features—Multimedia Traffic Control Configuring the Switch Figure 6-66. Example of the (Default) IGMP Service Screen 2. Press the Space bar to select Yes (to enable IGMP). 3. Use [v] to highlight the Forward with High Priority parameter. 4. If you want IGMP traffic to be forwarded with a higher priority than other traffic on the switch or VLAN, use the Space bar to select Yes. Otherwise, leave this parameter set to No. 5.
Configuring the Switch IP Multicast (IGMP) Features—Multimedia Traffic Control How IGMP Operates Configuring the Switch The Internet Group Management Protocol (IGMP) is an internal protocol of the Internet Protocol (IP) suite. IP manages multicast traffic by using switches, multicast routers, and hosts that support IGMP. (In Hewlett-Packard’s implementation of IGMP, a multicast router is not necessary as long as a switch is configured to support IGMP with the querier feature enabled.
Configuring the Switch IP Multicast (IGMP) Features—Multimedia Traffic Control Role of the Switch When IGMP is enabled on the switch, it examines the IGMP packets it receives: ■ To learn which of its ports are linked to IGMP hosts and multicast routers/ queriers belonging to any multicast group ■ To become a querier if a multicast router/querier is not discovered on the network Once the switch learns the port location of the hosts belonging to any particular multicast group, it can direct group traffic
Configuring the Switch IP Multicast (IGMP) Features—Multimedia Traffic Control Multicast Data Stream Router Router PC X Video Server Router Configuring the Switch IGMP is NOT Running Here Router Switch 1 IGMP IS Running Here Switch 2 PC 1 Video Client PC 3 PC 2 PC 4 Video Client PC 6 PC 5 Figure 6-67. The Advantage of Using IGMP The next figure (6-68) shows a network running IP multicasting using IGMP without a multicast router. In this case, the IGMP-configured switch runs as a querier.
Configuring the Switch IP Multicast (IGMP) Features—Multimedia Traffic Control Switch 1 IGMP is NOT Running Here IGMP IS Running Here Switch 3 Multicast Data Stream Switch 2 IGMP IS Running Here Configuring the Switch Switch 4 PC 2 PC 1 PC 5 PC 6 Figure 6-68.
Configuring the Switch IP Multicast (IGMP) Features—Multimedia Traffic Control Note: IP Multicast Filters. IP multicast addresses occur in the range from 224.0.0.0 through 239.255.255.255 (which corresponds to the Ethernet multicast address range of 01005e-000000 through 01005e-7fffff). Any static Traffic/ Security filters (page 6-46) configured with a “Multicast” filter type and a “Multicast Address” in this range will continue in effect unless IGMP learns of a multicast group destination in this range.
Configuring the Switch IP Multicast (IGMP) Features—Multimedia Traffic Control Changing the Querier Configuration Setting The Querier feature, by default, is enabled and in most cases should be left in this setting. If you need to change the querier setting, you can do so using the IGMP Configuration MIB. To disable the querier setting, select the Command Prompt from the Diagnostics Menu and enter this command: setmib hpSwitchIgmpQuerierState.
Configuring the Switch Automatic Broadcast Control (ABC) Features Automatic Broadcast Control (ABC) Features Configuring the Switch ABC reduces the amount of IP and/or IPX broadcast traffic within a broadcast domain without adding the levels of cost and latency normally associated with routers. To get this result, the switch serves as a proxy for IP ARP, IPX NSQ, and IPX GetLocal Target, and limits the forwarding of IP RIP, and IP RIP/ SAP packets to only those ports where the broadcasts are needed.
Configuring the Switch Automatic Broadcast Control (ABC) Features Configuring ABC from the Web Browser Interface 1.Click Here 2. Click Here Configuring the Switch 3. IF VLANs are configured, select VLAN. 4. Enable ABC Parameter Description VLAN Selection If multiple VLANs are configured on the switch, select the VLAN in which you want to enable ABC.
Configuring the Switch Automatic Broadcast Control (ABC) Features Configuring the Switch Configuring ABC from the Switch Console In the factory default configuration, ABC is disabled and all broadcasts are sent out either all ports in the switch or, if VLANs are configured, out all ports in VLANs where ABC is enabled. If multiple VLANs are configured, you can configure ABC on a per-VLAN basis. Otherwise, the configuration is for all ports in the switch.
Configuring the Switch Automatic Broadcast Control (ABC) Features To Access ABC: 1. From the Main Menu, Select: 3. Switch Configuration 5. Advanced Features 4. Automatic Broadcast Control (ABC) Configuring the Switch Figure 6-69. The Default ABC Screen (No VLANs Configured) 2. Note If no VLANs are configured, go to step 3. If VLANs are configured, press Edit, then select the VLAN in which you want to configure ABC. The rest of this procedure assumes that VLANs are not configured.
Configuring the Switch Automatic Broadcast Control (ABC) Features 5. Press the [>] key to display the remaining ABC parameters.Then do one of the following: If you enabled ABC for IP_IPX and pressed [>] (figure 6-70, below): Configuring the Switch • Figure 6-70. ABC Enabled With Default IP_IPX Option (No VLANs Configured) If you want IP RIP broadcast control, then select the IP RIP Control parameter and use the Space bar to select Yes. ii.
Configuring the Switch Automatic Broadcast Control (ABC) Features • If you enabled ABC for IP (figure 6-64, below): Configuring the Switch Figure 6-71. ABC Enabled With Default IP Option (No VLANs Configured) If you want IP RIP broadcast control, then select the IP RIP Control parameter and use the Space bar to select Yes. ii.
Configuring the Switch Configuring the Switch Automatic Broadcast Control (ABC) Features Figure 6-72. ABC Enabled With Default IPX Option (No VLANs Configured) If you want IPX RIP/SAP control, then select the IPX RIP/SAP Control parameter. ii. Use the Space bar to select Yes. iii. Go to step 6, below. i. 6-112 6. Press [Enter] to return to the Actions menu. 7. Press [S] (for Save) to activate the changes you have made. 8. Return to the Main Menu. (It is not necessary to reboot the switch.
Configuring the Switch Automatic Broadcast Control (ABC) Features How ABC Operates Layer 2 (MAC level) broadcast packets can become a large percentage of the traffic on a network. These broadcasts not only use up network bandwidth, but also use up processing power on every client that receives the broadcast. Routers reduced this problem by introducing broadcast domains to reduce broadcast propagation through a network. However routers also introduced increased costs and latency, with reduced throughput.
Configuring the Switch Automatic Broadcast Control (ABC) Features with a unicast packet through the switch to host A. The switch monitors this response, learns the location of host D, and stores this information in its ARP cache. Thus, the switch now knows the address information for both host A and host D. Now, hosts A and D can send unicast packets to each other because they have learned each other’s addresses. Configuring the Switch Suppose that host C now wants to communicate with host A.
Configuring the Switch Automatic Broadcast Control (ABC) Features Reducing RIP and SAP Broadcast Traffic You can also configure ABC to limit IP RIP and IPX RIP and SAP broadcasts, which can further reduce broadcast traffic on your network. RIP and SAP broadcasts are normally forwarded on all ports.
Configuring the Switch Automatic Broadcast Control (ABC) Features The Auto Gateway parameter does not affect operation of hosts on the same port as the DHCP server. This is because such hosts receive responses directly from the server instead of responses from the switch. To prevent this problem, connect the DHCP servers directly to the switch.
Configuring the Switch Automatic Broadcast Control (ABC) Features ■ IPX Networks: • Only four IPX networks (with four different encapsulation types) are allowed per VLAN. • The IPX server chosen in the proxy response is always the first nearest server in the SAP table. Server Selection: The switch does not support encapsulation translations (such as from 802.2 to SNAP in IPX).
Configuring the Switch Configuring and Monitoring Port Security Configuring and Monitoring Port Security Using Port Security, you can configure each switch port with a unique list of the MAC addresses of devices that are authorized to access the network through that port. This enables individual ports to detect, prevent, and log attempts by unauthorized devices to communicate through the switch. Configuring the Switch Basic Operation The default port security setting for each port is “off”.
Configuring the Switch Configuring and Monitoring Port Security ■ Note Prevent Eavesdropping: Block outbound traffic with unknown destination addresses from exiting through the port. This prevents an unauthorized device on the port from eavesdropping on the flooded unicast traffic intended for other devices. The switch security measures block unauthorized traffic without disabling the port.
Configuring the Switch Configuring and Monitoring Port Security Table 6-5. Port Security Control Parameters Configuring the Switch Parameter Description Port Identifies the switch port to view or configure for port security. Learn Mode Specifies how the port will acquire its list of authorized addresses. Continuous (the default): Allows the port to learn addresses from inbound traffic from any device(s) to which it is connected.
Configuring the Switch Configuring and Monitoring Port Security Parameter Description Authorized Appears when Learn Mode is set to Static. Enables you to enter up to eight authorized devices (MAC Addresses addresses) per port, depending on the value specified in the Address Limits field. If you enter fewer devices than you specified in the Address Limits field, the port learns the remaining addresses from the inbound traffic it receives.
Configuring the Switch Configuring and Monitoring Port Security 2. Set the security policy for the selected port. a. If you want to configure authorized devices: i. Select Static for the Learn Mode parameter. Configuring the Switch ii. Select the number of authorized addresses (devices) for the Address Limit parameter. b. Select Yes if you want to prevent eavesdropping. iii. If you want to send SNMP traps notifying of attempted security violations, select Yes for the Send Alarm parameter. c.
Configuring the Switch Configuring and Monitoring Port Security Using the Switch Console To Configure Port Security From the Main Menu, select: 3. Switch Configuration . . . 5. Advanced Features . . . 5. Port Security Configuring the Switch 1. Select a port to configure. 2. Select Edit to display the security configuration screen for the selected port. Figure 6-78. Example of the Console Port Security Overview Screen 3.
Configuring the Switch Configuring and Monitoring Port Security 4. Configure Address Limit to the number of authorized devices you want on the port. Note: If the Address Limit parameter is more than the number of Authorized Addresses, the port automatically adds devices in addition to the one(s) you specified in the Authorized Address list. See the Caution for “Authorized Addresses” at the end of table 6-5 (starts on page 6-120). Configuring the Switch 5.
Configuring the Switch Configuring and Monitoring Port Security Reading and Resetting Intrusion Alarms When an attempted security violation occurs on a port configured for Port Security, the port drops the packets it receives from the unauthorized device. Notice of Security Violations When a security violation occurs on a port configured for Port Security, the switch responds in the following ways to notify you: ■ • You use either the console or web browser interface to reset the flag.
Configuring the Switch Configuring and Monitoring Port Security In this example, ports A1 and A2 have detected intrusions for which their alert flags have not been reset, as indicated by the Ports with Intrusion Flag entry (below). You must reset the intrusion alert flags for these ports before the log can indicate any new intrusions for them. 3. Click here to reset the intrusion alert flags for any ports listed below. This enables the log to display any new intrusions on these ports.
Configuring the Switch Configuring and Monitoring Port Security Examples of Security Violation entries. • The Intrusion Alert column in the console’s Port Status screen displays Yes for the port on which the violation occurred (figure 6-84, below). Intrusion alert indicated on Port A5. After you reset the alert flag (in the Intrusion Log screen, below), this entry changes to No. Figure 6-84.
Configuring the Switch Configuring and Monitoring Port Security System Time of Intrusion on Port A1 MAC Address of Intruding Device on Port A1 Configuring the Switch Type [R] (for Reset alert flags) to reset the alert flag on this port. This enables the log to display any new intrusion on this port. Figure 6-85.
Configuring the Switch Configuring and Monitoring Port Security Operating Notes for Port Security Identifying the IP Address of an Intruder. The Intrusion Log lists intruders by MAC address. If you are using HP TopTools for Hubs & Switches to manage your network, you can use the TopTools inventory reports to link MAC addresses to their corresponding IP addresses. (Inventory reports are organized by device type; hubs, switches, servers, etc.) Proxy Web Servers.
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively Class of Service (CoS): Managing Bandwidth More Effectively As the term suggests, network policy refers to the network-wide controls you can implement to ensure uniform and efficient traffic handling throughout your network. One goal of network policy is to keep the most important traffic moving at an acceptable speed, regardless of current bandwidth usage.
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively CoS is implemented in the form of rules or policies that are configured on the switch. While you can use CoS to prioritize only the outbound traffic moving through the switch, you derive the maximum benefit by using CoS in an 802.1Q VLAN environment (with 802.1p priority tags), where CoS can set priorities that are supported by downstream devices.
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively Basic Operation Configuring the Switch CoS settings operate on two levels: ■ Controlling the priority of outbound packets: Each switch port has two outbound traffic queues; “normal” priority and “high” priority. (Highpriority packets leave the switch port first. Normal-priority packets leave the switch port after the port’s high-priority queue is emptied.
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively If a packet is not in an 802.1Q tagged VLAN environment, the above settings control only to which outbound queue the packet goes, and no 802.1p priority is added to the packet. However, if the packet is in an 802.1Q tagged VLAN environment, then the above setting is also added to the packet as an 802.1p priority that can be used by downstream devices and applications, as indicated in the next table. Table 6-6.
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively Table 6-7. Precedence Criteria 1 Device Priority (IP Address) Priority Criteria and Precedence Overview You can specify a priority for any outbound packet having a particular destination or source IP address. CoS allows up to 30 IP addresses. If an outbound packet has an IP address as the destination, it takes precedence over another outbound packet that has the same IP address as a source.
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively No Override. By default, the IP ToS, Protocol, and VLAN ID criteria automatically list each of their options with No override for priority. This means that if you do not configure a priority for a specific option, CoS does not prioritize packets to which that option applies. For example, if you do not specify a priority for the IP protocol, then the IP protocol will not be a criteria for setting a CoS priority.
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively 3. Determine the actual CoS configuration changes you will need to make on each CoS-capable device in your network in order to implement the desired policy. 4. Configure the desired CoS priorities on the CoS-capable devices in the network. For HP devices, HP recommends that you use TopTools for Hubs & Switches (version N.01.03 or later) to help ensure that your CoS policy is implemented consistently across the network.
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively Configuring Class of Service from the Web Browser Interface 1. Click here. 2. Click here. Configuring the Switch The default screen displays the Device Priority option. Figure 6-86. The Default Class of Service Configuration Screen Use Table 6-8., “Steps for Using the Web Browser Interface To Configure CoS Priority” (next page) to guide you in configuring your CoS criteria.
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively Configuring the Switch Table 6-8. Steps for Using the Web Browser Interface To Configure CoS Priority CoS Options Priority Configuration Steps Device Priority Click on the Device Priority button, then: To add an IP address: 1. Type the address in the IP Address field. 2. Select the desired priority level from the Priority pull-down menu. 3. Click on the Add button. To change a configured priority for a device: 1.
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively Configuring Class of Service from the Console CoS uses dynamic reconfiguration to configure your CoS choices. This means that it is not necessary to reboot the switch after configuring CoS. To access the CoS console screens, begin at the Main Menu and select the following: 3. Switch Configuration . . . 5. Advanced Features . . . 7. Class of Service (CoS) Menu . . .
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively The CoS Device Priority Screen CoS uses the criteria you specify per IP address (up to 30) to determine traffic prioritization. Device Priority has higher precedence than any other CoS prioritization criteria. Thus, if traffic from or to the listed devices also carries other CoS criteria, those other criteria will be ignored due to the existence of the Device Priority criteria.
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively The CoS Protocol Priority Screen CoS uses protocol criteria to determine traffic priority unless the same traffic has other CoS criteria (configured in other CoS screens) that has a higher precedence. (For precedence information, see Table 6-7. Priority Criteria and Precedence on page 6-134.) To display the Protocol Priority screen, select Protocol Priority in the CoS Menu screen (page 6-139).
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively The CoS VLAN Priority Screen If you configure CoS on this screen, CoS uses the criteria you specify per VLAN to determine traffic prioritization unless the same traffic has other CoS criteria (configured in other CoS screens) that has a higher precedence. (For precedence information, see table 6-7, “Priority Criteria and Precedence”, on 6-134.
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively Using Type of Service (ToS) Criteria to Prioritize IP Traffic Every IP packet includes a Type of Service (ToS) field. This field carries priority settings that are read and used, but not altered by the switch. When CoS is configured to use ToS criteria, the switch reads the content of the packet’s ToS field and takes actions based on any CoS configuration that applies to the packet.
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively ToS Configuration Options. To display the Type of Service screen, select Type of Service (IP Precedence, Differentiated Services) in the CoS Menu screen (page 6-139). Configuring the Switch Type of Service includes three possible settings: ■ Disabled (the default): ToS is disabled and is not a factor in prioritizing packets. (Priority settings in the ToS fields of IP packets received by the switch are ignored.
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively Table 6-9. How the Switch Uses the ToS Configuration ToS Option: Outbound Port IP Precedence (Value = 0 - 7) Differentiated Services IP Packet in a Tagged VLAN Same as above, plus the IP Precedence value (0 - 7) will be used to set a corresponding 802.1p priority in the VLAN tag carried by the packet to the next downstream device.
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively IP Multicast (IGMP) Interaction with CoS Configuring the Switch The switch’s ability to prioritize IGMP traffic for either a normal or high priority outbound queue overrides any CoS criteria, and does not affect any 802.1p priority settings the switch may assign. For a given packet, if both IGMP high priority and CoS are configured, the CoS configuration overrides the IGMP setting.
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively Packet Enters Switch: On a Non-VLAN Port or in an Untagged VLAN Packet Exits From Switch: On a Non-VLAN Port or in an Untagged VLAN (Prioritizing affects only the choice of outbound priority queue. The packet carries no 802.1p priority tag.) 1. Device Priority (IP Address) Option (IP Packets Only): – If Device Priority does not apply to the packet, then packet priority defers to the ToS policy.
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively Packet Enters Switch: In an Untagged VLAN Packet Exits From Switch: In a tagged VLAN (Prioritizing affects both the choice of outbound priority queue and the packet’s 802.1p priority tag.) Configuring the Switch In this scenario, the outbound packet always carries a tagged VLAN field with an 802.1p priority setting. 1.
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively Packet Enters Switch: In a tagged VLAN Packet Exits From Switch: In an Untagged VLAN (Prioritizing affects only the choice of outbound priority queue. The 802.1p priority tag carried by the packet when it entered the switch is discarded along with the tagged VLAN field.) 1. Device Priority (IP Address) Policy (IP Packets Only): – If Device Priority does not apply to the packet, then packet priority defers to the ToS policy.
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively Packet Enters Switch: In a tagged VLAN Packet Exits From Switch: In a tagged VLAN (Prioritizing affects both the choice of outbound priority queue and the packet’s 802.1p priority tag.) Configuring the Switch In this scenario, the packet always carries a tagged VLAN field with an 802.1p priority setting, both inbound and outbound. 1.
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively Supporting CoS with an 802.1Q Tagged VLAN Environment Using HP’s 802.1Q-compliant switches, you can create either a single tagged VLAN or multiple tagged VLANs. To do either, you need an 802.1Q-compliant device connected to each tagged VLAN port on an HP switch. For more on VLANs, see page 6-51. Using the Default VLAN to Create a Single Tagged VLAN 1. Activate the switch’s VLAN support.
Configuring the Switch Class of Service (CoS): Managing Bandwidth More Effectively Configuring the Switch Operating and Troubleshooting Notes 6-152 ■ For Devices that Do Not Support 802.1Q Tagged VLANs: For communication between these devices and the switch, connect the device to a switch port configured as Untagged for the VLAN in which you want the device’s traffic to move.
7 Monitoring and Analyzing Switch Operation Overview You can use the switch console (and, in some cases, the web browser interface) to access read-only status and counter information to help you monitor, analyze, and troubleshoot switch operation. In particular, the web browser interface has an Alert Log that can help that can help you quickly identify network problems. See chapter 3, “Using the Web Browser Interface” for more information about the web browser interface and the Alert Log.
Monitoring and Analyzing Switch Operation Status and Counters Screens Status and Counters Screens This section describes the status and counters screens available through the switch console interface and/or the web browser interface. Note Monitoring and Analyzing Switch Operation Status or Counters Type You can access all console screens from the web browser interface via Telnet to the console. See “Configuration Tab” on page 3-24.
Monitoring and Analyzing Switch Operation Switch Console Status and Counters Menu Switch Console Status and Counters Menu Select Status and Counters from the Main Menu to display the Status and Counters menu: Each of the above menu items accesses the read-only screens described on the following pages. Refer to the online help for a description of the entries displayed in these screens. Note IP Multicast (IGMP) and Automatic Broadcast Control (ABC) are reported on a per-VLAN basis.
Monitoring and Analyzing Switch Operation Web Browser Interface Status Information Web Browser Interface Status Information The “home” screen for the web browser interface is the Status Overview screen, as shown in figure 7-2.
Monitoring and Analyzing Switch Operation Web Browser Interface Status Information General System Information To access this screen from the console Main Menu, select: 1. Status and Counters 1. General System Information This screen dynamically indicates how individual switch resources are being used. See the online Help for details. 7-5 Monitoring and Analyzing Switch Operation Figure 7-3.
Monitoring and Analyzing Switch Operation Web Browser Interface Status Information Switch Management Address Information To access this screen from the Main Menu, select: 1 Status and Counters Monitoring and Analyzing Switch Operation 2. Switch Management Address Information Figure 7-4. Example of Management Address Information with VLANs Configured This screen displays addresses that are important for management of the switch.
Monitoring and Analyzing Switch Operation Web Browser Interface Status Information Module Information To access this screen from the Main Menu, select: 1. Status and Counters 3. Module Information Displays information on the modules installed in the switch. See the online Help for details. 7-7 Monitoring and Analyzing Switch Operation Figure 7-5.
Monitoring and Analyzing Switch Operation Port Status Port Status The web browser interface and the console interface show the same port status data. Note If Automatic Broadcast Control (ABC) has been enabled, all ports where Bcast Limit (broadcast limit) has not already been manually set to a nonzero value will automatically be set to 30(%). See “Port Settings” on page 6-30. Displaying Port Status from the Web Browser Interface 2. Click here Monitoring and Analyzing Switch Operation 1.
Monitoring and Analyzing Switch Operation Port Status Displaying Port Status from the Console Interface To access this screen from the Main Menu, select: 1. Status and Counters 4. Port Status Monitoring and Analyzing Switch Operation Figure 7-7.
Monitoring and Analyzing Switch Operation Port Counters Port Counters The web browser interface and the console interface show the same port counter data. These screens enables you to determine the traffic patterns for each port. Port Counter features include: Monitoring and Analyzing Switch Operation Note 7-10 ■ Dynamic display of counters summarizing the traffic on each port since the last reboot or reset ■ Option to reset the counters to zero (for the current console session).
Monitoring and Analyzing Switch Operation Port Counters Displaying Port Counters from the Web Browser Interface 1. Click here 2. Click here 3. To view details about the traffic on a particular port, highlight that port number, then click on Details for Select Port. Monitoring and Analyzing Switch Operation 4. Click here to return to the Port Counters screen. Figure 7-8.
Monitoring and Analyzing Switch Operation Port Counters Displaying Port Counters from the Console Interface To access this screen from the Main Menu, select: 1. Status and Counters Monitoring and Analyzing Switch Operation 5. Port Counters Figure 7-9. Example of Port Counters on the Console Interface To view details about the traffic on a particular port, highlight that port number (figure 7-9), then select Show Details.
Monitoring and Analyzing Switch Operation Port Counters Figure 7-10. Example of the Display for Show details on a Selected Port This screen also includes the Reset action. Refer to the note on page 7-10.
Monitoring and Analyzing Switch Operation Address Table Address Table To access the Address Table screen from the Main Menu, select: 1. Status and Counters Monitoring and Analyzing Switch Operation 6. Address Table Figure 7-11. Example of the Address Table (Switch 4000M) This screen lets you determine which switch port is being used to communicate with a specific device on the network.
Monitoring and Analyzing Switch Operation Port Address Table Port Address Table This screen lets you determine which devices are attached to the selected switch port by listing all of the MAC addresses detected on that port. To access the port address table: 1. From the Main Menu, select: 1. Status and Counters 7. Port Address Table 1. Select this parameter. Monitoring and Analyzing Switch Operation 2. Use the Space bar to select the port for which you want to display the address table. Figure 7-12.
Monitoring and Analyzing Switch Operation Port Address Table In this example, several MAC addresses accessed through port 1 appear in the initial listing. To view any additional addresses that may be in the listing, use the Next page or Search action. Figure 7-13. Example of a Port Address Table for a Specific Port Monitoring and Analyzing Switch Operation Use the Search action at the bottom of the screen to determine whether a specific device (MAC address) is connected to the selected port.
Monitoring and Analyzing Switch Operation Spanning Tree (STP) Information Spanning Tree (STP) Information To access the Spanning Tree Information from the Main Menu, select: 1. Status and Counters 8. Spanning Tree Information STP must be enabled on the switch to display the following data: Monitoring and Analyzing Switch Operation Figure 7-14. Example of Spanning Tree Information Use this screen to determine current switch-level STP parameter settings and statistics.
Monitoring and Analyzing Switch Operation Spanning Tree (STP) Information Monitoring and Analyzing Switch Operation You can use the Show ports action at the bottom of the screen to display portlevel information and parameter settings for each port in the switch (including port type, cost, priority, operating state, and designated bridge) as shown in figure 7-15. Figure 7-15.
Monitoring and Analyzing Switch Operation IP Multicast (IGMP) Status IP Multicast (IGMP) Status To access this screen from the Main Menu, select: 1. Status and Counters 9. Advanced Features Status 1. IP Multicast (IGMP) Status Note If multiple VLANs are configured on the switch, you will be prompted to select a VLAN (by using the Space bar, then pressing [Enter]) to display this screen.
Monitoring and Analyzing Switch Operation IP Multicast (IGMP) Status Monitoring and Analyzing Switch Operation You can also display the port status of the individual multicast groups. (That is, you can display the ports, port types, and whether the IGMP devices connected to the switch via the port are hosts, routers, or both.) To do so, select the group from the above screen and press [S] for Show ports. For example, suppose you wanted to view the status of the IP multicast group 224.0.1.
Monitoring and Analyzing Switch Operation Automatic Broadcast Control (ABC) Information Automatic Broadcast Control (ABC) Information To access this screen from the Main Menu, click on: 1. Status and Counters 9. Advanced Features Status 2. Automatic Broadcast Control (ABC) Information Note If multiple VLANs are configured on the switch, you will be prompted to select a VLAN (by using the Space bar, then pressing [Enter]) to display this screen.
Monitoring and Analyzing Switch Operation Switch Mesh Information Switch Mesh Information To access this screen from the Main Menu, click on: 1. Status and Counters 9. Advanced Features Status Monitoring and Analyzing Switch Operation 3. Switch Mesh Information Figure 7-19. Example of Switch Mesh Screen This screen indicates the current operating states for meshed ports in the switch and identifies adjacent meshed ports and switches. For more information, see the online Help.
Monitoring and Analyzing Switch Operation VLAN Information VLAN Information To access this screen from the Main Menu, select: 1. Status and Counters 9. Advanced Features Status 4. VLAN Information Monitoring and Analyzing Switch Operation Figure 7-20. Example of VLAN Information Screen This screen displays the VLAN identification and status for each VLAN configured in the switch.
8 Troubleshooting This chapter addresses performance-related network problems that can be caused by topology, switch configuration, and the effects of other devices or their configurations on switch operation. (For switch-specific information on hardware problems indicated by LED behavior, cabling requirements, and other potential hardware-related problems, refer to the installation guide you received with the switch.
Troubleshooting Troubleshooting Approaches Troubleshooting Approaches There are six primary ways to diagnose switch problems: ■ Check the switch LEDs for indications of proper switch operation: • Each switch port has a Link LED that should light whenever an active network device is connected to the port. • Problems with the switch hardware and software are indicated by flashing the Fault and other switch LEDs.
F IP 3DJH 7XHVGD\ 6HSWHPEHU 30 Troubleshooting Browser or Console Access Problems Browser or Console Access Problems Cannot access the web browser interface: ■ Access may be disabled by the Web Agent Enabled parameter in the switch console. Check the setting on this parameter by selecting: 2. Switch Management Access Configuration 4. Console/Serial Link. ■ The switch may not have the correct IP address, subnet mask or gateway.
F IP 3DJH 7XHVGD\ 6HSWHPEHU 30 Troubleshooting Browser or Console Access Problems Cannot Telnet into the switch console from a station on the network: ■ Telnet access may be disabled by the Inbound Telnet Enabled parameter in the switch console. See “Configuring the Console/Serial Link from the Switch Console” on page 6-20. ■ The switch may not have the correct IP address, subnet mask, or gateway. Verify by connecting a console to the switch’s Console port and selecting: 2.
Troubleshooting Unusual Network Activity Unusual Network Activity Network activity that exceeds accepted norms often indicates a hardware problem with one or more of the network components, possibly including the switch. Unusual network activity is usually indicated by the LEDs on the front of the switch or measured with the switch console interface or with a network management tool such as the HP TopTools for Hubs & Switches.
Troubleshooting Unusual Network Activity One indication of a duplicate IP address in a DHCP network is this Event Log message: ip: Invalid ARP source: IP address on IP address where: both instances of IP address are the same address, indicating the IP address that has been duplicated somewhere on the network. The Switch Has Been Configured for DHCP/Bootp Operation, But Has Not Received a DHCP or Bootp Reply.
Troubleshooting Unusual Network Activity IGMP-Related Problems IP Multicast (IGMP) Traffic Does Not Reach IGMP Hosts or a Multicast Router Connected to a Port. IGMP must be enabled on the switch and the affected port must be configured for “Auto” or “Forward” operation. IP Multicast Traffic Floods Out All Ports; IGMP Does Not Appear To Filter Traffic. The IGMP feature does not operate if the switch or VLAN does not have an IP address configured manually or obtained through DHCP/Bootp.
Troubleshooting Unusual Network Activity Switch Mesh Domain Mesh Switch Mesh Switch Mesh Switch Topology Error Ports configured for switch meshing and connected to a hub will not operate. Hub Figure 8-1. Connecting a Hub To Meshed Ports Causes a Topology Error ■ A non-meshed switch or port connected to a mesh port Switch Mesh Domain Mesh Switch Mesh Switch Mesh Switch Nonmesh Switch Topology Error Ports configured for switch meshing and connected to nonmesh switch ports will not operate.
Troubleshooting Unusual Network Activity STP-Related Problems Caution If you enable STP, it is recommended that you leave the remainder of the STP parameter settings at their default values until you have had an opportunity to evaluate STP performance in your network. Because incorrect STP settings can adversely affect network performance, you should avoid making changes without having a strong understanding of how STP operates. To learn the details of STP operation, refer to the IEEE 802.1d standard.
Troubleshooting Unusual Network Activity STP Blocks a Link in a VLAN Even Though There Are No Redundant Links in that VLAN. In 802.1Q-compliant switches such as the Switch 4000M and Switch 2424M, STP blocks redundant physical links even if they are in separate VLANs. A solution is to use only one, multiple-VLAN link between the devices. Also, if ports are available, you can improve the bandwidth in this situation by using a port trunk. See “STP Operation with 802.1Q VLANs” on page 6-44.
Troubleshooting Unusual Network Activity Link supporting VLAN_1 and VLAN_2 Switch “X” Port X-3 Switch “Y” Port Y- 7 VLAN Port Assignment VLAN Port Assignment Port VLAN_1 Port VLAN_1 X-3 VLAN_2 Untagged Tagged Y-7 VLAN_2 Untagged Tagged Figure 8-4. Example of Correct VLAN Port Assignments on a Link 1. If VLAN_1 is configured as “Untagged” on port 3 on switch “X”, then it must also be configured as “Untagged” on port 7 on switch “Y”. 2.
Troubleshooting Using the Event Log To Identify Problem Sources Using the Event Log To Identify Problem Sources The Event Log records operating events as single-line entries listed in chronological order, and serves as a tool for isolating problems. Each Event Log entry is composed of five fields: Severity I Date 08/05/98 Time System Module 10:52:32 ports: Event Message port 1 enabled Severity is one of the following codes: I (information) indicates routine events.
Troubleshooting Using the Event Log To Identify Problem Sources Table 8-1.
Troubleshooting Using the Event Log To Identify Problem Sources To display various portions of the Event Log, either preceding or following the currently visible portion, use either the actions listed at the bottom of the display (Next page, Prev page, or End), or the keys described in the following table: Table 8-2. Event Log Control Keys Key Action [N] Advance the display by one page (next page). [P] Roll back the display by one page (previous page).
Troubleshooting Using the Event Log To Identify Problem Sources To Change the Severity Level of Event Log Messages In its default setting, the Event Log displays all event levels. If you want to change the severity level for which events will be displayed in the Event Log, change the setting for the Displayed Events parameter in the Console/Serial Link screen. Options include: Severity Level Event Log Action All (default) Display all events. None Display no events.
Troubleshooting Using the Event Log To Identify Problem Sources To change the severity level for events displayed in the Event Log, change this setting. Troubleshooting Figure 8-3. The Console/Serial Link Configuration Screen (Default Values) 8-16 2. Press [E] (for Edit). The cursor moves to the Baud Rate field. 3. Move the cursor to the Displayed Events field. 4. Use the Space bar to select the severity level you want for displayed Event Log messages, then press [Enter]. 5.
Troubleshooting Diagnostics Diagnostics The switch’s diagnostic tools include the following: Feature Switch Console Web Browser Interface Page Link Test Yes Yes 8-17 Ping Test Yes Yes 8-17 Browse Config File Yes Yes 8-21 Command Prompt Yes No 8-23 Ping and Link Tests The Ping test and the Link test are point-to-point tests between your switch and another IEEE 802.3-compliant device on your network.
Troubleshooting Diagnostics Executing Ping or Link Tests from the Web Browser Interface 1. Click here. 2. Click here. 4. For a Ping test, enter the IP address of the target device. For a Link test, enter the MAC address of the target device. 3. Select Ping Test (the default) or Link Test 6. Click on Start to begin the test. 5. Select the number of tries (packets) and the timeout for each try from the drop-down menus. Figure 8-4.
Troubleshooting Diagnostics Executing Ping or Link Tests from the Switch Console (To cancel a Ping or Link test that is in progress, press [Ctrl] [C].) 1. From the Main Menu, select: 5. Diagnostics . . . 1. Link Test or 2. Ping Test Figure 8-5. Examples of Link Test and Ping Test Screens with VLANs Configured 2. Do one of the following: a. For a Link test, enter the 12-digit hexadecimal MAC address of the target device. b. For a Ping test, enter the IP address of the target device.
Troubleshooting Diagnostics The console displays the result of each test. For example, if a Link test succeeds, you will see Linktest Command Successful. If the Link test fails, you will see Linktest Command Timed out. If a Ping test succeeds, you will see a message indicating the target IP address is “alive”, along with a test counter and elapsed time for each test. For example: 12.10.8.
Troubleshooting Diagnostics The Configuration File The complete switch configuration is contained in a file that you can browse from either the web browser interface or the switch console. It may be useful in some troubleshooting scenarios to view the switch configuration. Browsing the Configuration File from the Web Browser Interface To display the currently saved switch configuration through the web browser interface: 1. Click here. 2. Click here. Figure 8-6.
Troubleshooting Diagnostics Browsing the Configuration File from the Switch Console To display the configuration file that is currently saved: 1. From the Main Menu, select: 5. Diagnostics 3. Browse Configuration File When -- More -- appears, press [Enter] to see the next line; press the Space bar to see the next page Figure 8-7. Example of the Browse Configuration Display 2.
Troubleshooting Diagnostics Using the Command Prompt These commands are primarily for the expert user and for diagnostics purposes.
Troubleshooting Restoring the Factory Default Configuration 3. Type in the command you want to execute and press [Enter]. For example, to set the time to 9:55 a.m. you would execute the following command: DEFAULT_CONFIG: time 9:55 [Enter] How To Exit from the command prompt: Type exit and press [Enter] to return to the Diagnostics Menu.
A File Transfers File Transfers Overview You can download new switch software (operating system—OS) and upload or download switch configuration files. These features are useful for acquiring periodic switch software upgrades and for storing or retrieving a switch configuration.
File Transfers Downloading an Operating System (OS) Using TFTP To Download the OS File File Transfers This procedure assumes that: ■ An OS file for the switch has been stored on a TFTP server accessible to the switch. (The OS file is typically available from HP’s electronic services—see the support and warranty booklet shipped with the switch.) ■ The switch is properly connected to your network and has already been configured with a compatible IP address and subnet mask.
File Transfers Downloading an Operating System (OS) Press [E] (for Edit). 3. Ensure that the Method field is set to TFTP (the default). 4. In the TFTP Server field, type in the IP address of the TFTP server in which the OS file has been stored. 5. If the VLAN field appears, use the Space bar to select the VLAN in which the TFTP server is operating (The VLAN field appears only if multiple VLANs are configured in the switch.) 6. In the Remote File Name field, then type the name of the OS file.
File Transfers Downloading an Operating System (OS) Using the SNMP-Based HP Download Manager File Transfers Included with your switch is the HP TopTools for Hubs & Switches CD ROM (available Fall 1998). The HP Download Manager is included with HP TopTools and enables you to initiate a firmware (OS) download over the network to the switch. This capability assumes that the switch is properly connected to the network and has been discovered by HP TopTools.
File Transfers Downloading an Operating System (OS) Using Xmodem to Download the OS File This procedure assumes that: The switch is connected via the Console RS-232 port on a PC operating as a terminal. (Refer to the Installation Guide you received with the switch for information on connecting a PC as a terminal and running the switch console interface.) ■ The switch operating system (OS) is stored on a disk drive in the PC.
File Transfers Troubleshooting TFTP Downloads File Transfers Troubleshooting TFTP Downloads If a TFTP download fails, the Download OS screen indicates the failure. Message Indicating cause of TFTP Download Failure Figure A-3. Example of Message for Download Failure To find more information on the cause of a download failure, examine the messages in the switch’s Event Log. (See “Event Log” on page 8-12.
File Transfers Troubleshooting TFTP Downloads For a Unix TFTP server, the file permissions for the OS file do not allow the file to be copied. ■ Another console session (through either a direct connection to a terminal device or through Telnet) was already running when you started the session in which the download was attempted. If an error occurs in which normal switch operation cannot be restored, the switch automatically reboots itself.
File Transfers Transferring Switch Configurations File Transfers Transferring Switch Configurations You can use the following commands to transfer Switch 4000M and Switch 2424M configurations between the switch and a PC or Unix workstation. Command Function Get Download a switch configuration file from a networked PC or Unix workstation using TFTP. Put Upload a switch configuration to a file in a networked PC or Unix workstation using TFTP.
File Transfers Transferring Switch Configurations 2. At the command prompt, execute the following commands: To upload a configuration to a file on a PC or Unix workstation: To download a configuration from a file on a PC or Unix workstation: get IP_address CONFIG remote_file where: IP address is the address of the PC or Unix workstation in which the configuration is stored (get) or is to be stored (put).
File Transfers Transferring Switch Configurations 3. At the command prompt, execute one of the following commands: To upload a configuration to a file on a PC or Unix workstation: File Transfers xput config remote_file [pc/unix] To download a configuration from a file on a PC or Unix workstation: xget config remote_file [pc/unix] where: remote_file is the name of the file in which the configuration is stored or is to be stored.
B MAC Address Management Overview The switch assigns MAC addresses in these areas: ■ For management functions: • One Base MAC address assigned to the switch • Additional MAC address(es) corresponding to any VLANs you configure in the switch MAC Address Management ■ For internal switch operations: One MAC address per port MAC addresses are assigned at the factory.
MAC Address Management Determining the MAC Addresses The Base and VLAN MAC Addresses These addresses appear in the Management Address Information screen. Also, the Base MAC address appears on a label on the front of the switch. Note The Base MAC address is used by the first (default) VLAN in the switch. This is usually the VLAN named “DEFAULT_VLAN” unless the name has been changed (by using the VLAN Names screen).
MAC Address Management Determining the MAC Addresses Switch Port MAC Addresses The MAC address assigned to each switch port is used internally by such features as Flow Control and the Spanning Tree Protocol. Determining the MAC address assignments for individual ports can sometimes be useful when diagnosing switch operation. To display these addresses, use the walkmib command at the command prompt From the Main Menu, select 5. Diagnostics and from the Diagnostics menu, select 4. Command Prompt 2.
Index Numerics 802.1p priority (CoS) definition … 6-131 802.1q VLAN in mesh … 6-91 802.1Q VLAN standard … 6-3, 6-39 use with CoS, definition … 6-131 802.2 … 6-114 802.3u auto negotiation standard … 6-30 A Index – 1 Index A.09.
Auto Gateway … 6-115 Auto Gateway parameter … 8-6 auto port setting … 6-98 auto-discovery … 5-4 automatic broadcast control See ABC automatic gateway configuration … 6-115 auto-negotiation … 6-30 Index B bandwidth displaying utilization … 3-16 effect of CoS … 6-130 bandwidth savings, with ABC … 6-106 bandwidth savings, with IGMP … 6-101 bandwidth usage, filters … 6-46 baud rate … 4-2 blocked link from STP operation … 6-44 blocked port from IGMP operation … 6-98 from STP operation … 6-42 Bootp … 5-1, 6-4,
D date format … 8-12 date parameter … 6-29 DECnet packets forwarded, ABC … 6-117 default gateway … 6-116 DEFAULT_VLAN See VLAN Device Passwords Window … 3-7 device, managed … 2-1 DHCP … 6-6, 6-9 address problems … 8-5 automatic switch configuration … 2-2 effect of no reply … 8-5 gateway configuration … 6-115 DHCP/Bootp differences … 6-10 DHCP/Bootp process … 6-9 diagnostics tab … 3-25 diagnostics tools … 8-17 browsing the configuration file … 8-21 command prompt … 8-23 ping and link tests … 8-17 differentia
E G eavesdrop prevention port security configuration … 6-119 edge switch … 6-92 ending a console session … 4-3 event log … 4-3, 4-5, 6-17, 8-12, 8-14 causes of erasure … 8-14 navigation … 8-13 severity level … 6-20, 8-12 use during troubleshooting … 8-12 exiting from command prompt … 4-14, 8-24 extended RMON … 5-4 gateway … 6-6 gateway (IP) address … 6-4, 6-8 gateway, client … 6-115 gateway, DHCP configuration … 6-115 Get command for file transfer … A-8 getmib … 6-105 graphs area, web browser interface …
IP masks building … 6-24 for multiple authorized manager stations … 6-25 for single authorized manager station … 6-25 operation … 6-22 IP precedence field used for prioritizing packets … 6-144 IP, for SNMP … 5-1 IP, type of service configuring priority … 6-140, 6-144 IPX 802.
Index M MAC address … 6-10, 7-5, B-1 duplicate … 6-68–6-69, 8-9, 8-11 learned … 7-14 port … 7-15, B-1–B-2 switch … B-1 VLAN … 6-67, B-1 Main menu, console … 4-4 managed device … 2-1 management access configuration from console … 4-4 interfaces described … 1-1 server URL … 3-12–3-13 server URL default … 3-10 manager access … 6-14 manager address … 6-14, 6-16 Manager Address field … 5-3 manager password … 3-8–3-9, 4-9, 4-11 Manual, IP address … 6-7 media type, port trunk … 6-71 mesh ABC on edge switches … 6-
traffic overload … 6-34 VLAN monitoring parameter … 6-38 Network Monitoring Port screen … 6-34 network slow … 8-5 notes on using VLANs … 6-54 NSQ reply, proxy … 6-108 NSQ request … 6-114 NSQ statistics … 7-21 O P password … 3-7, 3-9, 4-2 browser/console access … 4-9 case-sensitive … 4-11 Index – 7 Index online help … 3-10 online help location … 3-13 operating notes authorized IP managers … 6-27 port security … 6-129 switch meshing … 6-87 operator access … 6-14 operator mode … 4-10 operator password … 3
Index resetting the alert flag … 6-128 security violations in browser alert log … 6-125 port trunk … 6-70 configuration … 6-71 FEC … 6-79 interoperation … 6-72 limit … 6-70 media type … 6-71 meshed switch … 6-94 network management … 6-71 SA/DA … 6-77 SA-trunk … 6-78 spanning tree protocol … 6-71 VLAN … 6-67, 6-71 port, maximum for mesh … 6-92 power interruption, effect on event log … 8-14 precedence bits (CoS) definition … 6-131 priority … 6-98 See spanning tree priority (CoS) criteria for prioritizing pac
fast mode … 6-43 global information … 7-17 information screen … 7-17 link priority … 6-39, 6-91 operating with switch meshing … 6-45 operation with switch meshing … 6-89 port cost … 6-42 port priority automatic setting … 6-42 problems related to … 8-9 statistics … 7-17 using with port trunking … 6-71 VLAN effect on … 6-66 standard MIB … 5-2 starting a console session … 4-2 static filter limit … 6-46 statistical sampling … 5-1 statistics … 4-4, 7-2 statistics, clear counters … 4-12 status and counters access
System Name parameter … 6-29 Index T Tab bar, web browser interface … 3-15 tagged VLAN See VLAN Telnet … 4-2 Telnet, problem … 8-4 terminal type … 6-19 terminal, ANSI … A-9 terminal, VT-100 … A-9 TFTP download … A-1–A-2 OS download … A-2 server … A-8 threshold setting … 5-4 time command, how to enter … 4-14, 8-24 time format … 8-12 time parameter … 6-28 Time Protocol Enabled … 6-29 Time Protocol parameter … 6-7 time server … 6-4 Timep … 6-4, 6-7 Timep Poll Interval … 6-7 Timep Server … 6-7 TopTools … 1-4
W warranty … ii web agent enabled … 3-1 web agent, advantages … 1-2 web browser interface access parameters … 3-7 active button … 3-15 active tab … 3-15 alert log … 3-5, 3-15, 3-18–3-19 alert log control … 3-22 alert log control bar … 3-15 alert log details … 3-21 alert log header bar … 3-15 alert types … 3-20 bandwidth adjustment … 3-17 bar graph adjustment … 3-17 Button bar … 3-15 button bar … 3-15 configuration tab … 3-24 configuration, support URL … 3-10 diagnostics tab … 3-25 disable access … 3-1 enabl
security tab … 3-25 showing security violations … 6-125 standalone … 3-3 Status bar … 3-15 status bar … 3-26 status indicators … 3-26 status overview screen … 3-5 status tab … 3-23 support tab … 3-26 system requirements … 3-2–3-3 troubleshooting access problems … 8-3 URL default … 3-10 URL, management server … 3-11 URL, support … 3-11 web browser interface, for configuring ABC … 6-107 authorized IP managers … 6-23 Class of Service … 6-137 IGMP … 6-96 port security … 6-121 STP … 6-40 web site, HP … 5-2 world
Technical information in this document is subject to change without notice. ©Copyright Hewlett-Packard Company 1999. All rights reserved. Reproduction, adaptation, or translation without prior written permission is prohibited except as allowed under the copyright laws.
