HP 2500, 2300 User Manual

Release Notes:

Version F.05.70 Software

for the ProCurve Series 2300 and 2500 Switches

These release notes include information on the following:

■ Downloading switch software and Documentation from the Web (Page 1)

■ Enhancements in Release F.05.xx (Page 6)

■ Enhancements in Release F.04.08 (Page 72)

■ Enhancements in Release F.02.11 (Page 148)

■ Enhancements in Release F.02.02 (Page 164)

■ Updates and corrections for the Management and Configuration Guide (page 220)

■ Software fixes for Series 2500 switch software releases (page 226)

Note

Starting with Software version F.05.50, FEC trunks (Cisco Systems’ FastEtherChannel for aggregated links) are no longer supported, and generation of CDP (Cisco Discovery Protocol) packets are no longer supported. In their place are IEEE standards based LACP aggregated links (as well as statically configured trunks) and generation of LLDP packets for device discovery.

For more information, please see: ftp://ftp.hp.com/pub/networking/software/LLDP-and-LACP-statement.pdf.

Caution: Archive Pre-F.05.17 Configuration Files

A configuration file saved while using release F.05.17 or later software is not backward-compatible with earlier software versions. For this reason, ProCurve recommends that you archive the most recent configuration on switches using software releases earlier than F.05.17 before you update any switches to software release F.05.17 or later.

For the latest information on using your ProCurve product please check its "Frequently Asked Questions" (FAQ) page. Go to the ProCurve Web site at http://www.procurve.com/manuals. Click on Technical support, then FAQs and select your product from the list presented.

Publication Number

5990-3102 March, 2009

Applicable Products

ProCurve Switch 2512 (J4812A) ProCurve Switch 2524 (J4813A) ProCurve Switch 2312 (J4817A) ProCurve Switch 2324 (J4818A)

Trademark Credits

Microsoft, Windows, Windows 95, and Microsoft Windows NT are registered trademarks of Microsoft Corporation.

Software Credits

SSH in the ProCurve Series 2500 switches is based on the OpenSSH software toolkit. For more information on OpenSSH, visit

www.openssh.com.

Hewlett-Packard Company 8000 Foothills Boulevard, m/s 5552 Roseville, California 95747-5552

www.procurve.com

Disclaimer

The information contained in this document is subject to change without notice.

HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.

The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Hewlett-Packard assumes no responsibility for the use or reliability of its software on equipment that is not furnished by Hewlett-Packard.

Warranty

See the Customer Support/Warranty booklet included with the product.

A copy of the specific warranty terms applicable to your Hewlett-Packard products and replacement parts can be obtained from your HP Sales and Service Office or authorized dealer.

iii

Software Management

Download Switch Documentation and Software from the Web . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

View or Download the Software Manual Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Downloading Software to the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

TFTP Download from a Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Xmodem Download From a PC or Unix Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Saving Configurations While Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

ProCurve Switch, Routing Switch, and Router Software Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Enhancements in Release F.05.05 through F.05.70

Enhancements in Release F.05.61 through F.05.70 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Enhancements in Release F.05.05 through F.05.60 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Implementation of LLDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

LLDP Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

General LLDP Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

LLDP Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

LLDP Standards Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

LLDP Operating Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

LLDP Operation and Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Enabling or Disabling LLDP Operation on the Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Disable Auto-MDIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

New Console Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Clarification of Time Zone Issue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Syslog Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Syslog Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Viewing the Syslog Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Configuring Syslog Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Operating Notes for Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Isolated Port Groups (Enhanced) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Options for Isolated Port Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Operating Rules for Port Isolation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

iii

Configuring Port Isolation on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Steps for Configuring Port Isolation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Configuring and Viewing Port-Isolation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Messages Related to Port-Isolation Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Troubleshooting Port-Isolation Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Configuring Port-Based Access Control (802.1X) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Why Use Port-Based Access Control? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

General Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

How 802.1X Operates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Authenticator Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Switch-Port Supplicant Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

General Operating Rules and Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

General Setup Procedure for Port-Based Access Control (802.1X) . . . . . . . . . . . . . . . . . . . . . . . 36

Do These Steps Before You Configure 802.1X Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Overview: Configuring 802.1X Authentication on the Switch . . . . . . . . . . . . . . . . . . . . . . . . 36

Configuring Switch Ports as 802.1X Authenticators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

1. Enable 802.1X Authentication on Selected Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

3. Configure the 802.1X Authentication Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

4. Enter the RADIUS Host IP Address(es) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

5. Enable 802.1X Authentication on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

802.1X Open VLAN Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Use Models for 802.1X Open VLAN Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Operating Rules for Authorized-Client and Unauthorized-Client VLANs . . . . . . . . . . . . . . . 48

Setting Up and Configuring 802.1X Open VLAN Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

802.1X Open VLAN Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1X Devices . . . . 55

Configuring Switch Ports To Operate As Supplicants for 802.1X Connections to Other Switches 57

Displaying 802.1X Configuration, Statistics, and Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Show Commands for Port-Access Authenticator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Viewing 802.1X Open VLAN Mode Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Show Commands for Port-Access Supplicant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

How RADIUS/802.1X Authentication Affects VLAN Operation . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Messages Related to 802.1X Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

IGMP Version 3 Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Enhancements in Release F.04.08

Using Friendly (Optional) Port Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Configuring and Operating Rules for Friendly Port Names . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Configuring Friendly Port Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Displaying Friendly Port Names with Other Port Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Configuring Secure Shell (SSH) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Prerequisite for Using SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Public Key Format Requirement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Steps for Configuring and Using SSH for Switch and Client Authentication . . . . . . . . . . . 81

General Operating Rules and Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Configuring the Switch for SSH Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Further Information on SSH Client Public-Key Authentication . . . . . . . . . . . . . . . . . . . . . . 95

Messages Related to SSH Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Troubleshooting SSH Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Configuring RADIUS Authentication and Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Switch Operating Rules for RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

General RADIUS Setup Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

Configuring the Switch for RADIUS Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Configuring RADIUS Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Operating Rules for RADIUS Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Viewing RADIUS Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Changing RADIUS-Server Access Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Messages Related to RADIUS Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Troubleshooting RADIUS Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads .129

Operating Rules for IP Preserve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

Configuring Port-Based Priority for Incoming Packets . . . . . . . . . . . . . . . . . . . . . . . . . . 132

Messages Related to Prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Troubleshooting Prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Using the "Kill" Command To Terminate Remote Sessions . . . . . . . . . . . . . . . . . . . . . . .136

Configuring Rapid Reconfiguration Spanning Tree (RSTP) . . . . . . . . . . . . . . . . . . . . . .137

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Transitioning from STP to RSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Configuring RSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Enhancements in Release F.02.11

Fast-Uplink Spanning Tree Protocol (STP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

The Show Tech Command for Listing Switch Configuration and Operating Details . . . 162

Enhancements in Release F.02.02

Documentation for Enhancements in Release F.02.02 . . . . . . . . . . . . . . . . . . . . . . . . . . .164

TACACS+ Authentication for Centralized Control of Switch Access Security . . . . . . . 165

Series 2500 Switch Authentication Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

Terminology Used in TACACS Applications: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

General System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

TACACS+ Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

General Authentication Setup Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Configuring TACACS+ on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

Viewing the Switch’s Current Authentication Configuration . . . . . . . . . . . . . . . . . . . . . . . 173

Viewing the Switch’s Current TACACS+ Server Contact Configuration . . . . . . . . . . . . . . 173

Configuring the Switch’s Authentication Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

Configuring the Switch’s TACACS+ Server Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

How Authentication Operates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

General Authentication Process Using a TACACS+ Server . . . . . . . . . . . . . . . . . . . . . . . . . 181

Local Authentication Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

Using the Encryption Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

General Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

Encryption Options in the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

Controlling Web Browser Interface Access When Using TACACS+ Authentication . . . . . . . 184

Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

Troubleshooting TACACS+ Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

CDP (Updated by Software Version F.05.50) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188

New Time Synchronization Protocol Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

TimeP Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

SNTP Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Overview: Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation 189

General Steps for Running a Time Protocol on the Switch: . . . . . . . . . . . . . . . . . . . . . . . . 189

Disabling Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

SNTP: Viewing, Selecting, and Configuring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

Menu: Viewing and Configuring SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

CLI: Viewing and Configuring SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

TimeP: Viewing, Selecting, and Configuring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

Menu: Viewing and Configuring TimeP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

CLI: Viewing and Configuring TimeP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

SNTP Unicast Time Polling with Multiple SNTP Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

Address Prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

Adding and Deleting SNTP Server Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

Menu Interface Operation with Multiple SNTP Server Addresses Configured . . . . . . . . . 207

SNTP Messages in the Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Operation and Enhancements for Multimedia Traffic Control (IGMP) . . . . . . . . . . . . . 208

How Data-Driven IGMP Operates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

IGMP Operates With or Without IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

Fast-Leave IGMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

Forced Fast-Leave IGMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

Configuration Options for Forced Fast-Leave . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

CLI: Listing the Forced Fast-Leave Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

CLI: Configuring Per-Port Forced Fast-Leave IGMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Querier Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

The Switch Excludes Well-Known or Reserved Multicast Addresses from IP Multicast Fil-

tering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

Switch Memory Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

vii

Port Security: Changes to Retaining Learned Static Addresses Across a Reboot . . . . . 217

Recommended Port Security Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Retention of Static Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Username Assignment and Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

Updates and Corrections for the Management and Configuration Guide

Changes in Commands for Viewing the Current Configuration Files . . . . . . . . . . . . . . . . . 220

Change in CLI Command for Listing Intrusion Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

Changes for Listing Port and Trunk Group Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

Time Protocol Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

Change in Command Line (CLI) Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

Restoring the Factory-Default Configuration, Including Usernames and Passwords . . . 222

Incomplete IP Multicast (IGMP) Filtering Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

GVRP Does Not Require a Common VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

Incomplete Information on Saving Configuration Changes . . . . . . . . . . . . . . . . . . . . . . . . . 223

Update to Information on Duplicate MAC Addresses Across VLANs . . . . . . . . . . . . . . . . 223

Incorrect Command Listing for Viewing Configuration Files . . . . . . . . . . . . . . . . . . . . . . . 224

New and Corrected Information on Primary VLAN Usage . . . . . . . . . . . . . . . . . . . . . . . . . 224

Misleading Statement About VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

Software Fixes

Release F.01.08 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Release F.01.09 (Beta Release Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Release F.01.10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Release F.02.02 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Release F.02.03 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

Release F.02.04 (Beta Release Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

Release F.02.05 (Beta Release Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

Release F.02.06 (Beta Release Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

Release F.02.07 (Beta Release Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

Release F.02.08 (Beta Release Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

Release F.02.09 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

Release F.02.10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

Release F.02.11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

Release F.02.12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

viii

Release F.02.13 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Release F.04.01 (Beta Release Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Release F.04.02 (Beta Release Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Release F.04.03 (Beta Release Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Release F.04.04 (Beta Release Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Release F.04.08 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

Release F.04.09 (Beta Release Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

Release F.05.05 (Beta Release Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

Release F.05.09 (Beta Release Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Release F.05.10 (Beta Release Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Release F.05.12 (Beta Release Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Release F.05.13 (Beta Release Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Release F.05.14 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Release F.05.15 (Beta Release Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

Release F.05.16 (Beta Release Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

Release F.05.17 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

Release F.05.18 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

Release F.05.19 (Never Released) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

Release F.05.20 (Never Released) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

Release F.05.21 (Never Released) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

Release F.05.22 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

Release F.05.23 (Not a General Release) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Release F.05.24 (Not a General Release) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

Release F.05.25 (Not a General Release) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

Release F.05.26 (Not a General Release) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

Release F.05.27 (Not a General Release) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

Release F.05.28 (Not a General Release) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

Release F.05.29 (Not a General Release) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

Release F.05.30 (Not a General Release) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Release F.05.31 (Not a General Release) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Release F.05.32 (Not a General Release) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

Release F.05.33 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Release F.05.34 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

Release F.05.35 (Never Released) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

Release F.05.36 (Never Released) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

. . . . . . 252

Release F.05.37 (Not a General Release) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Release F.05.38 (Never Released) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Release F.05.39 (Never Released) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Release F.05.40 (Never Released) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Release F.05.50 (Never Released) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Release F.05.51 (Never Released) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

Release F.05.52 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

Release F.05.53 (Never Released) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

Release F.05.54 (Never Released) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

Release F.05.55 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

Release F.05.56 (Not a General Release) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

Release F.05.57 (Not a General Release) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

Release F.05.58 (Never Released) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

Release F.05.59 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

Release F.05.60 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

Release F.05.61 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

Release F.05.62 (Never Released) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

Release F.05.63 (Never Released) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

Release F.05.64 (Never Released) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Release F.05.65 (Not a Public Release) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Release F.05.66 (Never Released) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Release F.05.67 (Not a Public Release) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Release F.05.68 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Release F.05.69 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

Release F.05.70 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

Software Management

Caution: Archive Pre-F.05.17 Configuration Files

A configuration file saved while using release F.05.17 or later software is not backward-compatible with earlier software versions. For this reason, HP recommends that you archive the most recent configuration on switches using software releases earlier than F.05.17 before you update any switches to software release F.05.17 or later.

Download Switch Documentation and Software from the Web

You can download software updates and the corresponding product documentation from the ProCurve Networking Web site as described below.

View or Download the Software Manual Set

Go to: www.procurve.com/manuals

You may want to bookmark this Web page for easy access in the future.

You can also register on the My ProCurve portal to receive a set of ProCurve switch manuals on CDROM. To register and request a CD, go to www.procurve.com and click on My ProCurve Sign In. After registering and entering the portal, click on My Manuals.

Downloading Software to the Switch

ProCurve Networking periodically provides switch software updates through the ProCurve Networking Web site (www.procurve.com). After you acquire the new software file, you can use one of the following methods for downloading it to the switch:

■ For a TFTP transfer from a server, do either of the following:

• Select Download OS in the Main Menu of the switch’s menu interface and use the (default) TFTP option.

•Use the copy tftp command in the switch’s CLI (see below).

■ For an Xmodem transfer from a PC or Unix workstation, do either of the following:

• Select Download OS in the Main Menu of the switch’s menu interface and select the Xmodem option.

•Use the copy xmodem command in the switch’s CLI ( page 3).

■ Use the USB port to download a software file from a USB flash drive.

Software Management

■ Use the download utility in ProCurve Manager Plus.

Note

Downloading new software does not change the current switch configuration. The switch configuration is contained in a separate file that can also be transferred, for example, for archive purposes or to be used in another switch of the same model.

TFTP Download from a Server

Syntax:copy tftp flash <ip-address> <remote-os-file>

For example, to download a software file named F_05_34.swi from a TFTP server with the IP address of 10.28.227.103:

1. Execute the copy command as shown below:

2. When the switch finishes downloading the software file from the server, it displays this progress message:

Validating and Writing System Software to FLASH . . .

3. After the switch reboots, it displays the CLI or Main Menu, depending on the Logon Default setting last configured in the menu’s Switch Setup screen.

Software Management

Xmodem Download From a PC or Unix Workstation

This procedure assumes that:

■ The switch is connected via the Console RS-232 port on a PC operating as a terminal. (Refer to

the Installation Guide you received with the switch for information on connecting a PC as a terminal and running the switch console interface.)

■ The switch software is stored on a disk drive in the PC.

■ The terminal emulator you are using includes the Xmodem binary transfer feature. (For example,

in the Windows NT terminal emulator, you would use the Send File option in the T menu.)

Syntax:copy xmodem flash <unix | pc>

For example, to download a software file from a PC:

1. To reduce the download time, you may want to increase the baud rate in your terminal emulator and in the switch to a value such as 57600 bits per second. (The baud rate must be the same in both devices.) For example, to change the baud rate in the switch to 57600, execute this command:

HP2512(config)# console baud-rate 57600

(If you use this option, be sure to set your terminal emulator to the same baud rate.)

ransfer dropdown

2. Execute the following command in the CLI:

3. Execute the terminal emulator commands to begin the Xmodem transfer.

The download can take several minutes, depending on the baud rate used in the transfer.

When the download finishes, the switch automatically reboots itself and begins running the new software version.

4. To confirm that the software downloaded correctly:

HP2512> show system

Check the Firmware revision line.

5. If you increased the baud rate on the switch (step 1), use the same command to return it to its previous setting. (HP recommends a baud rate of 9600 bits per second for most applications.)

(Remember to return your terminal emulator to the same baud rate as the switch.)

Software Management

Saving Configurations While Using the CLI

The switch operates with two configuration files:

■ Running-Config File: Exists in volatile memory and controls switch operation. Rebooting

the switch erases the current running-config file and replaces it with an exact copy of the current startup-config file. To save a configuration change, you must save the running configuration to the startup-config file.

■ Startup-Config File: Exists in flash (non-volatile) memory and preserves the most recently-

saved configuration as the "permanent" configuration. When the switch reboots for any reason, an exact copy of the current startup-config file becomes the new running-config file in volatile memory.

When you use the CLI to make a configuration change, the switch places the change in the runningconfig file. If you want to preserve the change across reboots, you must save the change to the startupconfig file. Otherwise, the next time the switch reboots, the change will be lost. There are two ways to save configuration changes while using the CLI:

■ Execute the write memory command from the Manager, Global, or Context configuration

level.

■ When exiting from the CLI to the Main Menu, press [Y] (for Yes) when you see the save

configuration prompt:

Do you want to save current configuration [y/n] ?

Software Management

ProCurve Switch, Routing Switch, and Router Software Keys

Software

Letter

CY Switch 8100fl Series (8108fl and 8116fl)

ProCurve Networking Products

C 1600M, 2400M, 2424M, 4000M, and 8000M

E Switch 5300xl Series (5304xl, 5308xl, 5348xl, and 5372xl)

F Switch 2500 Series (2512 and 2524), Switch 2312, and Switch 2324

G Switch 4100gl Series (4104gl, 4108gl, and 4148gl)

H Switch 2600 Series, Switch 2600-PWR Series: H.07.81 and earlier, or H.08.55 and greater,

Switch 2600-8-PWR requires H.08.80 or greater. Switch 6108: H.07.xx and earlier

I Switch 2800 Series (2824 and 2848)

J Secure Router 7000dl Series (7102dl and 7203dl)

K Switch 3500yl Series (3500yl-24G-PWR and 3500yl-48G-PWR), Switch 6200yl-24G, 5400zl Series (5406zl,

5406zl-48G, 5412zl, 5412zl-96G) and Switch 8212zl.

L Switch 4200vl Series (4204vl, 4208vl, 4202vl-72, and 4202vl-48G)

M Switch 3400cl Series (3400-24G and 3400-48G): M.08.51 though M.08.97, or M.10.01 and greater;

Series 6400cl (6400cl-6XG CX4, and 6410cl-6XG X2 ): M.08.51 though M.08.95, or M.08.99 to M.08.100 and greater.

N Switch 2810 Series (2810-24G and 2810-48G)

PA/PB Switch 1800 Series (Switch 1800-8G – PA.xx; Switch 1800-24G – PB.xx)

Q Switch 2510 Series (2510-24)

R Switch 2610 Series (2610-24, 2610-24/12PWR, 2610-24-PWR, 2610-48 and 2610-48-PWR)

T Switch 2900 Series (2900-24G, and 2900-48G)

U Switch 2510-48

VA/VB Switch 1700 Series (Switch 1700-8 - VA and 1700-24 - VB)

WA ProCurve Access Point 530

WS ProCurve Wireless Edge Services xl Module and the ProCurve Redundant Wireless Services xl Module

WT ProCurve Wireless Edge Services zl Module and the ProCurve Redundant Wireless Services zl Module

Y Switch 2510G Series (2510G-24 and 2510G-48)

numeric Switch 9408sl, Switch 9300 Series (9304M, 9308M, and 9315M), Switch 6208M-SX and Switch 6308M-SX

(Uses software version number only; no alphabetic prefix. For example 07.6.04.)

Enhancements in Release F.05.05 through F.05.70

Enhancements in Release F.05.61 through F.05.70

Enhancements in Release F.05.05 through F.05.70

Enhancements in Release F.05.61 through F.05.70

No new enhancements, software fixes only.

Enhancements in Release F.05.05 through F.05.60

Enhancement Summary Page

LLDP Implements the industry standard Link Layer Discovery Protocol (LLDP) on your

Disable Auto MDIX A new global command, "no auto-mdix", that disables Auto-MDIX for all ports

New Console Option A new console option removes terminal escape sequences, which allows

Clarification of Time Zone The method of configuring the Time Zone for TimeP or SNTP configuration has

Syslog (Syslogd)capability Adds the ability to direct Event Log messaging to an external file as an aid in

Isolated Port Groups Originally added in release F.04.08 to provide an alternative to VLANs, this

Port-Based Access Control (802.1X) with Open VLAN Mode

IGMP Version 3 Support The switch now supports operation with IGMPv3 traffic. 71

switch, as an alternative to the Cisco Discovery Protocol (CDP). The LLDP provides a standards-based method for enabling switches to advertise themselves to adjacent devices.

that are in auto-negotiation mode.

scripts to better interact with the Command Line Interface.

been updated.

debugging network-level problems. Complies with RFC 3164.

feature now offers two new isolation groups: group1 and group2.

Originally added in release F.04.08 to provide access control through a RADIUS server, this feature now includes Open VLAN Mode. This gives you a means for allowing a client computer without 802.1X supplicant software to temporarily join an unauthorized-client VLAN and proceed with initialization services, such as acquiring IP addressing, 802.1X supplicant software, and other optional services you may want to provide.

Enhancements in Release F.05.05 through F.05.70

Enhancements in Release F.05.05 through F.05.60

Implementation of LLDP

For network device discovery solutions, software version F.05.50 implements a limited version of the industry standard Link Layer Discovery Protocol (LLDP) on your switch, as an alternative to the Cisco Discovery Protocol (CDP).

The Link Layer Discovery Protocol (LLDP) provides a standards-based method for enabling switches to advertise themselves to adjacent devices and to learn about adjacent LLDP devices. The Series 2500 switches using F.05.50 - F.05.59 will transmit LLDP advertisements, but do not support discovery of connected LLDP neighbor devices.

With F.05.60 or later, Series 2500 switches can receive LLDP packets, thereby supporting discovery of connected LLDP neighbor devices and providing enhanced operation with ProCurve Manager utilities.

Note

Selected LLDP information (such as system name, port description, port type, chassis type) received by a Series 2500 switch from a remote neighbor is not viewable.

LLDP Terminology

Adjacent Device: Refer to “Neighbor or Neighbor Device”.

Advertisement: See LLDPDU.

Active Port: A port linked to another active device (regardless of whether STP is blocking the link).

LLDP: Link Layer Discovery Protocol. ProCurve switches are compatible with IEEE 802.1AB-2005.

LLDP-Aware: A device that has LLDP in its operating code, regardless of whether LLDP is enabled

or disabled.

LLDP Device: A switch, server, router, or other device running LLDP.

LLDP Neighbor: An LLDP device that is either directly connected to another LLDP device or

connected to that device by another, non-LLDP Layer 2 device (such as a hub) Note that an 802.1Dcompliant switch does not forward LLDP data packets even if it is not LLDP-aware.

LLDPDU (LLDP Data Unit): LLDP data packets are transmitted on active links and include multiple TLVs containing global and per-port switch information. In this guide, LLDPDUs are termed “advertisements” or “packets”.

Enhancements in Release F.05.05 through F.05.70

Enhancements in Release F.05.05 through F.05.60

MIB (Management Information Base): An internal database the switch maintains for configuration and performance information.

Neighbor: See “LLDP Neighbor”.

Non_LLDP Device: A device that is not capable of LLDP operation.

TLV (Type-Length-Value): A data unit that includes a data type field, a data unit length field (in

bytes), and a field containing the actual data the unit is designed to carry (as an alphanumeric string, a bitmap, or a subgroup of information). Some TLVs include subelements that occur as separate data points in displays of information maintained by the switch for LLDP advertisements. (That is, some TLVs include multiple data points or subelements.)

General LLDP Operation

An LLDP packet contains data about the transmitting switch and port. The switch advertises itself to adjacent (neighbor) devices by transmitting LLDP data packets out all ports on which outbound LLDP is enabled. (LLDP is a one-way protocol and does not include any acknowledgement mechanism.)

Packet Boundaries in a Network Topology

■ Where multiple LLDP devices are directly connected, an outbound LLDP packet travels only to

the next LLDP device. An LLDP-capable device does not forward LLDP packets to any other devices, regardless of whether they are LLDP-capable.

■ An intervening hub or repeater forwards the LLDP packets it receives in the same manner as any

other multicast packets it receives. Thus, two LLDP switches joined by a hub or repeater handle LLDP traffic in the same way that they would if directly connected.

■ Any intervening 802.1D device, or Layer-3 device that is either LLDP-unaware or has disabled

LLDP operation, drops the packet.

LLDP Configuration Options

Enable or Disable LLDP on the Switch. In the default configuration, LLDP is globally enabled on the switch. To prevent transmission/reception of LLDP traffic, you can disable LLDP operation.

Tra n sm i t M od e . With LLDP enabled, the switch periodically (30 second intervals) transmits an LLDP advertisement (packet) out each active port enabled for outbound LLDP transmissions. You can enable or disable LLDP packet transmissions on a per-port basis. If a port is disabled, the switch does not use the port to inform LLDP neighbors of its presence.

The following table lists the information the switch includes in the per-port, outbound LLDP packets it generates. In the default configuration, all outbound LLDP packets include this information in the TLVs transmitted to neighbor devices.

Enhancements in Release F.05.05 through F.05.70

Enhancements in Release F.05.05 through F.05.60

Table 1. Viewable Data Available for LLDP Advertisements

Data Type Description

Chassis ID Uses base MAC address of the switch.

Port Id Uses port number of the physical port.

System Description Includes switch model name and running software version, and ROM version.

System Name Uses the switch’s assigned name.

Remote Management Address

Type

Address

Port Description Uses the physical port identifier.

System capabilities supported Identifies the switch’s primary capabilities (bridge, router).

System cpabilities enabled Identifies the primary switch functions that are enabled, such as routing.

NOTES:

• The Packet Time-to-Live (TTL) value is not viewable, but is included in LLDP data packets.

• TTL of an advertised frame is 120 seconds.

• The data used for LLDP advertisement is captured internally by the switch. For more on these data types, refer to the IEEE 802.1AB-2005 Standard.

Shows the network address type.

The switch IP address. This can be either an address selected by a default process, or an address configured for inclusion in advertisements. (Address configuration not supported on 2500).

Note

Selected LLDP information (such as system name, port description, port type, chassis type) received by a Series 2500 switch from a remote neighbor is not viewable.

LLDP Standards Compatibility

The LLDP features for the Series 2500 switches are compatible with the following LLDP-related standards:

■ IEEE 802.1AB-2005 for LLDP packets send. LLDP reception, standard LLDP MIBs, and LLDP

state machine is not supported

■ RFC 2922 (PTOPO, or Physical Topology MIB)

■ RFC 2737 (Entity MIB)

■ RFC 2863 (Interfaces MIB)

Enhancements in Release F.05.05 through F.05.70

Enhancements in Release F.05.05 through F.05.60

LLDP Operating Rules

Port Trunking. LLDP manages trunked ports individually. That is, trunked ports are configured individually for LLDP operation, in the same manner as non-trunked ports. Also, LLDP sends separate advertisements on each port in a trunk, and not on a per-trunk basis.

IP Address Advertisements. In the default operation, if a port belongs to only one static VLAN, then the port advertises the lowest-order IP address configured on that VLAN. If a port belongs to multiple VLANs, then the port advertises the lowest-order IP address configured on the VLAN with the lowest VID. If the qualifying VLAN does not have an IP address, the port advertises the base MAC address of the device as its IP address. For example, if the port is a member of the default VLAN (VID = 1), and there is an IP address configured for the default VLAN, then the port advertises this IP address. In the default operation, the IP address that LLDP uses can be an address acquired by DHCP or Bootp.

Spanning-Tree Blocking. Spanning tree does not prevent LLDP packet transmission on STPblocked links.

802.1X Blocking. Ports blocked by 802.1X operation do not allow transmission of LLDP packets.

Enhancements in Release F.05.05 through F.05.70

Enhancements in Release F.05.05 through F.05.60

LLDP Operation and Commands

In the default configuration, LLDP is enabled to transmit on all active ports. The LLDP configuration includes global settings that apply to all active ports on the switch, and per-port settings that affect only the operation of the specified ports.

Viewing the Current LLDP Configuration

Use the show lldp config command to display the switch’s general LLDP configuration status, including some per-port information affecting advertisement traffic.

Syntax show lldp config

Displays the LLDP global configuration and LLDP port status.

For example, show lldp config produces the following display when the switch is in the default LLDP configuration:

HP ProCurve Switch 2524# show lldp config

LLDP Global Configuation LLDP Enabled [Yes]: Yes LLDP Transmit Interval: 30(Not Configurable) LLDP Port Configuration Port | LLDP

HP ProCurve Switch 2524#

Figure 1. Example of Viewing the General LLDP Configuration

Enhancements in Release F.05.05 through F.05.70

Enhancements in Release F.05.05 through F.05.60

Viewing LLDP-detected Devices

Note

Selected LLDP information (such as system name, port description, port type, chassis type) received by a Series 2500 switch from a remote neighbor is not viewable.

With version F.05.60, LLDP advertisements from remote neighbor devices can be received. Use the show lldp info remote-device command to display information received from LLDP remote devices.

Syntax show lldp info remote-device [ < local port > ]

Displays LLDP Remote Device Information.

<local port>: If the local port number connected to the remote device is specified, additional details of the remote device are displayed.

For example, show lldp info remote-device produces the following display when LLDP is enabled and a device is detected:

HP ProCurve Switch 2524# show lldp info remote-device

LLDP Remote Device Information

Local Port | Chassis Id Port Id Port Descr SysName

---------- + ------------------ ------- ---------- -------- 1 | 0030c1-7fec40 5

HP ProCurve Switch 2524#

Figure 2. Example of Viewing the LLDP Remote Device List

Enhancements in Release F.05.05 through F.05.70

Enhancements in Release F.05.05 through F.05.60

Additional information from the remote device can be displayed by specifying the local port number in the command. For example, show lldp info remote-device 1 produces the following display:

HP ProCurve Switch 2524# show lldp info remote-device 1

LLDP Remote Device Information Detail

LocalPort : 1 ChassisType : ChassisId : 0030c1-7fec40 PortType : PortId : 5 SysName : SysDescr : HP J4812A ProCurve Switch 2512, revision F.05.60, ROM F.0... PortDescr :

System Capabilities Supported : Bridge System Capabilities Enabled : Bridge

Remote Managment Address Type : ipv4 Address : 169.254.123.128

HP ProCurve Switch 2524#

Figure 3. Example of Viewing the LLDP Remote Device Information Details

Enabling or Disabling LLDP Operation on the Switch.

The lldp run command configures the LLDP operation that applies to all ports in the switch. Enabling LLDP operation (the default) causes the switch to use active, LLDP-enabled ports to transmit/receive LLDP packets.

Syntax [ no ] lldp run

Enables or disables LLDP operation on the switch. The no form of the command, regardless of individual LLDP port configurations, prevents the switch from transmitting/receiving LLDP advertisements. The switch preserves the current LLDP configuration when LLDP is disabled. (Default: Enabled)

For example, to disable LLDP on the switch, use the command:

ProCurve(config)# no lldp run

Enhancements in Release F.05.05 through F.05.70

Enhancements in Release F.05.05 through F.05.60

Configuring Per-Port LLDP Transmit/Receive

This command controls LLDP transmit/receive traffic on active ports.

Syntax lldp admin-status < port-list > < enable | disable >

enable: With LLDP enabled on the switch in the default LLDP configuration, each port is configured to transmit/receive LLDP packets. This option lets you enable the specified port(s) to transmit/receive LLDP packets. (For versions F.05.59 and earlier, inbound LLDP packets from neighbor devices are not supported on 2500 series switches.) disable: Disable LLDP packet transmit/receive on the specified port(s).

For example, to disable LLDP on port 1, use the command:

ProCurve(config)# lldp admin-status 1 disable

Disable Auto-MDIX

The Auto-MDIX feature allows a user to connect 10/100 switch ports to either MDI or MDI-X devices using a straight-through cable. In some situations it is desirable to disable this feature. Beginning with release F.05.24 there is a global command, no auto-mdix, that disables Auto-MDIX for all ports that are in auto-negotiation mode.

Restrictions:

■ works only on copper ports

■ requires the port be brought down to change to/from Auto-MDIX

■ applies globally to all ports

■ with Auto-MDIX disabled, ports set to auto-negotiate operate in MDI-X mode

Enhancements in Release F.05.05 through F.05.70

Enhancements in Release F.05.05 through F.05.60

New Console Option

Starting with Release F.05.23, a new console option removes terminal escape sequences, which allows scripts to better interact with the Command Line Interface. The command console local-terminal none changes the current terminal session to "raw" mode. To return to the default VT-100 mode, use the command console local-terminal vt100.

This option does not require a reboot to take effect, and does not persist across reboots. It affects only the console session in which the command is executed.

Clarification of Time Zone Issue

Enhancement Summary Page

Syslog (Syslogd)capability Adds the ability to direct Event Log messaging to an external file as an aid in

Isolated Port Groups Originally added in release F.04.08 to provide an alternative to VLANs, this

Port-Based Access Control (802.1X) with Open VLAN Mode

IGMP Version 3 Support The switch now supports operation with IGMPv3 traffic. 71

debugging network-level problems. Complies with RFC 3164.

feature now offers two new isolation groups: group1 and group2.

Starting with the F.05.xx version of the switch software, the method of configuring the Time Zone for TimeP or SNTP configuration has been updated. Previous switch software, for all ProCurve switches, used positive time offset values for time zones that are West of GMT and negative values for time zones that are East of GMT. The standards indicate that time zones West of GMT should be designated by negative offset values, and time zones East of GMT by positive values. Software version F. 0 5. xx updates this configuration method, but if you use the same values for indicating time zones as you did for previous ProCurve switches, the time will be set incorrectly on your ProCurve Switches 2512 and 2524. For example, for previous ProCurve switches, the US Pacific time zone was configured by entering +480. With software version F.05.xx, the US Pacific time zone must now be configured by entering -480.

Enhancements in Release F.05.05 through F.05.70

Enhancements in Release F.05.05 through F.05.60

Syslog Overview

The switch’s Event Log records switch-level progress, status, and warning messages. The SystemLogging (Syslog) feature provides a means for recording these messages on a remote server. The Syslog feature complies with RFC 3168. UNIX users know this capability as ’Syslogd’. Using Syslog you can send Event Log messages from multiple switches to a central location to help investigate and identify network-level problems. (Refer to Figure 4 below.)

You can configure the switch to send Event Log messages to up to six Syslog servers. Messages are sent to the User log facility (default) on the configured server(s) or to another log facility that you specify.

Two switches sending Event Log messages to the same facility on a single Syslog server.

Figure 4. A Syslog server collecting Event Log Messages from Multiple Switches

Syslog Operation

Syslog is a client-server logging tool that allows a client switch to send event notification messages to a networked device operating with Syslog server software. Messages sent to a Syslog server can be stored to a file for later debugging analysis. Use of Syslog requires that you set up a Syslog server application on a networked host accessible to the switch. (Refer to the documentation for the Syslog server application you select.)

Syntax: [no] logging < syslog-ip-addr >

Enables or disables Syslog messaging to the specified IP address. You can configure up to six addresses.

no logging removes all currently configured Syslog logging destinations from the switch.

Enhancements in Release F.05.05 through F.05.70

Enhancements in Release F.05.05 through F.05.60

no logging < syslog-ip-address > removes only the specified Syslog logging destination from the switch.

Syntax: [no] logging facility < facility-name >

The logging facility specifies the destination subsystem the Syslog server(s) must use. (All Syslog servers configured on the switch must use the same subsystem.) HP recommends the default (user) subsystem unless your application specifically requires another subsystem. Options include:

user (the default) — Random user-level messages kern — Kernel messages mail — Mail system daemon — System daemons auth — Security/Authorization messages syslog — Messages generated internally by Syslog lpr — Line-Printer subsystem news — Netnews subsystem uucp — uucp subsystem cron — cron/at subsystem sys9 — cron/at subsystem sys10 - sys14 — Reserved for system use local10 - local17 — Reserved for system use

Enhancements in Release F.05.05 through F.05.70

Enhancements in Release F.05.05 through F.05.60

Note

As of March 2004, the logging facility < facility-name > option also is available on these switch models:

■ Switch Series 5300XL (software release E.08.xx or greater)

■ Switch Series 4100GL (software release G.07.50 or greater)

■ Switch Series 2800

■ Switch Series 2600 and the Switch 6108 (software release H.07.30 or greater)

For the latest feature information on ProCurve switches, visit the ProCurve Web site and check the latest release notes for the switch products you use.

Enhancements in Release F.05.05 through F.05.70

Enhancements in Release F.05.05 through F.05.60

Viewing the Syslog Configuration

Syntax: show debug

This command displays the currently configured Syslog logging destination(s) and logging facility. For examples of show debug output, refer to figure 5 on page 19.

Configuring Syslog Logging

1. If you want to use a Syslog server for recording Event Log messages:

a. Use this command to configure the Syslog server IP address and enable Syslog logging:

ProCurve(config)# logging < ip-addr >

Using this command when there are no Syslog server IP addresses already configured enables messaging to a Syslog server.

b. Use the command in step “a” to configure any additional Syslog servers you want to use, up

to a total of six.

Example: Suppose there are no Syslog servers configured on the switch (the default). Configuring one Syslog server enables Event Log messages to be sent to that server. (Refer to Figure 5 below.)

ProCurve(config)# show debug Debug Logging Destination: None Enabled debug types:

None are enabled.

ProCurve(config)# logging 10.250.125.69 ProCurve(config)# show debug

Debug Logging Destination:

Logging --

10.250.125.69 Facility = user

Enabled debug types:

event

Displays the default debug configuration. (There are no Syslog server IP addresses

When the logging command configures a Syslog IP address, the switch automatically enables sending Event Log messages to the Syslog address and the user facility on the Syslog server.

Figure 5. Example of Configuring Syslog Operation

+ 240 hidden pages

HP 2500, 2300 User Manual

Contents

Software Management

Enhancements in Release F.05.05 through F.05.70

Enhancements in Release F.04.08

Enhancements in Release F.02.11

Enhancements in Release F.02.02

Updates and Corrections for the Management and Configuration Guide

Software Fixes

Software Management

Download Switch Documentation and Software from the Web

View or Download the Software Manual Set

Downloading Software to the Switch

TFTP Download from a Server

Xmodem Download From a PC or Unix Workstation

Saving Configurations While Using the CLI

ProCurve Switch, Routing Switch, and Router Software Keys

Enhancements in Release F.05.05 through F.05.70

Enhancements in Release F.05.61 through F.05.70

Enhancements in Release F.05.05 through F.05.60

Implementation of LLDP

LLDP Terminology

General LLDP Operation

LLDP Configuration Options

LLDP Standards Compatibility

LLDP Operating Rules

LLDP Operation and Commands

Enabling or Disabling LLDP Operation on the Switch.

Disable Auto-MDIX

New Console Option

Clarification of Time Zone Issue

Syslog Overview

Syslog Operation

Viewing the Syslog Configuration

Configuring Syslog Logging