HP 2510G User Manual
Advanced Traffic
Management Guide
ProCurve Series 2510G Switches
Y.11.XX
www.procurve.com
ProCurve Series 2510G Switches
June 2008
Advanced Traffic Management Guide
© Copyright 2008 Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without
notice.
Publication Number
5992-3096
June 2008
Applicable Products
ProCurve Switch 2510G-24 (J9279A)
ProCurve Switch 2510G-48 (J9280A)
Trademark Credits
Microsoft, Windows, and Windows NT are US registered
trademarks of Microsoft Corporation.
Disclaimer
HEWLETT-PACKARD COMPANY MAKES NO WARRANTY
OF ANY KIND WITH REGARD TO THIS MATERIAL,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not
be liable for errors contained herein or for incidental or
consequential damages in connection with the furnishing,
performance, or use of this material.
The only warranties for HP products and services are set
forth in the express warranty statements accompanying
such products and services. Nothing herein should be
construed as constituting an additional warranty. HP shall
not be liable for technical or editorial errors or omissions
contained herein.
Hewlett-Packard assumes no responsibility for the use or
reliability of its software on equipment that is not furnished
by Hewlett-Packard.
Warranty
See the Customer Support/Warranty booklet included with
the product.
A copy of the specific warranty terms applicable to your
Hewlett-Packard products and replacement parts can be
obtained from your HP Sales and Service Office or
authorized dealer.
Hewlett-Packard Company
8000 Foothills Boulevard, m/s 5551
Roseville, California 95747-5551
http://www.procurve.com
Contents
Product Documentation
About Your Switch Manual Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Feature Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .x
1 Getting Started
Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Feature Descriptions by Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Command Syntax Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Command Prompts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Screen Simulations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Port Identity Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
Sources for More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
Need Only a Quick Start? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
To Set Up and Install the Switch in Your Network . . . . . . . . . . . . . . . . 1-6
2 Static Virtual LANs (VLANs)
Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Port-Based Virtual LANs (Static VLANs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
Overview of Using VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
VLAN Support and the Default VLAN . . . . . . . . . . . . . . . . . . . . . . . 2-6
The Primary VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Per-Port Static VLAN Configuration Options . . . . . . . . . . . . . . . . . 2-8
General Steps for Using VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
VLAN Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
iii
Multiple VLAN Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
Single-Forwarding Database Operation . . . . . . . . . . . . . . . . . . . . 2-11
Example of an Unsupported Configuration and How
to Correct It . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
Multiple-Forwarding Database Operation . . . . . . . . . . . . . . . . . . 2-13
Menu: Configuring VLAN Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14
To Change VLAN Support Settings . . . . . . . . . . . . . . . . . . . . . . . . 2-14
Adding or Editing VLAN Names . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16
Adding or Changing a VLAN Port Assignment . . . . . . . . . . . . . . . 2-18
CLI: Configuring VLAN Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-20
VLAN Commands Used in this Section . . . . . . . . . . . . . . . . . . . . . 2-20
Web: Viewing and Configuring VLAN Parameters . . . . . . . . . . . . . . . 2-28
802.1Q VLAN Tagging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-29
The Secure Management VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-33
Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-35
Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-36
Operating Notes for Management VLANs . . . . . . . . . . . . . . . . . . . 2-36
Effect of VLANs on Other Switch Features . . . . . . . . . . . . . . . . . . . . . 2-38
Spanning Tree Operation with VLANs . . . . . . . . . . . . . . . . . . . . . 2-38
IP Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-38
VLAN MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-38
Port Trunks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-39
Port Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-39
VLAN Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-39
Jumbo Packet Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-39
3 GVRP
Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
General Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Per-Port Options for Handling GVRP “Unknown VLANs” . . . . . . . . . . 3-6
Per-Port Options for Dynamic VLAN Advertising and Joining . . . . . . 3-8
GVRP and VLAN Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10
Port-Leave From a Dynamic VLAN . . . . . . . . . . . . . . . . . . . . . . . . 3-10
Planning for GVRP Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10
iv
Configuring GVRP On a Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11
Menu: Viewing and Configuring GVRP . . . . . . . . . . . . . . . . . . . . . 3-12
CLI: Viewing and Configuring GVRP . . . . . . . . . . . . . . . . . . . . . . . 3-13
Web: Viewing and Configuring GVRP . . . . . . . . . . . . . . . . . . . . . . 3-16
GVRP Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17
4 Multimedia Traffic Control with IP Multicast (IGMP)
Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
General Operation and Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
IGMP Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
IGMP Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
IGMP Operating Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Basic Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
CLI: Configuring and Displaying IGMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6
Web: Enabling or Disabling IGMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10
How IGMP Operates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11
Message Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11
IGMP Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12
Displaying IGMP Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12
Supported Standards and RFCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13
Operation With or Without IP Addressing . . . . . . . . . . . . . . . . . . . . . . 4-14
Automatic Fast-Leave IGMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15
Using Delayed Group Flush . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17
Forced Fast-Leave IGMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18
Setting Fast-Leave and Forced Fast-Leave from the CLI . . . . . . . . . . 4-18
Setting Forced Fast-Leave Using the MIB . . . . . . . . . . . . . . . . . . . 4-19
Listing the MIB-Enabled Forced Fast-Leave Configuration . . . . 4-19
Configuring Per-Port Forced Fast-Leave IGMP . . . . . . . . . . . . . . . . . . 4-21
Using the Switch as Querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22
Querier Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22
Excluding Multicast Addresses from IP Multicast Filtering . . . . . . . . . . . 4-23
v
5 Multiple Instance Spanning-Tree Operation
Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
802.1s Multiple Spanning Tree Protocol (MSTP) . . . . . . . . . . . . . . . . . . . . . 5-6
MSTP Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
How MSTP Operates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
MST Regions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
Regions, Legacy STP and RSTP Switches, and the Common
Spanning Tree (CST) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11
MSTP Operation with 802.1Q VLANs . . . . . . . . . . . . . . . . . . . . . . 5-12
Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13
Operating Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-14
Transitioning from STP or RSTP to MSTP . . . . . . . . . . . . . . . . . . . . . . 5-15
Tips for Planning an MSTP Application . . . . . . . . . . . . . . . . . . . . . . . . 5-16
Steps for Configuring MSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17
Configuring MSTP Operation Mode and Global Parameters . . . . . . . 5-19
Configuring MSTP Per Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22
Configuring Per Port Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . 5-23
Configuring BPDU Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-26
Configuring BPDU Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-27
Configuring Loop Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-30
Configuring MST Instance Parameters . . . . . . . . . . . . . . . . . . . . . . . . . 5-32
Configuring MST Instance Per-Port Parameters . . . . . . . . . . . . . . . . . 5-35
Enabling or Disabling Spanning Tree Operation . . . . . . . . . . . . . . . . . 5-38
Enabling an Entire MST Region at Once or Exchanging
One Region Configuration for Another . . . . . . . . . . . . . . . . . . . . . . . . 5-38
Displaying MSTP Statistics and Configuration . . . . . . . . . . . . . . . . . . 5-40
Displaying MSTP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-40
Displaying the MSTP Configuration . . . . . . . . . . . . . . . . . . . . . . . 5-43
Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-48
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-48
vi
6 Quality of Service (QoS): Managing Bandwidth More
Effectively
Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6
QoS Types for Prioritizing Outbound Packets . . . . . . . . . . . . . . . . . . . 6-8
Packet Types and Evaluation Order . . . . . . . . . . . . . . . . . . . . . . . . 6-9
Preparation for Configuring QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11
Steps for Configuring QoS on the Switch . . . . . . . . . . . . . . . . . . . 6-11
Planning a QoS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-13
Prioritizing and Monitoring QoS Configuration Options . . . . . . 6-13
Using QoS Types To Configure QoS for Outbound Traffic . . . . . . . . . . . . 6-14
Viewing the QoS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14
No Override . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15
QoS IP Type-of-Service (ToS) Policy and Priority . . . . . . . . . . . . . . . 6-16
Assigning an 802.1p Priority to IPv4 Packets on the Basis
of the ToS Precedence Bits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17
Assigning an 802.1p Priority to IPv4 Packets on the Basis
of Incoming DSCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18
Assigning a DSCP Policy on the Basis of the DSCP in IPv4
Packets Received from Upstream Devices . . . . . . . . . . . . . . . . . . 6-22
Details of QoS IP Type-of-Service . . . . . . . . . . . . . . . . . . . . . . . . . 6-26
QoS Interface (Source-Port) Priority . . . . . . . . . . . . . . . . . . . . . . . . . . 6-29
Assigning a Priority Based on Source-Port . . . . . . . . . . . . . . . . . . 6-29
Differentiated Services Codepoint (DSCP) Mapping . . . . . . . . . . . . . 6-32
Default Priority Settings for Selected Codepoints . . . . . . . . . . . . 6-33
Quickly Listing Non-Default Codepoint Settings . . . . . . . . . . . . . 6-34
Note On Changing a Priority Setting . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-35
IP Multicast (IGMP) Interaction with QoS . . . . . . . . . . . . . . . . . . . . . . . . . 6-36
QoS Messages in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-36
QoS Operating Notes and Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-37
vii
7 ProCurve Stack Management
Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3
Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4
Which Devices Support Stacking? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5
Components of ProCurve Stack Management . . . . . . . . . . . . . . . . . . . . 7-6
General Stacking Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6
Operating Rules for Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8
General Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8
Specific Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-9
Configuring Stack Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10
Overview of Configuring and Bringing Up a Stack . . . . . . . . . . . . . . . 7-10
General Steps for Creating a Stack . . . . . . . . . . . . . . . . . . . . . . . . 7-12
Using the Menu Interface To View Stack Status
and Configure Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-14
Using the Menu Interface To View and Configure
a Commander Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-14
Using the Menu To Manage a Candidate Switch . . . . . . . . . . . . . 7-16
Using the Commander To Manage The Stack . . . . . . . . . . . . . . . . . . . 7-18
Using the Commander To Access Member Switches for
Configuration Changes and Monitoring Traffic . . . . . . . . . . . . . . 7-25
Converting a Commander or Member to a Member
of Another Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-26
Monitoring Stack Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-27
Using the CLI To View Stack Status and Configure Stacking . . . . . . 7-31
Using the CLI To View Stack Status . . . . . . . . . . . . . . . . . . . . . . . 7-33
Using the CLI To Configure a Commander Switch . . . . . . . . . . . 7-35
Adding to a Stack or Moving Switches Between Stacks . . . . . . . 7-37
Using the CLI To Remove a Member from a Stack . . . . . . . . . . . 7-42
Using the CLI To Access Member Switches for Configuration
Changes and Traffic Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-44
SNMP Community Operation in a Stack . . . . . . . . . . . . . . . . . . . . . . . 7-45
Using the CLI To Disable or Re-Enable Stacking . . . . . . . . . . . . . . . . 7-46
Transmission Interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-46
Stacking Operation with Multiple VLANs Configured . . . . . . . . . . . . 7-46
Web: Viewing and Configuring Stacking . . . . . . . . . . . . . . . . . . . . . . . 7-47
Status Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-48
viii
Index
Product Documentation
About Your Switch Manual Set
The switch manual set includes the following:
■ Read Me First - a printed guide shipped with your switch. Provides
software update information, product notes, and other information.
■ Installation and Getting Started Guide - a printed guide shipped
with your switch. This guide explains how to prepare for and perform
the physical installation and connection to your network.
■ Management and Configuration Guide - a PDF file on the
ProCurve Networking website. This guide describes how to
configure, manage, and monitor basic switch operation.
■ Advanced Traffic Management Guide - a PDF file on the ProCurve
Networking website. This guide explains the configuration and
operation of traffic management features such as spanning tree and
VLANs.
■ Access Security Guide - a PDF file on the ProCurve Networking
website. This guide explains the configuration and operation of
access security and user authentication features on the switch.
■ Release Notes - posted on the ProCurve web site to provide
information on software updates. The release notes describe new
features, fixes, and enhancements that become available between
revisions of the above guides.
Note For the latest version of all ProCurve switch documentation, including release
notes covering recently added features, visit the HP ProCurve Networking
website at http://www.procurve.com/manuals. Then select your switch product.
ix
Product Documentation
Feature Index
For the manual set supporting your switch model, the following feature index
indicates which manual to consult for information on a given software feature.
Feature Management and
Configuration
802.1Q VLAN Tagging - X -
802.1p Priority X - -
802.1X Authentication - - X
Authorized IP Managers - - X
Config File X --
Copy Command X - -
Debug X --
DHCP Configuration - X -
DHCP/Bootp Operation X --
Diagnostic Tools X - -
Downloading Software X --
Event Log X - -
Factory Default Settings X --
File Management X - -
Advanced Traffic
Management
Access Security
Guide
File Transfers X --
GVRP - X -
IGMP - X -
Interface Access (Telnet, Console/Serial, Web) X - -
IP Addressing X --
LACP X - -
Link X --
x
Product Documentation
Feature Management and
Configuration
LLDP X - -
MAC Address Management X --
MAC Lockdown - - X
MAC Lockout - - X
MAC-based Authentication - - X
Monitoring and Analysis X --
Multicast Filtering - X -
Network Management Applications (LLDP, SNMP) X --
Passwords - - X
Ping X --
Port Configuration X - -
Port Security - - X
Port Status X - -
Port Trunking (LACP) X --
Advanced Traffic
Management
Access Security
Guide
Port-Based Access Control - - X
Port-Based Priority (802.1Q) X --
Quality of Service (QoS) - X -
RADIUS Authentication and Accounting - - X
Secure Copy X - -
SFTP X --
SNMP X - -
Software Downloads (SCP/SFTP, TFTP, Xmodem) X --
Spanning Tree (MSTP) - X -
SSH (Secure Shell) Encryption - - X
SSL (Secure Socket Layer) - - X
Stack Management (Stacking) - X -
xi
Product Documentation
Feature Management and
Configuration
Syslog X - -
System Information X --
TACACS+ Authentication - - X
Telnet Access X --
TFTP X - -
Time Protocols (TimeP, SNTP) X --
Troubleshooting X - -
VLANs - X -
Web-based Authentication - - X
Xmodem X --
Advanced Traffic
Management
Access Security
Guide
xii
Getting Started
Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Feature Descriptions by Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Command Syntax Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Command Prompts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Screen Simulations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Port Identity Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
Sources for More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
Need Only a Quick Start? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
To Set Up and Install the Switch in Your Network . . . . . . . . . . . . . . . . 1-6
1
1-1
Getting Started
Introduction
Introduction
This Advanced Traffic Management Guide describes how to manage and
configure advanced traffic management features on your switch. It supports
the following switches:
■ ProCurve Switch 2510G
For an overview of other product documentation for the above switches, refer
to “Product Documentation” on page ix.
You can download a copy from the ProCurve Networking Website. Visit
http://www.procurve.com/manuals, then select your switch product.
Conventions
This guide uses the following conventions for command syntax and displayed
information.
Feature Descriptions by Model
In cases where a software feature is not available in all of the switch models
covered by this guide, the section heading specifically indicates which product
or product series offer the feature.
For example (the switch model is highlighted here in bold italics):
“Jumbo Packet Support on the 2510G Switch”.
Command Syntax Statements
Syntax: aaa port-access authenticator < port-list >
[ control < authorized | auto | unauthorized >]
■ Vertical bars ( | ) separate alternative, mutually exclusive elements.
■ Square brackets ( [ ] ) indicate optional elements.
■ Braces ( < > ) enclose required elements.
1-2
Getting Started
ProCurve(config)# show version
Image stamp: /sw/code/build/cod(cod11)
May 2 2008 11:44:02
Y.11.01
547
Boot Image: Primary
Conventions
■ Braces within square brackets ( [ < > ] ) indicate a required element
within an optional choice.
■ Boldface indicates use of a CLI command, part of a CLI command
syntax, or other displayed element in general text. For example:
“Use the copy tftp command to download the key from a TFTP server.”
■ Italics indicate variables for which you must supply a value when
executing the command. For example, in this command syntax, < port-
list > indicates that you must provide one or more port numbers:
Syntax: aaa port-access authenticator < port-list >
Command Prompts
In the default configuration, your switch displays a CLI prompt similar to:
ProCurve Switch 2510G#
To simplify recognition, this guide uses ProCurve to represent command
prompts for all models. For example:
ProCurve#
(You can use the hostname command to change the text in the CLI prompt.)
Screen Simulations
Figures containing simulated screen text and command output look like this:
Figure 1-1. Example of a Figure Showing a Simulated Screen
In some cases, brief command-output sequences appear outside of a
numbered figure. For example:
1-3
Getting Started
Sources for More Information
ProCurve(config)# ip default-gateway 18.28.152.1/24
ProCurve(config)# vlan 1 ip address 18.28.36.152/24
ProCurve(config)# vlan 1 ip igmp
Port Identity Examples
This guide describes software applicable to both chassis-based and stackable
ProCurve switches. Where port identities are needed in an example, this guide
uses the chassis-based port identity system, such as “A1”, “B3 - B5”, “C7”, etc.
However, unless otherwise noted, such examples apply equally to the
stackable switches, which for port identities typically use only numbers, such
as “1”, “3-5”, “15”, etc.
Sources for More Information
For additional information about switch operation and features not covered
in this guide, consult the following sources:
■ For information on which product manual to consult on a given
software feature, refer to “Product Documentation” on page ix.
Note For the latest version of all ProCurve switch documentation, including
release notes covering recently added features, visit the ProCurve
Networking Website at http://www.procurve.com/manuals, then select
your switch product.
■ For information on specific parameters in the menu interface, refer
to the online help provided in the interface. For example:
1-4
Sources for More Information
Online Help
for Menu
Getting Started
Figure 1-2. Getting Help in the Menu Interface
■ For information on a specific command in the CLI, type the command
name followed by “help”. For example:
Figure 1-3. Getting Help in the CLI
■ For information on specific features in the Web browser interface,
use the online help. For more information, refer to the Management
and Configuration Guide for your switch.
■ For further information on ProCurve Networking switch technology,
visit the ProCurve Networking Website at:
http://www.procurve.com
1-5
Getting Started
Need Only a Quick Start?
Need Only a Quick Start?
IP Addressing
If you just want to give the switch an IP address so that it can communicate
on your network, or if you are not using multiple VLANs, ProCurve
recommends that you use the Switch Setup screen to quickly configure IP
addressing. To do so, do one of the following:
■ Enter setup at the CLI Manager level prompt.
ProCurve# setup
■ In the Main Menu of the Menu interface, select
8. Run Setup
For more on using the Switch Setup screen, see the Installation Guide for
your switch.
To Set Up and Install the Switch in Your Network
Important! Use the Installation Guide for your switch for the following:
■ Notes, cautions, and warnings related to installing and using the
switch
■ Instructions for physically installing the switch in your network
■ Quickly assigning an IP address and subnet mask, setting a Manager
password, and (optionally) configuring other basic features.
■ Interpreting LED behavior.
For the latest version of the Installation and Getting Started Guide and other
documentation for your switch, visit the ProCurve Networking Web site.
(Refer to “Product Documentation” on page ix of this guide for further
details.)
1-6
Static Virtual LANs (VLANs)
Contents
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Port-Based Virtual LANs (Static VLANs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
Overview of Using VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
VLAN Support and the Default VLAN . . . . . . . . . . . . . . . . . . . . . . . 2-6
The Primary VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Per-Port Static VLAN Configuration Options . . . . . . . . . . . . . . . . . 2-8
General Steps for Using VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
VLAN Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
Multiple VLAN Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
Single-Forwarding Database Operation . . . . . . . . . . . . . . . . . . . . 2-11
Example of an Unsupported Configuration and How
to Correct It . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
Multiple-Forwarding Database Operation . . . . . . . . . . . . . . . . . . 2-13
Menu: Configuring VLAN Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14
To Change VLAN Support Settings . . . . . . . . . . . . . . . . . . . . . . . . 2-14
Adding or Editing VLAN Names . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16
Adding or Changing a VLAN Port Assignment . . . . . . . . . . . . . . . 2-18
CLI: Configuring VLAN Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-20
VLAN Commands Used in this Section . . . . . . . . . . . . . . . . . . . . . 2-20
Web: Viewing and Configuring VLAN Parameters . . . . . . . . . . . . . . . 2-28
802.1Q VLAN Tagging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-29
The Secure Management VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-33
Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-35
Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-36
Operating Notes for Management VLANs . . . . . . . . . . . . . . . . . . . 2-36
Effect of VLANs on Other Switch Features . . . . . . . . . . . . . . . . . . . . . 2-38
Spanning Tree Operation with VLANs . . . . . . . . . . . . . . . . . . . . . 2-38
IP Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-38
VLAN MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-38
Port Trunks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-39
Port Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-39
VLAN Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-39
Jumbo Packet Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-39
2
2-1
Static Virtual LANs (VLANs)
Overview
Overview
This chapter describes how to configure and use static, port-based VLANs on
the switches covered by this manual.
For general information on how to use the switch’s built-in interfaces, refer to
these chapters in the Management and Configuration Guide for your switch:
■ Chapter 3, “Using the Menu Interface”
■ Chapter 4, “Using the Command Line Interface (CLI)”
■ Chapter 5, “Using the Web Browser Interface”
■ Chapter 6, “Switch Memory and Configuration”
2-2
Port-Based Virtual LANs (Static VLANs)
Static Virtual LANs (VLANs)
Port-Based Virtual LANs (Static VLANs)
VLAN Features
Feature Default Menu CLI Web
view existing VLANs n/a page 2-14
thru 2-20
configuring static
VLANs
configuring dynamic
VLANs
default VLAN with
VID = 1
disabled See the chapter on GVRP in this
page 2-14
thru 2-20
manual.
A VLAN is a group of ports designated by the switch as belonging to the same
broadcast domain. (That is, all ports carrying traffic for a particular subnet
address would normally belong to the same VLAN.)
Note This chapter describes static VLANs, which are VLANs you manually config-
ure with a name, VLAN ID (VID), and port assignments. (For information on
dynamic VLANs, see chapter 3, “GVRP”.)
page 2-20 page 2-28
page 2-20 page 2-28
Using a VLAN, you can group users by logical function instead of physical
location. This helps to control bandwidth usage by allowing you to group highbandwidth users on low-traffic segments and to organize users from different
LAN segments according to their need for common resources.
By default, 802.1Q VLAN support is enabled for eight VLANS. You can configure up to 64 VLANs on the switch.
(802.1Q compatibility enables you to assign each switch port to multiple
VLANs, if needed, and the port-based nature of the configuration allows
interoperation with older switches that require a separate port for each
VLAN.)
General Use and Operation. Port-based VLANs are typically used to
reduce broadcast traffic and to increase security. A group of network users
assigned to a VLAN forms a broadcast domain that is separate from other
VLANs that may be configured on a switch. On a given switch, packets are
forwarded only between ports that belong to the same VLAN. Thus, all ports
carrying traffic for a particular subnet address should be configured to the
same VLAN. Cross-domain broadcast traffic in the switch is eliminated and
2-3
Static Virtual LANs (VLANs)
External
Router
VLAN_2
VLAN_1
Port A1
Port A8
Port A2
Port A3
Port A4
Port A5
Port A6
Port A7
Switch with Two
VLANs Configured
Port-Based Virtual LANs (Static VLANs)
bandwidth is saved by not allowing packets to flood out all ports. Separate
VLANs on the switch can communicate with each other through an external
router.
For example, referring to figure 2-1, if ports A1 through A4 belong to VLAN_1
and ports A5 through A8 belong to VLAN_2, traffic from end-node stations on
ports A2 through A4 is restricted to only VLAN_1, while traffic from ports A5
through A7 is restricted to only VLAN_2. For nodes on VLAN_1 to communicate with VLAN_2, their traffic must go through an external router via ports
A1 and A8.
2-4
Figure 2-1. Example of Routing Between VLANs via an External Router
Overlapping (Tagged) VLANs. A port on the switch can be a member of
more than one VLAN if the device to which it is connected complies with the
802.1Q VLAN standard. For example, a port connected to a central server using
a network interface card (NIC) that complies with the 802.1Q standard can be
a member of multiple VLANs, allowing members of multiple VLANs to use the
server. Although these VLANs cannot communicate with each other through
the server, they can all access the server over the same connection from the
switch. Where VLANs overlap in this way, VLAN “tags” are used to distinguish
between traffic from different VLANs.
Port-Based Virtual LANs (Static VLANs)
ProCurve Switch
ProCurve
Switch
ProCurve
Switch
Static Virtual LANs (VLANs)
Figure 2-2. Example of Overlapping VLANs Using the Same Server
Similarly, using 802.1Q-compliant switches, you can connect multiple VLANs
through a single switch-to-switch link.
Figure 2-3. Example of Connecting Multiple VLANs Through the Same Link
Introducing Tagged VLAN Technology into Networks Running Legacy
(Untagged) VLANs. You can introduce 802.1Q-compliant devices into net-
works that have built untagged VLANs based on earlier VLAN technology. The
fundamental rule is that legacy/untagged VLANs require a separate link for
each VLAN, while 802.1Q, or tagged VLANs can combine several VLANs in one
link. This means that on the 802.1Q-compliant device, separate ports (configured as untagged) must be used to connect separate VLANs to non-802.1Q
devices.
2-5
Static Virtual LANs (VLANs)
Non-802.1Q-
compliant switch
Switch
Switch
2524
ProCurve
Switch
ProCurve
Switch
Untagged VLAN Links
Tagged VLAN
Link
Port-Based Virtual LANs (Static VLANs)
Figure 2-4. Example of Tagged and Untagged VLAN Technology in the Same
Network
For more information on VLANs, refer to:
■ “Overview of Using VLANs” (page 2-6)
■ “Menu: Configuring VLAN Parameters (page 2-14)
■ “CLI: Configuring VLAN Parameters” (page 2-14)
■ “Web: Viewing and Configuring VLAN Parameters” (page 2-28)
■ “VLAN Tagging Information” (page 2-29)
■ “Effect of VLANs on Other Switch Features” (page 2-38)
■ “VLAN Restrictions” (page 2-39)
2-6
Overview of Using VLANs
VLAN Support and the Default VLAN
In the factory default configuration, all ports on the switch belong to the
default VLAN (named DEFAULT_VLAN). This places all ports in the switch
into one physical broadcast domain. In the factory-default state, the default
VLAN is the primary VLAN.
You can partition the switch into multiple virtual broadcast domains by adding
one or more additional VLANs and moving ports from the default VLAN to the
new VLANs. You can change the name of the default VLAN, but you cannot
change the default VLAN’s VID (which is always “1”). Although you can remove
all ports from the default VLAN, this VLAN is always present; that is, you
cannot delete it from the switch.
The Primary VLAN
Because certain features and management functions, such as single IPaddress stacking, run on only one VLAN in the switch, and because DHCP and
Bootp can run per-VLAN, there is a need for a dedicated VLAN to manage these
Port-Based Virtual LANs (Static VLANs)
Static Virtual LANs (VLANs)
features and ensure that multiple instances of DHCP or Bootp on different
VLANs do not result in conflicting configuration values for the switch. The
primary VLAN is the VLAN the switch uses to run and manage these features
and data. In the factory-default configuration, the switch designates the
default VLAN (DEFAULT_VLAN) as the primary VLAN. However, to provide
more control in your network, you can designate another VLAN as primary.
To summarize, designating a non-default VLAN as primary means that:
■ The stacking feature runs on the switch’s designated primary VLAN
instead of the default VLAN
■ The switch reads DHCP responses on the primary VLAN instead of on the
default VLAN. (This includes such DHCP-resolved parameters as the
TimeP server address, Default TTL, and IP addressing—including the
Gateway IP address—when the switch configuration specifies DHCP as
the source for these values.)
■ The default VLAN continues to operate as a standard VLAN (except, as
noted above, you cannot delete it or change its VID).
■ Any ports not specifically assigned to another VLAN will remain assigned
to the Default VLAN, regardless of whether it is the primary VLAN.
Candidates for primary VLAN include any static VLAN currently configured
on the switch. (A dynamic—GVRP-learned—VLAN that has not been converted to a static VLAN cannot be the primary VLAN.) To display the current
primary VLAN, use the CLI show vlans command.
Note If you configure a non-default VLAN as the primary VLAN, you cannot delete
that VLAN unless you first select a different VLAN to act as primary.
If you manually configure a gateway on the switch, it will ignore any gateway
address received via DHCP or Bootp.
2-7
Static Virtual LANs (VLANs)
Example of Per-Port
VLAN Configuration
with GVRP Disabled
(the default)
Example of Per-Port
VLAN Configuration
with GVRP Enabled
Enabling GVRP causes “No” to display as “Auto”.
Port-Based Virtual LANs (Static VLANs)
Per-Port Static VLAN Configuration Options
The following figure and table show the options you have for assigning
individual ports to a static VLAN. Note that GVRP, if configured, affects these
options and VLAN behavior on the switch. The display below shows the perport VLAN configuration options. Table 2-1 briefly describes these options.
Figure 2-5. Comparing Per-Port VLAN Options With and Without GVRP
2-8
Table 2-1. Per-Port VLAN Configuration Options
Parameter Effect on Port Participation in Designated VLAN
Tagged
Untagged
No
- or -
Auto
Forbid
Allows the port to join multiple VLANs.
Allows VLAN connection to a device that is configured for an untagged
VLAN instead of a tagged VLAN. The switch allows no more than one
untagged VLAN assignment per port.
: Appears when the switch is not GVRP-enabled; prevents the port from
No
joining that VLAN.
Auto: Appears when GVRP is enabled on the switch; allows the port to
dynamically join any advertised VLAN that has the same VID
Prevents the port from joining the VLAN, regardless of whether GVRP is
enabled on the switch.
Port-Based Virtual LANs (Static VLANs)
Static Virtual LANs (VLANs)
General Steps for Using VLANs
1. Plan your VLAN strategy and create a map of the logical topology that will
result from configuring VLANs. Include consideration for the interaction
between VLANs and other features such as Spanning Tree Protocol, load
balancing, and IGMP. (Refer to “Effect of VLANs on Other Switch Features” on page 2-38.) If you plan on using dynamic VLANs, include the port
configuration planning necessary to support this feature. (See chapter 3,
“GVRP”.)
By default, VLAN support is enabled and the switch is configured for eight
VLANs.
2. Configure at least one VLAN in addition to the default VLAN.
3. Assign the desired switch ports to the new VLAN(s).
4. If you are managing VLANs with SNMP in an IP network, each VLAN must
have an IP address. Refer to the chapter on IP addressing in the Manage-
ment and Configuration Guide.
VLAN Operating Notes
■ If you are using DHCP/Bootp to acquire the switch’s configuration, packet
time-to-live, and TimeP information, you must designate the VLAN on
which DHCP is configured for this purpose as the primary VLAN. (In the
factory-default configuration, the DEFAULT_VLAN is the primary VLAN.)
■ IGMP, and some other features operate on a “per VLAN” basis. This means
you must configure such features separately for each VLAN in which you
want them to operate.
■ You can rename the default VLAN, but you cannot change its VID (1) or
delete it from the switch.
■ Any ports not specifically assigned to another VLAN will remain assigned
to the DEFAULT_VLAN.
■ To delete a VLAN from the switch, you must first remove from that VLAN
any ports assigned to it.
■ Changing the number of VLANs supported on the switch requires a reboot.
Other VLAN configuration changes are dynamic.
Multiple VLAN Considerations
Switches use a forwarding database to maintain awareness of which external
devices are located on which VLANs. Some switches, such as those covered
by this guide, have a multiple-forwarding database, which means the switch
allows multiple database entries of the same MAC address, with each entry
2-9
Static Virtual LANs (VLANs)
Port-Based Virtual LANs (Static VLANs)
showing the (different) source VLAN and source port. Other switch models
have a single-forwarding database, which means they allow only one database entry of a unique MAC address, along with the source VLAN and source
port on which it is found (see Table 2-6). Not all VLANs on a switch covered
by this guide use the same MAC address (see “VLAN MAC Addresses” on page
2-38). Connecting multiple-forwarding database switch to a single-forwarding
database switch where multiple VLANs exist imposes some cabling and port
VLAN assignment restrictions. Table 2-6 illustrates the functional difference
between the two database types.
Table 2-6. Example of Forwarding Database Content
Multiple-Forwarding Database Single-Forwarding Database
MAC Address Destination
0004ea-84d9f4 1 5 0004ea-84d9f4 100 9
0004ea-84d9f4 22 12 0060b0-880af9 105 10
0004ea-84d9f4 44 20 0060b0-880a81 107 17
0060b0-880a81 33 20
This database allows multiple destinations
for the same MAC address. If the switch
detects a new destination for an existing
MAC entry, it just adds a new instance of that
MAC to the table.
VLAN ID
Destination
Port
MAC Address Destination
VLAN ID
This database allows only one destination
for a MAC address. If the switch detects a
new destination for an existing MAC entry,
it replaces the existing MAC instance with
a new instance showing the new
destination.
Destination
Port
2-10
Table 2-7 lists the database structure of current ProCurve switch models.
Table 2-7. Forwarding Database Structure for Managed ProCurve Switches
Multiple Forwarding Databases* Single Forwarding Database*
Switch 8212zl Switch 1600M/2400M/2424M
Series 6400cl switches Switch 4000M/8000M
Switch 6200yl Series 2500 switches
Switch 6108 Switch 2000
Series 5400zl switches Switch 800T
Series 5300xl switches
Series 4200vl switches
Series 4100gl switches
Series 3500yl switches
Series 3400cl switches
Loading...