HP 3400CL-24G User Manual

Release Notes: Version M.10.72 Software

for the HP ProCurve Series 3400cl Switches

"M” software versions are supported on these switches:

ProCurve Switch M.08.51 through

M.08.95

ProCurve Switch 3400cl-24G (J4905A) ProCurve Switch 3400cl-48G (J4906A)

ProCurve Switch 6400cl-6XG 10-GbE CX4(J8433A) ProCurve Switch 6410cl-6XG 10-GbE X2(J8474A)

✔ ✔

M.08.99.x

and newer

✔ ✔

M.08.96, M.08.97,

M.10.01

and newer

✔ ✔

Release M.10.41 supports the ProCurve Switch 3400cl-24G (J4905A), and 3400cl-48G (J4906A). These release notes include information on the following:

■ Downloading switch software and documentation from the Web (page 1)

■ Clarification of operating details for certain software features (page 20)

■ A listing of software enhancements in recent releases (page 25)

■ A listing of software fixes included in releases M.08.51 through M.10.72 (page 145)

IMPORTANT:

3400cl switches MUST be running ROM version I.08.12 prior to loading M.10.20 or newer software. If your switch is using a software version earlier than M.10.10, you need to install and boot the M.10.10 software (included in the M.10.41 software package) to load the I.08.12 ROM version, before installing M.10.20 or newer.

Security Note:

Downloading and booting software release M.08.89 or greater for the first time automatically enables SNMP access to the hpSwitchAuth MIB objects. If this is not desirable for your network, ProCurve recommends that you disable it after downloading and rebooting with the latest switch software. For more information, refer to “Enforcing Switch Security” on page 10 and “Using SNMP To View and Configure Switch Authentication Features” on page 35.

Configuration Compatibility Caution:

Configuration files created or saved using version M.10.65 or higher are NOT backward-compatible with previous software versions. The user is advised to save a copy of the pre-M.10.65 startup-config file BEFORE UPDATING to M.10.68 or greater, in case there is ever a need to revert back to an earlier version of software.

Publication Number

5991-4764 May, 2009

Applicable Product

ProCurve Switch 3400cl-24G (J4905A) ProCurve Switch 3400cl-48G (J4906A)

Trademark Credits

Microsoft®, Windows®, and Windows NT® are US registered trademarks of Microsoft Corporation. Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated. Java™ is a US trademark of Sun Microsystems, Inc.

Software Credits

SSH on ProCurve Switches is based on the OpenSSH software toolkit. This product includes software developed by the OpenSSH Project for use in the OpenSSH Toolkit. For more information on OpenSSH, visit

Disclaimer

HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.

The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Hewlett-Packard assumes no responsibility for the use or reliability of its software on equipment that is not furnished by Hewlett-Packard.

Warranty

See the Customer Support/Warranty booklet included with the product.

A copy of the specific warranty terms applicable to your Hewlett-Packard products and replacement parts can be obtained from your HP Sales and Service Office or authorized dealer.

http:// www.openssh.com

SSL on ProCurve Switches is based on the OpenSSL software toolkit. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. For more information on OpenSSL, visit

http://www.openssl.org.

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com)

Hewlett-Packard Company 8000 Foothills Boulevard, m/s 5551 Roseville, California 95747-5551

www.procurve.com

Software Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1

Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Download Switch Documentation and Software from the Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

View or Download the Software Manual Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Downloading Software to the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Downloading Software to the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

TFTP Download from a Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Xmodem Download From a PC or Unix Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Saving Configurations While Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Install Recommendations for I.08.12 Boot ROM Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

ProCurve Switch, Routing Switch, and Router Software Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Minimum Software Versions for Series 3400cl Switch Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

OS/Web/Java Compatibility Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Enforcing Switch Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

Switch Management Access Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Default Settings Affecting Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Local Manager Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Inbound Telnet Access and Web Browser Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Secure File Transfers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

SNMP Access (Simple Network Management Protocol) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Physical Access to the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Other Provisions for Management Access Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Network Access Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Access Control Lists (ACLs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Web and MAC Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Secure Shell (SSH) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Secure Socket Layer (SSLv3/TLSv1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Traffic/Security Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

802.1X Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Port Security, MAC Lockdown, MAC Lockout, and IP Lockdown . . . . . . . . . . . . . . . . . . . . . . . . 18

Key Management System (KMS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

iii

Connection-Rate Filtering Based On Virus-Throttling Technology . . . . . . . . . . . . . . . . . . . . . . . 19

Identity-Driven Management (IDM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Clarifications and Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

Operating Notes for Jumbo Traffic-Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Non-Genuine Mini-GBIC Detection and Protection Initiative . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Publication Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

IGMP Command Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

General Switch Traffic Security Guideline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

The Management VLAN IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Interoperating with 802.1s Multiple Spanning-Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Rate-Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

Release M.10.17 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

Release M.08.69 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Release M.08.70 through M.08.72 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Release M.08.73 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Release M.08.74 through M.08.77 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Release M.08.78 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Using Fastboot To Reduce Boot Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Release M.08.79 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

CLI Port Rate Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Release M.08.80 through M.08.83 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Release M.08.84 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Release M.08.85 through M.08.88 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Release M.08.89 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

DNS Resolver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Using SNMP To View and Configure Switch Authentication Features . . . . . . . . . . . . . . . . . . . . 35

Releases M.08.90 and M.08.91 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

MSTP Default Path Cost Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

QoS Pass-Through Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Release M.08.94 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

DHCP Option 82: Using the Management VLAN IP Address for the Remote ID . . . . . . . . . . . . 42

UDP Broadcast Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Releases M.08.95 through M.10.01 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Release M.08.96 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Releases M.08.97 through M.10.01 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Release M.10.02 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

RADIUS-Assigned Access Control Lists (ACLs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

SFlow Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Release M.10.04 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Instrumentation Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

TCP/UDP Port Closure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Spanning Tree Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Release M.10.05 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Release M.10.06 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Release M.10.07 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Release M.10.08 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Release M.10.09 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Uni-Directional Link Detection (UDLD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Release M.10.10 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Spanning Tree Per-Port BPDU Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Releases M.10.11 through M.10.12 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Release M.10.13 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Releases M.10.14 through M.10.16 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Release M.10.17 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Spanning Tree BPDU Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Example of BPDU Protection Additions to Show Spanning Tree Command . . . . . . . . . . . . . . . 94

Release M.10.21 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Release M.10.22 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Release M.10.23 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Release M.10.24 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Release M.10.25 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Release M.10.26 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Release M.10.27 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Release M.10.28 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Release M.10.29 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Release M.10.30 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Release M.10.31 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Release M.10.32 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Scheduled Reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Release M.10.33 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

How RADIUS-Based Authentication Affects VLAN Operation . . . . . . . . . . . . . . . . . . . . . . . . . . 102

VLAN Assignment on a ProCurve Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Example of Untagged VLAN Assignment in a RADIUS-Based Authentication Session . . . . . 104

Enabling the Use of GVRP-Learned Dynamic VLANs in Authentication Sessions . . . . . . . . . . 107

Release M.10.34 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Concurrent TACAS+ and SFTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Release M.10.35 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Dynamic ARP Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Release M.10.36 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Release M.10.37 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Configuring MSTP Port Connectivity Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Release M.10.38 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Send SNMP v2c Informs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Release M.10.39 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

RADIUS Server Unavailable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

ARP Age Timer Increase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Release M.10.40 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Release M.10.41 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Release M.10.42 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Release M.10.43 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Dynamic IP Lockdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Release M.10.44 through M.10.64 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Release M.10.65 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

MSTP VLAN Configuration Enhancement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Release M.10.66 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Configure Logging via SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Release M.10.67 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

Release M.10.68 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

LACP and Link Traps Global Disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

Release M.10.69 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

Release M.10.70 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

Release M.10.71 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

Release M.10.72 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

Software Fixes in Release M.08.51 - M.10.72 . . . . . . . . . . . . . . . . . . . . . .145

Release M.08.52 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Release M.08.53 (Never Released) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Release M.08.54 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Release M.08.55 - Release M.08.60 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Release M.08.61 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Release M.08.62 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

Release M.08.63 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

Release M.08.64 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

Release M.08.65 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

Release M.08.66 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

Release M.08.67 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

Release M.08.68 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

Release M.08.69 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

Release M.08.70 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

Release M.08.71 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

Release M.08.72 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Release M.08.73 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Release M.08.74 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Release M.08.75 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

vii

Release M.08.76 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

Release M.08.77 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

Release M.08.78 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Release M.08.79 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Release M.08.80 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Release M.08.81 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Release M.08.82 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Release M.08.83 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Release M.08.84 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Release M.08.85 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Release M.08.86 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Release M.08.87 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Release M.08.88 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Release M.08.89 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Release M.08.90 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

Release M.08.91 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

Release M.08.92 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

Release M.08.93 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

Release M.08.94 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

Release M.08.95 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

Release M.08.96 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

Release M.08.97 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Release M.10.01 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Release M.10.02 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Release M.10.03 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Release M.10.04 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Release M.10.05 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Release M.10.06 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Release M.10.07 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

Release M.10.08 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

Release M.10.09 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

viii

Release M.10.10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

Release M.10.11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

Release M.10.12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

Release M.10.13 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

Release M.10.14 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

Release M.10.15 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

Release M.10.16 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

Release M.10.17 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

Release M.10.18 - Release M.10.19 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

Release M.10.20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

Release M.10.21 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

Release M.10.22 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

Release M.10.23 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

Release M.10.24 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

Release M.10.25 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

Release M.10.26 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

Release M.10.27 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

Release M.10.28 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

Release M.10.29 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

Release M.10.30 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Release M.10.31 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Release M.10.32 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

Release M.10.33 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

Release M.10.34 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Release M.10.35 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Release M.10.36 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

Release M.10.37 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

Release M.10.38 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

Release M.10.39 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Release M.10.40 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Release M.10.41 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Release M.10.42 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

Release M.10.43 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

Release M.10.44 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

Release M.10.45 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Release M.10.46 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Release M.10.47 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Release M.10.48 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

Release M.10.49 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

Release M.10.50 through M.10.64 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

Release M.10.65 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

Release M.10.66 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

Release M.10.67 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

Release M.10.68 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Release M.10.69 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Release M.10.70 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

Release M.10.71 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

Release M.10.72 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

Software Management

Software Updates

Software Management

Software Updates

Check the ProCurve Networking Web site frequently for free software updates for the various ProCurve switches you may have in your network.

Download Switch Documentation and Software from the Web

You can download software updates and the corresponding product documentation from the ProCurve Networking Web site as described below.

View or Download the Software Manual Set

Go to: www.procurve.com/manuals

You may want to bookmark this Web page for easy access in the future.

You can also register on the My ProCurve portal to receive a set of ProCurve switch manuals on CDROM. To register and request a CD, go to www.procurve.com and click on My ProCurve Sign In. After registering and entering the portal, click on My Manuals.

Downloading Software to the Switch

ProCurve Networking periodically provides switch software updates through the ProCurve Networking Web site (www.procurve.com). After you acquire the new software file, you can use one of the following methods for downloading it to the switch:

■ For a TFTP transfer from a server, do either of the following:

• Select Download OS in the Main Menu of the switch’s menu interface and use the (default) TFTP option.

•Use the copy tftp command in the switch’s CLI (see below).

■ For an Xmodem transfer from a PC or Unix workstation, do either of the following:

• Select Download OS in the Main Menu of the switch’s menu interface and select the Xmodem option.

•Use the copy xmodem command in the switch’s CLI (page 3).

■ Use the USB port to download a software file from a USB flash drive.

■ Use the download utility in ProCurve Manager Plus.

Software Management

Downloading Software to the Switch

Note

Downloading new software does not change the current switch configuration. The switch configuration is contained in a separate file that can also be transferred, for example, for archive purposes or to be used in another switch of the same model.

This section describes how to use the CLI to download software to the switch. You can also use the menu interface for software downloads. For more information, refer to the Management and Configuration Guide for your switch.

Downloading Software to the Switch

ProCurve Networking periodically provides switch software updates through the ProCurve Networking Web site (www.procurve.com of the following methods for downloading it to the switch:

■ For a TFTP transfer from a server, do either of the following:

• Click on Download OS in the Main Menu of the switch’s menu interface and use the (default) TFTP option.

). After you acquire the new software file, you can use one

•Use the copy tftp command in the switch’s CLI (see below).

■ For an Xmodem transfer from a PC or Unix workstation, do either of the following:

• Click on Download OS in the Main Menu of the switch’s menu interface and select the Xmodem option.

•Use the copy xmodem command in the switch’s CLI (page 3).

■ Use the download utility in ProCurve Manager Plus.

Note

Downloading Software to the Switch

Software Management

TFTP Download from a Server

Syntax: copy tftp flash <ip-address> <remote-os-file> [ < primary | secondary > ]

Note that if you do not specify the flash destination, the TFTP download defaults to the primary flash.

For example, to download a software file named M_08_8x.swi from a TFTP server with the IP address of 10.28.227.103:

1. Execute the copy command as shown below:

ProCurve switch # copy tftp flash 10.28.227.103 M_08_8x.swi The primary OS image will be deleted. continue [y/n]? Y 03125K

2. When the switch finishes downloading the software file from the server, it displays the progress message shown in Figure 1. When the CLI prompt re-appears, the switch is ready to reboot to activate the downloaded software:

When this message appears, the switch has finished downloading the software file from the server.

When the CLI prompt appears, the switch is ready for rebooting to activate the downloaded software.

ProCurve switch #

Figure 1. Message Indicating the Switch Is Ready To Activate the Downloaded Software

3. Reboot the switch.

After the switch reboots, it displays the CLI or Main Menu, depending on the Logon Default setting last configured in the menu’s Switch Setup screen.

Xmodem Download From a PC or Unix Workstation

This procedure assumes that:

■ The switch is connected via the Console RS-232 port to a PC operating as a terminal. (Refer

to the Installation and Getting Started Guide you received with the switch for information on connecting a PC as a terminal and running the switch console interface.)

■ The switch software is stored on a disk drive in the PC.

Software Management

Downloading Software to the Switch

■ The terminal emulator you are using includes the Xmodem binary transfer feature. (For

example, in the HyperTerminal application included with Windows NT, you would use the Send File option in the Transfer dropdown menu.)

Using Xmodem and a terminal emulator, you can download a switch software file to either primary or secondary flash using the CLI.

Syntax: copy xmodem flash [< primary | secondary >]

1. To reduce the download time, you may want to increase the baud rate in your terminal emulator and in the switch to a value such as 115200 bits per second. (The baud rate must be the same in both devices.) For example, to change the baud rate in the switch to 115200, execute this command:

ProCurve (config)# console baud-rate 115200

(If you use this option, be sure to set your terminal emulator to the same baud rate.)

Changing the console baud-rate requires saving to the Startup Config with the "write memory" command. Alternatively, you can logout of the switch and change your terminal emulator speed and allow the switch to AutoDetect your new higher baud rate (i.e. 115200 bps)

2. Execute the following command in the CLI:

ProCurve # copy xmodem flash primary The primary OS image will be deleted. continue [y/n]? Y Press ‘Enter’ and start XMODEM on your host...

3. Execute the terminal emulator commands to begin the Xmodem transfer. For example, using HyperTerminal:

a. Click on Transfer, then Send File. b. Type the file path and name in the Filename field. c. In the Protocol field, select Xmodem.

d. Click on the

Send button.

The download can take several minutes, depending on the baud rate used in the transfer.

4. If you increased the baud rate on the switch (step 1), use the same command to return it to its previous setting. (HP recommends a baud rate of 9600 bits per second for most applications.) Remember to return your terminal emulator to the same baud rate as the switch.)

5. Reboot the switch.

After the switch reboots, it displays the CLI or Main Menu, depending on the Logon Default setting last configured in the menu’s Switch Setup screen.

Saving Configurations While Using the CLI

Software Management

Saving Configurations While Using the CLI

The switch operates with two configuration files:

■ Running-Config File: Exists in volatile memory and controls switch operation. Rebooting

the switch erases the current running-config file and replaces it with an exact copy of the current startup-config file. To save a configuration change, you must save the running configuration to the startup-config file.

■ Startup-Config File: Exists in flash (non-volatile) memory and preserves the most recently-

saved configuration as the “permanent” configuration. When the switch reboots for any reason, an exact copy of the current startup-config file becomes the new running-config file in volatile memory.

When you use the CLI to make a configuration change, the switch places the change in the runningconfig file. If you want to preserve the change across reboots, you must save the change to the startupconfig file. Otherwise, the next time the switch reboots, the change will be lost. There are two ways to save configuration changes while using the CLI:

■ Execute write memory from the Manager, Global, or Context configuration level.

■ When exiting from the CLI to the Main Menu, press [Y] (for Yes) when you see the “save

configuration” prompt:

Do you want to save current configuration [y/n] ?

Software Management

Install Recommendations for I.08.12 Boot ROM Update

When installing the M.10.17 software to load the I.08.12 ROM version, ProCurve recommends that you use the “fastboot” feature and the “reload” command after updating to M.10.17, as shown below.

ProCurve3400cl#config ProCurve3400cl(config)# fastboot ProCurve3400cl(config)# copy tftp flash <ip address of tftp server> M_10_17.swi The Primary OS Image will be deleted, continue [y/n]? y Validating and Writing System

Software to FLASH...

ProCurve3400cl(config)# reload

Device will be rebooted, do you want to continue [y/n]? y

Rebooting the System

Then reconnect and run the show flash command:

ProCurve3400cl# show flas Image Size(Bytes) Date Version

----- ---------- -------- ------Primary Image : 3576793 09/26/06 M.10.17 Secondary Image : 3506627 05/26/06 M.10.07 Boot Rom Version: I.08.12 Current Boot : Primary

Please also refer to “Known Issues” on page 24 for additional information regarding updating to the M.10.20 software release.

ProCurve Switch, Routing Switch, and Router Software Keys

Software Management

ProCurve Switch, Routing Switch, and Router Software Keys

Software

Letter

CY Switch 8100fl Series (8108fl and 8116fl)

ProCurve Networking Products

C 1600M, 2400M, 2424M, 4000M, and 8000M

E Switch 5300xl Series (5304xl, 5308xl, 5348xl, and 5372xl)

F Switch 2500 Series (2512 and 2524), Switch 2312, and Switch 2324

G Switch 4100gl Series (4104gl, 4108gl, and 4148gl)

H Switch 2600 Series, Switch 2600-PWR Series: H.07.81 and earlier, or H.08.55 and greater,

Switch 2600-8-PWR requires H.08.80 or greater. Switch 6108: H.07.xx and earlier

I Switch 2800 Series (2824 and 2848)

J Secure Router 7000dl Series (7102dl and 7203dl)

K Switch 3500yl Series (3500yl-24G-PWR and 3500yl-48G-PWR), Switch 6200yl-24G, 5400zl Series (5406zl,

5406zl-48G, 5412zl, 5412zl-96G), Switch 8212zl and Switch 6600 Series (6600-24G, 6600-24G-4XG, 660024XG).

L Switch 4200vl Series (4204vl, 4208vl, 4202vl-72, and 4202vl-48G)

M Switch 3400cl Series (3400-24G and 3400-48G): M.08.51 though M.08.97, or M.10.01 and greater;

Series 6400cl (6400cl-6XG CX4, and 6410cl-6XG X2 ): M.08.51 though M.08.95, or M.08.99 to M.08.100 and greater.

N Switch 2810 Series (2810-24G and 2810-48G)

PA/PB Switch 1800 Series (Switch 1800-8G – PA.xx; Switch 1800-24G – PB.xx)

Q Switch 2510 Series (2510-24)

R Switch 2610 Series (2610-24, 2610-24/12PWR, 2610-24-PWR, 2610-48 and 2610-48-PWR)

T Switch 2900 Series (2900-24G and 2900-48G)

U Switch 2510-48

W Switch 2910al Series (2910al-24G, 2910al-24G-PoE+, 2910al-48G, and 2910al-48G-PoE+)

VA/VB Switch 1700 Series (Switch 1700-8 - VA and 1700-24 - VB)

WA ProCurve Access Point 530

WS ProCurve Wireless Edge Services xl Module and the ProCurve Redundant Wireless Services xl Module

WT ProCurve Wireless Edge Services zl Module and the ProCurve Redundant Wireless Services zl Module

Y Switch 2510G Series (2510G-24 and 2510G-48)

Software Management

ProCurve Switch, Routing Switch, and Router Software Keys

Software

Letter

numeric Switch 9408sl, Switch 9300 Series (9304M, 9308M, and 9315M), Switch 6208M-SX and Switch 6308M-SX

ProCurve Networking Products

(Uses software version number only; no alphabetic prefix. For example 07.6.04.)

Minimum Software Versions for Series 3400cl Switch Features

Software Management

Minimum Software Versions for Series 3400cl Switch Features

For Software Features. To view a tabular listing of major switch software features and the minimum software version each feature requires:

1. Visit the ProCurve Networking Web site at w

ww.procurve.com.

2. Click on Software updates.

3. Click on Minimum Software Version Required by Feature.

For Switch 3400cl Hardware Accessories.

ProCurve Device Minimum Supported

J8434A ProCurve 10-GbE Copper Module M.08.54

J8435A ProCurve 10-GbE Media Flex Module M.08.54

J8436A ProCurve 10-GbE X2-SC SR Optic M.08.51

J8437A ProCurve 10-GbE X2-SC LR Optic M.08.54

J8438A ProCurve 10 GbE X2-SC ER Optic M.08.75

J8439A ProCurve 10-GbE CX4 Media Converter M.08.54

J8440A ProCurve 10-GbE X2-CX4 Transceiver M.08.54

J8440B ProCurve 10-GbE X2-CX4 Transceiver M.10.06

Software Version

OS/Web/Java Compatibility Table

The switch Web agent supports the following combinations of OS browsers and Java Virtual Machines:

Operating System Internet Explorer Java

Windows NT 4.0 SP6a 5.00, 5.01

5.01, SP1

6.0, SP1

Windows 2000 Pro SP4 5.05, SP2

Sun Java 2 Runtime Environment:

– Version 1.3.1.12 – Version 1.4.2.05

6.0, SP1

Windows XP Pro SP2 6.0, SP2

Windows Server SE 2003

and 7.0

Sun Java 2 Runtime Environment:

– Version 1.5.0_11, Version 1.6.0

SP2

Windows Vista

Enforcing Switch Security

Switch Management Access Security

Enforcing Switch Security

ProCurve switches are designed as “plug and play” devices, allowing quick and easy installation in your network. However, when preparing the switch for network operation, ProCurve strongly recommends that you enforce a security policy to help ensure that the ease in getting started is not used by unauthorized persons as an opportunity for access and possible malicious actions. Since security incidents can originate with sources inside as well as outside of an organization, your switch and network access security provisions must protect against internal and external threats while preserving the necessary network access for authorized clients and uses.

This section provides an overview of switch management and network access security features and applications. For information on specific features, refer to the software manuals provided for your switch model.

Caution:

In its default configuration, the switch is open to unauthorized access of various types. ProCurve recommends that you review this section to help ensure that you recognize the potential for unauthorized switch and network access and are aware of the features available to help prevent such access.

Switch Management Access Security

This section outlines provisions for protecting access to the switch’s status information configuration settings. For more detailed information on these features, refer to the indicated manuals.

Default Settings Affecting Security

In the default configuration, switch management access is available through the following methods:

■ Telnet

■ Web-browser interface (including the ability to launch Telnet access)

■ SNMP access

■ Front-Panel access (serial port access to the console, plus resets and clearing the pass-

word(s) or current configuration)

Switch Management Access Security

Enforcing Switch Security

It is important to evaluate the level of management access vulnerability existing in your network and take steps to ensure that all reasonable security precautions are in place. This includes both configurable security options and physical access to the switch hardware.

Local Manager Password

In the default configuration, there is no password protection. Configuring a local Manager password is a fundamental step in reducing the possibility of unauthorized access through the switch’s web browser and console (CLI and Menu) interfaces. The Manager password can easily be set using the CLI password manager command, the Menu interface Console Passwords option, or the password options under the Security tab in the web browser interface.

Inbound Telnet Access and Web Browser Access

The default remote management protocols enabled on the switch are plain text protocols, which transfer passwords in open or plain text that is easily captured. To reduce the chances of unauthorized users capturing your passwords, secure and encrypted protocols such as SSH and SSL must be used for remote access. This enables you to employ increased access security while still retaining remote client access.

■ SSHv2 provides Telnet-like connections through encrypted and authenticated transactions

■ SSLv3/TLSv1 provides remote web browser access to the switch via encrypted paths

between the switch and management station clients capable of SSL/TLS operation.

(For information on SSH and SSL/TLS, refer to the chapters on these topics in the Advanced Traffic Management Guide for your switch.)

Also, access security on the switch is incomplete without disabling Telnet and the standard web browser access.Among the methods for blocking unauthorized access attempts using Telnet or the Web browser are the following two commands:

■ no telnet-server: This CLI command blocks inbound Telnet access.

■ no web-management: This CLI command prevents use of the web browser interface

through http (port 80) server access.

If you choose not to disable Telnet and web browser access, you may want to consider using RADIUS accounting to maintain a record of password-protected access to the switch. Refer to the chapter titled “RADIUS Authentication and Accounting” in the Access Security Guide for your switch.

Secure File Transfers

Secure Copy and SFTP provide a secure alternative to TFTP and auto-TFTP for transferring sensitive information such as configuration files and log information between the switch and other devices. For more on these features, refer to the section titled “Using Secure Copy and SFTP” in the “File Transfers” appendix of the Management and Configuration Guide for your switch.

Enforcing Switch Security

Switch Management Access Security

SNMP Access (Simple Network Management Protocol)

In the default configuration, the switch is open to access by management stations running SNMP management applications capable of viewing and changing the settings and status data in the switch’s MIB (Management Information Base). Thus, controlling SNMP access to the switch and preventing unauthorized SNMP access should be a key element of your network security strategy.

General SNMP Access to the Switch. The switch supports SNMP versions 1, 2c, and 3, including SNMP community and trap configuration. The default configuration supports versions 1 and 2c compatibility, which uses plain text and does not provide security options. ProCurve recommends that you enable SNMP version 3 for improved security. SNMPv3 includes the ability to configure restricted access and to block all non-version 3 messages (which blocks version 1 and 2c unprotected operation). SNMPv3 security options include:

• configuring device communities as a means for excluding management access by

unauthorized stations

• configuring for access authentication and privacy

• reporting events to the switch CLI and to SNMP trap receivers

• restricting non-SNMPv3 agents to either read-only access or no access

• co-existing with SNMPv1 and v2c if necessary

For more on SNMPV3, refer to the next subsection and to the chapter titled “Configuring for Network Management Applications” in the Management and Configuration Guide for your switch.

SNMP Access to the Switch’s Authentication Configuration MIB . A management station running an SNMP networked device management application such as ProCurve Manager Plus (PCM+) or HP OpenView can access the switch’s management information base (MIB) for read access to the switch’s status and read/write access to the switch’s configuration. In earlier software versions, SNMP access to the switch’s authentication configuration (hpSwitchAuth) MIB was not allowed. However, beginning with software release M.08.89, the switch’s default configuration allows SNMP access to security settings in hpSwitchAuth. If SNMP access to the hpSwitchAuth MIB is considered a security risk in your network, then you should implement the following security precautions when downloading and booting from software release M.08.89 or greater:

1. If SNMP access to the authentication configuration (hpSwitchAuth) MIB described above and in the section titled “Using SNMP To View and Configure Switch Authentication Features” (page

35) is not desirable for your network, then immediately after downloading and booting from

the M.08.89 or greater software for the first time, use the following command to disable this feature:

snmp-server mib hpswitchauthmib excluded

Switch Management Access Security

Enforcing Switch Security

Caution:

Downloading and booting from the M.08.89 or greater software version for the first time enables SNMP access to the authentication configuration MIB (the default action). If SNMPv3 and other security safeguards are not in place, the switch’s authentication configuration MIB is exposed to unprotected SNMP access and you should use the above command to disable this access.

2. If you choose to leave the authentication configuration MIB accessible, then you should do the following to help ensure that unauthorized workstations cannot use SNMP tools to access the MIB:

• Configure SNMP version 3 management and access security on the switch.

• Disable SNMP version 2c on the switch.

Refer to “Using SNMP Tools To Manage the Switch” in the chapter titled “Configuring for Network Management Applications” in the Management and Configuration Guide for your switch. .

Physical Access to the Switch

Physical access to the switch allows the following:

■ use of the console serial port (CLI and Menu interface) for viewing and changing the current

configuration and for reading status, statistics, and log messages.

■ use of the switch’s Clear and Reset buttons for these actions:

• clearing (removing) local password protection

• rebooting the switch

• restoring the switch to the factory default configuration (and erasing any nondefault

configuration settings)

Keeping the switch in a locked wiring closet or other secure space helps to prevent unauthorized physical access. As additional precautions, you can do the following:

■ Disable or re-enable the password-clearing function of the Clear button.

■ Configure the Clear button to reboot the switch after clearing any local usernames and

passwords.

■ Modify the operation of the Reset+Clear button combination so that the switch reboots, but

does not restore the switch’s factory default settings.

■ Disable or re-enable password recovery.

Enforcing Switch Security

Switch Management Access Security

For the commands to implement the above actions, refer to “Front-Panel Security” in the chapter titled “Configuring Usernames and Passwords” in the Access Security Guide for your switch.

Other Provisions for Management Access Security

Authorized IP Managers. This feature uses IP addresses and masks to determine whether to allow management access to the switch through the network, and covers access through the following:

■ Telnet and other terminal emulation applications

■ The switch’s web browser interface

■ SNMP (with a correct community name)

Refer to the chapter titled “Using Authorized IP Managers” in the Access Security Guide for your switch.

Secure Management VLAN. This feature creates an isolated network for managing the ProCurve switches that offer this feature. When a secure management VLAN is enabled, CLI, Menu interface, and web browser interface access is restricted to ports configured as members of the VLAN.

Refer to the chapter titled “Static Virtual LANs (VLANs)” in the Advanced Traffic Management Guide for your switch.

RADIUS Authentication. For each authorized client, RADIUS can be used to authenticate operator or manager access privileges on the switch via the serial port (CLI and Menu interface), Telnet, SSH, and Secure FTP/Secure Copy (SFTP/SCP) access methods.

Refer to the chapter titled “RADIUS Authentication and Accounting” in the Access Security Guide for your switch.

TACACS+ Authentication. This application uses a central server to allow or deny access to TACACS-aware devices in your network. TACACS+ uses username/password sets with associated privilege levels to grant or deny access through either the switch’s serial (console) port or remotely, with Telnet. If the switch fails to connect to a TACACS+ server for the necessary authentication service, it defaults to its own locally configured passwords for authentication control. TACACS+ allows both login (read-only) and enable (read/write) privilege level access.

Refer to the chapter titled “TACACS+ Authentication” in the Access Security Guide for your switch model.

Access Control Lists (ACLs) for Management Access Protection. ACLs can be used to secure access to the management interface of the switch by blocking inbound IP traffic that has the switch itself as the destination address. (Refer also to “Access Control Lists” in the next section.)

Enforcing Switch Security

Network Access Security

This section outlines provisions for protecting access through the switch to the network. For more detailed information on these features, refer to the indicated manuals.

Access Control Lists (ACLs)

ACLs enable the switch to permit or deny the following:

■ any inbound IP traffic on a port

■ specific types of TCP or UDP traffic

While ACLs do not provide user or device authentication, or protection from malicious manipulation of data in IP packet transmissions, ACLs can enhance network security by blocking selected IP traffic types. This functionality can be utilized to:

■ permit or deny in-band management access by limiting or preventing the use of designated

TCP or UDP protocols

■ permit or deny unwanted IP traffic to or from specific hosts

Refer to the chapter titled “Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches” in the Advanced Traffic Management Guide for your switch model.

Web and MAC Authentication

These options are designed for application on the edge of a network to provide port-based security measures for protecting private networks and the switch itself from unauthorized access. Because neither method requires clients to run any special supplicant software, both are suitable for legacy systems and temporary access situations where introducing supplicant software is not an attractive option. Both methods rely on using a RADIUS server for authentication. This simplifies access security management by allowing you to control access from a master database in a single server. It also means the same credentials can be used for authentication, regardless of which switch or switch port is the current access point into the LAN. Web authentication uses a web page login to authenticate users for access to the network. MAC authentication grants access to a secure network by authenticating device MAC address for access to the network.

Refer to the chapter titled “Web and MAC Authentication” in the Access Security Guide for your switch model.

Enforcing Switch Security

Network Access Security

Secure Shell (SSH)

SSH provides Telnet-like functions through encrypted, authenticated transactions of the following types:

■ client public-key authentication: uses one or more public keys (from clients) that must

be stored on the switch. Only a client with a private key that matches a stored public key can gain access to the switch.

■ switch SSH and user password authentication: this option is a subset of the client public-

key authentication, and is used if the switch has SSH enabled without a login access configured to authenticate the client’s key. In this case, the switch authenticates itself to clients, and users on SSH clients then authenticate themselves to the switch by providing passwords stored on a RADIUS or TACACS+ server, or locally on the switch.

■ secure copy (SC) and secure FTP (SFTP): By opening a secure, encrypted SSH session,

you can take advantage of SC and SFTP to provide a secure alternative to TFTP for transferring sensitive switch information.

Refer to the chapter titled “Configuring Secure Shell (SSH)” in the Access Security Guide for your switch model. For more on SC and SFTP, refer to the section titled “Using Secure Copy and SFTP” in the “File Transfers” appendix of the Management and Configuration Guide for your switch model.

Secure Socket Layer (SSLv3/TLSv1)

This feature includes use of Transport Layer Security (TLSv1) to provide remote web access to the switch via authenticated transactions and encrypted paths between the switch and management station clients capable of SSL/TLS operation. The authenticated type includes server certificate authentication with user password authentication.

Refer to the chapter titled “Configuring Secure Socket Layer (SSL) in the Access Security Guide for your switch model.

Traffic/Security Filters

These statically configured filters enhance in-band security (and improve control over access to network resources) by forwarding or dropping inbound network traffic according to the configured criteria. Filter options and the devices that support them are listed in the following table:

Enforcing Switch Security

Network Access Security

Switch Model Source-Port

Filters

Series 6400cl X -- --

Series 5400zl X X X

Series 5300xl X X X

Series 4200vl X -- --

Series 3500yl X X X

Series 3400cl X -- --

Series 2800 X -- --

Series 2600 X -- --

■ source-port filters: Inbound traffic from a designated, physical source-port will be

Protocol Filters

Multicast Filters

forwarded or dropped on a per-port (destination) basis.

■ multicast filters: Inbound traffic having a specified multicast MAC address will be

forwarded to outbound ports or dropped on a per-port (destination) basis.

■ protocol filters: Inbound traffic having the selected frame (protocol) type will be forwarded

or dropped on a per-port (destination) basis.

Refer to the chapter titled “Traffic/Security Filters” in the Access Security Guide for your switch model.

802.1X Access Control

This feature provides port-based or client-based authentication through a RADIUS server to protect the switch from unauthorized access and to enable the use of RADIUS-based user profiles to control client access to network services. Included in the general features are the following:

■ client-based access control supporting up to 32 authenticated clients per-port

■ port-based access control allowing authentication by a single client to open the port

■ switch operation as a supplicant for point-to-point connections to other 802.1X-aware

switches

The following table shows the type of access control available on the various ProCurve switch models:

Enforcing Switch Security

Network Access Security

Access Control Types 6200yl 5400zl 3500yl 5300xl

client-based access control (up to 32 authenticated clients per port)

port-based access control (one authenticated client opens the port)

switch operation as a supplicant X X X X X

* On the 5300xl switches, this feature is available with software release E.09.02 and greater.

XX*------

X XXX X

4200vl

3400cl 6400cl

2800 2600 2600-pwr

4100gl

Refer to the chapter titled “Configuring Port-Based and Client-Based Access Control” in the Access Security Guide for your switch model.

Port Security, MAC Lockdown, MAC Lockout, and IP Lockdown

These features provide device-based access security in the following ways:

■ port security: Enables configuration of each switch port with a unique list of the MAC

addresses of devices that are authorized to access the network through that port. This enables individual ports to detect, prevent, and log attempts by unauthorized devices to communicate through the switch. Some switch models also include eavesdrop prevention in the port security feature.

■ MAC lockdown: This “static addressing” feature is used as an alternative to port security

for to prevent station movement and MAC address “hijacking” by allowing a given MAC address to use only one assigned port on the switch. MAC lockdown also restricts the client device to a specific VLAN.

■ MAC lockout: This feature enables blocking of a specific MAC address so that the switch

drops all traffic to or from the specified address.

■ IP lockdown: Available on Series 2600 and 2800 switches only, this feature enables restric-

tion of incoming traffic on a port to a specific IP address/subnet, and denies all other traffic on that port.

Refer to the chapter titled “Configuring and Monitoring Port Security” in the Access Security Guide for your switch model.

Key Management System (KMS)

KMS is available in several ProCurve switch models and is designed to configure and maintain key chains for use with KMS-capable routing protocols that use time-dependent or time-independent keys. (A key chain is a set of keys with a timing mechanism for activating and deactivating individual

Enforcing Switch Security

Network Access Security

keys.) KMS provides specific instances of routing protocols with one or more Send or Accept keys that must be active at the time of a request.

Refer to the chapter titled “Key Management System” in the Access Security Guide for your switch model.

Connection-Rate Filtering Based On Virus-Throttling Technology

While not specifically a tool for controlling network access, this feature does help to protect the network from attack and is recommeded for use on the network edge. It is primarily focused on the class of worm-like malicious code that tries to replicate itself by taking advantage of weaknesses in network applications behind unsecured ports. In this case, the malicious code tries to create a large number of outbound IP connections on a routed interface in a short time. Connection-Rate filtering detects hosts that are generating routed traffic that exhibits this behavior, and causes the switch to generate warning messages and (optionally) to either throttle routed traffic from the offending hosts or drop all traffic from the offending hosts.

Refer to the chapter titled “Virus Throttling” in the Access Security Guide for your switch model.

Identity-Driven Management (IDM)

IDM is a plug-in to ProCurve Manager Plus (PCM+) and uses RADIUS-based technologies to create a user-centric approach to network access management and network activity tracking and monitoring. IDM enables control of access security policy from a central management server, with policy enforcement to the network edge, and protection against both external and internal threats.

Using IDM, a system administrator can configure automatic and dynamic security to operate at the network edge when a user connects to the network. This operation enables the network to distinguish among different users and what each is authorized to do. Guest access can also be configured without compromising internal security. This means that users can be identified and either approved or denied at the edge of the network instead of in the core.

Criteria for enforcing RADIUS-based security for IDM applications includes classifiers such as:

■ authorized user identity

■ authorized device identity (MAC address)

■ software running on the device

■ physical location in the network

■ time of day

Responses can be configured to support the networking requirements, user (SNMP) community, service needs, and access security level for a given client and device.

For more information on IDM, visit the ProCurve web site at http://www.procurve.com

and click on

Products and Solutions, then Identity Driven Management (under Network Management).

Clarifications and Updates

Operating Notes for Jumbo Traffic-Handling

Clarifications and Updates

Operating Notes for Jumbo Traffic-Handling

In the Management and Configuration Guide, (Oct., 2005 version) on page 14-33 ( page 347 of the .pdf file) where it states:

When a port is not a member of any jumbo-enabled VLAN, it drops all jumbo traffic. If the port is receiving “excessive” inbound jumbo traffic, the port generates an Event Log message to notify you of this condition. This same condition generates a Fault-Finder message in the Alert log of the switch’s web browswer interface, and also increments the switch’s “Giant Rx” counter.

Note that it is the “Total Rx Errors” counter that is incremented, not the “Giant Rx” counter. On the 3400cl and 6400cl series switches, when the switch applies the jumbo MTU to a VLAN, all frames with jumbo MTU sizes (1523 to 9220 bytes) are incremented to “Total Rx Errors”.

Non-Genuine Mini-GBIC Detection and Protection Initiative

Non-genuine ProCurve Transceivers and Mini-GBICs have been offered for sale in the marketplace. To protect customer networks from these unsupported products, ProCurve switch software includes the capability to detect and disable non-genuine transceivers and mini-GBICs discovered in Series 3400cl Switch ports. When a non-genuine device is discovered, the switch disables the port and generates an error message in the Event Log.

Publication Updates

Table 1 lists updates to the manual set dated January, 2005.

Table 1. Publication Updates for Manual Set Dated January, 2005

Management and Configuration Guide for the 3400cl, 5300xl, & 6400cl Switches, p/n 5990-6050, January 2005

Edition

Chapter 14: “Configuring for Network Management Applications” Pages 14-44 and 14-49

Update

show lldp info stats is an invalid command.

The The correct syntax is: show lldp stats.

+ 167 hidden pages

HP 3400CL-24G User Manual

Contents

Software Management

Software Updates

Download Switch Documentation and Software from the Web

View or Download the Software Manual Set

Downloading Software to the Switch

Downloading Software to the Switch

TFTP Download from a Server

Xmodem Download From a PC or Unix Workstation

Saving Configurations While Using the CLI

Install Recommendations for I.08.12 Boot ROM Update

ProCurve Switch, Routing Switch, and Router Software Keys

Minimum Software Versions for Series 3400cl Switch Features

OS/Web/Java Compatibility Table

Enforcing Switch Security

Switch Management Access Security

Default Settings Affecting Security

Local Manager Password

Inbound Telnet Access and Web Browser Access

Secure File Transfers

SNMP Access (Simple Network Management Protocol)

Physical Access to the Switch

Other Provisions for Management Access Security

Network Access Security

Access Control Lists (ACLs)

Web and MAC Authentication

Secure Shell (SSH)

Secure Socket Layer (SSLv3/TLSv1)

Traffic/Security Filters

802.1X Access Control

Port Security, MAC Lockdown, MAC Lockout, and IP Lockdown

Key Management System (KMS)

Connection-Rate Filtering Based On Virus-Throttling Technology

Identity-Driven Management (IDM)

Clarifications and Updates

Operating Notes for Jumbo Traffic-Handling

Non-Genuine Mini-GBIC Detection and Protection Initiative

Publication Updates