HP OfficeConnect 1850 Management And Configuration Manual

Download

Page 1

HPE OfficeConnect 1850 6XGT 2XGT/SFP+ Switch Management and Configuration Guide

Abstract

Use this guide to assist in managing the following HPE OfficeConnect 1850 switch:

HPE OfficeConnect 1850 6XGT 2XGT/SFP+ Switch (JL169A)

Part Number: 5200-0095

Published: September 2016

Edition: 1

Page 2

The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license.

Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise website.

Acknowledgments

Microsoft

, Windows®, and Windows NT® are US registered trademarks of Microsoft Corporation.

Java and Oracle are registered trademarks of Oracle and/or its affiliates.

Revision History

Revision #: Initial Release Date: September 2016

Open Source Code Notice

This product includes code licensed under the GNU General Public License, the GNU Lesser General Public License, and/or certain other open source licenses. A complete machine-readable copy of the source code corresponding to such code is available upon request. This offer is valid to anyone in receipt of this information and shall expire three years following the date of the final distribution of this product version by Hewlett Packard Enterprise Company. To receive the CD, HPE charges a small fee in order to cover the actual costs of manufacturing and shipping the CD.

Requests for Open Source Software should be emailed to HPN_SMB_FOSS_code_request@hpe.com

Please specify the product and version for which you are requesting source code.

Warranty

For the software end user license agreement and the hardware limited warranty information for HPE Networking products, visit

http://www.hpe.com/support/Networking-Warranties

Applicable Products

HPE OfficeConnect 1850 6XGT 2XGT/SFP+ Switch JL169A

Page 3

Contents

Preface............................................................................................................. 6

About This Document ..................................................................................................................... 6

Audience .................................................................................................................................. 6

About Your Switch Manual Set ....................................................................................................... 6

Supported Features ........................................................................................................................ 7

1 Getting Started ...............................................................................................8

Connecting the Switch to a Network............................................................................................... 8

Operating System and Browser Support.................................................................................. 9

Getting Started With the Web Interface..........................................................................................9

Logging On............................................................................................................................... 9

Interface Layout and Features ............................................................................................... 10

Common Page Elements ....................................................................................................... 11

Saving Changes..................................................................................................................... 11

Graphical Switch .................................................................................................................... 11

Port Configuration and Summary .................................................................................... 12

System LEDs................................................................................................................... 12

Port Status Indicator ........................................................................................................ 12

2 Dashboard....................................................................................................13

3 Setup Network..............................................................................................15

Get Connected.............................................................................................................................. 15

System Time Pages...................................................................................................................... 18

System Time .......................................................................................................................... 18

Time Configuration................................................................................................................. 19

Time Zone Configuration........................................................................................................ 22

Daylight Saving Time Configuration....................................................................................... 23

4 Switching Features.......................................................................................25

Port Configuration......................................................................................................................... 25

Port Status ............................................................................................................................. 25

Modifying Interface Settings ............................................................................................ 26

Port Summary Statistics.........................................................................................................27

Port Mirroring ................................................................................................................................ 28

Jumbo Frames.............................................................................................................................. 30

Flow Control.................................................................................................................................. 31

Spanning Tree .............................................................................................................................. 31

Contents 3

Page 4

Spanning Tree Status ............................................................................................................32

Global STP Settings and Port Status ..................................................................................... 34

Port STP Settings................................................................................................................... 36

Auto Recovery Configuration........................................................................................................ 39

Loop Protection............................................................................................................................. 41

Loop Protection Status........................................................................................................... 41

Loop Protection Configuration................................................................................................ 42

Configuring Loop Protection Settings on Interfaces ........................................................ 43

IGMP Snooping ............................................................................................................................ 45

5 Virtual LAN ...................................................................................................46

Viewing VLAN Status and Adding VLANs .................................................................................... 46

Adding VLANs........................................................................................................................ 47

Changing a VLAN Name........................................................................................................ 48

Configuring Interfaces as VLAN Members ................................................................................... 48

VLAN Port Configuration .............................................................................................................. 50

6 Trunks ..........................................................................................................51

Trunk Configuration ...................................................................................................................... 52

Modifying Trunk Settings........................................................................................................53

Trunk Statistics ............................................................................................................................. 54

7 Link Layer Discovery Protocol (LLDP and LLDP-MED) ...............................55

LLDP Global Configuration........................................................................................................... 55

LLDP Local Device Summary.......................................................................................................57

Displaying Port Details ........................................................................................................... 58

LLDP Remote Device Summary................................................................................................... 59

LLDP Global Statistics .................................................................................................................. 60

LLDP-MED Global Configuration.................................................................................................. 62

LLDP-MED Local Device Summary.............................................................................................. 64

LLDP-MED Remote Device Summary.......................................................................................... 65

Displaying Remote Device Details ......................................................................................... 66

8 Security ........................................................................................................68

Advanced Security Configuration .................................................................................................68

Secure Connection ....................................................................................................................... 69

Uploading SSL Certificates and Encryption Files................................................................... 71

Storm Control Configuration ......................................................................................................... 73

9 Green Features ............................................................................................75

Green Features Configuration ...................................................................................................... 75

Page 4 Contents

Page 5

EEE Status ................................................................................................................................... 76

10 Diagnostics.................................................................................................77

Buffered Log ................................................................................................................................. 77

Crash Log............................................................................................................................... 78

Log Configuration ......................................................................................................................... 79

Cable Diagnostics......................................................................................................................... 81

Ping Test....................................................................................................................................... 83

Reboot Switch............................................................................................................................... 84

Factory Defaults............................................................................................................................ 84

Support File .................................................................................................................................. 85

Locator.......................................................................................................................................... 86

MAC Table.................................................................................................................................... 87

11 Maintenance Pages ...................................................................................89

Password Manager....................................................................................................................... 89

Backup and Update Manager .......................................................................................................90

Backing Up Files .................................................................................................................... 90

Updating Files ........................................................................................................................ 91

Dual Image Configuration ............................................................................................................. 93

A Support and other resources .......................................................................94

Accessing Hewlett Packard Enterprise Support..................................................................... 94

Accessing updates ................................................................................................................. 94

Websites.......................................................................................................................... 95

Customer self repair ........................................................................................................ 95

Remote support ............................................................................................................... 95

Documentation feedback................................................................................................. 96

B Warranty information ...................................................................................97

Warranty information .................................................................................................................... 97

Contents 5

Page 6

Preface

About This Document

HPE OfficeConnect 1850 series switches provide reliable, plug-and-play Gigabit network connectivity. The HPE OfficeConnect 1850 series switches are ideal for open offices that require silent operation or businesses making the transition from unmanaged to managed networks.

The HPE OfficeConnect 1850 series switches can be managed in-band from a remote network station using a web-based graphical user interface (GUI), and its configuration may also be viewed using the SNMP manager. This guide describes how to configure and view the software features using the web GUI.

Audience

The information in this guide is primarily intended for system administrators and support providers who are responsible for configuring, operating, or supporting a network using HPE 1820 series switch software. An understanding of the software specifications for the networking device platform, and a basic knowledge of Ethernet and networking concepts, are presumed.

About Your Switch Manual Set

The switch manual set includes the following:

 HPE OfficeConnect 1850 Switch Series Quick Setup Guide and Safety/Regulatory Informa-

tion - a printed guide shipped with your switch. Provides illustrations for basic installation and setup. Also includes product specifications, as well as safety and regulatory statements and standards supported by the switch.

 HPE OfficeConnect 1850 Switch Series Installation and Getting Started Guide - (HPE web-

site only). Provides detailed installation guide for your switch, including physical installation on your network, basic troubleshooting, product specifications, supported accessories, Regulatory and Safety information.

 HPE OfficeConnect 1850 Switch Series Management and Configuration Guide - This guide

describes how to manage and configure switch features using a web browser interface.

 Release Notes - (HPE website only). Provides information on software updates. The Release

Notes describe new features, fixes, and enhancements that become available between revisions of the above guides.

NOTE:

For the latest version of all HPE documentation, visit the HPE website at

www.hpe.com. Then select your switch product.

Page 6 About This Document

Page 7

Supported Features

HPE OfficeConnect 1850 series switches include support for the following features:

Feature HPE OfficeConnect 1850 Series Switch

HTTP and HTTPS sessions 4 each, 8 total

SNMP v1/v2c (read-only) community 1

MAC table 16000 entries

SNTP server configuration 1

Time zones count 91

Jumbo frame size 9216 bytes

Soft session web session timeout 1 min–60 min

Hard session web session timeout 1 Hr–168 Hrs

Trunk configuration 4

Trunk membership ports 4

VLANs 64

VLAN IDs 1-4093

VLAN priority levels 0–7

Syslog servers 1

Buffered logs 100 (total storage 10K)

Maintenance users 1

Password length 8 chars–64 chars

Images 2

Supported Features 7

Page 8

1 Getting Started

This chapter describes how to make the initial connections to the switch and provides an overview of the web interface.

Connecting the Switch to a Network

To enable remote management of the switch through a web browser, the switch must be connected to the network. By default, the switch is configured to acquire an IP address from a DHCP server on the network. If the switch does not obtain an address from a DHCP server, the switch will be assigned the IP address 192.168.1.1.

NOTE:

 To use DHCP for IP network configuration, the switch must be connected to the same network as

the DHCP server. You will need to access your DHCP server to determine the IP address assigned to the switch.

 The switch supports LLDP (Link Layer Discovery Protocol), allowing discovery of its IP address

from a connected device or management station.

 If DHCP is used for configuration and the switch fails to be configured, the IP address 192.168.1.1

is assigned to the switch interface.

To access the web interface on the switch by using the default IP address:

1. Connect the switch to the management PC or to the network using any of the available network

ports.

2. Power on the switch.

3. Set the IP address of the management PC’s network adapter to be in the same subnet as the

switch.

For example, set it to IP address 192.168.1.2, mask 255.255.255.0.

4. Enter the IP address 192.168.1.1 in the web browser. See page 9 for web browser requirements.

Thereafter, use the web interface to configure a different IP address or configure the switch as a DHCP client so that it receives a dynamically assigned IP address from the network.

After the switch is able to communicate on your network, enter its IP address into your web browser’s address field to access the switch management features.

Page 8 Connecting the Switch to a Network

Page 9

Operating System and Browser Support

The following operating systems and browsers with JavaScript enabled are supported:

Operating System Browser

Windows 7 Internet Explorer 9, 10

Firefox 38.2.1, 40.0.3, 41.0.b1 (beta) Chrome 44.0.2403, 45.0.2454, 46.0 (beta)

Windows 8/8.1 Internet Explorer 11 (included in base OS 8.1)

Firefox 38.2.1, 40.0.3, 41.0.b1 (beta) Chrome 44.0.2403, 45.0.2454, 46.0 (beta)

Windows 10 Internet Explorer 11 (included in base OS)

Chrome 44.0.2403, 45.0.2454 (beta)

MacOS X Firefox 38.2.1, 40.0.3, 41.0.b1 (beta)

MacOS X 10.6 and later Chrome 44.0.2403, 45.0.2454, 46.0 (beta)

Getting Started With the Web Interface

This section describes how to log on to the switch and provides information about the page layout.

Logging On

Follow these steps to log on through the web interface:

1. Open a web browser and enter the IP address of the switch in the web browser address field.

2. On the Login page, enter the username and password (if one has been set), and then click Log In.

By default, the username is admin and there is no password. After the initial log on, the administrator may configure a password.

NOTE:

To set the password or change the username, see “Password Manager” on page 89.

Figure 1. Login Page

Getting Started With the Web Interface 9

Page 10

Interface Layout and Features

Navigation Pane Graphical Switch Common Links

Figure 2 shows the initial view.

Figure 2. Interface Layout and Features

Click on any topic in the navigation pane to display related configuration options.

The Dashboard page displays when you first log on and when you click Dashboard in the navigation pane. See “Dashboard” on page 13 for more information.

You can click the Setup Network link beneath Dashboard to display the Get Connected page, which you use to set up a management connection to the switch. See “Get Connected” on page 15 for more information.

The graphical switch displays summary information for the switch LEDs and port status. For information on this feature see “Graphical Switch” on page 11.

Page 10 Getting Started With the Web Interface

Page 11

Common Page Elements

Port Configuration and Summary (Point, left-click, or right-click on any port for options)

System LEDs

Port Status Indicator

Most pages contain a common set of buttons that include one or more of the following:

 Click on any page to display a help panel that explains the fields and configuration options on

the page.

 Click to send the updated configuration to the switch. Applied changes update the device

running configuration and take effect immediately. If you want the device to retain these changes across a reboot, you must first save the configuration. See “Saving Changes” on page 11.

 Click to refresh the page with the latest information from the switch.

 Click to clear any configurations changes that have not yet been applied on a page.

 Click to end the current management session.

Saving Changes

When you click , changes are saved to the running configuration file in RAM. Unless you save them to system flash memory, the changes will be lost if the system reboots. To save them perma-

nently, click on the upper right side of the page. Note that when there are unsaved changes, the button displays a file image ( ). A page displays to confirm that you want to

save, followed by a page that confirms that the operation was completed successfully.

Graphical Switch

The graphical switch, shown in Figure 3, displays at the top of the page as a representation of the physical switch to provide status information about individual ports. The graphical switch enables easy system configuration and web-based navigation.

You can right-click anywhere on the graphic and select from the menu to display the product information on the Dashboard page, to refresh the graphic display, and to set the automatic refresh rate.

Figure 3. Graphical Switch

Getting Started With the Web Interface 11

Page 12

Port Configuration and Summary

You can point to any port to display the following information about the port:

 The link status (up or down).

 Auto negotiation status.

 Speed and full-duplex/half-duplex settings.

 The maximum transmission unit (MTU), which is the largest packet size that can be transmitted on

the port.

You can left-click a port to display the Port Status page.

System LEDs

The following System LEDs reflect the status of the actual LEDs on the switch:

 Power/Fault

 On (green) — The switch is receiving power.

 Slow blinking (green) — The switch self-test and initialization are in progress after the switch

has been powered on or reset. The switch is not operational until the LED stops blinking green.

 On (orange) — If this LED is orange for a prolonged time, the switch has encountered a fatal

hardware failure.

 Slow blinking (orange) —A fault or self-test failure has occurred on the switch, one of the switch

ports, or the fan. The Status LED for the component with the fault will blink simultaneously.

 Off — The switch is powered off or is NOT receiving power.

 Locator (Blue)

 Blinking slowly— The locator function has been enabled to help physically locate the switch.

 Off— The locator function is disabled and the switch is operating properly.

Port Status Indicator

Each port in the device view is visually represented by one of five different state images.

Port State Image Description

Active

Detached

Disabled

Error

Inactive

The port is connected, enabled, and the link is up.

The port is in a detached state. This state can be seen on the combo ports (SFP+). A combo port that is associated with the RJ-45 connector may exist as an insertable SFP+ port. When the SFP+ port is in use, the associated built-in RJ-45 connector becomes detached.

The port has been administrative disabled. This image is also used for “dead” ports that may exist physically on the device but have no internal connection.

The port has an error condition and may or may not be active.

The port is connected and enabled, but the link is down (likely because no cable is connected).

Page 12 Getting Started With the Web Interface

Page 13

2 Dashboard

You can use the Dashboard page to display and configure basic information about the system.

The Dashboard page displays basic information such as the configurable switch name and description, the IP address for management access, and the software and operating system versions. This page also shows resource usage statistics.

This page is displayed when you first log on or when you click Dashboard in the navigation pane.

Figure 4. Dashboard Page

If you update the name, location, or contact information, click Apply to update the switch configuration. Your changes take effect immediately but are not retained across a switch reset unless you click Save Configuration.

Getting Started With the Web Interface 13

Page 14

Table 1. Dashboard Page Fields

Field Description

System Information

A description of the switch hardware, including the hardware type, software version, operating

System Description

System Name

System Location

System Contact

System Object ID

System Up Time

Current Time

Date

Device Information

Software Version

Operating System

Serial Number

system version, and boot loader (U-Boot) version.

Enter the preferred name to identify this switch. A maximum of 64 alpha-numeric characters including hyphens, commas and spaces are allowed. This field is blank by default.

The user configurable switch name will appear in the login screen banner.

Enter the location of this switch. A maximum of 255 alpha-numeric characters including hyphens, commas, and spaces are allowed. This field is blank by default.

Enter the name of the contact person for this switch. A maximum of 255 alpha-numeric characters including hyphens, commas, and spaces are allowed. This field is blank by default.

The base object ID for the switch's enterprise MIB.

The time in days, hours and minutes since the last switch reboot.

The current time in hours, minutes, and seconds as configured (24- or 12-hr AM/PM format) by the user.

The current date in month, day, and year format.

The version of the code running on the switch.

The version of the operating system running on the switch.

The unique serial number assigned to the switch.

System Resource Usage

CPU Utilization

Memory Usage

Logged In Users—These fields display only when more than one user is logged into the management utility.

Username

Connection From

Idle Time

Session Time

The percentage of CPU utilization for the entire system averaged over the past 60 seconds.

The percentage of total system memory (RAM) currently in use.

The username of each logged in user.

The IP address from which the user logged in.

The time that has elapsed since the last user activity.

The amount of time the user session has been active.

Page 14 Getting Started With the Web Interface

Page 15

3 Setup Network

You can use the Setup Network pages to configure how a management computer connects to the switch and how the switch connects to a server to synchronize its time.

Get Connected

Use the Get Connected page to configure settings for the network interface. The network interface is defined by an IP address, subnet mask, and gateway. Any one of the switch's front-panel ports can be selected as the management port for the network interface. The configuration parameters associated with the switch's network interface do not affect the configuration of the front-panel ports through which traffic is switched or forwarded except that, for the management port, the port VLAN ID (PVID) will be the management VLAN.

To display the Get Connected page, click Setup Network > Get Connected.

In the example configuration in Figure 5, the switch is configured to acquire its IP address through DHCP, which is the default setting. Access to the management software is restricted to members of VLAN 1.

Figure 5. Get Connected Page

Get Connected 15

Page 16

Table 2. Get Connected Fields

Field Description

Network Details

Protocol Type Select the type of network connection:

 Static— Select this option to enable the IP address, subnet mask, and gateway fields for

data entry.

 DHCP— Select this option to enable the switch to obtain IP information from a DHCP

server on the network. If the DHCP server responds, then the assigned IP address is used. If DHCP is enabled but the DHCP server does not respond, the default static IP address 192.168.1.1 is used. DHCP operation is enabled by default.

When a DHCP server assigns an IP address to the switch, it specifies the time for which the assignment is valid. After the time expires, the server may reclaim the address for assignment to another device. When DHCP is enabled, you can click to send a request to the DHCP server to renew the lease.

Only a user-configured static IP address is saved to flash. CAUTION: Changing the protocol type or IP address discontinues the current connection;

you can log on again using the new IP information.

IP Address The IPv4 address for the switch.

If the Protocol Type is set to DHCP, this field displays the IP address assigned by the DHCP server. If the Protocol Type is set to Static, the IP address can be manually configured in this field. The default IP address is 192.168.1.1.

Note: A broadcast, multicast, or network IP address should not be entered in this field.

Subnet Mask The IPv4 subnet address to be used. The default IP subnet address is 255.255.255.0.

Gateway Address The IPv4 gateway address to be used. When in doubt, set this to be the same as the default

MAC Address The hardware MAC address of this switch.

gateway address used by your PC.

Web Parameters

Session Timeout Specify the amount of time in minutes that a connection to the web interface remains active,

Management Access

Management VLAN ID Access to the management software is controlled by the assignment of a management VLAN

assuming no user activity. The range is 1 to 60 and the default is 5 minutes. To keep the connection active regardless of user activity, set this value to 0.

CAUTION: When a session window is closed without logging out, the server connection remains open until the session times out. When the session timeout is set to 0, closing a session window without logging out keeps the session open at the server indefinitely. In such cases, you may fail to connect after the maximum sessions are left open indefinitely.

ID. Only ports that are members of the management VLAN allow access to the management software.

By default, the management VLAN ID is 1. The management VLAN can be any value between 1 and 4093. All ports are members of VLAN 1 by default; the administrator may want to create a different VLAN to assign as the management VLAN and associate it with a management port (see the next field).

A VLAN that does not have any member ports (either tagged or untagged) cannot be configured as the management VLAN.

When the network protocol is configured to be DHCP, any change in the configured management VLAN ID may cause disruption in connectivity because the switch acquires a new IP address when the management subnet is changed. To reconnect to the switch, the user must determine the new IP address by viewing the log on the DHCP server.

Page 16 Get Connected

Page 17

Field Description

Management Port Access to the management software can also be controlled by the selection of a management

port. The selected management port is auto-configured to be an untagged member of the management VLAN and is excluded from any other untagged VLANs.

When the switch boots with the default configuration, any port can be used as management port and this field is configured as None.

You can configure a management port to ensure that a port always remains an untagged member of the configured management VLAN; this helps to ensure management connectivity in case of an accidental change in VLAN membership.

If no management port is specified, then all ports that are members of the management VLAN provide access to the switch management interface. If a management port is configured, access to the switch is restricted to that port. For example, if VLAN 1 is the management VLAN and port 10 is the management port, other ports that are members of VLAN 1 will not provide access to the switch management interface.

The features that utilize the management port include the following:

 DHCP  SNMP  SNTP  TFTP

SNMP

SNMP Enable or disable Simple Network Management Protocol (SNMP). If enabled, the

Community Name Specify a community name or use the default name, public.

administrator can view switch data using an SNMPv1/v2c manager. The switch supports read-only access to a limited set of MIBs.

SNMP is enabled by default.

The switch supports the following MIBs:

 BRIDGE-MIB (IEEE 802.1Q)  LLDP-MIB (IEEE 802.3AB)  EtherLike-MIB  IF-MIB  RFC1213-MIB  RMON-MIB (RMON History as in v1)  Power Ethernet MIB (RFC3621), only on switches that support PoE+. (No SNMP infor-

mation is available on configured PoE schedules.)

Click Apply to update the switch configuration. Your changes take effect immediately but are not retained across a switch reset unless you click Save Configuration.

NOTE:

A power cycle does not reset the IP address to its factory-default value. If the configured IP address is unknown, you can perform a manual reset to factory defaults to regain access to the switch (see

“Factory Defaults” on page 84).

NOTE:

Changing the management port from the default configuration not only restricts access to the web UI but also impacts the following protocols: DHCP, SNMP, SNTP, and TFTP.

Get Connected 17

Page 18

System Time Pages

You click Setup Network > System Time to display the web pages for configuring the system clock, SNTP client functionality, system time zone, and daylight saving time settings.

System Time

The System Time page displays the current time, time zone, and Daylight Saving Time settings, and enables you to configure the time display format. To display the System Time page, click Setup Net-

work > System Time in the navigation bar and ensure that the Clock tab is selected.

Figure 6. System Time Page

Table 3. System Time Fields

Field Description

Current Time

Time The current time. This value is determined by an SNTP server. When SNTP is disabled, the

Date The current date.

Time Source The source from which the time and date is obtained:

Time Format Select 24 Hour (“military” time, the default) or 12 Hour to specify the time display format.

system time increments from 00:00:00, 1 Jan 1970, which is set at bootup.

 SNTP— The time has been acquired from an SNTP server.  No Time Source— The time has been either manually configured or not configured at all.

This is the default selection.

Page 18 System Time Pages

Page 19

Field Description

Time Zone

Time Zone The currently set time zone. The default is (GMT) Greenwich Mean Time: Dublin, Edinburgh,

Acronym The acronym for the time zone, if one is configured on the system (e.g., PST, EDT).

Daylight Saving Time

Daylight Saving Time Shows whether Daylight Saving Time (DST) is enabled and the mode of operation:

For instructions on configuring the system time, see “Time Configuration” on page 19, “Time Zone

Configuration” on page 22, and “Daylight Saving Time Configuration” on page 23.

Time Configuration

You can configure the system time manually or acquire time information automatically from a Simple Network Time Protocol (SNTP) server. Using SNTP ensures accurate network device clock time synchronization up to the millisecond. Time synchronization is performed by a network SNTP server. The software operates only as an SNTP client and cannot provide time services to other systems.

Lisbon, London.

 No Daylight Saving Time—No clock adjustment will be made for DST. This is the

default.

 Recurring Every Year—The settings will be in effect for the upcoming period and subse-

quent years.

 Non-Recurring—The settings will be in effect only for a specified period during the year

(i.e., they will not carry forward to subsequent years).

If DST is enabled and the current time is within the configured DST period, then “(On DST)” displays following this field value.

To display the Time Configuration page, click Setup Network > System Time in the navigation pane and click the Time tab.

System Time Pages 19

Page 20

Figure 7. Time Configuration Page

Table 4. Time Configuration Fields

Field Description

Set System Time Select Using Simple Network Time Protocol (SNTP) to configure the switch to acquire its

SNTP Configuration

SNTP Client Select Enabled or Disabled (default) to configure the SNTP client mode. When disabled, the

SNTP/NTP Server Specify the IPv4 address of the SNTP server to which requests should be sent.

Server Port Specify the server's UDP port for SNTP. The range is 1 to 65535 and the default is 123.

Last Update Time The date and time (GMT) when the SNTP client last updated the system clock.

Last Attempt Time The date and time (GMT) of the last SNTP request or receipt of an unsolicited message.

time settings from an SNTP server. When selected, only the SNTP Configuration fields are available for configuration.

Select Manually to disable SNTP and configure the time manually. When selected, only the Manual Time Configuration fields are available for configuration.

system time increments from 00:00:00, 1 Jan 1970, which is set at bootup.

Page 20 System Time Pages

Page 21

Field Description

Last Update Status The status of the last update request to the SNTP server, which can be one of the following

values:

 Other— None of the following values apply or no message has been received.  Success— The SNTP operation was successful and the system time was updated.  Request Timed Out—A SNTP request timed out without receiving a response from the

SNTP server.

 Bad Date Encoded—The time provided by the SNTP server is not valid.  Version Not Supported—The SNTP protocol version supported by the server is not com-

patible with the version supported by the switch client.

 Server Unsynchronized—The SNTP server is not synchronized with its peers. This is

indicated via the leap indicator field in the SNTP message.

 Blocked—The SNTP server indicated that no further requests were to be sent to this

server. This is indicated by a stratum field equal to 0 in a message received from the server.

Requests The number of requests made to the SNTP sever since the switch was rebooted.

Failed Requests The number of failed SNTP requests made to this server since last reboot.

Manual Time Configuration

Time Specify the current time in HH:MM:SS format.

Date Click the date field to display a calendar and select the current date.

Click Apply to update the switch configuration. Your changes take effect immediately but are not retained across a switch reset unless you click Save Configuration.

System Time Pages 21

Page 22

Time Zone Configuration

The Time Zone Configuration page is used to configure your local time zone.

To display this page, click Setup Network > System Time in the navigation pane and click the Time

Zone tab.

Figure 8. Time Zone Configuration Page

Table 5. Time Zone Configuration Fields

Field Description

Time Zone Select the time zone for your location. The default is (GMT) Greenwich Mean Time: Dublin,

Acronym Specify an acronym for the time zone. The acronym can have up to four alphanumeric

Edinburgh, Lisbon, London.

characters and can contain dashes, underscores, and periods.

Click Apply to update the switch configuration. Your changes take effect immediately but are not retained across a switch reset unless you click Save Configuration.

Page 22 System Time Pages

Page 23

Daylight Saving Time Configuration

The Daylight Saving Time Configuration page is used to configure if and when Daylight Saving Time (DST) occurs within your time zone. When configured, the system time adjusts automatically one hour forward at the start of the DST period, and one hour backward at the end.

To display the Daylight Saving Time page, click Setup Network > System Time in the navigation pane and click the Daylight Saving Time tab.

Figure 9. Daylight Saving Time Configuration Page

System Time Pages 23

Page 24

Table 6. Daylight Saving Time Configuration Fields

Field Description

Daylight Saving Time Select how DST will operate:

 Disable—No clock adjustment will be made for DST. This is the default selection.  Recurring—The settings will be in effect for the upcoming period and subsequent years.  EU— The system clock uses the standard recurring daylight saving time settings used in

countries in the European Union.

 USA— The system clock uses the standard recurring daylight saving time settings used

in the United States.

 Non-Recurring—The settings will be in effect only for a specified period during the year

(that is, they will not carry forward to subsequent years).

When a DST mode is enabled, the clock will be adjusted one hour forward at the start of the DST period and one hour backward at the end.

Date Range Set the following to indicate when the change to DST occurs and when it ends.

These fields are editable when Non-Recurring is selected as the DST mode:

 Start/End Date—Use the calendar to set the day, month, and year when the change to/

from DST occurs. Or, enter the hours and minutes in 24-hour format (HH:MM).

 Starting Time of Day— Set the hour and minutes when the change to/from DST occurs.

Recurring Date When Recurring is selected as the DST mode, the following fields display:

 Start/End Week—Set the week of the month, from 1 to 5, when the change to/from DST

occurs. The default is 1 (the first week of the month).

 Start/End Day— Set the day of the week when the change to/from DST occurs.  Start/End Month— Set the month when the change to/from DST occurs.  Starting/Ending Time of Day—Set the hour and minutes when the change to/from DST

occurs.

Click Apply to update the switch configuration. Your changes take effect immediately but are not retained across a switch reset unless you click Save Configuration.

Page 24 System Time Pages

Page 25

4 Switching Features

You can use the Switching pages to configure port operation and capabilities.

Port Configuration

You can use the Port Configuration pages to display port status, configure port settings, and view statistics on packets transmitted on the port.

Port Status

The Port Status page displays the operational and administrative status of each port and enables port configuration. To view this page, click Switching > Port Configuration in the navigation pane.

Figure 10. Port Status Page

Table 7. Port Status Fields

Field Description

Interface The port or trunk ID.

Admin Mode The administrative mode of the interface. If a port or trunk is administratively disabled, it

cannot forward traffic.

 Enabled: Administratively enabled.  Disabled: Administratively disabled.  D-Disabled: Automatically disabled by the system due to error conditions. For example,

an interface may be disabled if it exceeded its rate limit. Please see error logs for more information.

Port Configuration 25

Page 26

Field Description

Physical Type The interface type, which can be one of the following:

 Normal—The port is a normal port, which means it is not a Link Aggregation Group

(LAG) member or configured for port mirroring. All ports are normal ports by default.

 Trunk Member—The port is a member of a trunk.  Mirrored— The port is configured to mirror its traffic (ingress, egress, or both) to another

port (the probe port).

 Probe— The port is configured to receive mirrored traffic from one or more source ports.

Port Status The physical status (Link Up or Link Down) of the link at the port.

Physical Mode Displays whether Auto negotiation is enabled or disabled on the port.

If the mode is Auto, the port's maximum capability are advertised, and the duplex mode and speed are set from the auto-negotiation process. The physical mode for a trunk is “Trunk”.

Link Speed

MTU The Maximum Transmission Unit (MTU) specifies the largest frame size that can be

Modifying Interface Settings

To change the Admin Mode or Physical Mode of one or more interfaces, and to add a brief interface description, select the interfaces and click Edit. Or, click Edit All to modify all interfaces.

Figure 11. Edit Port Configuration Page

The physical speed (Mbps) at which the port is operating. If no link is present, this field is empty.

transmitted on the port. The default is 1518 bytes. If Jumbo Frames are enabled, the MTU value is 9216 bytes.

Page 26 Port Configuration

Page 27

Table 8. Edit Port Configuration Fields

Field Description

Interface The interface or interfaces to be configured.

Admin Mode Select Enabled to make the port accessible on the network, or Disabled to prevent the port

from receiving or forwarding packets.

Physical Mode Select the duplex mode and transmission rate for the selected interface. The options may

Port Description Add a description of the interface (optional).

Click Apply to save any changes for the current boot session. The changes take effect immediately and are applied to each of the selected interfaces. The changes are not retained across a switch reset unless you click Save Configuration.

Port Summary Statistics

The Port Summary Statistics page displays statistics on packets transmitted and received on each port or trunk. These statistics can be used to identify potential problems with the switch. The displayed values are the accumulated totals since the last clear operation.

To display the Port Summary Statistics page, click Switching > Port Configuration in the navigation pane and select the Statistics tab.

Figure 12. Port Summary Statistics Page

differ depending on the port type and include options up to the port's maximum capability. When Auto Negotiate (the default) is selected, the port negotiates an appropriate link speed

with its link partner.

Port Configuration 27

Page 28

Table 9. Port Summary Statistics Fields

Field Description

Interface The port or trunk ID.

Received Packets w/o Error The count of packets received on the port without any packet errors.

Received Packets with Error The count of packets received on the port with errors.

Broadcast Received Packets The count of broadcast packets received on the port.

Transmitted Packets w/o Error The number of packets transmitted out of that port without any packet errors.

Transmitted Packets with Error The number of packets transmitted out of the port with packet errors.

Collisions The number of packet collisions.

Transmitted Pause Frames The number of Ethernet pause frames transmitted. (This information is collected for ports

Received Pause Frames The number of Ethernet pause frames received. (This information is collected for ports

Click Clear All Counters to reset all statistics to zero.

Port Mirroring

Port Mirroring is used to monitor the network traffic that one or more ports send and receive. The Port Mirroring feature creates a copy of the traffic that the source interface handles and sends it to a destination port. All traffic from the source port or ports can be mirrored and sent to the destination port. When the destination is a port on the local device, a network protocol analyzer is typically connected to the port. Multiple switch ports can be configured as source ports, with each port mirrored to the same destination.

CAUTION:

When configuring port mirroring, avoid oversubscribing the destination port to prevent the loss of mirrored data.

While a port is used as the destination port for mirrored data, the port cannot be used for any other purpose; the port will not receive and forward traffic.

but not for trunks.)

To display the Port Mirroring page, click Switching > Port Mirroring in the navigation pane.

Page 28 Port Mirroring

Page 29

Figure 13. Port Mirroring Page

Table 10. Port Mirroring Fields

Field Description

Port Mirroring Enables or disables port mirroring globally on the switch. This feature is disabled by default.

Destination Port Select the switch port to which packets will be mirrored. Typically, a network protocol analyzer

is connected to this port.

Click Apply to update the switch configuration. Your changes take effect immediately but are not retained across a switch reset unless you click Save Configuration.

The Port Mirroring page also displays summary information for all source ports configured for mirroring. To add one or more source ports to mirror to the destination port, click Add Source.

Figure 14. Add Port Mirroring Source

Port Mirroring 29

Page 30

Table 11. Add Port Mirroring Source Fields

Field Description

Available Source Port(s) Select the source ports or trunks to mirror to the destination port. To select multiple source

Direction Select the type of traffic to mirror to the port:

Click Apply to update the switch configuration. Your changes take effect immediately but are not retained across a switch reset unless you click Save Configuration.

Jumbo Frames

Use the Jumbo Frames page to enable the switch to forward jumbo Ethernet frames. The jumbo frames feature extends the standard Ethernet Maximum Transmission Unit (MTU) from 1518 bytes (1522 bytes with a VLAN header) to 9216 bytes. If it is enabled, any device connecting to the same broadcast domain should also support jumbo frames.

ports, hold down Ctrl while selecting ports. You can also select the CPU to mirror traffic sent from the switch CPU to the switch interfaces or vice versa.

Ports that are included as part of a trunk cannot be selected individually as source ports, but trunks can be selected as source ports.

The port selected as the Destination Port is grayed-out and unavailable for selection.

 Tx/Rx— All packets transmitted and received through the source port are mirrored.  Rx— Only packets received on the source port are mirrored.  Tx— Only packets transmitted from the source port are mirrored.

If the CPU is selected as the source port, select Rx to monitor traffic received by any switch interface from the switch CPU, and select Tx to monitor traffic sent from any switch interface to the switch CPU.

To display the Jumbo Frames page, click Switching > Jumbo Frames in the navigation pane.

Figure 15. Jumbo Frames Page

Select Enabled to configure the switch to forward jumbo frames up to 9216 bytes. If you change this setting, click Apply to save the new value. The change takes effect immediately but is not retained across a switch reset unless you click Save Configuration.

This feature is disabled by default.

Page 30 Jumbo Frames

Page 31

Flow Control

When a port becomes congested, it may begin dropping all traffic for small bursts of time during the congestion condition. This can lead to high-priority and/or network control traffic loss. When 802.3x flow control is enabled, a lower-speed switch can communicate with a higher-speed switch by requesting that the higher-speed switch refrain from sending packets. Transmissions are temporarily halted to prevent buffer overflows.

NOTE:

Flow control works well when the link speed is auto-negotiated. If auto-negotiation is OFF or if the port speed was configured manually, then flow control is not negotiated with or advertised to the peer. Additionally, the flow control PAUSE frame configuration may be lost if the auto-negotiation is disabled on the port.

Use the Flow Control page to enable or disable this functionality. It is disabled by default and can be enabled globally on all switch ports.

To display the Flow Control page, click Switching > Flow Control in the navigation pane.

Figure 16. Flow Control Page

Select Enabled to use flow control on the switch. If you change this setting, click Apply to save the change. The change takes effect immediately but is not retained across a switch reset unless you click Save Configuration.

Spanning Tree

Spanning Tree Protocol (STP) is a Layer 2 protocol that provides a tree topology for switches on a bridged LAN. STP allows a network to have redundant paths without the risk of network loops. STP uses the spanning-tree algorithm to provide a single path between end stations on a network. When STP is enabled, bridges on a network exchange bridge protocol data units (BPDUs) to communicate changes in the network topology and to provide information that helps determine the optimal paths between network segments.

HPE OfficeConnect 1850 series switches support STP versions IEEE 802.1D (STP), and 802.1w (Rapid STP, or RSTP). RSTP reduces the convergence time for network topology changes to about 3 to 5 seconds from the 30 seconds or more for the IEEE 802.1D STP standard. RSTP is intended as a complete replacement for STP, but can still interoperate with switches running the STP protocol by automatically reconfiguring ports to STP-compliant mode if they detect STP protocol messages from attached devices.

Flow Control 31

Page 32

Spanning Tree Status

To display the Spanning Tree Status page, click Switching > Spanning Tree in the navigation pane, and make sure the Status tab is selected. This page includes information about global STP settings and interface status information.

Figure 17. Spanning Tree Status Page

Page 32 Spanning Tree

Page 33

The following fields show global and per-interface STP settings:

Table 12. Spanning Tree Status Fields

Field Description

Spanning Tree Bridge Status

Spanning Tree Identifies whether STP is enabled or disabled on the switch.

Protocol Version Select the protocol version in use:

 STP (802.1D). This is the default selection.  RSTP (802.1w)

Switch MAC Address The MAC address of the switch.

Switch Priority The configured Spanning Tree priority of this switch. This value that helps determine which

Max Age The amount of time a bridge waits before implementing a topological change.

Forward Delay The amount of time a bridge remains in a listening and learning state before forwarding

Root MAC Address The MAC address of current root bridge

Root Priority The Spanning Tree Priority of current root bridge.

Root Path Cost The sum of the port path costs on the least cost path to the root bridge. For the root bridge

Root Port The port on the switch that forwards traffic toward the Spanning Tree root.

Topology Change Count The total number of topology changes since STP was enabled.

Time Since Last Change Amount of time since the last topology change was detected. The format is DD HH:MM:SS,

Spanning Tree Interface Status—The following fields list the interfaces on which the feature is enabled. See

Table 14 on page 37 for descriptions of these features.

Root Guarded Interfaces A list of interfaces currently having the Root Guard parameter set.

TCN Guarded Interfaces A list of interfaces currently having the TCN Guard parameter set.

BPDU Protected Interfaces A list of interfaces currently having the BPDU Guard parameter set.

BPDU Filtered Interfaces A list of interfaces currently having the BPDU Filter parameter set.

switch in the spanning tree is elected as the root bridge during STP convergence. A lower value increases the probability that the switch becomes the root bridge. The default value is

32768.

packets.

this is zero.

representing the time in Days, Hours, Minutes and Seconds.

Spanning Tree Interface Status Table

Interface The port or trunk associated with the rest of the data in the row.

Interface ID The priority and port index used by the Spanning Tree protocol.

Role The role of the port with respect to spanning tree functionality, which is one of the following:

 Root: A port on the non-root bridge that has the least-cost path to the root bridge.  Designated: A port that has the least-cost path to the root bridge on its segment.  Alternate: A blocked port that has an alternate path to the root bridge.  Backup: A blocked port that has a redundant path to the same network segment as

another port on the bridge.

 Disabled: The port is administratively disabled and is not part of the spanning tree.

Spanning Tree 33

Page 34

Field Description

State Ports can be in one of the following STP states, depending on its configuration and the status

of the STP topology convergence:

 Blocking—The port discards user traffic and receives, but does not send, BPDUs.

During the election process, all ports are in the blocking state. The port is blocked to prevent network loops.

 Forwarding—The port sends and receives user traffic.  Disabled—The port is administratively disabled and is not part of the spanning tree. This

is the default selection.

Cost The path cost from the port to the root bridge.

Hello Time The amount of time the root bridge waits between sending hello BPDUs.

Point-to-point MAC A True/False value. True indicates a switched link with only two nodes, and False indicates a

Edge When enabled, allows the interface to become an edge port if it does not receive any BPDUs

shared network segment with more than two nodes. The value may be automatically computed or explicitly configured.

within a given amount of time.

Global STP Settings and Port Status

To display the Spanning Tree Configuration page, click Switching > Spanning Tree in the navigation pane, and then click the Configuration tab. This page includes global STP settings and interface status information.

Figure 18. Spanning Tree Configuration Page

Page 34 Spanning Tree

Page 35

The following fields configure global STP settings:

Table 13. Spanning Tree Bridge Configuration Fields

Field Description

Spanning Tree Bridge Configuration

Spanning Tree Click Enabled to enable the Spanning Tree protocol mode on all ports. This feature is

Protocol Version Select the protocol version to use:

disabled on all ports by default.

 STP (802.1D). This is the default selection.  RSTP (802.1w)

Max Age The maximum number of seconds after which BPDU information is considered to be aged out

Hello Time The interval between periodic transmissions of STP BPDUs by designated ports. This value

Forward Delay The amount of time a bridge remains in a listening and learning state before forwarding

Bridge Priority A value that helps determine which bridge in the spanning tree is elected as the root bridge

BPDU Guard When enabled globally, the switch can disable edge ports that receive BPDU packets. This

BPDU Filter When enabled, this feature filters the BPDU traffic on edge ports. When spanning tree is

Spanning Tree Interface Status—The following fields list the interfaces on which the feature is enabled. See

Table 14 on page 37 for descriptions of these features.

Root Bridge Identifier The bridge ID of the root bridge for the spanning tree. The identifier is made up of the bridge

or invalid. An expired Max Age parameter is typically the result of a link failure. This value must be less than or equal to 2 x (bridge forward delay – 1) and greater than or

equal to 2 x (bridge hello time + 1). The range is from 6 to 40 seconds and the default is 20 seconds.

is set to 2 seconds and cannot be changed.

packets. The range is from 4 to 30 seconds and the default is 15 seconds.

during STP convergence. A lower value increases the probability that the bridge becomes the root bridge. The default value is 32768.

prevents a new device from entering the existing STP topology. Thus, devices that were originally not a part of STP are not allowed to influence the STP topology. When disabled, an edge port that receives a BDPU becomes a non-edge port, which can affect the STP topology.

When enabling BPDU Guard, also ensure that the desired interfaces are operating as edge ports by enabling the Admin Edge Port mode for each of those interfaces.

This feature is disabled by default.

disabled on a port, BPDU filtering allows BPDU packets received on that port to be dropped. When enabling BPDU Filter, also ensure that the desired interfaces are operating as edge

ports by enabling the Admin Edge Port mode for each of those interfaces. This feature is disabled by default.

priority and the base MAC address. When electing the root bridge for the spanning tree, if the bridge priorities for multiple bridges are equal, the bridge with the lowest MAC address is elected as the root bridge.

Root Guarded Interfaces A list of the interfaces for which Root Guard is enabled.

TCN Guarded Interfaces A list of the interfaces for which TCN Guard is enabled.

BPDU Flood Enabled Interfaces

BPDU Filtered Interfaces A list of the interfaces for which BPDU Filter is enabled.

A list of the interfaces for which the BPDU Flood feature is enabled.

Spanning Tree 35

Page 36

Field Description

Spanning Tree Interface Status Table

Interface The port or trunk associated with the rest of the data in the row.

Port Role The role of the port with respect to spanning tree functionality, which is one of the following:

another port on the bridge.

 Disabled: The port is administratively disabled and is not part of the spanning tree.

Port Forwarding State

 Blocking: The port discards user traffic and receives, but does not send, BPDUs. During

the election process, all ports are in the blocking state. The port is blocked to prevent network loops.

 Listening: The port sends and receives BPDUs and evaluates information to provide a

loop-free topology. This state occurs during network convergence and is the first state in transitioning to the forwarding state.

 Learning: The port learns the MAC addresses of frames it receives and begins to popu-

late the MAC address table. This state occurs during network convergence and is the second state in transitioning to the forwarding state.

 Forwarding: The port sends and receives user traffic.  Disabled: The port is administratively disabled and is not part of the spanning tree.

Port Priority The priority for the port within Spanning Tree. This value is used in determining which port on

Port Path Cost The path cost from the port to the root bridge.

a switch becomes the root port when two ports have the same least-cost path to the root. The port with the lower priority value becomes the root port. If the priority values are the same, the port with the lower interface index becomes the root port.

Auto Edge When enabled, allows the interface to become an edge port if it does not receive any BPDUs

Point-to-point MAC Indicates whether the link type for the interface is a point-to-point link.

If you modify any global settings, click Apply to save the changes for the current boot session. The changes take effect immediately but are not retained across a switch reset unless you click Save Con- figuration.

Port STP Settings

To configure these settings on one or more interfaces, select the desired interfaces on the Spanning Tree Configuration page and click Edit.

within a given amount of time.

Page 36 Spanning Tree

Page 37

Figure 19. Edit Spanning Tree Port Configuration Page

The Edit Spanning Tree Port Configuration page enables you to configure settings and view status and statistics for the selected interfaces.

Table 14. Edit Spanning Tree Port Configuration Fields

Field Description

Configurable Port Settings

Interface The port and trunk IDs selected for configuration.

Port Priority The priority for the port within Spanning Tree. This value is used in determining which port on

Admin Edge Port Select this option to administratively configure the port as an edge port (that is, a port that

Auto Edge When selected, the switch automatically designates the port as an edge port if it does not

a switch becomes the root port when two ports have the same least-cost path to the root. The higher priority port (that is, the port with the lower priority value) becomes the root port. If the priority values are the same, the port with the lower interface index becomes the root port.

Select a value from 0 to 240 in increments of 16. The default is 128.

connects directly to a network host or network segment that has no other bridge). During STP convergence, edge ports automatically are placed in the forwarding state and are not included in the spanning tree topology. This feature is disabled by default.

receive any BPDUs within a specified time period. This feature is enabled by default.

Spanning Tree 37

Page 38

Field Description

Port Path Cost Specify the path cost, which is used when establishing the active topology of the network.

BPDU Filter When enabled, this feature filters the BPDU traffic on the edge ports. When spanning tree is

BPDU Flood When enabled on a port, if the port receives a BPDU packet and STP is disabled on the port,

Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports. Specify Auto or assign a value from 1 to 200000000, or specify 0 for Auto mode. When set to 0, the path cost is set using the 802.1D recommended values.

disabled on a port, BPDU filtering allows BPDU packets received on that port to be dropped. When enabling BPDU Filter, also ensure that the desired interfaces are operating as edge

ports by enabling the Admin Edge Port mode for each of those interfaces. This feature is disabled by default.

the BPDU is flooded to all switch ports that are also disabled for spanning tree. This feature is enabled by default.

Root Guard When enabled on a port, that port cannot be selected as the root port even if it receives

Loop Guard When enabled on a port, this setting prevents the port from erroneously transitioning from the

TCN Guard When enabled on a port, the port does not propagate received topology change notifications

Port Status and Statistics

Edge Port Indicates whether the port is currently operating as an Edge port, either due to administrative

Point-to-point MAC Indicates whether the port connects to a single device (True) or to a shared medium with

Hello Time The amount of time the port waits between sending “hello” BPDUs.

Bridge Identifier A unique value that identifies the bridge. It is automatically generated based on the bridge

Forward Delay The amount of time in seconds a bridge remains in the listening and learning state during STP

Root Path Cost The path cost to the designated root bridge. Traffic from a connected device to the root bridge

Root Port The port on the switch with the least-cost path to the designated root bridge in the spanning

Topology Change Count The number of times the topology of the spanning tree has changed.

Time Since Last Change The time that has passed since the last spanning tree topology change. This value is reset to

superior STP BPDUs. The port is assigned an “alternate” port role and enters a blocking state if it receives superior STP BPDUs. Select this option to enable root guard for the port. This feature is disabled by default.

blocking to the forwarding state when it stops receiving BPDUs. The port is marked as being in the loop-inconsistent state. In this state, the interface does not forward frames. This feature is disabled by default.

and topology changes to other ports. This feature is disabled by default.

configuration or to automatic configuration by the Auto Edge feature.

multiple devices (False). A point-to-point link has only one device at the far end.

priority value and the base MAC address of the bridge.

convergence, before moving to the forwarding state.

takes the least-cost path to the bridge. If the value is 0, the cost is automatically calculated based on port speed.

tree topology.

zero when the switch is reset.

Loop Inconsistent State Identifies whether the interface is currently in a loop-inconsistent state. An interface

Transitions Into Loop Inconsistent State

Transitions Out Of Loop Inconsistent State

If you modify these settings, click Apply to save the changes for the current boot session. The changes take effect immediately but are not retained across a switch reset unless you click Save Con- figuration.

Page 38 Spanning Tree

transitions to a loop-inconsistent state if loop guard is enabled and the port stops receiving BPDUs. In this state, the interface does not transmit frames.

The number of times the port has transitioned into loop inconsistent state.

The number of times this interface has transitioned out of loop-inconsistent state.

Page 39

Auto Recovery Configuration

The switch supports Auto Recovery for BPDU Guard and BPDU Rate Limiting. A switch port will be placed into a diagnostically disabled state when defined error conditions are met. The error conditions that cause a port to be placed into the diagnostically disabled state are as follows:

 BPDU Guard: If a port that has the BPDU Guard feature enabled receives a BPDU, it is placed in

the diagnostically disabled state.

 BPDU Rate Limit: When Spanning Tree is enabled, BPDU Rate Limiting is enabled by default to

protect the switch from BPDU storms. The BPDU rate limit threshold is set to 12–17 BPDU packets per second for three consecutive seconds.

When a port has been placed into a diagnostically disabled state, the port is shutdown, and no traffic is sent or received on the port until it is either manually enabled by the administrator or re-enabled by the Auto Recovery feature.

The Auto Recovery feature will automatically re-enabled a diagnostically disabled port when the error conditions that caused the port to be disabled are no longer detected. The switch utilizes a configurable Auto Recovery timer to periodically check the error condition at set intervals. If the error condition is no longer present, the port will be re-enabled. The administrator can manually override the timer setting by re-enabling a port at any time.

Auto Recovery is disabled by default. When disabled, ports in a diagnostically disabled state remain disabled until an administrator manually enables them.

Use the Auto Recovery Configuration page to configure Auto Recovery settings for STP BPDU Guard and BPDU Rate Limit components. To display this page, click Switching > Spanning Tree in the navigation pane, and then click the Auto Recovery tab.

Figure 20. Auto Recovery Configuration Page

Auto Recovery Configuration 39

Page 40

Table 15. Auto Recovery Configuration Fields

Field Description

Auto Recovery Components

BPDU Guard When BPDU Guard Auto Recovery is enabled, the port will be enabled once the configured

Recovery Time expires. If the port receives another BPDU, it will be disabled again. If the BPDU Guard Auto Recovery mode is disabled, a port that has received a BPDU and

has been placed in the diagnostically disabled state will remain in that state until an administrator manually enables it. BPDU Guard Auto Recovery is disabled by default.

BPDU Rate Limit If a port receives BPDUs at a rate greater than or equal to 12–17 BPDUs per second for three

Auto Recovery Parameters

Recovery Time This configures the Auto Recovery time interval. The Auto Recovery time interval is common

Interface Status

Interface The interface that is diagnostically disabled. If no interfaces are in the diagnostically disabled

Admin Mode The administrative mode of the interface.

Port Status Indicates whether the link is up or down. The link is the physical connection between the port

Reason If the switch detects an error condition for an interface, the switch puts the interface in the

consecutive seconds, that port will be placed in the diagnostically disabled state. When BPDU Rate Limit Auto Recovery is enabled, the port will be enabled once the

configured Recovery Time expires. If the port continues to receive BPDUs at a rate greater than or equal to 12–17 BPDUs per second for three consecutive seconds, that port will be disabled again. BPDU Rate Limit Auto Recovery is disabled by default.

for both BPDU Guard and BPDU Rate Limit. The default value of the timer is 300 seconds and the range is from 30 to 86400 seconds.

state, the table is blank.

or trunk and the interface on another device.

diagnostically disabled state, meaning that it has been intentionally disabled because it has encountered errors. The reasons that the interface can go into a diagnostically disabled state include the following:

 BPDU Guard  BPDU Storm

Time to Recover When Auto Recovery is enabled and the interface is placed in the diagnostically disabled

state, then a recovery timer starts for that interface. Once this timer expires, the device checks if the interface is in the diagnostically disabled state. If yes, then the device enables the diagnostically disabled interface.

Page 40 Auto Recovery Configuration

Page 41

Loop Protection

Loops on a network consume resources and can degrade network performance. Detecting loops manually can be very cumbersome and time consuming. The HPE OfficeConnect 1850 series switch software provides an automatic loop protection feature.

When loop protection is enabled on the switch and on one or more interfaces (ports or trunks), the interfaces send loop protection protocol data units (PDUs) to the multicast destination address 09:00:09:09:13:A6. When an interface receives a loop protection PDU, it compares the source MAC address with its own. If the MAC addresses match, a loop is detected and a configured action is taken, which may include shutting down the port for a specified period.

An interface can be configured to receive and take action in response to loop protection PDUs, but not to send out the PDUs itself.

Ports on which loop protection is disabled drop the loop protection packets silently.

Loop Protection Status

Use the Loop Protection Status page to display the status of this feature on each port. To display this page, click Switching > Loop Protection in the navigation pane.

Figure 21. Loop Protection Status Page

Loop Protection 41

Page 42

Table 16. Loop Protection Status Fields

Field Description

Interface The port or trunk ID.

Loop Protection Indicates whether the feature is administratively enabled or disabled on the port. Loop

Protection is disabled by default.

Configured Action Taken The action that is set to occur when a loop is detected on the port with loop protection

enabled:

 Shutdown Port—The port will be shut down for the configured period. This is the default.  Shutdown Port and Log—The event will be logged and the port it shut down for the con-

 Log Only—The event will be logged and the port remains operational.

Tx Mode Indicates whether the interface is configured (Enabled) to send out loop protection protocol

data units (PDUs) to actively detect loops. When disabled, the interface does not send out loop protection PDUs but can receive them from other ports. Tx Mode is enabled by default.

Loop Count The number of loops detected on this interface since the last system boot or since statistics

were cleared.

Status The current loop protection status of the port. Link Up indicates the interface is operating

normally. Link Down indicates that the port has been shut down due to the detection of a loop.

Loop Whether a loop is currently detected on the port.

Time of Last Loop The date and time of the last loop event detected.

Loop Protection Configuration

Use the Loop Protection Configuration page to configure this feature on one or more interfaces. To display this page, click Switching > Loop Protection in the navigation pane and select the Configura-

tion tab.

Figure 22. Loop Protection Configuration Page

figured period.

Page 42 Loop Protection

Page 43

Table 17. Loop Protection Configuration Global Fields

Field Description

Loop Protection Select Enabled or Disabled to administratively enable or disable this feature globally on the

Transmission Time The interval at which the switch sends loop protection PDUs on interfaces that are enabled

switch. This feature is disabled by default.

to send them. The range is 1 to 10 seconds and the default is 5 seconds.

Shutdown Time The period that a port is shut down when a loop is detected. This setting applies only to ports

that are configured to be shut down upon the detection of a loop. The range is 0 to 604800 seconds and the default is 180 seconds.

If you modify these settings, click Apply to update the switch configuration. The changes take effect immediately but are not retained across a switch reset unless you click Save Configuration.

Configuring Loop Protection Settings on Interfaces

To configure loop protection settings on one or more interfaces, select the interfaces and click Edit. Or, select Edit All to configure all interfaces.

Figure 23. Edit Loop Protection Port Configuration Page

Loop Protection 43

Page 44

Table 18. Loop Protection Configuration Global Fields

Field Description

Interface The port or ports that are being configured.

Loop Protection Select Enabled or Disabled to administratively enable or disable this feature on the selected

Action Select the action to occur when a loop is detected on a port with loop protection enabled:

interfaces. By default, this feature is disabled on all interfaces. Note that loop protection can be enabled on static trunks, but cannot be enabled on trunks

that are dynamically formed through LACP.

 Shutdown Port—The port will be shut down for the configured period. This is the default

selection.

 Shutdown Port and Log—The event will be logged and the port it shut down for the con-

figured period.

 Log Only—The event will be logged and the port remains operational.

Tx Mode When set to Enabled (the default), the port actively sends out loop protection PDUs to other

ports on which the loop protection feature is enabled. When set to Disabled, the port does not send loop protection PDUs but can receive them from other ports. Tx Mode is enabled by default.

Click Apply to update the switch configuration. Your changes take effect immediately. The changes are not retained across a switch reset unless you click Save Configuration.

Page 44 Loop Protection

Page 45

IGMP Snooping

Internet Group Management Protocol (IGMP) snooping allows a device to forward multicast traffic intelligently. Multicast IP traffic is traffic that is destined to a host group. Host groups are identified by class D IP addresses, which range from 224.0.0.0 to 239.255.255.255. Based on the IGMP query and report messages, the switch forwards traffic only to the ports that request the multicast traffic. This prevents the switch from broadcasting the traffic to all ports, which could affect network performance.

When enabled, the switch supports IGMPv1 and IGMPv2.

To enable IGMP snooping and view global status information, click Switching > IGMP Snooping in the navigation pane.

Figure 24. IGMP Snooping Page

Table 19. IGMP Snooping Fields

Field Description

IGMP Snooping Select Enabled to globally enable IGMP snooping on the switch. This feature is disabled by

Multicast Control Frame Count

default.

The number of multicast control frames that have been processed by the CPU since the switch was last reset.

If you change the Admin Mode, click Apply to save the changes for the current boot session. The changes take effect immediately but are not retained across a switch reset unless you click Save Con- figuration.

IGMP Snooping 45

Page 46

5 Virtual LAN

On a Layer 2 switch, Virtual LAN (VLAN) support offers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header. Like a router, a VLAN switch partitions the network into logical segments. Partitioning the network provides better administration, security, and multicast traffic management.

A VLAN is a set of end stations and the switch ports that connect them. Many reasons exist for the logical division, such as department or project membership. The only physical requirement is that the end station and the port to which it is connected both belong to the same VLAN.

Each VLAN in a network has an associated VLAN ID, which displays in the IEEE 802.1Q tag in the Layer 2 header of packets transmitted on a VLAN. An end station may omit the tag, or the VLAN portion of the tag, in which case the first switch port to receive the packet may either reject it or insert a tag using its default VLAN ID. A given port may handle traffic for more than one VLAN, but it can only support one default VLAN ID.

HPE OfficeConnect 1850 series switches support up to 64 VLANs.

Viewing VLAN Status and Adding VLANs

Use the VLAN Status page to view information on VLANs currently defined on the switch and to add and edit VLAN information.

To display the VLAN Status page, click VLAN > Configuration in the navigation pane.

Figure 25. VLAN Configuration Page

By default, VLAN 1 is defined on the switch. It is designated as the default VLAN and cannot be modified or deleted. All ports are members of VLAN 1 by default.

VLAN 1 is also the default management VLAN, which identifies the VLAN that management users must be a member of. The administrator can configure a different VLAN as the management VLAN. See Table 2 on page 16 for additional information about the management VLAN.

Page 46 Viewing VLAN Status and Adding VLANs

Page 47

The following information displays for each VLAN:

Table 20. VLAN Configuration Fields

Field Description

VLAN ID The numerical VLAN identifier (VID) assigned to the VLAN, from 1 to 4093.

Note: VLAN 0 (VID = 0x000 in a frame) is reserved and is used to indicate that the frame does not belong to any VLAN. In this case, the 802.1Q tag specifies only a priority and the value is referred to as a priority tag.

Name A user-configurable name that identifies the VLAN. If no name is specified, the name is

Type The type of VLAN, which can be one of the following:

Adding VLANs

To add a VLAN, click Add.

Figure 26. Add VLAN

In the VLAN ID or Range field, specify one or more VLAN IDs in the range 2 to 4093, and click Apply.

VLANnnnn, where nnnn is the four-digit VLAN ID (including any leading zeros).

 Default—The default VLAN. This VLAN is always present, and the VLAN ID is 1.  Static— A user-configured VLAN.

To create a range of VLANs, specify the beginning and ending VLAN IDs, separated by a dash. To create multiple non-sequential VLANs, separate each VLAN ID with a comma.

You can create up to 64 VLANs.

Viewing VLAN Status and Adding VLANs 47

Page 48

Changing a VLAN Name

When you create a VLAN, a default name is automatically assigned in the form VLANnnnn, where nnnn is the VLAN number with preceding zeros as needed. To change the VLAN name, select it on the VLAN Status page and click Edit.

Figure 27. Edit VLAN Page

On the Edit VLAN Configuration page, specify the new name consisting of 0 to 32 alphanumeric characters and click Apply.

Configuring Interfaces as VLAN Members

By default, all ports and trunks are assigned membership in the default VLAN (VLAN 1). If you create additional VLANs, you can add interfaces as members of the new VLANs and configure VLAN tagging settings for the interfaces. You can also modify interface memberships in VLAN 1.

To configure interface VLAN memberships, click VLAN > Port Membership in the navigation pane.

Figure 28. VLAN Port Membership Page

Page 48 Configuring Interfaces as VLAN Members

Page 49

Table 21. VLAN Port Membership Fields

Field Description

VLAN ID Select the VLAN ID for which you want to view interface memberships.

Interface The port or trunk ID.

Participation/Tagging The current membership mode and tagging behavior for each port in this VLAN, which is one

of the following:

 Exclude— The port is not configured to be a member of the selected VLAN.  Tagged — The port is a tagged member of the selected VLAN. When frames in this VLAN

are forwarded on this port, the VLAN ID will be included in the frame’s Ethernet header.

 Untagged—The port is an untagged member of the selected VLAN. When frames in this

VLAN are forwarded on this port, the VLAN ID will not be included in the frame’s Ethernet header.

To configure port membership to the selected VLAN, select one or more ports and click Edit. Or, click Edit All to configure all ports at the same time.

On the Edit VLAN Port Membership page, configure the Participation/Tagging setting to specify whether the ports are excluded from the VLAN or are included as a tagged or untagged member.

NOTE:

Consider the following guidelines when editing VLAN port memberships and settings:

 A port can be an untagged member of only one VLAN. If you change the VLAN that a port is an

untagged member of, then the port will be excluded from the VLAN where it was previously an untagged member. A port can be a tagged member of multiple VLANs.

 All ports must be a member of at least one VLAN, as either a tagged or an untagged member.

You cannot exclude a port from a VLAN unless the port is a member of at least one other VLAN.

 If you exclude a port from the management VLAN, a computer connected to the switch via that

port will be unable to access the switch management interface.

 Ports belonging to a trunk cannot be assigned membership in a VLAN, although the trunk itself

can be a member of one or more VLANs. When a member port is added to a trunk, it loses any previous VLAN memberships and acquires those of the trunk. When deleted from a trunk, a port loses the VLAN memberships of the trunk and acquires untagged membership in VLAN 1.

Click Apply to save any changes for the currently selected VLAN. The changes take effect immediately but are not retained across a switch reset unless you click Save Configuration.

Configuring Interfaces as VLAN Members 49

Page 50

VLAN Port Configuration

Use the VLAN Port Configuration page to view the port VLAN IDs (PVIDs) and priority values assigned to each VLAN.

To view this page, click VLANs > VLAN Port Configuration in the navigation pane.

Figure 29. VLAN Port Configuration Page

Table 22. VLAN Port Configuration Fields

Field Description

Interface Select the port on which to configure the VLAN settings.

Port VLAN ID The VLAN ID that this port will assign to untagged or priority-tagged frames received on this

Port Priority The default 802.1p priority assigned to Layer-2 untagged packets arriving at the port. A value

port. This value is also known as the Port VLAN ID (PVID). The PVID is set to the ID of the VLAN of which the port is an untagged member. The PVID is not configurable.

In a tagged frame, the VLAN is identified by the VLAN ID in the tag. By default, the PVID is 1 for all ports, which is the VLAN ID of the default VLAN, VLAN 1.

of 0 (the default) indicates the lowest priority, commonly used for routine traffic, and 7 indicates the highest priority, often reserved for application such as voice and video. The eight port priorities are internally mapped to four class-of-service (CoS) queues. The queues provide differentiated handling when forwarding traffic within the switch (assuming there is congestion on the switch that requires prioritizing traffic).

The port priority value is not assigned to tagged packets, which carry priority information in the VLAN tag, or to IP packets that carry priority information in the Differentiated Services Code Point (DSCP) field.

A priority value is forwarded externally only if the port is configured as a tagged port.

To modify these settings for one or more interfaces, select the interface and click Edit. Or, click Edit All to configure all interfaces at the same time.

Page 50 VLAN Port Configuration

Page 51

6 Trunks

Trunks allow for the aggregation of multiple full-duplex Ethernet links into a single logical link. Network devices treat the aggregation as if it were a single link, which increases fault tolerance and provides load sharing capability.

A trunk interface can be either static or dynamic:

 Dynamic—Dynamic trunks use the Link Aggregation Control Protocol (LACP, IEEE standard

802.3ad). An LACP-enabled port automatically detects the presence of other aggregation-capable network devices in the system and exchanges Link Aggregation Control Protocol Data Units (LACPDUs) with links in the trunk. The PDUs contain information about each link and enable the trunk to maintain them.

 Static—Static trunks are assigned to a bundle by the administrator. Members do not exchange

LACPDUs. A static trunk does not require a partner system to be able to aggregate its member ports. This is the default port type.

All members of a trunk must participate in the same protocols. A static trunk interface does not require a partner system to be able to aggregate its member ports.

From a system perspective, a Trunk is treated as a physical port. A Trunk and a physical port use the same configuration parameters for administrative enable/disable, port priority, and path cost.

A trunk failure of one or more of the links does not stop traffic in any manner. Upon failure, the flows mapped to a link are dynamically reassigned to the remaining links of the trunk. Similarly when links are added to a trunk, existing flows may automatically shift to a different link member within the trunk. Before any relocation of a conversation, the system ensures reordered frames do not exist.

When ports are added as members to a trunk, they are removed from all existing VLAN memberships and acquire the membership of trunk VLANs.

The switch supports four trunks, and each trunk can support up to four trunk members.

NOTE:

Trunks are sometimes referred to as link aggregation groups (LAGs) or port-channels.

VLAN Port Configuration 51

Page 52

Trunk Configuration

You can use the Trunk Configuration page to view and edit trunks. The number of trunks on the system is fixed, and all trunks are disabled by default. You can enable, disable, and edit settings for each trunk. Click Trunk > Trunk Configuration in the navigation pane.

Figure 30. Trunk Configuration Page

The following information displays for each trunk.

Table 23. Trunk Configuration Fields

Field Description

Trunk The trunk ID.

Name The configurable trunk name, which is the same as the trunk ID by default.

Type Trunks can be either dynamic or static, but not both:

 Dynamic— Dynamic trunks use the Link Aggregation Control Protocol (LACP, IEEE

standard 802.3ad). An LACP-enabled port automatically detects the presence of other aggregation-capable network devices in the system and exchanges Link Aggregation Control Protocol Data Units (LACPDUs) with links in the trunk. The PDUs contain information about each link and enable the trunk to maintain them.

 Static— Static trunks are assigned to a bundle by the administrator. Members do not

exchange LACPDUs. A static trunk does not require a partner system to be able to aggregate its member ports. This is the default port type.

Note that the loop protection feature is not supported on dynamic trunks. If loop protection is enabled on a static trunk and the trunk is changed to a dynamic trunk, loop protection is disabled.

Admin Mode Whether the trunk is administratively enabled or disabled. This feature is enabled by default.

Link Status Indicates the operational status of the trunk interface, which can be Up, Up (SFP) for ports

Members The ports that are members of the trunk. By default, no ports belong to any trunk.

Active Ports The ports that are actively participating members of a trunk. A member port that is

with an installed SFP transceiver, or Down.

operationally or administratively disabled or does not have a link is not an active port.

Page 52 Trunk Configuration

Page 53

Modifying Trunk Settings

To modify a trunk, select it and click Edit. The Edit Existing Trunk page displays:

Figure 31. Edit Existing Trunk Page

You can define the trunk name, administratively enable and disable the trunk, and select between static and dynamic mode, as described in Table 23 on page 52. You can also configure the following additional settings:

Table 24. Additional Trunk Configuration Fields

Field Description

STP Mode The spanning tree protocol (STP) mode of the trunk. When enabled, the trunk participates in

Load Balance The hashing algorithm used to distribute traffic load among the physical ports of the trunk

Port List/Members The Port List shows ports that are not members of the trunk, and the Members list shows

the STP operation to help prevent network loops. This feature is enabled on all trunks by default.

while preserving the per-flow packet order. The hashing algorithm uses various packet attributes to determine the outgoing physical port.The following sets of packet attributes can be used to compute the hashing algorithm:

 Source MAC, VLAN, EtherType, Incoming Port  Destination MAC, VLAN, EtherType, Incoming Port  Source/Destination MAC, VLAN, EtherType, Incoming Port. This is the default selection.  Source IP and Source TCP/UDP Port Fields  Destination IP and Destination TCP/UDP Port Fields  Source/Destination IP and TCP/UDP Port Fields

the ports that are members. Use the arrows to move ports between the lists.

Trunk Configuration 53

Page 54

Note the following considerations when configuring trunks and trunk members:

 All ports in a trunk must have the same full-duplex speed.

 Loop protection is supported on static trunks, but not on dynamic trunks. If loop protection is

enabled on a static trunk that is now being changed to a dynamic trunk, loop protection will be disabled on the trunk.

 A port that is added to a trunk loses its port VLAN membership and is assigned the VLAN mem-

berships configured for the trunk. Individual port VLAN memberships cannot be configured for ports that are members of a trunk. When the port is removed from a trunk, the port is made a member of the default VLAN.

 When ports are members of a trunk, they take on the STP configuration for the trunk. When ports

are removed from a trunk, the take on their earlier configured STP states.

Click Apply to save any changes to the currently selected trunk. The changes take effect immediately.

Trunk Statistics

The Trunk Statistics page displays the flap count for each trunk. A flap occurs when a trunk interface or trunk member port goes down.To display the Trunk page, click

Figure 32. Trunk Statistics Page

Trunks

Statistics

in the navigation pane

Table 25. Trunk Statistics Fields

Field Description

Trunk Name The user-created name for the trunk.

Type The interface type, which is either Port-Channel (a trunk) or Member Port (a physical port).

Flap Count The number of times the interface has gone down. The counter for a member port is

You can click Clear Counters to reset the flap count statistics to 0.

Page 54 Trunk Statistics

incremented when the physical port is either manually shut down by the administrator or when its link state is down. When a trunk is administratively shut down, the flap counter for the trunk is incremented, but the flap counters for its member ports are not affected. When all active member ports for a trunk are inactive (either administratively down or link down), then the trunk flap counter is incremented.

Page 55

7 Link Layer Discovery Protocol (LLDP and LLDP-MED)

LLDP is a standardized discovery protocol defined by IEEE 802.1AB. It allows stations residing on a LAN to advertise major capabilities, physical descriptions, and management information to other devices on the network. A network management system (NMS) can access and display this information.

LLDP is a one-way protocol; there are no request/response sequences. Information is advertised in LLDP Protocol Data Units (LLDPDUs) by stations implementing the LLDP transmit function, and LLDPDUs are received and processed by stations implementing the receive function. The transmit and receive functions can be enabled and disabled separately per port. By default, both functions are enabled on all ports.

LLDP-MED is an extension of the LLDP standard. LLDP-MED uses LLDP's organizationally-specific Type- Length-Value (TLV) extensions and defines additional TLVs.

LLDP Global Configuration

Use the LLDP Global Configuration page to specify global LLDP parameters and to configure the protocol on individual ports.

To display the LLDP Global Configuration page, click LLDP > Configuration in the navigation pane.

Figure 33. LLDP Global Configuration Page

LLDP Global Configuration 55

Page 56

You can configure the following global settings:

Table 26. LLDP Global Configuration Fields

Field Description

Transmit Interval Specify the time between transmission of LLDPDUs. The range is from 5 to 32768 seconds

Transmit Hold Multiplier Specify the multiplier value on the transmit interval, which is used to compute the time-to-live

and the default is 30 seconds.

(TTL) value associated with LLDPDUs. The range is from 2 to 10 seconds, and the default is 4 seconds.

Re-Initialization Delay Specify the number of seconds to wait before attempting to re-initialize LLDP on a port after

Notification Interval Specify the minimum number of seconds to wait between transmissions of remote data

the LLDP operating mode on the port changes. The range is from 1 to 10 seconds and the default is 2 seconds.

change notifications. The range is from 5 to 3600 seconds and the default is 5 seconds.

If you change these settings, click Apply to save any changes for the current boot session. The changes take effect immediately but are not retained across a switch reset unless you click Save Con- figuration.

The following information displays for each interface:

Table 27. LLDP Global Configuration—Port Fields

Field Description

Interface The port or trunk ID.

Link Status The link status of the interface, which is either Up or Down. An interface that is down does not

Transmit The LLDP advertise (transmit) mode on the interface. If the transmit mode is enabled, the

Receive The LLDP receive mode on the interface. If the receive mode is enabled, the device can

Notify Enable to have LLDP generate a log file entry.

Transmit Management Information

forward traffic.

interface sends LLDPDUs that advertise the mandatory TLVs that are enabled.

receive LLDPDUs from other devices.

The status of the LLDP remote data change notification on the interface. When enabled, the interface sends notifications when a link partner device is added or removed.

To modify interface settings, select one or more interfaces and click Edit to display the Edit LLDP Interface page.

Page 56 LLDP Global Configuration

Page 57

Figure 34. Edit LLDP Interface

Select a box to enable the associated feature. Clear a box to disabled the associated feature.

To modify settings on all interfaces, click Edit All.

LLDP Local Device Summary

Use the LLDP Local Device Summary page to view LLDP information for switch interfaces. To display this page, click LLDP > Local Devices in the navigation pane.

Figure 35. LLDP Local Device Summary Page

If all LLDP functions are disabled on an interface, then it does not appear in the table.

LLDP Local Device Summary 57

Page 58

Table 28. LLDP Local Device Summary Fields

Field Description

Local Device Summary

Chassis ID The hardware platform identifier for the device.

Chassis ID Subtype The type of information used to identify the chassis.

Capabilities Supported The primary function(s) the device supports.

Capabilities Enabled The primary function(s) the device supports that are enabled.

Interface Description

Interface The interface ID.

Port ID The port identifier, which is the physical address associated with the interface.

Port ID Subtype The type of information used to identify the interface

Port Description A description of the port. An administrator can configure this information on the Port Status

Displaying Port Details

To view additional LLDP information that the interface advertises, select the interface and click Details.

Figure 36. LLDP Local Device Information Page

page.

Page 58 LLDP Local Device Summary

Page 59

In addition to the fields described in Table 28 on page 58, this page displays the following fields.

Table 29. LLDP Local Device Information Fields

Field Description

System Name The user-configured system name for the device. The system name is configured on the

System Description The device description which includes information about the product model and platform.

Management Address The address, such as an IP address, associated with the management interface of the device.

Management Address Type The protocol type or standard associated with the management address.

System ID The protocol type or standard associated with the management address.

Dashboard page.

LLDP Remote Device Summary

Use the LLDP Remote Device Summary page to view information about remote devices for which the switch has received LLDP information. Interfaces that have this option enabled display in this table only if they have received LLDP notifications from a remote device.

To display the Remote Device page, click LLDP > Remote Devices in the navigation pane.

Figure 37. LLDP Remote Device Summary Page

LLDP Remote Device Summary 59

Page 60

Table 30. LLDP Remote Device Summary Fields

Field Description

Interface The HPE OfficeConnect 1850 interface that received the LLDP data from the remote system.

Remote ID The identifier assigned to the remote system that sent the LLDPDU.

Chassis ID The hardware platform ID for the remote system.

Port ID The physical address of the port on the remote device that sent the LLDP data.

Port Description The port description configured on the remote device. If the port description is not configured,

System Name The system description configured on the remote device. If the system description is not

Capabilities Supported The capabilities on the remote device. The possible capabilities include other, repeater,

Capabilities Enabled The capabilities on the remote device that are enabled.

System IP The reported management IP addresses of the remote device. The system IP address

LLDP Global Statistics

The Link Layer Discovery Protocol (LLDP) Statistics page displays summary and per-port information for LLDP and LLDP-MED frames transmitted and received on the switch.

the field may show the interface number of the remote port, or it may be blank.

configured, the field is blank.

bridge, WLAN AP, router, telephone, DOCSIS cable device, and station.

provides a link to the web interface on the remote device.

To display the LLDP Global Statistics page, click LLDP > Statistics in the navigation pane.

Figure 38. LLDP Statistics Page

Page 60 LLDP Global Statistics

Page 61

Table 31. LLDP Global Statistics Fields

Field Description

Global Statistics

Insertions The number of times the complete set of information advertised by a particular MAC Service

Deletions The number of times the complete set of information advertised by a particular MSAP has

Access Point (MSAP) has been inserted into tables associated with the remote systems.

been deleted from tables associated with the remote systems.

Drops The number of times the complete set of information advertised by a particular MSAP could

Age Outs The number of times the complete set of information advertised by a particular MSAP has

Time Since Last Update Time when an entry was created, modified, or deleted in the tables associated with the remote

Interface Statistics

Interface The interface ID.

Transmitted Frames The number of LLDP frames transmitted on the interface.

Received Frames The number of valid LLDP frames received on the interface.

Discarded Frames The number of LLDP frames the interface discarded for any reason.

Errors The number of invalid LLDP frames received by the LLDP agent on the interface.

MED TLVs The total number of LLDP-MED TLVs received on the interface.

not be entered into tables associated with the remote systems because of insufficient resources.

been deleted from tables associated with the remote systems because the information timeliness interval has expired.

system.

Click Clear All Counters to reset all statistics to their initial values.

LLDP Global Statistics 61

Page 62

LLDP-MED Global Configuration

LLDP-MED is an enhancement to LLDP that enables:

 Auto-discovery of LAN policies (such as VLAN and Layer 2 Priority settings).

 Device location discovery for creation of location databases.

 Extended and automated power management of Power over Ethernet (PoE) endpoints.

 Inventory management, enabling network administrators to track their network devices and deter-

mine their characteristics (manufacturer, software and hardware versions, serial/asset number).

To view and configure global Link Layer Discovery Protocol-Media Endpoint Discovery (LLDP-MED) settings, click LLDP-MED > Configuration in the navigation pane.

Figure 39. LLDP-MED Global Configuration Page

The following global settings display:

Table 32. LLDP-MED Global Configuration Fields

Field Description

Fast Start Repeat Count The number of LLDP-MED Protocol Data Units (LLDPDUs) that are transmitted during the

Device Class The device's MED classification. The HPE OfficeConnect 1850 switch is classified as a

fast start period when LLDP-MED is enabled. The default is 3.

Network Connectivity device.

If you change the Fast Start Repeat Count, click Apply to save any changes for the current boot session. The changes take effect immediately but are not retained across a switch reset unless you click Save Configuration.

Page 62 LLDP-MED Global Configuration

Page 63

The following information displays for each port:

Table 33. LLDP Global Configuration—Port Fields

Field Description

Interface The ID of the physical and trunk interfaces.

Link Status The link status of the interface, which is either Up or Down. An interface that is down does not

MED Mode The administrative status of LLDP-MED on the interface. When enabled, the LLDP-MED

Notification Status Indicates whether LLDP-MED topology change notifications are enabled or disabled on the

Operational Status Indicates whether the interface is configured to transmit TLVs. To transmit TLVs, the interface

forward traffic.

transmit and receive functions are effectively enabled on the interface. This feature is enabled by default.

interface. This feature is disabled by default.

must be enabled to receive and transmit LLDPDUs and must be connected to an LLDP-MED device. The switch waits for the LLDP-MED device to advertise its information before the switch transmits its own LLDP-MED TLVs, at which point the operational status becomes enabled.

Transmitted TLVs The LLDP-MED TLV(s) that the interface transmits. The HPE OfficeConnect 1850 switch, can

transmit TLVs of the following types:

 Capabilities  Network Policy

To enable or disable LLDP-MED on one or more interfaces, and to configure related features, select the interfaces and click Edit.

Figure 40. Edit LLDP-MED Interface

To modify settings on all interfaces, click Edit All. The settings you configure are applied to all interfaces.

LLDP-MED Global Configuration 63

Page 64

LLDP-MED Local Device Summary

Use the LLDP-MED Local Device Summary to view the information that is advertised by the switch interfaces when they are enabled for LLDP-MED. To display this page, click LLDP-MED > Local

Devices in the navigation pane.

Figure 41. LLDP-MED Local Device Summary Page

Table 34. LLDP-MED Local Device Summary Fields

Field Description

Interface The trunk or port ID.

Port ID The interface identifier, which is its physical address.

Page 64 LLDP-MED Local Device Summary

Page 65

LLDP-MED Remote Device Summary

Use the LLDP-MED Remote Device Summary page to view information about the remote devices the local system has learned through the LLDP-MED data units received on its interfaces. Information is available about remote devices only if an interface receives an LLDP-MED data unit from a device.

To display this page, click LLDP-MED > Remote Devices in the navigation pane.

Figure 42. LLDP-MED Remote Device Summary Page

Table 35. LLDP Remote Device Summary Fields

Field Description

Interface The local interface that has received LLDP-MED data units from remote devices.

Remote ID The client identifier assigned to the remote system that sent the LLDP-MED data unit.

Device Class The MED Classification advertised by the TLV from the remote device. The following three

classifications represent the actual endpoints:

 Class I Generic (for example, IP Communication Controller)  Class II Media (for example, Conference Bridge)  Class III Communication (for example, IP Telephone)

The fourth device is Network Connectivity Device, which is typically a device such as a LAN switch or router, IEEE 802.1 bridge, or IEEE 802.11 wireless access point.

System ID The reported management IP addresses of the remote device.

LLDP-MED Remote Device Summary 65

Page 66

Displaying Remote Device Details

To view additional information about a remote device, select the interface that received the LLDP-MED data and click Details.

Figure 43. LLDP-MED Remote Device Information Page

The following additional fields appear on the LLDP-MED Remote Device Information page:

Field Description

Capability Information

Supported Capabilities The supported capabilities that were received in the MED TLV on this interface.

Enabled Capabilities The supported capabilities on the remote device that are also enabled.

Device Class The MED Classification advertised by the TLV from the remote device.

Page 66 LLDP-MED Remote Device Summary

Page 67

Field Description

Network Policy Information

This section describes the information in the network policy TLVs received in the LLDP-MED frames on this interface.

Media Application Type The media application type received in the TLV from the remote device. The application types

are unknown, voicesignaling, guestvoice, guestvoicesignalling, softphonevoice, videoconferencing, streammingvideo, vidoesignalling. Each application type that is transmitted has the VLAN ID, priority, DSCP, tagged bit status and unknown bit status.

The port on the remote device may transmit one or many such application types. This information is displayed only when a network policy TLV has been received.

VLAN ID The VLAN ID associated with a particular policy type.

Priority The user priority associated with a particular policy type.

DSCP The Differentiated Services Code Point value associated with a particular policy type.

Unknown Bit Status The unknown bit associated with a particular policy type.

Tagged Bit Status Identifies whether the network policy is defined for tagged or untagged VLANs.

Inventory Information

This section describes the information in the inventory TLVs received in the LLDP-MED frames on this interface.

Hardware Revision The hardware version advertised by the remote device.

Firmware Revision The firmware version advertised by the remote device.

Software Revision The software version advertised by the remote device.

Serial Number The serial number advertised by the remote device.

Manufacturer Name The name of the system manufacturer advertised by the remote device.

Model Name The name of the system model advertised by the remote device.

Asset ID The system asset ID advertised by the remote device.

Extended PoE

This section describes whether the remote device is advertised as a PoE device.

Device Type If the remote device is a PoE device, this field identifies the PoE device type of the remote

device connected to the port.

Extended PoE PD

This section describes the information about the remote PoE powered device.

Required If the remote device is a PoE device, this field details the remote ports PD power requirement

in Watts.

Source If the remote device is a PoE device, this field details the remote ports PoE PD power source.

Priority If the remote device is a PoE device, this field details the remote ports PD power priority.

LLDP-MED Remote Device Summary 67

Page 68

8 Security

The HPE OfficeConnect 1850 series switch software includes a robust set of built-in denial-of-service (DoS) and storm-control protections, and allows configuring secure HTTP (HTTPS) management sessions.

Advanced Security Configuration

The HPE OfficeConnect 1850 series switch software provides an Auto Denial-of-Service (DoS) protection feature to help protect against DoS attacks. A DoS attack is an attempt to saturate the switch with external communication requests to prevent the switch from performing efficiently, or at all. You can enable Auto DoS protection that prevents common types of DoS attacks.

CAUTION:

The DoS feature does not generate notifications (such as error messages, syslog messages, or SNMP traps) if a DoS attack occurs. The switch will simply drop DoS-related packets.

To display the Advanced Security page, click Security > Advanced Security in the navigation pane.

Figure 44. Advanced Security Configuration (Auto DoS) Page

Page 68 Advanced Security Configuration

Page 69

Table 36. Advanced Security Configuration Fields

Field Description

Auto DoS Enable this option to enable all the DoS prevention mechanisms with default values. Enabling

Prevent Land Attack Enable this option to drop packets for which the source IP address equals the destination IP

this feature makes all the fields in the remainder of the table inaccessible (grayed-out). When disabled, you can individually turn on and off the DoS features and change their default values. This feature and all the individual DoS protections are disabled by default.

address.

Prevent TCP Blat Attack Enable this option to drop packets for which the TCP source port equals the TCP destination

Prevent UDP Blat Attack Enable this option to drop packets that have a UDP source port equal to the UDP destination

Prevent Invalid TCP Flags Attack

Prevent TCP Fragment Attack

Check First Fragment Only Enable this option to drop packets that have a TCP header smaller than the minimum TCP

Prevent Smurf Attack Enable this option to drop ICMP Echo packets (ping) that are sent to a broadcast IP address.

Prevent Ping Flood Attack Enable this option to prevent ping flooding by limiting the number of ICMP ping packets.

Prevent SYN Flood Attack Enable this option to limit the rate of TCP connection requests so that they are not received

Click Apply to save any changes for the current boot session. The changes take effect immediately but are not retained across a switch reset unless you click Save Configuration.

Secure Connection

The HPE OfficeConnect 1850 series switch software allows the administrator to enable or disable Secure HTTP protocol (HTTPS). When enabled, the administrator can establish a secure connection with the switch using the Secure Sockets Layer (SSL) protocol. Secure HTTP can help ensure that communication between the management system and the switch is protected from eavesdropping and man-in-the-middle attacks.

port.

Enable this option to drop packets that have TCP Flags SYN and FIN set.

Enable this option to drop IP packets that have an IP fragment offset equal to 1.

header size, which is hard-coded to 20 bytes.

faster than they can be processed.

You can upload an SSL certificate to the switch or have the switch generate its own certificate. The SSL certificate functions as a digital passport, enabling client web browsers to verify the identity of the switch before accessing it.

NOTE:

SSL is described in client/server terminology, where the SSL-enabled switch is the server and a web browser is the client.

The certificate provides information to the browser such as the server name, the trusted certificate authority (CA) that issued the certificate, the date it was issued, and the switch’s public key.

Secure Connection 69

Page 70

The browser and server use this information to negotiate a secure connection in the following manner:

 The browser verifies the certificate authority’s authenticity by checking it against its own list of

CAs. (web browsers such as Microsoft Internet Explorer and Mozilla Firefox maintain data on trusted CAs.)

 After validating the CA, the browser and switch negotiate the highest level of security available to

both. The browser uses the public key to encrypt a random number and send it to the switch. The switch uses a private key stored in memory (not advertised on the certificate) to decrypt it. From this process, the browser and switch determine an algorithm for encrypting and decrypting all further communication during the HTTPS session.

To enable secure HTTPS connections via SSL, the HTTPS Admin mode must be enabled on the switch, and the web server must have a public key certificate. The switch can generate its own certificates, or you can generate these externally and upload them to the switch.

 Certificates generated by the switch are self-signed; that is, the validity of the information provided

in the certificate is attested to by the switch itself.

 Uploaded certificates can also be self-signed (by a server other than the switch), or they can be

root certificates. A root certificate has been digitally signed by a CA, and is therefore considered to provide a higher level of security.

You can also upload the encryption parameter files that provide algorithms for encrypting the key exchanges.

To display the Secure HTTP Configuration page, click Security > Secure Connection in the naviga- tion pane.

Figure 45. Secure HTTP Configuration

Table 37. Secure HTTP Configuration Fields

Field Description

HTTP Admin Mode Enable the Administrative mode of HTTP. This feature is enabled by default and can only be

HTTPS Admin Mode Enable to allow secure HTTPS sessions. When enabled, ensure that the Certificate Status

HTTPS Session Soft Time Out

disabled when the HTTPS Admin mode is enabled.

field reflects that a certificate is present. This feature is disabled by default. Note that you can only upload SSL certificates when this mode is disabled.

The number of minutes after which an HTTPS session times-out if there is no user activity. The default value is 5 minutes.

Page 70 Secure Connection

Page 71

Field Description

HTTPS Session Hard Time Out

Certificate Status The status of the SSL certificate generation process:

The number of minutes after which an HTTPS session times-out, regardless of recent user activity. The default value is 24 hours.

Present—A certificate is available for use with HTTPS sessions. Absent—No certificate is available on the switch. This is the default value. Generation in Progress— An SSL certificate is currently being generated.

Upload or regenerate a certificate when the previous certificate has expired, or when you have reason to suspect that security has been breached and the certificate has been taken for use by another server.

 If you click , the Upload Certificates page displays. See “Uploading SSL Certificates and

Encryption Files” on page 71.

 If you click , the switch creates its own self-signed public key certificate. The status of the pro-

cess displays in the Status field.

 If the value of the Certificate Status field is Present, you can click to delete the existing certif-

icate.

 If you enable or disable HTTPS Admin Mode, or change the timeout settings, click Apply to save

the changes for the current boot session. The changes take effect immediately but are not retained across a switch reset unless you click Save Configuration.

Uploading SSL Certificates and Encryption Files

You can upload a public key certificate that has been signed by another server, or a root certificate that has been signed by a certificate authority. You can also upload Diffie-Hellman (DH) encryption parameter files, which establish the algorithms for encrypting key exchanges.

Before you upload a file to the switch, the following conditions must be met:

 The file is on the server in the appropriate directory.

 The file is in the correct format.

 The switch has a path to the server.

Use the following procedure to upload an SSL certificate or DH files to the switch.

1. If enabled, set the HTTPS Admin Mode to Disabled.

2. Click .

The Upload Certificates page displays.

Secure Connection 71

Page 72

Figure 46. Upload Certificates

3. Select one of the following from the File Type field:

 SSL Trusted Root Certificate PEM File— A PEM-encoded SSL certificate that has been digi-

tally signed by a certificate authority.

 SSL Server Certificate PEM File —A PEM-encoded SSL certificate that has been signed by

another server.

 SSL DH Weak/Strong Encryption Parameter PEM File— DH certificates provide the algo-

rithms for encrypting key exchanges and are used independent of the certificate. The weak version uses a cipher strength of 512 bits and the strong version uses a cypher strength of 1024 bits. Browser settings determine which DH file parameters are requested at the start of the SSL session.

4. Browse for the file on your local computer or network.

5. Click Begin Transfer.

The status of the transfer displays in the Status field.

6. Enable HTTPS Admin Mode and click Apply.

Page 72 Secure Connection

Page 73

Storm Control Configuration

The Storm Control feature protects against conditions where incoming packets flood the LAN, causing network performance degradation. The software includes Storm Control protection for unicast traffic with an unknown destination, and for broadcast and multicast traffic. When enabled, the storm control threshold is automatically set to 5% of port speed. If the incoming rate of unicast (with unknown destination), multicast, or broadcast packets exceeds this value, the port moves to the diagnostically disabled state and remains in that state until it is re-enabled by the Auto Recovery feature. Storm Control functionality is applicable only for physical interfaces.

When Auto Recovery is enabled, an interface in the diagnostically disabled state due to a storm is recovered (link up) when the recovery interval expires. If the interface continues to encounter excessive traffic, it may be placed back into the diagnostically disabled state, and the interface will be disabled (link down). An interface in the diagnostically disabled state may also be manually recovered by enabling it from the Port Status page (see “Port Status” on page 25).

To display the Storm Control Configuration page, click Security > Storm Control in the navigation pane.

Figure 47. Storm Control Configuration Page

Storm Control Configuration 73

Page 74

Table 38. Storm Control Configuration Fields

Field Description

Storm Control Features

Storm Control Storm control enables the rate-limiting of incoming unicast (with unknown destination),

Auto Recovery Parameters

Auto Recovery This configures the Storm Control auto recovery administrative mode. This feature is disabled

Recovery Time This configures the Storm Control auto recovery time interval. The default value of the timer

Interface Status

Interface The interface which is diagnostically disabled. This table displays only those interfaces that

Admin Mode The administrative mode of the interface.

Port Status Indicates whether the link is up or down. The link is the physical connection between the port

multicast, and broadcast traffic to prevent unnecessary congestion in the network. When enabled, the storm control threshold is automatically set to 5% of port speed. If the incoming rate of unicast (with unknown destination), multicast, or broadcast packets exceeds this value, the port moves to the diagnostically disabled state and remains in that state until it is re-enabled by the Auto recovery feature. Storm Control functionality is applicable only for physical interfaces. This feature is disabled by default.

Note: The threshold percentage is translated to a packets-per-second value that is used by the switch hardware to rate-limit the incoming traffic. This translation assumes a nominal 512 byte packet size to determine the packets-per-second threshold based on the port speed. For example, the 5% threshold applied to a 1 Gbps port equates to approximately 11748 packetsper-second, regardless of the actual packet sizes being received by the port. Each of the three storm control packet types is rate-limited independently.

by default.

is 300 seconds and the range is from 30 to 86400.

have been placed in a diagnostically disabled state due to the detection of a broadcast storm.

or trunk and the interface on another device.

Reason If the switch detects an error condition for an interface due to a broadcast storm, then the

switch puts the interface in the diagnostically disabled state. The reason that the interface can go into the diagnostically disabled state is the following:

 Storm Control

Time to Recover When Auto Recovery is enabled and the interface is placed in diagnostically disabled state,

then a recovery timer starts for that interface. Once this timer expires, the device checks if the interface is in the diagnostically disabled state. If yes, then the device enables the diagnostically disabled interface.

Click Apply to save the changes for the current boot session. The changes take effect immediately but are not retained across a switch reset unless you click Save Configuration.

Page 74 Storm Control Configuration

Page 75

9 Green Features

The green features on the switch are Efficient Ethernet (EEE) technologies, as defined by the IEEE

802.3az task force. These features are designed to reduce per-port power usage by shutting down ports when no link is present or when activity is low.

Green Features Configuration

To display the Green Features configuration page, click Green Features > EEE Configuration in the navigation pane.

Figure 48. Green Features

Table 39. Green Features Configuration Fields

Field Description

Low-Power Idle (EEE) EEE (Energy Efficient Ethernet) is designed to save power by turning off network ports that

are not passing traffic. When this features is enabled, the ports can enter a low-power mode to reduce power consumption during periods of low link utilization. EEE works for ports in auto-negotiation mode, where the port is negotiated to either 100 Mbps full duplex or 1 Gbps (1000 Mbps) full duplex. This feature is disabled by default.

CAUTION: EEE is automatically disabled for a port if its auto-negotiation mode becomes disabled. To re-enable EEE for any port after enabling its auto-negotiation mode, the Low Power Idle (EEE) mode for the switch must be manually disabled and then enabled again.

Click Apply to save any changes for the current boot session. The changes take effect immediately but are not retained across a switch reset unless you click Save Configuration.

Green Features Configuration 75

Page 76

EEE Status

When EEE is enabled, you can use the EEE status page to view estimated power savings and power consumption information. This page also displays status information for each interface.

To display the EEE status page, click Green Features > EEE Status in the navigation pane.

Figure 49. EEE Status Page

Table 40. EEE Status Fields

Field Description

Global Statistics

Estimated Energy Savings The estimated cumulative energy saved on the device (in watts x hours) due to the Energy

Estimated Power Savings The estimated percentage of power conserved on all ports due to the Energy Efficient

Current Power Consumption

Per-Port Status

Interface The interface ID. If EEE is not enabled, then no interfaces display.

Link Partner Supports EEE Displays Yes if the interface has received EEE messages (called Type-Length Values, or

Auto Port Power-Down Status

Wakeup Time Negotiated by LLDP

Rx Wakeup time The Rx wakeup time in effect for thee port, if negotiated by LLDP (otherwise, a dash displays).

Tx Wakeup time The Tx wakeup time in effect for the port, if negotiated by LLDP (otherwise, a dash displays).

Efficient Ethernet feature.

Ethernet feature. For example, 10% means that the device required 10% less power.

The estimated power consumption by all ports.

TLVs) from a link partner, or No if it has not.

The current operational state of Auto Port Power-Down mode.

Indicates whether the EEE wakeup time is negotiated with the link partner (Yes or No).

Page 76 EEE Status

Page 77

10 Diagnostics

You can use the Diagnostics pages to test, reboot, and view log and configuration information on the HPE OfficeConnect 1850 series switch.

Buffered Log

The log messages that the switch generates in response to events, faults, errors, and configuration changes are stored locally on the switch in the RAM (cache). This collection of log files is called the buffered log. When the buffered log file reaches the maximum size, the oldest message is deleted from the RAM when a new message is added. If the system restarts, all messages are cleared. The Log page displays the 100 most recent system messages, such as configuration failures and user sessions. The newest log entry, by default, is displayed at the bottom of the list.

NOTE:

If more than 100 messages accumulate, their Log Index numbers continue to increment beyond 100 and the oldest entries are deleted (for example, if 200 log entries were generated since the system was last restarted or the log file was cleared, then the log file would display entries 101 to 200).

To display the Log page, click Diagnostics > Log in the navigation pane.

Figure 50. Buffered Log Page

Buffered Log 77

Page 78

The following information displays in the Buffered Log table.

Table 41. Buffered Log Fields

Field Description

Log Index The log number.

Log Time Time at which the log was entered in the table.

Severity The severity level associated with the log message. The severity can be one of the following:

 Emergency—The device is unusable.  Alert—Action must be taken immediately.  Critical— The device is experiencing primary system failures.  Error— The device is experiencing non-urgent failures.  Warning— The device is experiencing conditions that could lead to system errors if no

action is taken.

 Notice—The device is experiencing normal but significant conditions.  Info— The device is providing non-critical information.  Debug—The device is providing debug-level information.

Component The system component that issued the log entry.

Description A text description of the entry.

 Click the arrows next to the column headings to sort the list by the column, in ascending or

descending order.

 Click Clear Log to delete all log messages.

For information on configuring log settings, see “Log Configuration” on page 79.

Crash Log

If there has been an unexpected restart of the switch, additional information displays near the top of the Log page to alert the user of the event. The Crash Log text box displays information about the restart event, which may be helpful to technical support in diagnosing its cause. The crash log is stored into non-volatile memory so that it is preserved upon reboot.

When the switch is reset to factory defaults, all crash log information is erased.

Page 78 Buffered Log

Page 79

Figure 51. Crash Log Information on Log Page

To clear the unexpected restart alert and the contents of the crash log, click Clear Unexpected Restart. You can click Save Crash Log to save the contents of the crash log to a file in tar.gz format (a

compressed archive).

Log Configuration

The HPE OfficeConnect 1850 series switch software supports logging system messages to the buffered log file or forwarding messages over the network using the Syslog protocol. Syslog messages can be captured by a designated host on the network that is running a Syslog daemon. You can use the Log Configuration page to configure buffered log and Syslog settings.

To display the Log Configuration page, click Diagnostics > Log Configuration in the navigation pane.

Log Configuration 79

Page 80

Figure 52. Log Configuration Page

Table 42. Log Configuration Fields

Field Description

Buffered Log Configuration

Buffered Logging Enables or disables logging system events to the buffered log. This feature is enabled by

Severity Filter Specify type of system messages logged using the Buffered Logging Level setting:

default.

 Emergency— Alerts the user of the highest level of system error classified as urgent.  Alert— Alerts the user of a high level of system error.  Critical— Alerts the user of a high level of system error which must be immediately

addressed.

 Error— Alerts the user of an error in the system.  Warning— Warns the user of an impending system error of a specified operation.  Notice— Notifies the user of a system error.  Info— Provides the user with system information. This is the default filter level.  Debug—An internal note to reconcile programming code.

SysLog Configuration

SysLog Host Enables and disables logging to configured syslog hosts. When the syslog admin mode is

UDP Port The UDP port on the logging host to which syslog messages are sent. The port ID can be any

IP Address The IP address of the remote host to receive log messages.

Severity Filter The severity level threshold for log messages. All log messages with a severity level at and

disabled, the device does not relay logs to syslog hosts, and no messages are sent to any collector/relay. When enabled, messages are sent to configured collectors/relays using the values configured for each collector/relay. This feature is disabled by default.

value from 1 to 65535. The default is 514.

above the configured level are forwarded to the logging host. By default, messages designated as Alert and higher are forwarded to the Syslog host.

Click Apply to save any changes for the current boot session. The changes take effect immediately but are not retained across a switch reset unless you click Save Configuration.

Page 80 Log Configuration

Page 81

Cable Diagnostics

Use the Cable Diagnostics page to test the cable connected to a port on the device. The cable diagnostics uses Time Domain Reflectometry (TDR) technology to test the quality and characteristics of a copper cable attached to a port. Cables up to 120 meters long can be tested.

CAUTION:

The link is forced down for the selected interface during the cable test period. As such, a new IP address may be obtained when the link is restored, and the web session may get disconnected.

To display the Cable Diagnostics page, click Diagnostics > Cable Diagnostics in the navigation pane.

Figure 53. Cable Diagnostics Page

Table 43. Cable Test Fields

Field Description

Interface Select the port with the connected cable to test.

Cable Status Displays the cable status as one of the following:

 Normal – The cable is working correctly.  Open – The cable is disconnected, or there is a faulty connector.  Open and short – There is an electrical short in the cable.  Cable status test failed – The cable status could not be determined. The cable may in

fact be working.

 No Cable – The cable is not connected to the switch port.  Untested – A test has not been run on the cable since the switch last booted.  Cable test not supported for this interface – Cable test is not supported for this cable

type.

Cable Length The estimated length of the cable in Meters. If the cable length cannot be determined,

Unknown is displayed. This field shows the range between the shortest estimated length and the longest estimated length.

Note: This field displays a value only when the cable status is Normal; otherwise, this field is blank.

Cable Diagnostics 81

Page 82

Field Description

Failure Location Distance The estimated distance from the end of the cable to the failure location.

Note: This field displays a value only when the cable status is Open or Short; otherwise, this field is blank.

To perform cable diagnostics, select one or more ports and click Test. The cable diagnostics may take up to 10 seconds to complete. If the port has an active link, the link will go down on the far end, and the Cable Status always indicates Normal. The test returns a cable length estimate.

NOTE:

If the link is down and a cable is attached to a 10/100 Ethernet adapter, the Cable Status may indicate Open or Short because some Ethernet adapters leave unused wire pairs unterminated or grounded.

Page 82 Cable Diagnostics

Page 83

Ping Test

Use the Ping page to send one or more ping requests from the switch to a specified IP address. You can use the ping request to check whether the switch can communicate with a particular host on an IP network. A ping request is an Internet Control Message Protocol (ICMP) echo request packet. The information you enter on this page is not saved as part of the device configuration.

To display the Ping page, click Diagnostics > Ping Test in the navigation pane.

Figure 54. Ping Page

Table 44. Ping Fields

Field Description

IP Address Specify the IP address you want to reach.

Count Specify the number of packets to send. The range is 1 to 15 packets and the default is 3 packets.

Interval Specify the delay between ping packets. The range is from 1 to 60 seconds, and the default is 3 seconds.

Size Specify the size of the ping packet to be sent. Changing the size allows you to troubleshoot connectivity

Status The current status of the ping test, which can be one of the following:

issues with a variety of packet sizes, such as large or very large packets. The range is from 0 to 13000 bytes, and the default is 0 bytes.

 Not Started—The ping test has not been initiated since viewing the page.  In Progress— The ping test has been initiated and is running.  Stopped—The ping test was interrupted because the user clicked the Stop button.  Done—The test has completed, and information about the test is displayed in the Results area.

Results The results of the ping test, which includes the following information:

 The IP address of the device that was pinged.  The Internet Control Message Protocol (ICMP) number of the packet, starting from 0.  The time it took to receive a reply, in microseconds.  The number of ping packets sent and received, the percent of packets that were lost, and the mini-

mum, average, and maximum round-trip time for the responses in milliseconds.

Click Start to ping the specified host and Stop to end a ping in progress. If you do not click Stop, the pings continue until the number of pings specified in the Count field has been reached—even if you navigate way from the Ping page.

Ping Test 83

Page 84

Reboot Switch

Use this feature to perform a software reboot of the switch. If you applied configuration changes, click the Save Configuration button in the upper right of any page before rebooting. If the switch is configured to use DHCP to acquire its IP address, the address may change upon restart; you will need to determine the address before logging back in to the management utility.

To display the Reboot Switch page, click Diagnostics > Reboot Switch.

Figure 55. Reboot Switch Page

Click Reboot to reboot the switch.

Factory Defaults

You can use the Reset Configuration page to restore all settings to their factory default values. All configuration changes, including those that were previously saved, are reset in the running system by this action.If the switch is configured to use DHCP to acquire its IP address, the address may change upon restart; you will need to determine the address before logging back in to the management utility.

To display the Factory Defaults page, click Diagnostics > Factory Defaults.

CAUTION:

It is recommended that you back up the current configuration file prior to restoring the factory defaults configuration. See “Backup and Update Manager” on page 90 for instructions.

Figure 56. Reset Configuration Page

Click Reset to restore the system to the default settings.

Page 84 Reboot Switch

Page 85

Support File

Use the support file page to display summary information for the switch on a single page.

To display the Support File page, click Diagnostics > Support File in the navigation pane. Figure 57 shows a partial view of the page.

Figure 57. Support File Page

The support file page includes the following information:

 System Information— A system description, name, location, and contact information, along with

date and time information

 Device Information—Software and OS versions

 System Resource Usage—CPU and memory usage data

 Image Status and Image Description—The active and backup image status and versions

 Buffered Log and Configuration— Messages and logging configuration details

 Syslog Configuration—Syslog status and remote port and address information

 Time Configuration and Time Zone—SNTP client status and time zone configuration

 Network Details—Switch IP and MAC addresses

 Web Parameters and Management Access—Web session timeout and access port and manage-

ment VLAN information

 SNMP—Status and community configuration

Support File 85

Page 86

 Port Status and Port Summary Statistics—Port and trunk configuration details, summary, and sta-

tistics

 Trunk Configuration and Trunk Statistics—Trunk configuration details and flap count statistics

 Jumbo Frames Configuration—Enable/disable status

 Flow Control and Storm Control Configuration— Enable/disable status

 Auto DoS Features—Enable/disable status

 Web Configuration—HTTP and HTTPS status and timeout settings

 MAC Table—Address forwarding table and summary statistics

 VLAN Configuration and VLAN Port Membership— Configured VLANs and membership details

 Port Mirroring Configuration—Enable/disable status and source and destination port configuration

 IGMP Status—Enable/disable information and statistics



LLDP and LLDP-MED Configuration—Global settings and per-port LLDP configuration and activity

 Loop Protection Status— Per interface configuration and statistics

 Spanning Tree Bridge and Interface Status— Global and per-port configuration and status

 Green Features (EEE) Configuration— Global and per-port enable/disable status and power con-

sumption data

 PoE Configuration— On switches that support PoE, global and per-port configuration and sched-

ule settings.

You can click Save As to save the Support File page content. The Support File page is saved as HTML and is named support_file.html by default.

Locator

When you need to physically locate the switch, you can use this page to activate a blinking LED on the switch. When enabled, the LED blinks for 30 minutes before being automatically turned off by switch software. You can also use this page to disable the LED if the switch has been located.

To display the Locator page, click Diagnostics > Locator in the navigation pane.

Figure 58. Locator Page

Select Enabled and click Apply to cause the Locator LED on the switch to blink for 30 minutes. The Locator System LED in the Device View turns blue and blinks while this feature is active. This feature is disabled by default (see “System LEDs” on page 12).

Note that this setting is not stored with the system configuration, so clearing the configuration will not change this value. If the switch reboots, this value is reset to Disabled.

Page 86 Locator

Page 87

MAC Table

The MAC address table keeps track of the Media Access Control (MAC) addresses associated with each port. This table enables the switch to forward unicast traffic through the appropriate port. The MAC address table is sometimes called the bridge table or the forwarding database.

IMPORTANT:

The address table supports up to 16K MAC address entires; however, the UI will display up to 500 entries. If the MAC address you want to view is not displayed, you can search for it by using the Filter option. You can enter a partial MAC address to view the first 500 addresses that match your entry.

To display the MAC Table page, click Diagnostics > MAC Table in the navigation pane.

Figure 59. MAC Table Page

MAC Table 87

Page 88

Table 45. MAC Table Fields

Field Description

Maximum Entries Supported

VLAN ID The VLAN or VLANs with which the MAC address is associated.

The maximum number of MAC address entries that can be learned on the switch.

MAC Address A unicast MAC address for which the switch has forwarding and/or filtering information. The

Interface The port where this address was learned. The port identified in this field is the port through

Interface Index The Interface Index of the MIB interface table entry associated with the source port. This

Status Provides information about the entry and why it is in the table. Possible values are the

format is a six-byte MAC address, with each byte separated by colons.

which the MAC address can be reached. CPU is a special source port used for internal management on the switch

value helps identify an interface when using SNMP to manage the switch.

following:

 Learned—The address has been automatically learned by the switch and can age out

when it is not in use. Dynamic addresses are learned by examining information in incoming Ethernet frames.

 Management—The burned-in MAC address of the switch.  Self—The MAC address belongs to one of the physical interfaces on the switch.  Other— The address was added dynamically through an unidentified protocol or method.  Unknown—The switch is unable to determine the status of the entry.

Page 88 MAC Table

Page 89

11 Maintenance Pages

You can use the maintenance pages to change the password for logging in to the configuration utility, back up and update the switch software, and select which of two software images is the active image and which is the backup image.

Password Manager

Use the Password Manager page to change the password used to access the web interface. To display the Password Manager page, click Maintenance > Password Manager.

Figure 60. Password Manager Page

Table 46. Password Manager Fields

Field Description

Username A unique ID or name used to identify the administrative user account. A change in the

Current Password Enter the old password, if one exists. There is no password by default.

New Password Confirm New Password

username is effective the next time you attempt to log into the switch.

Enter the new password twice. Passwords must be at least 8 characters but no more than 64 characters long. Passwords

are case sensitive. There is no default password. Passwords must use printable characters and cannot contain a quotation mark (“) or question mark (?). In case of a forgotten password, manually reset the switch to its factory defaults.

If you change the user name or password, click Apply to save your changes. At the next log on, use the new password.

Password Manager 89

Page 90

Backup and Update Manager

The File Transfer page enables you to save a backup copy of the switch’s firmware image or configuration file on a local system or network directory and to update files on the switch by transferring newer files from a remote system. This is the page you use to update the switch firmware.

Files can be backed up and updated using either HTTP or TFTP.

To display this page, click Maintenance > Backup and Update Manager in the navigation pane.

Figure 61. File Transfer Page

Backing Up Files

To back up a file, click in the Backup column in either the HTTP or TFTP row. The HTTP Backup File or TFTP Backup File page displays.

Figure 62. HTTP Backup File Page

Figure 63. TFTP Backup File Page

Page 90 Backup and Update Manager

Page 91

Configure the following settings:

Table 47. TFTP and HTTP Backup File Fields

Field Description

File Type Select the type of file to back up from the switch to a remote system. You can back up the

Server Address (TFTP only) Enter the IP address of the TFTP server.

active or backup image, the system configuration file, the error log in persistent memory (also referred to as the event log), and the buffered log in RAM.

File Name (TFTP only) Enter the path on the server where you want to put the file followed by the name

Status Status information on the backup process.

Click Begin Transfer begin the backup process. For a TFTP backup, the switch begins the transfer to the specified location. For an HTTP backup, browse to the location on your network where you want to save the file.

Updating Files

To transfer a file from a remote system to the switch using HTTP or TFTP, click in either row in the Update column. The HTTP Update or TFTP Update page appear.

To update a file using HTTP, configure the following information and click Begin Transfer.

NOTE:

Firmware upgrades can be performed on the backup code only.

Figure 64. HTTP Update File Page

to be applied to the file as it is saved. This can differ from the actual file name on the switch. The path can be 0 to 160 characters and the file name can be 1 to 32 characters. The file name can have ASCII printable characters, excluding the following: \, /, :, *, ?, ", <, >, |

Backup and Update Manager 91

Page 92

Table 48. HTTP Update File Fields

Field Description

File Type Select the type of file to update:

 Backup Code—Select this option to transfer a new image to the switch. The code file is

stored as the backup image. After updating the backup image, you can use the Dual Image Configuration page to make it the active image upon the next reboot.

Note: You cannot directly update the active image.

 Configuration—Select this option to update the stored configuration file (startup-config).

If the file has errors, the update will be stopped.

 Public Key Image—Select this option to transfer the public key file used for code image

validation to the switch.

The other file types relate to security settings. For more information, see “Uploading SSL

Certificates and Encryption Files” on page 71.

Select File Browse to the location on the network where the new file is located and select it.

Digital Signature Verification

Status Status information on the update process.

For the Backup Code, you can select this option to have the switch verify the file download with a digital signature.

Digital signature verification is applied to backup code only.

Figure 65. TFTP Update File Page

To update a file using TFTP, configure the following information and click Begin Transfer.

Table 49. TFTP Update File Fields

Field Description

File Type See the options in Table 48 on page 92.

Server Address Enter the IP address or host name of the TFTP server.

File Name Enter the path on the server where file is located followed by the filename.

Digital Signature Verification

Status Status information on the update process.

CAUTION:

Do not disturb the browser window while the transfer is in progress.

Page 92 Backup and Update Manager

The path can be 0 to 160 characters and the file name can be 1 to 32 characters. The path and file name are separated by a slash (/).

The file name can have ASCII printable characters, excluding the following: \, /, :, *, ?, ", <, >, |

For the active and backup code file types, you can select this option to have the switch verify the file download with a digital signature.

Page 93

Dual Image Configuration

The switch can store up to two software images. One image is the active image and the other is the backup image (not actively running on the switch). You can select which image to load during the next boot cycle and add a description for each image on the device.

IMPORTANT:

If you configure a description for the active and/or backup firmware image, the description will not be cleared if you reset the switch to the factory default settings.

To display the Dual Image Configuration page, click Maintenance > Dual Image Configuration.

Figure 66. Dual Image Configuration Page

Table 50. Dual Image Configuration Fields

Field Description

Image Status This section lists the current image status information.

Image The type of image, which can be either Active or Backup.

Version The software version of the image.

Description Specify an optional description of the image selected.

Next Active The firmware image that will become active the next time the switch is rebooted. To make the

current backup image the active image, select Backup, then reboot the switch.

Click Apply to save your changes to the switch.

Dual Image Configuration 93

Page 94

A Support and other resources

Accessing Hewlett Packard Enterprise Support

 For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website:

www.hpe.com/assistance

 To access documentation and support services, go to the Hewlett Packard Enterprise Support

Center website:

www.hpe.com/support/hpesc

Information to collect

 Technical support registration number (if applicable)

 Product name, model or version, and serial number

 Operating system name and version

 Firmware version

 Error messages

 Product-specific reports and logs

 Add-on products or components

 Third-party products or components

Accessing updates

 Some software products provide a mechanism for accessing software updates through the prod-

uct interface. Review your product documentation to identify the recommended software update method.

 To download product updates, go to either of the following:

 Hewlett Packard Enterprise Support Center Get connected with updates page:

www.hpe.com/support/e-updates

 Software Depot website:

www.hpe.com/support/softwaredepot

 To view and update your entitlements, and to link your contracts, Care Packs, and warranties with

your profile, go to the Hewlett Packard Enterprise Support Center More Information on Access to Support Materials page:

www.hpe.com/support/AccessToSupportMaterials

NOTE:IMPORTANT:

Access to some updates might require product entitlement when accessed through the Hewlett Packard Enterprise Support Center. You must have an HPE Passport set up with relevant entitlements.

Page 94 Support and other resources

Page 95

Websites

Website Link

Hewlett Packard Enterprise Information Library www.hpe.com/info/enterprise/docs

Hewlett Packard Enterprise Support Center www.hpe.com/support/hpesc

Contact Hewlett Packard Enterprise Worldwide www.hpe.com/assistance

Subscription Service/Support Alerts www.hpe.com/support/e-updates

Software Depot www.hpe.com/support/softwaredepot

Customer Self Repair www.hpe.com/support/selfrepair

Insight Remote Support www.hpe.com/info/insightremotesupport/docs

Serviceguard Solutions for HP-UX www.hpe.com/info/hpux-serviceguard-docs

Single Point of Connectivity Knowledge (SPOCK) Storage Compatibility Matrix www.hpe.com/storage/spock

Storage white papers and analyst reports www.hpe.com/storage/whitepapers

Customer self repair

Hewlett Packard Enterprise customer self repair (CSR) programs allow you to repair your product. If a CSR part needs to be replaced, it will be shipped directly to you so that you can install it at nience. Some parts do not qualify for CSR. Your Hewlett Packard Enterprise authorized service provider will determine whether a repair can be accomplished by CSR.

For more information about CSR, contact your local service provider or go to the CSR website:

www.hpe.com/support/selfrepair

Remote support

Remote support is available with supported devices as part of your warranty, Care Pack Service, or contractual support agreement. It provides intelligent event diagnosis, and automatic, secure submission of hardware event notifications to Hewlett Packard Enterprise, which will initiate a fast and accurate resolution based on your product’s service level. Hewlett Packard Enterprise strongly recommends that you register your device for remote support.

your conve-

For more information and device support details, go to the following website:

www.hpe.com/info/insightremotesupport/docs

Support and other resources 95

Page 96

Documentation feedback

Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (

docsfeedback@hpe.com). When submitting your feedback, include the document title, part number, edi-

tion, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.

Page 96 Support and other resources

Page 97

B Warranty information

For important safety, environmental, and regulatory information, see Safety and Compliance Information for Server, Storage, Power, Networking, and Rack Products, available at

www.hpe.com/support/Safety-Compliance-EnterpriseProducts.

Warranty information

HPE ProLiant and x86 Servers and Options (http://www.hpe.com/support/ProLiantServers-Warranties)

HPE Enterprise Servers (http://www.hpe.com/support/EnterpriseServers-Warranties)

HPE Storage Products (http://www.hpe.com/support/Storage-Warranties)

HPE Networking Products (http://www.hpe.com/support/Networking-Warranties)

Warranty information 97