HP (Hewlett-Packard) 3400CL-24G Bedienungsanleitung

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197

Zur Seite of

Richtige Gebrauchsanleitung

Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung HP (Hewlett-Packard) 3400CL-24G an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von HP (Hewlett-Packard) 3400CL-24G, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.

Was ist eine Gebrauchsanleitung?

Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung HP (Hewlett-Packard) 3400CL-24G die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.

Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung HP (Hewlett-Packard) 3400CL-24G. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.

Was sollte also eine ideale Gebrauchsanleitung beinhalten?

Die Gebrauchsanleitung HP (Hewlett-Packard) 3400CL-24G sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts HP (Hewlett-Packard) 3400CL-24G
- Den Namen des Produzenten und das Produktionsjahr des Geräts HP (Hewlett-Packard) 3400CL-24G
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts HP (Hewlett-Packard) 3400CL-24G
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen

Warum lesen wir keine Gebrauchsanleitungen?

Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von HP (Hewlett-Packard) 3400CL-24G zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von HP (Hewlett-Packard) 3400CL-24G und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service HP (Hewlett-Packard) finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von HP (Hewlett-Packard) 3400CL-24G zu überspringen, wie es bei der Papierform passiert.

Warum sollte man Gebrauchsanleitungen lesen?

In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts HP (Hewlett-Packard) 3400CL-24G, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.

Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von HP (Hewlett-Packard) 3400CL-24G widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.

Inhaltsverzeichnis der Gebrauchsanleitungen

  • Seite 1

    i Release Notes: V ersion M.10.72 Software for the HP ProCurve Series 3400cl Switches "M” software versions are su p ported on these switches: Release M.10.41 supports the ProCurve Switch 3400cl-24G (J4905A), and 3400c l-48G (J4906A). These release notes include in formation o n the follow ing: ■ Downloading swit ch software an d do cument[...]

  • Seite 2

    © Copyright 2004 - 2009 Hewlett-Packard Development Company , LP . The information contained herein is subjec t to change without notice. Publication Number 5991-4764 May , 2009 Applicable Product ProCurve Switch 3 400cl-24G (J4905A) ProCurve Switch 3 400cl-48G (J4906A) T rademar k Credits Microsoft®, W indows®, and W indows NT® are US register[...]

  • Seite 3

    iii Contents Software Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Download Switc h Documentation an d Software from the Web . . . . . . . [...]

  • Seite 4

    iv Connection-Rate Filtering Based On Vi rus-Thrott ling Technology . . . . . . . . . . . . . . . . . . . . . . . 19 Identity-Driven Management (IDM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 9 Clarifications and Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Seite 5

    v QoS Pass-Through Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Release M.08.94 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 DHCP Option 82: Usi ng the Manageme nt VLAN IP Addr ess for the[...]

  • Seite 6

    vi Release M.10.26 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Release M.10.27 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Release M.10.28 Enhancements . . . . . . . . . . . . . . . [...]

  • Seite 7

    vii Release M.10.65 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 MSTP VLAN Configuration Enhan cement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 Release M.10.66 Enhancements . . . . . . . . . . . . . . .[...]

  • Seite 8

    viii Release M.08.76 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Release M.08.77 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Release M.08.78 . . . . . . . . .[...]

  • Seite 9

    ix Release M.10.10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 Release M.10.11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 Release M.10.12 . . . . . . . . . .[...]

  • Seite 10

    x Release M.10.42 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Release M.10.43 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Release M.10.44 . . . . . . . . . . [...]

  • Seite 11

    1 Software Management Software Updates Software Management Software Updates Check the ProCurve Networking W eb site frequent ly for free software updates for the various ProCurve switches you may have in your netw ork. Download Switch Documentatio n and Software from the W e b Y ou can download software updates and the co rresponding p roduct docum[...]

  • Seite 12

    2 Software Management Downloading Software to the Switch Note Downloading ne w software does not chang e the cu rrent switch config uratio n. The switch configu- ration is contained in a separate file that can also be transferred, for example, for archive purposes or to be used in another swit ch of the same model. This section describes h ow to us[...]

  • Seite 13

    3 Software Management Downloading Software to the Switch TFTP Download from a Server Syntax: copy tftp flash < ip-address > < remote-os-file > [ < primary | secondary > ] Note that if you do not specify the flash destination , the TFTP download defaults to the primary flash. For example, to download a software file named M_08_8x.s[...]

  • Seite 14

    4 Software Management Downloading Software to the Switch ■ The terminal emulator you are using includes the Xmod em binary transfer feature . (For example, in the HyperT ermina l appli cation includ ed with Wi ndows NT , you would use the Send File opti on in the T ransfer dropdown men u.) Using Xmodem and a termin al emulator , you can down load[...]

  • Seite 15

    5 Software Management Saving Configurations While Using the CLI Saving Configurations While Using the CLI The switch operates with two configuratio n files: ■ Running-Config File: Exists in volatile memory and controls switch op eration. Rebooting the switch erases the current r unning-config file and replaces it with an exact copy of the current[...]

  • Seite 16

    6 Software Management Install Recommendations for I.08.12 Boot ROM Update Install Recommendations fo r I.08.12 Boot ROM Update When instal ling the M.10.17 soft ware to load the I.08. 12 ROM version , ProCurve r ecommends that you use the “fastboot” feature and the “reload” co mmand after updating to M.10.17, as shown below . ProCurve3400cl[...]

  • Seite 17

    7 Software Management ProCurve Switch, Routing Swit ch, and Router Software Keys ProCurve Switch, Routing Swit ch, and Router Software Keys Software Letter ProCurve Networking Products C 1600M, 2400M, 2424M, 40 00M, and 8000M CY Switch 8100fl Series (8108fl and 8116fl ) E Switch 5300xl Seri es (5304xl, 5308xl, 5348xl, and 5372xl) F Switch 2500 Seri[...]

  • Seite 18

    8 Software Management ProCurve Switch, Routing Switch, and Router Software Keys numeric Switch 9408sl, Switch 9300 Seri es (9304M, 9308M, and 9315M), Switch 6208M- SX and Switch 6308M-SX (Uses software version number only; no al phabetic prefix. For example 07.6.04.) Software Letter ProCurve Networking Products[...]

  • Seite 19

    9 Software Management Minimum Software Versions for Series 3400cl Switch Features Minimum Softw are V ers ions for Series 340 0cl Switch Features For Software Features. T o view a tabular list ing of major switc h software featur es and the minimum software version each feat ure requires: 1. Visit the ProCurve Networking W eb site at w ww .procurve[...]

  • Seite 20

    10 Enforcing Switch Security Switch Management Access Security Enforcing Switch Security ProCurve switches are designed as “plug and play” devices, allowing quick and easy installat ion in your network. How ever , w hen preparing the swit ch for network operatio n, ProCurve strongly recommends that you enforce a securi ty policy to help ensure [...]

  • Seite 21

    11 Enforcing Switch Security Switch Management Access Security It is important to evaluate the le vel of manageme nt access vulnerabil ity existing i n your network and take steps to ensure that all reasonable security precautions are in place. This includes both configurable sec urity options and ph ys ical access to the switch hardware. Local Man[...]

  • Seite 22

    12 Enforcing Switch Security Switch Management Access Security SNMP Access (Simple Network Management Protocol) In the default configuration, the switch is open to access by management station s running SN MP management applications capabl e of viewing and changing the settings and status data i n the switch’ s MIB (Managemen t Information Base).[...]

  • Seite 23

    13 Enforcing Switch Security Switch Management Access Security Caution: Downloading an d booting from the M.08.89 or grea ter software versi on for the first time enables SNMP access to the authenticat ion configurat ion MIB (the default action). If SNMPv3 and other security safeguards are not in pl ace, the swi tch’ s a uthentication configurati[...]

  • Seite 24

    14 Enforcing Switch Security Switch Management Access Security For the commands to implement th e above actions, refer to “Front-Panel Secu rity” in the chapter titled “Configu ring Username s and Passw ords” in the Access Security Guide for your switch. Other Provisions for Management Access Security Authorized IP Managers. This feature us[...]

  • Seite 25

    15 Enforcing Switch Security Network Access Security Network Access Security This section outlin es provisions for protecting access through the switch to the network. For more detailed information on these featur es, refer to the indicated manuals. Access Control Lists (ACLs) ACLs enable the switch to pe rmit or deny the foll owing: ■ any inboun[...]

  • Seite 26

    16 Enforcing Switch Security Network Access Security Secure Shell (SSH) SSH provides T eln et-like function s through encry pted, authenti cated transactions of the following types: ■ client public- key authentication: uses one or more publi c keys (from cli ents) that must be stored on the switch. Only a client with a private key that matches a [...]

  • Seite 27

    17 Enforcing Switch Security Network Access Security ■ source-port filters: Inbound traffic from a designated, physical source-port will be forwarded or dropped on a per -port (destination) basis. ■ multicast filters: Inb ound traffic havin g a specified mult icast MAC address will be forwarded to outbound ports o r dropped on a p er -port (des[...]

  • Seite 28

    18 Enforcing Switch Security Network Access Security Refer to the chap ter titled “Co n figuring Port-Based and Clie nt -Ba sed Access Control” in the Access Security Guide for your switch model. Port Security , MAC Lockdown, MAC Lockout, and IP Lockdown These featur es provide devi ce-based a ccess security in the following ways: ■ port secu[...]

  • Seite 29

    19 Enforcing Switch Security Network Access Security keys.) KMS provides specific instances of ro uting protocols wit h one or more Send or Accept keys that must be active at the time of a reque st. Refer to the chapter titled “Key Management Sy stem” in the Access Security Guide for your switch model. Connection-Rate Filtering Based On V irus-[...]

  • Seite 30

    20 Clarifications and Updates Operating Notes for Jumbo Traffic-Handling Clarifications and Updates Operating Notes for Jumbo T raffic-Handling In the Management and Configuration Guide, (Oct., 2005 ve rsion) on pa ge 14-3 3 ( page 347 of the .pdf file) where it states: When a port is not a member of any jumbo-enable d VLAN, it drops all jumb o tra[...]

  • Seite 31

    21 Clarifications and Updates IGMP Command Update IGMP Command Update The following inf ormation upd ates and clarifies info rmation in Chapter 4, “M ultime dia T raffic Control with IP Multicast (IGMP)” in th e Advanced T raffic Management Guide —part number 5990-6051, September 2004 edition. Please refer to thi s chapter for a de tailed exp[...]

  • Seite 32

    22 Clarifications and Updates General Switch Traffic Security Guideline Setting Fast-Leave and Forced Fast-Leave from the CLI. In earlier switch mod els, includ ing the 5300xl switches, fast-leave and fo rced fast-leave options for a port were configured with a le ngthy setmib command. The fo llowing com mands now a llow a port t o be configured fo[...]

  • Seite 33

    23 Clarifications and Updates The Management VLAN IP Address 4. Port security 5. Authorized IP Managers 6. Application features at higher l evels in the OSI model, such as SSH. (The above l ist does not add ress the mutual ly exclusiv e relationship that exists among some securi ty features.) The Management VLAN IP Address The optional Management V[...]

  • Seite 34

    24 Known Issues Rate-Limiting Known Issues Release M.10.17 The followin g is a known issue related to installa tion of Release M.10.17 software, which includes a required update to ROM version I.08.12. When there is an active 10-GbE link in port 26 of the ProCurve 3400cl-24G swit ch, or port 50 of the ProCurve 3400cl-48G sw itch, there may be a pro[...]

  • Seite 35

    25 Enhancements Release M.08.69 Enhancements Enhancements Enhancments are listed in chrono logical order , oldest to newest software release. T o review the l ist of enhancements i ncluded since th e last general rele ase that was published, b egin with “Release M.10.21 Enhancements” on page 95 . Release M.08.69 Enhancements Release M.08.69 inc[...]

  • Seite 36

    26 Enhancements Release M.08.78 Enhancements Release M.08.78 Enhancements Using Fastboot T o Reduce Boot T ime The fastboot command allows a boot sequ ence that skip s the internal p ower -on self-tests, resulting in a faster boot ti me. For example: Release M.08.79 Enhancements CLI Port Rate Display Beginning with release M.08 .79 th e CLI “show[...]

  • Seite 37

    27 Enhancements Release M.08.80 thr ough M.08.83 Enhancements The following sho ws a sample ou tput from this new command. Figure 2. Example rate display ou tput for ports Operating Notes ■ For each port on the switch, the command provides a real-time display of the rate at which data is received (Rx) and transmit ted (Tx) in terms of kilobit s p[...]

  • Seite 38

    28 Enhancements Release M.08.84 Enhancements Release M.08.84 Enhancements Release M.08.84 includes th e following enhancement: Added the show tech transceivers comma nd to allow removable transceive r serial numbers to be read without removal of the tr ansceivers from the switch. : Release M.08.85 throug h M.08.88 Enhancements Software fixes only; [...]

  • Seite 39

    29 Enhancements Release M.08.89 Enhancements IP address of 10.10.100.27 is assigned a host name of accounts015 and another IP address of 10.10.100.33 is assigned a host name of sales021 , then the switch configured wit h the domain suffix evergreen.trees.org and a DNS serve r that resolves addresses in that domain can use the host names to reach th[...]

  • Seite 40

    30 Enhancements Release M.08.89 Enhancements ■ The host’ s domain must be reachable f rom the swit ch. This requires that the DNS server for the switch must be able to co mmunicate with the DNS server(s) in the path to the domain in which the targ et host operat es. ■ The fully qualified domain name must be used, and the domain suffix must co[...]

  • Seite 41

    31 Enhancements Release M.08.89 Enhancements Configuring a DNS Entry The switch allows one DN S server entry , which in cludes the DNS server IP address and the chosen domain name suffix. Config urin g the entry enables the use of ping and tracerou te with a target’ s host name instead of the target’ s IP address. Example Using DNS Names with P[...]

  • Seite 42

    32 Enhancements Release M.08.89 Enhancements Figure 5. Example Netw ork Domain Configuring switch “A” with the dom ain name and the IP address of a DNS server for th e domain enables the switch to use host names assigned to IP addresses in th e domain to perform ping and traceroute actions on the devices in the domain. T o summarize: W ith the [...]

  • Seite 43

    33 Enhancements Release M.08.89 Enhancements Figure 7. Example of Pi ng and T raceroute Ex ecution for the Netw ork in Figure 5 on Pa ge 32 As mentioned un der “Basic Operat ion” on page 29 , if the DNS entry config ured in the switch i ncludes only the DNS server’ s IP address, you must use th e ta rget host’ s fully qualified domai n name[...]

  • Seite 44

    34 Enhancements Release M.08.89 Enhancements Figure 9. Example of Viewing the Current DNS Co nfiguration Operating Notes ■ The DNS server must be accessible to the switch , but it is not nece ssary for any intermediate devices between the switch and t h e D N S s e r ve r t o b e c o nf i g u r ed to support DNS operation. ■ A DNS configuratio [...]

  • Seite 45

    35 Enhancements Release M.08.89 Enhancements Event Log Messages Using SNMP T o View and Configure Switch Authentication Features In earlier software releases, SNMP MIB object a ccess has not been available for switch au thenti cation configuration (hpS witchAuth) features. Beginning with software release M.08.89, the 3400cl and 6400cl switches allo[...]

  • Seite 46

    36 Enhancements Release M.08.89 Enhancements Security Notes Passwords and keys confi gured in the hp Switch Auth MI B are not returned via SNMP , and th e response to SNMP queries for such information is a null string. Ho wever , SNMP sets can be used to configure passwo rd an d key MIB objects. T o help prevent unauthorized access to the switch ?[...]

  • Seite 47

    37 Enhancements Release M.08.89 Enhancements For example, to disable SNMP access to the switch’ s authentication MIB and then display the result in the Excluded MIB field, you woul d execu te the fo ll owing two comm ands. Figure 10. Disabling SNMP Access to the Aut hentication MIB and Displayi ng the Result An alternate method of determining the[...]

  • Seite 48

    38 Enhancements Releases M.08.90 and M.08.91 Enhancements Figure 11. Using the show ru n Command to View the Current Authenticatio n MIB Access State Releases M.08.90 and M.08.91 Enhancements ■ The MSTP enhancement implementing the CLI command for sp anning-tree legacy-path-cost was included in releaseM.08.90 ■ The MSTP enhancement implementing[...]

  • Seite 49

    39 Enhancements Releases M.08.90 and M.08.91 Enhancements The “legacy-path-cost” CLI comman d does not affe ct or replace functionality of the “spanning- tree force-version” command. The “spanning-tr ee force-version” controls whether MSTP will send and process 802.1w RSTP , or 802.1D STP BP D Us. Regardless of wh at the “legacy-path-[...]

  • Seite 50

    40 Enhancements Releases M.08.90 and M.08.91 Enhancements Note Changing the QoS Pass-Thr ough Mode can be done without rebootin g the switch. Howe ver , the switch ports are toggled down and back up, allowing the Qo S queues to be reconfig ured. This may affect routing and sp anning tree operation. Pro Curve Ne tworking recomme nds that QoS queues [...]

  • Seite 51

    41 Enhancements Releases M.08.90 and M.08.91 Enhancements QoS Pass-Through Mode SNMP MIB Object. A read-write MIB object, 1.3.6.1.4.1.11.2.14.11.5.1. 7.1.24.1, has been added to the ProCurve switch MI B. The QoS Pass-Through Mode can be changed using either an SNMP network management appl ication or the CLI setmib command. The following example cha[...]

  • Seite 52

    42 Enhancements Release M.08.94 Enhancements The current QoS Pass-Thro ugh Mode also is displ ayed in the show running -config command output. Operating Notes ■ T o use the same QoS queue structure used in pre-M.08.78 software , se t the QoS Pass-Through Mode to balanced . ■ The optimized mode matches the QoS Pass-through mode on the ProCurve S[...]

  • Seite 53

    43 Enhancements Release M.08.94 Enhancements Example In the routin g switch shown belo w , option 82 has been configu red with mgmt-vlan for t he Remote ID. ProCurve(config)# dhcp-relay option 82 append mgmt-vlan The resulting effect on DHCP operation for clients X, Y , and Z is shown in Ta b l e 3 . Figure 12. DHCP Option 82 When Using the Managem[...]

  • Seite 54

    44 Enhancements Release M.08.94 Enhancements T able 3. DHCP Operation for th e T opology in Figure 12 Operating Notes ■ Routing is not allowed between the Manage ment VLAN and other V LANs. Thus, a DHCP server must be available in the Management VL AN if there are clie nts in the Manageme nt VLAN that require a DHCP server . ■ If the Management[...]

  • Seite 55

    45 Enhancements Releases M.08.95 th rough M.10.01 Enhancements Releases M.08.95 throug h M.10.01 Enhancements Software fixes only; no new enhancements. Release M.08.96 Enhancements ■ Enabled use of login "Messa ge of the Day" (MOT D) banner . For details on using this f eature, refer to “Custom Login Banne rs for the Cons ole and W eb[...]

  • Seite 56

    46 Enhancements Release M.10.02 Enhancements ■ An ACL must be configured on the RADIUS ser ver (instead of the sw itch) by creating and assigning one or more Access Control Entrie s to the username/password pair or MAC address of the client f or which you want ACL support. ■ Where 802.1X is used for client a uthentication, then either the clie [...]

  • Seite 57

    47 Enhancements Release M.10.02 Enhancements T able 4. Contrasting Dynamic a nd Static ACLs RADIUS-Based (Dynamic) ACLs Port-Based (Static) ACLs Operates on the 3400cl switches. Operates on both the 3400cl and 6400c l switches. Configured in client a ccounts on a RADIUS server . Configured in the switch itself. Designed for use on the ed ge of the [...]

  • Seite 58

    48 Enhancements Release M.10.02 Enhancements T erminology ACE: See Access Control Entry , b elow . Access Control Entry (ACE): An ACE is a policy consisting of a packet-handling actio n and criteria to define the packets on which to apply th e action. For RADIUS-base d ACLs, the elements composing the ACE include: • permit or drop (action) •i n[...]

  • Seite 59

    49 Enhancements Release M.10.02 Enhancements packet (from the authenticated c lient) that is no t explicitly permit ted or denied by ot her ACEs configured seq uentially earlier in the ACL. Unless otherwise no ted, “implicit deny IP any” refers to the “deny” act ion enforced by both standard and ex tended ACLs. Inbound T raffic: For th e pu[...]

  • Seite 60

    50 Enhancements Release M.10.02 Enhancements the client MAC ad dress is the select ion criteria, o n ly the client having that MAC address can use the correspondin g ACL. Wh en a RADIU S server authen ticates a client, it also assig ns the ACL configured with that client’ s cr edentials to the port. The ACL then filters the client’ s i nbound I[...]

  • Seite 61

    51 Enhancements Release M.10.02 Enhancements Example. Suppose the ACL in Figure 3 is assigned to filt er the traffic from an authenticated client on a given port in the switch: Figure 3. Example of Seque ntial Comparison As shown above, the ACL tries to apply the first ACE in the list. If there is not a match, it tries the second ACE, and so on. Wh[...]

  • Seite 62

    52 Enhancements Release M.10.02 Enhancements Figure 4. The Packet-Filteri ng Process in an ACL with N Entr ies (ACEs) Note The order in which an ACE oc curs in an ACL is significant. For ex ample, if an ACL contains six ACEs, but the first ACE is a “permit IP any”, then the ACL pe rmits all IP traffic from the authenticated client, and the rema[...]

  • Seite 63

    53 Enhancements Release M.10.02 Enhancements For example, suppose you want to configure a RAD IUS-based ACL to invoke these policies in the 11.11.11.0 network: 1. Permit inbound client traf fic with a DA of 11.11.11.42. 2. Permit inbound T elnet traffic for DA 11.11.11.101. 3. Deny inbound T elnet traffic for all o the r IP addresses in the 11.11.1[...]

  • Seite 64

    54 Enhancements Release M.10.02 Enhancements General Steps These steps suggest a process for using ACLs to estab lish client access policies. The topi cs following this section provide details. 1. Determine the polices you want to e nforce for client traffic inbound o n the switch. 2. Plan ACLs to execute traffic policies: • Apply ACLs on a per -[...]

  • Seite 65

    55 Enhancements Release M.10.02 Enhancements ■ Is it important to keep track of the number of matches for a particular client or ACE? If so, you can use the op tional cnt (counter) feature in ACEs wh ere you want to know this information. This is especially useful if you want to verify that the sw itch is denying unwanted cli ent packets. (N ote [...]

  • Seite 66

    56 Enhancements Release M.10.02 Enhancements ■ Explicitly Denying Any IP T raffic: Enter ing a deny in ip from any to any ACE in an ACL denies all IP traffi c not previously pe rmitted or denied by that ACL. Any ACEs listed after that point have no effect. ■ Implicitly Denyi ng Any IP T raffic: For any packet be ing filtered by an ACL, there wi[...]

  • Seite 67

    57 Enhancements Release M.10.02 Enhancements Limits for RADIUS-Bas ed ACLs, Associated ACEs, and Counters T a ble 5 describes limi ts the switch supports in ACLs applied by a RADIUS server . Exceeding a li mit causes the related client authentication to fail. T able 5. Limits Affecting RADI US-Based ACL Applications Item Limit Notes Maximum Number [...]

  • Seite 68

    58 Enhancements Release M.10.02 Enhancements Configuring an ACL in a RADIUS Server This section provides general gu idelines for conf iguring a RADIUS server to specify RADIUS-based ACLs. Also include d is an example con figuration for a FreeRADIUS server application. However , to configure support for these services on a specific RADIUS server app[...]

  • Seite 69

    59 Enhancements Release M.10.02 Enhancements Figure 6. Example of Configuring the VSA for RADIUS-Based ACLs in a FreeRADIUS Server 2. Enter the switch IP address, NAS (Network Attached Server) type, and the key in the FreeRA- DIUS clients.con f file. For example, if the switch IP ad dress is 10.10.10.125 and the key is “1234”, you would enter t[...]

  • Seite 70

    60 Enhancements Release M.10.02 Enhancements Figure 8. Example of Configuring the FreeRADI US Server T o Support ACLs for the Indicated Clients Format Details for ACEs Configured in a RADIUS-Based ACL. Any instance of a RADIUS-Based ACL is structured to filter authenticated client tra ffic as follows: ■ Applies only to inbou nd client tr affic on[...]

  • Seite 71

    61 Enhancements Release M.10.02 Enhancements The following syntax and operating information refers to ACLs configured in a RAD IUS server . ACE Syntax: < permit | deny > in < ip | ip-protocol-value > from any to < ip-addr > [/< mask > ] | any > [ tcp/udp-ports ] [cnt ] < permit | deny >: Specifies whether to forward[...]

  • Seite 72

    62 Enhancements Release M.10.02 Enhancements Configuring the Switch T o Support RADIUS-Based ACLs An ACL configured in a RADIUS server is identified by th e authenti cation credentials of the client or group of client s the ACL is designed to suppo rt . When a client authenti cates with credentials associated with a particular ACL, the switch appli[...]

  • Seite 73

    63 Enhancements Release M.10.02 Enhancements 3. Configure an authentication method. Opt ions include 802.1X, W eb authentication, and MAC authentication. (Y ou can configure 802.1X and ei ther W eb or MAC authentication to operate simultaneously on the same ports.) 802.1X Option : Syntax: aaa port-access auth enticator < port-list > aaa authe[...]

  • Seite 74

    64 Enhancements Release M.10.02 Enhancements Displaying the Current RADIUS-Based ACL Activity on the Switch These commands ou tput data indi cati ng the current ACL activity imposed pe r - port by RADIUS server responses to client auth entication. For example, the following output shows that a RADIUS server has assigned an ACL to port 10 to filter [...]

  • Seite 75

    65 Enhancements Release M.10.02 Enhancements Syntax: show port-a ccess authen ticato r < port-list > For ports,in < port-list > that are configured for authenti cation, this command indicates whether there are any RADIUS-assigned features active on the port(s). (Any ports in < port-list > that are not configured for authentica tio[...]

  • Seite 76

    66 Enhancements Release M.10.02 Enhancements Figure 10. Example of Output Show ing Current RADIUS-Applied Featu res Event Log Messages Message Meaning ACE parsing error, permit/deny keyword < ace-# > client < mac-address > port < port-# > . Notifies of a problem with the permit / deny keyword in the indicated ACE included in the a[...]

  • Seite 77

    67 Enhancements Release M.10.02 Enhancements Causes of Client Deauthenticati on Immediately After Authenticating ■ ACE formatted incorrectly in the RADIUS server • “from”, “any”, or “to” keyword missin g • An IP protocol number in the ACE exceeds 255. • An optional UDP or TCP po rt number is invalid. ■ A RADIUS-Based ACL limit[...]

  • Seite 78

    68 Enhancements Release M.10.02 Enhancements • An ACE in the ACL for a given authen ticated client exceeds 8 0 characters. • An ACL assigned to an authenticat ed client causes the number of optional counters needed on the ACL t o exceed the per -ACL maximum (32). SFlow Show Commands In earlier software re l eases, the only method fo r checking [...]

  • Seite 79

    69 Enhancements Release M.10.02 Enhancements Figure 13. Viewing sFlow Agent Information The show sflow destination command includes information about the management-station ’ s destina- tion address, receiver port, and owner . Figure 14. Example of Viewing sFlow Destination In formation Note the followin g details: ■ Destination Ad dress remain[...]

  • Seite 80

    70 Enhancements Release M.10.04 Enhancements Figure 15. Example of Viewing sFlow Sampling and Poll ing Information The show sflow all command combin es the outputs of the preceding three show commands including sFlow status information for all the ports on the switch. Release M.10.04 Enhancements Release M.10.04 includes the following enhancements:[...]

  • Seite 81

    71 Enhancements Release M.10.04 Enhancements Operating Notes ■ T o generate alerts for monitored events, you mu st enable the instrumentation monitoring log and/or SNMP trap . The threshold for each m onitored pa rameter is configurable and can be adjusted to minimize false alarms (see “Configuring Instru mentation Monito r” on page 73 ). ■[...]

  • Seite 82

    72 Enhancements Release M.10.04 Enhancements ■ Alerts are automatical ly rate limited to preven t filling t he log file wi th redundant information . The following is an example of alerts that o ccur when the device is continually subject to the same attack (too many MAC addresses in this instance): Figure 17. Example of the rate limiting that oc[...]

  • Seite 83

    73 Enhancements Release M.10.04 Enhancements Configuring Instrumentation Monitor The following commands and parameters are used to configure the op erational t hresholds that are monitored on the switch. By default, the instru mentation monitor is disabled. T o enable instrumentation monito r using the defau lt parameters and thresholds, enter the [...]

  • Seite 84

    74 Enhancements Release M.10.04 Enhancements Examples T o turn on monit oring and event log messaging with the default medium values: ProCurve(config)# instrumentation monitor T o turn off monit oring of the system delay para meter: ProCurve(config)# no instrumentation monitor system-delay T o adjust the alert threshold for th e MAC address count t[...]

  • Seite 85

    75 Enhancements Release M.10.04 Enhancements Figure 18. Viewing the Instrumentati on Monitor Configuration TCP/UDP Port Closure In earlier software re leases, cer tain UDP ports were always open . Beginni ng with software rele ase M.10.04, all TCP/UDP ports on the 3400cl switches will re main closed until the associa ted services are enabled on the[...]

  • Seite 86

    76 Enhancements Release M.10.04 Enhancements Enabling/Disabling TFTP The TFTP server and client can be en ab led and/or disabl ed independently . Enabling/Disabling SNMP T o enable/disable SNMP , use the follow ing commands. Notes ■ The SNMP port (16 1) will be open ed if either SN MP v1/2 or SN MP v3 are enable d, or remain closed if both are di[...]

  • Seite 87

    77 Enhancements Release M.10.04 Enhancements Note The router rip command exists in previous software versi ons. In this im plemen tation, however , RIP must be enabled in order to open the port on the switch. Enabling/Disabling Stacking T o enable/disable stacking, use the following command. Note The stack command exists in previous software versi [...]

  • Seite 88

    78 Enhancements Release M.10.04 Enhancements The following sho ws RSTP sample outp ut from the enhanced command. Figure 19. Example of Sh ow Spanning-T ree Detai l Operating Notes ■ TC refers to a T opology Ch ange detect ed on the given port. Note the following details: • TC Detected counter shows when a port identifies a topology change (incr[...]

  • Seite 89

    79 Enhancements Release M.10.05 Enhancements • TC Flag Received counter shows the number of TC notifi cations (RSTP or MSTP styl e BPDU with the TC flag set) received on the port. • TC ACK Flag T ransmitted is an 802.1D mode counter . It will only increment when the port is operating in 802.1D mode and an 802. 1D style PDU is sent out of the po[...]

  • Seite 90

    80 Enhancements Release M.10.07 Enhancements Release M.10.07 Enhancements Release M.10.07 includes the following enhancement: ■ Added support fo r PIM Dense Mode. For details, refer to Chapter 5, “PIM-DM (Dense Mode) on the 530 0xl Swit ches” in th e Advanced T raffic Management Guide for the ProCurve Series 6400cl/5300 xl/4200vl/34 00cl Swit[...]

  • Seite 91

    81 Enhancements Release M.10.09 Enhancements Figure 20. UDLD Example Similarly , UDLD is effective for moni toring fiber opt ic links that use t wo uni-direction f ibers to transmit and receive p ackets. W ithout UDLD, if a fiber breaks in on e direction, a f iber port may assume the link is still good (because the other di rect ion is operat ing n[...]

  • Seite 92

    82 Enhancements Release M.10.09 Enhancements Configuration Considerations ■ UDLD is configure d on a pe r -po rt basis and must be ena bled at both ends of the link. See the note below for a list of Pro Cur ve switches that support UDLD. ■ T o configure UDLD on a trunk group, you must configure t he feature on each port of t he group individ ua[...]

  • Seite 93

    83 Enhancements Release M.10.09 Enhancements Enabling UDLD. UDLD is enabled on a per port basis. Fo r example, to enable UDLD on port a1, enter: T o enable the fe ature on a tru nk group, ente r the appropriate port rang e. For exam ple: Note When at least one port is UDLD-enabled, the swit ch will forward out UDLD packets that arrive on non-UDLD-c[...]

  • Seite 94

    84 Enhancements Release M.10.09 Enhancements Notes ■ Y ou must configure the same VL ANs that will be used for UDLD on all devices across the network; otherwi se, the UDLD li nk cannot be mai ntained. ■ If a VLAN ID is not specifi ed, then UDLD cont rol packets are sent out of the port as unta gged packets. ■ T o re-assign a VL AN ID, re-ente[...]

  • Seite 95

    85 Enhancements Release M.10.09 Enhancements Displaying Summary UDLD Information. T o display summar y information on all UDLD-e nabled ports, enter the show link-keepali ve command. Fo r example: Figure 21. Example of UDLD In formation displayed using Sh ow Link-Keepalive Com mand Port 5 has been disabled by the System Administr ator . ProCurve(co[...]

  • Seite 96

    86 Enhancements Release M.10.09 Enhancements Displaying Detailed UDLDP Status Information. T o display detailed UDLD inform ation for specific ports, enter ente r the show link-keepalive sta tistics command. For example: Figure 22. Example of Deta iled UDLD Information displayed u sing Show Link-Keepal ive Statistics Command Clearing UDLD Statistic[...]

  • Seite 97

    87 Enhancements Release M.10.09 Enhancements Configuration W arnings and Event Log Messages W arning Messages. The fo llowing table shows the warn ing me ssages that may be issued and their possible causes, when UDLD is configured for tagged ports. T able 6. Warning Messages caused by configuring UDLD fo r T agged Ports Event Log Messag es. The fol[...]

  • Seite 98

    88 Enhancements Release M.10.10 Enhancements Release M.10.10 Enhancements Release M.10.10 includes the following enhancement: Spanning T ree Per -Port BPDU Filtering The STP BPDU filter feat ure allows control of span ning-tree participat ion on a per -port basis. It can be used to exclu de specific ports from becoming part of spanning tree oper at[...]

  • Seite 99

    89 Enhancements Release M.10.10 Enhancements Caution Ports configured with the BPDU filter mode remai n active (learning a nd forward frames); however , spanning-tree cannot receive or tr ansmit BPDUs on th e port. The port remains in a forwarding state, permitting all broadc ast traffic. This ca n create a network storm if there are any loops (tha[...]

  • Seite 100

    90 Enhancements Release M.10.10 Enhancements The show spanning-tree command has also been extended to display BP DU filtered ports. Figure 24. Example of BPDU Filtere d Ports Field in Show Spannin g T ree Command Viewing Configuration of BPDU Filtering The BPDU filter mode adds an en try to the spanning tree category within the config uration file.[...]

  • Seite 101

    91 Enhancements Releases M.10.11 th rough M.10.12 Enhancements Releases M.10.11 throug h M.10.12 Enhancements Software fixes only , no new enhancements. Release M.10.13 Enhancements Release M.10.13 includes the following enhancement: ■ Enhancement (PR_1000354065) - Added DHCP prot ection feature. No additional documen- tation is available at thi [...]

  • Seite 102

    92 Enhancements Release M.10.17 Enhancements Figure 27. Example of BPDU Protecti on Enabled at the Netw ork Edge T erminology BPDU — Acronym f or bridge prot ocol data u nit. BP DUs are data messages that are exchanged between the switches within an extended LAN that use a spanning tree protocol topology . BPDU packets contain inform ation on por[...]

  • Seite 103

    93 Enhancements Release M.10.17 Enhancements STP — Spanning T ree Protocol, part of the original IEEE 802.1D specific ation. The 2004 edition completely deprecate s STP . Both RSTP and MSTP have fallback modes to handle STP . SNMP — Simple Netwo rk Management Protocol , us ed to remotely manage network devices. Note The switches covered in thes[...]

  • Seite 104

    94 Enhancements Release M.10.17 Enhancements Viewing BPDU Protection Status The show spanning-tree command has addition al informati on on BPDU prot ection as shown bel ow . Example of BPDU Protection Addit ions to Show Spanning T ree Command ProCurve# show spanning-tree 1-10 Multiple Spanning Tree (MST) Inf ormation STP Enabled : Yes Force Version[...]

  • Seite 105

    95 Enhancements Release M.10.21 Enhancements Release M.10.21 Enhancements Software fixes only , no new enhancements. Release M.10.22 Enhancements Release M.10.22 includes the following enhancement: ■ Enhancement (PR_100037640 6) — Loop Protection feature a dditions, including packet authentication, loop detected trap, and receiver port configur[...]

  • Seite 106

    96 Enhancements Release M.10.22 Enhancements T o display infor mation about por ts with loop protection, enter this co mmand. Figure 28. Example of Show Loop Protect Display [trap <loop-detec ted>] Allows you to configure l oop protection traps The “loop -detected” trap indicates that a loop was detected on a port. [disable-timer <0-60[...]

  • Seite 107

    97 Enhancements Release M.10.23 Enhancements Release M.10.23 Enhancements Release M.10.23 includes the following enhancement: ■ Enhancement (PR_100037980 4) — Historical in formation abou t MAC addresses that have been moved has b een added to the " show tech " command output. Release M.10.24 Enhancements Release M.10.24 includes the [...]

  • Seite 108

    98 Enhancements Release M.10.27 Enhancements Release M.10.27 Enhancements Release M.10.27 includes the following enhancement: ■ Enhancement (PR_1000374085 ) — This enhancement expands the use of the Controlled Directions parameter to also support MAC/ W eb authentication. Syntax: aaa port-acc ess < port-list > contro lled-directions <b[...]

  • Seite 109

    99 Enhancements Release M.10.27 Enhancements Notes : ■ The aaa port-access controlled-direction in comman d allows Wake-on-LAN traffic to be transmitted on a MAC-a uthenticate d outbound port that has not yet transitioned to the authenticated state; the controlled-direction both setting prevents transmission of outbound W ake-on-LAN traffi c on a[...]

  • Seite 110

    100 Enhancements Release M.10.28 Enhancements Release M.10.28 Enhancements Software fixes only , no new enhancements. Release M.10.29 Enhancements Release M.10.29 includes the following enhancement: ■ Enhancement (PR_10003 76626) — Enhance CLI " qos dscp-map he " help and " show dscp- map " text to warn the user that inbou n[...]

  • Seite 111

    101 Enhancements Release M.10.32 Enhancements ■ The <hash-type> parameter specifies the type of algorithm (if any) used to hash the password. V alid values are pl aintext or sha-1 . ■ The <password> parameter is the clear ASCII text string or SHA-1 hash of the password. Y ou can enter a manager , operator , or 802.1X port- access pa[...]

  • Seite 112

    102 Enhancements Release M.10.33 Enhancements T o schedule a reload in 3 hours: ProCurve# reload after 03:00 T o schedule a reload for the same time the following day: ProCurve# reload after 01:00:0 0 T o schedule a reload for the same day at 12:05: ProCurve# reload at 12:05 T o schedule a reload on some future date: ProCurve# reload at 12:05 01/0 [...]

  • Seite 113

    103 Enhancements Release M.10.33 Enhancements ■ The port is temporarily assigned as a member of an untagged (static or dynamic) VLAN for use during the client session accor ding to the following order of options. a. The port joins the VLAN to which it has been a ssigned by a RADIUS server during client authentication. b. If R ADIUS authenticat io[...]

  • Seite 114

    104 Enhancements Release M.10.33 Enhancements When the authenticatio n session ends, the switch removes the temporary untagged VLAN assignment and re-activates the temporar ily disabled, untagged VLAN assignment. ■ If GVRP is alrea dy enab led on the switch, t he temporary untagged (sta tic or dynami c) VLAN created on the port for the auth entic[...]

  • Seite 115

    105 Enhancements Release M.10.33 Enhancements Figure 8. Example of an Active VLAN Configuration In Figure Figure 8 , if RADIUS authorizes an 802.1X client on port A2 with the requirement that the client use VLAN 22, then: ■ VLAN 22 becomes av ailable as Untagged on port A2 for the duration of the session. ■ VLAN 33 becomes un available to port [...]

  • Seite 116

    106 Enhancements Release M.10.33 Enhancements Figure 10. Active Configurati on for VLAN 33 T e mporarily Drops Port 22 for the 802.1X Session When the 802.1X client session on port A2 en ds, the port removes the temporary unta gged VLAN membership. The static VLAN (VLA N 33) that is “permanently” co nfigured as untagged on the port becomes avai[...]

  • Seite 117

    107 Enhancements Release M.10.33 Enhancements Enabling the Use of GVRP-Learned Dy namic VLANs in Authentication Sessions Syntax: aaa port-acce ss gvrp-vlans Enables the use of dynamic VLA Ns (learned through GVRP) in the temporary untagged VLAN assigned by a RADIUS server on an authenticated port in an 802.1X, MAC, or W eb authentication session. E[...]

  • Seite 118

    108 Enhancements Release M.10.34 Enhancements Release M.10.34 Enhancements Release M.10.34 includes the following enhancement: ■ Enhancement (PR_100041274 7) — T ACACS+ Single Sign -on for Administrators Concurrent T ACAS+ and SFTP It is now possi ble to have SFTP/SCP sessi ons run concurr ently with T ACACS+ authentication. Because the initia [...]

  • Seite 119

    109 Enhancements Release M.10.35 Enhancements Release M.10.35 Enhancements Release M.10.35 includes the following enhancement: ■ Enhancement (PR_100041992 8) — The Dynamic ARP Protection feature was added. Dynamic ARP Protection Introduction On the VLAN interfaces of a rout ing switch, dyna mic ARP protect ion ensures that on ly valid ARP reque[...]

  • Seite 120

    110 Enhancements Release M.10.35 Enhancements • If a bind ing is inv alid, the swit ch drops th e packet, pr eventing ot her netwo rk device s from receiving the invalid IP-to-MAC information. DHCP snooping intercepts and examines DHCP packets received on switch ports before forwarding the packets. DHCP pa ckets are checked against a da tabase of[...]

  • Seite 121

    111 Enhancements Release M.10.35 Enhancements Configuring T rusted Ports In a similar way to DHCP snooping, dynamic ARP p rotection allows yo u to configure VLAN interfaces in two categories: trusted and untrusted ports. ARP packets recei ved on trusted ports are forwarded without valid ation. By default, all ports on a switch are untr usted. If a [...]

  • Seite 122

    112 Enhancements Release M.10.35 Enhancements T o configure one or more Et hernet interfaces t hat handle VLAN traffic as trusted por ts, enter the arp protect trust command at the global config uration level. The switch does not check ARP requests and responses received on a trusted port. An example of the arp protect trust command is shown h ere:[...]

  • Seite 123

    113 Enhancements Release M.10.35 Enhancements An example of the ip source binding command is shown here: ProCurve(config)# ip source binding 0030c1-7f49c0 interface vlan 100 10.10.20.1 interface A4 Note Note that the ip source bi nding comman d is the same command used by the Dynamic IP Lockdown feature to configure static bi nd ings. The Dynamic A[...]

  • Seite 124

    114 Enhancements Release M.10.35 Enhancements V erifying the Configuration of Dynamic ARP Protection T o display the current configu ration of dynamic ARP prot ection, includ ing the additional validation checks and the trusted ports th at are conf igured, ente r the show arp protect command: Figure 13. The show arp p rotect Command Displaying ARP [...]

  • Seite 125

    115 Enhancements Release M.10.36 Enhancements Monitoring Dynamic ARP Protection When dynamic ARP protecti on is enabled, yo u can monitor and troub leshoot the vali dation of ARP packets with the debug arp protect command. Use this command when you want t o debug the following conditi ons: ■ The switch is dr opping valid ARP packets that should b[...]

  • Seite 126

    116 Enhancements Release M.10.37 Enhancements Configuring MSTP Port Connectivity Parameters W ith release K.12.04, all ports are configured as auto-edge-ports by defaul t, and the spanning tree edge-port option has been removed. This section describes selected spanning-tree < port-list > com- mand parame ters for enhanc ed operation. Basic po[...]

  • Seite 127

    117 Enhancements Release M.10.37 Enhancements [root-guard] MSTP only . When a port is enabled as root-guard , it cannot be sel ected as the root port even if it receives superior STP BPDU s. The port is assi gned an “alternate” port role and enters a bloc king state if it receives superior STP BPDUs. The BPDUs received on a root-guard port are [...]

  • Seite 128

    118 Enhancements Release M.10.38 Enhancements Release M.10.38 Enhancements Release M.10.38 includes the following enhancement: ■ Enhancement (PR_100042864 2) — SNMP v2c describes two different notification-type PDUs: traps and info rms. Prior to thi s software release, only the tr aps sub-type was supported. This enhancement adds support for in[...]

  • Seite 129

    119 Enhancements Release M.10.38 Enhancements Send SNMP v2c Informs Enabling and Configuring SNMP Informs Y ou can use the snmp-server informs command (SNMPv2c and SNMPv3 ve rsions) to send notificatio ns when certain events occur . When an SNMP Manager receives an informs request, it can send an SNMP response back to the sending agent. This lets t[...]

  • Seite 130

    120 Enhancements Release M.10.39 Enhancements Y ou can see if informs are enabled or disabled with the show snmp-server command as shown in Figure 11. Figure 11. Example Showin g SNMP Informs Option Enabled Release M.10.39 Enhancements Release M.10.39 includes the following enhancement: Select whether SNMP tr aps or informs ar e sent to this manage[...]

  • Seite 131

    121 Enhancements Release M.10.39 Enhancements ■ Enhancement (PR_100042821 3) — This software enhancement adds the ability to configure a secondary authenti cation method to be used when the RADIUS server is unavailable for the primary port-access method. RADIUS Server Unavailable Overview In certain situations, RADIUS servers can become is olat[...]

  • Seite 132

    122 Enhancements Release M.10.39 Enhancements Y ou can config ure local , chap-radius or eap -radius as the primary passwor d authentication method for the port-access method. Y o u also need to select none or au thorized as a secondary , or backup, method. Y ou can conf igure chap-radius as the primar y password auth entication method fo r web-bas[...]

  • Seite 133

    123 Enhancements Release M.10.39 Enhancements Figure 12. Example of AAA Authent ication Using Authorized for the Sec ondary Authenticatio n Method Specifying the MAC Address Format The MAC address format co mmand has bee n enhanced to al low uppe r -case letters to be used for the hexadecimal numbers when indicating the MAC ad dress in RADIUS packe[...]

  • Seite 134

    124 Enhancements Release M.10.39 Enhancements ■ Enhancement (PR_100041515 5) — The ARP age timer was e nhanced from the previous limit of 240 minut es to allow for configu ration of values up to 1440 minutes (24 hours) or "infinite" (99,999,999 seconds or 3.2 years). ARP Age T imer Increase The ARP age is the amount of ti me the switc[...]

  • Seite 135

    125 Enhancements Release M.10.39 Enhancements Y ou can also view the value of the Ar p Age timer in the configuration file. Figure 15. Example Showin g ip arp-age Value in the Running Config File Y ou can set or display the arp-age value using the menu interface ( Menu > Switch Configuration > IP Config ). Figure 16. Example of the Menu Inter[...]

  • Seite 136

    126 Enhancements Release M.10.40 Enhancements If the ARP cache should b ecome full beca use entries are not clear ed (due to increased time out limits) you can use the clear arp command to remove all non-perm anent entr ies in the ARP cache. T o remove a specific entry in th e ARP cac he, enter this command: Release M.10.40 Enhancements Software fi[...]

  • Seite 137

    127 Enhancements Release M.10.43 Enhancements Protection Agai nst IP Source Addr ess Spoofing Many network attacks occur when an attacker injects pac kets with fo rged IP source addresses into the network. Also, some ne twork service s use the IP source address as a component in their authentication schemes. For exampl e, the BSD “r” protocols [...]

  • Seite 138

    128 Enhancements Release M.10.43 Enhancements Prerequisite: DHCP Snoo ping Dynamic IP lockdo wn requires th at you enable DHCP snooping as a prerequisite for its operation on ports and VLAN traffic : ■ Dynamic IP lockdown only enables traffic for clients whose leased IP addresses are already stored in th e lease dat abase create d by DHCP sn oo p[...]

  • Seite 139

    129 Enhancements Release M.10.43 Enhancements In this ex ample, the f ollowing DHCP leases have been learned by DHCP snooping on port 5. VLANs 2 and 5 are enabled for DHCP snooping. Figure 17. Sample DHCP Snoopi ng Entries The following example shows an IP-to-MAC address and VLAN binding that have be en statically configured in the lease database o[...]

  • Seite 140

    130 Enhancements Release M.10.43 Enhancements Enabling Dynamic IP Lockdown T o enable dynamic IP lockdow n on all ports or specified port s, enter the ip source-lockdown command at the global configuration level. Use th e no form of th e command to di sable dynamic IP lockdown. Operating Notes ■ Dynamic IP lockdown is enabled at the port configur[...]

  • Seite 141

    131 Enhancements Release M.10.43 Enhancements • Remove the trusted-por t configuration. ■ Y ou can config ure dynamic IP lo ckdown only from the CLI; this feature cannot be configured from the W eb ma nagement or menu interface. ■ If you enable dynamic IP lo ckdown on a po rt, you cannot add th e port to a trunk. ■ Dynamic IP lockdown must [...]

  • Seite 142

    132 Enhancements Release M.10.43 Enhancements Adding a Static Binding T o add the static configur ation of an IP-to-MAC binding for a port to the lease database, enter the ip source-binding command at the global configura tion level. Use the no form of the command to remove the IP-to-MAC binding from the database. Note Note that the ip source-bindi[...]

  • Seite 143

    133 Enhancements Release M.10.43 Enhancements An example of the show i p source-lockdown status command output is sho wn in Figure 20. Note that the operational status of all swit ch ports is displayed. This info rmation indicates wheth er or not dynamic IP lock down is support ed on a port. Figure 20. Example of show ip source-lockdown stat us Com[...]

  • Seite 144

    134 Enhancements Release M.10.43 Enhancements Figure 21. Example of show ip source-lockdow n bindings Command Out put In the show ip source-loc kdown bindings command output, the “Not in HW” co lumn specifies wheth er or not (YES or NO) a statically confi gured IP-to- MAC and VLAN binding on a speci fied port has been combined in the lease data[...]

  • Seite 145

    135 Enhancements Release M.10.44 thr ough M.10.64 Enhancements Figure 22. Example of debu g dynamic-ip-lo ckdown Command Outp ut Release M.10.44 throug h M.10.64 Enhancements Software fixes only , no new enhancements. ProCurve(config)# debug dynamic-ip- lockdown DIPLD 01/01/90 00:01:25 : denied ip 192.168.2.100 (0) (PORT 4) -> 192.168.2.1 (0), 1[...]

  • Seite 146

    136 Enhancements Release M.10.65 Enhancements Release M.10.65 Enhancements Release M.10.65 includes the following enhancement: ■ Enhancement (PR_000000131 6) — The MSTP VLAN Assignment is enhanced. MSTP VLAN Configuration Enhancement Caution When this software version is installed, the prior VLAN ID-to-MS TI mappings do no t change. However , t[...]

  • Seite 147

    137 Enhancements Release M.10.65 Enhancements All switches in a region must be configur ed wi th the same VLAN ID-to- MSTI mappings and the same MSTP configurati on identifiers (region name and revision number). ■ Flexibility: By preconfiguring id entical VL AN ID-to-MSTI ma ppings on all switches in an MST region, you can combine switches th at [...]

  • Seite 148

    138 Enhancements Release M.10.65 Enhancements Each MST instance supports a differ ent set of VLANs. A VLAN t hat is mapp ed to an MST instance cannot be a member of another MST instance. The MSTP VLAN Configuration enhancement allows yo u to ensure that the same VLAN ID-to-MSTI assignments exist on each MSTP switch in a region. Be fore a static VLA[...]

  • Seite 149

    139 Enhancements Release M.10.65 Enhancements Figure 23. Example of Mapping VLANs wi th the Range Option where all VLANs a re Included Note If you want all switches to be in the same MST region, they should all have a softwa re version that supports this enhancement installed, or have the same VLANS configured. It is likely that switches with a VLA[...]

  • Seite 150

    140 Enhancements Release M.10.66 Enhancements ■ If you enter the span ning-tree instance vlan command be fore a static or dyna mic VLAN is configured on the switch to preconfigure VL AN ID-to-MSTI mappings, no er ror message is displayed. Later , each newly configured VLAN th at has already been asso ciated with an MSTI is automatically assigned [...]

  • Seite 151

    141 Enhancements Release M.10.66 Enhancements Adding a Description for a Syslog Serve r Y ou can associate a user -friendly description with each of the IP addresses ( IPv4 only) config ured for syslog using the CLI or SN MP . The CLI command is: Figure 29. Example of the Logging Command with a Control Description Caution Entering the no logging co[...]

  • Seite 152

    142 Enhancements Release M.10.66 Enhancements Figure 30. Example of the Logg ing Command with a Priority Description Note A notificat ion is sent to the SNMP age nt if there are any ch anges to the syslo g parameters eithe r through the CLI or with SNMP . Command Differences for the ProCurve Series 2600/2800/3400cl/6400cl Switches CLI Commands. The[...]

  • Seite 153

    143 Enhancements Release M.10.67 Enhancements Release M.10.67 Enhancements Software fixes only , no new enhancements. Release M.10.68 Enhancements Release M.10.68 includes the following enhancement: ■ Enhancement (PR_0000003127 ) — A Link T rap and LACP Glob al enable/dis able feature has been ad ded. LACP and Link T raps Global Disable T wo SN[...]

  • Seite 154

    144 Enhancements Release M.10.69 Enhancements hpSwitchLinkUpDownTrapAllPortsStatus OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } ACCESS read-write STATUS current DESCRIPTION “Used to either enable/disable the Link Up/Link Down traps for all the ports.” ::= { hpSwitchPortConfig 3 } Release M.10.69 Enhancements Release M.10.69 includes t[...]

  • Seite 155

    145 Software Fixes in Release M.08.51 - M.10.72 Release M.08.52 Software Fixes in Release M.08.51 - M.10.72 Software fixes are listed in chronological ord er , olde st to newest. T o review th e list of fixe s included since the last general release that was published, go to “Release M.10.21” on page 165 . Unless otherw ise noted, each new re l[...]

  • Seite 156

    146 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.08.61 2. In show CDP the Yes is changed to Yes,(Receive Only) . ■ CLI (PR_1000192677) — Show access-list ports <tab> does not list the all keyword. The command only shows [PORT-LIST] as input for the command. ■ Console/TELNET (PR_100019564 7) — When a conso le or TELNET sessi [...]

  • Seite 157

    147 Software Fixes in Release M.08.51 - M.10.72 Release M.08.62 ■ W eb UI (PR_1000177915) — Device V iew from the W eb user interface is missing. ■ W eb UI/Port Security (PR_1000195894) — The W eb user interface does not allow the user to se lect mult iple ports w hen config uring po rt-security . Release M.08.62 Problems Resolved in Re lea[...]

  • Seite 158

    148 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.08.64 Release M.08.64 Problems Resolved in Re lease M.08.64 (Not a ge neral release ) ■ IP Routing (PR_100022 0668) — Fatal exception when routin g with more than 8 trunks configured and IP routing enabled. Release M.08.65 Problems Resolved in Re lease M.08.65 (Never released) ■ Crash[...]

  • Seite 159

    149 Software Fixes in Release M.08.51 - M.10.72 Release M.08.68 Release M.08.68 Problems Resolved in Re lease M.08.68 (Not a ge neral release ) ■ Switching (PR_1000232 312) — In cases where traffic is be ing L2 switched or L3 routed from one port at Gigabit speeds to a gr oup of ports (i. e. to a VLAN) wher e one of the outbound ports is runnin[...]

  • Seite 160

    150 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.08.70 ■ Port Security (PR_1000203984) — CLI port-security "mac-address" comm and will save address above the limit. ■ SNMP (PR_1000212170) — The Switch tran smits W arm and Cold St art traps with an agent address of 0.0.0.0. ■ Spanning T ree (PR_1000214 598) - The switch[...]

  • Seite 161

    151 Software Fixes in Release M.08.51 - M.10.72 Release M.08.72 ■ LLDP (PR_1000241315) — CLI command "sho w LLDP" does not display info rmation correctly . ■ W eb Auth (PR_1000230444) — Using port-based web authenticati on on the Switch w ill cause some users to never rec eive the web auth entic ation screen. This occurs if a clie[...]

  • Seite 162

    152 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.08.75 Release M.08.75 Problems Resolved in Re lease M.08.75 ■ LR optic (PR_1000282195) — After a switch reboot, certain 10GbE X2-SC LR Optic (J8437A) transceivers will lose its configuratio n. Administrator will be unable to turn off LACP , and CLI commands will not be displayed . ■ X[...]

  • Seite 163

    153 Software Fixes in Release M.08.51 - M.10.72 Release M.08.78 Release M.08.78 Problems Resolved in Re lease M.08.78 (Not a ge neral release ) ■ Enhancement (PR_100029180 6) — Fast boot enhancement. ■ MSTP (PR_1000286883) — Slow MSTP fail-over and fall-back ti me. Release M.08.79 Problems Resolved in Re lease M.08.79 (Not a ge neral releas[...]

  • Seite 164

    154 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.08.83 ■ RSTP (PR_1000300623) — Under some circumstances, the switch may allow packets to loop for an extended period of time. Release M.08.83 Problems Resolved in Re lease M.08.83 (Not a ge neral release ) ■ Crash (PR_1000297510) — When using the W eb User Inte rface and the switch [...]

  • Seite 165

    155 Software Fixes in Release M.08.51 - M.10.72 Release M.08.87 ■ SNMP (PR_1000295753) — Removing 'public' SNMP co mmuni ty generates an empty Event Log message. Release M.08.87 Problems Resolved in Re lease M.08.87 (Not a ge neral release ) ■ Crash/STP (PR_1000307280) — Inconsist ent or inco rrect STP data ma y cause the sw itch [...]

  • Seite 166

    156 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.08.90 • RADIUS Configuration via SNMP . For details refer to “Using SNMP T o View and Configure Swit ch Authentication Feat ures” on page 35 . ■ Port Security (PR_10003 04202) — The port-security MAC address learn mode does not function correc tly between 'port-security'[...]

  • Seite 167

    157 Software Fixes in Release M.08.51 - M.10.72 Release M.08.93 Release M.08.93 Problems Resolved in Re lease M.08.93 (Not a ge neral release ) ■ Help (PR_100031771 1) — In the VLAN menu Help text , the word 'default' is spe lled incorrectly . ■ RSTP (PR_1000307278) — Replacing an 802.1D bridge de vi ce with an end node (non-STP d[...]

  • Seite 168

    158 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.08.97 Release M.08.97 Problems Resolved in Re lease M.08.97 (Never released) ■ OSPF (PR_1000 319678) — Switch does not accept IP fragmented OSP F packets. Release M.10.01 Note: The M.10.xx so ftware releases r un only on the ProCurve 3400cl series. Problems Resolved in Re lease M.10.01 [...]

  • Seite 169

    159 Software Fixes in Release M.08.51 - M.10.72 Release M.10.04 ■ sFlow (PR_10003211 95) — A network m anagement applicati on may incorrectly report spikes in traff ic when sFlow is first re-ena bled. Release M.10.04 Problems Resolved in Re lease M.10.04 (Never released) ■ Enhancement (PR_100033074 3) — Denial of Service logging enhanceme n[...]

  • Seite 170

    160 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.07 ■ Stacking (PR_100031 1510) — When stacking is enabled, a stack member cannot be ‘pinged’ using the stack number . ■ STP (PR_1000335141) — T he output of the 'show span' CLI command displ ays a numeral in the 'T ype' column, as opposed to terms such as [...]

  • Seite 171

    161 Software Fixes in Release M.08.51 - M.10.72 Release M.10.09 Release M.10.09 Problems Resolved in Re lease M.10.09 ■ CLI (PR_1000317554) — Th e show version command does not display full minor versi on if it's three digits. ■ Counters (PR_1000327308) — 10gig po rt in xSTP bl ocking mo de will increm ent RX drop s on broadcast packet[...]

  • Seite 172

    162 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.11 Release M.10.11 Problems Resolved in Re lease M.10.11 ■ Crash (PR_1000336436) — A “ get/put” operati on on config fil e via SCP crashes the box with an error message similar to : Software exception at ssh_alarm.c:304 -- in 'mSshAlrm', task ID = 0x6132588 -> ASSERT[...]

  • Seite 173

    163 Software Fixes in Release M.08.51 - M.10.72 Release M.10.14 Release M.10.14 Problems Resolved in Re lease M.10.14 ■ CLI (PR_1000342461) — Comm and “ show lldp info remote <port nu mber> " reports incorrect information for remote management address. ■ LACP (PR_1000352012) — LACP state change does not properly reset 10Gig por[...]

  • Seite 174

    164 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.17 ■ DHCP Protection (PR_1000360273) — DHCP Lease renewal packets received on an untrusted p ort are dropped. ■ DHCP Protection (PR_1000360254) — An entry with an expired lease i s not removed from the bind ing table. ■ Link Failure (PR_100036 1488) — The J8440B version 10-G [...]

  • Seite 175

    165 Software Fixes in Release M.08.51 - M.10.72 Release M.10.21 ■ Enhancement (PR_1000358900 ) — A RADIUS accounti ng enhancement was made. More information about this enh ancement wi ll be made availab le in a future u pdate. Release M.10.21 Problems Resolved in Re lease M.10.21 (Not a ge neral release ) ■ Crash (PR_1000368540) — The switc[...]

  • Seite 176

    166 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.23 Release M.10.23 Problems Resolved in Re lease M.10.23 (Never released) ■ Crash (PR_1000362248) — While attempting t o configure " qos type-of-service diff-services " the switch may crash with a message similar to: Assertion failed: !VALUE_TOO_BIG_FOR_FIELD, file drvmem.c[...]

  • Seite 177

    167 Software Fixes in Release M.08.51 - M.10.72 Release M.10.26 ■ STP/RSTP/MSTP (PR_1000386113) — In some cases STP/ RSTP/MSTP may allow a loop on 10-Gig ports, resultin g in a broadcast storm. Release M.10.26 Problems Resolved in Re lease M.10.26 (Not a ge neral release ) ■ Enhancement (PR_100038168 1) — This enhancement added eavesdrop pr[...]

  • Seite 178

    168 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.28 Release M.10.28 Problems Resolved in Re lease M.10.28 (Not a ge neral release ) ■ CLI/LLDP (PR_1000377191) — Output from the CLI command, " show lldp info remote- device <port> " shows a blank field for the chassis ID. ■ CLI (PR_1000390970) — The command "[...]

  • Seite 179

    169 Software Fixes in Release M.08.51 - M.10.72 Release M.10.30 ■ T ransceiver hotswap (PR_1000 390888) — T ransceiv er hotswap issues: • Simultaneous hotswap of transceivers on bot h dual-personalit y ports will only detect a single change. • After certain transceiver hot swaps, the in/ out LED indicator will not match the current status o[...]

  • Seite 180

    170 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.32 ■ RIP (PR_1000393366) — Th e switch does not process RIP (v2) responses containing subnets with a classful subnet mask , when the recei ving RIP switch has a co nnected VLSM network defined that would fall within that classful ra nge. ■ Enhancement (PR_100037298 9) — This enha[...]

  • Seite 181

    171 Software Fixes in Release M.08.51 - M.10.72 Release M.10.34 ■ Crash (PR_1000407542) — Atte mpting to chan ge the spannin g-tree protoco l version from STP to RSTP or MSTP may cause the switch to crash with a message similar to: PPC Bus Error exception vector 0x300: Stack-frame=0x063d5de0 HW Addr=0x4b5a697c IP=0x0064c648 Task='mSnmpCtrl[...]

  • Seite 182

    172 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.36 ■ BPDU Protection (PR_1000 395569) — BPDU-protection fai ls after module hot-swap . ■ Enhancement (PR_100041992 8) — The Dynamic ARP Protection feature was added. ■ IP Connectivi ty (PR_1000418378) — The switch incorrectly updates its ARP table when a client that is config[...]

  • Seite 183

    173 Software Fixes in Release M.08.51 - M.10.72 Release M.10.39 Release M.10.39 Problems Resolved in Re lease M.10.39 ■ Enhancement (PR_100042821 3) — This software enhancement adds the ability to configure a secondary authenti cation method to be used when the RADIUS server is unavailable for the primary port-access method. ■ Enhancement (PR[...]

  • Seite 184

    174 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.42 ■ SCP (PR_1000428142) — The switch does not exit a s ecure copy protocol (SCP) session properly . Release M.10.42 No Problems Resolved in Release M. 10.42 (Never Released) Release M.10.43 Problems Resolved in Re lease M.10.43 (Never Released) ■ CLI (PR_1000413734) — MDI/ MDIX [...]

  • Seite 185

    175 Software Fixes in Release M.08.51 - M.10.72 Release M.10.45 Release M.10.45 Problems Resolved in Re lease M.10.45 (Not a Public Release) ■ W eb-UI (PR_1000416955) — Inserting an LH GBIC into du al personality ports results in the LH ports not appear ing in the device vi ew . ■ Meshing (PR_1000453201) — Concurrent use of meshing an d spa[...]

  • Seite 186

    176 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.48 • The switch does not send an appropriate exit status message to the client. This corrects the symptom that occurs in some appl ications, which reports a message simil ar to: Fatal error: Server unexpectedly closed connection. • The SSH client applicat ion does not get a command p[...]

  • Seite 187

    177 Software Fixes in Release M.08.51 - M.10.72 Release M.10.50 through M.10.64 Routed traffic is off by a factor of 1000 Switched traffic is not sampled at all ■ Security (PR_10 00388616) — Possible cross-site scripting vulnerability in W eb Manage- ment Interface. ■ Config (PR_1000763386) — An SNMPv3 user is not reflected in startup confi[...]

  • Seite 188

    178 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.66 ■ Authentication (PR_1000454 714) — Concurrent 802.1X an d MAC Authentication does not give the 802.1X value precedence. This fix gives 802.1X VLAN assignment precedence over MAC Auth RADIU S VLAN assignment. ■ W eb Management (PR_1000760153 ) — A Java error occurs when viewin[...]

  • Seite 189

    179 Software Fixes in Release M.08.51 - M.10.72 Release M.10.67 ■ CLI (1000415243) — Ou tput from the CL I command show na me still lists 10-GbE trans- ceiver names, even afte r the transceivers ar e removed and replace d with another type of transceiver . ■ CLI (PR_1000430534) — Output from the show port-access mac-based CLI command may om[...]

  • Seite 190

    180 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.68 ■ Crash (PR_0000004023) — Repeat ed PCM configuration scans using SSH/SCP may cause the switch to crash with a me ssage similar to the follow ing. PPC Data Storage (Bus Error) exception vector 0x300: Stack Frame=0x07af44c0 HW Addr=0x6520463a IP=0x00965a88 Task='tSsh0' Ta[...]

  • Seite 191

    181 Software Fixes in Release M.08.51 - M.10.72 Release M.10.70 ■ PC Phone/Authentication (PR_0 000007209) — When an IP phone is used in tandem with a PC connect ed to the phone, if the ph one is moved to a tagged VLA N, some phone manufactures send some traffic to the switch untagged. This may result in traffic disruption including the PC not [...]

  • Seite 192

    182 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.70 ■ Dynamic ARP Protection (PR_00000099 42) — When a switch using Dynamic ARP Protection is rebooted, it b locks all ARP traffi c on untrusted ports, includi ng traffic consi d- ered valid according to the binding database. On trusted ports, traff ic flows normally . W orkarounds: e[...]

  • Seite 193

    183 Software Fixes in Release M.08.51 - M.10.72 Release M.10.71 Release M.10.71 Problems Resolved in Re lease M.10.71 (Not a Public Release) ■ 802.1X (PR_0000014 842) — If an invalid number of characters are used at the CLI for the command aaa port-access supplicant < port number > secret , th e CLI returns an error message that reference[...]

  • Seite 194

    184 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.72 ■ Config (PR_0000005002 ) — If a fr iendly port name us es the characters TRUNK=, then after a reload, all the trunking configuration will ha ve been removed from the configurat ion. ■ GVRP (PR_0000012224 ) — Changing the GV RP unknown-vlan state from 'block' to &apo[...]

  • Seite 195

    185 Software Fixes in Release M.08.51 - M.10.72 Release M.10.72 Drop offer from <DHCP server IP address> of <DHCP address offer> because the address is assigned to some other client Drop request from <MAC address of client requesting an IP address that is already in use> for <IP address requested by client> because the addre[...]

  • Seite 196

    186 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.72 Message 2 (when an unauth-vid conf ig is attempted on a port with an existing 802.1 X unauth-vid ): Configuration change denied for port <number>.Only Web or MAC- authenticator can have unauthenticated VLAN enabled if 802.1X authenticator is enabled on the same port. Please remo[...]

  • Seite 197

    © 2004 - 2009 Hewle tt-Packard Development Company , LP . The information contained herein is subject to change without notice. October 2009 Manual Part Number 5991-4764[...]