HP ProCurve 3500yl Bedienungsanleitung

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219

Zur Seite of

Richtige Gebrauchsanleitung

Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung HP ProCurve 3500yl an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von HP ProCurve 3500yl, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.

Was ist eine Gebrauchsanleitung?

Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung HP ProCurve 3500yl die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.

Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung HP ProCurve 3500yl. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.

Was sollte also eine ideale Gebrauchsanleitung beinhalten?

Die Gebrauchsanleitung HP ProCurve 3500yl sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts HP ProCurve 3500yl
- Den Namen des Produzenten und das Produktionsjahr des Geräts HP ProCurve 3500yl
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts HP ProCurve 3500yl
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen

Warum lesen wir keine Gebrauchsanleitungen?

Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von HP ProCurve 3500yl zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von HP ProCurve 3500yl und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service HP finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von HP ProCurve 3500yl zu überspringen, wie es bei der Papierform passiert.

Warum sollte man Gebrauchsanleitungen lesen?

In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts HP ProCurve 3500yl, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.

Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von HP ProCurve 3500yl widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.

Inhaltsverzeichnis der Gebrauchsanleitungen

  • Seite 1

    Release Notes: V ersion K.13.49 Software for the ProCurve Series 3500y l, 6200yl, 5400zl, an d 8212zl Switches These release notes include in formatio n on the follow ing: ■ Downloading swit ch software an d documentat ion from the W eb ( page 2 ) ■ Best practices for majo r software updates, inc l uding contingency procedures for rolling back [...]

  • Seite 2

    © Copyright 2006-2008 Hewlett-Packard Development Company , LP . The information contained herein is subjec t to change without notice. Publication Number 5991-4720 January 2009 Applicable Products ProCurve Switch 3500yl-24G-PWR Intelligent Edge (J8692A) ProCurve Switch 3500y l-48G-PWR Intellig ent Edge (J8693A) ProCurve Switch 6200yl-24 G-mGBIC ([...]

  • Seite 3

    i Contents Software Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Premium L icense Swi tch Softwa re Featur es . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Seite 4

    ii Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Release K.11.12 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Release K.11.13 through K.11.32 En hancements . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Seite 5

    iii Release K.12.10 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Show VLAN ports CL I Command Enhancement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Release K.12.11 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Seite 6

    iv Release K.12.51 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Release K.12.52 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Release K.12.53 through K.12.55 En hancements . . . . . . .[...]

  • Seite 7

    v Enabling Customized Web Authentication Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Dynamic IP Lockdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Seite 8

    vi Release K.11.34 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Release K.11.35 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Release K.11.36 . . . . . . . .[...]

  • Seite 9

    vii Release K.12.09 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Release K.12.10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Release K.12.11 . . . . . . . [...]

  • Seite 10

    viii Release K.12.51 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 Release K.12.52 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Release K.12.53 . . . . . . .[...]

  • Seite 11

    ix Release K.13.26 through K.13.39 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Release K.13.40 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Release K.13.41 . . . . . . . . . . . . . . .[...]

  • Seite 12

    1 Software Management Premium License Switch Software Features Software Management Premium License Swit ch Software Features The ProCurve 3500yl and 5400zl switches ship with the ProC urve Intelligent Edge softwa re feature set. The additional Premium L icense switch software features for the 3500yl and 5400zl switches can be acquired by purchasing[...]

  • Seite 13

    2 Software Management Download Switch Documentation and Software from the Web Download Switch Documentatio n and Software from the W eb Y ou can downloa d software updates and the co rrespond ing product do cumentatio n from the ProCurve Networking W eb sit e as desc ribed be low . V iew or Download the Software Manual Set Go to: www .procurve.com [...]

  • Seite 14

    3 Software Management Download Switch Documentation and Software from the Web TFTP Download from a Server Syntax: copy tftp flash < ip-address > < rem ote-os-file > [ < primary | secondary > ] Note that if you do not specify the flash destination, the TFTP download defa ults to the primary flash. For example, to download a softwar[...]

  • Seite 15

    4 Software Management Download Switch Documentation and Software from the Web Syntax: copy xmodem flash [< primary | secondary >] 1. T o reduce the download time, you may want to increase the baud ra te in your terminal emulator and in the switch to a value such as 115200 bits per sec ond. (The baud rate must be the same in both devices.) For[...]

  • Seite 16

    5 Software Management Download Switch Documentation and Software from the Web Using USB to Download Switch Software T o use the USB port on the swit ch to download a software version f rom a USB flash dri ve: ■ The software version must be stored on the USB flash drive, and yo u must know th e file name (such as K_ 12_10.swi). ■ The USB flash d[...]

  • Seite 17

    6 Software Management Saving Configurations While Using the CLI Saving Configurations While Using the CLI The switch operates w ith two configurat ion files: ■ Running-Config File: Exists in volat ile memory and controls switch op eration. Rebootin g the switch erases the current r unning-config file and replaces it with an exact copy of the curr[...]

  • Seite 18

    7 Software Management Best Practices for Major Software Updates Best Practices for Major Software Updates Major software updates contain new features and en hancements, and are desig n ated by an increment to the major releas e version number . That is, K.12.xx represents a ma jor update to soft ware version(s) K.11.xx, and K.13.xx represents a maj[...]

  • Seite 19

    8 Software Management Best Practices for Major Software Updates Note: Y ou might opt to use a differen t methodology in which the new sof tware will be instal led as the secondary and not the primary image , in which case you wo uld use the commands boot system flash secondary , and/or boot set-default flash second ary to change the loc ation of th[...]

  • Seite 20

    9 Software Management Best Practices for Major Software Updates b. Create a backup configuratio n file and verify the change. Switch1# copy config config1 config config2 Switch1# show config files Configuration files: id | act pri sec | name ---+-------------+--------- -------------------------------- ----- 1 | * * * | config1 2 | | config2 3 | | 3[...]

  • Seite 21

    10 Software Management Best Practices for Major Software Updates Note This step will enable you to revert from K_ 13_05 to your previous im age with your previous configurat ion just by invoking the command boot system flash secondary . 6. Download the new primary image. Switch1# copy tftp flash 192 .168.1.60 K_13_06.swi primary The Primary OS Imag[...]

  • Seite 22

    11 Software Management Best Practices for Major Software Updates 8. Reload the new switch image. Switch1# reload System will be rebooted from pri mary image. Do you want to continue [y/n ]? y At the prompt, answer y , for yes, and the switch will boo t with the new image. Note: As an additional step, ProCurve advises saving the startup-config to a [...]

  • Seite 23

    12 Software Management Best Practices for Major Software Updates 1 | * * | config1 2 | * | config2 3 | | 2. Boot the switch using the secondary image (with config2). Switch1# boot system flash s econdary System will be rebooted from secondary im age. Do you want to continue [y/n]? y Answer y , for yes, and the switch will boot from the secondary im[...]

  • Seite 24

    13 Software Management Best Practices for Major Software Updates And later , the configuratio n that was created on K.12.57 is viewed while the switc h is running K.13.06: ProCurve5406zl-onK1306# show config K1257config <cr> The command ou tput will show how the K. 12.57 config wo uld be interpre ted, if it were to be used by the K.13.06 soft[...]

  • Seite 25

    14 Software Management ProCurve Switch, Routing Swit ch, and Router Software Keys ProCurve Switch, Routing Swit ch, and Router Software Keys Software Letter ProCurve Networking Products C 1600M, 2400M, 242 4M, 4000M, and 8000M CY Switch 8100fl Series (8108fl and 8116fl ) E Switch 5300xl Seri es (5304xl, 5308xl, 5348xl, and 5372xl) F Switch 2500 Ser[...]

  • Seite 26

    15 Software Management OS/Web/Java Compatibility Table OS/W eb/Java Compatibility T able The switch W eb agent supports the following comb inations of OS browsers and Java Virtual Machines: Minimum Software V ersions For ProCurve Series 350 0yl, 6200yl, 5 400zl, and 8212zl Switches and Ha rdware Features Operating System Internet Explorer Java Wind[...]

  • Seite 27

    16 Software Management Minimum Software Versions Switch 5400zl 4p 10-GbE CX4 Module J8708A K.11.33 Switch 6200yl-24G-mGBIC J8992A K.11.33 Switch 3500yl 2p 10GbE X2 + 2p CX4 Module J8694A K.11.17 ProCurve Device Product Number Minimum Supported Software Version[...]

  • Seite 28

    17 Support Notes Minimum Software Versions Support Notes ROM Update Required! All yl and zl switches running K. 12.45 system software or earlier , will have the BootROM updated by this new version of system software. This software download wi ll boot the switch twice, first to update the BootROM to version K.12.14, and then to load the system softw[...]

  • Seite 29

    18 Support Notes Minimum Software Versions ProCurve(config)# snmp-server mib hpswitchauthmib excluded For more informat ion on the above topic, refer t o "Using SNMP T o V iew and Config ure Switch Authenticati on Features" in the "RADIUS Auth entic ation and Accounting" chapter of the Access Security Guide for your switch. For [...]

  • Seite 30

    19 Support Notes Minimum Software Versions Management and Configuration Gu ide for ProCurve Wireless Edge Services zl Module h ere: ftp://ftp.hp.com/pub/networking/softw are/WESM-zl-MgmtCf g-Aug2007- 59918626.pdf ). Network administrators who do not wi sh to have the radio ports moved to the au to-provisioned VLAN shoul d disable this feature with [...]

  • Seite 31

    20 Clarifications Minimum Software Versions Clarifications The following clarification or updates apply to doc umentation for the ProCurve Series 3500yl, 6200yl , 5400zl, and 8212zl Switch es as of July 2008. ■ Maximum Number of VLANs Sup ported in Hard ware for PIM-S — Page 4-5 in the Multicast and Routing Guide dated January 2008 for switches[...]

  • Seite 32

    21 Clarifications Minimum Software Versions ■ Maximum UDP Broadcast Forwa rding Entries: The number of UDP broadcast entri es and IP he lper addresses combined can be up to 16 per VLAN, with an overall maxi mum of 2048 on the switch. An earlier version of the Multicas t and Routing Guide (page 5-142) had incorrectly stated that the overall maximu[...]

  • Seite 33

    22 Known Issues Minimum Software Versions Known Issues Release K.13.25 The following problems are known issues as of relea se K.13.25. SFTP/SCP (PR_0000008270 ) — An SFTP or S CP client session may not close after a config download session ends. The work-aroun d is to close the client manually . Release K.13.23 The following problems are known is[...]

  • Seite 34

    23 Known Issues Minimum Software Versions ■ W eb (PR_100076101 4) — The W eb interface trunc ates 16 character passw ords to 15 characters. W o rkaround: configure 16 characte r passwords via the CLI. ■ ICMP (PR_1000764033) — ICMP TTL expired messages are being sent with a source address of the interface the message leaves from rather th an[...]

  • Seite 35

    24 Known Issues Release K.13.02 ■ Config T ransfe r (PR_1000781004) — The switch allows a config file transfer to set an invalid speed-duplex setting on a 100FX SFP . ■ Config T r ansfer (PR_10007810 31) — When the valid port settin g 'a uto-1000' is configured for a 10/100/1000 interface a nd the configuration gets copied to the [...]

  • Seite 36

    25 Known Issues Release K.13.01[...]

  • Seite 37

    26 Enhancements Release K.11.12 Enhancements Enhancements Unless otherwise noted, each new release includes th e enhancements added in all previous releases. Enhancemen ts are listed in chronolog ical order , ol dest to newest software release. T o review a summary of enhancements included since the last general release that was published, begin wi[...]

  • Seite 38

    27 Enhancements Release K.11.35 Enhancements ■ CLI-configured sF low with multiple i nstances: In earlier software releases, the only method for co nfiguring sFlow on the swit ch was via S NMP using onl y a single sFlow inst ance. Beginning with software re lease K.11.34, sFlow can also be conf igured via the CLI for up to three distinct sFlow in[...]

  • Seite 39

    28 Enhancements Release K.11.41 Enhancements Release K.11.41 Enhancements Release K.11.43 includes the follow ing enhancement: ■ Added support for Unidirecti onal Fiber Break Detection (UDLD). Release K.11.42 Enhancements No enhancements, software fixes only. Release K.11.43 Enhancements Release K.11.43 includes the follow ing enhancement: ■ 80[...]

  • Seite 40

    29 Enhancements Release K.11.60 through K.11.63 Enhancements Release K.11.60 throug h K.11.63 Enhancements No enhancements, software fixes only. ■ V e rsions K.11.50 thro ugh K.11.59 were never bui lt. ■ V e rsion K.11.60 was never released. Release K.11.64 Enhancements Release K.11.64 includes the follow ing enhancement: ■ Loop Protection fe[...]

  • Seite 41

    30 Enhancements Release K.12.01 Enhancements Release K.12.01 Enhancements Release K.12.01 is a major software update cont aini ng many new f eatures and enhancements to existing features. The foll owing upd ates have been documented in the latest revisions to the manual s (February 2007). Refer to the ma nuals for addi tional detai ls. Software Man[...]

  • Seite 42

    31 Enhancements Release K.12.01 Enhancements Advanced T raffic Manageme nt Guide Qos Queue Config: Allows you to reduce t he number of outbou nd queues that all switch po rts will use to buffer packets for 802.1p user prio rities. Number of Default VLANs: In the factory d efault state, support has been increased from 8 VLANs to 256 VLANs. (Y ou can[...]

  • Seite 43

    32 Enhancements Release K.12.02 Enhancements In addition to the updates listed above, K.12 .01 also provides the followi ng enhancements: ■ Enhancement (PR_1000298 920) — A ping re quest issued t o a VLAN which is do wn will now return a more specific message; instead of " request timed o ut ," the message " The destination addre[...]

  • Seite 44

    33 Enhancements Release K.12.04 Enhancements For more information, refer to “QoS TCP/ UDP Priority” in the Advanced T raffic Management Guide . Release K.12.04 Enhancements Release K.12.04 includes the follow ing enhancement: ■ Enhancement MSTP (PR_10003694 92) — Update o f MSTP implementati on to the latest IEEE P802.1Q-REV/D5.0 specificat[...]

  • Seite 45

    34 Enhancements Release K.12.04 Enhancements [admin-edge-port] Enables admin-edge-port for RSTP/MSTP . If a bridge or switch is de tected on the segment, the port automatically operates as non-edge, not enabled. (Default: No - disabled) If admin-edge-port is disabled on a port and auto-edge-port has not been disabled, the auto-edge-port setting con[...]

  • Seite 46

    35 Enhancements Release K.12.04 Enhancements Syntax : spanning-tree < port-list > < hello-time | path-cost | point-to-point-m ac | priority > [hello-time < global | 1 - 10 > When the switch is the CIST root, th is parameter specifies the interval (in seconds) between periodic BPDU transmissi ons by the designated ports. This inter[...]

  • Seite 47

    36 Enhancements Release K.12.05 Enhancements Release K.12.05 Enhancements Release K.12.05 includes the follow ing enhancement: ■ Enhancement (PR_1000408 960) — RADIUS-Assigned GVRP VLANs enhancement. For more informatio n, see “How RADIUS-Based Authenticat ion Affects VL AN Operation” below . How RADIUS-Based Authentication Affects VLAN Ope[...]

  • Seite 48

    37 Enhancements Release K.12.05 Enhancements Note Y ou can use 802.1X (port-based or cli ent-based) au thentic ation and e ither W eb or MAC authentication at the same time on a port, with a maximum of 32 cl ients allowed on the po rt. (The default is o ne client.) W eb authenti cation an d MAC authentication are mu tually exclusiv e on the same po[...]

  • Seite 49

    38 Enhancements Release K.12.05 Enhancements If the dynamic VLAN does not exist or if y ou have not enabled the use of a dynamic VLAN for authentica tion sessions on th e switch, the auth entication fails. ■ T o enable the use of a GVRP-learne d (dynamic ) VLAN as the untagged VLAN used in an authenticat ion session, enter the aaa port-access gvr[...]

  • Seite 50

    39 Enhancements Release K.12.05 Enhancements Therefor e, on a p ort where one or more a uthentica ted clie nt sessions ar e already running, all such clients are on the same untagged VLAN . If a RADIUS server subseq uently authenticates a new client, but atte mpts to re-assi gn the port to a different, un tagged VLAN tha n the one already in use fo[...]

  • Seite 51

    40 Enhancements Release K.12.05 Enhancements Figure 2. Active Configuration for VLAN 22 T emporarily Chang es for the 802.1X Session However , as shown in Figure 1 , because VLAN 33 is configured as untagged on port A2 and because a port can be untagged on only one VLAN, port A2 lo ses access to VLAN 33 fo r the duration of th e 802.1X session on V[...]

  • Seite 52

    41 Enhancements Release K.12.05 Enhancements When the 802.1X client session on port A2 en ds, the port removes the temporary untagged VLAN membership. The static VLAN (VLA N 33) that is “permanently” co nfigured as untagged on the port becomes available ag ain. Therefore, wh en the RAD IUS-authenticated 802 .1X session on port A2 ends, VLAN 22 [...]

  • Seite 53

    42 Enhancements Release K.12.05 Enhancements Enabling the Use of GVRP-Learned Dyna mic VLANs in Authen tication Sessions Syntax: aaa port-access g vrp-vlans Enables the use of dynamic VLANs (learned through GVRP) in the temporary untagged VLAN assigned by a RADIUS server on an authenticated port in an 802.1X, MAC, or W eb authentication sessi on. E[...]

  • Seite 54

    43 Enhancements Release K.12.06 Enhancements Release K.12.06 Enhancements Release K.12.06 includes the follow ing enhancement: ■ Enhancement (PR_100030 8332) — Passwords (hashed) can be saved to the configuration file. Saving Security Credential s in a Configuration File In software release K.12.0 6 and gr eater , you can store and view the fo [...]

  • Seite 55

    44 Enhancements Release K.12.06 Enhancements ■ By storing different security settings in diff erent files, you can test differe nt security configurations w hen you first downl oad a new sof tware version that support s multiple config uration file s by changin g the config urat ion fi le used when yo u reboot the switch. For more infor mation ab[...]

  • Seite 56

    45 Enhancements Release K.12.06 Enhancements In software release K.12.06 and grea ter , you cannot view the confi gured local password settings i n plain text. However , by entering the includ e-credentials command described later , you can view a hash of the local password settings in the running-c onfig file, i n the format: password manager [use[...]

  • Seite 57

    46 Enhancements Release K.12.06 Enhancements ■ The < hash- type > parameter specifies th e type of algorithm (if any) used to ha sh the password. V a lid values are plaintext or sh a-1 . ■ The < password > parameter is the cle ar ASCII text string or SHA- 1 hash of the passw ord. You can ente r a manager/op erator passwo rd in clear[...]

  • Seite 58

    47 Enhancements Release K.12.06 Enhancements < auth-pass > is the hashed authen tication password used with the config ured authenticat ion method. priv “< priv-pass >” is the (optional) hashed priv acy password used by a privacy pr otoc ol to encryp t SNMPv3 messages between th e switch and the station. The following example shows [...]

  • Seite 59

    48 Enhancements Release K.12.06 Enhancements After you enter the complete password port-acc ess command syntax, t he password is set. Y ou are not prompted to enter the password a second ti me. T ACACS+ Encryption Key Authentication Y ou can use T ACACS+ servers to au thenticate users who re quest access to a switch through T elnet (remote) or cons[...]

  • Seite 60

    49 Enhancements Release K.12.06 Enhancements In software release K.1 2.06 and greater , RADIUS sh ared secret (e ncryption) keys can b e saved in a configurat ion file wi th the f ollowing sy ntax: radius-server key < keystring > Where: < keystring > is the encryption ke y (in clear text) used fo r secure communication with al l or a sp[...]

  • Seite 61

    50 Enhancements Release K.12.06 Enhancements If the keystring contains double-quotes, it can be quoted with single quotes (' keystring '). The fo llowing restrictions for a keystring apply: ■ A keystring cannot contain both single and d ouble quotes. ■ A keystring cannot have extra characters, such as a blank space or a new line . How[...]

  • Seite 62

    51 Enhancements Release K.12.06 Enhancements Figure 6. Example of Hashe d Content of an SSH Client Pub lic Key If a switch configuration contains multiple SSH clie nt public keys, each public key is saved as a separate entry in the configurat ion file. Y ou can configure up to ten SSH client publi c-keys on a switch. ... include-credentials ip ssh [...]

  • Seite 63

    52 Enhancements Release K.12.06 Enhancements Enabling the Storag e and Display of Securit y Credentials T o enable the security setti ngs described in “Security Settings that Can Be Saved” on page 44 to be included and viewed in the running co nfiguration on th e switch, enter the include-credentials command. Syntax: [no] include-credentials En[...]

  • Seite 64

    53 Enhancements Release K.12.06 Enhancements Operating Notes Caution ■ When you first enter the include-creden tials command to save the additional securi ty credentials to the running configuration, these settings ar e moved from internal storage on the switch to the r unning-config fi le. You are prompted by a warning message to perform a write[...]

  • Seite 65

    54 Enhancements Release K.12.06 Enhancements ■ After you permanently save securi ty conf igurations to the current startup- conf ig file using the write mem ory command, you can v iew and manage security settings with the fol lowing commands: • show config : Displays the configuration sett ings in the current startup-conf ig file. • copy conf[...]

  • Seite 66

    55 Enhancements Release K.12.06 Enhancements ■ If you upgrade ProCurve software on a sw itch from an earlier so ftware releas e to software release K.12.06 or grea ter and th en enter the include-c redentials c ommand, security passwords are managed as follows: • The manager password (if any) in the earl ier software version is copied i nto the[...]

  • Seite 67

    56 Enhancements Release K.12.06 Enhancements Restrictions The following restri ctions apply when you enable se curity credentials to be stored in t he running configurat ion with the include-credenti als command: ■ The private keys of an SSH host cannot be stored in the r unning configurati on. Only the public keys used to authenticate SSH cli en[...]

  • Seite 68

    57 Enhancements Release K.12.07 Enhancements Note that the password port-acce ss values are configured separately from local operator use r - name and passwords that are conf igured with the password operator command and used for management access to the switch. For mo re information about how to use the password port-access command to configure op[...]

  • Seite 69

    58 Enhancements Release K.12.09 Enhancements Release K.12.09 Enhancements No enhancements, software fixes only. Release K.12.10 Enhancements Release K.12.10 includes the follow ing enhancement: ■ Enhancement (PR_1000419 653) — The show vlan ports command was enhanced to display each port in the VLAN separately , displ ay the friendly por t name[...]

  • Seite 70

    59 Enhancements Release K.12.10 Enhancements The following examples illu strate the di splayed output depend ing on whether the d etail option is used. Figure 7. Example of “Sh ow VLAN Ports” Cumula tive Listing Figure 8. Example of “Sh o w VLAN Ports” Detail Listing Vo i c e : Indicates whether a (p ort-based) VLAN is configured as a voice[...]

  • Seite 71

    60 Enhancements Release K.12.11 Enhancements Release K.12.11 Enhancements No enhancements, soft ware never released. Release K.12.12 Enhancements No enhancements, software fixes only. Release K.12.13 Enhancements No enhancements, soft ware never released. Release K.12.14 Enhancements No enhancements, software fixes only. Release K.12.15 Enhancement[...]

  • Seite 72

    61 Enhancements Release K.12.15 Enhancements T o enable SNM P informs, enter this co mmand: T o configure SNMP informs request op tions, use th e followi ng commands. T o specify the manager that receives the informs request, use the snmp-server host command. Syntax: [no] snmp-server enab le informs Enables or disables the informs option for S NMP [...]

  • Seite 73

    62 Enhancements Release K.12.16 Enhancements Y ou can see if informs are enabled or disabled with the show snmp-server command as show n in Figure 9. Figure 9. Example Showin g SNMP Informs Option Enabled Release K.12.16 Enhancements No enhancements, software fixes only. Release K.12.17 Enhancements No enhancements, software fixes only. Release K.1[...]

  • Seite 74

    63 Enhancements Release K.12.19 Enhancements ■ Enhancement (PR_1000428 213) — This software enhancement adds the ability to configure a secondary authenti cation method to be used wh en the RADIU S server is unavailable for the primary po rt ac cess method. For more in formation, see the ProCurve Access Security Guide . ■ Enhancement (PR_1000[...]

  • Seite 75

    64 Enhancements Release K.12.22 Enhancements Release K.12.22 Enhancements Release K.12.22 includes the follow ing enhancement: ■ Enhancement (PR_1000443 026) — Su pport for the n ew revision "C" Min i-GBICs was added to the CLI and the "show tec h" command. ■ Enhancement (PR_100044 4415) — OSPF Passive Interface support [...]

  • Seite 76

    65 Enhancements Release K.12.33 through K.12.40 Enhancements ■ Enhancement — Merged all of the K.12.24 and earli er software fixes and enhancements with the ProCurve sw itch 8212zl support. Release K.12.33 throug h K.12.40 Enhancements No enhancements; Never built. Release K.12.41 throug h K.12.42 Enhancements No enhancements; Never released. R[...]

  • Seite 77

    66 Enhancements Release K.12.45 Enhancements Release K.12.45 Enhancements No enhancements; Never released. Release K.12.46 Enhancements No enhancements; Never released. Release K.12.47 Enhancements Release K.12.47 includes the follow ing enhancement: ■ Enhancement Removed (PR_10 00468258) — The PC attached to IP telephone enhancement was remove[...]

  • Seite 78

    67 Enhancements Release K.12.52 Enhancements ■ Enhancement (PR_1000457 0598) — An impro ved version of the MSTP-VLAN mapp ing enhancement refere nced in PR_1000457691 wa s added. This enha ncement allows the mapping of a ll theoretically ava ilable VLAN IDs (1-4094) to an MSTP in stance, even if some of the VLANs are not cu rrently configured o[...]

  • Seite 79

    68 Enhancements Release K.12.57 Enhancements ■ Enhancement (PR_1000464 170) — Thi s feature provides support f or adding the L LDP VLAN Name TL V to LLDP advertisements gen erated by ProCurve switches. For more informat ion, see the ProCu rve Management and Configuration Guide. Release K.12.57 Enhancements Release K.12.57 includes the follow in[...]

  • Seite 80

    69 Enhancements Release K.13.01 Enhancements Release K.13.01 Enhancements Release K.13.01 is a major software update cont aini ng many new f eatures and enhancements to existing features, including IPv6 host and appl ication layer features (see “IPv6 Configuration Gui de for 2900/3500/5400/620 0/8200” on page 71 for details). The following enha[...]

  • Seite 81

    70 Enhancements Release K.13.01 Enhancements STP Diagnostics: Adds more diagnostic f unctions to resolve STP issues. Se e the section on “T roubleshooting an MSTP co nfiguration” in the chap ter on Multiple Instance Spanning-T ree Operation. Routing and Mu lticast Guide Host-based OSPF-ECMP: Allows OSPF to add routes with multiple next-hop addr[...]

  • Seite 82

    71 Enhancements Release K.13.02 Enhancements Release K.13.02 Enhancements Release K.13.02 includes the follow ing enhancement s. ■ Enhancement : Beginning with K.13.02, DHCP can now be ena bled on a Management VLAN. Since, by definition, there is no routing to or from a VLAN configured as a management VLAN, DHCP relay is still prohibited so the D[...]

  • Seite 83

    72 Enhancements Release K.13.02 Enhancements When OSPF is Also Enabled on th e VRRP Routers When OSPF is enabled on the routers and a Fail-b ack event occurs, the Ow ne r router imme diately takes control of the vi rtual IP address and provid es the default gat eway function ality . If OSPF h as not converged, the route tabl e in the Owner rout er [...]

  • Seite 84

    73 Enhancements Release K.13.02 Enhancements where VID = 16 VRID = 23 PDT = 12 seconds VRRP Preempt Mode with LACP and Older ProCurve Devices There can be an i ssue with VRRP Preempt Mode if an older ProCurve devic e (2524, 2650, 2848 , 3400cl, or 5300) is the intermediate device c onnecting to a V RRP router and ha s LACP set in “enable, passi v[...]

  • Seite 85

    74 Enhancements Release K.13.02 Enhancements There are trade-offs between selecting a smal l ad vertisement value and a large preempt delay time . A small advertisement value results in a faster fa ilover to the Backup router . A larger PDT value allows OSPF to converg e before the Owner router takes back contro l of it s virtual IP address. Choosi[...]

  • Seite 86

    75 Enhancements Release K.13.03 Enhancements Error Messages Release K.13.03 Enhancements Release K.13.03 includes the follow ing enhancement s. ■ Enhancement (PR_1000400 991) — The 802.1X Controlled Directions featu re now functions in dependently of the S TP configuration, allowing yo u to run STP and 802.1X separately . For more information, [...]

  • Seite 87

    76 Enhancements Release K.13.04 Enhancements Release K.13.04 Enhancements Release K.13.04 includes the follow ing enhancement s. ■ Enhancement (PR_ 00 00000081) — Th e CLI clear module command al lows you t o remove module configurat ion informat ion from the configuration file. Clear Module Configuration Overview Because of t he hot-swap cap a[...]

  • Seite 88

    77 Enhancements Release K.13.04 Enhancements ■ Enhancement (PR_ 000000 0082) — The CLI track interface command allows you to configure tracki ng for a port or list of ports, or a trun k or list of trunks. VRRP—Dynamic Priority Change Overview This enhancement provi des the ability to dy namically c hange the priority of the virtual router (VR[...]

  • Seite 89

    78 Enhancements Release K.13.04 Enhancements Note A Backup VR switches to priority zero instead of it s configured value when al l its tracked entities g o down. An Owner VR always uses priority 2 55 and neve r relinquishes control volunta rily . CLI Commands The following commands are used for this enhancement. Note Y ou can only configure tracked[...]

  • Seite 90

    79 Enhancements Release K.13.04 Enhancements Configuring T ra ck VLAN The track vlan command allows you to specify a VLAN or range of VLANs to be tracked by the VR. Notes VR operation must be down bef ore executing this command. Use the no enable command to disable VR operation. The VRs operating VLAN can’t be config ured as a tracking VLAN for t[...]

  • Seite 91

    80 Enhancements Release K.13.04 Enhancements For example: ProCurve(vlan-25-vrid-1)# no track Failover Opera tion Failover operatio n involv es handi ng off of t he VRs cont rol of th e virtual IP to ano ther VR. On ce a failover command is issued , the VR begins sending advertisements wi th priority zero i nstead of the configured priority . When t[...]

  • Seite 92

    81 Enhancements Release K.13.04 Enhancements Displaying the VRRP Configurati on Y ou can display the VRRP tracked entiti es by entering the command show n in Figure 11 . Figure 11. Example of show vrrp tracked entities Command Y ou can d isplay the VRRP confi guration by en tering the command show n in Figure 12 . Figure 12. Example Showin g the VR[...]

  • Seite 93

    82 Enhancements Release K.13.04 Enhancements • The VRs operating VLAN can’ t be config ured as a tracking VLAN for that VR. • Ports that are part of a trunk can’ t be tracked. • A port that is t racked can’ t be included in a trunk. • T runks that are tracked can’ t be removed; you are not able to remove t he last port from the trun[...]

  • Seite 94

    83 Enhancements Release K.13.04 Enhancements ■ Enhancement (PR_ 00000000 84) — DHCP Option 66 provides a way to automatically download and in itially boot from a config uration that is diff erent from the f actory-shi pped configuration. DHCP Option 66 Automatic Configuration Update Overview ProCurve switches are initially bo ot ed up with the [...]

  • Seite 95

    84 Enhancements Release K.13.04 Enhancements Possible Scenarios for Updati ng the Configura tion File The following t able shows various netw ork configurations and how Option 66 is handled. Operating Notes Replacing the Existing Configuration File : After the DHCP client downloads the configuration file, the switch compares the conten ts of that f[...]

  • Seite 96

    85 Enhancements Release K.13.04 Enhancements • DHCP is preferred over BootP • If two BootP offers are received, the first one is select ed • For two DHCP offers: – The offer from an authoritative server is selected – If there is no authoritative server , the offer with the longest lea se is selected Log Messages The file transfer is imple[...]

  • Seite 97

    86 Enhancements Release K.13.04 Enhancements If the IP address has no t already been c onfigured on the inte rface (VLAN), you w ill see th e message shown in Figure 14 . Figure 14. Example of T rying to Configure an I P Address that is not on this In terface (VLAN) Displaying the BO OTP Gateway T o display the configured BOOTP ga teway for an inte[...]

  • Seite 98

    87 Enhancements Release K.13.04 Enhancements Operating Notes • If the conf igured BOOTP gateway address becomes i nvalid, DHCP rela y agent returns to the default behavior (assignin g the low est-numbered IP address). • If you try to configure an IP address that is not assigned t o that interf ace, the confi gu- ration will fail and the previou[...]

  • Seite 99

    88 Enhancements Release K.13.04 Enhancements Figure 1. Example of Inb ound Broadcast Ra te-limiting of 50% on Port 3 If you rate-lim it multicas t traffic on the same port, the multicast limit is also in effect for th at port, as shown in Figu re 2 . Only 20 percent of the multic ast traffic will be forwarded . Figure 2. Example o f Inbound Multica[...]

  • Seite 100

    89 Enhancements Release K.13.04 Enhancements Figure 3. Example o f Disabling Inbound Mu lticast Rate-limitin g for Port 3 Operating Notes • This rate-limiting feature does not limi t unicast traffic. • This feature does not incl ude outbound multicast rate-limi ting. For more detailed in formation abo ut rate-limiting, see th e Multicast and Ro[...]

  • Seite 101

    90 Enhancements Release K.13.04 Enhancements For example, if the host “Labswitch” is in the domain abc.com, you can enter the following command and the destinat ion is resolv ed to “Labswitch .abc.com”. ProCurve(config)# telnet Labswitch Y ou can also enter t he full domai n name in the command: ProCurve(config)# telnet Labswitch.abc.com Y [...]

  • Seite 102

    91 Enhancements Release K.13.04 Enhancements Figure 17. Example of the show modules Com mand Output Figure 18. An Example of th e show modules deta ils Command for the 8212zl Sho wing SSM and Mini-GBIC Infor mation Syntax: show modules [details] Displays information about the installed modules, including: • The slot in which the module is install[...]

  • Seite 103

    92 Enhancements Release K.13.04 Enhancements Note On ProCurve 3500yl and 6200yl seri es switches, the mini-GBIC inform ation does not display a s the ports are fixed and not part of any module. ■ Enhancement (PR_ 000000 0101) — This enhancement adds a vrrp option t o the debug command. VRRP Option with Debug Command This enhancement adds a vrrp[...]

  • Seite 104

    93 Enhancements Release K.13.04 Enhancements Figure 19. Example of the show vrrp Command with St atistics ■ Enhancement (PR_ 00000 00420) — This enhancement provides the show-tech option for customizing cop y tftp output. Copy Command with Show T ech Option This enhancement allows the show-te ch command to execute a series of commands found in [...]

  • Seite 105

    94 Enhancements Release K.13.05 through K.13.15 Enhancements For example: Figure 4. Example of Using the show-tech Command t o Upload a Customized List Release K.13.05 throug h K.13.15 Enhancements No enhancements; Bug fixes only . Release K.13.16 Enhancements Release K.13.16 includes th e foll owing enhancements: ■ Enhancement (PR_00000016 41) ?[...]

  • Seite 106

    95 Enhancements Release K.13.16 Enhancements For example: ProCurve(config)# console inactivity-timer 20 ■ Enhancement (PR_1000780 247) — This enhancemen t provides hpicf Downlo ad MIB support for t ransferring conf iguration files both t o and from a TFTP server . Prior to this enhancem ent, MIB suppo rt was limited to do wnloading an d uploadi[...]

  • Seite 107

    96 Enhancements Release K.13.16 Enhancements Setting the Manageme nt Access Method—CLI Enter the following command to configure th e management access method using the CLI. Figure 5. Example of Co nfiguring IP Authorized Manager Access Method SSH Figure 6. Example of show authorized-manag ers Command with Access Me thod Configured Setting the Man[...]

  • Seite 108

    97 Enhancements Release K.13.16 Enhancements Figure 7. Example of Menu Showing Authorized Managers with Access Meth od Figure 8. Example of Edi t Menu for IP Managers Setting the Management Access Method—W eb Interface T o set the manag ement access method in the W eb interface, click on the Security tab, and then click on the Au thorized A ddres[...]

  • Seite 109

    98 Enhancements Release K.13.16 Enhancements Figure 9. Example o f Configuring Autho rized Manager Access Meth od in the Web Interface See “Using Autho rized IP Managers” in the Access Security Guide for your switch for more informat ion about a uthorized IP manage rs. ■ Enhancement (PR_0000000 090) — Thi s enhanc ement al lo ws you to choo[...]

  • Seite 110

    99 Enhancements Release K.13.16 Enhancements Columns supported are: Syntax: show interfaces cust om [port-list] column-list Select the information that you want to display. Parameters include: ■ port name ■ type ■ vlan ■ intrusion ■ enabled ■ status ■ speed ■ mdi ■ flow Parameter Column Displays Examples port Port identifier A2 ty[...]

  • Seite 111

    100 Enhancements Release K.13.16 Enhancements Figure 20. Example of the Custom show inte rfaces Command Y ou can specify the column width by entering a colon after th e column name, th en indicating the number of charact ers to displ ay . In Figure 20 the Name column only displays the first four characters of the name. All remaining characters are [...]

  • Seite 112

    101 Enhancements Release K.13.16 Enhancements Note on Using Pattern Matching with the “Show Inte rfaces Custom” Command If you have included a pattern matching command to search for a field in the output of the show int custom command an d the show int custom command produces an error , the error message may not be visible and the output i s em[...]

  • Seite 113

    102 Enhancements Release K.13.16 Enhancements Y ou can also use the no-tag-added parameter with ACL traffic filt ering when mirroring IP traffic. Figure 21. Mirroring Commands w ith the no-tag-added Option Figure 22. Example of a Curren tly Configured Mirroring Summ ary on a Source Switch Syntax: [no] interfa ce <port-num | trunk-name | m esh>[...]

  • Seite 114

    103 Enhancements Release K.13.16 Enhancements Figure 23. Example of Se ssion Output Sh owing no-tag-added Option Note For more informatio n about traffi c mirrori ng, see “Monitorin g and An alyzing Switch Operation” in the Management and Configurat ion Guide for your switch. For more inf ormation abou t ACL filtering, see “Access Cont rol Li[...]

  • Seite 115

    104 Enhancements Release K.13.16 Enhancements SHOULD save the change to non-volatile storage.” DEFVAL { 2 } ::= { hpicfBridgeMirrorSessionEntry 2 } Operating Notes • The specified port can be a physical po rt, a trunk port, or a mesh port. • Only a single logical port (physi cal port or trunk) can be associated with a mirror session when the [...]

  • Seite 116

    105 Enhancements Release K.13.16 Enhancements • W eb and MAC authentications are not allowed on the same port if unau thenticated VLAN (that is, a guest VLAN) is enabled for MAC authentication. An unauthent icated VLAN can’ t be enabled for MAC authent ication if W eb and MAC authentica tion are both enabled on the port. • Hitless re-authenti[...]

  • Seite 117

    106 Enhancements Release K.13.16 Enhancements Figure 24. Example of Disabl ing a Specific Cipher Configuring Key Lengths and DSA/RSA Support This enhancement allows you to specify the type an d length of the generated host key . The c ommand is: Y ou can also generate and use a DS A key as the host key . The size of the host key is platform- depend[...]

  • Seite 118

    107 Enhancements Release K.13.16 Enhancements Message Authenticati on Code (MAC) Support This enhancement allows config uration of the set of MACs th at are available for selection. Displaying the SSH Information The show ip ssh command has been enhanced to displa y information about ci phers, MACs , and key types and sizes. T able 1. RSA/DSA Va lu[...]

  • Seite 119

    108 Enhancements Release K.13.16 Enhancements Figure 25. Example of show ip ssh Comma nd Showing Ciphers, MACs an d Key Information Logging Messages There are new event log messages when a new k ey is generated and zeroi zed for the server: ssh: New <num-bits> -bit [rsa | dsa] SSH host key installe d ssh: SSH host key zeroized There are al so[...]

  • Seite 120

    109 Enhancements Release K.13.17 Enhancements • debug • debug2 • debug3 Release K.13.17 Enhancements No enhancements; Bug fixes only . Release K.13.18 Enhancements Release K.13.18 includes th e foll owing enhancements: ■ Enhancement (PR_1000406 763) — New comm ands were added to the CLI response t o the show tech comma nd. Release K.13.19[...]

  • Seite 121

    110 Enhancements Release K.13.19 Enhancements For example, if yo u use the show interface custo m command to specify the ou tput, you can configure an alias for the comma nd to simplify execution. Figure 26. Example of Using t he Alias Command with show in t custom Creates a shortcut alias name to use in place of a commonly used command. The alias [...]

  • Seite 122

    111 Enhancements Release K.13.19 Enhancements Note Remember to enclose the comma nd being aliased in quotes. Command parameters for the aliase d command can be added at the e nd of the al ias command string. For example: ProCurve(config)# alias shoconfig “show config” ProCurve(config)# shoconfig status T o change the command that is aliased, re[...]

  • Seite 123

    112 Enhancements Release K.13.19 Enhancements Note See the section “Command Differ ences for the ProCurve Series 2600/ 2800/3400cl/6 400cl Switches” on page 113 for command differences on these switches. Adding a Description for a Syslog Server Y ou can associate a user -frie ndly description with each of the IP addresses (IPv 4 only) config ur[...]

  • Seite 124

    113 Enhancements Release K.13.19 Enhancements Figure 11. Example of the Logging Command with a Priority Description Note A notificat ion is sent to the SN MP agent if there are any changes to the syslog paramete rs either through the CLI or with SNMP . Command Dif ferences for the ProCur ve Series 2600/2 800/3400cl/6400cl Switches CLI Commands The [...]

  • Seite 125

    114 Enhancements Release K.13.19 Enhancements • If the def ault severity value is in effect, al l messages that have severiti es greater than the default value are passed to syslog. For exam ple, if the default seve rity is “debug”, all messages that have severities great e r than debug are passed to syslog. • There is a limit of si x syslo[...]

  • Seite 126

    115 Enhancements Release K.13.19 Enhancements • Y ou can use up to thr ee W eb servers in your network to store and display customized W eb pages for W eb Authentication login. • T o configure a W eb server on your network, follow the instruction s in the documentation provided with t he server . • Before you enable custom W eb Authentication[...]

  • Seite 127

    116 Enhancements Release K.13.19 Enhancements Customizable HTML T emplates The sample HTML files desc ribed in the follow ing s ections are customizable templates. T o he lp you create your own set HTML files, a set of the templates can be foun d on the down load page fo r ‘K’ software. User Login Page (index.html) Figure 12. User Login Page Th[...]

  • Seite 128

    117 Enhancements Release K.13.19 Enhancements Figure 13. HTML Code for User Login Page T emplate <!-- ProCurve Web Authenticati on Template index.html --> <html> <head> <title>User Login</ title> </head> <body> <h1>User Login</h1> <p>In order to acce ss this network, you must first l og in[...]

  • Seite 129

    118 Enhancements Release K.13.19 Enhancements Access Granted Page (accept.html) Figure 14. Access Granted Page The accept.html file is the W e b page used to confirm a valid c lient login. This W eb p age is disp layed after a valid username and pass w ord are entered and accepted. The client device is then g ranted access to the netw ork. T o conf[...]

  • Seite 130

    119 Enhancements Release K.13.19 Enhancements Figure 15. HTML Code for Access Grante d Page T empla te Authenticating Page (authen.html) Figure 16. Authentica ting Page <!-- ProCurve Web Authenticati on Template accept.html --> <html> <head> <title>Access Grant ed</title> <!-- The following line is required to autom[...]

  • Seite 131

    120 Enhancements Release K.13.19 Enhancements The authen.html file is the W eb page used to process a clien t login and is refre shed while user credentials are ch ecked and verified. Figure 17. HTML Code for Authentic ating Page T emplate Invalid Credent ials Page (reject_unauthv lan.html) Figure 18. Invalid Credent ials Page <!-- ProCurve Web [...]

  • Seite 132

    121 Enhancements Release K.13.19 Enhancements The reject_unauthvlan.html file is the W eb page used to displa y lo gin failu res in which an unauth enti- cated client is assigned to the VLAN configured for unauthoriz ed client sessions. Y ou can configure the VLAN used by unauth oriz ed clients with the aaa port -access web-based unauth -vid comman[...]

  • Seite 133

    122 Enhancements Release K.13.19 Enhancements T imeout Page (timeout.html) Figure 20. T imeout Page The timeout.html file is the W eb page used to return an error messa ge if the RADIUS server is not reachable. Y ou can configure the time period (in seco nds) that the swi tch waits for a response from the RADIUS server used to verify client cred en[...]

  • Seite 134

    123 Enhancements Release K.13.19 Enhancements Retry Login Page (retry_ login.html) Figure 22. Retry Login Page The retry_login.html file is the W eb page displ ayed to a c lie nt that has entered an invalid username and/or password, and is given another opportunity to log in. The W A UTHRETRIESLEFTGET ES I displays the n umber of logi n retr ies th[...]

  • Seite 135

    124 Enhancements Release K.13.19 Enhancements Figure 23. HTML Code fo r Retry Login Page T emplate SSL Redirect Page (sslredirect.html) Figure 24. SSL Redirect Page <!-- ProCurve Web Authenticati on Template retry_login.html --> <html> <head> <title>Invalid Cred entials</title> <!-- The following li ne is required t[...]

  • Seite 136

    125 Enhancements Release K.13.19 Enhancements The sslredirect file is the W eb page displayed when a client is redirected to an SSL server to enter credentials for W eb Authentication . If you have enabled SSL on the switch, you can enable secure SSL-based W eb Authentication by entering the aaa port-access web-based ssl-login comma nd when you ena[...]

  • Seite 137

    126 Enhancements Release K.13.19 Enhancements Access De nied Page (reject_no vlan.html) Figure 26. Access Denied Page The reject_novlan file is the W eb page displaye d after a clie nt login fails and no VLAN is configured for unauthorized clients. The W AUTHQUIETTIMEGET ESI inserts the time per iod used to block an unauthorized client from attempt[...]

  • Seite 138

    127 Enhancements Release K.13.19 Enhancements Figure 27. HTML Code for Access Denied Page T emplate <!-- ProCurve Web Authenticati on Template reject_novlan.html --> <html> <head> <title>Access Denie d</title> <!-- The line below i s required to automatically redir ect the user back to the logi n page. --> <me[...]

  • Seite 139

    128 Enhancements Release K.13.19 Enhancements Commands for Using Custom W eb Authentication Pages aaa port-access web -based ewa-server Figure 29. Adding Web Servers with the aaa port-ac cess web-based ews-server Comman d Figure 31. Removing a Web Server with the aaa port-access web -based ews-server Command Command Page [no] aaa port-access web-ba[...]

  • Seite 140

    129 Enhancements Release K.13.19 Enhancements show port-access web-based config Figure 33. Example of show port-access Web-based config Command Output Enhancement (PR_1000460 265) — This enhancement pro vides Dynamic IP Lockdown , which is used to prev ent IP source address spoo fing on a per -port an d per -VLAN basis. Dynamic IP Lockdown The Dy[...]

  • Seite 141

    130 Enhancements Release K.13.19 Enhancements Protection Ag ainst IP Source Ad dress Spoofing Many network attacks occur when an attacker injec ts packets with fo rged IP source addresses into the network. Also, som e network service s use the IP source address as a component in their authentication schemes. For exampl e, the BSD “r” protocols [...]

  • Seite 142

    131 Enhancements Release K.13.19 Enhancements Prerequisite: DHC P Snooping Dynamic IP lockdo wn requires th at you enable DHCP snooping as a prerequisite for its operation on ports and VLAN traf fic: • Dynamic IP l ockdown only e nables traffic for clients whose le ased IP addresse s are already stored in the l ease database created by DHCP snoop[...]

  • Seite 143

    132 Enhancements Release K.13.19 Enhancements In this example, t he following DHCP leases have been lear ned by DHCP snoop ing on port 5. VLANs 2 and 5 are enabled for DHCP snoopi ng. Figure 28. Sample DHCP Snooping E ntries The following example shows an IP-to-MAC address and VLAN binding that ha ve been statically configured in the lease database[...]

  • Seite 144

    133 Enhancements Release K.13.19 Enhancements Enabling Dynamic IP Lockd own T o enable dynamic IP lockdown on all ports or specified ports, enter the ip source-lockdown command at the global configuration level. Use the no form of the command to disable dynam ic IP lockdow n. Operating Notes ■ Dynamic IP lockdown is enabled at the port configurat[...]

  • Seite 145

    134 Enhancements Release K.13.19 Enhancements • Remove the trusted-por t configuration. ■ Y ou can con figure dynam ic IP lockdown on ly from the CLI; this feature cannot be configured from the W eb management or menu interface . ■ If you enable dynamic IP lo ckdown on a po rt, you cannot add th e port to a trunk. ■ Dynamic IP lockdo wn mus[...]

  • Seite 146

    135 Enhancements Release K.13.19 Enhancements Adding a Static Binding T o add the static configur ation of an IP-to-MAC binding for a port to the lease database, enter the ip source-binding command at the globa l configuration level. Use the no form of the command to remove the IP-to-MAC bindi ng from the database. Note Note that the ip source-bin [...]

  • Seite 147

    136 Enhancements Release K.13.19 Enhancements An example of the show i p source-lockdown status command output is sho wn in Figure 31. Note that the operational status of all swit ch ports is displayed. This info rmation indicates whether or not dynamic IP lock down is supp orted on a port. Figure 31. Example of show ip sou rce-lockdown stat us Com[...]

  • Seite 148

    137 Enhancements Release K.13.19 Enhancements Figure 32. Example of show ip sou rce-lockdown bin dings Command Out put In the show ip source-loc kdown bindings command output, the “Not in HW” column specif ies whether or not (YES or NO ) a statically confi gured IP-to- MAC and VLAN bi nding on a specified port has been combined in the lease dat[...]

  • Seite 149

    138 Enhancements Release K.13.20 Enhancements Figure 33. Example of debu g dynamic-ip-lockd own Command Outp ut Release K.13.20 Enhancements Release K.13.20 includes th e foll owing enhancements: ■ Enhancement (PR_0000004 124) — Su pport is added for the J9144A ProCurve 10-Gb E X2-SC LRM Optic, an X2 form-f actor transceiver that supports the 1[...]

  • Seite 150

    139 Enhancements Release K.13.21 Enhancements Release K.13.21 Enhancements No enhancements; Bug fixes only . Release K.13.22 Enhancements No enhancements; Bug fixes only . Release K.13.23 Enhancements No enhancements; Bug fixes only . Release K.13.24 throug h K.13.25 Enhancements No enhancements; Bug fixes only . Release K.13.26 throug h K.13.39 En[...]

  • Seite 151

    140 Enhancements Release K.13.40 Enhancements disabled (1), active (2), passive (3) } ACCESS read-write STATUS mandatory DESCRIPTION “Used to set administrative status of LACP on all the ports. A Port can have one of the three administrative status of LACP. Active/Passive/Disabled are the three states. ” ::= { hpSwitchLACPConfig 1 } hpSwitchLin[...]

  • Seite 152

    141 Enhancements Release K.13.40 Enhancements SNMP displays the counter and statistics totals accu mulated since the last rebo ot; it is not affected by the clear statistics gl obal command or the clear statistics < port-list > command. An SNMP trap is sent whenever the statis tics are cleare d. Note The clearing of statisti cs cannot be uncl[...]

  • Seite 153

    142 Enhancements Release K.13.40 Enhancements Adding a Description for a Syslog Server Y ou can associate a user -frie ndly description with each of the IP addresses (IPv 4 only) config ured for syslog using the CL I or SNMP . The CLI com mand is: Figure 34. Example of the Logging Command wi th a Control Description Caution Entering the no logging [...]

  • Seite 154

    143 Enhancements Release K.13.41 Enhancements Figure 35. Example of the Logging Command with a Priority Description Note A notificat ion is sent to the SN MP agent if there are any changes to the syslog paramete rs either through the CLI or with SNMP . Operating Notes • Duplicate I P addresses are no t stored in the list of syslog servers. • If[...]

  • Seite 155

    144 Enhancements Release K.13.44 Enhancements Release K.13.44 Enhancements No enhancements; Bug fixes only . (Not a public release) Release K.13.45 Enhancements The following prob lems were resolved in re lease K.13.45. ■ Enhancement (PR_0000010 783) — Support was added for the follow ing products. J9099B - ProCurve 100-BX-D SFP-LC T ransceiver[...]

  • Seite 156

    145 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.12 Software Fixes in Release K.11.12 - K.13.49 Software fixes are listed in chronological order , oldest to newest. Unless otherw ise noted, e ach new re lease i ncludes the software fixes added in all previous releases. Release K.11.11 was the first production software release for the P[...]

  • Seite 157

    146 Software Fixes in Release K.11.12 - K.13.49 Release K.11.13 ■ MSTP Enhancement (PR_100031046 3) — Implementation of legacy pa th cost MIB and CLI option for MSTP . ■ RSTP (PR_1000307278) — Replacing an 802.1D bridge devi ce with an end node (non-STP device) on the same Switch port, can resu lt in the RSTP Switch sending TCNs. ■ W eb U[...]

  • Seite 158

    147 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.16 ■ CLI (PR_1000315256) — Inconsistent error message, " Resource unavailabl e ," when configuring more than the maximum nu mb er of allowe d static IP routes. ■ Crash (PR_1000322009) — The Switch may crash with a message similar to: Software exception in ISR at queues.[...]

  • Seite 159

    148 Software Fixes in Release K.11.12 - K.13.49 Release K.11.32 Software exception at ldbal_cost.c:1577 -- in 'eDrvPoll', task ID = 0x1760650-> ASSERT: failed. ■ Crash (PR_1000314305) — The switch may crash with a message similar to: Software exception at ipamMApi.c:1592/1594 -- in 'eRouteCtrl' ■ Crash (PR_1000323759) ?[...]

  • Seite 160

    149 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.32 ■ Crash (PR_1000335430) — The Switch may crash with a message similar to: "Cam range reservation error" crash at aqSlaveRanges.c:172. ■ Event Log (PR_100030 8669) — After a Switch reset, the eve nt log does not display co rrect information . ■ Event Log (PR_1000310[...]

  • Seite 161

    150 Software Fixes in Release K.11.12 - K.13.49 Release K.11.33 ■ Module (PR_10003303 12) — Bootin g up the Switch with an unsuppo rted module in stalled may cause all existing modules to fail. ■ MSTP Enhancement (PR_10003317 92) — Implementation of Spanning-tree BPDU Filter and SNMP T raps. ■ Power Supply (PR_10003 10159) — After power[...]

  • Seite 162

    151 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.34 "Software exception at alloc_free.c:422 -- in 'eDrvPoll'...-> No msg buffer", when Switch is configured for ACL logging. ■ Module J8705A (PR_1 000336281) — The Switch 5400 zl 20P 10/100/1000 + 4 mini GBIC module (J8705A) may stop forwarding packets. Release [...]

  • Seite 163

    152 Software Fixes in Release K.11.12 - K.13.49 Release K.11.36 ■ MIB (PR_1000307831) — The MIB va lue for ipAddrT able is not po pulated. ■ RIP (PR_1000331536) — RIP does not send a rout e poison updat e in response to a fai led route. ■ Show tech (PR_1000 294072) — Show T ech statistics displ ays incorrect port names for fixed ports. [...]

  • Seite 164

    153 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.40 Software Exception at rt_table.c.758 -- in 'eRouteCtrl', task ID = 0x8a d6b30 -> Routing Task: Route Destinations exceeded Release K.11.40 The following problem s were resolved in release K .11.40 (not a general release) ■ CLI (PR_1000353548) — Use of the command show[...]

  • Seite 165

    154 Software Fixes in Release K.11.12 - K.13.49 Release K.11.44 The following problem s were resolved in release K .11.43 (not a general release) ■ Crash (PR_1000307842) — When deleting/rem oving CL I ACLs, IDM ACLs, management VLAN, or viru s throttle lockouts, sw it ch crashes with error simi lar to: "Delete virtu al meter with nonzero r[...]

  • Seite 166

    155 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.47 Release K.11.47 The following problem s were resolved in release K .11.47 (not a general release) ■ Management VLAN (PR_100029 9387) — The management VLAN does not allow connectivity from valid addresses. ■ SNMP (PR_1000358129) — The command lin e interfa ce (CLI) becomes unre[...]

  • Seite 167

    156 Software Fixes in Release K.11.12 - K.13.49 Release K.11.61 ■ sFlow (PR_10003616 04) — Changed the maximum sF low skipcount to 24 bits. Release K.11.61 V e rsions K.11.50 thro ugh K.11.59 were never bui lt. V e rsion K.11.60 was never released. The following problem s were resolved in release K .11.61 (not a general release) ■ 802.1X (PR_[...]

  • Seite 168

    157 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.63 Release K.11.63 The following prob lems were resolved in re lease K.11.63 ■ 802.1p QoS (PR_1 000368188) — 802. 1p prioriti zation may not work once a trunk i s enabled on a module , unless the user issues t he commands "qos type -of service ip-precedence" or "qos ty[...]

  • Seite 169

    158 Software Fixes in Release K.11.12 - K.13.49 Release K.11.65 Release K.11.65 The following problem s were resolved in relea se K.11.65 (not a general release) ■ Alarms/Log (PR_1 000371908) — The ambient temperature measured by the 5406zl chassis is 4 degrees C too high, causing the ge ne ration of false high temperature alarms. ■ CLI (PR_1[...]

  • Seite 170

    159 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.67 ■ W eb/RADIUS (PR_1000368520) — W eb Authentica tion doesn't authenticate clients due to a failure to send RADIUS r equ ests to the conf igured se rver . ■ W ebUI (PR_1000371598 ) — Unable to Ac cess Stack Members through Commander W ebUI. Use of the W ebUI "stack a [...]

  • Seite 171

    160 Software Fixes in Release K.11.12 - K.13.49 Release K.11.69 Release K.11.69 The following prob lems were resolved in re lease K.11.69 ■ Routing (PR_100039 2086) — The swi tch learns a bogus MAC address when the next hop address is unknown, causi ng the swit ch to stop forw arding traffic. Release K.11.69 is the last release of the K.11. xx [...]

  • Seite 172

    161 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.02 ■ Enhancement (PR_1000298 920) — A ping re quest issued t o a VLAN which is do wn will now return a more specific message; instead of " request timed o ut ", the message " The destination address is unreach able " will be displa yed. ■ Enhancement (PR_100037 [...]

  • Seite 173

    162 Software Fixes in Release K.11.12 - K.13.49 Release K.12.03 ■ Crash (PR_1000392863) — Switc h may cr ash when setmib tcpConnState is used, with a message similar to: NMI event SW:IP=0x0079f4a0 MSR:0x00029210 LR:0x006dca60 Task='eTelnetd' Task ID=0x8a7cbb0 cr: 0x20000042 sp:0x08a7c870 ■ Daylight savings (PR_10 00364740) — Due t[...]

  • Seite 174

    163 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.04 ■ Enhancement (PR_1000398 393) — For the interface < port-lis t > speed-duplex command, added the auto-10-100 configuration option to constrain a link to 10/ 100 Mbps speed and allow a more rapid linkup process when 1000 Mbps operation is not possible. ■ Enhancement (PR_10[...]

  • Seite 175

    164 Software Fixes in Release K.11.12 - K.13.49 Release K.12.05 Release K.12.05 The following prob lems were resolved in re lease K.12.05. ■ BootROM (PR_1000402707 ) — BootROM does not update to latest version when updating code to primary flash. ■ CLI (PR_1000309998) — Manageme nt module is incorrect ly displayed as J8627A rather than the [...]

  • Seite 176

    165 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.08 Release K.12.08 Software never re leased. ■ Enhancement (PR_1000413 764) — In crease the size of the sysLocation and sysContact entries from 48 to 255 characte rs. For more information, see “Release K.12.08 Enhancemen ts” on page 57 . Release K.12.09 The following problem was [...]

  • Seite 177

    166 Software Fixes in Release K.11.12 - K.13.49 Release K.12.11 ■ SNMP (PR_1000374893) — When retrieving the switch serial number via SNMP , the management module serial number is returned inst ead of t he chassis serial number . ■ SNMP (PR_1000422129) — HP Fault Finder do esn't sen d the in terface i ndex with t he SNMP trap, even tho[...]

  • Seite 178

    167 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.15 ■ Hotswap (PR_100042 2714) — Hotswa pping a mo dule may resu lt in a false module self -test failure. After hot swapping th e module, the follo wing messages may appear in the event log: I 05/27/06 12:06:54 00076 po rts: port B23 is now on-line W 05/27/06 12:07:00 00564 po rts: po[...]

  • Seite 179

    168 Software Fixes in Release K.11.12 - K.13.49 Release K.12.16 ■ Rate-Limiting (PR_10 00420720) — Rat e limitin g is broken beyond 9. 5 Mbps. For a ny rate limit set to more than 9.5 Mbps, the actua l rate drops to 1 Mbps. Release K.12.16 The following prob lems were resolved in re lease K.12.16. ■ Crash (PR_1000415621) — Removing a VLAN t[...]

  • Seite 180

    169 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.18 Release K.12.18 The following prob lems were resolved in re lease K.12.18. ■ CLI (PR_1000419379) — The “interface” command does not exist in the VLAN context, resulting in an inability to shift to the i nterf ace configuration context directly from the VLAN context. ■ Hang ([...]

  • Seite 181

    170 Software Fixes in Release K.11.12 - K.13.49 Release K.12.20 ■ 10-GbE Log (PR_1000 424384) — The switch is not check ing for the presence of the J8694A ProCurve yl 10G X2-CX4 module early enough in the boot process, trig gering a log message when the check is executed. Release K.12.20 The following problems were resolved in release K.1 2.20 [...]

  • Seite 182

    171 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.22 ■ Routing (PR_1000432 449) — If the switch i s configured with both port security and routing, a physical port tran sition on the host may cause the switch to stop transmitting routed traff ic to that host. Clearing the ARP cache resol ves this problem until another port transitio[...]

  • Seite 183

    172 Software Fixes in Release K.11.12 - K.13.49 Release K.12.24 ■ MSTP (PR_1000439775) — The switc h generat es a topo logy chan ge when a port go es off-line. With MSTP en abled and al l ports left at defaul t (auto-edge-port), when a port transitions to offli ne, a TC will be gene rate d, and the topology ch ange counter increases. ■ Multic[...]

  • Seite 184

    173 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.26 through K.12.29 Release K.12.26 through K.12.29 Software never bu ilt. Release K.12.30 Software never re leased. Release K.12.31 The following prob lems were resolved in re lease K.12.31. ■ Enhancement — Support fo r the following P roCurve product was add ed. J9091A / J8715A (bun[...]

  • Seite 185

    174 Software Fixes in Release K.11.12 - K.13.49 Release K.12.44 Release K.12.44 Not a general release. ■ Enhancement (PR_1000457 691) — Thi s enhancem ent all ows the ma pping of all theoretically availa ble VLAN IDs (1- 4094) to an MSTP instance, ev en if some of the VLANs are not currently co nfigured on the switch. For more information, see [...]

  • Seite 186

    175 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.46 ■ SNMP (PR_1000444744) — An snmp set of hpicfDot1xPaePortauth or an snmp set hpicfDot1xPaePortSupp of an invalid value ma y cause the switch to crash with a message similar to the foll owing: ASSERT at aaa8021x_dyn_reconfig.c . ■ SSH (PR_100046100 2) — Issue with auth enticati[...]

  • Seite 187

    176 Software Fixes in Release K.11.12 - K.13.49 Release K.12.48 Release K.12.48 The following prob lems were resolved in re lease K.12.48. ■ Enhancement Removed (PR_1 000470136) — Removal of the enha ncement that allows the mapping of all theoretically available VLAN IDs (1-4094) to an MSTP instance, even if some of the VLANs are not currently [...]

  • Seite 188

    177 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.52 ■ Routing (PR_1000424 308) — A static ro ute that poin ts to a deleted VL AN may cause other routing table errors. ■ CLI (PR_1000473468) — Removing a VLAN range from an MSTP instance (e.g., no spanning-tree instance 2 vlan 10-2 0) fails to de lete the VLANs. Listi ng individua[...]

  • Seite 189

    178 Software Fixes in Release K.11.12 - K.13.49 Release K.12.54 Release K.12.54 The following prob lems were resolved in re lease K.12.54. ■ Connection Rate Filte r (PR_1000440871 ) — Some types of traffic could result in connection rate filt ering (CRF) that bloc ks the switch management IP address. ■ Connection Rate Filte r (PR_1000716601) [...]

  • Seite 190

    179 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.55 Release K.12.55 The following problems were resolved in relea se K.12.55 (never released). ■ DARPP (PR_1000736402) — The last port on the switch will not be initiali zed with Dynamic ARP Protection (DARPP) characteri stics if the last two ports are DARPP configured. For example, i[...]

  • Seite 191

    180 Software Fixes in Release K.11.12 - K.13.49 Release K.12.57 3) The SSH client application does not get a co mmand prompt (or equival ent) back from the switch until the OS is verified and burned to flash. 4) The show flash command incorrectly shows an OS image presen t in flash before th e OS has completely copied to flash . ■ Routing (PR_100[...]

  • Seite 192

    181 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.02 Release K.13.02 The following prob lems were resolved in re lease K.13.02. ■ Enhancement (PR_1000458 124) — VRRP Preemptive Delay T imer . For more informati on, see “Release K.13.02 Enhancements” on page 71 . ■ CLI (PR_1000307590) — T ab-help error in the spanning-tree i [...]

  • Seite 193

    182 Software Fixes in Release K.11.12 - K.13.49 Release K.13.03 ■ CLI (PR_1000455370) — Commands that di splay po rtmaps may yield corrupted output. For example, a singl e port may be di splayed as a port range. ■ RIP (PR_1000751858) — Some static rou tes may not be correct ly distribut ed by RIPv1 or RIPv2. ■ PIM (PR_1000714322) — A ne[...]

  • Seite 194

    183 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.04 ■ Crash (PR_1000763409) — When entering and deleting ACLs, the switch may crash with a message similar to : PPC Data Storage (Bus Error) exception vector 0x300: Stack Frame=0x087a1ba8 HW Addr=0x1f89d420 IP=0x005e62e0 Task=’mSess2’ T ask ID=0x87a3cd0.fp: 0x00000005 sp:0x087a1c6[...]

  • Seite 195

    184 Software Fixes in Release K.11.12 - K.13.49 Release K.13.04 ■ Enhancement (PR_ 00 00000081) — The CLI clear module command allows yo u to remove module configurat ion informat ion from the co nfiguration file. For more i nformation, see “Release K.13.04 Enhanc ements” on page 76 . ■ Enhancement (PR_ 000000 0082) — The CLI track inte[...]

  • Seite 196

    185 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.04 ■ CLI (PR_0000000476) — V arious CLI parameters are rejected by the swi tch as invalid when the administrator is trying to configure ports of transcei vers/modules that have not yet been inserted into the swi t ch. Affected commands include ip source- binding ; interface <x>[...]

  • Seite 197

    186 Software Fixes in Release K.11.12 - K.13.49 Release K.13.05 Release K.13.05 The following problem s were resolved in release K .13.05 (not a public release). ■ Link/Config (PR_10 00771549) — On a ProCu rve 3500yl Series Swi tch, a li nk will n ot come up after configuring t he port mode from MDI to AUTOMDIX (on one side of the link). ■ St[...]

  • Seite 198

    187 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.06 ■ UDLD (PR_0000001433) — After the switch is rebooted, UDLD may continue to keep switch ports in a blocked state. ■ VLAN Mirroring/Config (PR_00000012 40) — The VLAN Mirroring configuration is changed from its original value after updating from K.1 2.xx to K.13.03. ■ Bootup/[...]

  • Seite 199

    188 Software Fixes in Release K.11.12 - K.13.49 Release K.13.08 W 03/11/06 03:18:53 00374 chassis: Ports 25-48 Slave ROM Tombstone: 0x13000601 W 03/11/06 03:18:53 00374 chassis: Ports 25-48: Lost Communications detected - Heart Beat Lost I 03/11/06 03:19:00 00375 chassis: Ports 25-48 Downloading I 03/11/06 03:19:01 00376 chassis: Ports 25-48 Downlo[...]

  • Seite 200

    189 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.09 Release K.13.09 The following prob lems were resolved in re lease K.13.09. ■ Crash (PR_0000001689a ) — A switch running so ftware version K.1 3.04 or higher may crash during co nfiguration of broadcas t rate limit ing. Event log messages may b e similar to the following. W 03/11/0[...]

  • Seite 201

    190 Software Fixes in Release K.11.12 - K.13.49 Release K.13.11 ■ RADIUS/Jumbo (PR_ 100077 9048) — When an 802.1X-enabled port belo ngs to a VLAN that is jumbo enabled, the Access-Request will specify a va lue of Framed-MTU of 91 82 bytes. When the RADIUS server replies with a large fr ame, the swi tch does not respon d, causin g the authenti c[...]

  • Seite 202

    191 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.12 ■ 802.1X (PR_0000 002036) — 802.1X with Funk Steel Be lted RADIUS server causes the switch to fail to assign th e VLAN that it was sent with the "T unnel-Private-Group-Id" parameter . ■ Module Selftest (PR 0000001273) — After a reboot, ports 1-24 or ports 25-48 on th[...]

  • Seite 203

    192 Software Fixes in Release K.11.12 - K.13.49 Release K.13.13 .iso.org.dod.internet.mgmt.mib- 2.entityMIB.entityMIBObjects.entityPhysical.entPhysicalTable.entP hys calEntry.entPhysicalSerialNum .iso.org.dod.internet.mgmt.mib- 2.entityMIB.entityMIBObjects.entityPhysical.entPhysicalTable.entP hys calEntry.entPhysicalModelName Release K.13.13 The fo[...]

  • Seite 204

    193 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.15 Release K.13.15 The following problems were resolved in relea se K.13.15 (never released). No enhancements; No bug fixes. Release K.13.16 The following problem s were resolved in release K .13.16 (not a public release). ■ Enhancement (PR_00000016 41) — This enha ncement allo ws th[...]

  • Seite 205

    194 Software Fixes in Release K.11.12 - K.13.49 Release K.13.17 A new configur ation option provides the abil ity to configure w hich MACs a client is pe rmitted to use; Feedback info rmation; a nd, SSH CLI show command information enhancements. For more information, see “Release K.13.16 Enhancements” on page 94 . ■ Config (PR_000000074 1) ?[...]

  • Seite 206

    195 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.18 ■ SNMP (PR_1000761379) — When an SN MP get is used to gather statistics , the interface B1 on a J8702A module only up dates it s SNMP counters on every other query . ■ SNMP (PR_0000001807) — Use of a correctly configured th ird party u tilit y to connect to the switch via SNMP[...]

  • Seite 207

    196 Software Fixes in Release K.11.12 - K.13.49 Release K.13.19 ■ W ake-On-LAN (PR_0000 004794) — W ake-On-LAN does not always work successf ully . ■ IP Phone (PR_0000004803) — A tand em IP phon e may stop tal king to the switch after a connected PC login failure and reboot. ■ PIM-SM (PR_000000521 9) — When the switch sends a “Regi st[...]

  • Seite 208

    197 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.21 ■ X2 T ransceivers (PR_0000004758 ) — Some ProCurve SR and ER X2-10GbE (J8436A, J8437A) transceivers have a timing issue that prevents the transc eivers from being correctly identified either when hot sw apped or duri ng a cold boot. ■ LEDs (PR_0000005623) — Upon insertion of [...]

  • Seite 209

    198 Software Fixes in Release K.11.12 - K.13.49 Release K.13.22 ■ Config (PR_1000781031) — When the valid port se tting ‘a uto-1000’ is c onfigured for any 10/100/1000 interface in an external configuration file and the co nfigurati on file i s copied to the switch, the system returns th e port setting to the default value, changing ‘auto[...]

  • Seite 210

    199 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.24 ■ Authentication (PR_00000 07209) — A PC beh ind a tandem IP ph one is not able t o authenticate. Release K.13.24 The following problem s were resolved in release K .13.24 (not a public release). ■ OSPF (PR_0000 006183a) — OSPF ECMP m ay drop up to 50% of the traffic destined [...]

  • Seite 211

    200 Software Fixes in Release K.11.12 - K.13.49 Release K.13.26 through K.13.39 ■ GVRP/RADIUS (PR_0000 006051) — RADIUS-assigned VLANs are not propagated correctly i n GVRP . Please see “Note: This fix is associated with some new switch behavior: ” for a descripti on of the behavior chan ge with this fix. Note: This fix is associated wi th [...]

  • Seite 212

    201 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.41 Release K.13.41 The following problem s were resolved in releas e K.13.41 (N ot a public rele ase). ■ AAA (PR_0000008409) — The CLI comman ds aaa au thentication and aaa accounting return a resource unavailable error . ■ PCM (PR_0000008113) — Repeated ProCurve Manager Config S[...]

  • Seite 213

    202 Software Fixes in Release K.11.12 - K.13.49 Release K.13.43 ■ CLI (PR_0000004042) — The CLI command snmp-server response-sourc e dst-ip-of-request does not work as expected when the desti nation IP address of the SNMP Request is the Loopback IP . The source IP addr ess of the SNMP Response should be the destination IP of the SNMP Request, b[...]

  • Seite 214

    203 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.45 ■ CLI (PR_1000803731) — If the " |" charac ter exi sts in the banner text of a configuration file downloaded via TFTP transfer , the banner text may become corrupted, or the TFTP transfer may fail w ith a corrupted download file error message. ■ Hang (PR_0000007 806) ?[...]

  • Seite 215

    204 Software Fixes in Release K.11.12 - K.13.49 Release K.13.46 J9143B – ProCurve 1000-BX-U SFP-LC Mini-GBIC For more information, see “Release K.13.45 Enhancements” on page 144 . ■ T ransceivers (PR_0000010525) — Intermittent self test fa ilure may occur if t ransceivers are hot-swapped in an d out of the switch in too short a time fram [...]

  • Seite 216

    205 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.46 password operator sha-1 "lsadkjlkjfsd..." Example of what that line mi ght look like after the fix: password operator sha0 "lsadkjlkjfsd...” No switch administrator interven tion is required for the forwar d configuration translation to occur. Support Note: This fix h[...]

  • Seite 217

    206 Software Fixes in Release K.11.12 - K.13.49 Release K.13.47 Release K.13.47 The following problem s were resolved in re lease K.13.4 7. (Never released.) ■ OSPF ECMP (PR_0000004798 ) — Some I P subnets whic h ar e multiple hops away are not reachable from certain c lients despi te the presence of the ta rget subnet in the switch routing tab[...]

  • Seite 218

    207 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.49 Release K.13.49 The following prob lems were resolved in re lease K.13.49. ■ Auto-TFTP (PR_0000014646 /000001355 2) — Certain software file names may trigger auto-tftp to reload the same so ftware file repeatedly .[...]

  • Seite 219

    © 2006 - 2008 Hewl ett-Packard Development Company , LP . The information contained herein is subject to change without notice. January 2009 Manual Part Number 5991-4720[...]