Go to page of
Similar user manuals
-
Switch
HP ProCurve 2610 Series
4 pages 0.08 mb -
Switch
HP L10
134 pages 1.09 mb -
Switch
HP 2012i
86 pages 1.83 mb -
Switch
HP Q.11. (2510-24)
294 pages 1.96 mb -
Switch
HP ProCurve 2610-PWR
464 pages 4.53 mb -
Switch
HP 445946-001
198 pages 8.74 mb -
Switch
HP BladeSystem C-Class Interconnect Component
26 pages 1.46 mb -
Switch
HP SN6000
90 pages 2.03 mb
A good user manual
The rules should oblige the seller to give the purchaser an operating instrucion of HP 445946-001, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.
What is an instruction?
The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of HP 445946-001 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.
Unfortunately, only a few customers devote their time to read an instruction of HP 445946-001. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.
What should a perfect user manual contain?
First and foremost, an user manual of HP 445946-001 should contain:
- informations concerning technical data of HP 445946-001
- name of the manufacturer and a year of construction of the HP 445946-001 item
- rules of operation, control and maintenance of the HP 445946-001 item
- safety signs and mark certificates which confirm compatibility with appropriate standards
Why don't we read the manuals?
Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of HP 445946-001 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of HP 445946-001, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the HP service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of HP 445946-001.
Why one should read the manuals?
It is mostly in the manuals where we will find the details concerning construction and possibility of the HP 445946-001 item, and its use of respective accessory, as well as information concerning all the functions and facilities.
After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.
Table of contents for the manual
-
Page 1
HP 1 0Gb Ether net BL -c S w itc h Appli cati on Gui de Part number: 445946-001 First edition: June 2007[...]
-
Page 2
2 Legal notices © 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to cha nge without no tice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty[...]
-
Page 3
Contents 3 Contents Accessing the switch Introduction ................................................................................................................... ........................ 9 Additional references .......................................................................................................... ................. 10 Typ[...]
-
Page 4
Contents 4 User access control ............................................................................................................ .................. 34 Setting up user IDs ............................................................................................................ .............. 35 Ports and trunking Introduction .........[...]
-
Page 5
Contents 5 Introduction ................................................................................................................... ...................... 68 Overview ....................................................................................................................... ..................... 68 Bridge Protocol Data Units ...[...]
-
Page 6
Contents 6 Using ACL Groups ............................................................................................................... ................ 90 ACL Metering an d Re-marking .................................................................................................... ........... 91 Meteri ng ...................................[...]
-
Page 7
Contents 7 Configuring IGMP Snoopin g (CLI exam ple) ................................................................................. 121 Configuring IGMP Filter ing (CLI example).................................................................................... 122 Configuring a Static Mrou ter (CLI example) .....................................[...]
-
Page 8
Contents 8 High availability Introduction ....................................................................................................................................... 167 Uplink Failure Detection ....................................................................................................... ............... 167 Failure Dete ction [...]
-
Page 9
Accessing the switch 9 A cces sing the s w itc h Introduction This guide will help you plan, implement, and adminis ter the switch software for the HP 10Gb Ethernet BL-c Switch. Where possible, each sect ion provides feature overviews, usage examples, and configuration instructions. • “Accessing the switch” describe s how to configure an d vi[...]
-
Page 10
Accessing the switch 10 Additional references Additional information about installing and configurin g the switch is available in the following guides, which are available at http://www.hp.com/go/blad esystem/documentation . • HP 10Gb Ethernet BL-c Switch User Guide • HP 10Gb Ethernet BL-c Switch Command Referen ce Guide • HP 10Gb Ethernet BL[...]
-
Page 11
Accessing the switch 11 ○ Untagged ○ Port VLAN ID (PVID): 4095 • VLAN 4095—Management VLAN 4095 isolat es mana gement traffic within the HP 10GbE switch. VLAN 4095 contains only one member port (p ort 17). No other ports can be memb ers of VLAN 4095. • Interface 250—Managem ent interface 250 is associ ated with VLAN 4095. No other inter[...]
-
Page 12
Accessing the switch 12 Using the command line interfaces The command line interface (CLI) can be accessed via local terminal conn ection or a remote session using Telnet or SSH. The CLI is the most direct method for co llecting switch information and performing swit ch configuration. The HP 10GbE switch provi des two CLI modes: The menu-based AOS [...]
-
Page 13
Accessing the switch 13 The following example shows how to manually configure an IP address on the switch: 1. Configure an IP interface for th e Telnet connection, usin g the sa mple IP address of 205.21.17.3. 2. The pending subnet mask address and broadcast address are automatically calculated. >> # /cfg/l3/if 1 (Select IP interface 1) >&[...]
-
Page 14
Accessing the switch 14 Using Simple Network Management Protocol The switch software provides SNMP v1.0 and SN MP v3.0 support for ac cess through any network management software, such as HP-OpenView. SNMP v1.0 To access the SNMP agent on the switch, the read and write community strings on the SNMP manager should be configured to match those on the[...]
-
Page 15
Accessing the switch 15 User configuration Users can be configured to us e th e authentication/privacy options. The HP 10GbE switch suppo rts two authentication algorithms: MD5 and SHA, as specified in the following command: /cfg/sys/ssnmp/snmpv3/usm < x >/auth md5|sha 1. To configure a user with name admin , authentication type MD5, authenti[...]
-
Page 16
Accessing the switch 16 View based configurations CLI user equivalent To configure an SNMP user equivalent to the CLI user , use the following configuration: /c/sys/ssnmp/snmpv3/usm 4 name "usr" (Configure the user) /c/sys/ssnmp/snmpv3/access 3 name "usrgrp" (Configure access group 3) rview "usr" wview "usr" [...]
-
Page 17
Accessing the switch 17 CLI oper equivalent To configure an SNMP user equivalent to the CLI oper , use the following configuration: /c/sys/ssnmp/snmpv3/usm 5 name "oper" (Configure the oper) /c/sys/ssnmp/snmpv3/access 4 name "opergrp" (Configure access group 4) rview "oper" wview "oper" nview "oper"[...]
-
Page 18
Accessing the switch 18 3. Configure an entry in the n otify table. /c/sys/ssnmp/snmpv3/notify 10 (Assign user to the notify table) name v1trap tag v1trap 4. Specify the IP address and other trap parameters in the Target Address( targetAddr) and Target Parameters (targetParam) t ables. Use the following command to spec ify the user name used wit h [...]
-
Page 19
Accessing the switch 19 SNMPv2 trap host configuration The SNMPv2 trap host configuration is similar to the SNMPv1 trap host configuration. Wherever you specify the model, specify snmpv2 instead of snmpv1 . c/sys/ssnmp/snmpv3/usm 10 (Configure user named “v2trap”) name "v2trap" /c/sys/ssnmp/snmpv3/access 10 (Define access group to vie[...]
-
Page 20
Accessing the switch 20 The following example shows how to configure a SNMPv3 user v3trap with authentication only: /c/sys/ssnmp/snmpv3/usm 11 (Configure user named “v3trap”) name "v3trap" auth md5 authpw v3trap /c/sys/ssnmp/snmpv3/access 11 (Define access group to view SNMPv3 traps) name "v3trap" level authNoPriv nview &quo[...]
-
Page 21
Accessing the switch 21 Configuring an IP address range for the management network Configure the management ne twork IP address and mask from the Syst em Menu in the CLI. For example: >> Main# /cfg/sys/access/mgmt/add Enter Management Network Address: 192.192.192.0 Enter Management Network Mask: 255.255.255.128 In this example, the management[...]
-
Page 22
Accessing the switch 22 Configuring RADIUS on the switch (CLI example) To configure RADIU S on the switch, do the following: 1. Turn RADIUS authentication on, an d then configure the Primary and Secondary RADIUS servers. For example: >> Main# /cfg/sys/radius (Select the RADIUS Server menu) >> RADIUS Server# on (Turn RADIUS on) Current s[...]
-
Page 23
Accessing the switch 23 Configuring RADIUS on the switch (BBI example) 1. Configure RA DIUS parameters. a. Click the Confi gure context button. b. Open the System folder, and select Radius. c. Enter the IP address of the primary and secondary RADIUS servers, and enter the RADIUS secret for each server. Enable the RADIUS server. CAUTION: If you conf[...]
-
Page 24
Accessing the switch 24 2. Apply, verify, and save the configuration. RADIUS authentication features The switch supports the following RADIUS authentication features: • Supports RADIUS client on the switch, based on the pr otocol definitions in RFC 2138 and RFC 2866. • Allows RADIUS secret pas sword up to 32 bytes. • Supports secondary authen[...]
-
Page 25
Accessing the switch 25 Table 2 User access levels User account Description and tasks performed Administrator Administrators are the only ones that can make permanent changes to the switch configuration—changes that are persistent across a reboot/reset of the switch. Administrators can access switch functions to configure and t roubleshoot proble[...]
-
Page 26
Accessing the switch 26 TACACS+ offers the following advantages over RADIUS: • TACACS+ uses TCP-based conn ection-oriented transp ort; whereas RADIUS is UDP based. TCP offers a connection-oriented transport, while UDP offers best-effort deli very. RA DIUS requires additional programmable variables such as re -transmit attempts and time-outs to co[...]
-
Page 27
Accessing the switch 27 Alternate mapping between TACACS+ privilege levels and HP 10GbE sw itch management access levels is shown in the table below. Use the command /cfg/sys/tacacs/cmap ena to use the alternate TACACS+ privilege level s. Table 5 Alternate TACACS+ privileg e levels User access level TACACS+ level user 0—1 oper 6—8 admin 14—15[...]
-
Page 28
Accessing the switch 28 Configuring TACACS+ authentication on the switch (CLI example) 1. Turn TACACS+ authenticati on on, and then configure the Primary and Secondary TACACS+ servers. >> Main# /cfg/sys/tacacs (Select the TACACS+ Server menu) >> TACACS+ Server# on (Turn TACACS+ on) Current status: OFF New status: ON >> TACACS+ Ser[...]
-
Page 29
Accessing the switch 29 Configuring TACACS+ authentication on the switch (BBI example) 1. Configure TA CACS+ authentication for the switch. a. Click the Confi gure context button. b. Open the System folder, and select Tacacs+. c. Enter the IP address of the primary and secon dary TACACS+ servers, and enter the TACACS+ secret. Enable TACACS+. d. Cli[...]
-
Page 30
Accessing the switch 30 e. Configure custom privilege-level mapping (optional). Click Submit to accept each mapping change. 2. Apply, verify, and save the configuration. Secure Shell and Secure Copy Secure Shell (SSH) and Secure Copy (SCP) use secure tunnels to encr ypt and secure me ssages between a remote administrator and the switch. Telnet does[...]
-
Page 31
Accessing the switch 31 The switch implementation of SSH is based on versi o n 1.5 and version 2.0, and supports SSH clients from version 1.0 through version 2.0. Client softwar e ca n use SSH version 1 or version 2. The following SSH clients are supported: • SSH 3.0.1 for Linux (freeware) • SecureCRT® 4.1.8 (VanDy ke Technologies, Inc.) • O[...]
-
Page 32
Accessing the switch 32 Configuring the SCP administrator password To configure t he scpadmin (SCP administrator) password, first co nnect to the switch via the RS-232 management console. For security reasons, the scpadmin password can be configured only when connected directly to the switch console. To configure the passw ord, enter the following [...]
-
Page 33
Accessing the switch 33 Applying and saving configuration Enter the apply and save commands after the command above ( scp ad4.cfg 205.178.15.157:putcfg ), or use the following commands. You will be prompted for a password. >> # scp < local_filename > < user >@< switch IP addr >:putcfg_apply >> # scp < local_filename[...]
-
Page 34
Accessing the switch 34 A value of 0 denotes that RSA server key autogeneration is disabled. When greater than 0, the switch will auto generate the RSA server key every sp ecified inte rval; however, RSA server key generation is skipped if the switch is busy doing other key o r cipher generation when the timer expires. The switch will perform only [...]
-
Page 35
Accessing the switch 35 Setting up user IDs The administrat or can configure up to 10 user a ccounts. To configure an end-user account, perf orm the following steps: 1. Select a user ID to define. >> # /cfg/sys/access/user/uid 1 2. Define the user name and password. >> User ID 1 # name jane (Assign name “jane” to user ID 1) Current [...]
-
Page 36
Ports and trunking 36 P orts and trunking Introduction The first part of this chapter describe s the different types of ports used on the switch. This inform ation is useful in understanding other applic ations described in this guide, from the context of the embedded switch/server environment. For specific information on how to con figure ports fo[...]
-
Page 37
Ports and trunking 37 Table 7 Ethernet switch port names Port number Port alias 13 Downlink13 14 Downlink14 15 Downlink15 16 Downlink16 17 Mgmt 18 Uplink1 19 Uplink2 20 Uplink3 21 Uplink4 Port trunk groups When using port trunk groups betwe en two switches, you can create an aggregate link operati ng at up to forty Gigabits per second, dependin g o[...]
-
Page 38
Ports and trunking 38 1. Read the configuration rul es provided in the “Trunk group configuration rules” section. 2. Determine which s witch ports (up to six) are to become trunk members (the spe cific ports making up the trunk). 3. Ensure that the chosen switch ports are set to enabled, using the following command: /cfg/port x/cur 4. Trunk mem[...]
-
Page 39
Ports and trunking 39 Port trunking example In this example, the 10 Gigabit upli nk ports on each switch are configured into a total of four tru nk groups: two on each switch. NOTE: The actual mapping of switch ports to NIC interfaces is dependant on the operating system software, the type of server blade, and the en closure type. For more informat[...]
-
Page 40
Ports and trunking 40 Configuring trunk groups (CLI example) 1. On Switch 1, config ure trunk groups 5 and 3: >> # /cfg/l2/trunk 5 (Select trunk group 5) >> Trunk group 5# add 20 (Add port 20 to trunk group 5) >> Trunk group 5# add 21 (Add port 21 to trunk group 5) >> Trunk group 5# ena (Enable trunk group 5) >> Trunk [...]
-
Page 41
Ports and trunking 41 Configuring trunk groups (BBI example) 1. Configure tr unk groups. a. Click the Confi gure context button on the Toolbar. b. Open the Layer 2 folder, and select Trunk Groups. c. Click a Trunk Group number to select it.[...]
-
Page 42
Ports and trunking 42 d. Enable the Trunk Group. To add ports, select each port in the Ports Available list, and click Add. e. Click Submit. 2. Apply, verify, and save the configuration. 3. Examine the trunking information on each sw itch. a. Click the Dashboa rd context button on the Toolbar.[...]
-
Page 43
Ports and trunking 43 b. Select Trunk Groups. c. Information about each configured trunk group is displayed. Make sure that trunk groups consist of the expected ports and that each port is in the expected state.[...]
-
Page 44
Ports and trunking 44 Configurable Trunk Hash algorithm This feature al lows you to configure the particula r parameters for the HP 10GbE switch Tr unk Hash algorithm instead of having to ut ilize the defaults. You can con figure new default behavior for Layer 2 traffic and Layer 3 traffic, using the CLI menu cfg/l2/thash . You can select a minimum[...]
-
Page 45
Ports and trunking 45 In the configuration shown in the table above, Actor switch ports 18 and 19 aggregate to form an LACP trunk group with Partner switch ports 1 and 2. At the same time, Actor switc h ports 20 and 21 form a different LACP trunk gr oup with a different partner. LACP automatically determines which member links can be aggregated and[...]
-
Page 46
Ports and trunking 46 Configuring LACP Use the following procedure to confi gure LACP for port 20 and port 21 to participate in link aggregation. 1. Set the LACP mode on port 20. >> # /cfg/l2/lacp/port 20 (Select port 20) >> LACP port 20# mode active (Set port 20 to LACP active mode) 2. Define the admin key on port 20. Only ports with t[...]
-
Page 47
Port-based Network Acce ss and traffic control 47 P or t -based Net w or k Acce ss and tr aff ic contr ol Port-based Network Access control Port-based Network Access control provides a means of authenticating and authorizing devices attached to a LAN port that has point-to-point connection char acteristics. It prevents access to ports that fail aut[...]
-
Page 48
Port-based Network Acce ss and traffic control 48 802.1x authentication process The clients and authenticators communicate using Exte nsible Auth entication Protocol (EAP), which was originally designed to run over PPP, and fo r which the IEEE 802.1x Standard has defined an encapsulation method over Ethernet fram es, called EAP over LAN (EAPOL). Th[...]
-
Page 49
Port-based Network Acce ss and traffic control 49 The Radius server chooses an EAP-supported authentica tion algorithm to verify the client’s identity, and sends an EAP-Request packet to the client via the switch authenticator. The client th en replies to the Radius server with an EAP-Respons e containing its credentials. Upon a successful authen[...]
-
Page 50
Port-based Network Acce ss and traffic control 50 Supported RADIUS attributes The HP 10GbE switch 802. 1x Authenticator relies on external RADIU S servers for authentication with EAP. The following table lists the RADIUS attrib utes that are supported as part of RADIUS-EAP authentication based on the guidelines specifi ed in Annex D of the 802.1x s[...]
-
Page 51
Port-based Network Acce ss and traffic control 51 EAPoL configuration guidelines When configuring EAPo L, consider the following guidelin es: • The 802.1x port-based authentication is currently su pported only in point-to-point configurations, that is, with a single supplicant connected to an 802.1x-enabled switch port. • When 802.1x is enabled[...]
-
Page 52
Port-based Network Acce ss and traffic control 52 Configuring port-based traffic control To configure a port for traffic cont rol, perform the following steps: 1. Configure the traffic-control thresh old and enable traffic control. Main# /cfg/port 2 >> Port 2# brate 150000 (Set broadcast threshold) >> Port 2# mrate 150000 (Set multicast[...]
-
Page 53
VLANs 53 VL ANs Introduction This chapter describes network design and topology co nsiderations for using Virt ual Local Area Networks (VLANs). VLANs are commonly used to split up gr oups of network users into manageable broadcast domains, to create logical segmentation of workgrou ps, and to enforce security policies among logical segments. The fo[...]
-
Page 54
VLANs 54 Viewing VLANs The VLAN information menu ( /info/l2/vlan ) displays all configured VLANs and all member ports that have an active link state, for example: >> Layer 2# vlan VLAN Name Status Ports ---- -------------------------------- ------ ---------------------- 1 Default VLAN ena 1 4-16 18-21 2 VLAN 2 ena 2 3 4095 VLAN 4095 ena 17 PV[...]
-
Page 55
VLANs 55 VLAN tagging The switch supports IEEE 802.1Q VLAN tagging, provid ing standards-based VLAN support for Ethernet systems. Tagging places the VLAN identifier in th e frame header , allowing each port to be long to multiple VLANs. When you configure multiple VLANs on a port, you mu st also enable tagging on that port. Since tagging fundamenta[...]
-
Page 56
VLANs 56 Figure 3 Default VLAN settings NOTE: The port numbers speci fied in these illustration s may not directly correspond to the physical port configuration of your switch mod el. When you configure VLAN s, you configure the switch ports as tagg ed or untagged members of specific VLANs. See the following figur es. In the following figure, the u[...]
-
Page 57
VLANs 57 Figure 5 802.1Q tagging (after port-based VLAN assignment) In the following figure, the tagged incoming packet is assigned direct ly to VLAN 2 because of the tag assignment in the packet. Port 5 is configured as a tagged member of VLAN 2, and port 7 is configured as an untagged member of VLAN 2. Figure 6 802.1Q tag assignment As shown in t[...]
-
Page 58
VLANs 58 Figure 7 802.1Q tagging (after 802.1Q tag assignment) NOTE: Using the /boot/conf factory command resets all ports to VLAN 1 (except management port 17) and all other settings to the factory defaults at the next reboot. VLANs and IP interfaces Carefully consider how you create VLANs within th e switch, so that communication with the switch [...]
-
Page 59
VLANs 59 VLAN configuration rules VLANs operate according to specifi c configuration rules which must be considered when creating VLAN s. For example: • HP recommends that all ports involved in trun king and Port Mirroring have the same VLAN configuration. If a port is on a trunk with a mirroring port, the VLAN configuration cannot be changed. Fo[...]
-
Page 60
VLANs 60 Multiple VLANS with tagging The following figure sh ows only those switch-port-to-ser ver links that must be configured for the example. While not shown, all other server links remain set at their default settings. Figure 8 Multiple VLANs with VLAN tagging The features of this VLAN are de scribed in the following table: Table 10 Multiple V[...]
-
Page 61
VLANs 61 Table 10 Multiple VLANs with tagging Component Description Blade Server #1 This high-use blad e server needs to be accessed from all VLANs and IP subnets. The server has a VLAN-tagging adapter installed with VLAN tagging turned on. One adapter is attached to one of the switch's 10 Gbps ports, that is configured for VLANs 1 and 2. One [...]
-
Page 62
VLANs 62 2. Configure the VLANs and their member ports. Since all ports are by default configured for VLAN 1, configure only those ports that belong to VLAN 2. >> /cfg/l2/vlan 2 >> VLAN 2# add 1 (Add port 1 to VLAN 2) Current ports for VLAN 2: empty Pending new ports for VLAN 2: 1 >> VLAN 2# add 18 (Add port 18 to VLAN 2) Current [...]
-
Page 63
VLANs 63 Configuring ports and VLANs on Switch 2 (CLI example) To configure ports and VLANs on Switch 2, do the following: 1. On Switch 2, enable VLAN tagging on the neces sary ports. Port 4 (connection to server 2) remains untagged, so it is not configured below. Main# /cfg/port 2 (Select port 2: connection to server 1) >> Port 2# tag e Curr[...]
-
Page 64
VLANs 64 Configuring ports and VLANs on Switch 1 (BBI example ) To configure ports and VLANs on Switch 1, do the following: 1. On the switch 1, enable VLAN tagging o n the necessary ports. a. Click the Confi gure context button on the Toolbar. b. Open the Switch folder, and select Switch Ports (click the underlined text, not the folder). c. Click a[...]
-
Page 65
VLANs 65 d. Enable the port and enable VLAN tagging. e. Click Submit. 2. Configure the VLANs and their member ports. a. Open the Virtual LANs folder, and select Add VLAN.[...]
-
Page 66
VLANs 66 b. Enter the VLAN name, VLAN ID number, and enable the VLAN. To add ports, select each port in the Ports Available list and click Add. Since all ports are configured for VLAN 1 by default, configure only those ports that belong to VLAN 2. c. Click Submit. The external Layer 2 switch es should al so be configured for VLANs and tagging. 3. A[...]
-
Page 67
VLANs 67 FDB static entries are permanent, so the FDB Agin g value does not apply to them. Static entries are manually added to the FDB, and manually deleted from the FDB. Incoming frames that cont ain the static entry as the source MAC can use only ports configu red for the static entry. Trunking support for FDB static entries A FDB static entry c[...]
-
Page 68
Spanning Tree Protocol 68 S panning T r ee Pr otocol Introduction When multiple paths exist on a network, Spanning Tr ee Protocol (STP) configur es the network so that a switch uses only the most effi cient path. The following topics are disc ussed in this chapter: • Overview • Bridge Protocol Data Units (BPDUs) • Spanning Tree Group (STG) co[...]
-
Page 69
Spanning Tree Protocol 69 Determining the path for forwarding BPDUs When determining which port to use for forwarding an d which port to block, the switch uses information in the BPDU, including each bridge priorit y ID. A technique based on the lowest root cost is then computed to determine the most efficient path for forwarding. Bridge priority T[...]
-
Page 70
Spanning Tree Protocol 70 Adding a VLAN to a Spanning Tree Group If no VLANs exist beyond the default VLAN 1, see the “Creating a VLAN” sect ion in this chapter for information on adding ports to VLANs. Add the VLAN to the STG using the command /cfg/l2/stp < stg number >/add < vlan number > . Creating a VLAN When you create a VLAN, [...]
-
Page 71
Spanning Tree Protocol 71 The relationship between ports, trun k groups, VLANs, and spanning trees is show n in the following table. Table 11 Ports, trunk groups, and VLANs Switch element Belongs to Port Trunk group, or one or more VLANs Trunk group Only one VLAN VLAN (non-default) One Spanning Tree Group Assigning cost to ports and trunk groups Wh[...]
-
Page 72
Spanning Tree Protocol 72 Figure 9 Two VLANs on one instance of Spanning Tree Proto col In the following figure, VLAN 1 and VLAN 2 belong to different Spanni ng Tree Groups. The two instances of spanning tree separate the topolo gy without forming a loop, so that both VLANs can forward packets between the switches with out losing connectivity. Figu[...]
-
Page 73
Spanning Tree Protocol 73 Configuring Multiple Spanning Tree Groups This section explains how to assign each VLAN to its own Spanning Tree Group on the switches 1 and 2. By default, Spanning Tree Groups 2-127 are empty, and Spanning Tr ee Group 1 co ntains all configured VLANs until individual VLANs are explicitly assign ed to other Spanning Tree G[...]
-
Page 74
Spanning Tree Protocol 74 Configuring Switch 1 (BBI example) 1. Configure port and VLAN membership on Switch 1 as described in the “Configuring ports and VLANs on Switch 1 (BBI example)” secti on, in the “VLANs” chapter of this guide. 2. Add VLAN 2 to Spanning Tree Group 2. a. Click the Confi gure context button on the Toolbar. b. Select Sp[...]
-
Page 75
Spanning Tree Protocol 75 d. Enter the Spanning Tree Group number and set th e Switch Spanning Tree State to on. T o add a VLAN to the Spanning Tree Group, select th e VLAN in the VLANs Available list, and click Add. VLAN 2 is automatically removed from Spanning Tree Group 1. e. Scroll down, and click Submit. 3. Apply, verify, and save the configur[...]
-
Page 76
Spanning Tree Protocol 76 Port Fast Forwarding Port Fast Forwarding permits a port that partici pates in Spanning Tree to bypass the Listening and Learning states and enter directly in to the Forwarding state. While in the Forward ing state, the port listens to the BPDUs to learn if there is a loop and, if dictat ed by normal STG behavior (f ollowi[...]
-
Page 77
RSTP and MSTP 77 R S TP and M S TP Introduction Rapid Spanning Tree Protocol (I EEE 802.1w) enhances the Spanning Tree Protocol (IEEE 802.1d) to provide rapid convergence on Spanning Tree Group 1. Multiple Spanning Tr ee Protocol (IEEE 802.1s) extends the Rapid Spanning Tree Protocol to prov ide both rapid convergence and load balancing in a VLAN e[...]
-
Page 78
RSTP and MSTP 78 Port type and link type Spanning Tree Configuration includes the follo wing parameters to support RSTP and MSTP: • Edge port • Link type Although these parameters are con figured for Spanning Tree Groups 1-128 ( /cfg/l2/stp y/port x ), they only take effect when RSTP/MSTP is turned on. Edge port A port that connects to a server[...]
-
Page 79
RSTP and MSTP 79 Configuring Rapid Spanning Tree Protocol (BBI example) 1. Configure port and VLAN membership on the switch, as described in the “Configuring ports and VLANs (BBI example)” section in the “VLANs” chapter of this guide. 2. Configure RSTP general parameters. a. Click the Confi gure context button on the Toolbar. b. Open the MS[...]
-
Page 80
RSTP and MSTP 80 3. Apply, verify, and save the configuration. Multiple Spanning Tree Protocol IEEE 802.1s Multiple Spanning Tree ext ends the I EEE 802.1w Rapid Spanning Tree Protocol through multiple Spanning Tree Groups. MSTP maintains up to 32 spanning-tree instances that correspond to STP Groups 1-32. In Multiple Spanning Tree Protocol (MSTP),[...]
-
Page 81
RSTP and MSTP 81 MSTP configuration guidelines This section provides imp ortant information about configuring Multiple Spanning Tree Gr oups: • When you turn on MSTP, the switch automatic ally moves VLAN 1 to the Common Internal Spanning Tree (CIST). • Region Name and revision level must be configured . Each bridge in the region must have the s[...]
-
Page 82
RSTP and MSTP 82 Configuring Multiple Spanning Tree Protocol (BBI example) 1. Configure port and VLAN membership on the switch, as described in the “Configuring ports and VLANs (BBI example)” section in the “VLANs” chapter of this guide. 2. Configure MSTP general parameters. a. Click the Confi gure context button on the Toolbar. b. Open the[...]
-
Page 83
RSTP and MSTP 83 3. Configure Common Internal Spanning Trees (CIST) bridge parameters. a. Open the MSTP/RSTP folder, and select CIST-Bridge. b. Enter the Bridge Priority, Maximu m Age, and Forward Delay values. c. Click Submit.[...]
-
Page 84
RSTP and MSTP 84 4. Configure Common Internal Spanning Tree (CIST) port parameters. a. Open the MSTP/RSTP folder, and select CIST-Ports. b. Click a port number to select it.[...]
-
Page 85
RSTP and MSTP 85 c. Enter the Port Priority, Path Cost, and select the Link Type. Set the CIST Port State to ON. d. Click Submit. 5. Apply, verify, and save the configuration.[...]
-
Page 86
Quality of Service 86 Qualit y of Se r v ice Introduction Quality of Service features allow you to allocate network resources to mission-critical applications at the expense of applications that are less sensitive to such factor s as time delays or network congestion. You can configure your network to priori tize specifi c types of traffic, ensu ri[...]
-
Page 87
Quality of Service 87 The basic HP 10GbE switch Qo S model works as follows: • Classify traffic: ○ Read 802.1p Priority. ○ Match ACL filter parameters. • Meter traffic: ○ Define bandwidth and burst parameters. ○ Select actions to perform on in-pro file and out-of-profile traffic. • Perform actions: ○ Drop packets. ○ Pass packets. [...]
-
Page 88
Quality of Service 88 Table 14 Well-known protocol types Number Protocol Name 89 ospf 112 vrrp • TCP/UDP ○ TCP/UDP application source port, as shown in th e table titled “Well-Known Application Ports” ○ TCP/UDP application destination port, as shown in the table titled “Well-Known Application Ports” ○ TCP/UDP flag value, as shown in[...]
-
Page 89
Quality of Service 89 • Packet Format ○ Ethernet format (eth2, SNAP, LLC) ○ Ethernet tagging format • Egress port packets Note that the egress port ACL will not match a br oadcast, multicast, unknown unic ast, or Layer 3 packet. The egress port ACL will not match packets if the destination port is a trunk member. Summary of ACL actions Acti[...]
-
Page 90
Quality of Service 90 Using ACL Groups Access Control Li sts (ACLs) allow you to classify pac kets according to a particular content in the packet header, such as the source address, destination addres s, source port number, destination port number, and others. Packet classifie rs identify flows for more processing. You can define a traffic profile[...]
-
Page 91
Quality of Service 91 ACL Metering and Re-marking You can define a profile for the aggregate traffic fl owing through the HP 10GbE switch, by configurin g a QoS meter (if desired), and assignin g ACL Groups to ports. When yo u add ACL Groups to a port, make sure they are ordered correctly in term s of precedence. For example, consider two ACL Group[...]
-
Page 92
Quality of Service 92 ACL configuration examples Configure Access Control Lists (CLI example) The following configuration examples illustrate how to use Access Co ntrol Lists (ACLs) to block traffic. These basic configurations illustrate co mmon principles of ACL filtering. NOTE: Each ACL filters traffic th at ingresses on the port to which the ACL[...]
-
Page 93
Quality of Service 93 • Example 3 Use this configuration to block traffic from a source that is destined for a specific egress port. >> Main# /cfg/acl/acl 1 (Define ACL 1) >> ACL 1# ethernet/smac 00:21:00:00:00:00 ff:ff:ff:ff:ff:ff >> Filtering Ethernet# .. >> ACL 1# action deny >> ACL 1# stats e >> ACL 1# /cfg[...]
-
Page 94
Quality of Service 94 c. Configure the ACL parameters. Set the Filter Act ion to Deny, the Ethernet Type to IPv4, and the Destination IP Address to 100.10.1.116 . d. Click Submit. 2. Apply, verify, and save the configuration.[...]
-
Page 95
Quality of Service 95 3. Add ACL 1 to port 1. a. Click the Confi gure context button on the Toolbar. b. Select Switch Ports (click the underlined text, not the folder). c. Select a port.[...]
-
Page 96
Quality of Service 96 d. Add the ACL to the port. e. Click Submit. 4. Apply, verify, and save the configuration.[...]
-
Page 97
Quality of Service 97 Using DSCP values to provide QoS The six most significant bits in the TOS byte of the IP header are defined as Di ffServ Code Points (DSCP). Packets are marked with a certain value depending on th e type of treatment the packet must receive in the network device. DSCP is a measure of the Qual ity of Service (QoS) level of the [...]
-
Page 98
Quality of Service 98 • Class Selector (CS)—This P HB has eight priority clas ses, with CS7 representing the highest priority, and CS0 representing the lowest priority, as sh own below. CS PHB is described in RFC 2474. Table 18 Class selector priority cla sses Priority Class Selector DSCP Highest CS7 56 CS6 48 CS5 40 CS4 32 CS3 24 CS2 16 CS1 8 [...]
-
Page 99
Quality of Service 99 The IEEE 802.1p standard uses eight le vels of priority (0-7). Priority 7 is assigned to highest priority network traffic, such as OSPF or RIP routing table u pdates, priorities 5-6 are assigned to delay-sensitive applications such as voice and vide o, an d lower priorities are assign ed to standard applications. A value of 0 [...]
-
Page 100
Quality of Service 100 802.1p configuration (CLI example) 1. Configure a port’s default 802.1 priority. >> Main# cfg/port 20 (Select port) >> Port 20# 8021ppri (Set port’s default 802.1p priority) Current 802.1p priority: 0 Enter new 802.1p priority [0-7]: 1 >> Port 20# apply 2. Map the 802.1p priority value to a COS queu e an[...]
-
Page 101
Quality of Service 101 c. Select a port.[...]
-
Page 102
Quality of Service 102 d. Set the 802.1p priority value. e. Click Submit.[...]
-
Page 103
Quality of Service 103 2. Map the 802.1p priority value to a COS queue. a. Click the Confi gure context button on the Toolbar. b. Open the 802.1p folder, and select Priority - CoS. c. Select an 802.1p priority value. d. Select a Class of Service queue (CoSQ) to correlate with the 802.1p priority value. e. Click Submit.[...]
-
Page 104
Quality of Service 104 3. Set the COS queue scheduling weight. a. Click the Confi gure context button on the Toolbar. b. Open the 802.1p folder, and select CoS - Weight. c. Select a Class of Service queue (CoS).[...]
-
Page 105
Quality of Service 105 d. Enter a value for the weight of the Class of Service queue. e. Click Submit. 4. Apply, verify, and save the configuration. Queuing and scheduling The switch can be confi gured with either two or eigh t output Class of Service queues (COSq), into which each packet is placed. Each packe t’s 802.1p priority determines its C[...]
-
Page 106
Basic IP routing 106 Basi c IP r outing This chapter provides configuration background and ex amples for using the HP 10GbE switch to perform IP routing functions. The following to pics are addressed in this chapter: • IP Routing Benefit s • Routing Between IP Sub nets • Example of Subnet Routing • Defining IP Address Ranges for the L ocal [...]
-
Page 107
Basic IP routing 107 For example, consider the follow ing topology migration: Figure 14 Router legacy n etwork In this example, a corporate campus has migrated from a router-centric topology to a faster, more powerful, switch-based topolo gy. As is often the case, the legacy of network growth and redesign has left the system with a mix of illogical[...]
-
Page 108
Basic IP routing 108 Take a closer look at the HP 10GbE switch in the following configuration example: Figure 15 Switch-based routing topology The switch connects the Gigabit Ethernet and Fast Ethernet trunks from various switched s ubnets throughout one building. Common serv ers are placed on another subnet attached to the switch. Primary and back[...]
-
Page 109
Basic IP routing 109 Example of subnet routing Prior to configuring, you must be conn ected to the switch Command Line Interface (CLI ) as the administrator. NOTE: For details about accessing and using any of the menu commands described in this example, see the HP 10Gb Ethernet BL-c Switch Command Reference. 1. Assign an IP address (or document the[...]
-
Page 110
Basic IP routing 110 8. Configuring t he default gateways allows the switch to send outbound traffic to the routers: >> IP Interface 5# ../gw 1 (Select primary default gateway) >> Default gateway 1# addr 205.21.17.1(Assign IP address) >> Default gateway 1# ena (Enable primary default gateway) >> Default gateway 1# ../gw 2 (S[...]
-
Page 111
Basic IP routing 111 4. The VLANs shown in the table above are configured as follows: >> # /cfg/l2/vlan 1(Select VLAN 1) >> VLAN 1# add port 20 (Add port for 1st floor to VLAN 1) >> VLAN 1# add port 21 (Add port for 2nd floor to VLAN 1) >> VLAN 1# ena (Enable VLAN 1) >> VLAN 1# ../VLAN 2 (Select VLAN 2) >> VLAN 2[...]
-
Page 112
Basic IP routing 112 Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol (DHCP) is a transport protocol that provides a framework for automatically assigning IP addresses and configuration information to other IP hosts or clients in a large TCP/IP network. Without DHCP, the IP address must be entered manually for each network de[...]
-
Page 113
Basic IP routing 113 DHCP relay agent configuration To enable the switch to be the BOOTP fo rwarder, you need to configure the DHCP/BOO TP server IP addresses on the switch. Generally, you should configur e the c ommand on the switch IP interface closest to the client so that the DHCP server knows from which IP subnet the newly allocated IP address[...]
-
Page 114
Routing Information Proto col 114 R outing Inf or matio n Pr otocol In a routed environment, routers commun icate with on e another to k eep track of available routes. Routers can learn about available routes dynamically, using the Routing Information Protocol (RIP). HP 10GbE switch software supports RIP version 1 (RIPv1) and RIP version 2 (RIPv2) [...]
-
Page 115
Routing Information Proto col 115 RIPv1 RIP version 1 use broadcast User Datagram Protocol (UDP) data packets for the regular routing u pdates. The main disadvantage is that the routing updates do not carry subnet mask information. Hence, the router cannot determine wh ether the route is a subnet rout e or a host route. It is of limited usage after[...]
-
Page 116
Routing Information Proto col 116 Multicast RIPv2 messages use IP multicast address (224.0.0. 9) for periodic broadc asts. Multicast RIPv2 announcements are not pro cessed by RIPv1 routers. IGMP is not needed since these are int er-router messages which are not forwarded. To configure RIPv2 in RIPv1-compatib ility mode, set multicast to disable . D[...]
-
Page 117
Routing Information Proto col 117 RIP configuration example NOTE: An interface RIP disabled uses all the default values of the RIP, no matter how the RIP parameters are configured for that interface. RIP sends out RIP regular updates to include an Up interface, but not a Down interface. 1. Add VLANs for routing inte rfaces. >> Main# cfg/l2/vl[...]
-
Page 118
IGMP Snooping 118 IG MP Snoop ing Introduction IGMP Snooping allows the switch to forward multicast traffic only to those ports that request it. IGMP Snooping prevents multicast traffic fr om being flooded to all data ports. The switc h learns which server hosts are interested in receiving mult icast traffic, and forwards it only to ports connected[...]
-
Page 119
IGMP Snooping 119 • The host can send an IGMPv2 Leave report to th e switch, which sends a proxy Leave report to the Mrouter. The multicast path is terminated immediately. A maximum of 8 VLANs can b e configured for IGMP Snooping. Th e switch can learn up to 16 multica st routers, and supports up to 1,000 multicast group s. IGMPv3 IGMPv3 includes[...]
-
Page 120
IGMP Snooping 120 IGMP Filtering With IGMP Filtering, you can allow or deny a port to send and receive multicast tr affic to certain multicast groups. Unauthorized users are restr icted from streaming multicast tra ffic across the network. If access to a multicast group is denied, IGMP Membership Reports from the port for that group are dropped, an[...]
-
Page 121
IGMP Snooping 121 Static multicast router A static multicast router (Mrouter) can be configured for a particular port on a particular VLAN. A static Mrouter does not have to be learned through IGMP Snooping. You can configur e static Mrouters on any switch port except the management port 17. The switch supports up to total of sixteen static Mr oute[...]
-
Page 122
IGMP Snooping 122 Configuring IGMP Filtering (CLI example) 1. Enable IGMP Filtering on th e switch. >> /cfg/l3/igmp/igmpflt (Select IGMP Filtering menu) >> IGMP Filter# ena (Enable IGMP Filtering) Current status: disabled New status: enabled 2. Define an IGMP Filter. >> //cfg/l3/igmp/igmpflt (Select IGMP Filtering menu) >>IG[...]
-
Page 123
IGMP Snooping 123 Configuring IGMP Snooping (BBI example) 1. Configure port and VLAN membership on the switch, as described in the “Configuring ports and VLANs (BBI example)” section in the “VLANs” chapter. 2. Configure IG MP Snooping. a. Click the Confi gure context button. b. Open the IGMP folder, and select IGMP Snooping (click the under[...]
-
Page 124
IGMP Snooping 124 c. Enable IGMP Snooping. d. Click Submit. 3. Apply, verify, and save the configuration.[...]
-
Page 125
IGMP Snooping 125 Configuring IGMP Filtering (BBI example) 1. Configure IG MP Snooping. 2. Enable IGMP Filtering. a. Click the Confi gure context button. b. Open the IGMP folder, and select IGMP Filters (click the underlined text, not the folder). c. Enable IGMP Filtering globally. d. Click Submit.[...]
-
Page 126
IGMP Snooping 126 3. Define the IGMP Filt er. a. Select Layer 3 > IGMP > IGMP Filters > Add Filter. b. Enable the IGMP Filter. Assign the range of IP mu lticast addresses and the filter action (allow or deny). c. Click Submit.[...]
-
Page 127
IGMP Snooping 127 4. Assign the filter to a port and enable IG MP Filtering on the port. a. Select Layer 3 > IGMP > IGMP Filters > Switch Ports. b. Select a port from the list.[...]
-
Page 128
IGMP Snooping 128 c. Enable IGMP Filtering on the port. Select a filter in the IGMP Filters Available list, and click Add. d. Click Submit. 5. Apply, verify, and save the configuration.[...]
-
Page 129
IGMP Snooping 129 Configuring a Static Multicast Router ( BBI example) 1. Configure Static Mr outer. a. Click the Confi gure context button. b. Open the Switch folder and select Layer 3 > IGMP > IGMP Static Mrouter > Add Mrouter. c. Enter a port number, VLAN ID number, and IGMP version nu mber. d. Click Submit.[...]
-
Page 130
IGMP Snooping 130 2. Apply, verify, and save the configuration.[...]
-
Page 131
OSPF 131 OS P F The HP 10GbE switch soft ware supports the Open Shortest Path First (OSPF) ro uting protocol. The switch implementation conforms to the OSPF version 2 sp ecifications detailed in Internet RFC 1583. The following sections di scuss OSPF support for the HP 10GbE switch: • OSPF Overview: This section provides information on OSPF conce[...]
-
Page 132
OSPF 132 Figure 17 OSPF area types Types of OSPF routing devices As shown in the figure, OSPF uses th e following types of routing devices: • Internal Router (IR)—a router that has all of its interfaces within the same area. IRs maintain LSDBs identical to those of other routin g devices within the local area. • Area Border Router (AB R)—a [...]
-
Page 133
OSPF 133 Neighbors and adjacencies In areas with two or more routing device s, neighbors and adjacencies are formed. Neighbors are routing device s that maintain informatio n about each others’ health . To establish neighbor relationships, routing devi ces periodically send hello packets on ea ch of their interfaces. All routing devices that shar[...]
-
Page 134
OSPF 134 Internal versus external routing To ensure effective pro cessing of network traffic, every routing device on your n etwork needs to know how to send a packet (directly or indirectly) to any ot her location/destination in your network. This is referred to as internal routing and can be done with static routes or usin g active internal rou t[...]
-
Page 135
OSPF 135 • Stub area metric—A stub area can be configured to send a numeric metric value such that all routes received via that stub area carry the configured metric to potentially infl uence routing deci sions. • Default routes—Default ro utes with weight metrics ca n be manually injected into transit areas. This helps establish a preferre[...]
-
Page 136
OSPF 136 Using the area ID to assign the OSPF area number The OSPF area number is defined in the areaid <IP address> option. The octet format is used in order to be compatible with two different systems of notation used by other OSPF network ven dors. There are two valid ways to designate an area ID: • Placing the area number in the last oc[...]
-
Page 137
OSPF 137 Electing the designated router and backup In any area with more than two routing devices, a Desi gnated Router (DR) is elected as the c entral contact for database exchanges among neighbors, and a Backup Designated Router (BDR) is elected in case the DR fails. DR and BDR elections are made through the hello proces s. The election can be in[...]
-
Page 138
OSPF 138 In more complex OSPF areas with multiple ABRs or AS BRs (such as area 0 and area 2 in the figur e), there are multiple routes leading from the area. In such ar eas, traffic for unrecognized destinations cannot tell which route leads upstream wi thout further configuration. To resolve the situation and select one default route among multipl[...]
-
Page 139
OSPF 139 Authentication OSPF protocol exchanges can be auth enticated so that only trusted ro uting devices can participate. This ensures less proces sing on routing devices that are not listening to OSPF pack ets. OSPF allows packet authentication and uses IP mu lticast when sending and receiving packets. Routers participate in routing domains bas[...]
-
Page 140
OSPF 140 Use the following commands to con f igure MD5 authentication on the switches shown in the figure: 1. Enable OSPF MD5 authentication for Area 0 on switch es 1, 2, and 3 >> # /cfg/l3/ospf/aindex 0/auth md5 2. Configure MD5 key ID for Area 0 on switches 1, 2, and 3. >> # /cfg/l3/ospf/md5key 1/key test 3. Assign MD5 key ID to OSP F[...]
-
Page 141
OSPF 141 OSPF features not supported in this release The following OSPF features are not supported in this relea se: • Summarizing external routes • Filtering OSPF routes • Using OSPF to forward multicast routes • Configuring OSPF on non-broadcast multi-access ne tworks (such as frame relay, X.25, and ATM) OSPF configuration examples A summ[...]
-
Page 142
OSPF 142 Follow this procedure to config ure OSPF support as shown in the figure. 1. Configure IP interfaces on eac h network that will be attached to OSPF areas. 2. In this example, two IP interfaces are needed : one for the backbone networ k on 10.10.7.0/24 and one for the stub area network on 1 0.10.12.0/24. >> # /cfg/l3/if 1 (Select menu [...]
-
Page 143
OSPF 143 b. Open the IP Interfaces folder, and select Add IP Interface. c. Configure an IP interface. Enter the IP address, subnet mask, and enable the interface. d. Click Submit. 2. Apply, verify, and save the configuration.[...]
-
Page 144
OSPF 144 3. Enable OSPF. a. Open the OSPF Routing Protocol folder, and select General. b. Enable OSPF.[...]
-
Page 145
OSPF 145 c. Click Submit. 4. Configure OS PF Areas. a. Open the OSPF Areas folder, and sele ct Add OSPF Area. b. Configure the OSPF backbone area 0.[...]
-
Page 146
OSPF 146 c. Click Submit. d. Select Add OSPF Area. e. Configure the OSPF area 1. f. Click Submit.[...]
-
Page 147
OSPF 147 5. Configure OSPF Interfaces. a. Open the OSPF Interfaces folder, and select Add OSPF Interface.[...]
-
Page 148
OSPF 148 b. Configure the OSPF Interface 1, and at tach it to the backbone area 0. c. Click Submit. d. Select Add OSPF Interface.[...]
-
Page 149
OSPF 149 e. Configure the OSPF Interface 2, and attach it to the stub area 1. f. Click Submit. 6. Apply, verify, and save the configuration.[...]
-
Page 150
OSPF 150 Example 2: Virtual links In the example shown in the following fi gure, area 2 is not physically c onnected to the backbone as is usually required. Instead, area 2 will be connected to the backbone via a virtual link through area 1. T he virtual link must be configured at each endpoint. Figure 22 Configuring a virtual link Configuring OSPF[...]
-
Page 151
OSPF 151 8. Attach the network interface to the backbone. >> OSPF Area (index) 1 # ../if 1 (Select OSPF menu for IP interface 1) >> OSPF Interface 1 # aindex 0 (Attach network to backbone index) >> OSPF Interface 1 # enable (Enable the backbone interface) 9. Attach the network interface to the transit area. >> OSPF Interface[...]
-
Page 152
OSPF 152 8. Define the transit area. >> OSPF Area (index) 0 # ../aindex 1 (Select menu for area index 1) >> OSPF Area (index) 1 # areaid 0.0.0.1(Set the area ID for OSPF area 1) >> OSPF Area (index) 1 # type transit (Define area as transit type) >> OSPF Area (index) 1 # enable (Enable the area) 9. Define the stu b area. >[...]
-
Page 153
OSPF 153 Figure 23 Summarizing routes NOTE: You can specify a range of addresses to prevent advertising by using the hide option. In this example, routes in the range 36.12 8. 200.0 through 36.128.200.255 are kept private. Follow this procedure to config ure OSPF support on Switch A and Switch B, as shown in the figu re. 1. Configure IP i nterfaces[...]
-
Page 154
OSPF 154 7. Configure route summarization by specifying th e starting address and mask of the range of addresses to be summarized. >> OSPF Interface 2 # ../range 1 (Select menu for summary range) >> OSPF Summary Range 1 # addr 36.128.192.0 (Set base IP address of summary range) >> OSPF Summary Range 1 # mask 255.255.192.0(Set mask[...]
-
Page 155
Remote monitoring 155 R emote monitor i ng Introduction Remote Monitoring (RMON) allows net work de vic es to exchange network monitoring data. RMON performs the following major fun ctions: • Gathers cumulative statistics for Ethernet interfaces • Tracks a history of statisti cs for Ethernet interfaces • Creates and triggers alarms for user-d[...]
-
Page 156
Remote monitoring 156 Configuring RMON Statistics (CLI ex ample) 1. Enable RMON on each port where yo u wish to collect RMON statistics. >> /cfg/port 20/rmon (Select Port 20 RMON) >> Port 20 RMON# ena (Enable RMON) >> Port 20 RMON# apply (Make your changes active) >> Port 20 RMON# save (Save for restore after reboot) 2. View[...]
-
Page 157
Remote monitoring 157 2. Select a port.[...]
-
Page 158
Remote monitoring 158 3. Enable RMON on the port. 4. Click Su bmit. 5. Apply, verify, and save the configuration. RMON group 2—history The RMON History group allows you to sample and ar chive Ethernet statistics for a specific interface during a specific time interval. NOTE: RMON port statistics must be enabled for the port before an RMON history[...]
-
Page 159
Remote monitoring 159 Requested buckets ( /cfg/rmon/hist x/rbnum ) are the number of buckets, or data slots, requested by the user for each History Group. Granted buckets ( /info/rmon/hist x/gbnum ) are the number of buckets granted by the system, based on the amount of system memory available. The system grants a maximum of 50 buckets. Use an SNMP[...]
-
Page 160
Remote monitoring 160 Configure RMON History (BBI example) 1. Configure an RMON Hist ory group. a. Click the Confi gure context button. b. Open the Switch folder, and select RMON > History > Add History Group. 2. Configure RMON History Group parameters. 3. Click Su bmit. 4. Apply, verify, and save the configuration.[...]
-
Page 161
Remote monitoring 161 RMON group 3—alarms The RMON Alarm group allows you to define a set of thresh olds used to determin e network performance. When a configured thresho ld is cr ossed, an alarm is generated. Fo r example, you can configure the switch to issue an alarm if more than 1,000 CRC errors occur during a 10- minute time interval. Each A[...]
-
Page 162
Remote monitoring 162 Configure RMON Alarms (CLI example 2) 1. Configure the RMON Alarm paramet ers to track ICMP messages. >> /cfg/rmon/alarm 5 (Select RMON Alarm 5) >> RMON Alarm 5# oid 1.3.6.1.2.1.5.8.0 >> RMON Alarm 5# intrval 60 >> RMON Alarm 5# almtype rising >> RMON Alarm 5# rlimit 200 >> RMON Alarm 5# rev[...]
-
Page 163
Remote monitoring 163 c. Configure RMON Alarm Group parameters to check ifInOctets on port 20 once every hour. Enter a rising limit of two billion, and a rising event index of 6. This configuration creates an RMON alarm that checks ifInOctets on port 20 once every hour. If the statistic exceeds two billion, an alarm is generated th at triggers even[...]
-
Page 164
Remote monitoring 164 Configure RMON Alarms (BBI example 2) 1. Configure an RMON Alarm group. a. Click the Confi gure context button. b. Open the Switch folder, and select RMON > Alarm > Add Alarm Group. c. Configure RMON Alarm Group parameters to check icmpInEchos, with a polling interval of 60, a rising limit of 200, and a rising event in d[...]
-
Page 165
Remote monitoring 165 3. Apply, verify, and save the configuration. RMON group 9—events The RMON Event group allows you to define ev ents th at are triggered by alarms . An event can be a log message, an SNMP trap message, or both. When an alarm is generated, it triggers a corresponding event notification. Use the /cfg/rmon/alarm x/revtidx and /f[...]
-
Page 166
Remote monitoring 166 Configuring RMON Events (BBI exam ple) 1. Configure an RMON Event group. a. Click the Confi gure context button. b. Open the Switch folder, and select RMON > Event > Add Event Group. c. Configure RMON Event Group parameters. This configuration creates an R MON event that sends a SYSLOG message each time it is triggered b[...]
-
Page 167
High availability 167 Hi gh av ailability Introduction Switches support high availability network topologies. This release provides information about Uplink Failure Detection and Virtual Router Red undancy Protocol (VRR P). Uplink Failure Detection Uplink Failure Detection (UF D) is designed to support Network Adapter Teaming on HP server blades. F[...]
-
Page 168
High availability 168 Figure 24 Uplink Failure Detection for switch es Failure Detection Pair To use UFD, you must confi gure a Failure Detection Pair a nd then turn UFD on. A Failure Detection Pair consists of the following groups of ports: • Link to Monitor (LtM) The Link to Monitor group con sists of one uplink po rt (18-21), or one trunk grou[...]
-
Page 169
High availability 169 Configuration guidelines This section provides imp ortant information about configuring UFD: • UFD is required only when uplink-path redundan cy is not available on the blade switc hes. • Only one Failure Detection pair (one group of Links to Monitor and one group of Links to Disable) is supported on each switch (all VL AN[...]
-
Page 170
High availability 170 Configuring UFD on Switch 1 (CLI example) 1. Assign uplink ports (18-21) to be mo nitored for communication failur e. >> Main# /cfg/ufd/fdp ena (Enable Failure Detection Pair) >> FDP# ltm (Select Link to Monitor menu) >> Failure Link to Monitor# addport 19 (Monitor uplink port 19) 2. Assign downlink ports (1-[...]
-
Page 171
High availability 171 Configuring Uplink Failure Detection (BBI example) 1. Configure Uplink Fa ilure De tection. a. Click the Confi gure context button. b. Open the Switch folder, and select Uplink Failure Detection (click the underlined text, not the folder). c. Turn Uplink Failure Dete ction on, and then select FDP.[...]
-
Page 172
High availability 172 d. Enable the FDP. Select ports in the LtM Ports Available list, and click Add to place the ports into the Link to Monitor (LtM). Select ports in the LtD Ports Available list, and click Add to place the ports into the Link to Disable (LtD). e. Click Submit. 2. Apply, verify, and save the configuration.[...]
-
Page 173
High availability 173 VRRP overview In a high-availability network topology, no device can create a single point-of-failure for the network or force a single point-of-failu re to any other part of the network. This means that your network will remain in service despite the failure o f any single device. To ac hieve this usually requires redundancy [...]
-
Page 174
High availability 174 Master and backup virtual router Within each virtual router, one VRRP ro uter is selected to be the virtual router master. See “Selecting the Master VRRP Router” for an explan ation of the selection process. NOTE: If the IP address owner is available, it wi ll always become the virtual router master. The virtual router mas[...]
-
Page 175
High availability 175 A backup router can stop receiving advertisements fo r one of two reasons—the master can be down, or all communications links between the master and the backup can be down. If the master has failed, it is clearly desirable for the backup (or on e of the backups, if there is more than one) to become the master. NOTE: If the m[...]
-
Page 176
High availability 176 Figure 26 Active-Active red undancy HP 10GbE switch extensions to VRRP This section describes VRRP enhancem ents that are implemented in switch software: Tracking VRRP router priority The HP 10GbE switch soft ware supports a tracking func tion that dynamically modi fies the priority of a VRRP router, based on its current state[...]
-
Page 177
High availability 177 Virtual router deployment considerations Review the following issues described in this sectio n to prevent network problems when deploying virtual routers: • Assigning VRRP Virtual Router ID • Configuring the Switch for Tracking Assigning VRRP virtual router ID During the software upgrade process, VRRP virtual ro uter IDs [...]
-
Page 178
High availability 178 High availability configurations The HP 10GbE switche s offer flexibility in implementi ng redundant configurations . This section discusses the Active-Active conf iguration. Active-Active configuration The following figure shows an example configuration, where two switches are used as VRRP routers in an active-active configur[...]
-
Page 179
High availability 179 2. Configure client and server interfaces. /cfg/l3/if 1 (Select interface 1) >> IP Interface 1# addr 192.168.1.100 (Define IP address for interface 1) >> IP Interface 1# vlan 10 (Assign VLAN 10 to interface 1) >> IP Interface 1# ena (Enable interface 1) >> IP Interface 1# .. >> Layer 3# if 2 (Sele[...]
-
Page 180
High availability 180 Task 2: Configure Switch B 1. Configure por ts. /cfg/l2/vlan 10 (Select VLAN 10) >> VLAN 10# ena (Enable VLAN 10) >> VLAN 10# add 20 (Add port 20 to VLAN 10) >> VLAN 10# .. >> Layer 2# vlan 20 (Select VLAN 20) >> VLAN 20# ena (Enable VLAN 20) >> VLAN 20# add 21 (Add port 21 to VLAN 20) 2. Co[...]
-
Page 181
High availability 181 5. Enable tracking on ports. Set the priority of Virtua l Router 2 to 101, so that it becomes the Master. /cfg/l3/vrrp/vr 1 (Select VRRP virtual router 1) >> VRRP Virtual Router 1# track/ports/ena (Set tracking on ports) >> VRRP Virtual Router 1 Priority Tracking# .. >> VRRP Virtual Router 1# .. >> Virt[...]
-
Page 182
High availability 182 c. Configure port 20 as a member of VLAN 10 an d po rt 21 as a member of VLAN 20. Enable each VLAN. d. Click Submit. 2. Configure the following client and server interfaces: − IF 1 IP address = 192.168.1.100 Subnet mask = 255.255.255.0 VLAN 10 − IF 2 IP address = 10.10.12.1 Subnet mask = 255.255.255.0 VLAN 20 − IF 3 IP a[...]
-
Page 183
High availability 183 a. Open the IP Interfaces folder, and select Add IP Interface. b. Configure an IP interface. Enter the IP address, subnet mask, and VLAN membership. Enable the interface. c. Click Submit.[...]
-
Page 184
High availability 184 3. Configure the default gateways. Ea ch default gateway points to on e of the Layer 2 routers. a. Open the Default Gateways folder, and select Add Default Gateway. b. Configure the IP address for each default gateway. Enable the default gateways. c. Click Submit.[...]
-
Page 185
High availability 185 4. Turn on VRRP an d configure two Virtual Interface ro uters. a. Open the Virtual Router Redundancy Protocol folder, and select General.[...]
-
Page 186
High availability 186 b. Enable VRRP processing. c. Click Submit. d. Open the Virtual Routers folder, and sele ct Add Virtual Router.[...]
-
Page 187
High availability 187 e. Configure the IP address for Virtual Router 1 (VR1). Enable tracking on ports, and set the priority to 101. Enable The Virtua l Router. f. Click Submit. g. Select Add Virtual Router.[...]
-
Page 188
High availability 188 h. Configure the IP address for Virtual Router 2 (VR2). Enable tracking on ports, but set the priority to 100 (default value). Enable The Virtua l Router. i. Click Submit. 5. Turn off Spanning Tree globally. a. Open the Spanning Tree Groups folder, and select Add Spanning Tree Group. b. Select a Spanning Tree Group.[...]
-
Page 189
High availability 189[...]
-
Page 190
High availability 190 c. Enter Spanning Tree Group ID 1 and se t the Switc h Spanning Tree State to off. d. Click Submit. 6. Apply, verify, and save the configuration.[...]
-
Page 191
Troubleshooting tools 191 T r oubles hooting tools Introduction This appendix discusses some tools to help you use the Port Mirrorin g feature to troubleshoot common network problems on the switch. Port Mirroring The Port Mirroring feature on the swit ch is very useful for troubleshooting any con nection-oriented problem. Any traffic in or out of o[...]
-
Page 192
Troubleshooting tools 192 Ingress traffic is duplicated and sent to the mirro red port before processi ng, and egress traffic is duplicated and sent to the mi rrored port after processing. Configuring Port Mirroring (CLI example) To configure Port Mirrorin g for the example shown in the preceding figure: 1. Specify the monitoring port . >> # [...]
-
Page 193
Troubleshooting tools 193 Configuring Port Mirroring (BBI example) 1. Configure Port Mir roring. a. Click the Confi gure context button. b. Open the Switch folder, and select Port-Based Port Mirroring (click the underlined text, not the folder). c. Click a port number to se lect a monitoring port.[...]
-
Page 194
Troubleshooting tools 194 d. Click Add Mirrored P ort. e. Enter a port number for the mirrored port, and select the Port Mirror Direction. f. Click Submit. 2. Apply, verify, and save the configuration. 3. Verify the Port Mirror ing configuration on the switch.[...]
-
Page 195
Troubleshooting tools 195 Other network troubleshooting techniques Other network troublesh ooting techniques include the following. Console and Syslog messages When a switch experiences a problem, review the c onsole and Syslog messages. The switch displays these informative messages when state changes and sy stem problems occur. Syslog messages ca[...]
-
Page 196
Troubleshooting tools 196 • Stack Trace—If a fa tal software condition occurs, the switch dumps stack trace data to the console. If you have a console attached to the switch, captur e the console dump, and forward it to HP technical support.[...]
-
Page 197
Index 197 Inde x 8 802.1x port states, 49 A accessing the switch: defining source IP addresses, 20; RADIUS authentication, 21; security, 20; using the command line interface (CLI), 12 ACL Blocks and Groups, 90 ACL configuration exampl es, 92 ACL filters, 87 active-active redundancy, 1 75 allowable source IP address es, 20 B BBI: See Browser-Based I[...]
-
Page 198
Index 198 Q Quality of Service, 86 queuing and scheduli ng, 105 R RADIUS: port 1812 and 1645, 88; port 1813, 88 redundancy: active-active, 175; VRRP (Virtual Router Redundancy P rotocol), 175 re-mark, 91 Remote Authenticati on Dial-in User Service (RADIUS): authentication, 21; SSH/SCP, 34 Remote monitoring (RMON), 155 RIP (Routing Information Proto[...]