HP Switch Software

Contents

General steps for running a time protocol on the switch

TimeP time synchronization

SNTP time synchronization

Selecting a time synchronization protocol

Disabling time synchronization

SNTP: Selecting and configuring

Viewing and configuring SNTP (Menu)

Viewing and configuring SNTP (CLI)

Configuring (enabling or disabling) the SNTP mode

SNTP client authentication

Configuring the key-identifier, authentication mode, and key-value (CLI)

Configuring a trusted key

Associating a key with an SNTP server (CLI)

Enabling SNTP client authentication

Configuring unicast and broadcast mode for authentication

Viewing SNTP authentication configuration information (CLI)

Saving configuration files and the include-credentials command

TimeP: Selecting and configuring

Viewing, enabling, and modifying the TimeP protocol (Menu)

Viewing the current TimeP configuration (CLI)

Configuring (enabling or disabling) the TimeP mode

SNTP unicast time polling with multiple SNTP servers

Displaying all SNTP server addresses configured on the switch (CLI)

Adding and deleting SNTP server addresses

Adding addresses

Deleting addresses

Operating with multiple SNTP server addresses configured (Menu)

SNTP messages in the Event Log

Monitoring resources

Displaying current resource usage

Viewing information on resource usage

Policy enforcement engine

Usage notes for show resources output

When insufficient resources are available

Port Status and Configuration

Viewing port status and configuring port parameters

Connecting transceivers to fixed-configuration devices

Viewing port configuration (Menu)

Configuring ports (Menu)

Viewing port status and configuration (CLI)

Dynamically updating the show interfaces command (CLI/Menu)

Customizing the show interfaces command (CLI)

Error messages associated with the show interfaces command

Viewing port utilization statistics (CLI)

Operating notes for viewing port utilization statistics

Viewing transceiver status (CLI)

Operating notes

Enabling or disabling ports and configuring port mode (CLI)

Enabling or disabling flow control (CLI)

Port shutdown with broadcast storm

Viewing broadcast storm

Configuring auto-MDIX

Manual override

Configuring auto-MDIX (CLI)

Using friendly (optional) port names

Configuring and operating rules for friendly port names

Configuring friendly port names (CLI)

Configuring a single port name (CLI)

Configuring the same name for multiple ports (CLI)

Displaying friendly port names with other port data (CLI)

Listing all ports or selected ports with their friendly port names (CLI)

Including friendly port names in per-port statistics listings (CLI)

Searching the configuration for ports with friendly port names (CLI)

Uni-directional link detection (UDLD)

Configuring UDLD

Configuring uni-directional link detection (UDLD) (CLI)

Enabling UDLD (CLI)

Changing the keepalive interval (CLI)

Changing the keepalive retries (CLI)

Configuring UDLD for tagged ports

Viewing UDLD information (CLI)

Viewing summary information on all UDLD-enabled ports (CLI)

Viewing detailed UDLD information for specific ports (CLI)

Clearing UDLD statistics (CLI)

Uplink failure detection

Configuration guidelines for UFD

UFD enable/disable

UFD track data configuration

UFD minimum uplink threshold configuration

show uplink-failure-detection

UFD operating notes

Invalid port error messages

Power Over Ethernet (PoE/PoE+) Operation

Introduction to PoE

PoE terminology

Configuration options

Power priority operation

When is power allocation prioritized?

How is power allocation prioritized?

Configuring PoE operation

Disabling or re-enabling PoE port operation

Enabling support for pre-standard devices

Configuring the PoE port priority

Controlling PoE allocation

Manually configuring PoE power levels

Configuring PoE redundancy

Changing the threshold for generating a power notice

PoE/PoE+ allocation using LLDP information

Enabling or disabling ports for allocating power using LLDP

Enabling PoE detection via LLDP TLV advertisement

Viewing PoE when using LLDP information

Viewing the global PoE power status of the switch

Viewing PoE status on all ports

Viewing the PoE status on specific ports

Using the HP 2920 Switch with an external power supply

Using the XPS for additional PoE power

Determining the maximum available PoE power

Operating rules

Using redundant (N+1) power

Providing non-PoE redundant power

Configuring the HP 2920 PoE switches to use the XPS

Enabling and disabling power from the XPS

Configuring auto-recovery

Restoring the default external power supply settings

Distributing power to specified ports

Example: of the power-share option

Example: of adding a switch

Example: of using the force option

Reducing allocated external power

Example: configurations

Non-PoE configuration

PoE configuration for full PoE power to one XPS port

PoE configuration for multiple switches

Viewing power information

Examples for show external-power-supply

Examples for show power-over-ethernet commands

Example: for show running-config command

Planning and implementing a PoE configuration

Power requirements

Assigning PoE ports to VLANs

Applying security features to PoE configurations

Assigning priority policies to PoE traffic

PoE Event Log messages

Overview of port trunking

Port connections and configuration

Port trunk features and operation

Fault tolerance

Trunk configuration methods

Dynamic LACP trunk

Using keys to control dynamic LACP trunk configuration

Viewing and configuring a static trunk group (Menu)

Viewing and configuring port trunk groups (CLI)

Viewing static trunk type and group for all ports or for selected ports

Viewing static LACP and dynamic LACP trunk data

Dynamic LACP Standby Links

Configuring a static trunk or static LACP trunk group

Removing ports from a static trunk group

Enabling a dynamic LACP trunk group

Removing ports from a dynamic LACP trunk group

Viewing existing port trunk groups (WebAgent)

Trunk group operation using LACP

Default port operation

LACP notes and restrictions

802.1X (Port-based access control) configured on a port

Port securityconfigured on a port

Changing trunking methods

Static LACP trunks

Dynamic LACP trunks

VLANs and dynamic LACP

Blocked ports with older devices

Spanning Tree and IGMP

Half-duplex, different port speeds, or both not allowed in LACP trunks

Dynamic/static LACP interoperation

Trunk group operation using the "trunk" option

How the switch lists trunk data

Outbound traffic distribution across trunked links

Trunk load balancing using port layers

Enabling trunk load balancing

Port Traffic Controls

All traffic rate-limiting

Configuring in/out rate-limiting

Displaying the current rate-limit configuration

Operating notes for rate-limiting

ICMP rate-limiting

Guidelines for configuring ICMP rate-limiting

Configuring ICMP rate-limiting

Using both ICMP rate-limiting and all-traffic rate-limiting on the same interface

Viewing the current ICMP rate-limit configuration

Operating notes for ICMP rate-limiting

Notes on testing ICMP rate-limiting

ICMP rate-limiting trap and Event Log messages

Determining the switch port number used in ICMP port reset commands

Configuring inbound rate-limiting for broadcast and multicast traffic

Operating Notes

Configuring egress per-queue rate-limiting (2920, 3800, and 5400R switches only)

Configuration commands

Rate-limit queues out command

show rate-limit queues

Guaranteed minimum bandwidth (GMB)

Impacts of QoS queue configuration on GMB operation

Configuring GMB for outbound traffic

Viewing the current GMB configuration

GMB operating notes

Impact of QoS queue configuration on GMB commands

Operating rules

Configuring jumbo frame operation

Viewing the current jumbo configuration

Enabling or disabling jumbo traffic on a VLAN

Configuring a maximum frame size

Configuring IP MTU

SNMP implementation

Displaying the maximum frame size

Operating notes for maximum frame size

Operating notes for jumbo traffic-handling

Troubleshooting

A VLAN is configured to allow jumbo frames, but one or more ports drops all inbound jumbo frames

A non-jumbo port is generating "Excessive undersize/giant frames" messages in the Event Log

Configuring for Network Management Applications

Using SNMP tools to manage the switch

SNMP management features

SNMPv1 and v2c access to the switch

SNMPv3 access to the switch

Enabling and disabling switch for access from SNMPv3 agents

Enabling or disabling restrictions to access from only SNMPv3 agents

Enabling or disabling restrictions from all non-SNMPv3 agents to read-only access

Viewing the operating status of SNMPv3

Viewing status of message reception of non-SNMPv3 messages

Viewing status of write messages of non-SNMPv3 messages

Enabling SNMPv3

Group access levels

SNMPv3 communities

Viewing and configuring non-version-3 SNMP communities (Menu)

Listing community names and values (CLI)

SNMP notifications

Supported Notifications

General steps for configuring SNMP notifications

SNMPv1 and SNMPv2c Traps

SNMP trap receivers

SNMP trap when MAC address table changes

SNMPv2c informs

Configuring SNMPv3 notifications (CLI)

Network security notifications

Enabling Link-Change Traps (CLI)

Source IP address for SNMP notifications

Viewing SNMP notification configuration (CLI)

Configuring the MAC address count option

Displaying information about the mac-count-notify option

Advanced management: RMON

CLI-configured sFlow with multiple instances

Configuring sFlow (CLI)

Viewing sFlow Configuration and Status (CLI)

Configuring UDLD Verify before forwarding

UDLD time delay

UDLD configuration commands

RMON generated when user changes UDLD mode

General LLDP operation

Packet boundaries in a network topology

LLDP operation configuration options

Enable or disable LLDP on the switch

Enable or disable LLDP-MED

Change the frequency of LLDP packet transmission to neighbor devices

Change the Time-To-Live for LLDP packets sent to neighbors

Transmit and receive mode

SNMP notification

Per-port (outbound) data options

Remote management address

Options for reading LLDP information collected by the switch

LLDP and LLDP-MED standards compatibility

LLDP operating rules

IP address advertisements

Spanning-tree blocking

802.1X blocking

Configuring LLDP operation

Displaying the global LLDP, port admin, and SNMP notification status (CLI)

Configuring Global LLDP Packet Controls

Configuring SNMP notification support

Configuring per-port transmit and receive modes (CLI)

Basic LLDP per-port advertisement content

Support for port speed and duplex advertisements

Port VLAN ID TLV support on LLDP

Configuring the VLAN ID TLV

Viewing the TLVs advertised

LLDP-MED (media-endpoint-discovery)

LLDP-MED endpoint support

LLDP-MED endpoint device classes

LLDP-MED operational support

LLDP-MED fast start control

Advertising device capability, network policy, PoE status and location data

Location data for LLDP-MED devices

Viewing switch information available for outbound advertisements

Displaying the current port speed and duplex configuration on a switch port

Viewing advertisements currently in the neighbors MIB

Displaying LLDP statistics

LLDP Operating Notes

Neighbor maximum

LLDP packet forwarding

One IP address advertisement per port

802.1Q VLAN Information

Effect of 802.1X Operation

Neighbor data can remain in the neighbor database after the neighbor is disconnected

LLDP and CDP data management

LLDP and CDP neighbor data

CDP operation and commands

Viewing the current CDP configuration of the switch

Viewing the current CDP neighbors table of the switch

Enabling and Disabling CDP Operation

Enabling or disabling CDP operation on individual ports

Configuring CDPv2 for voice transmission

Filtering CDP information

Configuring the switch to filter untagged traffic

Displaying the configuration

Filtering PVID mismatch log messages

Introduction to DHCPv4

Authoritative server and support for DHCP inform packets

Authoritative pools

Authoritative dummy pools

Change in server behavior

DHCPv4 configuration commands

Enable/disable the DHCPv4 server

Configuring the DHCP address pool name

Specify a boot file for the DHCP client

Configure a default router for a DHCP client

Configure the DNS IP servers

Configure a domain name

Configure lease time

Configure the NetBIOS WINS servers

Configure the NetBIOS node type

Configure subnet and mask

Configure DHCP server options

Configure the range of IP address

Configure the static binding information

Configure the TFTP server domain name

Configure the TFTP server address

Change the number of ping packets

Change the amount of time

Configure DHCP Server to save automatic bindings

Configure a DHCP server to send SNMP notifications

Enable conflict logging on a DHCP server

Enable the DHCP server on a VLAN

Reset all DHCP server and BOOTP counters

Delete an automatic address binding

Display the DHCPv4 server address bindings

Display address conflicts

Display DHCPv4 server database agent

Display DHCPv4 server statistics

Display the DHCPv4 server IP pool information

Display DHCPv4 server global configuration information

Event Log Messages

Link Aggregation Control Protocol—Multi-Active Detection (LACP-MAD)

LACP-MAD commands

Configuration command

LACP-MAD overview

Scalability IP Address VLAN and Routing Maximum Values

Downloading switch software

General software download rules

Using TFTP to download software from a server

Downloading from a server to primary flash using TFTP (Menu)

Troubleshooting TFTP download failures

Downloading from a server to flash using TFTP (CLI)

Enabling TFTP (CLI)

Configuring the switch to download software automatically from a TFTP server using auto-TFTP (CLI)

Using SCP and SFTP

Enabling SCP and SFTP

Disabling TFTP and auto-TFTP for enhanced security

Enabling SSH V2 (required for SFTP)

SCP/SFTP operating notes

Troubleshooting SSH, SFTP, and SCP operations

Using Xmodem to download switch software from a PC or UNIX workstation

Downloading to primary flash using Xmodem (Menu)

Downloading to primary or secondary flash using Xmodem and a terminal emulator (CLI)

Using USB to transfer files to and from the switch

Downloading switch software using USB (CLI)

Switch-to-switch download

Switch-to-switch download to primary flash (Menu)

Downloading the OS from another switch (CLI)

Using IMC to update switch software

Copying software images

TFTP: Copying a software image to a remote host (CLI)

Xmodem: Copying a software image from the switch to a serially connected PC or UNIX workstation (CLI)

USB: Copying a software image to a USB device (CLI)

Transferring switch configurations

TFTP: Copying a configuration file to a remote host (CLI)

TFTP: Copying a configuration file from a remote host (CLI)

TFTP: Copying a customized command file to a switch (CLI)

Xmodem: Copying a configuration file to a serially connected PC or UNIX workstation (CLI)

Xmodem: Copying a configuration file from a serially connected PC or UNIX workstation (CLI)

USB: Copying a configuration file to a USB device (CLI)

USB: Copying a configuration file from a USB device (CLI)

Transferring ACL command files

TFTP: Uploading an ACL command file from a TFTP server (CLI)

Xmodem: Uploading an ACL command file from a serially connected PC or UNIX workstation (CLI)

Single copy command

Single copy command

Multiple management switches

Stacking switches

Standalone switches

Crash file options

USB: Uploading an ACL command file from a USB device (CLI)

Copying diagnostic data to a remote host, USB device, PC or UNIX workstation

Copying command output to a destination device (CLI)

Copying Event Log output to a destination device (CLI)

Copying crash data content to a destination device (CLI)

Flight Data Recorder (FDR)

Using USB autorun

Security considerations

Troubleshooting autorun operations

USB auxiliary port LEDs

AutoRun status files

Event log or syslog

Configuring autorun on the switch (CLI)

Autorun secure mode

Operating notes and restrictions

Autorun and configuring passwords

Viewing autorun configuration information

Monitoring and Analyzing Switch Operation

Status and counters data

Accessing status and counters (Menu)

General system information

Accessing system information (Menu)

Accessing system information (CLI)

Collecting processor data with the task monitor (CLI)

Task usage reporting

Switch management address information

Accessing switch management address information (Menu)

Accessing switch management address information (CLI)

Viewing port status (CLI)

Viewing port status (Menu)

Viewing port and trunk group statistics (WebAgent)

Port and trunk group statistics and flow control status

Accessing port and trunk statistics (Menu)

Accessing port and trunk group statistics (CLI)

Displaying trunk load balancing statistics

Clearing trunk load balancing statistics

Resetting the port counters

Viewing the switch's MAC address tables

Accessing MAC address views and searches (CLI)

Accessing MAC address views and searches (Menu)

Accessing MSTP Data (CLI)

Viewing internet IGMP status (CLI)

Viewing VLAN information (CLI)

WebAgent status information

Interface monitoring features

Configuring port and static trunk monitoring (Menu)

Configuring port and static trunk monitoring (CLI)

Displaying the monitoring configuration

Configuring the monitor port

Selecting or removing monitoring source interfaces

Troubleshooting

Troubleshooting approaches

Browser or Telnet access problems

Cannot access the WebAgent

Cannot Telnet into the switch console from a station on the network

Unusual network activity

General problems

The network runs slow; processes fail; users cannot access servers or other devices

Duplicate IP addresses

Duplicate IP addresses in a DHCP network

The switch has been configured for DHCP/Bootp operation, but has not received a DHCP or Bootp reply

802.1Q Prioritization problems

Ports configured for non-default prioritization (level 1 to 7) are not performing the specified action

Addressing ACL problems

ACLs are properly configured and assigned to VLANs, but the switch is not using the ACLs to filter IP layer 3 packets

The switch does not allow management access from a device on the same VLAN

Error (Invalid input) when entering an IP address

Apparent failure to log all "deny" matches

The switch does not allow any routed access from a specific host, group of hosts, or subnet

The switch is not performing routing functions on a VLAN

Routing through a gateway on the switch fails

IGMP-related problems

IP multicast (IGMP) traffic that is directed by IGMP does not reach IGMP hosts or a multicast router connected to a port

IP multicast traffic floods out all ports; IGMP does not appear to filter traffic

LACP-related problems

Unable to enable LACP on a port with the interface <port-number> lacp command

Port-based access control (802.1X)-related problems

The switch does not receive a response to RADIUS authentication requests

The switch does not authenticate a client even though the RADIUS server is properly configured and providing a response to the authentication request

During RADIUS-authenticated client sessions, access to a VLAN on the port used for the client sessions is lost

The switch appears to be properly configured as a supplicant, but cannot gain access to the intended authenticator port on the switch to which it is connected

The supplicant statistics listing shows multiple ports with the same authenticator MAC address

The show port-access authenticator <port-list> command shows one or more ports remain open after they have been configured with control unauthorized

RADIUS server fails to respond to a request for service, even though the server's IP address is correctly configured in the switch

The authorized MAC address on a port that is configured for both 802.1X and port security either changes or is re-acquired after execution of aaa port-access authenticator <port-list> initialize

A trunked port configured for 802.1X is blocked

QoS-related problems

Loss of communication when using VLAN-tagged traffic

Radius-related problems

The switch does not receive a response to RADIUS authentication requests

RADIUS server fails to respond to a request for service, even though the server's IP address is correctly configured in the switch

MSTP and fast-uplink problems

Broadcast storms appearing in the network

STP blocks a link in a VLAN even though there are no redundant links in that VLAN

Fast-uplink troubleshooting

SSH-related problems

Switch access refused to a client

Executing IP SSH does not enable SSH on the switch

Switch does not detect a client's public key that does appear in the switch's public key file (show ip client-public-key)

An attempt to copy a client public-key file into the switch has failed and the switch lists one of the following messages

Client ceases to respond ("hangs") during connection phase

TACACS-related problems

All users are locked out of access to the switch

No communication between the switch and the TACACS+ server application

Access is denied even though the username/password pair is correct

Unknown users allowed to login to the switch

System allows fewer login attempts than specified in the switch configuration

TimeP, SNTP, or Gateway problems

The switch cannot find the time server or the configured gateway

VLAN-related problems

None of the devices assigned to one or more VLANs on an 802.1Q-compliant switch are being recognized

Link configured for multiple VLANs does not support traffic for one or more VLANs

Duplicate MAC addresses across VLANs

Disabled overlapping subnet configuration

Mitigating flapping transceivers

Fault finder thresholds

Viewing transceiver information

Viewing information about transceivers (CLI)

Viewing transceiver information

Information displayed with the detail parameter

Viewing transceiver information for copper transceivers with VCT support

Testing the Cable

Using the Event Log for troubleshooting switch problems

Event Log entries

Clearing Event Log entries

Turning event numbering on

Using log throttling to reduce duplicate Event Log and SNMP messages

Log throttle periods

Example: of event counter operation

Reporting information about changes to the running configuration

Debug/syslog operation

Debug/syslog messaging

Hostname in syslog messages

Logging origin-id

Viewing the identification of the syslog message sender

Debug/syslog destination devices

Debug/syslog configuration commands

Configuring debug/syslog operation

Viewing a debug/syslog configuration

Debug destinations

Logging command

Configuring a syslog server

Adding a description for a Syslog server

Adding a priority description

Configuring the severity level for Event Log messages sent to a syslog server

Configuring the system module used to select the Event Log messages sent to a syslog server

Operating notes for debug and Syslog

Diagnostic tools

Port auto-negotiation

Ping and link tests

Executing ping or link tests (WebAgent)

Testing the path between the switch and another device on an IP network

Issuing single or multiple link tests

Tracing the route from the switch to a host address

Halting an ongoing traceroute search

A low maxttl causes traceroute to halt before reaching the destination address

If a network condition prevents traceroute from reaching the destination

Viewing switch configuration and operation

Viewing the startup or running configuration file

Viewing the configuration file (WebAgent)

Viewing a summary of switch operational data

Saving show tech command output to a text file

Customizing show tech command output

Viewing more information on switch operation

Searching for text using pattern matching with show command

Displaying the information you need to diagnose problems

Restoring the factory-default configuration

Resetting to the factory-default configuration

Using Clear/Reset

Restoring a flash image

Recovering from an empty or corrupted flash state

Basic operation

Configuring and using DNS resolution with DNS-compatible commands

Configuring a DNS entry

Using DNS names with ping and traceroute: Example:

Viewing the current DNS configuration

Operating notes

Event Log messages

Locating a switch (Locator LED)

MAC Address Management

Determining MAC addresses

Viewing the MAC addresses of connected devices

Viewing the switch's MAC address assignments for VLANs configured on the switch

Viewing the port and VLAN MAC addresses

Remote Device Deployment (TR-069)

Network Out-of-Band Management (OOBM)

OOBM and switch applications

OOBM configuration

Entering the OOBM configuration context from the general configuration context

Enabling and disabling OOBM

Enabling and disabling the OOBM port

Setting the OOBM port speed

Configuring an OOBM IPv4 address

Configuring an OOBM IPv4 default gateway

OOBM show commands

Showing the global OOBM and OOBM port configuration

Showing OOBM IP configuration

Showing OOBM ARP information

Application server commands

Application client commands

Support and other resources

Subscription service

Typographic conventions

Documentation feedback

Copyright © 2015 Hewlett-Packard Development Company, L.P.