HP (Hewlett-Packard) 445946-001 Bedienungsanleitung

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198

Zur Seite of

Richtige Gebrauchsanleitung

Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung HP (Hewlett-Packard) 445946-001 an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von HP (Hewlett-Packard) 445946-001, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.

Was ist eine Gebrauchsanleitung?

Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung HP (Hewlett-Packard) 445946-001 die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.

Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung HP (Hewlett-Packard) 445946-001. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.

Was sollte also eine ideale Gebrauchsanleitung beinhalten?

Die Gebrauchsanleitung HP (Hewlett-Packard) 445946-001 sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts HP (Hewlett-Packard) 445946-001
- Den Namen des Produzenten und das Produktionsjahr des Geräts HP (Hewlett-Packard) 445946-001
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts HP (Hewlett-Packard) 445946-001
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen

Warum lesen wir keine Gebrauchsanleitungen?

Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von HP (Hewlett-Packard) 445946-001 zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von HP (Hewlett-Packard) 445946-001 und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service HP (Hewlett-Packard) finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von HP (Hewlett-Packard) 445946-001 zu überspringen, wie es bei der Papierform passiert.

Warum sollte man Gebrauchsanleitungen lesen?

In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts HP (Hewlett-Packard) 445946-001, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.

Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von HP (Hewlett-Packard) 445946-001 widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.

Inhaltsverzeichnis der Gebrauchsanleitungen

  • Seite 1

    HP 1 0Gb Ether net BL -c S w itc h Appli cati on Gui de Part number: 445946-001 First edition: June 2007[...]

  • Seite 2

    2 Legal notices © 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to cha nge without no tice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty[...]

  • Seite 3

    Contents 3 Contents Accessing the switch Introduction ................................................................................................................... ........................ 9 Additional references .......................................................................................................... ................. 10 Typ[...]

  • Seite 4

    Contents 4 User access control ............................................................................................................ .................. 34 Setting up user IDs ............................................................................................................ .............. 35 Ports and trunking Introduction .........[...]

  • Seite 5

    Contents 5 Introduction ................................................................................................................... ...................... 68 Overview ....................................................................................................................... ..................... 68 Bridge Protocol Data Units ...[...]

  • Seite 6

    Contents 6 Using ACL Groups ............................................................................................................... ................ 90 ACL Metering an d Re-marking .................................................................................................... ........... 91 Meteri ng ...................................[...]

  • Seite 7

    Contents 7 Configuring IGMP Snoopin g (CLI exam ple) ................................................................................. 121 Configuring IGMP Filter ing (CLI example).................................................................................... 122 Configuring a Static Mrou ter (CLI example) .....................................[...]

  • Seite 8

    Contents 8 High availability Introduction ....................................................................................................................................... 167 Uplink Failure Detection ....................................................................................................... ............... 167 Failure Dete ction [...]

  • Seite 9

    Accessing the switch 9 A cces sing the s w itc h Introduction This guide will help you plan, implement, and adminis ter the switch software for the HP 10Gb Ethernet BL-c Switch. Where possible, each sect ion provides feature overviews, usage examples, and configuration instructions. • “Accessing the switch” describe s how to configure an d vi[...]

  • Seite 10

    Accessing the switch 10 Additional references Additional information about installing and configurin g the switch is available in the following guides, which are available at http://www.hp.com/go/blad esystem/documentation . • HP 10Gb Ethernet BL-c Switch User Guide • HP 10Gb Ethernet BL-c Switch Command Referen ce Guide • HP 10Gb Ethernet BL[...]

  • Seite 11

    Accessing the switch 11 ○ Untagged ○ Port VLAN ID (PVID): 4095 • VLAN 4095—Management VLAN 4095 isolat es mana gement traffic within the HP 10GbE switch. VLAN 4095 contains only one member port (p ort 17). No other ports can be memb ers of VLAN 4095. • Interface 250—Managem ent interface 250 is associ ated with VLAN 4095. No other inter[...]

  • Seite 12

    Accessing the switch 12 Using the command line interfaces The command line interface (CLI) can be accessed via local terminal conn ection or a remote session using Telnet or SSH. The CLI is the most direct method for co llecting switch information and performing swit ch configuration. The HP 10GbE switch provi des two CLI modes: The menu-based AOS [...]

  • Seite 13

    Accessing the switch 13 The following example shows how to manually configure an IP address on the switch: 1. Configure an IP interface for th e Telnet connection, usin g the sa mple IP address of 205.21.17.3. 2. The pending subnet mask address and broadcast address are automatically calculated. >> # /cfg/l3/if 1 (Select IP interface 1) >&[...]

  • Seite 14

    Accessing the switch 14 Using Simple Network Management Protocol The switch software provides SNMP v1.0 and SN MP v3.0 support for ac cess through any network management software, such as HP-OpenView. SNMP v1.0 To access the SNMP agent on the switch, the read and write community strings on the SNMP manager should be configured to match those on the[...]

  • Seite 15

    Accessing the switch 15 User configuration Users can be configured to us e th e authentication/privacy options. The HP 10GbE switch suppo rts two authentication algorithms: MD5 and SHA, as specified in the following command: /cfg/sys/ssnmp/snmpv3/usm < x >/auth md5|sha 1. To configure a user with name admin , authentication type MD5, authenti[...]

  • Seite 16

    Accessing the switch 16 View based configurations CLI user equivalent To configure an SNMP user equivalent to the CLI user , use the following configuration: /c/sys/ssnmp/snmpv3/usm 4 name "usr" (Configure the user) /c/sys/ssnmp/snmpv3/access 3 name "usrgrp" (Configure access group 3) rview "usr" wview "usr" [...]

  • Seite 17

    Accessing the switch 17 CLI oper equivalent To configure an SNMP user equivalent to the CLI oper , use the following configuration: /c/sys/ssnmp/snmpv3/usm 5 name "oper" (Configure the oper) /c/sys/ssnmp/snmpv3/access 4 name "opergrp" (Configure access group 4) rview "oper" wview "oper" nview "oper"[...]

  • Seite 18

    Accessing the switch 18 3. Configure an entry in the n otify table. /c/sys/ssnmp/snmpv3/notify 10 (Assign user to the notify table) name v1trap tag v1trap 4. Specify the IP address and other trap parameters in the Target Address( targetAddr) and Target Parameters (targetParam) t ables. Use the following command to spec ify the user name used wit h [...]

  • Seite 19

    Accessing the switch 19 SNMPv2 trap host configuration The SNMPv2 trap host configuration is similar to the SNMPv1 trap host configuration. Wherever you specify the model, specify snmpv2 instead of snmpv1 . c/sys/ssnmp/snmpv3/usm 10 (Configure user named “v2trap”) name "v2trap" /c/sys/ssnmp/snmpv3/access 10 (Define access group to vie[...]

  • Seite 20

    Accessing the switch 20 The following example shows how to configure a SNMPv3 user v3trap with authentication only: /c/sys/ssnmp/snmpv3/usm 11 (Configure user named “v3trap”) name "v3trap" auth md5 authpw v3trap /c/sys/ssnmp/snmpv3/access 11 (Define access group to view SNMPv3 traps) name "v3trap" level authNoPriv nview &quo[...]

  • Seite 21

    Accessing the switch 21 Configuring an IP address range for the management network Configure the management ne twork IP address and mask from the Syst em Menu in the CLI. For example: >> Main# /cfg/sys/access/mgmt/add Enter Management Network Address: 192.192.192.0 Enter Management Network Mask: 255.255.255.128 In this example, the management[...]

  • Seite 22

    Accessing the switch 22 Configuring RADIUS on the switch (CLI example) To configure RADIU S on the switch, do the following: 1. Turn RADIUS authentication on, an d then configure the Primary and Secondary RADIUS servers. For example: >> Main# /cfg/sys/radius (Select the RADIUS Server menu) >> RADIUS Server# on (Turn RADIUS on) Current s[...]

  • Seite 23

    Accessing the switch 23 Configuring RADIUS on the switch (BBI example) 1. Configure RA DIUS parameters. a. Click the Confi gure context button. b. Open the System folder, and select Radius. c. Enter the IP address of the primary and secondary RADIUS servers, and enter the RADIUS secret for each server. Enable the RADIUS server. CAUTION: If you conf[...]

  • Seite 24

    Accessing the switch 24 2. Apply, verify, and save the configuration. RADIUS authentication features The switch supports the following RADIUS authentication features: • Supports RADIUS client on the switch, based on the pr otocol definitions in RFC 2138 and RFC 2866. • Allows RADIUS secret pas sword up to 32 bytes. • Supports secondary authen[...]

  • Seite 25

    Accessing the switch 25 Table 2 User access levels User account Description and tasks performed Administrator Administrators are the only ones that can make permanent changes to the switch configuration—changes that are persistent across a reboot/reset of the switch. Administrators can access switch functions to configure and t roubleshoot proble[...]

  • Seite 26

    Accessing the switch 26 TACACS+ offers the following advantages over RADIUS: • TACACS+ uses TCP-based conn ection-oriented transp ort; whereas RADIUS is UDP based. TCP offers a connection-oriented transport, while UDP offers best-effort deli very. RA DIUS requires additional programmable variables such as re -transmit attempts and time-outs to co[...]

  • Seite 27

    Accessing the switch 27 Alternate mapping between TACACS+ privilege levels and HP 10GbE sw itch management access levels is shown in the table below. Use the command /cfg/sys/tacacs/cmap ena to use the alternate TACACS+ privilege level s. Table 5 Alternate TACACS+ privileg e levels User access level TACACS+ level user 0—1 oper 6—8 admin 14—15[...]

  • Seite 28

    Accessing the switch 28 Configuring TACACS+ authentication on the switch (CLI example) 1. Turn TACACS+ authenticati on on, and then configure the Primary and Secondary TACACS+ servers. >> Main# /cfg/sys/tacacs (Select the TACACS+ Server menu) >> TACACS+ Server# on (Turn TACACS+ on) Current status: OFF New status: ON >> TACACS+ Ser[...]

  • Seite 29

    Accessing the switch 29 Configuring TACACS+ authentication on the switch (BBI example) 1. Configure TA CACS+ authentication for the switch. a. Click the Confi gure context button. b. Open the System folder, and select Tacacs+. c. Enter the IP address of the primary and secon dary TACACS+ servers, and enter the TACACS+ secret. Enable TACACS+. d. Cli[...]

  • Seite 30

    Accessing the switch 30 e. Configure custom privilege-level mapping (optional). Click Submit to accept each mapping change. 2. Apply, verify, and save the configuration. Secure Shell and Secure Copy Secure Shell (SSH) and Secure Copy (SCP) use secure tunnels to encr ypt and secure me ssages between a remote administrator and the switch. Telnet does[...]

  • Seite 31

    Accessing the switch 31 The switch implementation of SSH is based on versi o n 1.5 and version 2.0, and supports SSH clients from version 1.0 through version 2.0. Client softwar e ca n use SSH version 1 or version 2. The following SSH clients are supported: • SSH 3.0.1 for Linux (freeware) • SecureCRT® 4.1.8 (VanDy ke Technologies, Inc.) • O[...]

  • Seite 32

    Accessing the switch 32 Configuring the SCP administrator password To configure t he scpadmin (SCP administrator) password, first co nnect to the switch via the RS-232 management console. For security reasons, the scpadmin password can be configured only when connected directly to the switch console. To configure the passw ord, enter the following [...]

  • Seite 33

    Accessing the switch 33 Applying and saving configuration Enter the apply and save commands after the command above ( scp ad4.cfg 205.178.15.157:putcfg ), or use the following commands. You will be prompted for a password. >> # scp < local_filename > < user >@< switch IP addr >:putcfg_apply >> # scp < local_filename[...]

  • Seite 34

    Accessing the switch 34 A value of 0 denotes that RSA server key autogeneration is disabled. When greater than 0, the switch will auto generate the RSA server key every sp ecified inte rval; however, RSA server key generation is skipped if the switch is busy doing other key o r cipher generation when the timer expires. The switch will perform only [...]

  • Seite 35

    Accessing the switch 35 Setting up user IDs The administrat or can configure up to 10 user a ccounts. To configure an end-user account, perf orm the following steps: 1. Select a user ID to define. >> # /cfg/sys/access/user/uid 1 2. Define the user name and password. >> User ID 1 # name jane (Assign name “jane” to user ID 1) Current [...]

  • Seite 36

    Ports and trunking 36 P orts and trunking Introduction The first part of this chapter describe s the different types of ports used on the switch. This inform ation is useful in understanding other applic ations described in this guide, from the context of the embedded switch/server environment. For specific information on how to con figure ports fo[...]

  • Seite 37

    Ports and trunking 37 Table 7 Ethernet switch port names Port number Port alias 13 Downlink13 14 Downlink14 15 Downlink15 16 Downlink16 17 Mgmt 18 Uplink1 19 Uplink2 20 Uplink3 21 Uplink4 Port trunk groups When using port trunk groups betwe en two switches, you can create an aggregate link operati ng at up to forty Gigabits per second, dependin g o[...]

  • Seite 38

    Ports and trunking 38 1. Read the configuration rul es provided in the “Trunk group configuration rules” section. 2. Determine which s witch ports (up to six) are to become trunk members (the spe cific ports making up the trunk). 3. Ensure that the chosen switch ports are set to enabled, using the following command: /cfg/port x/cur 4. Trunk mem[...]

  • Seite 39

    Ports and trunking 39 Port trunking example In this example, the 10 Gigabit upli nk ports on each switch are configured into a total of four tru nk groups: two on each switch. NOTE: The actual mapping of switch ports to NIC interfaces is dependant on the operating system software, the type of server blade, and the en closure type. For more informat[...]

  • Seite 40

    Ports and trunking 40 Configuring trunk groups (CLI example) 1. On Switch 1, config ure trunk groups 5 and 3: >> # /cfg/l2/trunk 5 (Select trunk group 5) >> Trunk group 5# add 20 (Add port 20 to trunk group 5) >> Trunk group 5# add 21 (Add port 21 to trunk group 5) >> Trunk group 5# ena (Enable trunk group 5) >> Trunk [...]

  • Seite 41

    Ports and trunking 41 Configuring trunk groups (BBI example) 1. Configure tr unk groups. a. Click the Confi gure context button on the Toolbar. b. Open the Layer 2 folder, and select Trunk Groups. c. Click a Trunk Group number to select it.[...]

  • Seite 42

    Ports and trunking 42 d. Enable the Trunk Group. To add ports, select each port in the Ports Available list, and click Add. e. Click Submit. 2. Apply, verify, and save the configuration. 3. Examine the trunking information on each sw itch. a. Click the Dashboa rd context button on the Toolbar.[...]

  • Seite 43

    Ports and trunking 43 b. Select Trunk Groups. c. Information about each configured trunk group is displayed. Make sure that trunk groups consist of the expected ports and that each port is in the expected state.[...]

  • Seite 44

    Ports and trunking 44 Configurable Trunk Hash algorithm This feature al lows you to configure the particula r parameters for the HP 10GbE switch Tr unk Hash algorithm instead of having to ut ilize the defaults. You can con figure new default behavior for Layer 2 traffic and Layer 3 traffic, using the CLI menu cfg/l2/thash . You can select a minimum[...]

  • Seite 45

    Ports and trunking 45 In the configuration shown in the table above, Actor switch ports 18 and 19 aggregate to form an LACP trunk group with Partner switch ports 1 and 2. At the same time, Actor switc h ports 20 and 21 form a different LACP trunk gr oup with a different partner. LACP automatically determines which member links can be aggregated and[...]

  • Seite 46

    Ports and trunking 46 Configuring LACP Use the following procedure to confi gure LACP for port 20 and port 21 to participate in link aggregation. 1. Set the LACP mode on port 20. >> # /cfg/l2/lacp/port 20 (Select port 20) >> LACP port 20# mode active (Set port 20 to LACP active mode) 2. Define the admin key on port 20. Only ports with t[...]

  • Seite 47

    Port-based Network Acce ss and traffic control 47 P or t -based Net w or k Acce ss and tr aff ic contr ol Port-based Network Access control Port-based Network Access control provides a means of authenticating and authorizing devices attached to a LAN port that has point-to-point connection char acteristics. It prevents access to ports that fail aut[...]

  • Seite 48

    Port-based Network Acce ss and traffic control 48 802.1x authentication process The clients and authenticators communicate using Exte nsible Auth entication Protocol (EAP), which was originally designed to run over PPP, and fo r which the IEEE 802.1x Standard has defined an encapsulation method over Ethernet fram es, called EAP over LAN (EAPOL). Th[...]

  • Seite 49

    Port-based Network Acce ss and traffic control 49 The Radius server chooses an EAP-supported authentica tion algorithm to verify the client’s identity, and sends an EAP-Request packet to the client via the switch authenticator. The client th en replies to the Radius server with an EAP-Respons e containing its credentials. Upon a successful authen[...]

  • Seite 50

    Port-based Network Acce ss and traffic control 50 Supported RADIUS attributes The HP 10GbE switch 802. 1x Authenticator relies on external RADIU S servers for authentication with EAP. The following table lists the RADIUS attrib utes that are supported as part of RADIUS-EAP authentication based on the guidelines specifi ed in Annex D of the 802.1x s[...]

  • Seite 51

    Port-based Network Acce ss and traffic control 51 EAPoL configuration guidelines When configuring EAPo L, consider the following guidelin es: • The 802.1x port-based authentication is currently su pported only in point-to-point configurations, that is, with a single supplicant connected to an 802.1x-enabled switch port. • When 802.1x is enabled[...]

  • Seite 52

    Port-based Network Acce ss and traffic control 52 Configuring port-based traffic control To configure a port for traffic cont rol, perform the following steps: 1. Configure the traffic-control thresh old and enable traffic control. Main# /cfg/port 2 >> Port 2# brate 150000 (Set broadcast threshold) >> Port 2# mrate 150000 (Set multicast[...]

  • Seite 53

    VLANs 53 VL ANs Introduction This chapter describes network design and topology co nsiderations for using Virt ual Local Area Networks (VLANs). VLANs are commonly used to split up gr oups of network users into manageable broadcast domains, to create logical segmentation of workgrou ps, and to enforce security policies among logical segments. The fo[...]

  • Seite 54

    VLANs 54 Viewing VLANs The VLAN information menu ( /info/l2/vlan ) displays all configured VLANs and all member ports that have an active link state, for example: >> Layer 2# vlan VLAN Name Status Ports ---- -------------------------------- ------ ---------------------- 1 Default VLAN ena 1 4-16 18-21 2 VLAN 2 ena 2 3 4095 VLAN 4095 ena 17 PV[...]

  • Seite 55

    VLANs 55 VLAN tagging The switch supports IEEE 802.1Q VLAN tagging, provid ing standards-based VLAN support for Ethernet systems. Tagging places the VLAN identifier in th e frame header , allowing each port to be long to multiple VLANs. When you configure multiple VLANs on a port, you mu st also enable tagging on that port. Since tagging fundamenta[...]

  • Seite 56

    VLANs 56 Figure 3 Default VLAN settings NOTE: The port numbers speci fied in these illustration s may not directly correspond to the physical port configuration of your switch mod el. When you configure VLAN s, you configure the switch ports as tagg ed or untagged members of specific VLANs. See the following figur es. In the following figure, the u[...]

  • Seite 57

    VLANs 57 Figure 5 802.1Q tagging (after port-based VLAN assignment) In the following figure, the tagged incoming packet is assigned direct ly to VLAN 2 because of the tag assignment in the packet. Port 5 is configured as a tagged member of VLAN 2, and port 7 is configured as an untagged member of VLAN 2. Figure 6 802.1Q tag assignment As shown in t[...]

  • Seite 58

    VLANs 58 Figure 7 802.1Q tagging (after 802.1Q tag assignment) NOTE: Using the /boot/conf factory command resets all ports to VLAN 1 (except management port 17) and all other settings to the factory defaults at the next reboot. VLANs and IP interfaces Carefully consider how you create VLANs within th e switch, so that communication with the switch [...]

  • Seite 59

    VLANs 59 VLAN configuration rules VLANs operate according to specifi c configuration rules which must be considered when creating VLAN s. For example: • HP recommends that all ports involved in trun king and Port Mirroring have the same VLAN configuration. If a port is on a trunk with a mirroring port, the VLAN configuration cannot be changed. Fo[...]

  • Seite 60

    VLANs 60 Multiple VLANS with tagging The following figure sh ows only those switch-port-to-ser ver links that must be configured for the example. While not shown, all other server links remain set at their default settings. Figure 8 Multiple VLANs with VLAN tagging The features of this VLAN are de scribed in the following table: Table 10 Multiple V[...]

  • Seite 61

    VLANs 61 Table 10 Multiple VLANs with tagging Component Description Blade Server #1 This high-use blad e server needs to be accessed from all VLANs and IP subnets. The server has a VLAN-tagging adapter installed with VLAN tagging turned on. One adapter is attached to one of the switch's 10 Gbps ports, that is configured for VLANs 1 and 2. One [...]

  • Seite 62

    VLANs 62 2. Configure the VLANs and their member ports. Since all ports are by default configured for VLAN 1, configure only those ports that belong to VLAN 2. >> /cfg/l2/vlan 2 >> VLAN 2# add 1 (Add port 1 to VLAN 2) Current ports for VLAN 2: empty Pending new ports for VLAN 2: 1 >> VLAN 2# add 18 (Add port 18 to VLAN 2) Current [...]

  • Seite 63

    VLANs 63 Configuring ports and VLANs on Switch 2 (CLI example) To configure ports and VLANs on Switch 2, do the following: 1. On Switch 2, enable VLAN tagging on the neces sary ports. Port 4 (connection to server 2) remains untagged, so it is not configured below. Main# /cfg/port 2 (Select port 2: connection to server 1) >> Port 2# tag e Curr[...]

  • Seite 64

    VLANs 64 Configuring ports and VLANs on Switch 1 (BBI example ) To configure ports and VLANs on Switch 1, do the following: 1. On the switch 1, enable VLAN tagging o n the necessary ports. a. Click the Confi gure context button on the Toolbar. b. Open the Switch folder, and select Switch Ports (click the underlined text, not the folder). c. Click a[...]

  • Seite 65

    VLANs 65 d. Enable the port and enable VLAN tagging. e. Click Submit. 2. Configure the VLANs and their member ports. a. Open the Virtual LANs folder, and select Add VLAN.[...]

  • Seite 66

    VLANs 66 b. Enter the VLAN name, VLAN ID number, and enable the VLAN. To add ports, select each port in the Ports Available list and click Add. Since all ports are configured for VLAN 1 by default, configure only those ports that belong to VLAN 2. c. Click Submit. The external Layer 2 switch es should al so be configured for VLANs and tagging. 3. A[...]

  • Seite 67

    VLANs 67 FDB static entries are permanent, so the FDB Agin g value does not apply to them. Static entries are manually added to the FDB, and manually deleted from the FDB. Incoming frames that cont ain the static entry as the source MAC can use only ports configu red for the static entry. Trunking support for FDB static entries A FDB static entry c[...]

  • Seite 68

    Spanning Tree Protocol 68 S panning T r ee Pr otocol Introduction When multiple paths exist on a network, Spanning Tr ee Protocol (STP) configur es the network so that a switch uses only the most effi cient path. The following topics are disc ussed in this chapter: • Overview • Bridge Protocol Data Units (BPDUs) • Spanning Tree Group (STG) co[...]

  • Seite 69

    Spanning Tree Protocol 69 Determining the path for forwarding BPDUs When determining which port to use for forwarding an d which port to block, the switch uses information in the BPDU, including each bridge priorit y ID. A technique based on the lowest root cost is then computed to determine the most efficient path for forwarding. Bridge priority T[...]

  • Seite 70

    Spanning Tree Protocol 70 Adding a VLAN to a Spanning Tree Group If no VLANs exist beyond the default VLAN 1, see the “Creating a VLAN” sect ion in this chapter for information on adding ports to VLANs. Add the VLAN to the STG using the command /cfg/l2/stp < stg number >/add < vlan number > . Creating a VLAN When you create a VLAN, [...]

  • Seite 71

    Spanning Tree Protocol 71 The relationship between ports, trun k groups, VLANs, and spanning trees is show n in the following table. Table 11 Ports, trunk groups, and VLANs Switch element Belongs to Port Trunk group, or one or more VLANs Trunk group Only one VLAN VLAN (non-default) One Spanning Tree Group Assigning cost to ports and trunk groups Wh[...]

  • Seite 72

    Spanning Tree Protocol 72 Figure 9 Two VLANs on one instance of Spanning Tree Proto col In the following figure, VLAN 1 and VLAN 2 belong to different Spanni ng Tree Groups. The two instances of spanning tree separate the topolo gy without forming a loop, so that both VLANs can forward packets between the switches with out losing connectivity. Figu[...]

  • Seite 73

    Spanning Tree Protocol 73 Configuring Multiple Spanning Tree Groups This section explains how to assign each VLAN to its own Spanning Tree Group on the switches 1 and 2. By default, Spanning Tree Groups 2-127 are empty, and Spanning Tr ee Group 1 co ntains all configured VLANs until individual VLANs are explicitly assign ed to other Spanning Tree G[...]

  • Seite 74

    Spanning Tree Protocol 74 Configuring Switch 1 (BBI example) 1. Configure port and VLAN membership on Switch 1 as described in the “Configuring ports and VLANs on Switch 1 (BBI example)” secti on, in the “VLANs” chapter of this guide. 2. Add VLAN 2 to Spanning Tree Group 2. a. Click the Confi gure context button on the Toolbar. b. Select Sp[...]

  • Seite 75

    Spanning Tree Protocol 75 d. Enter the Spanning Tree Group number and set th e Switch Spanning Tree State to on. T o add a VLAN to the Spanning Tree Group, select th e VLAN in the VLANs Available list, and click Add. VLAN 2 is automatically removed from Spanning Tree Group 1. e. Scroll down, and click Submit. 3. Apply, verify, and save the configur[...]

  • Seite 76

    Spanning Tree Protocol 76 Port Fast Forwarding Port Fast Forwarding permits a port that partici pates in Spanning Tree to bypass the Listening and Learning states and enter directly in to the Forwarding state. While in the Forward ing state, the port listens to the BPDUs to learn if there is a loop and, if dictat ed by normal STG behavior (f ollowi[...]

  • Seite 77

    RSTP and MSTP 77 R S TP and M S TP Introduction Rapid Spanning Tree Protocol (I EEE 802.1w) enhances the Spanning Tree Protocol (IEEE 802.1d) to provide rapid convergence on Spanning Tree Group 1. Multiple Spanning Tr ee Protocol (IEEE 802.1s) extends the Rapid Spanning Tree Protocol to prov ide both rapid convergence and load balancing in a VLAN e[...]

  • Seite 78

    RSTP and MSTP 78 Port type and link type Spanning Tree Configuration includes the follo wing parameters to support RSTP and MSTP: • Edge port • Link type Although these parameters are con figured for Spanning Tree Groups 1-128 ( /cfg/l2/stp y/port x ), they only take effect when RSTP/MSTP is turned on. Edge port A port that connects to a server[...]

  • Seite 79

    RSTP and MSTP 79 Configuring Rapid Spanning Tree Protocol (BBI example) 1. Configure port and VLAN membership on the switch, as described in the “Configuring ports and VLANs (BBI example)” section in the “VLANs” chapter of this guide. 2. Configure RSTP general parameters. a. Click the Confi gure context button on the Toolbar. b. Open the MS[...]

  • Seite 80

    RSTP and MSTP 80 3. Apply, verify, and save the configuration. Multiple Spanning Tree Protocol IEEE 802.1s Multiple Spanning Tree ext ends the I EEE 802.1w Rapid Spanning Tree Protocol through multiple Spanning Tree Groups. MSTP maintains up to 32 spanning-tree instances that correspond to STP Groups 1-32. In Multiple Spanning Tree Protocol (MSTP),[...]

  • Seite 81

    RSTP and MSTP 81 MSTP configuration guidelines This section provides imp ortant information about configuring Multiple Spanning Tree Gr oups: • When you turn on MSTP, the switch automatic ally moves VLAN 1 to the Common Internal Spanning Tree (CIST). • Region Name and revision level must be configured . Each bridge in the region must have the s[...]

  • Seite 82

    RSTP and MSTP 82 Configuring Multiple Spanning Tree Protocol (BBI example) 1. Configure port and VLAN membership on the switch, as described in the “Configuring ports and VLANs (BBI example)” section in the “VLANs” chapter of this guide. 2. Configure MSTP general parameters. a. Click the Confi gure context button on the Toolbar. b. Open the[...]

  • Seite 83

    RSTP and MSTP 83 3. Configure Common Internal Spanning Trees (CIST) bridge parameters. a. Open the MSTP/RSTP folder, and select CIST-Bridge. b. Enter the Bridge Priority, Maximu m Age, and Forward Delay values. c. Click Submit.[...]

  • Seite 84

    RSTP and MSTP 84 4. Configure Common Internal Spanning Tree (CIST) port parameters. a. Open the MSTP/RSTP folder, and select CIST-Ports. b. Click a port number to select it.[...]

  • Seite 85

    RSTP and MSTP 85 c. Enter the Port Priority, Path Cost, and select the Link Type. Set the CIST Port State to ON. d. Click Submit. 5. Apply, verify, and save the configuration.[...]

  • Seite 86

    Quality of Service 86 Qualit y of Se r v ice Introduction Quality of Service features allow you to allocate network resources to mission-critical applications at the expense of applications that are less sensitive to such factor s as time delays or network congestion. You can configure your network to priori tize specifi c types of traffic, ensu ri[...]

  • Seite 87

    Quality of Service 87 The basic HP 10GbE switch Qo S model works as follows: • Classify traffic: ○ Read 802.1p Priority. ○ Match ACL filter parameters. • Meter traffic: ○ Define bandwidth and burst parameters. ○ Select actions to perform on in-pro file and out-of-profile traffic. • Perform actions: ○ Drop packets. ○ Pass packets. [...]

  • Seite 88

    Quality of Service 88 Table 14 Well-known protocol types Number Protocol Name 89 ospf 112 vrrp • TCP/UDP ○ TCP/UDP application source port, as shown in th e table titled “Well-Known Application Ports” ○ TCP/UDP application destination port, as shown in the table titled “Well-Known Application Ports” ○ TCP/UDP flag value, as shown in[...]

  • Seite 89

    Quality of Service 89 • Packet Format ○ Ethernet format (eth2, SNAP, LLC) ○ Ethernet tagging format • Egress port packets Note that the egress port ACL will not match a br oadcast, multicast, unknown unic ast, or Layer 3 packet. The egress port ACL will not match packets if the destination port is a trunk member. Summary of ACL actions Acti[...]

  • Seite 90

    Quality of Service 90 Using ACL Groups Access Control Li sts (ACLs) allow you to classify pac kets according to a particular content in the packet header, such as the source address, destination addres s, source port number, destination port number, and others. Packet classifie rs identify flows for more processing. You can define a traffic profile[...]

  • Seite 91

    Quality of Service 91 ACL Metering and Re-marking You can define a profile for the aggregate traffic fl owing through the HP 10GbE switch, by configurin g a QoS meter (if desired), and assignin g ACL Groups to ports. When yo u add ACL Groups to a port, make sure they are ordered correctly in term s of precedence. For example, consider two ACL Group[...]

  • Seite 92

    Quality of Service 92 ACL configuration examples Configure Access Control Lists (CLI example) The following configuration examples illustrate how to use Access Co ntrol Lists (ACLs) to block traffic. These basic configurations illustrate co mmon principles of ACL filtering. NOTE: Each ACL filters traffic th at ingresses on the port to which the ACL[...]

  • Seite 93

    Quality of Service 93 • Example 3 Use this configuration to block traffic from a source that is destined for a specific egress port. >> Main# /cfg/acl/acl 1 (Define ACL 1) >> ACL 1# ethernet/smac 00:21:00:00:00:00 ff:ff:ff:ff:ff:ff >> Filtering Ethernet# .. >> ACL 1# action deny >> ACL 1# stats e >> ACL 1# /cfg[...]

  • Seite 94

    Quality of Service 94 c. Configure the ACL parameters. Set the Filter Act ion to Deny, the Ethernet Type to IPv4, and the Destination IP Address to 100.10.1.116 . d. Click Submit. 2. Apply, verify, and save the configuration.[...]

  • Seite 95

    Quality of Service 95 3. Add ACL 1 to port 1. a. Click the Confi gure context button on the Toolbar. b. Select Switch Ports (click the underlined text, not the folder). c. Select a port.[...]

  • Seite 96

    Quality of Service 96 d. Add the ACL to the port. e. Click Submit. 4. Apply, verify, and save the configuration.[...]

  • Seite 97

    Quality of Service 97 Using DSCP values to provide QoS The six most significant bits in the TOS byte of the IP header are defined as Di ffServ Code Points (DSCP). Packets are marked with a certain value depending on th e type of treatment the packet must receive in the network device. DSCP is a measure of the Qual ity of Service (QoS) level of the [...]

  • Seite 98

    Quality of Service 98 • Class Selector (CS)—This P HB has eight priority clas ses, with CS7 representing the highest priority, and CS0 representing the lowest priority, as sh own below. CS PHB is described in RFC 2474. Table 18 Class selector priority cla sses Priority Class Selector DSCP Highest CS7 56 CS6 48 CS5 40 CS4 32 CS3 24 CS2 16 CS1 8 [...]

  • Seite 99

    Quality of Service 99 The IEEE 802.1p standard uses eight le vels of priority (0-7). Priority 7 is assigned to highest priority network traffic, such as OSPF or RIP routing table u pdates, priorities 5-6 are assigned to delay-sensitive applications such as voice and vide o, an d lower priorities are assign ed to standard applications. A value of 0 [...]

  • Seite 100

    Quality of Service 100 802.1p configuration (CLI example) 1. Configure a port’s default 802.1 priority. >> Main# cfg/port 20 (Select port) >> Port 20# 8021ppri (Set port’s default 802.1p priority) Current 802.1p priority: 0 Enter new 802.1p priority [0-7]: 1 >> Port 20# apply 2. Map the 802.1p priority value to a COS queu e an[...]

  • Seite 101

    Quality of Service 101 c. Select a port.[...]

  • Seite 102

    Quality of Service 102 d. Set the 802.1p priority value. e. Click Submit.[...]

  • Seite 103

    Quality of Service 103 2. Map the 802.1p priority value to a COS queue. a. Click the Confi gure context button on the Toolbar. b. Open the 802.1p folder, and select Priority - CoS. c. Select an 802.1p priority value. d. Select a Class of Service queue (CoSQ) to correlate with the 802.1p priority value. e. Click Submit.[...]

  • Seite 104

    Quality of Service 104 3. Set the COS queue scheduling weight. a. Click the Confi gure context button on the Toolbar. b. Open the 802.1p folder, and select CoS - Weight. c. Select a Class of Service queue (CoS).[...]

  • Seite 105

    Quality of Service 105 d. Enter a value for the weight of the Class of Service queue. e. Click Submit. 4. Apply, verify, and save the configuration. Queuing and scheduling The switch can be confi gured with either two or eigh t output Class of Service queues (COSq), into which each packet is placed. Each packe t’s 802.1p priority determines its C[...]

  • Seite 106

    Basic IP routing 106 Basi c IP r outing This chapter provides configuration background and ex amples for using the HP 10GbE switch to perform IP routing functions. The following to pics are addressed in this chapter: • IP Routing Benefit s • Routing Between IP Sub nets • Example of Subnet Routing • Defining IP Address Ranges for the L ocal [...]

  • Seite 107

    Basic IP routing 107 For example, consider the follow ing topology migration: Figure 14 Router legacy n etwork In this example, a corporate campus has migrated from a router-centric topology to a faster, more powerful, switch-based topolo gy. As is often the case, the legacy of network growth and redesign has left the system with a mix of illogical[...]

  • Seite 108

    Basic IP routing 108 Take a closer look at the HP 10GbE switch in the following configuration example: Figure 15 Switch-based routing topology The switch connects the Gigabit Ethernet and Fast Ethernet trunks from various switched s ubnets throughout one building. Common serv ers are placed on another subnet attached to the switch. Primary and back[...]

  • Seite 109

    Basic IP routing 109 Example of subnet routing Prior to configuring, you must be conn ected to the switch Command Line Interface (CLI ) as the administrator. NOTE: For details about accessing and using any of the menu commands described in this example, see the HP 10Gb Ethernet BL-c Switch Command Reference. 1. Assign an IP address (or document the[...]

  • Seite 110

    Basic IP routing 110 8. Configuring t he default gateways allows the switch to send outbound traffic to the routers: >> IP Interface 5# ../gw 1 (Select primary default gateway) >> Default gateway 1# addr 205.21.17.1(Assign IP address) >> Default gateway 1# ena (Enable primary default gateway) >> Default gateway 1# ../gw 2 (S[...]

  • Seite 111

    Basic IP routing 111 4. The VLANs shown in the table above are configured as follows: >> # /cfg/l2/vlan 1(Select VLAN 1) >> VLAN 1# add port 20 (Add port for 1st floor to VLAN 1) >> VLAN 1# add port 21 (Add port for 2nd floor to VLAN 1) >> VLAN 1# ena (Enable VLAN 1) >> VLAN 1# ../VLAN 2 (Select VLAN 2) >> VLAN 2[...]

  • Seite 112

    Basic IP routing 112 Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol (DHCP) is a transport protocol that provides a framework for automatically assigning IP addresses and configuration information to other IP hosts or clients in a large TCP/IP network. Without DHCP, the IP address must be entered manually for each network de[...]

  • Seite 113

    Basic IP routing 113 DHCP relay agent configuration To enable the switch to be the BOOTP fo rwarder, you need to configure the DHCP/BOO TP server IP addresses on the switch. Generally, you should configur e the c ommand on the switch IP interface closest to the client so that the DHCP server knows from which IP subnet the newly allocated IP address[...]

  • Seite 114

    Routing Information Proto col 114 R outing Inf or matio n Pr otocol In a routed environment, routers commun icate with on e another to k eep track of available routes. Routers can learn about available routes dynamically, using the Routing Information Protocol (RIP). HP 10GbE switch software supports RIP version 1 (RIPv1) and RIP version 2 (RIPv2) [...]

  • Seite 115

    Routing Information Proto col 115 RIPv1 RIP version 1 use broadcast User Datagram Protocol (UDP) data packets for the regular routing u pdates. The main disadvantage is that the routing updates do not carry subnet mask information. Hence, the router cannot determine wh ether the route is a subnet rout e or a host route. It is of limited usage after[...]

  • Seite 116

    Routing Information Proto col 116 Multicast RIPv2 messages use IP multicast address (224.0.0. 9) for periodic broadc asts. Multicast RIPv2 announcements are not pro cessed by RIPv1 routers. IGMP is not needed since these are int er-router messages which are not forwarded. To configure RIPv2 in RIPv1-compatib ility mode, set multicast to disable . D[...]

  • Seite 117

    Routing Information Proto col 117 RIP configuration example NOTE: An interface RIP disabled uses all the default values of the RIP, no matter how the RIP parameters are configured for that interface. RIP sends out RIP regular updates to include an Up interface, but not a Down interface. 1. Add VLANs for routing inte rfaces. >> Main# cfg/l2/vl[...]

  • Seite 118

    IGMP Snooping 118 IG MP Snoop ing Introduction IGMP Snooping allows the switch to forward multicast traffic only to those ports that request it. IGMP Snooping prevents multicast traffic fr om being flooded to all data ports. The switc h learns which server hosts are interested in receiving mult icast traffic, and forwards it only to ports connected[...]

  • Seite 119

    IGMP Snooping 119 • The host can send an IGMPv2 Leave report to th e switch, which sends a proxy Leave report to the Mrouter. The multicast path is terminated immediately. A maximum of 8 VLANs can b e configured for IGMP Snooping. Th e switch can learn up to 16 multica st routers, and supports up to 1,000 multicast group s. IGMPv3 IGMPv3 includes[...]

  • Seite 120

    IGMP Snooping 120 IGMP Filtering With IGMP Filtering, you can allow or deny a port to send and receive multicast tr affic to certain multicast groups. Unauthorized users are restr icted from streaming multicast tra ffic across the network. If access to a multicast group is denied, IGMP Membership Reports from the port for that group are dropped, an[...]

  • Seite 121

    IGMP Snooping 121 Static multicast router A static multicast router (Mrouter) can be configured for a particular port on a particular VLAN. A static Mrouter does not have to be learned through IGMP Snooping. You can configur e static Mrouters on any switch port except the management port 17. The switch supports up to total of sixteen static Mr oute[...]

  • Seite 122

    IGMP Snooping 122 Configuring IGMP Filtering (CLI example) 1. Enable IGMP Filtering on th e switch. >> /cfg/l3/igmp/igmpflt (Select IGMP Filtering menu) >> IGMP Filter# ena (Enable IGMP Filtering) Current status: disabled New status: enabled 2. Define an IGMP Filter. >> //cfg/l3/igmp/igmpflt (Select IGMP Filtering menu) >>IG[...]

  • Seite 123

    IGMP Snooping 123 Configuring IGMP Snooping (BBI example) 1. Configure port and VLAN membership on the switch, as described in the “Configuring ports and VLANs (BBI example)” section in the “VLANs” chapter. 2. Configure IG MP Snooping. a. Click the Confi gure context button. b. Open the IGMP folder, and select IGMP Snooping (click the under[...]

  • Seite 124

    IGMP Snooping 124 c. Enable IGMP Snooping. d. Click Submit. 3. Apply, verify, and save the configuration.[...]

  • Seite 125

    IGMP Snooping 125 Configuring IGMP Filtering (BBI example) 1. Configure IG MP Snooping. 2. Enable IGMP Filtering. a. Click the Confi gure context button. b. Open the IGMP folder, and select IGMP Filters (click the underlined text, not the folder). c. Enable IGMP Filtering globally. d. Click Submit.[...]

  • Seite 126

    IGMP Snooping 126 3. Define the IGMP Filt er. a. Select Layer 3 > IGMP > IGMP Filters > Add Filter. b. Enable the IGMP Filter. Assign the range of IP mu lticast addresses and the filter action (allow or deny). c. Click Submit.[...]

  • Seite 127

    IGMP Snooping 127 4. Assign the filter to a port and enable IG MP Filtering on the port. a. Select Layer 3 > IGMP > IGMP Filters > Switch Ports. b. Select a port from the list.[...]

  • Seite 128

    IGMP Snooping 128 c. Enable IGMP Filtering on the port. Select a filter in the IGMP Filters Available list, and click Add. d. Click Submit. 5. Apply, verify, and save the configuration.[...]

  • Seite 129

    IGMP Snooping 129 Configuring a Static Multicast Router ( BBI example) 1. Configure Static Mr outer. a. Click the Confi gure context button. b. Open the Switch folder and select Layer 3 > IGMP > IGMP Static Mrouter > Add Mrouter. c. Enter a port number, VLAN ID number, and IGMP version nu mber. d. Click Submit.[...]

  • Seite 130

    IGMP Snooping 130 2. Apply, verify, and save the configuration.[...]

  • Seite 131

    OSPF 131 OS P F The HP 10GbE switch soft ware supports the Open Shortest Path First (OSPF) ro uting protocol. The switch implementation conforms to the OSPF version 2 sp ecifications detailed in Internet RFC 1583. The following sections di scuss OSPF support for the HP 10GbE switch: • OSPF Overview: This section provides information on OSPF conce[...]

  • Seite 132

    OSPF 132 Figure 17 OSPF area types Types of OSPF routing devices As shown in the figure, OSPF uses th e following types of routing devices: • Internal Router (IR)—a router that has all of its interfaces within the same area. IRs maintain LSDBs identical to those of other routin g devices within the local area. • Area Border Router (AB R)—a [...]

  • Seite 133

    OSPF 133 Neighbors and adjacencies In areas with two or more routing device s, neighbors and adjacencies are formed. Neighbors are routing device s that maintain informatio n about each others’ health . To establish neighbor relationships, routing devi ces periodically send hello packets on ea ch of their interfaces. All routing devices that shar[...]

  • Seite 134

    OSPF 134 Internal versus external routing To ensure effective pro cessing of network traffic, every routing device on your n etwork needs to know how to send a packet (directly or indirectly) to any ot her location/destination in your network. This is referred to as internal routing and can be done with static routes or usin g active internal rou t[...]

  • Seite 135

    OSPF 135 • Stub area metric—A stub area can be configured to send a numeric metric value such that all routes received via that stub area carry the configured metric to potentially infl uence routing deci sions. • Default routes—Default ro utes with weight metrics ca n be manually injected into transit areas. This helps establish a preferre[...]

  • Seite 136

    OSPF 136 Using the area ID to assign the OSPF area number The OSPF area number is defined in the areaid <IP address> option. The octet format is used in order to be compatible with two different systems of notation used by other OSPF network ven dors. There are two valid ways to designate an area ID: • Placing the area number in the last oc[...]

  • Seite 137

    OSPF 137 Electing the designated router and backup In any area with more than two routing devices, a Desi gnated Router (DR) is elected as the c entral contact for database exchanges among neighbors, and a Backup Designated Router (BDR) is elected in case the DR fails. DR and BDR elections are made through the hello proces s. The election can be in[...]

  • Seite 138

    OSPF 138 In more complex OSPF areas with multiple ABRs or AS BRs (such as area 0 and area 2 in the figur e), there are multiple routes leading from the area. In such ar eas, traffic for unrecognized destinations cannot tell which route leads upstream wi thout further configuration. To resolve the situation and select one default route among multipl[...]

  • Seite 139

    OSPF 139 Authentication OSPF protocol exchanges can be auth enticated so that only trusted ro uting devices can participate. This ensures less proces sing on routing devices that are not listening to OSPF pack ets. OSPF allows packet authentication and uses IP mu lticast when sending and receiving packets. Routers participate in routing domains bas[...]

  • Seite 140

    OSPF 140 Use the following commands to con f igure MD5 authentication on the switches shown in the figure: 1. Enable OSPF MD5 authentication for Area 0 on switch es 1, 2, and 3 >> # /cfg/l3/ospf/aindex 0/auth md5 2. Configure MD5 key ID for Area 0 on switches 1, 2, and 3. >> # /cfg/l3/ospf/md5key 1/key test 3. Assign MD5 key ID to OSP F[...]

  • Seite 141

    OSPF 141 OSPF features not supported in this release The following OSPF features are not supported in this relea se: • Summarizing external routes • Filtering OSPF routes • Using OSPF to forward multicast routes • Configuring OSPF on non-broadcast multi-access ne tworks (such as frame relay, X.25, and ATM) OSPF configuration examples A summ[...]

  • Seite 142

    OSPF 142 Follow this procedure to config ure OSPF support as shown in the figure. 1. Configure IP interfaces on eac h network that will be attached to OSPF areas. 2. In this example, two IP interfaces are needed : one for the backbone networ k on 10.10.7.0/24 and one for the stub area network on 1 0.10.12.0/24. >> # /cfg/l3/if 1 (Select menu [...]

  • Seite 143

    OSPF 143 b. Open the IP Interfaces folder, and select Add IP Interface. c. Configure an IP interface. Enter the IP address, subnet mask, and enable the interface. d. Click Submit. 2. Apply, verify, and save the configuration.[...]

  • Seite 144

    OSPF 144 3. Enable OSPF. a. Open the OSPF Routing Protocol folder, and select General. b. Enable OSPF.[...]

  • Seite 145

    OSPF 145 c. Click Submit. 4. Configure OS PF Areas. a. Open the OSPF Areas folder, and sele ct Add OSPF Area. b. Configure the OSPF backbone area 0.[...]

  • Seite 146

    OSPF 146 c. Click Submit. d. Select Add OSPF Area. e. Configure the OSPF area 1. f. Click Submit.[...]

  • Seite 147

    OSPF 147 5. Configure OSPF Interfaces. a. Open the OSPF Interfaces folder, and select Add OSPF Interface.[...]

  • Seite 148

    OSPF 148 b. Configure the OSPF Interface 1, and at tach it to the backbone area 0. c. Click Submit. d. Select Add OSPF Interface.[...]

  • Seite 149

    OSPF 149 e. Configure the OSPF Interface 2, and attach it to the stub area 1. f. Click Submit. 6. Apply, verify, and save the configuration.[...]

  • Seite 150

    OSPF 150 Example 2: Virtual links In the example shown in the following fi gure, area 2 is not physically c onnected to the backbone as is usually required. Instead, area 2 will be connected to the backbone via a virtual link through area 1. T he virtual link must be configured at each endpoint. Figure 22 Configuring a virtual link Configuring OSPF[...]

  • Seite 151

    OSPF 151 8. Attach the network interface to the backbone. >> OSPF Area (index) 1 # ../if 1 (Select OSPF menu for IP interface 1) >> OSPF Interface 1 # aindex 0 (Attach network to backbone index) >> OSPF Interface 1 # enable (Enable the backbone interface) 9. Attach the network interface to the transit area. >> OSPF Interface[...]

  • Seite 152

    OSPF 152 8. Define the transit area. >> OSPF Area (index) 0 # ../aindex 1 (Select menu for area index 1) >> OSPF Area (index) 1 # areaid 0.0.0.1(Set the area ID for OSPF area 1) >> OSPF Area (index) 1 # type transit (Define area as transit type) >> OSPF Area (index) 1 # enable (Enable the area) 9. Define the stu b area. >[...]

  • Seite 153

    OSPF 153 Figure 23 Summarizing routes NOTE: You can specify a range of addresses to prevent advertising by using the hide option. In this example, routes in the range 36.12 8. 200.0 through 36.128.200.255 are kept private. Follow this procedure to config ure OSPF support on Switch A and Switch B, as shown in the figu re. 1. Configure IP i nterfaces[...]

  • Seite 154

    OSPF 154 7. Configure route summarization by specifying th e starting address and mask of the range of addresses to be summarized. >> OSPF Interface 2 # ../range 1 (Select menu for summary range) >> OSPF Summary Range 1 # addr 36.128.192.0 (Set base IP address of summary range) >> OSPF Summary Range 1 # mask 255.255.192.0(Set mask[...]

  • Seite 155

    Remote monitoring 155 R emote monitor i ng Introduction Remote Monitoring (RMON) allows net work de vic es to exchange network monitoring data. RMON performs the following major fun ctions: • Gathers cumulative statistics for Ethernet interfaces • Tracks a history of statisti cs for Ethernet interfaces • Creates and triggers alarms for user-d[...]

  • Seite 156

    Remote monitoring 156 Configuring RMON Statistics (CLI ex ample) 1. Enable RMON on each port where yo u wish to collect RMON statistics. >> /cfg/port 20/rmon (Select Port 20 RMON) >> Port 20 RMON# ena (Enable RMON) >> Port 20 RMON# apply (Make your changes active) >> Port 20 RMON# save (Save for restore after reboot) 2. View[...]

  • Seite 157

    Remote monitoring 157 2. Select a port.[...]

  • Seite 158

    Remote monitoring 158 3. Enable RMON on the port. 4. Click Su bmit. 5. Apply, verify, and save the configuration. RMON group 2—history The RMON History group allows you to sample and ar chive Ethernet statistics for a specific interface during a specific time interval. NOTE: RMON port statistics must be enabled for the port before an RMON history[...]

  • Seite 159

    Remote monitoring 159 Requested buckets ( /cfg/rmon/hist x/rbnum ) are the number of buckets, or data slots, requested by the user for each History Group. Granted buckets ( /info/rmon/hist x/gbnum ) are the number of buckets granted by the system, based on the amount of system memory available. The system grants a maximum of 50 buckets. Use an SNMP[...]

  • Seite 160

    Remote monitoring 160 Configure RMON History (BBI example) 1. Configure an RMON Hist ory group. a. Click the Confi gure context button. b. Open the Switch folder, and select RMON > History > Add History Group. 2. Configure RMON History Group parameters. 3. Click Su bmit. 4. Apply, verify, and save the configuration.[...]

  • Seite 161

    Remote monitoring 161 RMON group 3—alarms The RMON Alarm group allows you to define a set of thresh olds used to determin e network performance. When a configured thresho ld is cr ossed, an alarm is generated. Fo r example, you can configure the switch to issue an alarm if more than 1,000 CRC errors occur during a 10- minute time interval. Each A[...]

  • Seite 162

    Remote monitoring 162 Configure RMON Alarms (CLI example 2) 1. Configure the RMON Alarm paramet ers to track ICMP messages. >> /cfg/rmon/alarm 5 (Select RMON Alarm 5) >> RMON Alarm 5# oid 1.3.6.1.2.1.5.8.0 >> RMON Alarm 5# intrval 60 >> RMON Alarm 5# almtype rising >> RMON Alarm 5# rlimit 200 >> RMON Alarm 5# rev[...]

  • Seite 163

    Remote monitoring 163 c. Configure RMON Alarm Group parameters to check ifInOctets on port 20 once every hour. Enter a rising limit of two billion, and a rising event index of 6. This configuration creates an RMON alarm that checks ifInOctets on port 20 once every hour. If the statistic exceeds two billion, an alarm is generated th at triggers even[...]

  • Seite 164

    Remote monitoring 164 Configure RMON Alarms (BBI example 2) 1. Configure an RMON Alarm group. a. Click the Confi gure context button. b. Open the Switch folder, and select RMON > Alarm > Add Alarm Group. c. Configure RMON Alarm Group parameters to check icmpInEchos, with a polling interval of 60, a rising limit of 200, and a rising event in d[...]

  • Seite 165

    Remote monitoring 165 3. Apply, verify, and save the configuration. RMON group 9—events The RMON Event group allows you to define ev ents th at are triggered by alarms . An event can be a log message, an SNMP trap message, or both. When an alarm is generated, it triggers a corresponding event notification. Use the /cfg/rmon/alarm x/revtidx and /f[...]

  • Seite 166

    Remote monitoring 166 Configuring RMON Events (BBI exam ple) 1. Configure an RMON Event group. a. Click the Confi gure context button. b. Open the Switch folder, and select RMON > Event > Add Event Group. c. Configure RMON Event Group parameters. This configuration creates an R MON event that sends a SYSLOG message each time it is triggered b[...]

  • Seite 167

    High availability 167 Hi gh av ailability Introduction Switches support high availability network topologies. This release provides information about Uplink Failure Detection and Virtual Router Red undancy Protocol (VRR P). Uplink Failure Detection Uplink Failure Detection (UF D) is designed to support Network Adapter Teaming on HP server blades. F[...]

  • Seite 168

    High availability 168 Figure 24 Uplink Failure Detection for switch es Failure Detection Pair To use UFD, you must confi gure a Failure Detection Pair a nd then turn UFD on. A Failure Detection Pair consists of the following groups of ports: • Link to Monitor (LtM) The Link to Monitor group con sists of one uplink po rt (18-21), or one trunk grou[...]

  • Seite 169

    High availability 169 Configuration guidelines This section provides imp ortant information about configuring UFD: • UFD is required only when uplink-path redundan cy is not available on the blade switc hes. • Only one Failure Detection pair (one group of Links to Monitor and one group of Links to Disable) is supported on each switch (all VL AN[...]

  • Seite 170

    High availability 170 Configuring UFD on Switch 1 (CLI example) 1. Assign uplink ports (18-21) to be mo nitored for communication failur e. >> Main# /cfg/ufd/fdp ena (Enable Failure Detection Pair) >> FDP# ltm (Select Link to Monitor menu) >> Failure Link to Monitor# addport 19 (Monitor uplink port 19) 2. Assign downlink ports (1-[...]

  • Seite 171

    High availability 171 Configuring Uplink Failure Detection (BBI example) 1. Configure Uplink Fa ilure De tection. a. Click the Confi gure context button. b. Open the Switch folder, and select Uplink Failure Detection (click the underlined text, not the folder). c. Turn Uplink Failure Dete ction on, and then select FDP.[...]

  • Seite 172

    High availability 172 d. Enable the FDP. Select ports in the LtM Ports Available list, and click Add to place the ports into the Link to Monitor (LtM). Select ports in the LtD Ports Available list, and click Add to place the ports into the Link to Disable (LtD). e. Click Submit. 2. Apply, verify, and save the configuration.[...]

  • Seite 173

    High availability 173 VRRP overview In a high-availability network topology, no device can create a single point-of-failure for the network or force a single point-of-failu re to any other part of the network. This means that your network will remain in service despite the failure o f any single device. To ac hieve this usually requires redundancy [...]

  • Seite 174

    High availability 174 Master and backup virtual router Within each virtual router, one VRRP ro uter is selected to be the virtual router master. See “Selecting the Master VRRP Router” for an explan ation of the selection process. NOTE: If the IP address owner is available, it wi ll always become the virtual router master. The virtual router mas[...]

  • Seite 175

    High availability 175 A backup router can stop receiving advertisements fo r one of two reasons—the master can be down, or all communications links between the master and the backup can be down. If the master has failed, it is clearly desirable for the backup (or on e of the backups, if there is more than one) to become the master. NOTE: If the m[...]

  • Seite 176

    High availability 176 Figure 26 Active-Active red undancy HP 10GbE switch extensions to VRRP This section describes VRRP enhancem ents that are implemented in switch software: Tracking VRRP router priority The HP 10GbE switch soft ware supports a tracking func tion that dynamically modi fies the priority of a VRRP router, based on its current state[...]

  • Seite 177

    High availability 177 Virtual router deployment considerations Review the following issues described in this sectio n to prevent network problems when deploying virtual routers: • Assigning VRRP Virtual Router ID • Configuring the Switch for Tracking Assigning VRRP virtual router ID During the software upgrade process, VRRP virtual ro uter IDs [...]

  • Seite 178

    High availability 178 High availability configurations The HP 10GbE switche s offer flexibility in implementi ng redundant configurations . This section discusses the Active-Active conf iguration. Active-Active configuration The following figure shows an example configuration, where two switches are used as VRRP routers in an active-active configur[...]

  • Seite 179

    High availability 179 2. Configure client and server interfaces. /cfg/l3/if 1 (Select interface 1) >> IP Interface 1# addr 192.168.1.100 (Define IP address for interface 1) >> IP Interface 1# vlan 10 (Assign VLAN 10 to interface 1) >> IP Interface 1# ena (Enable interface 1) >> IP Interface 1# .. >> Layer 3# if 2 (Sele[...]

  • Seite 180

    High availability 180 Task 2: Configure Switch B 1. Configure por ts. /cfg/l2/vlan 10 (Select VLAN 10) >> VLAN 10# ena (Enable VLAN 10) >> VLAN 10# add 20 (Add port 20 to VLAN 10) >> VLAN 10# .. >> Layer 2# vlan 20 (Select VLAN 20) >> VLAN 20# ena (Enable VLAN 20) >> VLAN 20# add 21 (Add port 21 to VLAN 20) 2. Co[...]

  • Seite 181

    High availability 181 5. Enable tracking on ports. Set the priority of Virtua l Router 2 to 101, so that it becomes the Master. /cfg/l3/vrrp/vr 1 (Select VRRP virtual router 1) >> VRRP Virtual Router 1# track/ports/ena (Set tracking on ports) >> VRRP Virtual Router 1 Priority Tracking# .. >> VRRP Virtual Router 1# .. >> Virt[...]

  • Seite 182

    High availability 182 c. Configure port 20 as a member of VLAN 10 an d po rt 21 as a member of VLAN 20. Enable each VLAN. d. Click Submit. 2. Configure the following client and server interfaces: − IF 1 IP address = 192.168.1.100 Subnet mask = 255.255.255.0 VLAN 10 − IF 2 IP address = 10.10.12.1 Subnet mask = 255.255.255.0 VLAN 20 − IF 3 IP a[...]

  • Seite 183

    High availability 183 a. Open the IP Interfaces folder, and select Add IP Interface. b. Configure an IP interface. Enter the IP address, subnet mask, and VLAN membership. Enable the interface. c. Click Submit.[...]

  • Seite 184

    High availability 184 3. Configure the default gateways. Ea ch default gateway points to on e of the Layer 2 routers. a. Open the Default Gateways folder, and select Add Default Gateway. b. Configure the IP address for each default gateway. Enable the default gateways. c. Click Submit.[...]

  • Seite 185

    High availability 185 4. Turn on VRRP an d configure two Virtual Interface ro uters. a. Open the Virtual Router Redundancy Protocol folder, and select General.[...]

  • Seite 186

    High availability 186 b. Enable VRRP processing. c. Click Submit. d. Open the Virtual Routers folder, and sele ct Add Virtual Router.[...]

  • Seite 187

    High availability 187 e. Configure the IP address for Virtual Router 1 (VR1). Enable tracking on ports, and set the priority to 101. Enable The Virtua l Router. f. Click Submit. g. Select Add Virtual Router.[...]

  • Seite 188

    High availability 188 h. Configure the IP address for Virtual Router 2 (VR2). Enable tracking on ports, but set the priority to 100 (default value). Enable The Virtua l Router. i. Click Submit. 5. Turn off Spanning Tree globally. a. Open the Spanning Tree Groups folder, and select Add Spanning Tree Group. b. Select a Spanning Tree Group.[...]

  • Seite 189

    High availability 189[...]

  • Seite 190

    High availability 190 c. Enter Spanning Tree Group ID 1 and se t the Switc h Spanning Tree State to off. d. Click Submit. 6. Apply, verify, and save the configuration.[...]

  • Seite 191

    Troubleshooting tools 191 T r oubles hooting tools Introduction This appendix discusses some tools to help you use the Port Mirrorin g feature to troubleshoot common network problems on the switch. Port Mirroring The Port Mirroring feature on the swit ch is very useful for troubleshooting any con nection-oriented problem. Any traffic in or out of o[...]

  • Seite 192

    Troubleshooting tools 192 Ingress traffic is duplicated and sent to the mirro red port before processi ng, and egress traffic is duplicated and sent to the mi rrored port after processing. Configuring Port Mirroring (CLI example) To configure Port Mirrorin g for the example shown in the preceding figure: 1. Specify the monitoring port . >> # [...]

  • Seite 193

    Troubleshooting tools 193 Configuring Port Mirroring (BBI example) 1. Configure Port Mir roring. a. Click the Confi gure context button. b. Open the Switch folder, and select Port-Based Port Mirroring (click the underlined text, not the folder). c. Click a port number to se lect a monitoring port.[...]

  • Seite 194

    Troubleshooting tools 194 d. Click Add Mirrored P ort. e. Enter a port number for the mirrored port, and select the Port Mirror Direction. f. Click Submit. 2. Apply, verify, and save the configuration. 3. Verify the Port Mirror ing configuration on the switch.[...]

  • Seite 195

    Troubleshooting tools 195 Other network troubleshooting techniques Other network troublesh ooting techniques include the following. Console and Syslog messages When a switch experiences a problem, review the c onsole and Syslog messages. The switch displays these informative messages when state changes and sy stem problems occur. Syslog messages ca[...]

  • Seite 196

    Troubleshooting tools 196 • Stack Trace—If a fa tal software condition occurs, the switch dumps stack trace data to the console. If you have a console attached to the switch, captur e the console dump, and forward it to HP technical support.[...]

  • Seite 197

    Index 197 Inde x 8 802.1x port states, 49 A accessing the switch: defining source IP addresses, 20; RADIUS authentication, 21; security, 20; using the command line interface (CLI), 12 ACL Blocks and Groups, 90 ACL configuration exampl es, 92 ACL filters, 87 active-active redundancy, 1 75 allowable source IP address es, 20 B BBI: See Browser-Based I[...]

  • Seite 198

    Index 198 Q Quality of Service, 86 queuing and scheduli ng, 105 R RADIUS: port 1812 and 1645, 88; port 1813, 88 redundancy: active-active, 175; VRRP (Virtual Router Redundancy P rotocol), 175 re-mark, 91 Remote Authenticati on Dial-in User Service (RADIUS): authentication, 21; SSH/SCP, 34 Remote monitoring (RMON), 155 RIP (Routing Information Proto[...]