HP (Hewlett-Packard) 8212ZL manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of HP (Hewlett-Packard) 8212ZL, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of HP (Hewlett-Packard) 8212ZL one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of HP (Hewlett-Packard) 8212ZL. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of HP (Hewlett-Packard) 8212ZL should contain:
- informations concerning technical data of HP (Hewlett-Packard) 8212ZL
- name of the manufacturer and a year of construction of the HP (Hewlett-Packard) 8212ZL item
- rules of operation, control and maintenance of the HP (Hewlett-Packard) 8212ZL item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of HP (Hewlett-Packard) 8212ZL alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of HP (Hewlett-Packard) 8212ZL, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the HP (Hewlett-Packard) service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of HP (Hewlett-Packard) 8212ZL.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the HP (Hewlett-Packard) 8212ZL item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    Release Notes: V ersion K.13.49 Software for the ProCurve Series 3500y l, 6200yl, 5400zl, an d 8212zl Switches These release notes include in formation o n the follow ing: ■ Downloading swit ch software an d do cumentat ion from the W e b ( page 2 ) ■ Best practices for majo r software updates, inc l uding contingency procedures for rolling bac[...]

  • Page 2

    © Copyright 2006-2008 Hewlett-Packard Development Company , LP . The information contained herein is subject to change without notice. Publication Number 5991-4720 January 2009 Applicable Products ProCurve Switch 3500yl-24G-PWR Intelligent Edge (J8692A) ProCurve Switch 3500yl-4 8G-PWR Intelligent Edge ( J8693A) ProCurve Switch 6200yl-24 G-mGBIC (J[...]

  • Page 3

    i Contents Software Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Premium L icense Switch Software Fe atures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Page 4

    ii Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Release K.11.12 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Release K.11.13 through K.11.32 En hancements . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Page 5

    iii Release K.12.10 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Show VLAN ports CLI Comman d Enhancement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Release K.12.11 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Page 6

    iv Release K.12.51 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Release K.12.52 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Release K.12.53 through K.12.55 En hancements . . . . . . .[...]

  • Page 7

    v Enabling Customized Web Authentication Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Dynamic IP Lockdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Page 8

    vi Release K.11.34 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Release K.11.35 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Release K.11.36 . . . . . . . .[...]

  • Page 9

    vii Release K.12.09 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Release K.12.10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Release K.12.11 . . . . . . . [...]

  • Page 10

    viii Release K.12.51 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 Release K.12.52 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Release K.12.53 . . . . . . .[...]

  • Page 11

    ix Release K.13.26 through K.13.39 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Release K.13.40 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Release K.13.41 . . . . . . . . . . . . . . .[...]

  • Page 12

    1 Software Management Premium License Switch Software Features Software Management Premium License Swit ch Software Features The ProCurve 3500yl and 5400zl switches ship with the ProC urve Intelligent Edge softwa re feature set. The ad ditional P remium Lice nse switch software features for the 3500yl and 5400zl switches can be acquired by pu rchas[...]

  • Page 13

    2 Software Management Download Switch Documentation and Software from the Web Download Switch Documentatio n and Software from the W eb Y ou can download software updates and the co rrespondin g product docu mentation fro m the ProCurve Networking W eb site as desc ribed be low . View or Download the Software Manual Set Go to: www.procurve.com/manu[...]

  • Page 14

    3 Software Management Download Switch Documentation and Software from the Web TFTP Download from a Server Syntax: copy tftp flash < ip-address > < remote- os-file > [ < primary | secondary > ] Note that if you do not specify the flash destination , the TFTP download defaults to the primary flash. For example, to download a softwar[...]

  • Page 15

    4 Software Management Download Switch Documentation and Software from the Web Syntax: copy xmodem flash [< primary | secondary >] 1. T o reduce the download time, you may want to increase the baud ra te in your terminal emulator and in the switch to a value such as 115200 bits per sec ond. (The baud rate must be the same in both devices.) For[...]

  • Page 16

    5 Software Management Download Switch Documentation and Software from the Web Using USB to Download Switch Software T o use the USB port on the swit ch to download a sof tware version from a USB flash drive: ■ The software version must be stored on the USB flash drive, and yo u must know the fil e name (such as K_12_ 10.swi). ■ The USB flash dr[...]

  • Page 17

    6 Software Management Saving Configurations While Using the CLI Saving Configurations While Using the CLI The switch operates with two configurat ion files: ■ Running-Config File: Exists in volatile memory and controls switch op eration. Rebooting the switch erases the current r unning-config file and replaces it with an exact copy of the current[...]

  • Page 18

    7 Software Management Best Practices for Major Software Updates Best Practices for Major Software Updates Major software updates contain new features and en hancements, and are design ated by an increment to the major releas e version number . That is, K.12.xx represents a ma jor update to software version( s) K.11.xx, and K.13.xx represents a majo[...]

  • Page 19

    8 Software Management Best Practices for Major Software Updates Note: Y ou might opt to use a different m ethodology in which the new sof tware will be instal led as the secondary and not the primary image , in which case you woul d use the commands boot system flash secondary , and/or boot set-default flash secondary to change the loc ation of the[...]

  • Page 20

    9 Software Management Best Practices for Major Software Updates b. Create a backup configuratio n file and verify the change. Switch1# copy config config1 config config2 Switch1# show config files Configuration files: id | act pri sec | name ---+-------------+----------------- ----------------------------- 1 | * * * | config1 2 | | config2 3 | | 3.[...]

  • Page 21

    10 Software Management Best Practices for Major Software Updates Note This step will enable you to revert from K_ 13_05 to y our previous im age w ith your previous configuratio n just by invoking the command boot system flash secondary . 6. Download the new primary image. Switch1# copy tftp flash 192.168.1.6 0 K_13_06.swi primary The Primary OS Im[...]

  • Page 22

    11 Software Management Best Practices for Major Software Updates 8. Reload the new switch image. Switch1# reload System will be rebooted from primary image . Do you want to continue [y/n]? y At the prompt, answer y , for yes, and the switch will boot wi th the new image. Note: As an additional step, ProCurve advises saving the startup-config to a t[...]

  • Page 23

    12 Software Management Best Practices for Major Software Updates 1 | * * | config1 2 | * | config2 3 | | 2. Boot the switch using the secondary image (with config2). Switch1# boot system flash secondary System will be rebooted from secondary image. Do you wan t to continue [y/n]? y Answer y , for yes, and the switch will boot from the secondary ima[...]

  • Page 24

    13 Software Management Best Practices for Major Software Updates And later , the configuratio n that was created on K.12.57 is viewed while the switc h is running K.13.06: ProCurve5406zl-onK1306# show config K1257config <cr> The command ou tput will show ho w the K. 12.57 config woul d be interpre ted, if it were to be used by the K.13.06 sof[...]

  • Page 25

    14 Software Management ProCurve Switch, Routing Swit ch, and Router Software Keys ProCurve Switch, Routing Swit ch, and Router Software Keys Software Letter ProCurve Networking Products C 1600M, 2400M, 2424M, 40 00M, and 8000M CY Switch 8100fl Series (8108fl and 8116fl ) E Switch 5300xl Seri es (5304xl, 5308xl, 5348xl, and 5372xl) F Switch 2500 Ser[...]

  • Page 26

    15 Software Management OS/Web/Java Compatibility Table OS/W eb/Java Compatibility T able The switch W eb agent supports the following comb inations of OS browsers and Java Virtual Machines: Minimum Software V ersions For ProCurve Series 3500y l, 6200yl, 5400zl, and 8212zl Switches and Hardware Features Operating System Internet Explorer Java Window[...]

  • Page 27

    16 Software Management Minimum Software Versions Switch 5400zl 4p 10-GbE CX4 Module J8708A K.11.33 Switch 6200yl-24G-mGBIC J8992A K.11.33 Switch 3500yl 2p 10GbE X2 + 2p CX4 Module J8694A K.11.17 ProCurve Device Product Number Minimum Supported Software Version[...]

  • Page 28

    17 Support Notes Minimum Software Versions Support Notes ROM Update Required! All yl and zl switches running K. 12.45 system software or earlier , wi ll have the BootROM updated by this new version of system sof tware. This software download will b oot the switch twice, first to update the BootROM to version K.12.14, and then to load the system sof[...]

  • Page 29

    18 Support Notes Minimum Software Versions ProCurve(config)# snmp-server mib hpswitchauthmib excluded For more informati on on the above topi c, refer to "Using SNMP T o View and Configure Switch Authenticati on Features" in th e "RADIUS Auth enticati on and Accounting" chapter of the Access Security Guide for your switch. For a[...]

  • Page 30

    19 Support Notes Minimum Software Versions Management and Configuration Gu ide for ProCurve Wireless Edge Services zl Module here: ftp://ftp.hp.com/pub/networking/softw are/WESM-zl- MgmtCf g-Aug2007-599 18626.pdf ). Network administrators who do not wi sh to have the radio ports moved to the auto -provisioned VLAN should disable this feature with t[...]

  • Page 31

    20 Clarifications Minimum Software Versions Clarifications The following clarification or updates apply to doc umentation for the ProCurve Series 3500yl, 6200yl, 5400zl, and 8212zl Switch es as of July 2008. ■ Maximum Number of VLANs Sup ported in Hardware for PIM- S — Page 4-5 in the Multicast and Routing Guide dated January 2008 for switches [...]

  • Page 32

    21 Clarifications Minimum Software Versions ■ Maximum UDP Broadcast Forwar ding Entries: The number of UDP broadcast entries and IP he lper addresses combined can be up to 16 per VLAN, with an overall maximum of 2048 on the switc h. An earlier version of the Multicas t and Routing Guide (page 5-142) had incorrectly stated that the overall maximum[...]

  • Page 33

    22 Known Issues Minimum Software Versions Known Issues Release K.13.25 The following problems are known issues as of release K.1 3.25. SFTP/SCP (PR_0000008270 ) — An SFTP or SCP client session may not close af ter a config download session ends. The work-aroun d is to close the client manually . Release K.13.23 The following problems are known is[...]

  • Page 34

    23 Known Issues Minimum Software Versions ■ W eb (PR_1000761014) — The W eb interface truncate s 16 character passwords to 15 characters. W orkaround: config ure 16 character passwords vi a the CLI. ■ ICMP (PR_1000764033) — ICMP TTL expired messages are being sent with a source address of the interface the message leaves from rather than th[...]

  • Page 35

    24 Known Issues Release K.13.02 ■ Config T ransfer (PR_1000 781004) — The switch allows a config file transfer to set an invalid speed-duplex setting on a 100FX SFP . ■ Config T ransfer (PR_1000781031) — When the valid port settin g 'auto-1000 ' is configured for a 10/100/1000 interface a nd the configuration gets copied to the sw[...]

  • Page 36

    25 Known Issues Release K.13.01[...]

  • Page 37

    26 Enhancements Release K.11.12 Enhancements Enhancements Unless otherwise noted, each new release includes th e enhancements added in all previous releases. Enhancemen ts are listed in chr onological ord er , ol dest to newest software release. T o review a summary of enhancements included since the last general release that was published, begin w[...]

  • Page 38

    27 Enhancements Release K.11.35 Enhancements ■ CLI-configured sFlo w with multiple ins tances: In earlier software releases, the only method for co nfiguring sFlow on the switch w as via SNMP using only a single sFlow i nstance. Beginning with software re lease K.11.34, sFlow can also be conf igured via the CLI for up to three distinct sFlow inst[...]

  • Page 39

    28 Enhancements Release K.11.41 Enhancements Release K.11.41 Enhancements Release K.11.43 includes the following enha ncement: ■ Added support fo r Unidirectiona l Fiber Break Detection (UDLD). Release K.11.42 Enhancements No enhancements, software fixes only. Release K.11.43 Enhancements Release K.11.43 includes the following enha ncement: ■ 8[...]

  • Page 40

    29 Enhancements Release K.11.60 through K.11.63 Enhancements Release K.11.60 throug h K.11.63 Enhancements No enhancements, software fixes only. ■ V ersions K.11.50 through K.11.59 were never buil t. ■ V e rsion K.11.60 was never released. Release K.11.64 Enhancements Release K.11.64 includes the following enha ncement: ■ Loop Protection feat[...]

  • Page 41

    30 Enhancements Release K.12.01 Enhancements Release K.12.01 Enhancements Release K.12.01 is a major software update cont aining many new feat ures and enhancements to existing features. The follow ing upd ates have been documented in the latest revisions to the manual s (February 2007). Refer to the ma nuals for additi onal details. Software Manua[...]

  • Page 42

    31 Enhancements Release K.12.01 Enhancements Advanced T raffic Manageme nt Guide Qos Queue Config: Allows you to redu ce the number of outbou nd queues that all switch po rts will use to buffer packets for 802.1p user priorities. Number of Default VLANs: In the factory d efault state, support has been increased from 8 VLANs to 256 VLANs. (Y ou can [...]

  • Page 43

    32 Enhancements Release K.12.02 Enhancements In addition to the updates listed above, K.12 .01 also provides the following enhancements: ■ Enhancement (PR_1000298920 ) — A ping request issued to a VLAN wh ich is down wi ll now return a more specific message; instead of " request timed out ," the message " The destination address [...]

  • Page 44

    33 Enhancements Release K.12.04 Enhancements For more information, refer to “QoS TCP/ UDP Pr iority” in the Advanced T raffic Management Guide . Release K.12.04 Enhancements Release K.12.04 includes the following enha ncement: ■ Enhancement MSTP (PR_1000369492) — Update of MSTP implementation to the latest IEEE P802.1Q-REV/D5.0 specifi cati[...]

  • Page 45

    34 Enhancements Release K.12.04 Enhancements [admin-edge-port] Enables ad min-edge-port for RSTP/MSTP . If a bridge or switch is detected on the segment, the port automatically operates as non-edge, not enabled. (Default: No - disabled) If a dmin-edge-port is disabled on a port and auto-edge-port has not been disabled, the auto-edge-port setting co[...]

  • Page 46

    35 Enhancements Release K.12.04 Enhancements Syntax : spanning-tree < port-list > < he llo-time | path-cost | point-to-point-m ac | priority > [hello-time < global | 1 - 10 > When the switch is the CIST root, th is parameter specifies the interval (in seconds) between periodic BPDU transmissi ons by the designated ports. This inte[...]

  • Page 47

    36 Enhancements Release K.12.05 Enhancements Release K.12.05 Enhancements Release K.12.05 includes the following enha ncement: ■ Enhancement (PR_100040896 0) — RAD IUS-Assigned GVRP VLANs enhancement. For more informatio n, see “How RADIUS-Based Authenticat ion Affects VL AN Operation” below . How RADIUS-Based Authentication Affects VLAN Op[...]

  • Page 48

    37 Enhancements Release K.12.05 Enhancements Note Y ou can use 802.1X (port-based or client-based) au thentic ation and e ither W eb or MAC authentication at the same time on a port, with a maximum of 32 clien ts allowed on the port. (The default is one client.) W eb authenti cation and MAC authentication are mu tually exclusive on the same port. A[...]

  • Page 49

    38 Enhancements Release K.12.05 Enhancements If the dynamic VLAN does not exist or if y ou have not enabled the use of a dynamic VLAN for authenticatio n sessions on th e switch, the auth entication fails. ■ T o enable the use of a GVRP-learne d (dynamic ) VLAN as the untagged VLAN used in an authentication session, enter the aaa port-access gvrp[...]

  • Page 50

    39 Enhancements Release K.12.05 Enhancements Therefor e, on a port wh ere one or more authent icated client sessions are alrea dy running, all such clients are on the same untagged VLAN. If a RADIU S server subseq uently authenticates a new client, but attempts to re -assi gn the port to a different, un tagged VLAN than the one already in use for t[...]

  • Page 51

    40 Enhancements Release K.12.05 Enhancements Figure 2. Active Configuration for VLAN 22 T emporarily Chang es for the 802.1X Session However , as shown in Figure 1 , because VLAN 33 is c onfigured as untagged on port A2 and because a port can be untagged on only one VLAN, port A2 lo ses access to VLAN 33 fo r the duration of th e 802.1X session on [...]

  • Page 52

    41 Enhancements Release K.12.05 Enhancements When the 802.1X client session on port A2 en ds, the port removes the temporary unta gged VLAN membership. The static VLAN (VLA N 33) that is “permanently” co nfigured as untagged on the port becomes available ag ain. Therefore, wh en the RAD IUS-authenticated 802.1 X session on port A2 ends, VLAN 22[...]

  • Page 53

    42 Enhancements Release K.12.05 Enhancements Enabling the Use of GVRP- Learned Dyna mic VLANs in Authen tication Sessions Syntax: aaa port-access g vrp-vlans Enables the use of dynamic VLANs (learned through GVRP) in the temporary untagged VLAN assigned by a RADIUS server on an authenticated port in an 802.1X, MAC, or W eb authentication session. E[...]

  • Page 54

    43 Enhancements Release K.12.06 Enhancements Release K.12.06 Enhancements Release K.12.06 includes the following enha ncement: ■ Enhancement (PR_10003083 32) — Passwords (hashed) can be saved to the configuration file. Saving Security Credential s in a Configuration File In software release K.12.06 and gr eater , you can store and view the fo l[...]

  • Page 55

    44 Enhancements Release K.12.06 Enhancements ■ By storing different security settings in diff erent files, you can test differe nt security configurations when yo u first download a new software version th at supports multi ple configura tion files by ch anging the co nfigurat ion file used when yo u reboot the switch. For more informati on about[...]

  • Page 56

    45 Enhancements Release K.12.06 Enhancements In software release K.12.06 and grea ter , you cannot view the configure d local password settings in plain text. However , by entering the include-c redentials command de scribed later , you can view a hash of the local passwo rd settings in t he running-config file, in the format: password manager [use[...]

  • Page 57

    46 Enhancements Release K.12.06 Enhancements ■ The < hash- type > parameter specifies th e type of algorith m (if any) used to ha sh the passwor d. V a lid values are plaintext or sh a-1 . ■ The < password > parameter is the clear ASCI I text string or SHA-1 ha sh of the passwo rd. You can enter a ma nager/oper ator password in clea[...]

  • Page 58

    47 Enhancements Release K.12.06 Enhancements < auth-pass > is the hashed authen tication password used with the config ured authenticati on method. priv “< priv-pass >” is the (optional) hashed privacy password used by a privacy pr otoc ol to encryp t SNMPv3 messages between th e switch and the station. The following example shows t[...]

  • Page 59

    48 Enhancements Release K.12.06 Enhancements After you enter the complete password port-access command syntax, t he password is set. Y ou ar e not prompted to enter the password a second ti me. T ACACS+ Encryption Key Authentication Y ou can use T AC ACS+ servers to au thenticate users who re quest access to a switch through T elnet (remote) or co [...]

  • Page 60

    49 Enhancements Release K.12.06 Enhancements In software release K.12.06 and grea ter , RADIUS sh ared secret (enc ryption) ke ys can be save d in a configuratio n file wi th the fo llowing sy ntax: radius-server key < keystring > Where: < keystring > is the encryption key (in c lear text) used fo r secure communication with all or a sp[...]

  • Page 61

    50 Enhancements Release K.12.06 Enhancements If the keystring contains double-quotes, it can be quoted with single quotes (' keystring '). The foll owing restrictions for a keystring apply: ■ A keystring cannot contain both single and double qu otes. ■ A keystring cannot have extra characters, such as a bl ank space or a new line. How[...]

  • Page 62

    51 Enhancements Release K.12.06 Enhancements Figure 6. Example of Hashe d Content of an SSH Client Pub lic Key If a switch configuration contains mul tiple SSH clie nt public keys, each public key is saved as a separate entry in the configuratio n file. Y ou can configure up to ten SSH cl ient public-keys on a switch. ... include-credentials ip ssh[...]

  • Page 63

    52 Enhancements Release K.12.06 Enhancements Enabling the Storage a nd Display of Security Credentials T o enable the security setting s described in “Security Settings that Can Be Saved” on page 44 to be included and viewed in the running conf iguration on the swi tch, enter the include-credential s command. Syntax: [no] include-credentials En[...]

  • Page 64

    53 Enhancements Release K.12.06 Enhancements Operating Notes Caution ■ When you first enter the include-creden tials command to save the additional security credentials to the running configurati on, these settings ar e moved from internal storage on the switch to the r unning-config file. You are prompted by a warning message to perform a write [...]

  • Page 65

    54 Enhancements Release K.12.06 Enhancements ■ After you permanently save securi ty config urations to the current startup- config fi le using the write mem ory command, you can v iew and manage security settings with the follow ing commands: • show config : Displays the configuration settings i n the current startup-config fi le. • copy conf[...]

  • Page 66

    55 Enhancements Release K.12.06 Enhancements ■ If you upgrade ProCurve software on a sw itch from an earlier soft ware release t o software release K.12.06 or grea ter and then enter the include-c redentials command, security passwords are managed as follows: • The manager password (if any) in the earl ier software version is copied into t h e [...]

  • Page 67

    56 Enhancements Release K.12.06 Enhancements Restrictions The following restricti ons apply when you enable se curity credentials to be stored in t he running configuratio n with the i nclude-credentials command: ■ The private keys of an SS H host cannot be stor ed in the running conf iguration. Only the public keys used to authenticate SSH clien[...]

  • Page 68

    57 Enhancements Release K.12.07 Enhancements Note that the password port-acce ss values are configured separately from local operator user - name and passwords that are configu red with the password operator command and used for management access to the switch. For mo re information about how to use the passw ord port-access command to configure op[...]

  • Page 69

    58 Enhancements Release K.12.09 Enhancements Release K.12.09 Enhancements No enhancements, software fixes only. Release K.12.10 Enhancements Release K.12.10 includes the following enha ncement: ■ Enhancement (PR_100041965 3) — The show vlan ports command was enhanced t o display each port in the VLAN separately , displ ay the friendly port name[...]

  • Page 70

    59 Enhancements Release K.12.10 Enhancements The following examples illus trate the displa yed output depending on whether the detail option is used. Figure 7. Example of “Sh ow VLAN Ports” Cumulative Listing Figure 8. Example of “Sh o w VLAN Ports” Detail Listing Vo i c e : Indicates whether a (p ort-based) VLAN is configured as a voice VL[...]

  • Page 71

    60 Enhancements Release K.12.11 Enhancements Release K.12.11 Enhancements No enhancements, soft ware never released. Release K.12.12 Enhancements No enhancements, software fixes only. Release K.12.13 Enhancements No enhancements, soft ware never released. Release K.12.14 Enhancements No enhancements, software fixes only. Release K.12.15 Enhancement[...]

  • Page 72

    61 Enhancements Release K.12.15 Enhancements T o enable SNMP informs, enter this co mmand: T o configure SNMP informs request op tions, use the following commands. T o specify the manager that receives the informs request, use the snmp-server host command. Syntax: [no] snmp-server enab le informs Enables or disables the informs option for SNM P . D[...]

  • Page 73

    62 Enhancements Release K.12.16 Enhancements Y ou can see if informs are enabled or disabled with the sh ow snmp-server command as shown in Figure 9. Figure 9. Example Showin g SNMP Informs Option Enabled Release K.12.16 Enhancements No enhancements, software fixes only. Release K.12.17 Enhancements No enhancements, software fixes only. Release K.1[...]

  • Page 74

    63 Enhancements Release K.12.19 Enhancements ■ Enhancement (PR_100042821 3) — This so ftware enhanceme nt adds the ability to configure a secondary authenti cation method to be used wh en the RADIU S server is unavailable for the primary po rt access method. For more in formation, see the ProCurv e Access Security Guide . ■ Enhancement (PR_10[...]

  • Page 75

    64 Enhancements Release K.12.22 Enhancements Release K.12.22 Enhancements Release K.12.22 includes the following enha ncement: ■ Enhancement (PR_100044302 6) — Support for the new revision "C" Mini-GBICs was added to the CLI and the "show tec h" command. ■ Enhancement (PR_100044441 5) — OSPF Passive Interfac e support wa[...]

  • Page 76

    65 Enhancements Release K.12.33 through K.12.40 Enhancements ■ Enhancement — Merged all of the K.12.24 and earli er software fixes and enhancements with the ProCurve sw itch 8 212zl support. Release K.12.33 throug h K.12.40 Enhancements No enhancements; Never built. Release K.12.41 throug h K.12.42 Enhancements No enhancements; Never released. [...]

  • Page 77

    66 Enhancements Release K.12.45 Enhancements Release K.12.45 Enhancements No enhancements; Never released. Release K.12.46 Enhancements No enhancements; Never released. Release K.12.47 Enhancements Release K.12.47 includes the following enha ncement: ■ Enhancement Removed (PR_10 00468258) — The PC attached to IP telephone enhancement was remove[...]

  • Page 78

    67 Enhancements Release K.12.52 Enhancements ■ Enhancement (PR_100045705 98) — An improved version of the MSTP-VLAN mapping enhancement reference d in PR_1000457691 wa s adde d. This enha ncement allows the mapping of all t heoretically ava ilable VLAN IDs (1- 4094) to an MSTP in stance, even if some of the VLANs are not cu rrently configured o[...]

  • Page 79

    68 Enhancements Release K.12.57 Enhancements ■ Enhancement (PR_100046417 0) — This feature pro vides support for ad ding the LLDP VLAN Name TL V to LLDP advertisements gen erated by ProCurve switches. For more informati on, see the ProCurve Man agement and Configuration Guide. Release K.12.57 Enhancements Release K.12.57 includes the following [...]

  • Page 80

    69 Enhancements Release K.13.01 Enhancements Release K.13.01 Enhancements Release K.13.01 is a major software update cont aining many new feat ures and enhancements to existing features, including IPv6 host and appl ication layer features (see “IPv6 Configuration Guide for 2900/3500/5400/620 0/8200” on page 71 for details). The following enhanc[...]

  • Page 81

    70 Enhancements Release K.13.01 Enhancements STP Diagnostics: Adds more diagnostic f unctions to resolve STP issues. Se e the section on “T roubleshooting an MSTP co nfiguration” in the chapter on Mult iple Instance Spanning-T ree Operation. Routing and Multica st Guide Host-based OSPF-ECMP: Allows OSPF to add routes with multiple next-hop addr[...]

  • Page 82

    71 Enhancements Release K.13.02 Enhancements Release K.13.02 Enhancements Release K.13.02 includes the following enha ncement s. ■ Enhancement : Beginning with K.13.02, DHCP can now be enable d on a Management VLAN. Since, by definition, there is no routing to or from a VLAN configured as a management VLAN, DHCP relay is still prohibited so th e [...]

  • Page 83

    72 Enhancements Release K.13.02 Enhancements When OSPF is Also En abled on the VRR P Routers When OSPF is enabled on the routers and a Fail-b ack event occurs, the Ow ner ro uter immedi ately takes control of the virtual IP address and provid es the default gateway functi onality . If OSPF h a s not converged, the route table in th e Owner router m[...]

  • Page 84

    73 Enhancements Release K.13.02 Enhancements where VID = 16 VRID = 23 PDT = 12 seconds VRRP Preempt Mode with LACP and Older ProCurve Devices There can be an issue with VRRP Preempt Mode if an older ProCurve device (2 524, 2650, 2848, 34 00cl, or 5300) is the intermediate device con necting to a VRRP router and has LACP set in “enable, passi ve?[...]

  • Page 85

    74 Enhancements Release K.13.02 Enhancements There are trade-offs between selecting a small ad vertisement value and a large preempt delay time . A small advertisement value results in a faster fa ilover to the Backup router . A larger PDT value allows OSPF to converge before the Owner router takes back control of it s virtual IP address. Choosing [...]

  • Page 86

    75 Enhancements Release K.13.03 Enhancements Error Messages Release K.13.03 Enhancements Release K.13.03 includes the following enha ncement s. ■ Enhancement (PR_100040099 1) — The 802.1X Controlled Directions feature no w functions independ ently of the STP confi guration, allow ing you to run STP and 802.1X separately . For more information, [...]

  • Page 87

    76 Enhancements Release K.13.04 Enhancements Release K.13.04 Enhancements Release K.13.04 includes the following enha ncement s. ■ Enhancement (PR_ 0000 000081) — The CL I clear module command allow s you to remove module configurat ion information from the configuration file. Clear Module Configuration Overview Because of the hot-swap capab il[...]

  • Page 88

    77 Enhancements Release K.13.04 Enhancements ■ Enhancement (PR_ 000000008 2) — The CLI track interface command allows you to configure tracki ng for a port or list of ports, or a trunk or list of trunks. VRRP—Dynamic Priority Change Overview This enhancement provide s the ability to dy namically cha nge the priority of the virtual router (VR)[...]

  • Page 89

    78 Enhancements Release K.13.04 Enhancements Note A Backup VR switches to prio rity zero instead of it s configured value when al l its tracked entities go down. An Owner VR always uses priority 2 55 and neve r relinquishes control voluntarily . CLI Commands The following commands are used for thi s enhancement. Note Y ou can only configure tracked[...]

  • Page 90

    79 Enhancements Release K.13.04 Enhancements Configuring T rack VLAN The track vlan command allows you to specify a VLAN or range of VLANs to be tracked by the VR. Notes VR operation must be down bef ore executing this command. Use the no enable command to disable VR operation. The VRs operating VLAN can’t be config ured as a tracking VLAN for th[...]

  • Page 91

    80 Enhancements Release K.13.04 Enhancements For example: ProCurve(vlan-25-vrid-1)# no track Failover Opera tion Failover operation involves h anding off of the VRs co ntrol of th e virtual IP to another VR. Once a failover command is issued , the VR begins sending advertisements with priority zero instead o f the configured priority . When the VR [...]

  • Page 92

    81 Enhancements Release K.13.04 Enhancements Displaying the VRRP Configuratio n Y ou can display the VRRP tracked entiti es by entering the command show n in Figure 11 . Figure 11. Example of show vrrp trac ked entities Command Y ou can displ ay the VRRP confi guration by ente ring the com mand shown in Figure 12 . Figure 12. Example Showin g the V[...]

  • Page 93

    82 Enhancements Release K.13.04 Enhancements • The VRs operating VLAN can’ t be config ured as a tracking VLAN for that VR. • Ports that are part of a trunk can’ t be tracked. • A port that is t racked can’t be included in a trunk. • T runks that are tracked can’ t be removed; you are not able to remove the last port from the trunk.[...]

  • Page 94

    83 Enhancements Release K.13.04 Enhancements ■ Enhancement (PR_ 00000000 84) — DHCP Option 66 provides a way to automatically download and in itially boot from a configuration that is diff erent from the fa ctory-shipped configuration. DHCP Option 66 Automatic Configuration Update Overview ProCurve switches are initially bo oted up with the fac[...]

  • Page 95

    84 Enhancements Release K.13.04 Enhancements Possible Scenarios for Updati ng the Configuration File The following tab le shows various network configurations and how Option 66 is handl ed. Operating Notes Replacing the Existing Con figuration File : After the DHCP client downloads the configuration file, the switch compares the conten ts of that f[...]

  • Page 96

    85 Enhancements Release K.13.04 Enhancements • DHCP is preferred over BootP • If two BootP offers are received, the first one is selected • For two DHCP offers: – The offer from an authoritative server is selected – If there is no authoritative server , the offer with the longest lease i s selected Log Messages The file transfer is implem[...]

  • Page 97

    86 Enhancements Release K.13.04 Enhancements If the IP address has no t already been confi gured on the inte rface (VLAN), you wil l see the message shown in Figure 14 . Figure 14. Example of T rying to Configure an IP Add ress that is not on this Interfac e (VLAN) Displaying the BO OTP Gateway T o display the configured BOOTP ga teway for an inter[...]

  • Page 98

    87 Enhancements Release K.13.04 Enhancements Operating Notes • If the config ured BOOTP gateway add ress becomes invalid, DHCP relay agent ret urns to the default behavior (assigning the lowest-numbered IP address). • If you try to configure an IP address that is not assigned to that interface, the c onfigu- ration will fail and the previousl y[...]

  • Page 99

    88 Enhancements Release K.13.04 Enhancements Figure 1. Example of Inb ound Broadcast Rate-lim iting of 50% on Port 3 If you rate-lim it multicast traf fic on the same po rt, the multicast lim it is also in effect for that port, as shown in Figure 2 . Only 20 percent of the multic ast traffic will be forwarded . Figure 2. Example of Inb ound Multica[...]

  • Page 100

    89 Enhancements Release K.13.04 Enhancements Figure 3. Example of Disab ling Inbound Mu lticast Rate-limitin g for Port 3 Operating Notes • This rate-limiting featu re does not limit unicast traffic. • This feature does not include out bound multicast rate-limiti ng. For more detailed info rmation abo ut rate-limiting, see the Multicast and Rou[...]

  • Page 101

    90 Enhancements Release K.13.04 Enhancements For example, if the host “Labswitch” is in the domain abc.com, you can enter the follow ing command and the destinati on is resolved t o “Labswitch.abc.com”. ProCurve(config)# telnet Labswitch Y ou can also enter t he full domain name i n the command : ProCurve(config)# telnet Labswitch.abc.com Y[...]

  • Page 102

    91 Enhancements Release K.13.04 Enhancements Figure 17. Example of the show modules Comman d Output Figure 18. An Example of th e show modules deta ils Command for the 8212zl Showi ng SSM and Mini-GBIC Informa tion Syntax: show modules [de tails] Displays information about the installed modules, including: • The slot in whi ch the module is insta[...]

  • Page 103

    92 Enhancements Release K.13.04 Enhancements Note On ProCurve 3500yl and 6200yl seri es switches, the mini-GBIC inform ation does not display as the ports are fixed and not part of any module. ■ Enhancement (PR_ 000000010 1) — This enhancement adds a vrrp option to the debug command. VRRP Option with Debug Command This enhancement adds a vrrp o[...]

  • Page 104

    93 Enhancements Release K.13.04 Enhancements Figure 19. Example of the show vrrp Command with Stati stics ■ Enhancement (PR_ 00000 00420) — This enhancement provides the show-tech option for customizing cop y tftp output. Copy Command with Show T ech Option This enhancement allows the show-tech command to execute a series of commands found in a[...]

  • Page 105

    94 Enhancements Release K.13.05 through K.13.15 Enhancements For example: Figure 4. Example of Using the sh ow-tech Command to Uplo ad a Customized List Release K.13.05 throug h K.13.15 Enhancements No enhancements; Bug fixes only . Release K.13.16 Enhancements Release K.13.16 includes th e follow ing enhancements: ■ Enhancement (PR_0000001641) ?[...]

  • Page 106

    95 Enhancements Release K.13.16 Enhancements For example: ProCurve(config)# console inactivity-timer 20 ■ Enhancement (PR_100078024 7) — This enhancement provides hpicf Download MIB support for tr ansferring configuration files both to and from a TFTP server . Prior to this enhancement , MIB support was limited to do wnloading and u ploading so[...]

  • Page 107

    96 Enhancements Release K.13.16 Enhancements Setting the Manageme nt Access Method—CLI Enter the following command to configure th e management access method using the CLI. Figure 5. Example of Co nfiguring IP Authorized Ma nager Access Method SSH Figure 6. Example of show authorized-managers Comm and with Access Me thod Configured Setting the Ma[...]

  • Page 108

    97 Enhancements Release K.13.16 Enhancements Figure 7. Example of Menu Showing Aut horized Managers with Access Method Figure 8. Example of Edit Menu for IP Managers Setting the Management Access Method—W eb Interface T o set the management access method in the W eb interface , click on the Security tab, and then click on the Auth orized A ddress[...]

  • Page 109

    98 Enhancements Release K.13.16 Enhancements Figure 9. Example of Co nfiguring Authorized Manager Access Meth od in the Web Interface See “Using Author ized IP Managers” in the Access Security Guide for your switch for more informati on about aut horized IP ma nagers. ■ Enhancement (PR_000000009 0) — This enhancemen t allo ws you to choose [...]

  • Page 110

    99 Enhancements Release K.13.16 Enhancements Columns supported are: Syntax: show interfaces cust om [port-list] column-list Select the information that you want to display. Parameters include: ■ port name ■ type ■ vlan ■ intrusion ■ enabled ■ status ■ speed ■ mdi ■ flow Parameter Column Displays Examples port Port identifier A2 ty[...]

  • Page 111

    100 Enhancements Release K.13.16 Enhancements Figure 20. Example of the Custom show interf aces Command Y ou can specify the column wi dth by entering a colon after th e column name, th en indicating the number of characters to display . In Figure 20 the Name column only displays the first four characters of the name. All remaining characters are t[...]

  • Page 112

    101 Enhancements Release K.13.16 Enhancements Note on Using Pattern Matching with the “Show Inte rfaces Custom” Command If you have included a pattern matching command to search for a field in the output of the show int custom command an d the show int custom command produces an error , the error message may not be visible and the output i s em[...]

  • Page 113

    102 Enhancements Release K.13.16 Enhancements Y ou can also use the no-tag-added parameter with ACL traffic filt ering when mirroring IP traffic. Figure 21. Mirroring Commands with the no-tag-added Option Figure 22. Example of a Currently Conf igured Mirroring Summ ary on a Source Switch Syntax: [no] interfa ce <port-num | trunk-name | mesh> [...]

  • Page 114

    103 Enhancements Release K.13.16 Enhancements Figure 23. Example of Se ssion Output Show ing no-tag-added Option Note For more information about traffi c mirroring , see “Monitoring an d An alyzing Switch Operation” in the Management and Configurat ion Guide for your switch . For more informati on about ACL filtering, see “Access Cont rol Lis[...]

  • Page 115

    104 Enhancements Release K.13.16 Enhancements SHOULD save the change to non-volatile storage.” DEFVAL { 2 } ::= { hpicfBridgeMirrorSessionEntry 2 } Operating Notes • The specified port can be a physical port, a tru nk port, or a mesh port. • Only a single logical port (physi cal port or trunk) can be associated with a mirror session when the [...]

  • Page 116

    105 Enhancements Release K.13.16 Enhancements • W eb and MAC authentications are not allowed on the same port if unauthenti cated VLAN (that is, a guest VLAN) is enabled for MAC authentication. An unauthenticat ed VLAN can’t be enabled for MAC authenticat ion if W eb and MAC authentication are both enabled on the port. • Hitless re-authenti c[...]

  • Page 117

    106 Enhancements Release K.13.16 Enhancements Figure 24. Example of Disabl ing a Specific Cipher Configuring Key Lengths and DSA/RSA Support This enhancement allows you to specify the type an d length of the generated host key . The command is: Y ou can also generate and use a DS A key as the host key . The size of the host key is platform- depende[...]

  • Page 118

    107 Enhancements Release K.13.16 Enhancements Message Authentication Code (MAC) Support This enhancement allows config uration of the set of MACs th at are available for selection. Displaying the SSH Information The show ip ssh command has been enhanced to displa y information about ciph ers, MACs, an d key types and sizes. T able 1. RSA/DSA Values[...]

  • Page 119

    108 Enhancements Release K.13.16 Enhancements Figure 25. Example of show ip ssh Command Show ing Ciphers, MACs and Key Inf ormation Logging Messages There are new event log messages when a new k ey is generated and zeroiz ed for the server: ssh: New <num-bits> -bit [rsa | dsa] SSH host key installe d ssh: SSH host key zeroized There are also [...]

  • Page 120

    109 Enhancements Release K.13.17 Enhancements • debug • debug2 • debug3 Release K.13.17 Enhancements No enhancements; Bug fixes only . Release K.13.18 Enhancements Release K.13.18 includes th e follow ing enhancements: ■ Enhancement (PR_100040676 3) — New commands were added to the CLI response to the show tech command. Release K.13.19 En[...]

  • Page 121

    110 Enhancements Release K.13.19 Enhancements For example, if yo u use the show interface custo m command to specify the outp ut, you can configure an alias for the comma nd to simplify execution. Figure 26. Example of Using the Ali as Command with show in t custom Creates a shortcut alias name to use in place of a commonly used command. The alias [...]

  • Page 122

    111 Enhancements Release K.13.19 Enhancements Note Remember to enclose the comma nd being aliased in quotes. Command parameters for the aliase d command can be added at the e nd of the ali as command string. For example: ProCurve(config)# alias shoconfig “show config” ProCurve(config)# shoconfig status T o change the command that is aliased, re[...]

  • Page 123

    112 Enhancements Release K.13.19 Enhancements Note See the section “Command Differ ences for the ProCurve Series 2600/ 2800/3400cl/6400c l Switches” on page 113 for command differences on these switches. Adding a Description for a Syslog Server Y ou can associate a user -frie ndly description with each of the IP addresses (IPv4 only) configu re[...]

  • Page 124

    113 Enhancements Release K.13.19 Enhancements Figure 11. Example of the Logg ing Command with a Priority Description Note A notificat ion is sent to the SNMP age nt if there are any ch anges to the syslog para meters either through the CLI or with SNMP . Command Diff erences for the ProCur ve Seri es 2600/2800/3400cl/64 00cl Switches CLI Commands T[...]

  • Page 125

    114 Enhancements Release K.13.19 Enhancements • If the def ault severity va lue is in effec t, al l messages that have severities greate r than the default value are passed to syslog. For e xam ple, if the default severity is “debug”, all messages that have sev erities greate r than debug are passed to syslog. • There is a limit of six s ys[...]

  • Page 126

    115 Enhancements Release K.13.19 Enhancements • Y ou can use up to three W eb servers in your network to store and display customized W eb pages for W eb Authentication login. • T o configure a W e b server on your network, follow the instruction s in the documentation provided with t he server . • Before you enable cu stom W eb Authenticatio[...]

  • Page 127

    116 Enhancements Release K.13.19 Enhancements Customizable HTML T emplates The sample HTML files descri bed in the followin g s ections are customizable templates. T o help you create your own set HTML files, a set of the templates can be foun d on the down load page for ‘K’ software. User Login Page (index.html) Figure 12. User Login Page The [...]

  • Page 128

    117 Enhancements Release K.13.19 Enhancements Figure 13. HTML Code for User Login Page T emplate <!-- ProCurve Web Authentication Templ ate index.html --> <html> <head> <title>User Login</title> </head> <body> <h1>User Login</h1> <p>In order to access this network, you must first log in.&l[...]

  • Page 129

    118 Enhancements Release K.13.19 Enhancements Access Granted Page (accept.html) Figure 14. Access Granted Page The accept.html file is the W eb pa ge used to confirm a valid clie nt login. This W eb p age is display ed after a valid username and pass wo rd are entered and accepted. The client device is then g ranted access to the netw ork. T o conf[...]

  • Page 130

    119 Enhancements Release K.13.19 Enhancements Figure 15. HTML Code for Access Granted Pa ge T emplate Authenticating Page (authen.html) Figure 16. Authentica ting Page <!-- ProCurve Web Authentication Templ ate accept.html --> <html> <head> <title>Access Granted</titl e> <!-- The following line is required to automa[...]

  • Page 131

    120 Enhancements Release K.13.19 Enhancements The authen.html fil e is the W eb page used to proce ss a clien t login and is refreshe d while user credentials are ch ecked and verified. Figure 17. HTML Code for Authenticati ng Page T emplate Invalid Credential s Page (reject_unauthvlan. html) Figure 18. Invalid Credentials Pag e <!-- ProCurve We[...]

  • Page 132

    121 Enhancements Release K.13.19 Enhancements The reject_unauthvlan.html file is the W eb page used to displa y login failu res in whic h an unau thenti- cated client is assigned to the VLAN configured for unauthorized client sessions. Y ou can conf igure the VLAN used by unauth orized clie nts with the aaa port-ac cess web-based unauth-vi d comman[...]

  • Page 133

    122 Enhancements Release K.13.19 Enhancements T imeout Page (timeout.html) Figure 20. T imeout Page The timeout.html file is the W eb page used to return an e rror message if the RADIUS server is not reachable. Y ou can configure the time period (in seco nds) that the switch waits for a response from the RADIUS server used to verify client cred ent[...]

  • Page 134

    123 Enhancements Release K.13.19 Enhancements Retry Login Page (retry_logi n.html) Figure 22. Retry Login Page The retry_login.html file is the W eb page displaye d to a clie nt that has entered an invalid username and/or password, an d is given another opp ortunity to log in. The W A UTHRETRIESLEFTGET ES I displays the numb er of login ret r ies t[...]

  • Page 135

    124 Enhancements Release K.13.19 Enhancements Figure 23. HTML Code fo r Retry Login Page T emplate SSL Redirect Page (sslredirect.html) Figure 24. SSL Redirect Page <!-- ProCurve Web Authentication Templ ate retry_login.html --> <html> <head> <title>Invalid Credentials</title> <!-- The following line is re quired to[...]

  • Page 136

    125 Enhancements Release K.13.19 Enhancements The sslredirect file is the W eb page displayed when a client is redirected to an SSL server to enter credentials for W eb Authentic ation . If you have enabled SSL on the switch, you can enable secure SSL-based W eb Authentication by entering the aaa port-access web-based ssl-login command when you ena[...]

  • Page 137

    126 Enhancements Release K.13.19 Enhancements Access De nied Page (reject_novl an.html) Figure 26. Access Denied Page The reject_novlan file is the W eb page displaye d after a clie nt login fails and no VLAN is configured for unauthorized clients. The W AUTHQUIETTIMEGET ESI inserts the time period used t o block an unauthorized client fr om attemp[...]

  • Page 138

    127 Enhancements Release K.13.19 Enhancements Figure 27. HTML Code for Access Denied Page T emplate <!-- ProCurve Web Authentication Templ ate reject_novlan.html --> <html> <head> <title>Access Denied</title > <!-- The line below is requir ed to automatically redirect the user back to the login page. --> <meta[...]

  • Page 139

    128 Enhancements Release K.13.19 Enhancements Commands for Using Custom W eb Authentication Pages aaa port-access web-ba sed ewa-server Figure 29. Adding Web Servers with the aaa port-ac cess web-based ews-server Comman d Figure 31. Removing a Web Server with the aaa port-access web -based ews-server Command Command Page [no] aaa port-access web-ba[...]

  • Page 140

    129 Enhancements Release K.13.19 Enhancements show port-access web-based config Figure 33. Example of show po rt-access Web-based config Command Output Enhancement (PR_100046026 5) — This enhancement provides Dynamic I P Lockdown, which is used to preven t IP source address spoo fing on a per -port and per -VLAN basis. Dynamic IP Lockdown The Dyn[...]

  • Page 141

    130 Enhancements Release K.13.19 Enhancements Protection Agai nst IP Source Addres s Spoofing Many network attacks occur when an attacker injects pac kets with fo rged IP source addresses into the network. Also, some ne twork service s use the IP source address as a component in their authentication schemes. For exampl e, the BSD “r” protocols [...]

  • Page 142

    131 Enhancements Release K.13.19 Enhancements Prerequisite: DHCP Snoo ping Dynamic IP lockdo wn requires th at you enable DHCP snooping as a prerequisite for its operation on ports and VLAN traffic : • Dynamic IP l ockdown only enable s traffic for clie nts whose leased IP add resses are already stored in the l ease database created by DHCP snoop[...]

  • Page 143

    132 Enhancements Release K.13.19 Enhancements In this ex ample, the fol lowing DHCP leases have been learned by DHCP snooping on port 5. VLANs 2 and 5 are enabled for DHCP snooping. Figure 28. Sample DHCP Snooping Entries The following example shows an IP-to-MAC address and VLAN binding that have be en statically configured in the lease database on[...]

  • Page 144

    133 Enhancements Release K.13.19 Enhancements Enabling Dynamic IP Lockdown T o enable dynamic IP lockdown on all ports or specified ports, en ter the ip source-lockdown command at the global configuration level. Use th e no form of th e command to di sable dynam ic IP lockdow n. Operating Notes ■ Dynamic IP lockdown is enabled at the port configu[...]

  • Page 145

    134 Enhancements Release K.13.19 Enhancements • Remove the trusted-port co nfiguration. ■ Y ou can con figure dynamic IP lockdown only f rom the CLI; this feature cannot be configured from the W eb management or menu interface. ■ If you enable dynamic IP lo ckdown on a po rt, you cannot add th e port to a trunk. ■ Dynamic IP lockdown must b[...]

  • Page 146

    135 Enhancements Release K.13.19 Enhancements Adding a Static Binding T o add the static configur ation of an IP-to-MAC binding for a port to the lease database, enter the ip source-binding command at the globa l configuration level. Use the no form of the command to remove the IP-to-MAC binding from the database. Note Note that the ip source-bindi[...]

  • Page 147

    136 Enhancements Release K.13.19 Enhancements An example of the show i p source-lockdown status command output is shown i n Figure 31. Note that the operational status of all swit ch ports is displayed. This info rmation indicates wheth er or not dynamic IP lock down is supporte d on a port. Figure 31. Example of show ip sou rce-lockdown status Com[...]

  • Page 148

    137 Enhancements Release K.13.19 Enhancements Figure 32. Example of show ip sou rce-lockdown bin dings Command Output In the show ip source-loc kdown bindings command output, the “Not in HW” co lumn specifies wheth er or not (YES or NO) a statically confi gured IP-to- MAC and VLAN binding on a speci fied port has been combined in the lease data[...]

  • Page 149

    138 Enhancements Release K.13.20 Enhancements Figure 33. Example of debug dyna mic-ip-lockd own Command Output Release K.13.20 Enhancements Release K.13.20 includes th e follow ing enhancements: ■ Enhancement (PR_000000412 4) — Support is added for t he J9144A ProCurve 10-GbE X2-SC LRM Optic, an X2 form-f actor transceiver that supports the 10-[...]

  • Page 150

    139 Enhancements Release K.13.21 Enhancements Release K.13.21 Enhancements No enhancements; Bug fixes only . Release K.13.22 Enhancements No enhancements; Bug fixes only . Release K.13.23 Enhancements No enhancements; Bug fixes only . Release K.13.24 throug h K.13.25 Enhancements No enhancements; Bug fixes only . Release K.13.26 throug h K.13.39 En[...]

  • Page 151

    140 Enhancements Release K.13.40 Enhancements disabled (1), active (2), passive (3) } ACCESS read-write STATUS mandatory DESCRIPTION “Used to set administrative status of LACP on all the ports. A Port can have one of the three administrative status of LACP. Active/Passive/Disabled are the three states.” ::= { hpSwitchLACPConfig 1 } hpSwitchLink[...]

  • Page 152

    141 Enhancements Release K.13.40 Enhancements SNMP displays the counter and statistics totals accu mulated since the last rebo ot; it is not affected by the c lear statistics gl obal command or the clear statistics < port-list > command. An SNMP trap is sent whenever the statisti cs are cleare d. Note The clearing of statisti cs cannot be unc[...]

  • Page 153

    142 Enhancements Release K.13.40 Enhancements Adding a Description for a Syslog Server Y ou can associate a user -frie ndly description with each of the IP addresses (IPv4 only) configu red for syslog using the CLI or SN MP . The CLI comman d is: Figure 34. Example of the Logging Command with a Control Description Caution Entering the no logging co[...]

  • Page 154

    143 Enhancements Release K.13.41 Enhancements Figure 35. Example of the Logg ing Command with a Priority Description Note A notificat ion is sent to the SNMP age nt if there are any ch anges to the syslog para meters either through the CLI or with SNMP . Operating Notes • Duplicate I P addresses are not sto red in the list of syslog servers. • [...]

  • Page 155

    144 Enhancements Release K.13.44 Enhancements Release K.13.44 Enhancements No enhancements; Bug fixes only . (Not a public release) Release K.13.45 Enhancements The following prob lems were resolved in relea se K.13.45. ■ Enhancement (PR_000001078 3) — Support was added for the following product s. J9099B - ProCurve 100-BX-D SFP-LC T ransc eive[...]

  • Page 156

    145 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.12 Software Fixes in Release K.11.12 - K.13.49 Software fixes are listed in chro nological order , oldest to newest. Unless otherw ise noted, each new re lease i ncludes the software fixes added in all previous releases. Release K.11.11 was the first production software rele ase for the [...]

  • Page 157

    146 Software Fixes in Release K.11.12 - K.13.49 Release K.11.13 ■ MSTP Enhancement (PR_100031046 3) — Implementation of legacy path cost MIB and CLI option fo r MSTP . ■ RSTP (PR_1000307278) — Replacing an 802.1D bridge de vi ce with an end node (non-STP device) on the same Swi tch port, can resu lt in the RSTP Switch sending TCNs. ■ W eb[...]

  • Page 158

    147 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.16 ■ CLI (PR_1000315256) — I nconsistent error message, " Resource unavailable ," when configuring more than the maximum nu mber of allowe d static IP routes. ■ Crash (PR_1000322009) — The Switch may crash with a message similar to: Software exception in ISR at queues.c[...]

  • Page 159

    148 Software Fixes in Release K.11.12 - K.13.49 Release K.11.32 Software exception at ldbal_cost.c:1577 -- in 'eDrvPoll', task ID = 0x1760650-> ASSERT: failed. ■ Crash (PR_1000314305) — The switch may crash with a message similar to: Software exception at ipamMApi.c:1592/1594 -- in 'eRouteCtrl' ■ Crash (PR_1000323759) ?[...]

  • Page 160

    149 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.32 ■ Crash (PR_1000335430) — The Switch may crash with a message similar to: "Cam range reservation error" crash at aqSlaveRanges.c:172. ■ Event Log (PR_100030 8669) — After a Switch reset, the eve nt log does not display correct information . ■ Event Log (PR_10003109[...]

  • Page 161

    150 Software Fixes in Release K.11.12 - K.13.49 Release K.11.33 ■ Module (PR_10003303 12) — Booting up the Swit ch with an unsupported module installed may cause all existing modules to fail. ■ MSTP Enhancement (PR_10003317 92) — Implementation of Spanning-tree BPDU Filter and SNMP T raps. ■ Power Supply (PR_1000310 159) — After power s[...]

  • Page 162

    151 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.34 "Software exception at alloc_free.c:422 -- in 'eDrvPoll'...-> No msg buffer", when Switch is configured for ACL logging. ■ Module J8705A (PR_1 000336281) — The Switch 5400zl 20P 10/100/1000 + 4 mini GBIC module (J8705A) may stop forwarding packets. Release K[...]

  • Page 163

    152 Software Fixes in Release K.11.12 - K.13.49 Release K.11.36 ■ MIB (PR_1000307831) — The MIB value for ipAddrT able is not populat ed. ■ RIP (PR_1000331536) — RIP does not send a route p oison update in response to a fai led route. ■ Show tech (PR_1000 294072) — Show T ech statistics displ ays incorrect port names for fixed ports. Re[...]

  • Page 164

    153 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.40 Software Exception at rt_table.c.758 -- in 'eRouteCtrl', task ID = 0x8a d6b30 -> Routing Task: Route Destinations exceeded Release K.11.40 The following problems were resolved in release K.1 1.40 (not a general release) ■ CLI (PR_1000353548) — Use of the command show [...]

  • Page 165

    154 Software Fixes in Release K.11.12 - K.13.49 Release K.11.44 The following problems were resolved in release K.1 1.43 (not a general release) ■ Crash (PR_1000307842) — When deleting/removin g CL I ACLs, IDM ACLs, management VLAN, or viru s throttle lock outs, swit c h crashes with error similar to : "Delete virtual m eter with non zero [...]

  • Page 166

    155 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.47 Release K.11.47 The following problems were resolved in release K.1 1.47 (not a general release) ■ Management VLAN (PR_100029 9387) — The management VLAN does not allow connectivity from valid addresses. ■ SNMP (PR_1000358129) — The command line in terfa ce (CLI) becomes unres[...]

  • Page 167

    156 Software Fixes in Release K.11.12 - K.13.49 Release K.11.61 ■ sFlow (PR_10003616 04) — Changed the maximum sF low skipcount to 24 bits. Release K.11.61 V ersions K.11.50 through K.11.59 were never buil t. V e rsion K.11.60 was never released. The following problems were resolved in release K.1 1.61 (not a general release) ■ 802.1X (PR_100[...]

  • Page 168

    157 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.63 Release K.11.63 The following prob lems were resolved in relea se K.11.63 ■ 802.1p QoS (PR_100 0368188) — 802.1p pr ioritization may not work once a trunk is enabled on a module, unless the u ser issues the commands "qos type -of service ip-precedence" or "qos type-[...]

  • Page 169

    158 Software Fixes in Release K.11.12 - K.13.49 Release K.11.65 Release K.11.65 The following problems were resolved in releas e K.11.65 (not a general release) ■ Alarms/Log (PR_100 0371908) — The ambient temperature measured by the 5406zl chassis is 4 degrees C too high, causing the ge ne ration o f false h igh temperature alarms. ■ CLI (PR_[...]

  • Page 170

    159 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.67 ■ W e b/RADIUS (PR_1000368520) — W eb Authentication doesn't authenticate clients due to a failure to send RADIUS requ ests to the conf igured server . ■ W ebUI (PR_1000371598) — Unable to Ac cess Stack Members through Commander W ebUI. Use of the W ebUI "stack a cce[...]

  • Page 171

    160 Software Fixes in Release K.11.12 - K.13.49 Release K.11.69 Release K.11.69 The following prob lems were resolved in relea se K.11.69 ■ Routing (PR_100039208 6) — The switch learns a bogus MAC address when the next hop address is unknown, causing t he swit ch to stop forw arding traffic . Release K.11.69 is the last release of the K.11. xx [...]

  • Page 172

    161 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.02 ■ Enhancement (PR_1000298920 ) — A ping request issued to a VLAN wh ich is down wi ll now return a more specific message; instead of " request timed out ", the message " The destination address is unreach able " will be displa yed. ■ Enhancement (PR_100037322[...]

  • Page 173

    162 Software Fixes in Release K.11.12 - K.13.49 Release K.12.03 ■ Crash (PR_1000392863) — Switch ma y crash wh en setmib tcpConnState is used, with a message similar to: NMI event SW:IP=0x0079f4a0 MSR:0x00029210 LR:0x006dca60 Task='eTelnetd' Task ID=0x8a7cbb0 cr: 0x20000042 sp:0x08a7c870 ■ Daylight savings (PR_10 00364740) — Due t[...]

  • Page 174

    163 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.04 ■ Enhancement (PR_100039839 3) — For the interface < port-li st > speed-duplex command, added the auto-10-100 configuration option to constrain a link to 10/100 Mbp s speed and allow a more rapid linkup pr ocess when 1000 Mbps operation is not possible. ■ Enhancement (PR_1[...]

  • Page 175

    164 Software Fixes in Release K.11.12 - K.13.49 Release K.12.05 Release K.12.05 The following prob lems were resolved in relea se K.12.05. ■ BootROM (PR_1000402707 ) — BootROM does not update to latest version when up dating code to primary flash. ■ CLI (PR_1000309998) — Management module is incorrect ly displayed as J8627A rather than the [...]

  • Page 176

    165 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.08 Release K.12.08 Software never re leased. ■ Enhancement (PR_100041376 4) — Increase the size of the sysLocation and sysContact entries from 48 to 255 characte rs. For more information, see “Rele ase K.12.08 Enhancemen ts” on page 57 . Release K.12.09 The following problem was [...]

  • Page 177

    166 Software Fixes in Release K.11.12 - K.13.49 Release K.12.11 ■ SNMP (PR_1000374893) — When retrieving the switch serial number via SNMP , the management mod ule serial numb er is return ed instead of the chassis seri al number . ■ SNMP (PR_1000422129) — HP Fault Fi nder doesn' t send the interface i ndex with t he SNMP trap, even th[...]

  • Page 178

    167 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.15 ■ Hotswap (PR_100042271 4) — Hotswapping a module may result in a false module self-test failure. After hot swapping the m odule, the follo wing messages may appear in the eve nt log: I 05/27/06 12:06:54 00076 ports: por t B23 is now on-line W 05/27/06 12:07:00 00564 ports: por t [...]

  • Page 179

    168 Software Fixes in Release K.11.12 - K.13.49 Release K.12.16 ■ Rate-Limiting (PR_10004 20720) — Rate li miting is b roken beyond 9.5 Mbps. Fo r any rate limit set to more than 9.5 Mbps, the actual ra te drops to 1 Mbps. Release K.12.16 The following prob lems were resolved in relea se K.12.16. ■ Crash (PR_1000415621) — Removing a VLAN th[...]

  • Page 180

    169 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.18 Release K.12.18 The following prob lems were resolved in relea se K.12.18. ■ CLI (PR_1000419379) — The “i nterface” command does not exist in th e VLAN context, resulting in an in ability to sh ift to the i nterf ace configuration context directly from the VLA N context. ■ H[...]

  • Page 181

    170 Software Fixes in Release K.11.12 - K.13.49 Release K.12.20 ■ 10-GbE Log (PR_100042 4384) — The switch is not check ing for the presence of the J8694A ProCurve yl 10G X2-CX4 module early enough in the boot process, trig gering a log message when the check is executed. Release K.12.20 The following problems were resolved in release K.12.2 0 [...]

  • Page 182

    171 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.22 ■ Routing (PR_1000432 449) — If the sw itch is config ured with both po rt security and routing, a physical port transit ion on the host may cause the switch to stop transmitting routed traff ic to that ho st. Clearing the ARP cache resolves this pr oblem until another port transi[...]

  • Page 183

    172 Software Fixes in Release K.11.12 - K.13.49 Release K.12.24 ■ MSTP (PR_1000439775) — The switch g e nerates a topology change when a port goes off-line. With MSTP en abled and all ports left at defaul t (auto-edge-port), when a port transitions to offli ne, a TC will be generate d, and the topology ch ange counter inc reases. ■ Multicast [...]

  • Page 184

    173 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.26 through K.12.29 Release K.12.26 through K.12.29 Software never bu ilt. Release K.12.30 Software never re leased. Release K.12.31 The following prob lems were resolved in relea se K.12.31. ■ Enhancement — Support fo r the following ProCur ve product was added. J9091A / J8715A (bund[...]

  • Page 185

    174 Software Fixes in Release K.11.12 - K.13.49 Release K.12.44 Release K.12.44 Not a general release. ■ Enhancement (PR_100045769 1) — This enhancemen t allows the mapping of all theoretically availa ble VLAN IDs (1-409 4) to an MSTP instance, eve n if some of the VLANs are not currently co nfigured on the switch. For more information, see “[...]

  • Page 186

    175 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.46 ■ SNMP (PR_1000444744) — An snmp set of hpicfD ot1xPaePortauth or an snmp set hpicfDot1xPaePortSupp of an invalid value ma y cause the switch to crash with a message similar to the follow ing: ASSERT at aaa8021x_dyn_reconfig.c . ■ SSH (PR_1000461002) — Issue with auth enticati[...]

  • Page 187

    176 Software Fixes in Release K.11.12 - K.13.49 Release K.12.48 Release K.12.48 The following prob lems were resolved in relea se K.12.48. ■ Enhancement Removed (PR_1 000470136) — Removal of the enha ncement that allows the mapping of all theoretically available VLAN IDs (1-4094) to an MSTP instance, even if some of the VLANs are not currently [...]

  • Page 188

    177 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.52 ■ Routing (PR_100042430 8) — A static route that points to a deleted VLAN may cause other routing table errors. ■ CLI (PR_1000473468) — Removing a VLAN range from an MSTP instance (e.g., no spanning-tree instance 2 vlan 10-20) fa ils to de lete the VLANs. Listing indi vidually[...]

  • Page 189

    178 Software Fixes in Release K.11.12 - K.13.49 Release K.12.54 Release K.12.54 The following prob lems were resolved in relea se K.12.54. ■ Connection Rate Filte r (PR_1000440871) — Some types of traffic could result in connection rate filter ing (CRF) that bloc ks the switch management IP address. ■ Connection Rate Filter (PR_1000716601) ?[...]

  • Page 190

    179 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.55 Release K.12.55 The following problems were resolved in release K .12.55 (never released). ■ DARPP (PR_1000736402) — The last port on the switch will not be initialized with Dynamic ARP Protection (DARPP) characteri stics if the last two ports are DARPP configured. For example, if[...]

  • Page 191

    180 Software Fixes in Release K.11.12 - K.13.49 Release K.12.57 3) The SSH client application does not get a co mmand prompt (or equival ent) back from the switch until the OS is verified and burned to flash. 4) The show flash command incorrectly shows an OS image present in flash before th e OS has completely copied to flash . ■ Routing (PR_1000[...]

  • Page 192

    181 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.02 Release K.13.02 The following prob lems were resolved in relea se K.13.02. ■ Enhancement (PR_100045812 4) — VRRP Preemptive Delay T imer . For more informati on, see “Release K.13.02 Enhancements” on page 71 . ■ CLI (PR_1000307590) — T ab-help error in the spanning-tree in[...]

  • Page 193

    182 Software Fixes in Release K.11.12 - K.13.49 Release K.13.03 ■ CLI (PR_1000455370) — Comm ands that display po rtmaps may yield corrupted output. For ex ample, a single po rt may be displayed as a p ort range. ■ RIP (PR_1000751858) — So me static routes may n ot be correctly di stributed by RIPv1 or RIPv2. ■ PIM (PR_1000714322) — A n[...]

  • Page 194

    183 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.04 ■ Crash (PR_1000763409) — When entering and deleting ACLs, the switch may crash with a message similar to: PPC Data Storage (Bus Error) exception vector 0x300: Stack Frame=0x087a1ba8 HW Addr=0x1f89d420 IP=0x005e62e0 Task=’mSess2’ Task ID=0x87a3cd0.fp: 0x00000005 sp:0x087a1c68 [...]

  • Page 195

    184 Software Fixes in Release K.11.12 - K.13.49 Release K.13.04 ■ Enhancement (PR_ 0000 000081) — The CL I clear module command allow s you to remove module configurat ion information from the configurat ion file. For more information, see “Release K.13.04 Enhanc ements” on page 76 . ■ Enhancement (PR_ 000000008 2) — The CLI track inter[...]

  • Page 196

    185 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.04 ■ CLI (PR_0000000476) — V arious CLI parameters are rejected by the switch as invali d when the administrator is trying to configure ports of transcei vers/modules that have not yet been inserted into the swit c h. Affected commands include ip source-bi nding ; interface <x>[...]

  • Page 197

    186 Software Fixes in Release K.11.12 - K.13.49 Release K.13.05 Release K.13.05 The following problems were resolved in release K.13.0 5 (not a public release). ■ Link/Config (PR_10 00771549) — On a ProCurve 3500yl Se ries Switch , a link will not come up after configuring the p ort mode from MDI to AUTOMDIX ( on one side of the link). ■ Stat[...]

  • Page 198

    187 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.06 ■ UDLD (PR_0000001433) — Af ter the switch is reb ooted, UDLD may conti nue to keep switch ports in a blocked state. ■ VLAN Mirroring/Config (PR_0000001240) — The VLAN Mirroring configuration is changed from its original value after updating from K.1 2.xx to K.13.03. ■ Bootu[...]

  • Page 199

    188 Software Fixes in Release K.11.12 - K.13.49 Release K.13.08 W 03/11/06 03:18:53 00374 chassis: Ports 25-48 Slave ROM Tombstone: 0x13000601 W 03/11/06 03:18:53 00374 chassis: Ports 25-48: Lost Communications detected - Heart Beat Lost I 03/11/06 03:19:00 00375 chassis: Ports 25-48 Downloading I 03/11/06 03:19:01 00376 chassis: Ports 25-48 Downlo[...]

  • Page 200

    189 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.09 Release K.13.09 The following prob lems were resolved in relea se K.13.09. ■ Crash (PR_0000001689a ) — A switch running so ftware version K.1 3.04 or higher may crash during conf iguration of broadcast rate limitin g. Event log m essages may be similar to the following. W 03/11/06[...]

  • Page 201

    190 Software Fixes in Release K.11.12 - K.13.49 Release K.13.11 ■ RADIUS/Jumbo (PR_ 100077904 8) — When an 802.1X-enabled port belo ngs to a VLAN that is jumbo enabled, the Access-Request will specify a va lue of Framed-MTU of 9182 bytes. When the RADIUS server replies with a large fr ame, the swit ch does not respond, causing the authenti cati[...]

  • Page 202

    191 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.12 ■ 802.1X (PR_0000002 036) — 802.1X with Funk Steel Be lted RADIUS server causes the switch to fail to assign th e VLAN that it was sent with the "T unnel-Private-Group-Id" parameter . ■ Module Selftest (PR 0 000001273) — After a reboot, ports 1-24 or ports 25-48 on t[...]

  • Page 203

    192 Software Fixes in Release K.11.12 - K.13.49 Release K.13.13 .iso.org.dod.internet.mgmt.mib- 2.entityMIB.entityMIBObjects.entityPhysical.entPhysicalTable.entPhys calEntry.entPhysicalSerialNum .iso.org.dod.internet.mgmt.mib- 2.entityMIB.entityMIBObjects.entityPhysical.entPhysicalTable.entPhys calEntry.entPhysicalModelName Release K.13.13 The foll[...]

  • Page 204

    193 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.15 Release K.13.15 The following problems were resolved in release K .13.15 (never released). No enhancements; No bug fixes. Release K.13.16 The following problems were resolved in release K.1 3.16 (not a public release). ■ Enhancement (PR_0000001641) — This enhancem ent allows the u[...]

  • Page 205

    194 Software Fixes in Release K.11.12 - K.13.49 Release K.13.17 A new configurat ion option pro vides the ability to configure whi ch MACs a client is pe rmitted to use; Feedback info rmation; and , SSH CLI show command informa tion enhancements. For more information, see “Release K.13.16 Enhancements” on page 94 . ■ Config (PR_0000000741) ?[...]

  • Page 206

    195 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.18 ■ SNMP (PR_1000761379) — When an SNMP ge t is used to gather statistics , the interfac e B1 on a J8702A module only updates it s SNMP counters on every othe r query . ■ SNMP (PR_0000001807) — Use of a correctly configured third party uti lit y to connect to the switch via SNMP[...]

  • Page 207

    196 Software Fixes in Release K.11.12 - K.13.49 Release K.13.19 ■ W ake-On-LAN (PR_0000004794) — W ake-On-LAN does not always work successfully . ■ IP Phone (PR_0000004803) — A tandem IP phon e may stop talki ng to the switch after a connected PC login failure and reboot. ■ PIM-SM (PR_0000005219) — When the switch sends a “Regi ster -[...]

  • Page 208

    197 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.21 ■ X2 T ransceive rs (PR_0000004758) — Some ProCurve SR and ER X2-10GbE (J8436A, J8437A) transceivers have a timing issue that prevents the transceiv ers from being correctly identified either when hot sw apped or during a col d boot. ■ LEDs (PR_0000005623) — Upon insertion of [...]

  • Page 209

    198 Software Fixes in Release K.11.12 - K.13.49 Release K.13.22 ■ Config (PR_1000781031) — When the valid port se tting ‘a uto-1000’ is c onfigured for any 10/100/1000 interface in an external configuration file and the conf iguration file is copied to the switch, the system returns th e port setting to the default value, changing ‘auto-1[...]

  • Page 210

    199 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.24 ■ Authentication (PR_0000007 209) — A PC behind a t andem IP phone is n ot able to authenticate. Release K.13.24 The following problems were resolved in release K.1 3.24 (not a public release). ■ OSPF (PR_0000006 183a) — OSPF ECMP may drop up to 50% of the traffic destined for[...]

  • Page 211

    200 Software Fixes in Release K.11.12 - K.13.49 Release K.13.26 through K.13.39 ■ GVRP/RADIUS (PR_0000006 051) — RADIUS-assigned VLANs are not propagated correctly i n GVRP . Please see “Note: This fix is associated with some new switch behavior: ” for a description of the behavior change with this fix. Note: This fix is associated with som[...]

  • Page 212

    201 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.41 Release K.13.41 The following problems were resolved in release K .13.41 (N ot a public rele ase). ■ AAA (PR_0000008409) — Th e CLI commands aaa authenticati on and aaa acc ounting return a resource unavailable error . ■ PCM (PR_0000008113) — Repeated ProCurve Manager Config S[...]

  • Page 213

    202 Software Fixes in Release K.11.12 - K.13.49 Release K.13.43 ■ CLI (PR_0000004042) — The CLI command snmp-server response-sourc e dst-ip-of-request does not work as expected when the destinat ion IP address of the SNMP Request is the Loopback IP . The source IP address of the SNMP Response should be the destination IP of the SNMP Request, bu[...]

  • Page 214

    203 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.45 ■ CLI (PR_1000803731) — If the "|" charact er exists in the banner text of a configuration file downloaded via TFTP transfer , the banner text may become cor rupted, or the TFTP transfer may fail with a corrupted download file error message. ■ Hang (PR_000000780 6) —[...]

  • Page 215

    204 Software Fixes in Release K.11.12 - K.13.49 Release K.13.46 J9143B – ProCurve 1000-BX-U SFP-LC Mini-GBIC For more information, see “Release K.13.45 Enhancements” on page 144 . ■ T ransceivers (PR_000 0010525) — Intermittent self t est failure may occ ur if transceivers are hot-swapped in and o ut of the switch in too short a time fram[...]

  • Page 216

    205 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.46 password operator sha-1 "lsadkjlkjfsd..." Example of what that line mi ght look like after the fix: password operator sha0 "lsadkjlkjfsd...” No switch administrator interven tion is required for the forwar d configuration translation to occur. Support Note: Th is fix [...]

  • Page 217

    206 Software Fixes in Release K.11.12 - K.13.49 Release K.13.47 Release K.13.47 The following problems were resolved in relea se K.13.47. (Ne ver released.) ■ OSPF ECMP (PR_0000004798 ) — Some IP subn ets which ar e multiple hops away are not reachable from certain c lients despi te the presence of the ta rget subnet in the sw itch routing tabl[...]

  • Page 218

    207 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.49 Release K.13.49 The following prob lems were resolved in relea se K.13.49. ■ Auto-TFTP (PR_0000014646 /0000013552) — Certain software file names may trigger auto-tftp to re load the same soft ware file repea tedly .[...]

  • Page 219

    © 2006 - 2008 Hewl ett-Packard Development Company , LP . The information contained herein is subject to change without notice. January 2009 Manual Part Number 5991-4720[...]