HP ProCurve 3500yl manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of HP ProCurve 3500yl, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of HP ProCurve 3500yl one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of HP ProCurve 3500yl. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of HP ProCurve 3500yl should contain:
- informations concerning technical data of HP ProCurve 3500yl
- name of the manufacturer and a year of construction of the HP ProCurve 3500yl item
- rules of operation, control and maintenance of the HP ProCurve 3500yl item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of HP ProCurve 3500yl alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of HP ProCurve 3500yl, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the HP service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of HP ProCurve 3500yl.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the HP ProCurve 3500yl item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    Release Notes: V ersion K.13.49 Software for the ProCurve Series 3500y l, 6200yl, 5400zl, an d 8212zl Switches These release notes include in formatio n on the follow ing: ■ Downloading swit ch software an d documentat ion from the W eb ( page 2 ) ■ Best practices for majo r software updates, inc l uding contingency procedures for rolling back [...]

  • Page 2

    © Copyright 2006-2008 Hewlett-Packard Development Company , LP . The information contained herein is subjec t to change without notice. Publication Number 5991-4720 January 2009 Applicable Products ProCurve Switch 3500yl-24G-PWR Intelligent Edge (J8692A) ProCurve Switch 3500y l-48G-PWR Intellig ent Edge (J8693A) ProCurve Switch 6200yl-24 G-mGBIC ([...]

  • Page 3

    i Contents Software Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Premium L icense Swi tch Softwa re Featur es . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Page 4

    ii Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Release K.11.12 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Release K.11.13 through K.11.32 En hancements . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Page 5

    iii Release K.12.10 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Show VLAN ports CL I Command Enhancement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Release K.12.11 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Page 6

    iv Release K.12.51 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Release K.12.52 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Release K.12.53 through K.12.55 En hancements . . . . . . .[...]

  • Page 7

    v Enabling Customized Web Authentication Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Dynamic IP Lockdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Page 8

    vi Release K.11.34 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Release K.11.35 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Release K.11.36 . . . . . . . .[...]

  • Page 9

    vii Release K.12.09 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Release K.12.10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Release K.12.11 . . . . . . . [...]

  • Page 10

    viii Release K.12.51 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 Release K.12.52 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Release K.12.53 . . . . . . .[...]

  • Page 11

    ix Release K.13.26 through K.13.39 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Release K.13.40 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Release K.13.41 . . . . . . . . . . . . . . .[...]

  • Page 12

    1 Software Management Premium License Switch Software Features Software Management Premium License Swit ch Software Features The ProCurve 3500yl and 5400zl switches ship with the ProC urve Intelligent Edge softwa re feature set. The additional Premium L icense switch software features for the 3500yl and 5400zl switches can be acquired by purchasing[...]

  • Page 13

    2 Software Management Download Switch Documentation and Software from the Web Download Switch Documentatio n and Software from the W eb Y ou can downloa d software updates and the co rrespond ing product do cumentatio n from the ProCurve Networking W eb sit e as desc ribed be low . V iew or Download the Software Manual Set Go to: www .procurve.com [...]

  • Page 14

    3 Software Management Download Switch Documentation and Software from the Web TFTP Download from a Server Syntax: copy tftp flash < ip-address > < rem ote-os-file > [ < primary | secondary > ] Note that if you do not specify the flash destination, the TFTP download defa ults to the primary flash. For example, to download a softwar[...]

  • Page 15

    4 Software Management Download Switch Documentation and Software from the Web Syntax: copy xmodem flash [< primary | secondary >] 1. T o reduce the download time, you may want to increase the baud ra te in your terminal emulator and in the switch to a value such as 115200 bits per sec ond. (The baud rate must be the same in both devices.) For[...]

  • Page 16

    5 Software Management Download Switch Documentation and Software from the Web Using USB to Download Switch Software T o use the USB port on the swit ch to download a software version f rom a USB flash dri ve: ■ The software version must be stored on the USB flash drive, and yo u must know th e file name (such as K_ 12_10.swi). ■ The USB flash d[...]

  • Page 17

    6 Software Management Saving Configurations While Using the CLI Saving Configurations While Using the CLI The switch operates w ith two configurat ion files: ■ Running-Config File: Exists in volat ile memory and controls switch op eration. Rebootin g the switch erases the current r unning-config file and replaces it with an exact copy of the curr[...]

  • Page 18

    7 Software Management Best Practices for Major Software Updates Best Practices for Major Software Updates Major software updates contain new features and en hancements, and are desig n ated by an increment to the major releas e version number . That is, K.12.xx represents a ma jor update to soft ware version(s) K.11.xx, and K.13.xx represents a maj[...]

  • Page 19

    8 Software Management Best Practices for Major Software Updates Note: Y ou might opt to use a differen t methodology in which the new sof tware will be instal led as the secondary and not the primary image , in which case you wo uld use the commands boot system flash secondary , and/or boot set-default flash second ary to change the loc ation of th[...]

  • Page 20

    9 Software Management Best Practices for Major Software Updates b. Create a backup configuratio n file and verify the change. Switch1# copy config config1 config config2 Switch1# show config files Configuration files: id | act pri sec | name ---+-------------+--------- -------------------------------- ----- 1 | * * * | config1 2 | | config2 3 | | 3[...]

  • Page 21

    10 Software Management Best Practices for Major Software Updates Note This step will enable you to revert from K_ 13_05 to your previous im age with your previous configurat ion just by invoking the command boot system flash secondary . 6. Download the new primary image. Switch1# copy tftp flash 192 .168.1.60 K_13_06.swi primary The Primary OS Imag[...]

  • Page 22

    11 Software Management Best Practices for Major Software Updates 8. Reload the new switch image. Switch1# reload System will be rebooted from pri mary image. Do you want to continue [y/n ]? y At the prompt, answer y , for yes, and the switch will boo t with the new image. Note: As an additional step, ProCurve advises saving the startup-config to a [...]

  • Page 23

    12 Software Management Best Practices for Major Software Updates 1 | * * | config1 2 | * | config2 3 | | 2. Boot the switch using the secondary image (with config2). Switch1# boot system flash s econdary System will be rebooted from secondary im age. Do you want to continue [y/n]? y Answer y , for yes, and the switch will boot from the secondary im[...]

  • Page 24

    13 Software Management Best Practices for Major Software Updates And later , the configuratio n that was created on K.12.57 is viewed while the switc h is running K.13.06: ProCurve5406zl-onK1306# show config K1257config <cr> The command ou tput will show how the K. 12.57 config wo uld be interpre ted, if it were to be used by the K.13.06 soft[...]

  • Page 25

    14 Software Management ProCurve Switch, Routing Swit ch, and Router Software Keys ProCurve Switch, Routing Swit ch, and Router Software Keys Software Letter ProCurve Networking Products C 1600M, 2400M, 242 4M, 4000M, and 8000M CY Switch 8100fl Series (8108fl and 8116fl ) E Switch 5300xl Seri es (5304xl, 5308xl, 5348xl, and 5372xl) F Switch 2500 Ser[...]

  • Page 26

    15 Software Management OS/Web/Java Compatibility Table OS/W eb/Java Compatibility T able The switch W eb agent supports the following comb inations of OS browsers and Java Virtual Machines: Minimum Software V ersions For ProCurve Series 350 0yl, 6200yl, 5 400zl, and 8212zl Switches and Ha rdware Features Operating System Internet Explorer Java Wind[...]

  • Page 27

    16 Software Management Minimum Software Versions Switch 5400zl 4p 10-GbE CX4 Module J8708A K.11.33 Switch 6200yl-24G-mGBIC J8992A K.11.33 Switch 3500yl 2p 10GbE X2 + 2p CX4 Module J8694A K.11.17 ProCurve Device Product Number Minimum Supported Software Version[...]

  • Page 28

    17 Support Notes Minimum Software Versions Support Notes ROM Update Required! All yl and zl switches running K. 12.45 system software or earlier , will have the BootROM updated by this new version of system software. This software download wi ll boot the switch twice, first to update the BootROM to version K.12.14, and then to load the system softw[...]

  • Page 29

    18 Support Notes Minimum Software Versions ProCurve(config)# snmp-server mib hpswitchauthmib excluded For more informat ion on the above topic, refer t o "Using SNMP T o V iew and Config ure Switch Authenticati on Features" in the "RADIUS Auth entic ation and Accounting" chapter of the Access Security Guide for your switch. For [...]

  • Page 30

    19 Support Notes Minimum Software Versions Management and Configuration Gu ide for ProCurve Wireless Edge Services zl Module h ere: ftp://ftp.hp.com/pub/networking/softw are/WESM-zl-MgmtCf g-Aug2007- 59918626.pdf ). Network administrators who do not wi sh to have the radio ports moved to the au to-provisioned VLAN shoul d disable this feature with [...]

  • Page 31

    20 Clarifications Minimum Software Versions Clarifications The following clarification or updates apply to doc umentation for the ProCurve Series 3500yl, 6200yl , 5400zl, and 8212zl Switch es as of July 2008. ■ Maximum Number of VLANs Sup ported in Hard ware for PIM-S — Page 4-5 in the Multicast and Routing Guide dated January 2008 for switches[...]

  • Page 32

    21 Clarifications Minimum Software Versions ■ Maximum UDP Broadcast Forwa rding Entries: The number of UDP broadcast entri es and IP he lper addresses combined can be up to 16 per VLAN, with an overall maxi mum of 2048 on the switch. An earlier version of the Multicas t and Routing Guide (page 5-142) had incorrectly stated that the overall maximu[...]

  • Page 33

    22 Known Issues Minimum Software Versions Known Issues Release K.13.25 The following problems are known issues as of relea se K.13.25. SFTP/SCP (PR_0000008270 ) — An SFTP or S CP client session may not close after a config download session ends. The work-aroun d is to close the client manually . Release K.13.23 The following problems are known is[...]

  • Page 34

    23 Known Issues Minimum Software Versions ■ W eb (PR_100076101 4) — The W eb interface trunc ates 16 character passw ords to 15 characters. W o rkaround: configure 16 characte r passwords via the CLI. ■ ICMP (PR_1000764033) — ICMP TTL expired messages are being sent with a source address of the interface the message leaves from rather th an[...]

  • Page 35

    24 Known Issues Release K.13.02 ■ Config T ransfe r (PR_1000781004) — The switch allows a config file transfer to set an invalid speed-duplex setting on a 100FX SFP . ■ Config T r ansfer (PR_10007810 31) — When the valid port settin g 'a uto-1000' is configured for a 10/100/1000 interface a nd the configuration gets copied to the [...]

  • Page 36

    25 Known Issues Release K.13.01[...]

  • Page 37

    26 Enhancements Release K.11.12 Enhancements Enhancements Unless otherwise noted, each new release includes th e enhancements added in all previous releases. Enhancemen ts are listed in chronolog ical order , ol dest to newest software release. T o review a summary of enhancements included since the last general release that was published, begin wi[...]

  • Page 38

    27 Enhancements Release K.11.35 Enhancements ■ CLI-configured sF low with multiple i nstances: In earlier software releases, the only method for co nfiguring sFlow on the swit ch was via S NMP using onl y a single sFlow inst ance. Beginning with software re lease K.11.34, sFlow can also be conf igured via the CLI for up to three distinct sFlow in[...]

  • Page 39

    28 Enhancements Release K.11.41 Enhancements Release K.11.41 Enhancements Release K.11.43 includes the follow ing enhancement: ■ Added support for Unidirecti onal Fiber Break Detection (UDLD). Release K.11.42 Enhancements No enhancements, software fixes only. Release K.11.43 Enhancements Release K.11.43 includes the follow ing enhancement: ■ 80[...]

  • Page 40

    29 Enhancements Release K.11.60 through K.11.63 Enhancements Release K.11.60 throug h K.11.63 Enhancements No enhancements, software fixes only. ■ V e rsions K.11.50 thro ugh K.11.59 were never bui lt. ■ V e rsion K.11.60 was never released. Release K.11.64 Enhancements Release K.11.64 includes the follow ing enhancement: ■ Loop Protection fe[...]

  • Page 41

    30 Enhancements Release K.12.01 Enhancements Release K.12.01 Enhancements Release K.12.01 is a major software update cont aini ng many new f eatures and enhancements to existing features. The foll owing upd ates have been documented in the latest revisions to the manual s (February 2007). Refer to the ma nuals for addi tional detai ls. Software Man[...]

  • Page 42

    31 Enhancements Release K.12.01 Enhancements Advanced T raffic Manageme nt Guide Qos Queue Config: Allows you to reduce t he number of outbou nd queues that all switch po rts will use to buffer packets for 802.1p user prio rities. Number of Default VLANs: In the factory d efault state, support has been increased from 8 VLANs to 256 VLANs. (Y ou can[...]

  • Page 43

    32 Enhancements Release K.12.02 Enhancements In addition to the updates listed above, K.12 .01 also provides the followi ng enhancements: ■ Enhancement (PR_1000298 920) — A ping re quest issued t o a VLAN which is do wn will now return a more specific message; instead of " request timed o ut ," the message " The destination addre[...]

  • Page 44

    33 Enhancements Release K.12.04 Enhancements For more information, refer to “QoS TCP/ UDP Priority” in the Advanced T raffic Management Guide . Release K.12.04 Enhancements Release K.12.04 includes the follow ing enhancement: ■ Enhancement MSTP (PR_10003694 92) — Update o f MSTP implementati on to the latest IEEE P802.1Q-REV/D5.0 specificat[...]

  • Page 45

    34 Enhancements Release K.12.04 Enhancements [admin-edge-port] Enables admin-edge-port for RSTP/MSTP . If a bridge or switch is de tected on the segment, the port automatically operates as non-edge, not enabled. (Default: No - disabled) If admin-edge-port is disabled on a port and auto-edge-port has not been disabled, the auto-edge-port setting con[...]

  • Page 46

    35 Enhancements Release K.12.04 Enhancements Syntax : spanning-tree < port-list > < hello-time | path-cost | point-to-point-m ac | priority > [hello-time < global | 1 - 10 > When the switch is the CIST root, th is parameter specifies the interval (in seconds) between periodic BPDU transmissi ons by the designated ports. This inter[...]

  • Page 47

    36 Enhancements Release K.12.05 Enhancements Release K.12.05 Enhancements Release K.12.05 includes the follow ing enhancement: ■ Enhancement (PR_1000408 960) — RADIUS-Assigned GVRP VLANs enhancement. For more informatio n, see “How RADIUS-Based Authenticat ion Affects VL AN Operation” below . How RADIUS-Based Authentication Affects VLAN Ope[...]

  • Page 48

    37 Enhancements Release K.12.05 Enhancements Note Y ou can use 802.1X (port-based or cli ent-based) au thentic ation and e ither W eb or MAC authentication at the same time on a port, with a maximum of 32 cl ients allowed on the po rt. (The default is o ne client.) W eb authenti cation an d MAC authentication are mu tually exclusiv e on the same po[...]

  • Page 49

    38 Enhancements Release K.12.05 Enhancements If the dynamic VLAN does not exist or if y ou have not enabled the use of a dynamic VLAN for authentica tion sessions on th e switch, the auth entication fails. ■ T o enable the use of a GVRP-learne d (dynamic ) VLAN as the untagged VLAN used in an authenticat ion session, enter the aaa port-access gvr[...]

  • Page 50

    39 Enhancements Release K.12.05 Enhancements Therefor e, on a p ort where one or more a uthentica ted clie nt sessions ar e already running, all such clients are on the same untagged VLAN . If a RADIUS server subseq uently authenticates a new client, but atte mpts to re-assi gn the port to a different, un tagged VLAN tha n the one already in use fo[...]

  • Page 51

    40 Enhancements Release K.12.05 Enhancements Figure 2. Active Configuration for VLAN 22 T emporarily Chang es for the 802.1X Session However , as shown in Figure 1 , because VLAN 33 is configured as untagged on port A2 and because a port can be untagged on only one VLAN, port A2 lo ses access to VLAN 33 fo r the duration of th e 802.1X session on V[...]

  • Page 52

    41 Enhancements Release K.12.05 Enhancements When the 802.1X client session on port A2 en ds, the port removes the temporary untagged VLAN membership. The static VLAN (VLA N 33) that is “permanently” co nfigured as untagged on the port becomes available ag ain. Therefore, wh en the RAD IUS-authenticated 802 .1X session on port A2 ends, VLAN 22 [...]

  • Page 53

    42 Enhancements Release K.12.05 Enhancements Enabling the Use of GVRP-Learned Dyna mic VLANs in Authen tication Sessions Syntax: aaa port-access g vrp-vlans Enables the use of dynamic VLANs (learned through GVRP) in the temporary untagged VLAN assigned by a RADIUS server on an authenticated port in an 802.1X, MAC, or W eb authentication sessi on. E[...]

  • Page 54

    43 Enhancements Release K.12.06 Enhancements Release K.12.06 Enhancements Release K.12.06 includes the follow ing enhancement: ■ Enhancement (PR_100030 8332) — Passwords (hashed) can be saved to the configuration file. Saving Security Credential s in a Configuration File In software release K.12.0 6 and gr eater , you can store and view the fo [...]

  • Page 55

    44 Enhancements Release K.12.06 Enhancements ■ By storing different security settings in diff erent files, you can test differe nt security configurations w hen you first downl oad a new sof tware version that support s multiple config uration file s by changin g the config urat ion fi le used when yo u reboot the switch. For more infor mation ab[...]

  • Page 56

    45 Enhancements Release K.12.06 Enhancements In software release K.12.06 and grea ter , you cannot view the confi gured local password settings i n plain text. However , by entering the includ e-credentials command described later , you can view a hash of the local password settings in the running-c onfig file, i n the format: password manager [use[...]

  • Page 57

    46 Enhancements Release K.12.06 Enhancements ■ The < hash- type > parameter specifies th e type of algorithm (if any) used to ha sh the password. V a lid values are plaintext or sh a-1 . ■ The < password > parameter is the cle ar ASCII text string or SHA- 1 hash of the passw ord. You can ente r a manager/op erator passwo rd in clear[...]

  • Page 58

    47 Enhancements Release K.12.06 Enhancements < auth-pass > is the hashed authen tication password used with the config ured authenticat ion method. priv “< priv-pass >” is the (optional) hashed priv acy password used by a privacy pr otoc ol to encryp t SNMPv3 messages between th e switch and the station. The following example shows [...]

  • Page 59

    48 Enhancements Release K.12.06 Enhancements After you enter the complete password port-acc ess command syntax, t he password is set. Y ou are not prompted to enter the password a second ti me. T ACACS+ Encryption Key Authentication Y ou can use T ACACS+ servers to au thenticate users who re quest access to a switch through T elnet (remote) or cons[...]

  • Page 60

    49 Enhancements Release K.12.06 Enhancements In software release K.1 2.06 and greater , RADIUS sh ared secret (e ncryption) keys can b e saved in a configurat ion file wi th the f ollowing sy ntax: radius-server key < keystring > Where: < keystring > is the encryption ke y (in clear text) used fo r secure communication with al l or a sp[...]

  • Page 61

    50 Enhancements Release K.12.06 Enhancements If the keystring contains double-quotes, it can be quoted with single quotes (' keystring '). The fo llowing restrictions for a keystring apply: ■ A keystring cannot contain both single and d ouble quotes. ■ A keystring cannot have extra characters, such as a blank space or a new line . How[...]

  • Page 62

    51 Enhancements Release K.12.06 Enhancements Figure 6. Example of Hashe d Content of an SSH Client Pub lic Key If a switch configuration contains multiple SSH clie nt public keys, each public key is saved as a separate entry in the configurat ion file. Y ou can configure up to ten SSH client publi c-keys on a switch. ... include-credentials ip ssh [...]

  • Page 63

    52 Enhancements Release K.12.06 Enhancements Enabling the Storag e and Display of Securit y Credentials T o enable the security setti ngs described in “Security Settings that Can Be Saved” on page 44 to be included and viewed in the running co nfiguration on th e switch, enter the include-credentials command. Syntax: [no] include-credentials En[...]

  • Page 64

    53 Enhancements Release K.12.06 Enhancements Operating Notes Caution ■ When you first enter the include-creden tials command to save the additional securi ty credentials to the running configuration, these settings ar e moved from internal storage on the switch to the r unning-config fi le. You are prompted by a warning message to perform a write[...]

  • Page 65

    54 Enhancements Release K.12.06 Enhancements ■ After you permanently save securi ty conf igurations to the current startup- conf ig file using the write mem ory command, you can v iew and manage security settings with the fol lowing commands: • show config : Displays the configuration sett ings in the current startup-conf ig file. • copy conf[...]

  • Page 66

    55 Enhancements Release K.12.06 Enhancements ■ If you upgrade ProCurve software on a sw itch from an earlier so ftware releas e to software release K.12.06 or grea ter and th en enter the include-c redentials c ommand, security passwords are managed as follows: • The manager password (if any) in the earl ier software version is copied i nto the[...]

  • Page 67

    56 Enhancements Release K.12.06 Enhancements Restrictions The following restri ctions apply when you enable se curity credentials to be stored in t he running configurat ion with the include-credenti als command: ■ The private keys of an SSH host cannot be stored in the r unning configurati on. Only the public keys used to authenticate SSH cli en[...]

  • Page 68

    57 Enhancements Release K.12.07 Enhancements Note that the password port-acce ss values are configured separately from local operator use r - name and passwords that are conf igured with the password operator command and used for management access to the switch. For mo re information about how to use the password port-access command to configure op[...]

  • Page 69

    58 Enhancements Release K.12.09 Enhancements Release K.12.09 Enhancements No enhancements, software fixes only. Release K.12.10 Enhancements Release K.12.10 includes the follow ing enhancement: ■ Enhancement (PR_1000419 653) — The show vlan ports command was enhanced to display each port in the VLAN separately , displ ay the friendly por t name[...]

  • Page 70

    59 Enhancements Release K.12.10 Enhancements The following examples illu strate the di splayed output depend ing on whether the d etail option is used. Figure 7. Example of “Sh ow VLAN Ports” Cumula tive Listing Figure 8. Example of “Sh o w VLAN Ports” Detail Listing Vo i c e : Indicates whether a (p ort-based) VLAN is configured as a voice[...]

  • Page 71

    60 Enhancements Release K.12.11 Enhancements Release K.12.11 Enhancements No enhancements, soft ware never released. Release K.12.12 Enhancements No enhancements, software fixes only. Release K.12.13 Enhancements No enhancements, soft ware never released. Release K.12.14 Enhancements No enhancements, software fixes only. Release K.12.15 Enhancement[...]

  • Page 72

    61 Enhancements Release K.12.15 Enhancements T o enable SNM P informs, enter this co mmand: T o configure SNMP informs request op tions, use th e followi ng commands. T o specify the manager that receives the informs request, use the snmp-server host command. Syntax: [no] snmp-server enab le informs Enables or disables the informs option for S NMP [...]

  • Page 73

    62 Enhancements Release K.12.16 Enhancements Y ou can see if informs are enabled or disabled with the show snmp-server command as show n in Figure 9. Figure 9. Example Showin g SNMP Informs Option Enabled Release K.12.16 Enhancements No enhancements, software fixes only. Release K.12.17 Enhancements No enhancements, software fixes only. Release K.1[...]

  • Page 74

    63 Enhancements Release K.12.19 Enhancements ■ Enhancement (PR_1000428 213) — This software enhancement adds the ability to configure a secondary authenti cation method to be used wh en the RADIU S server is unavailable for the primary po rt ac cess method. For more in formation, see the ProCurve Access Security Guide . ■ Enhancement (PR_1000[...]

  • Page 75

    64 Enhancements Release K.12.22 Enhancements Release K.12.22 Enhancements Release K.12.22 includes the follow ing enhancement: ■ Enhancement (PR_1000443 026) — Su pport for the n ew revision "C" Min i-GBICs was added to the CLI and the "show tec h" command. ■ Enhancement (PR_100044 4415) — OSPF Passive Interface support [...]

  • Page 76

    65 Enhancements Release K.12.33 through K.12.40 Enhancements ■ Enhancement — Merged all of the K.12.24 and earli er software fixes and enhancements with the ProCurve sw itch 8212zl support. Release K.12.33 throug h K.12.40 Enhancements No enhancements; Never built. Release K.12.41 throug h K.12.42 Enhancements No enhancements; Never released. R[...]

  • Page 77

    66 Enhancements Release K.12.45 Enhancements Release K.12.45 Enhancements No enhancements; Never released. Release K.12.46 Enhancements No enhancements; Never released. Release K.12.47 Enhancements Release K.12.47 includes the follow ing enhancement: ■ Enhancement Removed (PR_10 00468258) — The PC attached to IP telephone enhancement was remove[...]

  • Page 78

    67 Enhancements Release K.12.52 Enhancements ■ Enhancement (PR_1000457 0598) — An impro ved version of the MSTP-VLAN mapp ing enhancement refere nced in PR_1000457691 wa s added. This enha ncement allows the mapping of a ll theoretically ava ilable VLAN IDs (1-4094) to an MSTP in stance, even if some of the VLANs are not cu rrently configured o[...]

  • Page 79

    68 Enhancements Release K.12.57 Enhancements ■ Enhancement (PR_1000464 170) — Thi s feature provides support f or adding the L LDP VLAN Name TL V to LLDP advertisements gen erated by ProCurve switches. For more informat ion, see the ProCu rve Management and Configuration Guide. Release K.12.57 Enhancements Release K.12.57 includes the follow in[...]

  • Page 80

    69 Enhancements Release K.13.01 Enhancements Release K.13.01 Enhancements Release K.13.01 is a major software update cont aini ng many new f eatures and enhancements to existing features, including IPv6 host and appl ication layer features (see “IPv6 Configuration Gui de for 2900/3500/5400/620 0/8200” on page 71 for details). The following enha[...]

  • Page 81

    70 Enhancements Release K.13.01 Enhancements STP Diagnostics: Adds more diagnostic f unctions to resolve STP issues. Se e the section on “T roubleshooting an MSTP co nfiguration” in the chap ter on Multiple Instance Spanning-T ree Operation. Routing and Mu lticast Guide Host-based OSPF-ECMP: Allows OSPF to add routes with multiple next-hop addr[...]

  • Page 82

    71 Enhancements Release K.13.02 Enhancements Release K.13.02 Enhancements Release K.13.02 includes the follow ing enhancement s. ■ Enhancement : Beginning with K.13.02, DHCP can now be ena bled on a Management VLAN. Since, by definition, there is no routing to or from a VLAN configured as a management VLAN, DHCP relay is still prohibited so the D[...]

  • Page 83

    72 Enhancements Release K.13.02 Enhancements When OSPF is Also Enabled on th e VRRP Routers When OSPF is enabled on the routers and a Fail-b ack event occurs, the Ow ne r router imme diately takes control of the vi rtual IP address and provid es the default gat eway function ality . If OSPF h as not converged, the route tabl e in the Owner rout er [...]

  • Page 84

    73 Enhancements Release K.13.02 Enhancements where VID = 16 VRID = 23 PDT = 12 seconds VRRP Preempt Mode with LACP and Older ProCurve Devices There can be an i ssue with VRRP Preempt Mode if an older ProCurve devic e (2524, 2650, 2848 , 3400cl, or 5300) is the intermediate device c onnecting to a V RRP router and ha s LACP set in “enable, passi v[...]

  • Page 85

    74 Enhancements Release K.13.02 Enhancements There are trade-offs between selecting a smal l ad vertisement value and a large preempt delay time . A small advertisement value results in a faster fa ilover to the Backup router . A larger PDT value allows OSPF to converg e before the Owner router takes back contro l of it s virtual IP address. Choosi[...]

  • Page 86

    75 Enhancements Release K.13.03 Enhancements Error Messages Release K.13.03 Enhancements Release K.13.03 includes the follow ing enhancement s. ■ Enhancement (PR_1000400 991) — The 802.1X Controlled Directions featu re now functions in dependently of the S TP configuration, allowing yo u to run STP and 802.1X separately . For more information, [...]

  • Page 87

    76 Enhancements Release K.13.04 Enhancements Release K.13.04 Enhancements Release K.13.04 includes the follow ing enhancement s. ■ Enhancement (PR_ 00 00000081) — Th e CLI clear module command al lows you t o remove module configurat ion informat ion from the configuration file. Clear Module Configuration Overview Because of t he hot-swap cap a[...]

  • Page 88

    77 Enhancements Release K.13.04 Enhancements ■ Enhancement (PR_ 000000 0082) — The CLI track interface command allows you to configure tracki ng for a port or list of ports, or a trun k or list of trunks. VRRP—Dynamic Priority Change Overview This enhancement provi des the ability to dy namically c hange the priority of the virtual router (VR[...]

  • Page 89

    78 Enhancements Release K.13.04 Enhancements Note A Backup VR switches to priority zero instead of it s configured value when al l its tracked entities g o down. An Owner VR always uses priority 2 55 and neve r relinquishes control volunta rily . CLI Commands The following commands are used for this enhancement. Note Y ou can only configure tracked[...]

  • Page 90

    79 Enhancements Release K.13.04 Enhancements Configuring T ra ck VLAN The track vlan command allows you to specify a VLAN or range of VLANs to be tracked by the VR. Notes VR operation must be down bef ore executing this command. Use the no enable command to disable VR operation. The VRs operating VLAN can’t be config ured as a tracking VLAN for t[...]

  • Page 91

    80 Enhancements Release K.13.04 Enhancements For example: ProCurve(vlan-25-vrid-1)# no track Failover Opera tion Failover operatio n involv es handi ng off of t he VRs cont rol of th e virtual IP to ano ther VR. On ce a failover command is issued , the VR begins sending advertisements wi th priority zero i nstead of the configured priority . When t[...]

  • Page 92

    81 Enhancements Release K.13.04 Enhancements Displaying the VRRP Configurati on Y ou can display the VRRP tracked entiti es by entering the command show n in Figure 11 . Figure 11. Example of show vrrp tracked entities Command Y ou can d isplay the VRRP confi guration by en tering the command show n in Figure 12 . Figure 12. Example Showin g the VR[...]

  • Page 93

    82 Enhancements Release K.13.04 Enhancements • The VRs operating VLAN can’ t be config ured as a tracking VLAN for that VR. • Ports that are part of a trunk can’ t be tracked. • A port that is t racked can’ t be included in a trunk. • T runks that are tracked can’ t be removed; you are not able to remove t he last port from the trun[...]

  • Page 94

    83 Enhancements Release K.13.04 Enhancements ■ Enhancement (PR_ 00000000 84) — DHCP Option 66 provides a way to automatically download and in itially boot from a config uration that is diff erent from the f actory-shi pped configuration. DHCP Option 66 Automatic Configuration Update Overview ProCurve switches are initially bo ot ed up with the [...]

  • Page 95

    84 Enhancements Release K.13.04 Enhancements Possible Scenarios for Updati ng the Configura tion File The following t able shows various netw ork configurations and how Option 66 is handled. Operating Notes Replacing the Existing Configuration File : After the DHCP client downloads the configuration file, the switch compares the conten ts of that f[...]

  • Page 96

    85 Enhancements Release K.13.04 Enhancements • DHCP is preferred over BootP • If two BootP offers are received, the first one is select ed • For two DHCP offers: – The offer from an authoritative server is selected – If there is no authoritative server , the offer with the longest lea se is selected Log Messages The file transfer is imple[...]

  • Page 97

    86 Enhancements Release K.13.04 Enhancements If the IP address has no t already been c onfigured on the inte rface (VLAN), you w ill see th e message shown in Figure 14 . Figure 14. Example of T rying to Configure an I P Address that is not on this In terface (VLAN) Displaying the BO OTP Gateway T o display the configured BOOTP ga teway for an inte[...]

  • Page 98

    87 Enhancements Release K.13.04 Enhancements Operating Notes • If the conf igured BOOTP gateway address becomes i nvalid, DHCP rela y agent returns to the default behavior (assignin g the low est-numbered IP address). • If you try to configure an IP address that is not assigned t o that interf ace, the confi gu- ration will fail and the previou[...]

  • Page 99

    88 Enhancements Release K.13.04 Enhancements Figure 1. Example of Inb ound Broadcast Ra te-limiting of 50% on Port 3 If you rate-lim it multicas t traffic on the same port, the multicast limit is also in effect for th at port, as shown in Figu re 2 . Only 20 percent of the multic ast traffic will be forwarded . Figure 2. Example o f Inbound Multica[...]

  • Page 100

    89 Enhancements Release K.13.04 Enhancements Figure 3. Example o f Disabling Inbound Mu lticast Rate-limitin g for Port 3 Operating Notes • This rate-limiting feature does not limi t unicast traffic. • This feature does not incl ude outbound multicast rate-limi ting. For more detailed in formation abo ut rate-limiting, see th e Multicast and Ro[...]

  • Page 101

    90 Enhancements Release K.13.04 Enhancements For example, if the host “Labswitch” is in the domain abc.com, you can enter the following command and the destinat ion is resolv ed to “Labswitch .abc.com”. ProCurve(config)# telnet Labswitch Y ou can also enter t he full domai n name in the command: ProCurve(config)# telnet Labswitch.abc.com Y [...]

  • Page 102

    91 Enhancements Release K.13.04 Enhancements Figure 17. Example of the show modules Com mand Output Figure 18. An Example of th e show modules deta ils Command for the 8212zl Sho wing SSM and Mini-GBIC Infor mation Syntax: show modules [details] Displays information about the installed modules, including: • The slot in which the module is install[...]

  • Page 103

    92 Enhancements Release K.13.04 Enhancements Note On ProCurve 3500yl and 6200yl seri es switches, the mini-GBIC inform ation does not display a s the ports are fixed and not part of any module. ■ Enhancement (PR_ 000000 0101) — This enhancement adds a vrrp option t o the debug command. VRRP Option with Debug Command This enhancement adds a vrrp[...]

  • Page 104

    93 Enhancements Release K.13.04 Enhancements Figure 19. Example of the show vrrp Command with St atistics ■ Enhancement (PR_ 00000 00420) — This enhancement provides the show-tech option for customizing cop y tftp output. Copy Command with Show T ech Option This enhancement allows the show-te ch command to execute a series of commands found in [...]

  • Page 105

    94 Enhancements Release K.13.05 through K.13.15 Enhancements For example: Figure 4. Example of Using the show-tech Command t o Upload a Customized List Release K.13.05 throug h K.13.15 Enhancements No enhancements; Bug fixes only . Release K.13.16 Enhancements Release K.13.16 includes th e foll owing enhancements: ■ Enhancement (PR_00000016 41) ?[...]

  • Page 106

    95 Enhancements Release K.13.16 Enhancements For example: ProCurve(config)# console inactivity-timer 20 ■ Enhancement (PR_1000780 247) — This enhancemen t provides hpicf Downlo ad MIB support for t ransferring conf iguration files both t o and from a TFTP server . Prior to this enhancem ent, MIB suppo rt was limited to do wnloading an d uploadi[...]

  • Page 107

    96 Enhancements Release K.13.16 Enhancements Setting the Manageme nt Access Method—CLI Enter the following command to configure th e management access method using the CLI. Figure 5. Example of Co nfiguring IP Authorized Manager Access Method SSH Figure 6. Example of show authorized-manag ers Command with Access Me thod Configured Setting the Man[...]

  • Page 108

    97 Enhancements Release K.13.16 Enhancements Figure 7. Example of Menu Showing Authorized Managers with Access Meth od Figure 8. Example of Edi t Menu for IP Managers Setting the Management Access Method—W eb Interface T o set the manag ement access method in the W eb interface, click on the Security tab, and then click on the Au thorized A ddres[...]

  • Page 109

    98 Enhancements Release K.13.16 Enhancements Figure 9. Example o f Configuring Autho rized Manager Access Meth od in the Web Interface See “Using Autho rized IP Managers” in the Access Security Guide for your switch for more informat ion about a uthorized IP manage rs. ■ Enhancement (PR_0000000 090) — Thi s enhanc ement al lo ws you to choo[...]

  • Page 110

    99 Enhancements Release K.13.16 Enhancements Columns supported are: Syntax: show interfaces cust om [port-list] column-list Select the information that you want to display. Parameters include: ■ port name ■ type ■ vlan ■ intrusion ■ enabled ■ status ■ speed ■ mdi ■ flow Parameter Column Displays Examples port Port identifier A2 ty[...]

  • Page 111

    100 Enhancements Release K.13.16 Enhancements Figure 20. Example of the Custom show inte rfaces Command Y ou can specify the column width by entering a colon after th e column name, th en indicating the number of charact ers to displ ay . In Figure 20 the Name column only displays the first four characters of the name. All remaining characters are [...]

  • Page 112

    101 Enhancements Release K.13.16 Enhancements Note on Using Pattern Matching with the “Show Inte rfaces Custom” Command If you have included a pattern matching command to search for a field in the output of the show int custom command an d the show int custom command produces an error , the error message may not be visible and the output i s em[...]

  • Page 113

    102 Enhancements Release K.13.16 Enhancements Y ou can also use the no-tag-added parameter with ACL traffic filt ering when mirroring IP traffic. Figure 21. Mirroring Commands w ith the no-tag-added Option Figure 22. Example of a Curren tly Configured Mirroring Summ ary on a Source Switch Syntax: [no] interfa ce <port-num | trunk-name | m esh>[...]

  • Page 114

    103 Enhancements Release K.13.16 Enhancements Figure 23. Example of Se ssion Output Sh owing no-tag-added Option Note For more informatio n about traffi c mirrori ng, see “Monitorin g and An alyzing Switch Operation” in the Management and Configurat ion Guide for your switch. For more inf ormation abou t ACL filtering, see “Access Cont rol Li[...]

  • Page 115

    104 Enhancements Release K.13.16 Enhancements SHOULD save the change to non-volatile storage.” DEFVAL { 2 } ::= { hpicfBridgeMirrorSessionEntry 2 } Operating Notes • The specified port can be a physical po rt, a trunk port, or a mesh port. • Only a single logical port (physi cal port or trunk) can be associated with a mirror session when the [...]

  • Page 116

    105 Enhancements Release K.13.16 Enhancements • W eb and MAC authentications are not allowed on the same port if unau thenticated VLAN (that is, a guest VLAN) is enabled for MAC authentication. An unauthent icated VLAN can’ t be enabled for MAC authent ication if W eb and MAC authentica tion are both enabled on the port. • Hitless re-authenti[...]

  • Page 117

    106 Enhancements Release K.13.16 Enhancements Figure 24. Example of Disabl ing a Specific Cipher Configuring Key Lengths and DSA/RSA Support This enhancement allows you to specify the type an d length of the generated host key . The c ommand is: Y ou can also generate and use a DS A key as the host key . The size of the host key is platform- depend[...]

  • Page 118

    107 Enhancements Release K.13.16 Enhancements Message Authenticati on Code (MAC) Support This enhancement allows config uration of the set of MACs th at are available for selection. Displaying the SSH Information The show ip ssh command has been enhanced to displa y information about ci phers, MACs , and key types and sizes. T able 1. RSA/DSA Va lu[...]

  • Page 119

    108 Enhancements Release K.13.16 Enhancements Figure 25. Example of show ip ssh Comma nd Showing Ciphers, MACs an d Key Information Logging Messages There are new event log messages when a new k ey is generated and zeroi zed for the server: ssh: New <num-bits> -bit [rsa | dsa] SSH host key installe d ssh: SSH host key zeroized There are al so[...]

  • Page 120

    109 Enhancements Release K.13.17 Enhancements • debug • debug2 • debug3 Release K.13.17 Enhancements No enhancements; Bug fixes only . Release K.13.18 Enhancements Release K.13.18 includes th e foll owing enhancements: ■ Enhancement (PR_1000406 763) — New comm ands were added to the CLI response t o the show tech comma nd. Release K.13.19[...]

  • Page 121

    110 Enhancements Release K.13.19 Enhancements For example, if yo u use the show interface custo m command to specify the ou tput, you can configure an alias for the comma nd to simplify execution. Figure 26. Example of Using t he Alias Command with show in t custom Creates a shortcut alias name to use in place of a commonly used command. The alias [...]

  • Page 122

    111 Enhancements Release K.13.19 Enhancements Note Remember to enclose the comma nd being aliased in quotes. Command parameters for the aliase d command can be added at the e nd of the al ias command string. For example: ProCurve(config)# alias shoconfig “show config” ProCurve(config)# shoconfig status T o change the command that is aliased, re[...]

  • Page 123

    112 Enhancements Release K.13.19 Enhancements Note See the section “Command Differ ences for the ProCurve Series 2600/ 2800/3400cl/6 400cl Switches” on page 113 for command differences on these switches. Adding a Description for a Syslog Server Y ou can associate a user -frie ndly description with each of the IP addresses (IPv 4 only) config ur[...]

  • Page 124

    113 Enhancements Release K.13.19 Enhancements Figure 11. Example of the Logging Command with a Priority Description Note A notificat ion is sent to the SN MP agent if there are any changes to the syslog paramete rs either through the CLI or with SNMP . Command Dif ferences for the ProCur ve Series 2600/2 800/3400cl/6400cl Switches CLI Commands The [...]

  • Page 125

    114 Enhancements Release K.13.19 Enhancements • If the def ault severity value is in effect, al l messages that have severiti es greater than the default value are passed to syslog. For exam ple, if the default seve rity is “debug”, all messages that have severities great e r than debug are passed to syslog. • There is a limit of si x syslo[...]

  • Page 126

    115 Enhancements Release K.13.19 Enhancements • Y ou can use up to thr ee W eb servers in your network to store and display customized W eb pages for W eb Authentication login. • T o configure a W eb server on your network, follow the instruction s in the documentation provided with t he server . • Before you enable custom W eb Authentication[...]

  • Page 127

    116 Enhancements Release K.13.19 Enhancements Customizable HTML T emplates The sample HTML files desc ribed in the follow ing s ections are customizable templates. T o he lp you create your own set HTML files, a set of the templates can be foun d on the down load page fo r ‘K’ software. User Login Page (index.html) Figure 12. User Login Page Th[...]

  • Page 128

    117 Enhancements Release K.13.19 Enhancements Figure 13. HTML Code for User Login Page T emplate <!-- ProCurve Web Authenticati on Template index.html --> <html> <head> <title>User Login</ title> </head> <body> <h1>User Login</h1> <p>In order to acce ss this network, you must first l og in[...]

  • Page 129

    118 Enhancements Release K.13.19 Enhancements Access Granted Page (accept.html) Figure 14. Access Granted Page The accept.html file is the W e b page used to confirm a valid c lient login. This W eb p age is disp layed after a valid username and pass w ord are entered and accepted. The client device is then g ranted access to the netw ork. T o conf[...]

  • Page 130

    119 Enhancements Release K.13.19 Enhancements Figure 15. HTML Code for Access Grante d Page T empla te Authenticating Page (authen.html) Figure 16. Authentica ting Page <!-- ProCurve Web Authenticati on Template accept.html --> <html> <head> <title>Access Grant ed</title> <!-- The following line is required to autom[...]

  • Page 131

    120 Enhancements Release K.13.19 Enhancements The authen.html file is the W eb page used to process a clien t login and is refre shed while user credentials are ch ecked and verified. Figure 17. HTML Code for Authentic ating Page T emplate Invalid Credent ials Page (reject_unauthv lan.html) Figure 18. Invalid Credent ials Page <!-- ProCurve Web [...]

  • Page 132

    121 Enhancements Release K.13.19 Enhancements The reject_unauthvlan.html file is the W eb page used to displa y lo gin failu res in which an unauth enti- cated client is assigned to the VLAN configured for unauthoriz ed client sessions. Y ou can configure the VLAN used by unauth oriz ed clients with the aaa port -access web-based unauth -vid comman[...]

  • Page 133

    122 Enhancements Release K.13.19 Enhancements T imeout Page (timeout.html) Figure 20. T imeout Page The timeout.html file is the W eb page used to return an error messa ge if the RADIUS server is not reachable. Y ou can configure the time period (in seco nds) that the swi tch waits for a response from the RADIUS server used to verify client cred en[...]

  • Page 134

    123 Enhancements Release K.13.19 Enhancements Retry Login Page (retry_ login.html) Figure 22. Retry Login Page The retry_login.html file is the W eb page displ ayed to a c lie nt that has entered an invalid username and/or password, and is given another opportunity to log in. The W A UTHRETRIESLEFTGET ES I displays the n umber of logi n retr ies th[...]

  • Page 135

    124 Enhancements Release K.13.19 Enhancements Figure 23. HTML Code fo r Retry Login Page T emplate SSL Redirect Page (sslredirect.html) Figure 24. SSL Redirect Page <!-- ProCurve Web Authenticati on Template retry_login.html --> <html> <head> <title>Invalid Cred entials</title> <!-- The following li ne is required t[...]

  • Page 136

    125 Enhancements Release K.13.19 Enhancements The sslredirect file is the W eb page displayed when a client is redirected to an SSL server to enter credentials for W eb Authentication . If you have enabled SSL on the switch, you can enable secure SSL-based W eb Authentication by entering the aaa port-access web-based ssl-login comma nd when you ena[...]

  • Page 137

    126 Enhancements Release K.13.19 Enhancements Access De nied Page (reject_no vlan.html) Figure 26. Access Denied Page The reject_novlan file is the W eb page displaye d after a clie nt login fails and no VLAN is configured for unauthorized clients. The W AUTHQUIETTIMEGET ESI inserts the time per iod used to block an unauthorized client from attempt[...]

  • Page 138

    127 Enhancements Release K.13.19 Enhancements Figure 27. HTML Code for Access Denied Page T emplate <!-- ProCurve Web Authenticati on Template reject_novlan.html --> <html> <head> <title>Access Denie d</title> <!-- The line below i s required to automatically redir ect the user back to the logi n page. --> <me[...]

  • Page 139

    128 Enhancements Release K.13.19 Enhancements Commands for Using Custom W eb Authentication Pages aaa port-access web -based ewa-server Figure 29. Adding Web Servers with the aaa port-ac cess web-based ews-server Comman d Figure 31. Removing a Web Server with the aaa port-access web -based ews-server Command Command Page [no] aaa port-access web-ba[...]

  • Page 140

    129 Enhancements Release K.13.19 Enhancements show port-access web-based config Figure 33. Example of show port-access Web-based config Command Output Enhancement (PR_1000460 265) — This enhancement pro vides Dynamic IP Lockdown , which is used to prev ent IP source address spoo fing on a per -port an d per -VLAN basis. Dynamic IP Lockdown The Dy[...]

  • Page 141

    130 Enhancements Release K.13.19 Enhancements Protection Ag ainst IP Source Ad dress Spoofing Many network attacks occur when an attacker injec ts packets with fo rged IP source addresses into the network. Also, som e network service s use the IP source address as a component in their authentication schemes. For exampl e, the BSD “r” protocols [...]

  • Page 142

    131 Enhancements Release K.13.19 Enhancements Prerequisite: DHC P Snooping Dynamic IP lockdo wn requires th at you enable DHCP snooping as a prerequisite for its operation on ports and VLAN traf fic: • Dynamic IP l ockdown only e nables traffic for clients whose le ased IP addresse s are already stored in the l ease database created by DHCP snoop[...]

  • Page 143

    132 Enhancements Release K.13.19 Enhancements In this example, t he following DHCP leases have been lear ned by DHCP snoop ing on port 5. VLANs 2 and 5 are enabled for DHCP snoopi ng. Figure 28. Sample DHCP Snooping E ntries The following example shows an IP-to-MAC address and VLAN binding that ha ve been statically configured in the lease database[...]

  • Page 144

    133 Enhancements Release K.13.19 Enhancements Enabling Dynamic IP Lockd own T o enable dynamic IP lockdown on all ports or specified ports, enter the ip source-lockdown command at the global configuration level. Use the no form of the command to disable dynam ic IP lockdow n. Operating Notes ■ Dynamic IP lockdown is enabled at the port configurat[...]

  • Page 145

    134 Enhancements Release K.13.19 Enhancements • Remove the trusted-por t configuration. ■ Y ou can con figure dynam ic IP lockdown on ly from the CLI; this feature cannot be configured from the W eb management or menu interface . ■ If you enable dynamic IP lo ckdown on a po rt, you cannot add th e port to a trunk. ■ Dynamic IP lockdo wn mus[...]

  • Page 146

    135 Enhancements Release K.13.19 Enhancements Adding a Static Binding T o add the static configur ation of an IP-to-MAC binding for a port to the lease database, enter the ip source-binding command at the globa l configuration level. Use the no form of the command to remove the IP-to-MAC bindi ng from the database. Note Note that the ip source-bin [...]

  • Page 147

    136 Enhancements Release K.13.19 Enhancements An example of the show i p source-lockdown status command output is sho wn in Figure 31. Note that the operational status of all swit ch ports is displayed. This info rmation indicates whether or not dynamic IP lock down is supp orted on a port. Figure 31. Example of show ip sou rce-lockdown stat us Com[...]

  • Page 148

    137 Enhancements Release K.13.19 Enhancements Figure 32. Example of show ip sou rce-lockdown bin dings Command Out put In the show ip source-loc kdown bindings command output, the “Not in HW” column specif ies whether or not (YES or NO ) a statically confi gured IP-to- MAC and VLAN bi nding on a specified port has been combined in the lease dat[...]

  • Page 149

    138 Enhancements Release K.13.20 Enhancements Figure 33. Example of debu g dynamic-ip-lockd own Command Outp ut Release K.13.20 Enhancements Release K.13.20 includes th e foll owing enhancements: ■ Enhancement (PR_0000004 124) — Su pport is added for the J9144A ProCurve 10-Gb E X2-SC LRM Optic, an X2 form-f actor transceiver that supports the 1[...]

  • Page 150

    139 Enhancements Release K.13.21 Enhancements Release K.13.21 Enhancements No enhancements; Bug fixes only . Release K.13.22 Enhancements No enhancements; Bug fixes only . Release K.13.23 Enhancements No enhancements; Bug fixes only . Release K.13.24 throug h K.13.25 Enhancements No enhancements; Bug fixes only . Release K.13.26 throug h K.13.39 En[...]

  • Page 151

    140 Enhancements Release K.13.40 Enhancements disabled (1), active (2), passive (3) } ACCESS read-write STATUS mandatory DESCRIPTION “Used to set administrative status of LACP on all the ports. A Port can have one of the three administrative status of LACP. Active/Passive/Disabled are the three states. ” ::= { hpSwitchLACPConfig 1 } hpSwitchLin[...]

  • Page 152

    141 Enhancements Release K.13.40 Enhancements SNMP displays the counter and statistics totals accu mulated since the last rebo ot; it is not affected by the clear statistics gl obal command or the clear statistics < port-list > command. An SNMP trap is sent whenever the statis tics are cleare d. Note The clearing of statisti cs cannot be uncl[...]

  • Page 153

    142 Enhancements Release K.13.40 Enhancements Adding a Description for a Syslog Server Y ou can associate a user -frie ndly description with each of the IP addresses (IPv 4 only) config ured for syslog using the CL I or SNMP . The CLI com mand is: Figure 34. Example of the Logging Command wi th a Control Description Caution Entering the no logging [...]

  • Page 154

    143 Enhancements Release K.13.41 Enhancements Figure 35. Example of the Logging Command with a Priority Description Note A notificat ion is sent to the SN MP agent if there are any changes to the syslog paramete rs either through the CLI or with SNMP . Operating Notes • Duplicate I P addresses are no t stored in the list of syslog servers. • If[...]

  • Page 155

    144 Enhancements Release K.13.44 Enhancements Release K.13.44 Enhancements No enhancements; Bug fixes only . (Not a public release) Release K.13.45 Enhancements The following prob lems were resolved in re lease K.13.45. ■ Enhancement (PR_0000010 783) — Support was added for the follow ing products. J9099B - ProCurve 100-BX-D SFP-LC T ransceiver[...]

  • Page 156

    145 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.12 Software Fixes in Release K.11.12 - K.13.49 Software fixes are listed in chronological order , oldest to newest. Unless otherw ise noted, e ach new re lease i ncludes the software fixes added in all previous releases. Release K.11.11 was the first production software release for the P[...]

  • Page 157

    146 Software Fixes in Release K.11.12 - K.13.49 Release K.11.13 ■ MSTP Enhancement (PR_100031046 3) — Implementation of legacy pa th cost MIB and CLI option for MSTP . ■ RSTP (PR_1000307278) — Replacing an 802.1D bridge devi ce with an end node (non-STP device) on the same Switch port, can resu lt in the RSTP Switch sending TCNs. ■ W eb U[...]

  • Page 158

    147 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.16 ■ CLI (PR_1000315256) — Inconsistent error message, " Resource unavailabl e ," when configuring more than the maximum nu mb er of allowe d static IP routes. ■ Crash (PR_1000322009) — The Switch may crash with a message similar to: Software exception in ISR at queues.[...]

  • Page 159

    148 Software Fixes in Release K.11.12 - K.13.49 Release K.11.32 Software exception at ldbal_cost.c:1577 -- in 'eDrvPoll', task ID = 0x1760650-> ASSERT: failed. ■ Crash (PR_1000314305) — The switch may crash with a message similar to: Software exception at ipamMApi.c:1592/1594 -- in 'eRouteCtrl' ■ Crash (PR_1000323759) ?[...]

  • Page 160

    149 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.32 ■ Crash (PR_1000335430) — The Switch may crash with a message similar to: "Cam range reservation error" crash at aqSlaveRanges.c:172. ■ Event Log (PR_100030 8669) — After a Switch reset, the eve nt log does not display co rrect information . ■ Event Log (PR_1000310[...]

  • Page 161

    150 Software Fixes in Release K.11.12 - K.13.49 Release K.11.33 ■ Module (PR_10003303 12) — Bootin g up the Switch with an unsuppo rted module in stalled may cause all existing modules to fail. ■ MSTP Enhancement (PR_10003317 92) — Implementation of Spanning-tree BPDU Filter and SNMP T raps. ■ Power Supply (PR_10003 10159) — After power[...]

  • Page 162

    151 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.34 "Software exception at alloc_free.c:422 -- in 'eDrvPoll'...-> No msg buffer", when Switch is configured for ACL logging. ■ Module J8705A (PR_1 000336281) — The Switch 5400 zl 20P 10/100/1000 + 4 mini GBIC module (J8705A) may stop forwarding packets. Release [...]

  • Page 163

    152 Software Fixes in Release K.11.12 - K.13.49 Release K.11.36 ■ MIB (PR_1000307831) — The MIB va lue for ipAddrT able is not po pulated. ■ RIP (PR_1000331536) — RIP does not send a rout e poison updat e in response to a fai led route. ■ Show tech (PR_1000 294072) — Show T ech statistics displ ays incorrect port names for fixed ports. [...]

  • Page 164

    153 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.40 Software Exception at rt_table.c.758 -- in 'eRouteCtrl', task ID = 0x8a d6b30 -> Routing Task: Route Destinations exceeded Release K.11.40 The following problem s were resolved in release K .11.40 (not a general release) ■ CLI (PR_1000353548) — Use of the command show[...]

  • Page 165

    154 Software Fixes in Release K.11.12 - K.13.49 Release K.11.44 The following problem s were resolved in release K .11.43 (not a general release) ■ Crash (PR_1000307842) — When deleting/rem oving CL I ACLs, IDM ACLs, management VLAN, or viru s throttle lockouts, sw it ch crashes with error simi lar to: "Delete virtu al meter with nonzero r[...]

  • Page 166

    155 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.47 Release K.11.47 The following problem s were resolved in release K .11.47 (not a general release) ■ Management VLAN (PR_100029 9387) — The management VLAN does not allow connectivity from valid addresses. ■ SNMP (PR_1000358129) — The command lin e interfa ce (CLI) becomes unre[...]

  • Page 167

    156 Software Fixes in Release K.11.12 - K.13.49 Release K.11.61 ■ sFlow (PR_10003616 04) — Changed the maximum sF low skipcount to 24 bits. Release K.11.61 V e rsions K.11.50 thro ugh K.11.59 were never bui lt. V e rsion K.11.60 was never released. The following problem s were resolved in release K .11.61 (not a general release) ■ 802.1X (PR_[...]

  • Page 168

    157 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.63 Release K.11.63 The following prob lems were resolved in re lease K.11.63 ■ 802.1p QoS (PR_1 000368188) — 802. 1p prioriti zation may not work once a trunk i s enabled on a module , unless the user issues t he commands "qos type -of service ip-precedence" or "qos ty[...]

  • Page 169

    158 Software Fixes in Release K.11.12 - K.13.49 Release K.11.65 Release K.11.65 The following problem s were resolved in relea se K.11.65 (not a general release) ■ Alarms/Log (PR_1 000371908) — The ambient temperature measured by the 5406zl chassis is 4 degrees C too high, causing the ge ne ration of false high temperature alarms. ■ CLI (PR_1[...]

  • Page 170

    159 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.11.67 ■ W eb/RADIUS (PR_1000368520) — W eb Authentica tion doesn't authenticate clients due to a failure to send RADIUS r equ ests to the conf igured se rver . ■ W ebUI (PR_1000371598 ) — Unable to Ac cess Stack Members through Commander W ebUI. Use of the W ebUI "stack a [...]

  • Page 171

    160 Software Fixes in Release K.11.12 - K.13.49 Release K.11.69 Release K.11.69 The following prob lems were resolved in re lease K.11.69 ■ Routing (PR_100039 2086) — The swi tch learns a bogus MAC address when the next hop address is unknown, causi ng the swit ch to stop forw arding traffic. Release K.11.69 is the last release of the K.11. xx [...]

  • Page 172

    161 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.02 ■ Enhancement (PR_1000298 920) — A ping re quest issued t o a VLAN which is do wn will now return a more specific message; instead of " request timed o ut ", the message " The destination address is unreach able " will be displa yed. ■ Enhancement (PR_100037 [...]

  • Page 173

    162 Software Fixes in Release K.11.12 - K.13.49 Release K.12.03 ■ Crash (PR_1000392863) — Switc h may cr ash when setmib tcpConnState is used, with a message similar to: NMI event SW:IP=0x0079f4a0 MSR:0x00029210 LR:0x006dca60 Task='eTelnetd' Task ID=0x8a7cbb0 cr: 0x20000042 sp:0x08a7c870 ■ Daylight savings (PR_10 00364740) — Due t[...]

  • Page 174

    163 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.04 ■ Enhancement (PR_1000398 393) — For the interface < port-lis t > speed-duplex command, added the auto-10-100 configuration option to constrain a link to 10/ 100 Mbps speed and allow a more rapid linkup process when 1000 Mbps operation is not possible. ■ Enhancement (PR_10[...]

  • Page 175

    164 Software Fixes in Release K.11.12 - K.13.49 Release K.12.05 Release K.12.05 The following prob lems were resolved in re lease K.12.05. ■ BootROM (PR_1000402707 ) — BootROM does not update to latest version when updating code to primary flash. ■ CLI (PR_1000309998) — Manageme nt module is incorrect ly displayed as J8627A rather than the [...]

  • Page 176

    165 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.08 Release K.12.08 Software never re leased. ■ Enhancement (PR_1000413 764) — In crease the size of the sysLocation and sysContact entries from 48 to 255 characte rs. For more information, see “Release K.12.08 Enhancemen ts” on page 57 . Release K.12.09 The following problem was [...]

  • Page 177

    166 Software Fixes in Release K.11.12 - K.13.49 Release K.12.11 ■ SNMP (PR_1000374893) — When retrieving the switch serial number via SNMP , the management module serial number is returned inst ead of t he chassis serial number . ■ SNMP (PR_1000422129) — HP Fault Finder do esn't sen d the in terface i ndex with t he SNMP trap, even tho[...]

  • Page 178

    167 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.15 ■ Hotswap (PR_100042 2714) — Hotswa pping a mo dule may resu lt in a false module self -test failure. After hot swapping th e module, the follo wing messages may appear in the event log: I 05/27/06 12:06:54 00076 po rts: port B23 is now on-line W 05/27/06 12:07:00 00564 po rts: po[...]

  • Page 179

    168 Software Fixes in Release K.11.12 - K.13.49 Release K.12.16 ■ Rate-Limiting (PR_10 00420720) — Rat e limitin g is broken beyond 9. 5 Mbps. For a ny rate limit set to more than 9.5 Mbps, the actua l rate drops to 1 Mbps. Release K.12.16 The following prob lems were resolved in re lease K.12.16. ■ Crash (PR_1000415621) — Removing a VLAN t[...]

  • Page 180

    169 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.18 Release K.12.18 The following prob lems were resolved in re lease K.12.18. ■ CLI (PR_1000419379) — The “interface” command does not exist in the VLAN context, resulting in an inability to shift to the i nterf ace configuration context directly from the VLAN context. ■ Hang ([...]

  • Page 181

    170 Software Fixes in Release K.11.12 - K.13.49 Release K.12.20 ■ 10-GbE Log (PR_1000 424384) — The switch is not check ing for the presence of the J8694A ProCurve yl 10G X2-CX4 module early enough in the boot process, trig gering a log message when the check is executed. Release K.12.20 The following problems were resolved in release K.1 2.20 [...]

  • Page 182

    171 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.22 ■ Routing (PR_1000432 449) — If the switch i s configured with both port security and routing, a physical port tran sition on the host may cause the switch to stop transmitting routed traff ic to that host. Clearing the ARP cache resol ves this problem until another port transitio[...]

  • Page 183

    172 Software Fixes in Release K.11.12 - K.13.49 Release K.12.24 ■ MSTP (PR_1000439775) — The switc h generat es a topo logy chan ge when a port go es off-line. With MSTP en abled and al l ports left at defaul t (auto-edge-port), when a port transitions to offli ne, a TC will be gene rate d, and the topology ch ange counter increases. ■ Multic[...]

  • Page 184

    173 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.26 through K.12.29 Release K.12.26 through K.12.29 Software never bu ilt. Release K.12.30 Software never re leased. Release K.12.31 The following prob lems were resolved in re lease K.12.31. ■ Enhancement — Support fo r the following P roCurve product was add ed. J9091A / J8715A (bun[...]

  • Page 185

    174 Software Fixes in Release K.11.12 - K.13.49 Release K.12.44 Release K.12.44 Not a general release. ■ Enhancement (PR_1000457 691) — Thi s enhancem ent all ows the ma pping of all theoretically availa ble VLAN IDs (1- 4094) to an MSTP instance, ev en if some of the VLANs are not currently co nfigured on the switch. For more information, see [...]

  • Page 186

    175 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.46 ■ SNMP (PR_1000444744) — An snmp set of hpicfDot1xPaePortauth or an snmp set hpicfDot1xPaePortSupp of an invalid value ma y cause the switch to crash with a message similar to the foll owing: ASSERT at aaa8021x_dyn_reconfig.c . ■ SSH (PR_100046100 2) — Issue with auth enticati[...]

  • Page 187

    176 Software Fixes in Release K.11.12 - K.13.49 Release K.12.48 Release K.12.48 The following prob lems were resolved in re lease K.12.48. ■ Enhancement Removed (PR_1 000470136) — Removal of the enha ncement that allows the mapping of all theoretically available VLAN IDs (1-4094) to an MSTP instance, even if some of the VLANs are not currently [...]

  • Page 188

    177 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.52 ■ Routing (PR_1000424 308) — A static ro ute that poin ts to a deleted VL AN may cause other routing table errors. ■ CLI (PR_1000473468) — Removing a VLAN range from an MSTP instance (e.g., no spanning-tree instance 2 vlan 10-2 0) fails to de lete the VLANs. Listi ng individua[...]

  • Page 189

    178 Software Fixes in Release K.11.12 - K.13.49 Release K.12.54 Release K.12.54 The following prob lems were resolved in re lease K.12.54. ■ Connection Rate Filte r (PR_1000440871 ) — Some types of traffic could result in connection rate filt ering (CRF) that bloc ks the switch management IP address. ■ Connection Rate Filte r (PR_1000716601) [...]

  • Page 190

    179 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.12.55 Release K.12.55 The following problems were resolved in relea se K.12.55 (never released). ■ DARPP (PR_1000736402) — The last port on the switch will not be initiali zed with Dynamic ARP Protection (DARPP) characteri stics if the last two ports are DARPP configured. For example, i[...]

  • Page 191

    180 Software Fixes in Release K.11.12 - K.13.49 Release K.12.57 3) The SSH client application does not get a co mmand prompt (or equival ent) back from the switch until the OS is verified and burned to flash. 4) The show flash command incorrectly shows an OS image presen t in flash before th e OS has completely copied to flash . ■ Routing (PR_100[...]

  • Page 192

    181 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.02 Release K.13.02 The following prob lems were resolved in re lease K.13.02. ■ Enhancement (PR_1000458 124) — VRRP Preemptive Delay T imer . For more informati on, see “Release K.13.02 Enhancements” on page 71 . ■ CLI (PR_1000307590) — T ab-help error in the spanning-tree i [...]

  • Page 193

    182 Software Fixes in Release K.11.12 - K.13.49 Release K.13.03 ■ CLI (PR_1000455370) — Commands that di splay po rtmaps may yield corrupted output. For example, a singl e port may be di splayed as a port range. ■ RIP (PR_1000751858) — Some static rou tes may not be correct ly distribut ed by RIPv1 or RIPv2. ■ PIM (PR_1000714322) — A ne[...]

  • Page 194

    183 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.04 ■ Crash (PR_1000763409) — When entering and deleting ACLs, the switch may crash with a message similar to : PPC Data Storage (Bus Error) exception vector 0x300: Stack Frame=0x087a1ba8 HW Addr=0x1f89d420 IP=0x005e62e0 Task=’mSess2’ T ask ID=0x87a3cd0.fp: 0x00000005 sp:0x087a1c6[...]

  • Page 195

    184 Software Fixes in Release K.11.12 - K.13.49 Release K.13.04 ■ Enhancement (PR_ 00 00000081) — The CLI clear module command allows yo u to remove module configurat ion informat ion from the co nfiguration file. For more i nformation, see “Release K.13.04 Enhanc ements” on page 76 . ■ Enhancement (PR_ 000000 0082) — The CLI track inte[...]

  • Page 196

    185 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.04 ■ CLI (PR_0000000476) — V arious CLI parameters are rejected by the swi tch as invalid when the administrator is trying to configure ports of transcei vers/modules that have not yet been inserted into the swi t ch. Affected commands include ip source- binding ; interface <x>[...]

  • Page 197

    186 Software Fixes in Release K.11.12 - K.13.49 Release K.13.05 Release K.13.05 The following problem s were resolved in release K .13.05 (not a public release). ■ Link/Config (PR_10 00771549) — On a ProCu rve 3500yl Series Swi tch, a li nk will n ot come up after configuring t he port mode from MDI to AUTOMDIX (on one side of the link). ■ St[...]

  • Page 198

    187 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.06 ■ UDLD (PR_0000001433) — After the switch is rebooted, UDLD may continue to keep switch ports in a blocked state. ■ VLAN Mirroring/Config (PR_00000012 40) — The VLAN Mirroring configuration is changed from its original value after updating from K.1 2.xx to K.13.03. ■ Bootup/[...]

  • Page 199

    188 Software Fixes in Release K.11.12 - K.13.49 Release K.13.08 W 03/11/06 03:18:53 00374 chassis: Ports 25-48 Slave ROM Tombstone: 0x13000601 W 03/11/06 03:18:53 00374 chassis: Ports 25-48: Lost Communications detected - Heart Beat Lost I 03/11/06 03:19:00 00375 chassis: Ports 25-48 Downloading I 03/11/06 03:19:01 00376 chassis: Ports 25-48 Downlo[...]

  • Page 200

    189 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.09 Release K.13.09 The following prob lems were resolved in re lease K.13.09. ■ Crash (PR_0000001689a ) — A switch running so ftware version K.1 3.04 or higher may crash during co nfiguration of broadcas t rate limit ing. Event log messages may b e similar to the following. W 03/11/0[...]

  • Page 201

    190 Software Fixes in Release K.11.12 - K.13.49 Release K.13.11 ■ RADIUS/Jumbo (PR_ 100077 9048) — When an 802.1X-enabled port belo ngs to a VLAN that is jumbo enabled, the Access-Request will specify a va lue of Framed-MTU of 91 82 bytes. When the RADIUS server replies with a large fr ame, the swi tch does not respon d, causin g the authenti c[...]

  • Page 202

    191 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.12 ■ 802.1X (PR_0000 002036) — 802.1X with Funk Steel Be lted RADIUS server causes the switch to fail to assign th e VLAN that it was sent with the "T unnel-Private-Group-Id" parameter . ■ Module Selftest (PR 0000001273) — After a reboot, ports 1-24 or ports 25-48 on th[...]

  • Page 203

    192 Software Fixes in Release K.11.12 - K.13.49 Release K.13.13 .iso.org.dod.internet.mgmt.mib- 2.entityMIB.entityMIBObjects.entityPhysical.entPhysicalTable.entP hys calEntry.entPhysicalSerialNum .iso.org.dod.internet.mgmt.mib- 2.entityMIB.entityMIBObjects.entityPhysical.entPhysicalTable.entP hys calEntry.entPhysicalModelName Release K.13.13 The fo[...]

  • Page 204

    193 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.15 Release K.13.15 The following problems were resolved in relea se K.13.15 (never released). No enhancements; No bug fixes. Release K.13.16 The following problem s were resolved in release K .13.16 (not a public release). ■ Enhancement (PR_00000016 41) — This enha ncement allo ws th[...]

  • Page 205

    194 Software Fixes in Release K.11.12 - K.13.49 Release K.13.17 A new configur ation option provides the abil ity to configure w hich MACs a client is pe rmitted to use; Feedback info rmation; a nd, SSH CLI show command information enhancements. For more information, see “Release K.13.16 Enhancements” on page 94 . ■ Config (PR_000000074 1) ?[...]

  • Page 206

    195 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.18 ■ SNMP (PR_1000761379) — When an SN MP get is used to gather statistics , the interface B1 on a J8702A module only up dates it s SNMP counters on every other query . ■ SNMP (PR_0000001807) — Use of a correctly configured th ird party u tilit y to connect to the switch via SNMP[...]

  • Page 207

    196 Software Fixes in Release K.11.12 - K.13.49 Release K.13.19 ■ W ake-On-LAN (PR_0000 004794) — W ake-On-LAN does not always work successf ully . ■ IP Phone (PR_0000004803) — A tand em IP phon e may stop tal king to the switch after a connected PC login failure and reboot. ■ PIM-SM (PR_000000521 9) — When the switch sends a “Regi st[...]

  • Page 208

    197 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.21 ■ X2 T ransceivers (PR_0000004758 ) — Some ProCurve SR and ER X2-10GbE (J8436A, J8437A) transceivers have a timing issue that prevents the transc eivers from being correctly identified either when hot sw apped or duri ng a cold boot. ■ LEDs (PR_0000005623) — Upon insertion of [...]

  • Page 209

    198 Software Fixes in Release K.11.12 - K.13.49 Release K.13.22 ■ Config (PR_1000781031) — When the valid port se tting ‘a uto-1000’ is c onfigured for any 10/100/1000 interface in an external configuration file and the co nfigurati on file i s copied to the switch, the system returns th e port setting to the default value, changing ‘auto[...]

  • Page 210

    199 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.24 ■ Authentication (PR_00000 07209) — A PC beh ind a tandem IP ph one is not able t o authenticate. Release K.13.24 The following problem s were resolved in release K .13.24 (not a public release). ■ OSPF (PR_0000 006183a) — OSPF ECMP m ay drop up to 50% of the traffic destined [...]

  • Page 211

    200 Software Fixes in Release K.11.12 - K.13.49 Release K.13.26 through K.13.39 ■ GVRP/RADIUS (PR_0000 006051) — RADIUS-assigned VLANs are not propagated correctly i n GVRP . Please see “Note: This fix is associated with some new switch behavior: ” for a descripti on of the behavior chan ge with this fix. Note: This fix is associated wi th [...]

  • Page 212

    201 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.41 Release K.13.41 The following problem s were resolved in releas e K.13.41 (N ot a public rele ase). ■ AAA (PR_0000008409) — The CLI comman ds aaa au thentication and aaa accounting return a resource unavailable error . ■ PCM (PR_0000008113) — Repeated ProCurve Manager Config S[...]

  • Page 213

    202 Software Fixes in Release K.11.12 - K.13.49 Release K.13.43 ■ CLI (PR_0000004042) — The CLI command snmp-server response-sourc e dst-ip-of-request does not work as expected when the desti nation IP address of the SNMP Request is the Loopback IP . The source IP addr ess of the SNMP Response should be the destination IP of the SNMP Request, b[...]

  • Page 214

    203 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.45 ■ CLI (PR_1000803731) — If the " |" charac ter exi sts in the banner text of a configuration file downloaded via TFTP transfer , the banner text may become corrupted, or the TFTP transfer may fail w ith a corrupted download file error message. ■ Hang (PR_0000007 806) ?[...]

  • Page 215

    204 Software Fixes in Release K.11.12 - K.13.49 Release K.13.46 J9143B – ProCurve 1000-BX-U SFP-LC Mini-GBIC For more information, see “Release K.13.45 Enhancements” on page 144 . ■ T ransceivers (PR_0000010525) — Intermittent self test fa ilure may occur if t ransceivers are hot-swapped in an d out of the switch in too short a time fram [...]

  • Page 216

    205 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.46 password operator sha-1 "lsadkjlkjfsd..." Example of what that line mi ght look like after the fix: password operator sha0 "lsadkjlkjfsd...” No switch administrator interven tion is required for the forwar d configuration translation to occur. Support Note: This fix h[...]

  • Page 217

    206 Software Fixes in Release K.11.12 - K.13.49 Release K.13.47 Release K.13.47 The following problem s were resolved in re lease K.13.4 7. (Never released.) ■ OSPF ECMP (PR_0000004798 ) — Some I P subnets whic h ar e multiple hops away are not reachable from certain c lients despi te the presence of the ta rget subnet in the switch routing tab[...]

  • Page 218

    207 Software Fixes in Rel ease K.11.12 - K.13.49 Release K.13.49 Release K.13.49 The following prob lems were resolved in re lease K.13.49. ■ Auto-TFTP (PR_0000014646 /000001355 2) — Certain software file names may trigger auto-tftp to reload the same so ftware file repeatedly .[...]

  • Page 219

    © 2006 - 2008 Hewl ett-Packard Development Company , LP . The information contained herein is subject to change without notice. January 2009 Manual Part Number 5991-4720[...]