HP PROCURVE 2300 Manuel d'utilisateur

Release Notes:Version F.05.70 Softwarefor the ProCurve Series 2300 and 2500 SwitchesThese release notes include information on the following: Downloa

ixRelease F.02.13 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236Rele

89 Enhancements in Release F.04.08Configuring Secure Shell (SSH)Figure 35. Examples of Visual Phonetic and Hexadecimal Conversions of the Switch’

90Enhancements in Release F.04.08Configuring Secure Shell (SSH)SSH Client Contact Behavior. At the first contact between the switch and an SSH cli

91 Enhancements in Release F.04.08Configuring Secure Shell (SSH)Note on Port NumberThe ip ssh key-size command affects only a per-session, internal

92Enhancements in Release F.04.08Configuring Secure Shell (SSH)5. Configuring the Switch for SSH AuthenticationNote that all methods in this secti

93 Enhancements in Release F.04.08Configuring Secure Shell (SSH)(For more on these topics, refer to “Further Information on SSH Client Public-Key A

94Enhancements in Release F.04.08Configuring Secure Shell (SSH)Figure 37. Configuring for SSH Access Requiring a Client Public-Key Match and Man

95 Enhancements in Release F.04.08Configuring Secure Shell (SSH)Further Information on SSH Client Public-Key AuthenticationThe section titled “5. C

96Enhancements in Release F.04.08Configuring Secure Shell (SSH)b. Uses MD5 to create a hash version of this information.c. Returns the hash versio

97 Enhancements in Release F.04.08Configuring Secure Shell (SSH)1. Use your SSH client application to create a public/private key pair. Refer to th

98Enhancements in Release F.04.08Configuring Secure Shell (SSH)Note on Public KeysThe actual content of a public key entry in a public key file is

xRelease F.05.37 (Not a General Release) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253Release F.05.38 (Never

99 Enhancements in Release F.04.08Configuring Secure Shell (SSH)Replacing or Clearing the Public Key File. The client public-key file remains in th

100Enhancements in Release F.04.08Configuring Secure Shell (SSH)Messages Related to SSH OperationMessage Meaning00000K Peer unreachable.Indicates

101 Enhancements in Release F.04.08Configuring Secure Shell (SSH)Troubleshooting SSH OperationSee also “Messages Related to SSH Operation” on page

102Enhancements in Release F.04.08Configuring RADIUS Authentication and AccountingConfiguring RADIUS Authentication and AccountingRADIUS (Remote A

103 Enhancements in Release F.04.08Configuring RADIUS Authentication and AccountingNoteThe Series 2500 switches do not support RADIUS security for

104Enhancements in Release F.04.08Configuring RADIUS Authentication and AccountingSwitch Operating Rules for RADIUS You must have at least one RA

105 Enhancements in Release F.04.08Configuring RADIUS Authentication and AccountingConfiguring the Switch for RADIUS Authentication• If you need to

106Enhancements in Release F.04.08Configuring RADIUS Authentication and AccountingOutline of the Steps for Configuring RADIUS AuthenticationThere

107 Enhancements in Release F.04.08Configuring RADIUS Authentication and Accountingzero and then trying to log on again. As an alternative, you can

108Enhancements in Release F.04.08Configuring RADIUS Authentication and AccountingFor example, suppose you have already configured local passwords

1 Software ManagementSoftware ManagementCaution: Archive Pre-F.05.17 Configuration Files A configuration file saved while using release F.05.17 or

109 Enhancements in Release F.04.08Configuring RADIUS Authentication and Accounting2. Configure the Switch To Access a RADIUS ServerThis section de

110Enhancements in Release F.04.08Configuring RADIUS Authentication and AccountingFor example, suppose you have configured the switch as shown in

111 Enhancements in Release F.04.08Configuring RADIUS Authentication and Accounting3. Configure the Switch’s Global RADIUS ParametersYou can config

112Enhancements in Release F.04.08Configuring RADIUS Authentication and Accountingradius-server retransmit < 1 .. 5 > If a RADIUS server fai

113 Enhancements in Release F.04.08Configuring RADIUS Authentication and AccountingFigure 46. Listings of Global RADIUS Parameters Configured In

114Enhancements in Release F.04.08Configuring RADIUS Authentication and AccountingFor local authentication, the switch uses the Operator-level and

115 Enhancements in Release F.04.08Configuring RADIUS Authentication and AccountingNoteThis section assumes you have already: Configured RADIUS au

116Enhancements in Release F.04.08Configuring RADIUS Authentication and Accounting System accounting: Provides records containing the information

117 Enhancements in Release F.04.08Configuring RADIUS Authentication and AccountingOutline of the Steps for Configuring RADIUS Accounting1. Configu

118Enhancements in Release F.04.08Configuring RADIUS Authentication and Accounting1. Configure the Switch To Access a RADIUS ServerBefore you conf

2Software Management Use the download utility in ProCurve Manager Plus.NoteDownloading new software does not change the current switch configurat

119 Enhancements in Release F.04.08Configuring RADIUS Authentication and AccountingFigure 47. Example of Configuring for a RADIUS Server with a N

120Enhancements in Release F.04.08Configuring RADIUS Authentication and AccountingDetermine how you want the switch to send accounting data to a R

121 Enhancements in Release F.04.08Configuring RADIUS Authentication and Accounting Updates: In addition to using a Start-Stop or Stop-Only trigge

122Enhancements in Release F.04.08Configuring RADIUS Authentication and AccountingFigure 50. Example of General RADIUS Information from Show Rad

123 Enhancements in Release F.04.08Configuring RADIUS Authentication and AccountingTerm DefinitionRound Trip Time The time interval between the mos

124Enhancements in Release F.04.08Configuring RADIUS Authentication and AccountingRADIUS AuthenticationSyntax: show authentication Displays the pr

125 Enhancements in Release F.04.08Configuring RADIUS Authentication and AccountingRADIUS AccountingSyntax: show accounting Lists configured accoun

126Enhancements in Release F.04.08Configuring RADIUS Authentication and AccountingChanging RADIUS-Server Access OrderThe switch tries to access RA

127 Enhancements in Release F.04.08Configuring RADIUS Authentication and AccountingFigure 58. Example of New RADIUS Server Search OrderMessages R

128Enhancements in Release F.04.08Configuring RADIUS Authentication and AccountingTroubleshooting RADIUS OperationSymptom Possible CauseThe switch

3 Software ManagementXmodem Download From a PC or Unix WorkstationThis procedure assumes that: The switch is connected via the Console RS-232 port

129 Enhancements in Release F.04.08IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File DownloadsIP Preserve: Retaining VLAN-1 IP

130Enhancements in Release F.04.08IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File DownloadsFor example, consider Figure 60:F

131 Enhancements in Release F.04.08IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File DownloadsIf you apply this configuration f

132Enhancements in Release F.04.08Configuring Port-Based Priority for Incoming PacketsConfiguring Port-Based Priority for Incoming PacketsWhen net

133 Enhancements in Release F.04.08Configuring Port-Based Priority for Incoming PacketsOutbound Port Queues and Packet Priority SettingsSeries 2500

134Enhancements in Release F.04.08Configuring Port-Based Priority for Incoming PacketsOperating Rules for Port-Based Priority on Series 2500 Switc

135 Enhancements in Release F.04.08Configuring Port-Based Priority for Incoming PacketsFor example, suppose you wanted to configure ports 10 -12 on

136Enhancements in Release F.04.08Using the "Kill" Command To Terminate Remote SessionsUsing the "Kill" Command To Terminate R

137 Enhancements in Release F.04.08Configuring Rapid Reconfiguration Spanning Tree (RSTP)Configuring Rapid Reconfiguration Spanning Tree (RSTP)This

138Enhancements in Release F.04.08Configuring Rapid Reconfiguration Spanning Tree (RSTP)The IEEE 802.1D version of Spanning Tree (STP) can take a

4Software ManagementSaving Configurations While Using the CLIThe switch operates with two configuration files: Running-Config File: Exists in vol

139 Enhancements in Release F.04.08Configuring Rapid Reconfiguration Spanning Tree (RSTP)Configuring RSTPThe default switch configuration has Spann

140Enhancements in Release F.04.08Configuring Rapid Reconfiguration Spanning Tree (RSTP)CLI: Configuring RSTPViewing the Current Spanning Tree Con

141 Enhancements in Release F.04.08Configuring Rapid Reconfiguration Spanning Tree (RSTP)Figure 65. Example of the Spanning Tree Configuration Di

142Enhancements in Release F.04.08Configuring Rapid Reconfiguration Spanning Tree (RSTP)Reconfiguring Whole-Switch Spanning Tree Values. You can c

143 Enhancements in Release F.04.08Configuring Rapid Reconfiguration Spanning Tree (RSTP)NoteExecuting the spanning-tree command alone enables Span

144Enhancements in Release F.04.08Configuring Rapid Reconfiguration Spanning Tree (RSTP)Reconfiguring Per-Port Spanning Tree Values. You can confi

145 Enhancements in Release F.04.08Configuring Rapid Reconfiguration Spanning Tree (RSTP)Note on Path CostRSTP implements a greater range of path c

146Enhancements in Release F.04.08Configuring Rapid Reconfiguration Spanning Tree (RSTP)Menu: Configuring RSTP1. From the console CLI prompt, ente

147 Enhancements in Release F.04.08Configuring Rapid Reconfiguration Spanning Tree (RSTP)7. Press the [Tab] key or use the arrow keys to go to the

148Enhancements in Release F.02.11Fast-Uplink Spanning Tree Protocol (STP)Enhancements in Release F.02.11Fast-Uplink Spanning Tree Protocol (STP)F

5 Software ManagementProCurve Switch, Routing Switch, and Router Software KeysSoftware LetterProCurve Networking ProductsC 1600M, 2400M, 2424M, 400

149 Enhancements in Release F.02.11Fast-Uplink Spanning Tree Protocol (STP)To use fast-uplink STP on a Series 2500 switch, configure fast-uplink (M

150Enhancements in Release F.02.11Fast-Uplink Spanning Tree Protocol (STP)When single-instance spanning tree (STP) is running in a network and a f

151 Enhancements in Release F.02.11Fast-Uplink Spanning Tree Protocol (STP)Operating Rules for Fast Uplink A switch with ports configured for fast

152Enhancements in Release F.02.11Fast-Uplink Spanning Tree Protocol (STP)Menu: Viewing and Configuring Fast-Uplink STPYou can use the menu to qui

153 Enhancements in Release F.02.11Fast-Uplink Spanning Tree Protocol (STP)3. If the Protocol Version is set to RSTP (as shown in figure 70), do th

154Enhancements in Release F.02.11Fast-Uplink Spanning Tree Protocol (STP)Figure 72. The Spanning Tree Operation Screen4. On the ports and/or tr

155 Enhancements in Release F.02.11Fast-Uplink Spanning Tree Protocol (STP)Figure 73. Example of STP Enabled with Two Redundant Links Configured

156Enhancements in Release F.02.11Fast-Uplink Spanning Tree Protocol (STP)To View Fast-Uplink STP Status. Continuing from figures 72 and 73 in the

157 Enhancements in Release F.02.11Fast-Uplink Spanning Tree Protocol (STP)In figure 75:• Port 1 and Trk1 (trunk 1; formed from ports 2 and 3) are

158Enhancements in Release F.02.11Fast-Uplink Spanning Tree Protocol (STP)Figure 77. Example of a Show Spanning-Tree Listing for the Topology Sh

6Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.61 through F.05.70Enhancements in Release F.05.05 through F.05.70Enha

159 Enhancements in Release F.02.11Fast-Uplink Spanning Tree Protocol (STP)Figure 78. Example of a Configuration Supporting the STP Topology Show

160Enhancements in Release F.02.11Fast-Uplink Spanning Tree Protocol (STP)Syntax: spanning-tree e <port/trunk-list> mode uplink Enables STP

161 Enhancements in Release F.02.11Fast-Uplink Spanning Tree Protocol (STP)Fast-Uplink TroubleshootingSome of the problems that can result from inc

162Enhancements in Release F.02.11The Show Tech Command for Listing Switch Configuration and Operating DetailsThe Show Tech Command for Listing Sw

163 Enhancements in Release F.02.11The Show Tech Command for Listing Switch Configuration and Operating Details1. In Hyperterminal, click on Transf

164Enhancements in Release F.02.02Documentation for Enhancements in Release F.02.02Enhancements in Release F.02.02Documentation for Enhancements i

165 Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access SecurityTACACS+ Authentication for Centralized C

166Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access SecurityWith authentication configured on the sw

167 Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access SecurityTerminology Used in TACACS Applications:

168Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access SecurityGeneral System RequirementsTo use TACACS

7 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Implementation of LLDPFor network device discovery

169 Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access SecurityTACACS+ OperationTACACS+ in Series 2500

170Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access Security2. Ensure that the switch is configured

171 Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access SecurityCautionYou should ensure that the switch

172Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access SecurityConfiguring TACACS+ on the SwitchThe swi

173 Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access SecurityViewing the Switch’s Current Authenticat

174Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access SecurityConfiguring the Switch’s Authentication

175 Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access SecurityTable 13. Primary/Secondary Authentica

176Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access SecurityFor example, here is a set of access opt

177 Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access SecurityConfiguring the Switch’s TACACS+ Server

178Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access Security Name Default Rangehost <ip-addr>

8Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60MIB (Management Information Base): An internal data

179 Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access SecurityAdding, Removing, or Changing the Priori

180Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access SecurityTo configure westside as a global encryp

181 Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access SecurityHow Authentication OperatesGeneral Authe

182Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access Security• If the username/password pair received

183 Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access SecurityUsing the Encryption KeyGeneral Operatio

184Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access SecurityFor example, you would use the next comm

185 Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access SecurityMessagesThe switch generates the CLI me

186Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access SecurityTroubleshooting TACACS+ OperationAll Use

187 Enhancements in Release F.02.02TACACS+ Authentication for Centralized Control of Switch Access Security The time quota for the account has bee

188Enhancements in Release F.02.02CDP (Updated by Software Version F.05.50)CDP (Updated by Software Version F.05.50)Software version F.02.02 for t

ii © Copyright 2001-2009 Hewlett-Packard Development Company, LP. The information contained herein is subject to change without notice.Publicatio

9 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Table 1. Viewable Data Available for LLDP Adverti

189 Enhancements in Release F.02.02New Time Synchronization Protocol OptionsTimeP Time SynchronizationYou can either manually assign the switch to

190Enhancements in Release F.02.02New Time Synchronization Protocol Options•TimeP: DHCP or Manual3. Configure the remaining parameters for the ti

191 Enhancements in Release F.02.02New Time Synchronization Protocol OptionsTable 15. SNTP ParametersMenu: Viewing and Configuring SNTPTo View, E

192Enhancements in Release F.02.02New Time Synchronization Protocol OptionsFigure 88. The System Information Screen (Default Values)2. Press [E]

193 Enhancements in Release F.02.02New Time Synchronization Protocol OptionsNote: This step replaces any previously configured server IP address. I

194Enhancements in Release F.02.02New Time Synchronization Protocol OptionsViewing the Current SNTP ConfigurationThis command lists both the time

195 Enhancements in Release F.02.02New Time Synchronization Protocol OptionsEnabling SNTP in Broadcast Mode. Because the switch provides an SNTP po

196Enhancements in Release F.02.02New Time Synchronization Protocol OptionsSyntax: timesync sntp Selects SNTP as the time synchronization metho

197 Enhancements in Release F.02.02New Time Synchronization Protocol OptionsFigure 93. Example of Specifying the SNTP Protocol Version NumberChan

198Enhancements in Release F.02.02New Time Synchronization Protocol OptionsDisabling the SNTP Mode. If you want to prevent SNTP from being used ev

10Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60LLDP Operating RulesPort Trunking. LLDP manages t

199 Enhancements in Release F.02.02New Time Synchronization Protocol OptionsTable 16. Timep ParametersMenu: Viewing and Configuring TimePTo View,

200Enhancements in Release F.02.02New Time Synchronization Protocol OptionsFigure 96. The System Information Screen (Default Values)2. Press [E]

201 Enhancements in Release F.02.02New Time Synchronization Protocol Optionsiii. Press [>] to move the cursor to the Poll Interval field, then g

202Enhancements in Release F.02.02New Time Synchronization Protocol OptionsIf SNTP is the selected time synchronization method ), show timep still

203 Enhancements in Release F.02.02New Time Synchronization Protocol OptionsFor example, suppose: Time synchronization is configured for SNTP. Yo

204Enhancements in Release F.02.02New Time Synchronization Protocol OptionsHP2512(config)# timesync timep Selects TimeP.HP2512(config)# ip timep m

205 Enhancements in Release F.02.02New Time Synchronization Protocol OptionsDisabling the TimeP Mode. Disabling the TimeP mode means to configure i

206Enhancements in Release F.02.02New Time Synchronization Protocol OptionsAdding and Deleting SNTP Server AddressesAdding Addresses. As mentioned

207 Enhancements in Release F.02.02New Time Synchronization Protocol OptionsMenu Interface Operation with Multiple SNTP Server Addresses Configured

208Enhancements in Release F.02.02Operation and Enhancements for Multimedia Traffic Control (IGMP)Operation and Enhancements for Multimedia Traffi

11 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60LLDP Operation and CommandsIn the default configur

209 Enhancements in Release F.02.02Operation and Enhancements for Multimedia Traffic Control (IGMP)multicast packets to ports from which a join re

210Enhancements in Release F.02.02Operation and Enhancements for Multimedia Traffic Control (IGMP)Fast-Leave IGMPIGMP Operation Presents a "D

211 Enhancements in Release F.02.02Operation and Enhancements for Multimedia Traffic Control (IGMP)unnecessary multicast traffic from that group to

212Enhancements in Release F.02.02Operation and Enhancements for Multimedia Traffic Control (IGMP)Forced Fast-Leave IGMPForced Fast-Leave IGMP Fea

213 Enhancements in Release F.02.02Operation and Enhancements for Multimedia Traffic Control (IGMP)For example:Figure 106. Listing the Forced Fas

214Enhancements in Release F.02.02Operation and Enhancements for Multimedia Traffic Control (IGMP)CLI: Configuring Per-Port Forced Fast-Leave IGMP

215 Enhancements in Release F.02.02Operation and Enhancements for Multimedia Traffic Control (IGMP)Querier OperationThe function of the IGMP Querie

216Enhancements in Release F.02.02The Switch Excludes Well-Known or Reserved Multicast Addresses from IP Multicast FilteringThe Switch Excludes We

217 Enhancements in Release F.02.02Port Security: Changes to Retaining Learned Static Addresses Across a RebootPort Security: Changes to Retaining

218Enhancements in Release F.02.02Port Security: Changes to Retaining Learned Static Addresses Across a RebootTo remove an address learned using e

12Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Viewing LLDP-detected DevicesNoteSelected LLDP inf

219 Enhancements in Release F.02.02Username Assignment and PromptUsername Assignment and PromptPrior to release F.02.02, assigning a manager or ope

220Updates and Corrections for the Management and Configuration GuideUpdates and Corrections for the Management and Configuration Guide This secti

221 Updates and Corrections for the Management and Configuration Guide• Running configuration has been changed and needs to be saved.This message i

222Updates and Corrections for the Management and Configuration GuideThis change affects the following commands:Restoring the Factory-Default Conf

223 Updates and Corrections for the Management and Configuration GuideGVRP Does Not Require a Common VLANDelete the note at the top of page 9-78 in

224Updates and Corrections for the Management and Configuration GuideNoteDuplicate MAC addresses are likely to occur in VLAN environments where XN

225 Updates and Corrections for the Management and Configuration GuideAlso on page 9-54, add the following item to the bulleted list: When TimeP i

226Software FixesSoftware FixesRelease F.01.07 was the first software release for the ProCurve Series 2500 switchesRelease F.01.08 . . . . . . .

227 Software FixesRelease F.05.19 (Never Released) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

228Software FixesRelease F.05.64 (Never Released) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

13 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Additional information from the remote device can

229 Software FixesRelease F.01.08Fixed in release F.01.08: 100/1000-T transceiver — When using this 100/1000-T transceiver and negotiating to 100

230Software FixesNoteThe startup-config file saved under version F.02.02 is NOT backward-compatible with previous software versions. HP recommends

231 Software Fixes LACP — Resolves several issues with LACP, including: conversation on a trunk may momentarily fail if a trunk member port goes d

232Software FixesRelease F.02.04 (Beta Release Only)The switch's CDP packets have been modified to better interoperate with older Cisco IOS v

233 Software Fixes IGMP — If there are several IGMP groups in several VLANs, and the switch is acting as Querier, the switch may stop sending IGMP

234Software FixesNoteContact your local Customer Care Center before activating this feature to receive proper configura-tion instructions. Failur

235 Software Fixes XRMON — Various XRMON counters display incorrect values. Possible symptoms include network management applications reporting a

236Software FixesRelease F.02.12Fixed in release F.02.12 Monitoring Port — When a config file containing a Monitoring Port configuration is loade

237 Software Fixes Port Configuration — Changing a port setting from one Auto mode to another may not be reflected in Auto-negotiation's adve

238Software FixesRelease F.04.08Fixed in release F.04.08Modification of Lab troubleshooting commands.Release F.04.09 (Beta Release Only)Fixed in r

14Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Configuring Per-Port LLDP Transmit/ReceiveThis com

239 Software FixesNoteThe startup-config file saved under version F.05.05, or later, is NOT backward-compatible with previous software versions. T

240Software Fixes Crash — If dynamic trunks are configured and the switch is rebooted, the switch may crash with a message similar to:->Softwa

241 Software Fixes Link-up polling interval — A delay of up to 1.7 seconds between plugging in a cable (linkbeat established) and traffic being fo

242Software Fixes STP/Startup-Config — When a startup-config file containing an 802.1D STP configuration is reloaded that was saved off from the

243 Software FixesRelease F.05.12 (Beta Release Only)Adds the following enhancement: Changes to 802.1X to support Open VLAN ModeRelease F.05.13 (B

244Software Fixes Performance/Crash (PR_4967) — Slow performance may occur when using 10/100 ports or the 100FX transceiver operating at half-d

245 Software Fixes Crash — When setting the host name to a very long (~20 characters) string, the switch may crash with a bus error similar to:-&g

246Software Fixes SNMP — The OID ifAlias is defaulted to "not assigned", causing Network Node Manager to log error messages. (The fix i

247 Software Fixes RSTP/LACP — Turning LACP off, then back on, leaves LACP in Passive mode. This can Trunking — With ports 25 and 26 configured i

248Software FixesRelease F.05.19 (Never Released)Fixed in release F.05.19 Counters (PR_92221) — Counters for J4834A 100/1000 xcvr do not clear .

15 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60New Console OptionStarting with Release F.05.23, a

249 Software Fixes Syslog (PR_1000003656) — The syslog capability added to F.05.22. Syslog (PR_1000004080) — A timep event log message on syslog

250Software FixesRelease F.05.24 (Not a General Release)Fixed in release F.05.24 Web (PR_1000007144) — When using the Web user interface, VLAN Co

251 Software Fixes SNMP (PR_1000190654) — When switch has the IP address configured on a VLAN other than the "default VLAN", Find/Fix/In

252Software FixesRelease F.05.32 (Not a General Release)Fixed in release F.05.32 TFTP/Config (PR_1000215024) — After a new configuration is loade

253 Software FixesRelease F.05.37 (Not a General Release)Fixed in release F.05.36 CLI (PR_83354) — The command "show mac vlan <VID>&quo

Release F.05.51 (Never Released)Fixed in release F.05.51 Crash (PR_1000297510) — When using the Web User Interface and the switch is set as commander

255 Software FixesRelease F.05.55Fixed in release F.05.55 LLDP (PR_1000310666) — The command "show LLDP" does not display information le

256Software FixesRelease F.05.59Fixed in release F.05.59 Daylight savings (PR_1000364740) — Due to the passage of the Energy Policy Act of 2005,

257 Software FixesDaylight Savings (PR_1000467724) — DST is outdated for the Western-European Time Zone. This change corrects the schedule for the

258Software FixesRelease F.05.69Fixed in release F.05.69 ProCurve Manager (PR_1000768253) — The ProCurve Manager 2.2 Auto Update 5 test communica

16Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Syslog OverviewThe switch’s Event Log records swit

© Copyright 2001-2009 Hewlett-Packard Company, LP. The information contained in this document is subject to change without notice.Part Number: 5990-31

17 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60no logging < syslog-ip-address > removes onl

18Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60NoteAs of March 2004, the logging facility < fa

iiiDisclaimerThe information contained in this document is subject to change without notice.HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND

19 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Viewing the Syslog ConfigurationConfiguring Syslog

20Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60See Figure 6 below for an example of adding an add

21 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60The Isolated Port Groups feature originally includ

22Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Table 2. Communication Allowed Between Port-Isol

23 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Operating Rules for Port Isolation Port Isolation

24Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Configuring Port Isolation on the SwitchSteps for

25 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Configuring and Viewing Port-IsolationNoteThe no p

26Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60For example, suppose that the switch is in its def

27 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Figure 8. Example of Isolating Ports on a Series

28Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60 Figure 9. Example of Port-Isolation Configurat

iiiContentsSoftware ManagementDownload Switch Documentation and Software from the Web . . . . . . . . . . . . . . . . . . . . . . . . . . . 1View or

29 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Troubleshooting Port-Isolation OperationConfigurin

30Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60General Features802.1X on the Series 2500 switches

31 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Authenticating One Switch to Another. 802.1X authe

32Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60iv. If the client is successfully authenticated an

33 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.602. The RADIUS server then responds with an MD5 acc

34Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60EAP (Extensible Authentication Protocol): EAP enab

35 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60General Operating Rules and Notes When a port on

36Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60General Setup Procedure for Port-Based Access Cont

37 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.603. Configure the 802.1X authentication type. Optio

38Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Configuring Switch Ports as 802.1X Authenticators8

ivConfiguring Port Isolation on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Steps for Confi

39 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.601. Enable 802.1X Authentication on Selected PortsT

40Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Syntax: aaa port-access authenticator < port-li

41 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Syntax: aaa port-access authenticator < port-li

42Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.603. Configure the 802.1X Authentication MethodThis

43 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.604. Enter the RADIUS Host IP Address(es)If you sele

44Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60802.1X Open VLAN ModeThis section describes how to

45 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60 3rd Priority: If the port does not have an Autho

46Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Table 4. 802.1X Open VLAN Mode Options802.1X Per

47 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Open VLAN Mode with Only an Unauthorized-Client VL

48Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Operating Rules for Authorized-Client and Unauthor

vShow Commands for Port-Access Supplicant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66How RADIUS/802.1X Authenticati

49 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Note:If you use the same VLAN as the Unauthorized-

50Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Setting Up and Configuring 802.1X Open VLAN ModePr

51 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Note that as an alternative, you can configure the

52Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.603. If you selected either eap-radius or chap-radiu

53 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Configuring 802.1X Open VLAN Mode. Use these comma

54Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Inspecting 802.1X Open VLAN Mode Operation. For in

55 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Option For Authenticator Ports: Configure Port-Sec

56Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Note on Blocking a Non-802.1X Device If the port’s

57 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Configuring Switch Ports To Operate As Supplicants

58Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60• If, after the supplicant port sends the configur

viMessages Related to Prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135Troubleshooting Pr

59 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Configuring a Supplicant Switch Port. Note that yo

60Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Syntax: aaa port-access supplicant [ethernet] <

61 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Displaying 802.1X Configuration, Statistics, and C

62Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Syntax: show port-access authenticator (Syntax Con

63 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Viewing 802.1X Open VLAN Mode StatusYou can examin

64Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Note that because a temporary Open VLAN port assig

65 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Figure 15. Example of Showing a VLAN with Ports

66Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Show Commands for Port-Access SupplicantNote on Su

67 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60How RADIUS/802.1X Authentication Affects VLAN Oper

68Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60 VLAN 33 becomes unavailable to port 2 for the du

viiOperating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

69 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60Figure 18. The Active Configuration for VLAN 33

70Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60NotesAny port VLAN-ID changes you make on 802.1X-a

71 Enhancements in Release F.05.05 through F.05.70Enhancements in Release F.05.05 through F.05.60IGMP Version 3 SupportWhen the switch receives an

72Enhancements in Release F.04.08Enhancements in Release F.04.08Enhancement Summary PageFriendly Port Names Enables you to assign optional, meanin

73 Enhancements in Release F.04.08Using Friendly (Optional) Port NamesUsing Friendly (Optional) Port NamesThis feature enables you to assign alphan

74Enhancements in Release F.04.08Using Friendly (Optional) Port NamesConfiguring Friendly Port NamesSyntax: interface [e] <port-list> name &

75 Enhancements in Release F.04.08Using Friendly (Optional) Port NamesDisplaying Friendly Port Names with Other Port DataYou can display friendly p

76Enhancements in Release F.04.08Using Friendly (Optional) Port NamesFigure 23. Example of Friendly Port Name Data for Specific Ports on the Swi

77 Enhancements in Release F.04.08Using Friendly (Optional) Port NamesFor a given port, if a friendly port name does not exist in the running-confi

78Enhancements in Release F.04.08Configuring Secure Shell (SSH)Configuring Secure Shell (SSH)The Series 2500 switches use Secure Shell version 1 (

viiiPort Security: Changes to Retaining Learned Static Addresses Across a Reboot . . . . . 217Recommended Port Security Procedures . . . . . . . . .

79 Enhancements in Release F.04.08Configuring Secure Shell (SSH)NoteSSH in the ProCurve Series 2500 switches is based on the OpenSSH software toolk

80Enhancements in Release F.04.08Configuring Secure Shell (SSH)Terminology SSH Server: An HP Series 2500 switch with SSH enabled. Key Pair: A pa

81 Enhancements in Release F.04.08Configuring Secure Shell (SSH)keys by default, check the application software for a key conversion utility or use

82Enhancements in Release F.04.08Configuring Secure Shell (SSH)The general steps for configuring SSH include:A. Client Preparation1. Install an SS

83 Enhancements in Release F.04.08Configuring Secure Shell (SSH)6. Use your SSH client to access the switch using the switch’s IP address or DNS n

84Enhancements in Release F.04.08Configuring Secure Shell (SSH)Configuring the Switch for SSH OperationSSH-Related Commands in This Sectionshow ip

85 Enhancements in Release F.04.08Configuring Secure Shell (SSH)1. Assigning a Local Login (Operator) and Enable (Manager) PasswordAt a minimum, HP

86Enhancements in Release F.04.08Configuring Secure Shell (SSH)To Generate or Erase the Switch’s Public/Private RSA Host Key Pair. Because the hos

87 Enhancements in Release F.04.08Configuring Secure Shell (SSH)3. Providing the Switch’s Public Key to ClientsWhen an SSH client contacts the swit

88Enhancements in Release F.04.08Configuring Secure Shell (SSH)3. Ensure that there are no line breaks in the text string. (A public key must be a