HP PROCURVE 3400CL-24G Bedienungsanleitung

iRelease Notes: Version M.10.72 Softwarefor the HP ProCurve Series 3400cl Switches"M” software versions are supported on these switches:Relea

xRelease M.10.42 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

90 EnhancementsRelease M.10.10 EnhancementsThe show spanning-tree command has also been extended to display BPDU filtered ports. Figure 24. Examp

91EnhancementsReleases M.10.11 through M.10.12 EnhancementsReleases M.10.11 through M.10.12 EnhancementsSoftware fixes only, no new enhancements.R

92 EnhancementsRelease M.10.17 EnhancementsFigure 27. Example of BPDU Protection Enabled at the Network EdgeTerminologyBPDU — Acronym for bridge

93EnhancementsRelease M.10.17 EnhancementsSTP — Spanning Tree Protocol, part of the original IEEE 802.1D specification. The 2004 edition completel

94 EnhancementsRelease M.10.17 EnhancementsViewing BPDU Protection StatusThe show spanning-tree command has additional information on BPDU protecti

95EnhancementsRelease M.10.21 EnhancementsRelease M.10.21 EnhancementsSoftware fixes only, no new enhancements.Release M.10.22 EnhancementsRelease

96 EnhancementsRelease M.10.22 EnhancementsTo display information about ports with loop protection, enter this command.Figure 28. Example of Show

97EnhancementsRelease M.10.23 EnhancementsRelease M.10.23 EnhancementsRelease M.10.23 includes the following enhancement: Enhancement (PR_1000379

98 EnhancementsRelease M.10.27 EnhancementsRelease M.10.27 EnhancementsRelease M.10.27 includes the following enhancement: Enhancement (PR_1000374

99EnhancementsRelease M.10.27 EnhancementsNotes: The aaa port-access controlled-direction in command allows Wake-on-LAN traffic to be transmitted

1Software ManagementSoftware UpdatesSoftware ManagementSoftware UpdatesCheck the ProCurve Networking Web site frequently for free software updates

100 EnhancementsRelease M.10.28 EnhancementsRelease M.10.28 EnhancementsSoftware fixes only, no new enhancements.Release M.10.29 EnhancementsReleas

101EnhancementsRelease M.10.32 Enhancements The <hash-type> parameter specifies the type of algorithm (if any) used to hash the password. V

102 EnhancementsRelease M.10.33 Enhancements To schedule a reload in 3 hours:ProCurve# reload after 03:00 To schedule a reload for the same time th

103EnhancementsRelease M.10.33 Enhancements The port is temporarily assigned as a member of an untagged (static or dynamic) VLAN for use during t

104 EnhancementsRelease M.10.33 EnhancementsWhen the authentication session ends, the switch removes the temporary untagged VLAN assignment and re-

105EnhancementsRelease M.10.33 EnhancementsFigure 8. Example of an Active VLAN ConfigurationIn Figure Figure 8, if RADIUS authorizes an 802.1X cli

106 EnhancementsRelease M.10.33 EnhancementsFigure 10. Active Configuration for VLAN 33 Temporarily Drops Port 22 for the 802.1X SessionWhen the 80

107EnhancementsRelease M.10.33 EnhancementsEnabling the Use of GVRP-Learned Dynamic VLANs in Authentication SessionsSyntax: aaa port-access gvrp-v

108 EnhancementsRelease M.10.34 EnhancementsRelease M.10.34 EnhancementsRelease M.10.34 includes the following enhancement: Enhancement (PR_100041

109EnhancementsRelease M.10.35 EnhancementsRelease M.10.35 EnhancementsRelease M.10.35 includes the following enhancement: Enhancement (PR_100041

2 Software ManagementDownloading Software to the SwitchNoteDownloading new software does not change the current switch configuration. The switch co

110 EnhancementsRelease M.10.35 Enhancements• If a binding is invalid, the switch drops the packet, preventing other network devices from receiving

111EnhancementsRelease M.10.35 EnhancementsConfiguring Trusted PortsIn a similar way to DHCP snooping, dynamic ARP protection allows you to config

112 EnhancementsRelease M.10.35 EnhancementsTo configure one or more Ethernet interfaces that handle VLAN traffic as trusted ports, enter the arp p

113EnhancementsRelease M.10.35 EnhancementsAn example of the ip source binding command is shown here:ProCurve(config)# ip source binding 0030c1-7f

114 EnhancementsRelease M.10.35 EnhancementsVerifying the Configuration of Dynamic ARP ProtectionTo display the current configuration of dynamic AR

115EnhancementsRelease M.10.36 EnhancementsMonitoring Dynamic ARP ProtectionWhen dynamic ARP protection is enabled, you can monitor and troublesho

116 EnhancementsRelease M.10.37 EnhancementsConfiguring MSTP Port Connectivity ParametersWith release K.12.04, all ports are configured as auto-edg

117EnhancementsRelease M.10.37 Enhancements[root-guard]MSTP only. When a port is enabled as root-guard, it cannot be selected as the root port eve

118 EnhancementsRelease M.10.38 EnhancementsRelease M.10.38 EnhancementsRelease M.10.38 includes the following enhancement: Enhancement (PR_100042

119EnhancementsRelease M.10.38 EnhancementsSend SNMP v2c InformsEnabling and Configuring SNMP InformsYou can use the snmp-server informs command (

3Software ManagementDownloading Software to the SwitchTFTP Download from a ServerSyntax: copy tftp flash <ip-address> <remote-os-file>

120 EnhancementsRelease M.10.39 EnhancementsYou can see if informs are enabled or disabled with the show snmp-server command as shown in Figure 11.

121EnhancementsRelease M.10.39 Enhancements Enhancement (PR_1000428213) — This software enhancement adds the ability to configure a secondary aut

122 EnhancementsRelease M.10.39 EnhancementsYou can configure local, chap-radius or eap-radius as the primary password authentication method for th

123EnhancementsRelease M.10.39 EnhancementsFigure 12. Example of AAA Authentication Using Authorized for the Secondary Authentication MethodSpec

124 EnhancementsRelease M.10.39 Enhancements Enhancement (PR_1000415155) — The ARP age timer was enhanced from the previous limit of 240 minutes t

125EnhancementsRelease M.10.39 EnhancementsYou can also view the value of the Arp Age timer in the configuration file.Figure 15. Example Showing

126 EnhancementsRelease M.10.40 EnhancementsIf the ARP cache should become full because entries are not cleared (due to increased timeout limits) y

127EnhancementsRelease M.10.43 EnhancementsProtection Against IP Source Address SpoofingMany network attacks occur when an attacker injects packet

128 EnhancementsRelease M.10.43 EnhancementsPrerequisite: DHCP SnoopingDynamic IP lockdown requires that you enable DHCP snooping as a prerequisite

129EnhancementsRelease M.10.43 EnhancementsIn this example, the following DHCP leases have been learned by DHCP snooping on port 5. VLANs 2 and 5

4 Software ManagementDownloading Software to the Switch The terminal emulator you are using includes the Xmodem binary transfer feature. (For exam

130 EnhancementsRelease M.10.43 EnhancementsEnabling Dynamic IP LockdownTo enable dynamic IP lockdown on all ports or specified ports, enter the ip

131EnhancementsRelease M.10.43 Enhancements• Remove the trusted-port configuration. You can configure dynamic IP lockdown only from the CLI; thi

132 EnhancementsRelease M.10.43 EnhancementsAdding a Static BindingTo add the static configuration of an IP-to-MAC binding for a port to the lease

133EnhancementsRelease M.10.43 EnhancementsAn example of the show ip source-lockdown status command output is shown in Figure 20. Note that the op

134 EnhancementsRelease M.10.43 EnhancementsFigure 21. Example of show ip source-lockdown bindings Command OutputIn the show ip source-lockdown bin

135EnhancementsRelease M.10.44 through M.10.64 EnhancementsFigure 22. Example of debug dynamic-ip-lockdown Command OutputRelease M.10.44 through M

136 EnhancementsRelease M.10.65 EnhancementsRelease M.10.65 EnhancementsRelease M.10.65 includes the following enhancement: Enhancement (PR_000000

137EnhancementsRelease M.10.65 EnhancementsAll switches in a region must be configured with the same VLAN ID-to-MSTI mappings and the same MSTP co

138 EnhancementsRelease M.10.65 EnhancementsEach MST instance supports a different set of VLANs. A VLAN that is mapped to an MST instance cannot be

139EnhancementsRelease M.10.65 EnhancementsFigure 23. Example of Mapping VLANs with the Range Option where all VLANs are IncludedNoteIf you want

5Software ManagementSaving Configurations While Using the CLISaving Configurations While Using the CLIThe switch operates with two configuration f

140 EnhancementsRelease M.10.66 Enhancements If you enter the spanning-tree instance vlan command before a static or dynamic VLAN is configured on

141EnhancementsRelease M.10.66 EnhancementsAdding a Description for a Syslog ServerYou can associate a user-friendly description with each of the

142 EnhancementsRelease M.10.66 EnhancementsFigure 30. Example of the Logging Command with a Priority DescriptionNoteA notification is sent to th

143EnhancementsRelease M.10.67 EnhancementsRelease M.10.67 EnhancementsSoftware fixes only, no new enhancements.Release M.10.68 EnhancementsReleas

144 EnhancementsRelease M.10.69 EnhancementshpSwitchLinkUpDownTrapAllPortsStatus OBJECT-TYPESYNTAX INTEGER {enable (1),disable (2) }ACCESS read-

145Software Fixes in Release M.08.51 - M.10.72Release M.08.52Software Fixes in Release M.08.51 - M.10.72Software fixes are listed in chronological

146 Software Fixes in Release M.08.51 - M.10.72Release M.08.612. In show CDP the Yes is changed to Yes,(Receive Only). CLI (PR_1000192677) — Show

147Software Fixes in Release M.08.51 - M.10.72Release M.08.62 Web UI (PR_1000177915) — Device View from the Web user interface is missing. Web

148 Software Fixes in Release M.08.51 - M.10.72Release M.08.64Release M.08.64Problems Resolved in Release M.08.64 (Not a general release) IP Routi

149Software Fixes in Release M.08.51 - M.10.72Release M.08.68Release M.08.68Problems Resolved in Release M.08.68 (Not a general release) Switchin

6 Software ManagementInstall Recommendations for I.08.12 Boot ROM UpdateInstall Recommendations for I.08.12 Boot ROM UpdateWhen installing the M.1

150 Software Fixes in Release M.08.51 - M.10.72Release M.08.70 Port Security (PR_1000203984) — CLI port-security "mac-address" command w

151Software Fixes in Release M.08.51 - M.10.72Release M.08.72 LLDP (PR_1000241315) — CLI command "show LLDP" does not display informati

152 Software Fixes in Release M.08.51 - M.10.72Release M.08.75Release M.08.75Problems Resolved in Release M.08.75 LR optic (PR_1000282195) — Afte

153Software Fixes in Release M.08.51 - M.10.72Release M.08.78Release M.08.78Problems Resolved in Release M.08.78 (Not a general release) Enhancem

154 Software Fixes in Release M.08.51 - M.10.72Release M.08.83 RSTP (PR_1000300623) — Under some circumstances, the switch may allow packets to lo

155Software Fixes in Release M.08.51 - M.10.72Release M.08.87 SNMP (PR_1000295753) — Removing 'public' SNMP community generates an empt

156 Software Fixes in Release M.08.51 - M.10.72Release M.08.90• RADIUS Configuration via SNMP. For details refer to “Using SNMP To View and Configu

157Software Fixes in Release M.08.51 - M.10.72Release M.08.93Release M.08.93 Problems Resolved in Release M.08.93 (Not a general release) Help (P

158 Software Fixes in Release M.08.51 - M.10.72Release M.08.97Release M.08.97Problems Resolved in Release M.08.97 (Never released) OSPF (PR_100031

159Software Fixes in Release M.08.51 - M.10.72Release M.10.04 sFlow (PR_1000321195)— A network management application may incorrectly report spik

7Software ManagementProCurve Switch, Routing Switch, and Router Software KeysProCurve Switch, Routing Switch, and Router Software KeysSoftware Let

160 Software Fixes in Release M.08.51 - M.10.72Release M.10.07 Stacking (PR_1000311510) — When stacking is enabled, a stack member cannot be ‘ping

161Software Fixes in Release M.08.51 - M.10.72Release M.10.09Release M.10.09 Problems Resolved in Release M.10.09 CLI (PR_1000317554) — The show

162 Software Fixes in Release M.08.51 - M.10.72Release M.10.11Release M.10.11 Problems Resolved in Release M.10.11 Crash (PR_1000336436) — A “get/

163Software Fixes in Release M.08.51 - M.10.72Release M.10.14Release M.10.14 Problems Resolved in Release M.10.14 CLI (PR_1000342461) — Command “

164 Software Fixes in Release M.08.51 - M.10.72Release M.10.17 DHCP Protection (PR_1000360273) — DHCP Lease renewal packets received on an untrust

165Software Fixes in Release M.08.51 - M.10.72Release M.10.21 Enhancement (PR_1000358900) — A RADIUS accounting enhancement was made. More inform

166 Software Fixes in Release M.08.51 - M.10.72Release M.10.23Release M.10.23 Problems Resolved in Release M.10.23 (Never released) Crash (PR_1000

167Software Fixes in Release M.08.51 - M.10.72Release M.10.26 STP/RSTP/MSTP (PR_1000386113) — In some cases STP/RSTP/MSTP may allow a loop on 10-

168 Software Fixes in Release M.08.51 - M.10.72Release M.10.28Release M.10.28 Problems Resolved in Release M.10.28 (Not a general release) CLI/LLD

169Software Fixes in Release M.08.51 - M.10.72Release M.10.30 Transceiver hotswap (PR_1000390888) — Transceiver hotswap issues: • Simultaneous ho

8 Software ManagementProCurve Switch, Routing Switch, and Router Software Keysnumeric Switch 9408sl, Switch 9300 Series (9304M, 9308M, and 9315M),

170 Software Fixes in Release M.08.51 - M.10.72Release M.10.32 RIP (PR_1000393366) — The switch does not process RIP (v2) responses containing sub

171Software Fixes in Release M.08.51 - M.10.72Release M.10.34 Crash (PR_1000407542) — Attempting to change the spanning-tree protocol version fro

172 Software Fixes in Release M.08.51 - M.10.72Release M.10.36 BPDU Protection (PR_1000395569) — BPDU-protection fails after module hot-swap. En

173Software Fixes in Release M.08.51 - M.10.72Release M.10.39Release M.10.39 Problems Resolved in Release M.10.39 Enhancement (PR_1000428213) —

174 Software Fixes in Release M.08.51 - M.10.72Release M.10.42 SCP (PR_1000428142) — The switch does not exit a secure copy protocol (SCP) session

175Software Fixes in Release M.08.51 - M.10.72Release M.10.45Release M.10.45Problems Resolved in Release M.10.45 (Not a Public Release) Web-UI (P

176 Software Fixes in Release M.08.51 - M.10.72Release M.10.48• The switch does not send an appropriate exit status message to the client. This cor

177Software Fixes in Release M.08.51 - M.10.72Release M.10.50 through M.10.64Routed traffic is off by a factor of 1000Switched traffic is not samp

178 Software Fixes in Release M.08.51 - M.10.72Release M.10.66 Authentication (PR_1000454714) — Concurrent 802.1X and MAC Authentication does not

179Software Fixes in Release M.08.51 - M.10.72Release M.10.67 CLI (1000415243) — Output from the CLI command show name still lists 10-GbE trans-c

9Software ManagementMinimum Software Versions for Series 3400cl Switch FeaturesMinimum Software Versions for Series 3400cl Switch FeaturesFor Soft

180 Software Fixes in Release M.08.51 - M.10.72Release M.10.68 Crash (PR_0000004023) — Repeated PCM configuration scans using SSH/SCP may cause th

181Software Fixes in Release M.08.51 - M.10.72Release M.10.70 PC Phone/Authentication (PR_0000007209) — When an IP phone is used in tandem with a

182 Software Fixes in Release M.08.51 - M.10.72Release M.10.70 Dynamic ARP Protection (PR_0000009942) — When a switch using Dynamic ARP Protection

183Software Fixes in Release M.08.51 - M.10.72Release M.10.71Release M.10.71Problems Resolved in Release M.10.71 (Not a Public Release) 802.1X (P

184 Software Fixes in Release M.08.51 - M.10.72Release M.10.72 Config (PR_0000005002) — If a friendly port name uses the characters TRUNK=, then a

185Software Fixes in Release M.08.51 - M.10.72Release M.10.72Drop offer from <DHCP server IP address> of <DHCP address offer> because

186 Software Fixes in Release M.08.51 - M.10.72Release M.10.72Message 2 (when an unauth-vid config is attempted on a port with an existing 802.1X u

© 2004 - 2009 Hewlett-Packard Development Company, LP. The information contained herein is subject to change without notice.October 2009Manual Part Nu

© Copyright 2004 - 2009 Hewlett-Packard Development Company, LP. The information contained herein is subject to change without notice.Publication Nu

10 Enforcing Switch SecuritySwitch Management Access SecurityEnforcing Switch SecurityProCurve switches are designed as “plug and play” devices, al

11Enforcing Switch SecuritySwitch Management Access SecurityIt is important to evaluate the level of management access vulnerability existing in y

12 Enforcing Switch SecuritySwitch Management Access SecuritySNMP Access (Simple Network Management Protocol)In the default configuration, the swit

13Enforcing Switch SecuritySwitch Management Access SecurityCaution: Downloading and booting from the M.08.89 or greater software version for the

14 Enforcing Switch SecuritySwitch Management Access SecurityFor the commands to implement the above actions, refer to “Front-Panel Security” in th

15Enforcing Switch SecurityNetwork Access SecurityNetwork Access SecurityThis section outlines provisions for protecting access through the switch

16 Enforcing Switch SecurityNetwork Access SecuritySecure Shell (SSH)SSH provides Telnet-like functions through encrypted, authenticated transactio

17Enforcing Switch SecurityNetwork Access Security source-port filters: Inbound traffic from a designated, physical source-port will be forwarded

18 Enforcing Switch SecurityNetwork Access SecurityRefer to the chapter titled “Configuring Port-Based and Client-Based Access Control” in the Acce

19Enforcing Switch SecurityNetwork Access Securitykeys.) KMS provides specific instances of routing protocols with one or more Send or Accept keys

iiiContentsSoftware Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1Software Updates . . . . . . . .

20 Clarifications and UpdatesOperating Notes for Jumbo Traffic-HandlingClarifications and UpdatesOperating Notes for Jumbo Traffic-HandlingIn the M

21Clarifications and UpdatesIGMP Command UpdateIGMP Command UpdateThe following information updates and clarifies information in Chapter 4, “Multi

22 Clarifications and UpdatesGeneral Switch Traffic Security GuidelineSetting Fast-Leave and Forced Fast-Leave from the CLI. In earlier switch mode

23Clarifications and UpdatesThe Management VLAN IP Address4. Port security5. Authorized IP Managers6. Application features at higher levels in the

24 Known IssuesRate-LimitingKnown IssuesRelease M.10.17The following is a known issue related to installation of Release M.10.17 software, which in

25EnhancementsRelease M.08.69 EnhancementsEnhancementsEnhancments are listed in chronological order, oldest to newest software release. To review

26 EnhancementsRelease M.08.78 EnhancementsRelease M.08.78 EnhancementsUsing Fastboot To Reduce Boot TimeThe fastboot command allows a boot sequenc

27EnhancementsRelease M.08.80 through M.08.83 EnhancementsThe following shows a sample output from this new command.Figure 2. Example rate displ

28 EnhancementsRelease M.08.84 EnhancementsRelease M.08.84 EnhancementsRelease M.08.84 includes the following enhancement:Added the show tech tran

29EnhancementsRelease M.08.89 EnhancementsIP address of 10.10.100.27 is assigned a host name of accounts015 and another IP address of 10.10.100.33

ivConnection-Rate Filtering Based On Virus-Throttling Technology . . . . . . . . . . . . . . . . . . . . . . . 19Identity-Driven Management (IDM) .

30 EnhancementsRelease M.08.89 Enhancements The host’s domain must be reachable from the switch. This requires that the DNS server for the switc

31EnhancementsRelease M.08.89 EnhancementsConfiguring a DNS EntryThe switch allows one DNS server entry, which includes the DNS server IP address

32 EnhancementsRelease M.08.89 EnhancementsFigure 5. Example Network DomainConfiguring switch “A” with the domain name and the IP address of a DN

33EnhancementsRelease M.08.89 EnhancementsFigure 7. Example of Ping and Traceroute Execution for the Network in Figure 5 on Page 32As mentioned

34 EnhancementsRelease M.08.89 EnhancementsFigure 9. Example of Viewing the Current DNS ConfigurationOperating Notes The DNS server must be acce

35EnhancementsRelease M.08.89 EnhancementsEvent Log MessagesUsing SNMP To View and Configure Switch Authentication Features In earlier software re

36 EnhancementsRelease M.08.89 EnhancementsSecurity NotesPasswords and keys configured in the hpSwitchAuth MIB are not returned via SNMP, and the r

37EnhancementsRelease M.08.89 EnhancementsFor example, to disable SNMP access to the switch’s authentication MIB and then display the result in th

38 EnhancementsReleases M.08.90 and M.08.91 EnhancementsFigure 11. Using the show run Command to View the Current Authentication MIB Access State

39EnhancementsReleases M.08.90 and M.08.91 EnhancementsThe “legacy-path-cost” CLI command does not affect or replace functionality of the “spannin

vQoS Pass-Through Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Release

40 EnhancementsReleases M.08.90 and M.08.91 EnhancementsNoteChanging the QoS Pass-Through Mode can be done without rebooting the switch. However, t

41EnhancementsReleases M.08.90 and M.08.91 EnhancementsQoS Pass-Through Mode SNMP MIB Object. A read-write MIB object, 1.3.6.1.4.1.11.2.14.11.5.1.

42 EnhancementsRelease M.08.94 EnhancementsThe current QoS Pass-Through Mode also is displayed in the show running-config command output.Operating

43EnhancementsRelease M.08.94 EnhancementsExampleIn the routing switch shown below, option 82 has been configured with mgmt-vlan for the Remote ID

44 EnhancementsRelease M.08.94 EnhancementsTable 3. DHCP Operation for the Topology in Figure 12Operating Notes Routing is not allowed between t

45EnhancementsReleases M.08.95 through M.10.01 EnhancementsReleases M.08.95 through M.10.01 EnhancementsSoftware fixes only; no new enhancements.R

46 EnhancementsRelease M.10.02 Enhancements An ACL must be configured on the RADIUS server (instead of the switch) by creating and assigning one o

47EnhancementsRelease M.10.02 EnhancementsTable 4. Contrasting Dynamic and Static ACLsRADIUS-Based (Dynamic) ACLs Port-Based (Static) ACLsOpera

48 EnhancementsRelease M.10.02 EnhancementsTerminologyACE: See Access Control Entry, below.Access Control Entry (ACE): An ACE is a policy consistin

49EnhancementsRelease M.10.02 Enhancementspacket (from the authenticated client) that is not explicitly permitted or denied by other ACEs configur

viRelease M.10.26 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Rele

50 EnhancementsRelease M.10.02 Enhancementsthe client MAC address is the selection criteria, only the client having that MAC address can use the co

51EnhancementsRelease M.10.02 EnhancementsExample. Suppose the ACL in Figure 3 is assigned to filter the traffic from an authenticated client on a

52 EnhancementsRelease M.10.02 Enhancements Figure 4. The Packet-Filtering Process in an ACL with N Entries (ACEs)NoteThe order in which an ACE occ

53EnhancementsRelease M.10.02 EnhancementsFor example, suppose you want to configure a RADIUS-based ACL to invoke these policies in the 11.11.11.0

54 EnhancementsRelease M.10.02 EnhancementsGeneral StepsThese steps suggest a process for using ACLs to establish client access policies. The topic

55EnhancementsRelease M.10.02 Enhancements Is it important to keep track of the number of matches for a particular client or ACE? If so, you can

56 EnhancementsRelease M.10.02 Enhancements Explicitly Denying Any IP Traffic: Entering a deny in ip from any to any ACE in an ACL denies all IP t

57EnhancementsRelease M.10.02 EnhancementsLimits for RADIUS-Based ACLs, Associated ACEs, and Counters Table 5 describes limits the switch supports

58 EnhancementsRelease M.10.02 EnhancementsConfiguring an ACL in a RADIUS ServerThis section provides general guidelines for configuring a RADIUS s

59EnhancementsRelease M.10.02 EnhancementsFigure 6. Example of Configuring the VSA for RADIUS-Based ACLs in a FreeRADIUS Server2. Enter the switc

viiRelease M.10.65 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136MST

60 EnhancementsRelease M.10.02 EnhancementsFigure 8. Example of Configuring the FreeRADIUS Server To Support ACLs for the Indicated ClientsFormat

61EnhancementsRelease M.10.02 EnhancementsThe following syntax and operating information refers to ACLs configured in a RADIUS server.ACE Syntax:

62 EnhancementsRelease M.10.02 EnhancementsConfiguring the Switch To Support RADIUS-Based ACLsAn ACL configured in a RADIUS server is identified by

63EnhancementsRelease M.10.02 Enhancements3. Configure an authentication method. Options include 802.1X, Web authentication, and MAC authenticatio

64 EnhancementsRelease M.10.02 EnhancementsDisplaying the Current RADIUS-Based ACL Activity on the SwitchThese commands output data indicating the

65EnhancementsRelease M.10.02 EnhancementsSyntax: show port-access authenticator < port-list >For ports,in < port-list > that are conf

66 EnhancementsRelease M.10.02 EnhancementsFigure 10. Example of Output Showing Current RADIUS-Applied Features Event Log MessagesMessage Meaning

67EnhancementsRelease M.10.02 EnhancementsCauses of Client Deauthentication Immediately After Authenticating ACE formatted incorrectly in the RAD

68 EnhancementsRelease M.10.02 Enhancements• An ACE in the ACL for a given authenticated client exceeds 80 characters.• An ACL assigned to an authe

69EnhancementsRelease M.10.02 EnhancementsFigure 13. Viewing sFlow Agent InformationThe show sflow destination command includes information abou

viiiRelease M.08.76 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

70 EnhancementsRelease M.10.04 Enhancements Figure 15. Example of Viewing sFlow Sampling and Polling InformationThe show sflow all command combin

71EnhancementsRelease M.10.04 EnhancementsOperating Notes To generate alerts for monitored events, you must enable the instrumentation monitoring

72 EnhancementsRelease M.10.04 Enhancements Alerts are automatically rate limited to prevent filling the log file with redundant information. The

73EnhancementsRelease M.10.04 EnhancementsConfiguring Instrumentation MonitorThe following commands and parameters are used to configure the opera

74 EnhancementsRelease M.10.04 EnhancementsExamplesTo turn on monitoring and event log messaging with the default medium values: ProCurve(config)#

75EnhancementsRelease M.10.04 EnhancementsFigure 18. Viewing the Instrumentation Monitor ConfigurationTCP/UDP Port Closure In earlier software r

76 EnhancementsRelease M.10.04 EnhancementsEnabling/Disabling TFTPThe TFTP server and client can be enabled and/or disabled independently.Enabling/

77EnhancementsRelease M.10.04 EnhancementsNoteThe router rip command exists in previous software versions. In this implementation, however, RIP mu

78 EnhancementsRelease M.10.04 EnhancementsThe following shows RSTP sample output from the enhanced command. Figure 19. Example of Show Spanning

79EnhancementsRelease M.10.05 Enhancements• TC Flag Received counter shows the number of TC notifications (RSTP or MSTP style BPDU with the TC fla

ixRelease M.10.10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

80 EnhancementsRelease M.10.07 EnhancementsRelease M.10.07 EnhancementsRelease M.10.07 includes the following enhancement: Added support for PIM D

81EnhancementsRelease M.10.09 EnhancementsFigure 20. UDLD ExampleSimilarly, UDLD is effective for monitoring fiber optic links that use two uni-

82 EnhancementsRelease M.10.09 EnhancementsConfiguration Considerations UDLD is configured on a per-port basis and must be enabled at both ends of

83EnhancementsRelease M.10.09 EnhancementsEnabling UDLD. UDLD is enabled on a per port basis. For example, to enable UDLD on port a1, enter:To en

84 EnhancementsRelease M.10.09 EnhancementsNotes You must configure the same VLANs that will be used for UDLD on all devices across the network; o

85EnhancementsRelease M.10.09 EnhancementsDisplaying Summary UDLD Information. To display summary information on all UDLD-enabled ports, enter the

86 EnhancementsRelease M.10.09 EnhancementsDisplaying Detailed UDLDP Status Information. To display detailed UDLD information for specific ports, e

87EnhancementsRelease M.10.09 EnhancementsConfiguration Warnings and Event Log MessagesWarning Messages. The following table shows the warning mes

88 EnhancementsRelease M.10.10 EnhancementsRelease M.10.10 EnhancementsRelease M.10.10 includes the following enhancement:Spanning Tree Per-Port BP

89EnhancementsRelease M.10.10 EnhancementsCautionPorts configured with the BPDU filter mode remain active (learning and forward frames); however,