ProCurve 2900 Switch Advanced Traffic Management
Contents
1. 2 56 Voice VLAN QoS Prioritizing Optional 2 56 Voice VLAN Access Security 00 c cece eee eee 2 57 Effect of VLANs on Other Switch Features 2 57 Spanning Tree Operation with VLANS 02 0 ee 2 57 IP Interfaces p ee ERREUR EE ERA UR RR 2 58 VLAN MAC Address sssssseeeeee ee 2 58 Port DRUNKS 5 2 etr e oe e RED E CR RR E S Re 2 58 Port Monitoring sseseeeeeeeeeee eee 2 58 Jumbo Packet Support ssseeeeeeeeee seen 2 58 VLAN Restrictions 3 2 0 32 58 le ea ee ee Ll ee 2 59 Migrating Layer 3 VLANs Using VLAN MAC Configuration 2 60 VLAN MAC Address Reconfiguration 02 000 2 60 Handling Incoming and Outgoing VLAN Traffic 2 61 Sending Heartbeat Packets with a Configured MAC Address 2 62 Configuring a VLAN MAC Address with Heartbeat Interval 2 63 Operating Notes si cces c ereere E n eens 2 63 Example 22205 y ep PERSE MER ER ree gs 2 64 Verifying a VLAN MAC Address Configuration 2 64 2 2 Static Virtual LANs VLANs Overview Overview This chapter describes how to configure and use static port based and protocol based VLANs on the switches covered in this guide For general information on how to use the switch s built in interfaces refer to these chapters in the Management and Configuration Guide for your switch Chapter 3 Using2. 5 45 QoS Source Port Priority 0 cece 5 49 Assigning a Priority Based on Source Port 5 49 Assigning a DSCP Policy Based on the Source Port 5 51 Differentiated Services Codepoint DSCP Mapping 5 55 Default Priority Settings for Selected Codepoints 5 56 Quickly Listing Non Default Codepoint Settings 5 57 Notes on Changing a Priority Setting 2 0 005 5 58 Error Messages caused by DSCP Policy Changes 5 59 Example of Changing the Priority Setting on a Policy When One or More Classifiers Are Currently Using the Policy 5 59 QoS Queue Configuration seen 5 62 Configuring the Number of Priority Queues 5 63 Viewing the QoS Queue Configuration 02 000 5 65 QoS Operating Notes and Restrictions 5 66 IP Multicast IGMP Interaction with QoS 5 68 5 2 Quality of Service QoS Managing Bandwidth More Effectively Introduction Introduction QoS Feature Default Page Reference UDP TCPProrty Disabled page515 IP Device Priority Disabled page 5 23 IP Type of Service Priority Disabled page 5 29 LAN Protocol Priority Disabled page 5 41 VLAN ID Priority Disabled page 5 43 Source Port Priority Disabled page 5 49 DSCP Policy Table Various page 5 55 Queue Configuration 8 Queues page 5 62 As the term suggests n
3. 001100 800010 6N e a the selected packets and 001101 000101 4 use the 802 1p priorities 001110 previously configured in the 001111 No override DSCP policies in step 2 010000 No override 010001 No override MORE next page Space next line Enter quit Control C Figure 5 18 Example of Policy Assignment to Outbound Packets on the Basis of the DSCP in the Packets Received from Upstream Devices Details of QoS IP Type of Service IP packets include a Type of Service ToS byte The ToS byte includes m A Differentiated Services Codepoint DSCP This element is com prised of the upper six bits of the ToS byte There are 64 possible codepoints e Inthe switches covered in this guide the default qos configuration includes some codepoints with 802 1p priority settings for Assured Forwarding and Expedited Forwarding codepoint 101110 while others are unused and listed with No override for a Priority Refer to figure 5 9 on page 5 56 for an illustration of the default DSCP policy table Using the qos dscp map command you can configure the switch to assign different prioritization policies to IPv4 packets having different code points As an alternative you can configure the switch to assign a new codepoint to an IPv4 packet along with a corresponding 802 1p priority 0 7 To use this option in the simplest case you would 5 88 Quality of Service QoS Managing Bandwidth More Effectively Usin
4. 5 57 Notes on Changing a Priority Setting leeeesesss 5 58 Error Messages caused by DSCP Policy Changes 5 59 Example of Changing the Priority Setting on a Policy When One or More Classifiers Are Currently Using the Policy 5 59 QoS Queue Configuration seeeeen 5 62 Configuring the Number of Priority Queues 5 63 Viewing the QoS Queue Configuration 02 000 5 65 QoS Operating Notes and Restrictions 5 66 IP Multicast IGMP Interaction with QoS 5 68 6 Stack Management Contents ey oneen duin oem drerit Phe AS ERA BO ted Introduction to Stack Management s Stacking Support on ProCurve Switches 000005 Components of ProCurve Stack Management General Stacking Operation 00 0 cece eee eee Operating Rules for Stacking llle eens General Rules ipea ccc eee een Specific Rules 4 doves peu ER anes sees Configuring Stack Management esesss Overview of Configuring and Bringing Up a Stack General Steps for Creating a Stack uusu Using the Menu Interface To View Stack Status and Configure Stacking 00 cece eee eee eee ene Using the Menu Interface To View and Configure a Commander Switch 2 0 cece eee eee Using the Me
5. eese 2 17 Multiple VLAN Considerations 0 0 cece cence 2 18 Single Forwarding Database Operation 204 2 19 Example of an Unsupported Configuration and How To Correct It 2 20 Multiple Forwarding Database Operation 2 21 Configuring VLANS 0 ccc cee rh 2 22 Menu Configuring Port Based VLAN Parameters 2 22 To Change VLAN Support Settings 00 2 23 Adding or Editing VLAN Names useless esee 2 24 Adding or Changing a VLAN Port Assignment 2 26 CLI Configuring Port Based and Protocol Based VLAN Parameters 2 28 2 1 Static Virtual LANs VLANs Contents Web Viewing and Configuring VLAN Parameters 2 40 802 1Q VLAN Tagging seseees ee 2 A1 Special VLAN Types sssseeee hn 2 46 VLAN Support and the Default VLAN ssseseeeee eee 2 46 The Primary VLAN seseeeee e 2 46 The Secure Management VLAN 00 0 ee eee ee eee 2 47 Preparation occ LIS eee lee Ve 2 49 GonfiguratiOn vea RR pn RE E ERR ERE 2 50 Using DHCP to Obtain an IP Address 4 2 51 Deleting the Management VLAN seseeeeness 2 54 Operating Notes for Management VLANS 2 54 Voice VLANS nee e e e ra ate PT REC Tan 2 55 Operating Rules for Voice VLANS 000 eee 2 55 Components of Voice VLAN Operation
6. 4 63 Displaying the Change History of Root Bridges 4 63 Displaying Debug Counters for All MST Instances 4 66 Displaying Debug Counters for One MST Instance 4 67 Displaying Debug Counters for Ports in an MST Instance 4 69 Field Descriptions in MSTP Debug Command Output 4 71 Troubleshooting MSTP Operation 2 0 eee ee 4 74 5 Quality of Service QoS Managing Bandwidth More Effectively Contents 2 1 nh Bh ee a ARE AR Artie Soe 5 1 Introduction 2 ee ee V Ge eae ban Da as 5 3 Terminology 5 tte Ne RENEE LOSE Re ge a 5 6 OVERVIEW tos schae ed paad bead rd oed d ee bale peu aad 5 7 Classifiers for Prioritizing Outbound Packets 5 10 Packet Classifiers and Evaluation Order 5 10 Preparation for Configuring QoS sss 5 11 Preserving 802 1p Priority 00 02 cee cee ene 5 11 Steps for Configuring QoS on the Switch 0 0000 5 11 Viewing the QoS Configuration 0 00 cece eee ee 5 13 No Override 2 2 epo o ate Cere rece e ER A 5 13 Using QoS Classifiers to Configure Quality of Service for Outbound Traffic 5 15 QoS UDP TCP Priority sseseeeee IA 5 15 Assigning an 802 1p Priority Based on TCP or UDP Port Number or Range of Port Numbers 5 16 Operating Notes on Using Port Ranges 5 17 Assignin
7. ProCurve config stack auto join Enables Auto Join on a Candidate Using a Candidate CLI To Manually Push the Candidate Into a Stack Use this method if any of the following apply 6 37 Stack Management Configuring Stack Management m The Candidate s Auto Join is set to Yes and you do not want to enable Auto Grab on the Commander or the Candidate s Auto Join is set to No m Either you know the MAC address of the Commander for the stack into which you want to insert the Candidate or the Candidate has a valid IP address and is operating in your network Syntax stack join mac addr where lt mac addr gt is the MAC address of the Commander in the destination stack Use Telnet if the Candidate has an IP address valid for your network or a direct serial port connection to access the CLI for the Candidate switch For example suppose that a Candidate named North Sea with Auto Join off and a valid IP address of 10 28 227 104 is running on a network You could Telnet to the Candidate use show stack all to determine the Commander s MAC address and then push the Candidate into the desired stack MAC address ProCurve telnet 10 28 227 104 North Seaf show stack all MAC Address for Stacking Stacking Status f Stack Name MAC Addrezs Stack Commander Big Waters D 3 cl 7fec40 Commander Up 0060b0 880a80 Indian Ocean Member Up 0060b0 df1a00 Bering Sea Member Up D 3 el 7fe700 North S
8. 2 24 Static Virtual LANs VLANs Configuring VLANs Seesseeeseeeeee2ee 2 2 CONSOLE MANAGER MODE 22222222222 2 2 Switch Configuration VLAN VLAN Names Default VLAN a and VLAN ID Actions gt Back Add Edit Delete highlighted record Use up down arrow keys to change record selection left right arrow keys to change action selection and lt Enter gt to execute action Figure 2 14 The Default VLAN Names Screen 2 Press A for Add You will then be prompted for a new VLAN name and VLAN ID 802 10 VLAN ID 1 Name _ 3 Type ina VID VLAN ID number This can be any number from 2 to 4094 that is not already being used by another VLAN The switch reserves 1 for the default VLAN Remember that a VLAN must have the same VID in every switch in which you configure that same VLAN GVRP dynamically extends VLANs with correct VID numbering to other switches Refer to chapter 3 GVRP 4 Press i to move the cursor to the Name line and type the VLAN name up to 12 characters with no spaces of anew VLAN that you want to add then press Enter Avoid these characters in VLAN names amp and 5 Press S for Save You will then see the VLAN Names screen with the new VLAN listed 2 25 Static Virtual LANs VLANs Configuring VLANs Note Seesseessseeeeeeee 2 2 CONSOLE MANAGER MODE 2222222
9. Displays the current type of service priority configu ration The display output differs according to the ToS option used m IP Precedence Refer to figure 5 12 on page 5 30 m Diffserve Refer to figure 5 14 on page 5 34 protocol priority Displays the current protocol priority configuration vlan priority Displays the current VLAN priority configuration Refer to figure 5 22 on page 5 45 port priority Displays the current source port priority configura tion Refer to figure 5 27 on page 5 50 No Override By default the IP ToS Protocol VLAN ID and source port show outputs automatically list No override for priority options that have not been config ured This means that if you do not configure a priority for a specific option Quality of Service QoS Managing Bandwidth More Effectively Preparation for Configuring QoS QoS does not prioritize packets to which that option applies resulting in the No override state In this case IP packets received through a VLAN tagged port receive whatever 802 1p priority they carry in the 802 1Q tag in the packet s header VLAN Tagged packets received through an untagged port are handled in the switch with normal priority For example figure 5 3 below shows a qos VLAN priority output in a switch where non default priorities exist for VLANs 22 and 33 while VLAN 1 remains in the default configuration ProCurve config show qos vlan priority This output shows that n VLAN 1 i
10. show spanning tree Multiple Spanning Tree MST Information Switch s Spanning Tree Configuration NIRE PET Lm DIM and Identity of VLANs Configured in the STP Enabled Yes Switch for the IST Instance Force Version MSTP operation IST Mapped VLANs 1 66 Switch MAC Address 0004ea 5e2000 Switch Priority 32768 Identifies the overall spanning tree root Max Age 20 for the network Max Hops 20 Forward Delay 15 Lists the switch s MSTP root data for connectivity with other regions and STP or RSTP devices Topology Change Count 0 Time Since Last Change 2 hours Identifies the spanning tree root for the MAC Address IST Instance for the region Priority Path Cost Internal Spanning Tree Data IST Instance for the region in which the Switch Operates Regional Root MAC Address 00883 02830 Regional Root Priority 32768 Regional Root Path Cost 200000 Remaining Hops t 479 j Identifies the ports with BPDU protection and BPDU filtering enabled Protected Ports Filtered Ports Yes means the switch is operating the port as if itis connected to switch bridge or end node but nota hub Ad A7 A10 Prio Port Type rity State Designated Hello Bridge Time PtP Edge Al 100 10007 128 Forwarding 000883 028300 9 Yes No A2 100 100017 128 Blocked A3 100 1000717 128 Forwarding A4 100 1000717 128 Disabled A5 100 10001 128 Disabled 0001e7 948300 9
11. stack member 2 mac address 0060b0 dfla00 The show stack view command then lists the Member added by the above command ProCurve config show stack view Stack Members SN MAC Address System Name Device Type Status D 3 0ci 7fec4U0 35 0Uyl Commander Up i U 60b0 880a80 Indian Ocean 350Uyl Member Up 2 OO60b0 df1la00 Big Waters z 35 y1 Member Up Men SN Switch Number 2 is the The new member did not have a System Name new Member added by the configured prior to joining the stack and so receives a stack member command System Name composed ofthe stack name assigned in the Commander with its SN number as a suffix Figure 6 30 Example Showing the Stack After Adding a New Member Using Auto Join on a Candidate In the default configuration a Candi date s Auto Join parameter is set to Yes meaning that it will automatically join a stack if the stack s Commander detects the Candidate and the Com mander s Auto Grab parameter is set to Yes You can disable Auto Join on a Candidate if you want to prevent automatic joining in this case There is also the instance where a Candidate s Auto Join is disabled for example when a Commander leaves a stack and its members automatically return to Candidate status or if you manually remove a Member from a stack In this case you may want to reset Auto Join to Yes Status no stack auto join ProCurve config no stack auto join Disables Auto Join on a Candidate
12. Multiple Instance Spanning Tree Operation Configuring MSTP Per Port Parameters Configuring MSTP In an MSTP topology you configure per port parameters in the global config uration context In most cases ProCurve recommends that you use the default settings for these parameters and apply changes on a per port basis only where a non default setting is clearly indicated by the circumstances of individual links Some port parameters such as admin edge port affect all MSTI instances that consist of VLANs configured on the port other port parameters such as path cost affect only the specified MST Per Port Command spanning tree port list admin edge port auto edge port bpdu filter bpdu protection mcheck hello time global 1 10 gt path cost auto 200000000 point to point mac force true force false auto priority lt priority multiplier gt root guard tcn guard pvst protection pvst filter loop protection Page below 4 26 4 29 4 31 4 26 4 2 4 41 4 24 4 24 4 28 4 29 4 33 4 35 4 37 4 25 Multiple Instance Spanning Tree Operation Configuring MSTP Configuring Per Port Parameters Syntax no spanning tree lt port list gt admin edge port Enable admin edge port on ports connected to end nodes During spanning tree establishment ports with admin edge port enabled transition immediately to the forwarding state If a bridge or switch is detected on the seg
13. Path blocked for VLANs in instance 1 Figure 4 1 Example of a Multiple Spanning Tree Application 4 5 Multiple Instance Spanning Tree Operation 802 1s Multiple Spanning Tree Protocol MSTP Caution 802 1s Multiple Spanning Tree Protocol MSTP The 802 1D and 802 1w spanning tree protocols operate without regard to a network s VLAN configuration and maintain one common spanning tree throughout a bridged network Thus these protocols map one loop free logical topology on a given physical topology The 802 1s Multiple Spanning Tree protocol MSTP uses VLANs to create multiple spanning trees in a network which significantly improves network resource utilization while maintaining a loop free environment While the per VLAN spanning tree approach adopted by some vendors over comes the network utilization problems inherent in using STP or RSTP using a per VLAN technology with multiple VLANs can overload the switch s CPU MSTP on the switches covered in this guide complies with the IEEE 802 1s standard and extends STP and RSTP functionality to map multiple indepen dent spanning tree instances onto a physical topology With MSTP each spanning tree instance can include one or more VLANs and applies a separate per instance forwarding topology Thus where a port belongs to multiple VLANs it may be dynamically blocked in one spanning tree instance but forwarding in another instance This achieves load balancing across t
14. The no form of the command returns the switch to the default 802 1s native mode MSTP operation Syntax spanning tree legacy path cost Sets spanning tree to operate with 802 1d legacy path cost values Default 802 1t The no form of the command returns the switch to the default 602 It not legacy path cost values Syntax spanning tree hello time 1 10 gt If MSTP is running and the switch is operating as the CIST root for your network this command specifies the time in seconds between transmissions of BPDUSs for all ports on the switch configured with the Global option the default This parameter applies in MSTP RSTP and STP modes During MSTP operation you can override this global setting on a per port basis with this command spanning tree lt port list gt hello time lt 1 10 gt see page 4 27 Default 2 Syntax spanning tree max hops lt hop count gt This command resets the number of hops allowed for BPDUs in an MST region When an MSTP switch receives a BPDU it decrements the hop count setting the BPDU carries If the hop count reaches zero the receiving switch drops the BPDU Note that the switch does not change the message age and maximum age data carried in the BPDU as it moves through the MST region and is propagated to other regions Range 1 40 Default 20 Syntax spanning tree maximum age Sets the maximum age of received STP information before it is discarded Defaul
15. Within an MSTI there is one physical communication path between any two nodes regardless of how many VLANs belong to the MSTI Within an IST instance there is also one spanning tree across all VLANs belonging to the IST instance An MSTI comprises a unique set of VLANs and forms a single spanning tree instance within the region to which it belongs A dynamic VLAN learned by GVRP will always be placed in the IST instance and cannot be moved to any configured MST instance Starting in software release 13 x dynamically learned GVRP VLANs can be mapped to MSTIs and support MSTP load balancing In software release 13 x x and later you can preconfigure static and dynamic VLAN ID to MSTI mappings before the VLAN is created on the switch Later when the static VLAN ID is configured or a dynamic GVRP VLAN is learned the VLAN is automatically associated with the precon figured MSTI For more information refer to the spanning tree instance vlan command description on page 4 41 Communication between MST regions uses a single spanning tree If a port on a switch configured for MSTP receives a legacy STP 802 1D or RSTP 802 1w BPDU it automatically operates as a legacy port In this case the MSTP switch interoperates with the connected STP or RSTP switch as a separate MST region Within an MST region there is one logical forwarding topology per instance and each instance comprises a unique set of VLANs Where multiple paths exist b
16. instance mst config instance 1 16 ist Lists region instance I D and VLAN information for the specified pending instance mst config Lists region IST instance VLAN s numbered instances and assigned VLAN information for the pending MSTP configuration ProCurve show spanning tree pending instance 1 Pending MST Instance Configuration Information MST Configuration Name New Version 01 MST Configuration Revision 10 Instance ID 1 Mapped VLANs 1 22 Switch l config 4 show spanning tree pending mst config Pending MST Configuration Identifier Information MST Configuration Name New Version 01 MST Configuration Revision 10 IST Mapped VLANs 11 33 Instance ID Mapped VLANs Figure 4 27 Example of Displaying a Pending Configuration 4 62 Multiple Instance Spanning Tree Operation Troubleshooting an MSTP Configuration Troubleshooting an MSTP Configuration Command Page show spanning tree root history 4 63 show spanning tree debug counters 4 66 show spanning tree debug counters instance instance id gt 4 67 show spanning tree debug counters instance instance id 4 69 ports port list This section describes the show spanning tree commands that you can use to monitor troubleshoot and debug the operation of a multiple instance span ning tree configuration in your network Note that the show spanning tree commands described in this section allow youto troubleshoot M
17. tagged al a5 Similarly to change the tagged ports in the above examples to No or Auto if GVRP is enabled you could use either of the following commands At the global config level use ProCurve config no vlan 100 tagged al a5 Or At the VLAN 100 context level use ProCurve vlan 100 no tagged al a5 You cannot use these commands with dynamic VLANs Attempting to do so results in the message VLAN already exists and no change occurs 2 39 Static Virtual LANs VLANs Configuring VLANs Web Viewing and Configuring VLAN Parameters In the web browser interface you can do the following Add VLANs Rename VLANs Remove VLANs Configure VLAN tagging mode per port Configure GVRP mode Select a new Primary VLAN To configure other static VLAN port parameters you will need to use either the CLI or the menu interface available by Telnet from the web browser interface 1 Click on the Configuration tab 2 Click on Vlan Configuration 3 Click on Add Remove VLANs For web based Help on how to use the web browser interface screen click on the button provided on the web browser screen 2 40 Static Virtual LANs VLANs 802 10 VLAN Tagging 802 1Q VLAN Tagging General Applications The switch requires VLAN tagging on a given port if more than one VLAN of the same type uses the port When a port belongs to two or more VLANs of the same type they rema
18. 000010 1 000010 1 000101 5 000111 7 Figure 5 26 The Completed VID DSCP Priority Configuration The switch will now apply the DSCP policies in figure 5 26 to packets received on the switch with the specified VLAN IDs This means the switch will m Overwrite the original DSCPs in the selected packets with the new DSCPs specified in the above policies m Assign the 802 1p priorities in the above policies to the appropriate packets 5 48 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic QoS Source Port Priority QoS Classifier Precedence 6 The QoS source port option enables you to use a packet s source port on the switch as a QoS classifier Where a particular source port classifier has the highest precedence in the switch for traffic entering through that port then traffic received from the port is marked with the source port classifier s configured priority level Different source port classifiers can have different priority levels Options for Assigning Priority on the Switch Priority control options for packets from a specified source port include m 802 1p priority m DSCP policy Assigning a new DSCP and an associated 802 1p priority inbound packets must be IPv4 For operation when other QoS classifiers apply to the same traffic refer to Classifiers for Prioritizing Outbound Packets on page 5 10 Options for
19. DSCP Policy 802 1p Priority 101011 101100 101101 101110 101111 110000 110001 110010 110011 110100 110101 110110 110111 111000 111001 111010 111011 111100 111101 111110 111111 No override No override No override 7 No override No override No override No override No override No override No override No override No override No override No override No override No override No override No override No override No override Assured Forwarding codepoints configured by default on the switches covered in this guide These codepoints are configured as No override in the Series 3400cl Series 6400cl and Series 2600 2800 switches Expedited Forwarding codepoint configured by default Default Priority Settings for Selected Codepoints In a few cases such as 001010 and 001100 a default policy implied by the DSCP standards for Assured Forwarding and Expedited Forwarding is used You can change the priorities for the default policies by using qos dscp map codepoint gt priority 0 7 These policies are not in effect unless you have either applied the policies to a QoS classifier or configured QoS Type of Service to be in diff services mode 5 56 Quality of Service QoS Managing Bandwidth More Effectively Differentiated Services Codepoint DSCP Mapping Quickly Listing Non Default Codepoint Settings Table 5 9 lists the switch s default codepoint priority settings If yo
20. For an MSTI port the counter is the number of times that an MSTI configuration message with the TC flag set is received This counter is maintained on a per CIST per port and on a per MSTI per port basis Topology Change ACKs Number of times that the Topology Change acknowledgement is transmitted through the Tx port number of CFG RST or MST BPDUS transmitted with the Topology Change Acknowledge flag set This counter is maintained by the CIST default MST instance 0 on a per port basis Topology Change ACKs Number of times the Topology Change acknowledgement is received on the port number Rx of CFG RST or MST BPDUs received with the Topology Change Acknowledge flag set This counter is maintained by the CIST default MST instance 0 on a per port basis TCN BPDUs Tx Number of Topology Change Notification BPDUs that are transmitted through the port This counter is maintained by the CIST default MST instance 0 on a per port basis TCN BPDUs Rx Number of Topology Change Notification BPDUs that are received on the port This counter is maintained by the CIST default MST instance 0 on a per port basis CFG BPDUs Tx Number of 802 1D Configuration BPDUs that are transmitted through the port This counter is maintained by the CIST default MST instance 0 on a per port basis CFG BPDUs Rx Number of 802 1D Configuration BPDUs that are received on the port This counter maintained by the CIST default
21. In the default configuration stacking in the candidate state is enabled on the Series 3500yl switches and on the 6200yl switch Summary of Stacking Features Feature Default Menu CLI Web view stack status view status of a single switch n a page 6 26 page6 31 Refer to thru Online page 6 28 Help view candidate status n a page 6 31 view status of commander and its n a page 6 32 stack view status of all stacking enabled n a page 6 32 switches in the ip subnet configure stacking enable disable candidate Auto Join enabled Yes page6 15 page 6 37 push a candidate into a stack n a page 6 15 page 6 37 configure a switch to be a commander n a page 6 13 page 6 33 push a member into another stack n a page 6 24 page 6 39 remove a member from a stack n a page 6 21 page 6 40 Dads 6 41 pull a candidate into a stack n a page 6 17 page 6 36 pull a member from another stack n a page 6 19 page 6 38 convert a commander or member toa n a page 6 24 page 6 39 member of another stack access member switches for n a page 6 23 page 6 42 configuration and traffic monitoring disable stacking enabled page 6 15 page 6 44 transmission interval 60 seconds page 6 13 page 6 44 Stack Management Introduction to Stack Management Components of ProCurve Stack Management Table 6 1 Stacking Definitions Stack Consists of a Commander switch and any Member switches belonging to that Commander s stack Commander A switch that
22. MSTP Configuration show spanning tree port list config 4 59 show spanning tree port list config instance lt ist 1 16 gt 4 60 show spanning tree mst config 4 61 show spanning tree pending instance ist gt mst config gt 4 62 SNMP MIB Support for MSTP MSTP is a superset of the STP 802 1D and RSTP 802 1w protocols and uses the MIB objects defined for these two protocols 4 54 Multiple Instance Spanning Tree Operation Displaying MSTP Statistics and Configuration Displaying Global MSTP Status The following commands display the MSTP statistics for the connections between MST regions in a network Syntax show spanning tree This command displays the switch s global and regional spanning tree status plus the per port spanning tree operation at the regional level Note that values for the following parameters appear only for ports connected to active devices Designated Bridge Hello Time PtP and Edge Syntax show spanning tree lt port list gt This command displays the spanning tree status for the designated port s You can list data for a series of ports and port trunks by specifying the first and last port or trunk of any consecutive series of ports and trunks For example to display data for port A20 A24 and trk1 you would use this command show spanning tree a20 a42 trk1 4 55 Multiple Instance Spanning Tree Operation Displaying MSTP Statistics and Configuration ProCurve config
23. Oneprotocol VLAN where the VLAN includes four protocols Tagged VLAN Membership Routing A port can be a tagged member of any port based VLAN See above The switch can internally route IP IPv4 traffic between port based VLANs and between port based and IPv4 protocol based VLANs if the switch configuration enables IP routing If the switch is not configured to route traffic internally between port based VLANs then an external router must be used to move traffic between VLANs A port can be a tagged member of any protocol based VLAN See above If the switch configuration enables IP routing the switch can internally route IPv4 traffic as follows Between multiple IPv4 protocol based VLANs Between IPv4 protocol based VLANs and port based VLANs Other protocol based VLANs require an external router for moving traffic between VLANs Note NETbeui and SNA are non routable protocols End stations intended to receive traffic in these protocols must be attached to the same physical network Commands for Configuring Static VLANs vlan VID tagged untagged e port list gt vlan lt VID gt protocol lt ipx ipv4 ipv6 arp appletalk sna netbeui gt vlan lt VID gt tagged untagged lt e port list gt VLAN Environments You can configure different VLAN types in any combination Note that the default VLAN will always be present For more on the default VLAN refer to
24. Specify a single port number a range of ports for example a1 a16 or all detail Displays detailed VLAN membership information on a per port basis 2 30 Static Virtual LANs VLANs Configuring VLANs Descriptions of items displayed by the command are provided below Port name The user specified port name if one has been assigned VLAN ID The VLAN identification number or VID Name The default or specified name assigned to the VLAN For a static VLAN the default name consists of VLAN x where x matches the VID assigned to that VLAN For a dynamic VLAN the name consists of GVRP x where x matches the applicable VID Status Port Based Port Based static VLAN Protocol Protocol Based static VLAN Dynamic Port Based temporary VLAN learned through GVRP Voice Indicates whether a port based VLAN is configured as a voice VLAN Jumbo Indicates whether a VLAN is configured for Jumbo packets For more on jumbos refer to the chapter titled Port Traffic Controls in the Management and Configuration Guide for your switch Mode Indicates whether a VLAN is tagged or untagged Figure 2 19 is an example of the output when the detail option is not used ProCurve show vlan ports al a33 ace and Counters VLAN Information for ports al a 802 10 VLAN ID Name DEFAULT VLAN Port based VLAN 10 Port based VL N 15 Port based VL N 20 Protocol GVRP 33 Dynamic Figure 2 19 Exampl
25. The no form disables the management VLAN and returns the switch to its default management operation Default Disabled In this case the VLAN returns to standard VLAN operation For example suppose you have already configured a VLAN named My_VLAN with a VID of 100 Now you want to configure the switch to do the following m Use My_VLAN as a Management VLAN tagged in this case to connect port Al on switch A to a management station The management station includes a network interface card with 802 1Q tagged VLAN capability m Use port A2 to extend the Management VLAN to port B1 which is already configured as a tagged member of My_VLAN on an adjacent Procurve switch that supports the Management VLAN feature Switch Switch A nu B Figure 2 31 Illustration of Configuration Example ProCurve config management vlan 100 ProCurve config vlan 100 tagged al ProCurve config vlan 100 tagged a2 2 50 Static Virtual LANs VLANs Special VLAN Types Using DHCP to Obtain an IP Address You can use DHCP to obtain an IPv4 address for your Management VLAN or a client on that VLAN The following examples illustrate when an IP address will be received from the DHCP server 1 IfBlue VLAN is configured as the Management VLAN and the DHCP serveris also on Blue VLAN Blue VLAN receives an IP address Because DHCP Relay does not forward onto or off of the Managem
26. To access the North Sea console you would then execute the following telnet command ProCurve config telnet 3 You would then see the CLI prompt for the North Sea switch allowing you to configure or monitor the switch as if you were directly connected to the console 6 42 Stack Management Configuring Stack Management SNMP Community Operation in a Stack Community Membership In the default stacking configuration when a Candidate joins a stack it automatically becomes a Member of any SNMP community to which the Commander belongs even though any community names configured in the Commander are not propagated to the Member s SNMP Communities listing However if a Member has its own optional IP addressing it can belong to SNMP communities to which other switches in the stack including the Commander do not belong For example P The Commander and all Members of the stack Commander Switch belong to the blue and red communities Only switch IP Addr 10 31 29 100 3 belongs to the gray community Switches 1 2 and Community Names 3 belong to the public community blue red If Member Switch 1 ceases to be a stack Member it still belongstothe public SNMP community because it has IP addressing of its own But with the loss of Member Switch 1 Member Switch 3 stack Membership Switch 1 loses membership in IP Addr 10 31 29 18 IP Addr 10 31 29 15 the blue and red communities because they are not Com
27. VLAN Support and the Default VLAN on page 2 46 Static Virtual LANs VLANs Static VLAN Operation Table 2 2 VLAN Environments VLAN Environment Elements The default VLAN port based In the default VLAN configuration all ports belong to VLAN VID of 1 Only 1as untagged members VLAN 1 is a port based VLAN for IPv4 traffic Multiple VLAN Environment In addition to the default VLAN the configuration can include one or more other port based VLANs and one or more protocol VLANs The switches covered in this guide allow up to 2048 vids up to 4094 VLANs of all types Using VLAN tagging ports can belong to multiple VLANs of all types Enabling routing on the switch enables the switch to route IPv4 traffic between port based VLANs and between port based VLANs and IPv4 protocol VLANs Routing other types of traffic between VLANs requires an external router capable of processing the appropriate protocol s VLAN Operation The Default VLAN In figure 2 1 all ports belong to the default VLAN and devices connected to these ports are in the same broadcast domain Except for an IP address and subnet no configuration steps are needed Figure 2 1 Example of a Switch in the Default VLAN Configuration Multiple Port Based VLANs In figure 2 2 routing within the s
28. You can configure downstream devices to read and use this policy This method is not dependent on VLAN tagged ports to carry priority policy to downstream devices and can Change the codepoint the upper six bits in the ToS byte Set a new 802 1p priority for the packet Setting DSCP policies requires IPv4 inbound packets Refer to the Pv4 entry under Terminology on page 5 6 e 802 1p Priority Rules An outbound VLAN tagged packet carries an 802 1p priority setting that was configured or preserved in the switch This priority setting ranges from 0 to 7 and can be used by downstream devices having up to eight outbound port queues Thus while packets within the switch move at the eight priority levels shown in table 5 1 above they still can carry an 802 1p priority that can be used by downstream devices having more orless than the eight priority levels in the switches covered in this guide Also if the packet enters the switch with an 802 1p priority setting QoS can override this setting if configured with an 802 1p priority rule to do so If your network uses only one VLAN and therefore does not require VLAN tagged ports you can still preserve 802 1p priority settings in your traffic by configuring the ports as tagged VLAN members on the links between devices you want to honor traffic priorities You can configure a QoS priority of 0 through 7 for an outbound packet When the packet is then sent to a port the
29. any QoS classifiers to use it ProCurve config show qos dscp map DSCP 802 p priority mappings DSCP policy 802 1p tag Policy name 000000 No override 000001 No override 000010 No override The DSCPs for this 000011 No override example have not yet 000100 No override been assigned an Co00101 No override 802 1p priority level 000110 No override Cooo0111 No override Figure 5 29 Display the Current Configuration in the DSCP Policy Table 2 Configure the priorities for the DSCPs you want to use ProCurve config qos dscp map 000111 priority 7 ProCurve config qos dscp map 000101 priority 5 ProCurve configi qos dscp map 000010 priority 1 ProCurve config f show qos dscp map DSCP 802 p priority mappings DSCP policy 802 1p tag Policy name 000000 No override 000001 No override 1 000010 000011 No override Priorities 000100 No override Configured in 000101 5 000110 No override 000111 7 001000 No override this step Figure 5 30 Assign Priorities to the Selected DSCPs 5 53 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic 9 Assign the DSCP policies to the selected source ports and display the result ProCurve eth A2 int e b4 c2 ProCurve eth B4 C2 4 gos dscp 000010 roCurve eth B4 C2 f int e bl b3 ProCurve eth B1 B3 qos dscp 000101 roCurve eth B1 B3
30. if GVRP were enabled port based only Auto would appear instead of No Note VLAN configurations on ports connected by the same link must match Because ports X2 and Y5 are opposite ends of the same point to point connec tion both ports must have the same VLAN configuration that is both ports configure the Red VLAN as Untagged and the Green VLAN as Tagged 2 45 Static Virtual LANs VLANs Special VLAN Types Special VLAN Types VLAN Support and the Default VLAN In the factory default configuration VLAN support is enabled and all ports on the switch belong to the port based default VLAN named DEFAULT VLAN This places all ports in the switch into one physical broadcast domain In the factory default state the default VLAN is also the Primary VLAN You can partition the switch into multiple virtual broadcast domains by configuring one or more additional VLANs and moving ports from the default VLAN to the new VLANs The switch supports up to 2048 vids numbered up to 4094 static and dynamic VLANs You can change the name of the default VLAN but you cannot change the default VLAN s VID which is always 1 Although you can remove all ports from the default VLAN by placing them in another port based VLAN this VLAN is always present that is you cannot delete it from the switch For details on port VLAN settings refer to Configuring Static VLAN Per Port Settings on page 2 38 The Primary VLAN Beca
31. s traffic For more detail on Auto see Per Port Options for Dynamic VLAN Advertising and Joining on page 3 9 Ignore the advertisement for that VID Don t participate in that VLAN Note also that a port belonging to a Tagged or Untagged static VLAN has these configurable options 3 6 GVRP Per Port Options for Handling GVRP Unknown VLANs m Send VLAN advertisements and also receive advertisements for VLANs on other ports and dynamically join those VLANs m Send VLAN advertisements but ignore advertisements received from other ports m Avoid GVRP participation by not sending advertisements and dropping any advertisements received from other devices IP Addressing A dynamic VLAN does not have an IP address and moves traffic on the basis of port membership in VLANs However after GVRP creates a dynamic VLAN you can convert it to a static VLAN Note that it is then necessary to assign ports to the VLAN in the same way that you would for a static VLAN that you created manually In the static state you can configure IP addressing on the VLAN and access it in the same way that you would any other static manually created VLAN Per Port Options for Handling GVRP Unknown VLANs An unknown VLAN is a VLAN that the switch learns of by receiving an advertisement for that VLAN on a port that is not already a member of that VLAN If the port is configured to learn unknown VLANs then the VLAN is dynamically created
32. the operation of attached hosts that use existing routers as their default gateway to route traffic between VLANs You can achieve seamless VLAN migration by configuring the MAC address of the previously installed router on the VLAN interfaces of a ProCurve routing switch VLAN MAC Address Reconfiguration The ProCurve switches covered by this guide use one unique MAC address for all VLAN interfaces If you assign an IP address to a VLAN interface ARP resolves the IP address to the MAC address of the routing switch for all incoming packets The Layer 3 VLAN MAC Configuration feature allows you to reconfigure the MAC address used for VLAN interfaces using the CLI Packets addressed to the reconfigured Layer 3 MAC address such as ARP and IP data packets are received and processed by the ProCurve routing switch Packets transmitted from the routing switch packets originating from the router and forwarded packets use the original ProCurve MAC address as the source MAC address in Ethernet headers ARP reply packets use the reconfigured MAC address in both the m ARP Sender MAC address field m Source MAC address field in the Ethernet frame header When you reconfigure the MAC address on a VLAN interface you may also specify a keepalive timeout to transmit heartbeat packets that advertise the new MAC address By configuring the MAC address of the previously installed router as the MAC address of each VLAN interface on a ProCurve switch yo
33. to select Stack Configuration DEFAULT_CONFIG Stacking Stack Configuration Stack State Candidate Auto Join Yes Yes Transmission Interval 60 60 Actions gt Edit Save Help Cancel changes and return to previous screen Use arrow keys to change action selection and Enter to execute action Figure 6 6 The Default Stack Configuration Screen 6 13 Stack Management Configuring Stack Management 4 Use arrow keys to change field selection lt Space gt to toggle field choices and lt Enter gt to go to Actions Move the cursor to the Stack State field by pressing E for Edit Then use the Space bar to select the Commander option Press the downarrow key to display the Commander configuration fields in the Stack Configuration screen DEFAULT CONFIG CONSOLE MANAGER MODE zu eeeee Stacking Stack Configuration Stack State Commander Stack Name Auto Grab No No Transmission Interval 60 60 Actions gt Cancel Edit Save Help Figure 6 7 The Default Commander Configuration in the Stack Configuration Screen Enter a unique stack name up to 15 characters no spaces and press the downarrow key Ensure that the Commander has the desired Auto Grab setting then press the downarrow key e No the default prevents automatic joining of Candidates that have their Auto Join set
34. trunks or redundant links using these ports If you suddenly have a high load disconnect the link and disable the bpdu filter using the no command Command Syntax and Example The following command is used to configure BPDU filters Syntax no spanning tree port list all bpdu filter Enables disables the BPDU filter feature on the specified port s The bpdu filter option forces a port to always stay in the forwarding state and be excluded from standard STP operation 4 29 Multiple Instance Spanning Tree Operation Configuring MSTP For example to configure BPDU filtering on port a9 enter ProCurve config spanning tree a9 bpdu filter Viewing BPDU Filtering The spanning tree show lt port gt configuration command displays the BPDU s filter state ProCurve config show spanning tree a9 config Column showing BPDU filter status Prio Admin Auto Admin Hello Root TCN BPDU Type rity Edge Edge PtP Time Guard Guard Flt A9 100 1000T 128 o Yes True Global No No Yes Figure 4 5 Example of BPDU Filter in Show Spanning Tree Configuration Command BPDU filters per port are displayed as separate entries of the spanning tree category within the configuration file ProCurve config show configuration spanning tree Rows showing ports with BPDU filters enabled Spanning tree A9 bpdu filte spanning tree C7 bpdu filtey spanning tree Trk2 priority 4 Figure 4 6 Example of B
35. 10 tagged VLANs enable the use of one trunked link for both VLANs Switch B gt Figure 4 4 Example of Using a Trunked Link To Support Multiple VLAN Connectivity within the Same MST Instance All switches in a region should be configured with the VLANs used in that region and all ports linking MSTP switches together should be members of all VLANs in the region Otherwise the path to the root for a given VLAN will be broken if MSTP selects a spanning tree through a link that does not include that VLAN Terminology BPDU Acronym for bridge protocol data unit BPDUs are data messages that are exchanged between the switches within an extended LAN that use a spanning tree protocol topology BPDU packets contain information on ports addresses priorities and costs and ensure that the data ends up where it was 4 12 Multiple Instance Spanning Tree Operation 802 1s Multiple Spanning Tree Protocol MSTP intended to go BPDU messages are exchanged across bridges to detect loops in a network topology The loops are then removed by placing redundant switch ports in a backup or blocked state BPDU Filtering Spanning tree configuration mode that prevents the switch from receiving and transmitting BPDU frames on a specific port see page 4 29 for details BPDU Protection Spanning tree configuration mode which disables a port where BPDU frames are receiv
36. 2000000 100 Mbps 200000 1 Gbps 20000 Default Auto 4 42 Multiple Instance Spanning Tree Operation Configuring MSTP Syntax spanning tree instance lt 1 16 gt lt port list gt priority lt priority multiplier gt This command sets the priority for the specified port s in the specified MST instance For a given port the priority setting can be d fferent for different MST instances to which the port may belong The priority range for a port in a given MST instance is 0 255 However this command specifies the priority as a multiplier 0 15 of 16 That is when you specify a priority multiplier of 0 15 the actual priority assigned to the switch is priority multiplier x 16 For example if you configure 2 as the priority multiplier on a given port in an MST instance then the actual Priority setting is 32 Thus after you specify the port priority multiplier in an instance the switch displays the actual port priority and not the multiplier in the show spanning tree instance 1 16 gt or show spanning tree lt port list gt instance 1 16 gt displays You can view the actual multiplier setting for ports in the specified instance by executing show running and looking for an entry in this format spanning tree instance lt 1 15 gt lt port list gt priority lt priority multiplier For example configuring port A2 with a priority multiplier of 3 in instance 1 results in th
37. 3 5 Example Showing Default Settings for Handling Advertisements 9 Usethe arrow keys to select the port you want and the Space bar to select Unknown VLAN option for any ports you want to change When you finish making configuration changes press Enter then S for Save to save your changes to the Startup Config file CLI Viewing and Configuring GVRP GVRP Commands Used in This Section show gvrp below gvrp page 3 15 unknown vlans page 3 15 Displaying the Switch s Current GVRP Configuration This command shows whether GVRP is disabled along with the current settings for the maximum number of VLANs and the current Primary VLAN For more on the last two parameters see chapter 2 Static Virtual LANs VLANS Syntax show gvrp Shows the current settings 3 14 GVRP Configuring GVRP On a Switch roCurve gt show gvrp GVRP support Maximum VLANs to support 6 Primary VLAN DEFAULT _VLAN GVRP Enabled No Figure 3 6 Example of Show GVRP Listing with GVRP Disabled ProCurve gt show gvrp GVRP support Maximum VLANs to support 8 Primary VLAN DEFAULT VLAN GVRP Enabled Yes Port Type Unknown VLAN 10 100TX 10 100TX 10 100TX 10 100TX Learn Block This example includes non default settings for Disable the Unknown VLAN field 10 100TX 10 100TX Learn Learn a 10 100TX Disable for some ports Figure 3 7 Example of Show GVRP Listing wit
38. 4 routing protocol VLANs 2 5 secure management 2 47 security network 2 4 See also GVRP show vlan ports detail 2 30 single forwarding database 2 18 static 2 4 2 6 2 22 2 28 2 47 subnet 2 4 switch capacity 2 4 tagging 2 41 2 43 unknown VLAN 3 11 untagged 2 12 2 27 untagged operation 2 16 VID 2 4 2 43 VID default VLAN 2 46 voice 2 5 2 30 2 31 2 33 2 57 voice configuration 2 97 voice configuring 2 29 voice VLAN type 2 14 web browser configuration 2 40 VLAN already exists message 2 39 VLAN dynamic 4 15 VLANs static 802 1s spanning tree 4 8 voice VLAN See VLAN VoIP See VLAN voice WwW warranty l ii write memory 3 18 Index 7 8 Index ProCurve Networking by HP Copyright 2007 2008 Hewlett Packard Development Company L P January 2008 Manual Part Number 5991 6197
39. 4 17 Detailed descriptions of the MSTP commands and parameters referenced below are provided in the following sections 1 Configure MSTP global parameters This step involves configuring the following e Required parameters for MST region identity Region Name spanning tree config name Region Revision Number spanning tree config revision e Optional MSTP parameter changes for region settings ProCurve recommends that you leave these parameters at their default settings for most networks See the Caution on page 4 9 The maximum number of hops before the MSTP BPDU is dis carded spanning tree max hops default 20 Force Version operation spanning tree force version Forward Delay spanning tree forward delay A Hello Time if it is the root device spanning tree hello time Maximum age to allow for STP packets before discarding spanning tree maximum age 4 18 Multiple Instance Spanning Tree Operation Configuring MSTP Device spanning tree priority Specifies the priority value used along with the switch MAC address to determine which device is root The lower a priority value the higher the priority spanning tree priority Configure per port parameters ProCurve recommends that you use the default settings for these param eters and apply changes on a per port basis only where a non default setting is clearly indicated by the circumstances of individual links Other features you might consi
40. 5 Stack Status Environments Screen Name Stack Status This Switch Stack Status All Commander Member Candidate Commanders stacking e Member s stacking configuration Candidate s stacking configuration e Member Status configuration e Data on stack Members pata identifying Member s Switch Number Commander MAC Address Commander Status System Name Commander IP Address Device Type Commander MAC Address Status Lists devices by stackname Same as for Commander Same as for or Candidate status if device Commander is not a stack Member Includes e Stack Name MAC Address System Name Status 6 25 Stack Management Configuring Stack Management Using Any Stacked Switch To View the Status for All Switches with Stacking Enabled This procedure displays the general status of all switches in the IP subnet broadcast domain that have stacking enabled 1 Gotothe console Main Menu for any switch configured for stacking and select 9 Stacking 2 Stacking Status All You will then see a Stacking Status screen similar to the following For status descriptions see the table on page 6 45 Pacific Ocean 2 2 222222222 CONSOLE MANAGER MODE 225222222222222d 2 Stacking Stacking Status 411 Stack Name Mac Address System Name Status DO60bO0 dfiaO00 Coral Sea Member Up 080009 8c5080 North Atlantic Member Up Newstack 001083 c3fcO0 Newstack 0O
41. A text string using the hexadecimal representation of the switch s MAC address The no form of the command overwrites the currently configured name with the default name Note This option is available only when the switch is configured for MSTP operation Also there is no defined limit on the number of regions you can configure 4 20 Multiple Instance Spanning Tree Operation Configuring MSTP Syntax spanning tree config revision revision number This command configures the revision number you designate Jor the MST region in which you want the switch to reside This setting must be the same for all switches residing in the same region Use this setting to differentiate between region configurations in situations such as the following Changing configuration settings within a region where you want to track the configuration versions you use Creating anew region from a subset of switches in a current region and want to maintain the same region name Using the pending option to maintain two different configuration options for the same physical region Note that this setting must be the same for all MSTP switches in the same MST region Range 0 65535 Default 0 Note This option is available only when the switch is configured for MSTP operation Syntax spanning tree force version stp compatible rstp operation mstp operation Sets the spanning tree compatibility mode This command forces the switch to emu
42. Changing the VLAN Name 2 35 Static Virtual LANs VLANs Configuring VLANs Creating a New Static VLAN Port Based or Protocol Based Changing the VLAN Context Level Thevlan vid command operates in the global configuration context to either configure a static VLAN and or take the CLI to the specified VLAN s context Syntax vlan lt vid ascii name string gt no vlan vid If vid gt does not exist in the switch this command creates a port based VLAN with the specified vid If the command does not include options the CLI moves to the newly created VLAN context If you do not specify an optional name the switch assigns a name in the default format NLANn where n is the vid assigned to the VLAN If the VLAN already exists and you enter either the vid or the ascii name string the CLI moves to the specified VLAN s context The no form of the command deletes the VLAN as follows fone or more ports belong only to the VLAN to be deleted the CLI notifies you that these ports will be moved to the default VLAN and prompts you to continue the deletion For member ports that also belong to another VLAN there is no move prompt protocol lt ipx ipv4 ipv6 arp appletalk sna netbeui gt Configures a static protocol VLAN of the specified type If multiple protocols are configured in the VLAN then the no form removes the specified protocol from the VLAN If a proto col VLAN is
43. Commander Up 080009 918f80 Newstack 1 Member Up 0060b0 df2a00 Newstack 2 Member Up Others 001083 3cO09cO0 DEFAULT CONFIG Candidate 0060b0 e94300 DEFAULT CONFIG Candidate 080009 918f80 DEFAULT CONFIG Candidate Actions gt Next page Prev page Help Return to pr Ou reen Use up down arrow keys to scroll to other entries left right arrow keys to change action selection and Enter to execute action Figure 6 18 Example of Stacking Status for All Detected Switches Configured for Stacking Viewing Commander Status This procedure displays the Commander and stack configuration plus information identifying each stack member To display the status for a Commander go to the console Main Menu for the switch and select 9 Stacking 1 Stacking Status This Switch 6 26 Stack Management Configuring Stack Management You will then see the Commander s Stacking Status screen Pacific Ocean CONSOLE MANAGER MODE Stacking Stacking Status This Switch Stack State Commander Transmission Interval 60 Stack Name Big Waters Number of members E uto Grab No Members unreachable 0 Device Type Status Pacific an 2512 Commander Up 0060b0 dfia00 Coral Sea 3500y1 Member Up D80009 8c5080 North atlantic 3500y1 Member Up Actions Back Return to previous Use arrow keys to change action selection and Enter to execute action Figure 6 19 Example of the Commander s St
44. Eliminates the Test stack and converts api the Commander to a Candidate ProCurve config no stack name Test Helps you to identify the MAC address ofthe ProCurve config show stack all Commander for the Big_Waters stack Stacking Stacking Status All Stack Commander MAC Address ay Status Big Waters 030el1 7fc 700 3500y1l Commander Up OO60b0 889e00 Big Waters 1 Member Up Others OO30cl Ftec40 3500y1 Candidate ProCurve config stack join 0030c1 7 fc708 Adds the former Test Commander to the Big Waters stack Figure 6 33 Example of Command Sequence for Converting a Commander to a Member Using the CLI To Remove a Member from a Stack You can remove a Member from a stack using the CLI of either the Commander or the Member Note When you remove a Member from a stack the Member s Auto Join parameter is set to No Using the Commander CLI To Remove a Stack Member This option requires the switch number SN and the MAC address of the switch to remove Because the Commander propagates its Manager password to all stack members knowing the Manager password is necessary only for gaining access to the Commander Syntax no stack member switch num mac address mac addr 6 40 Stack Management Configuring Stack Management Use show stack view to list the stack Members For example suppose that you wanted to use the Commander to remove the North Sea Member from the following stack
45. MST instance 0 on a per port basis 4 73 Multiple Instance Spanning Tree Operation Troubleshooting an MSTP Configuration Field Description RST BPDUs Tx Number of 802 1w RST BPDUs that are transmitted through the port This counter is maintained by the CIST default MST instance 0 on a per port basis RST BPDUs Rx Number of 802 1w RST BPDUs that are received on the port This counter is maintained by the CIST default MST instance 0 on a per port basis MST BPDUs Tx Number of 802 1s MST BPDUs that are transmitted through the port This counter is maintained by the CIST default MST instance 0 on a per port basis MST BPDUs Rx Number of 802 1s MST BPDUs that are received on the port This counter is maintained by the CIST default MST instance 0 on a per port basis MSTI MSGs Tx Number of times that a configuration message for a specific MSTI was encoded in 802 1s MST BPDUsthatare transmitted through the port This counter is maintained on a per MSTI per port basis MSTI MSGs Rx Number of times that the MSTI detected a configuration message destined to the MSTI in 802 1s MST BPDUs received on the port This counter is maintained on a per MSTI per port basis Troubleshooting MSTP Operation Table 4 2 Troubleshooting MSTP Operation Problem Possible Cause Duplicate packets on a VLAN or packets not The allocation of VLANs to MSTIs may not be identical among all arriving on a LAN at
46. Multiple Instance Spanning Tree Operation Configuring MSTP Configuring MSTP Operation Mode and Global Settings The commands in this section apply at the switch global level For details of how to configure spanning tree settings on individual ports see Configuring MSTP Per Port Parameters on page 4 25 MSTP Global Command Page spanning tree 9 config name ascii string 4 20 config revision revision number 4 21 force version stp compatible rstp operation mstp operation gt 4 21 forward delay 4 22 hello time lt 1 10 gt 4 22 legacy mode 4 22 legacy path cost 4 22 max hops hop count 4 22 maximum age 4 22 pending 4 23 priority 4 24 trap errant bpdu 4 24 Enabling MSTP operation using the spanning tree global command is the final step in the configuration process See Enabling or Disabling Spanning Tree Operation on page 4 45 Syntax no spanning tree config name ascii string This command resets the configuration name of the MST region in which the switch resides This name can include up to 32 nonblank characters and is case sensitive On all switches within a given MST region the configuration names must be identical Thus if you want more than one MSTP switch in the same MST region you must configure the identical region name on all such switches If you retain the default configuration name on a switch it cannot exist in the same MST region with another switch Default Name
47. Multiple VLAN Considerations 0 0 6 cence eee 2 18 Single Forwarding Database Operation 0 000 cee 2 19 Example of an Unsupported Configuration and How To Correct It 2 20 Multiple Forwarding Database Operation sss 2 21 Configuring VLANS eseeeeee hn 2 22 Menu Configuring Port Based VLAN Parameters 2 22 To Change VLAN Support Settings 0 2 23 Adding or Editing VLAN Names 020 eee eeee 2 24 Adding or Changing a VLAN Port Assignment 2 26 CLI Configuring Port Based and Protocol Based VLAN Parameters 2 28 Web Viewing and Configuring VLAN Parameters 2 40 802 1Q VLAN Tagging 0 ccc teens 2 41 Special VLAN Types 0 ccc n 2 46 VLAN Support and the Default VLAN 0 00000 2 46 The Primary VLAN 5 9 mensure Re oot eet ton ee ak 2 46 The Secure Management VLAN 00 02 ee eee eee eee 2 47 Preparation un ene med het er aie bt RR E E 2 49 Configuration nmi xke RARE READ E C EPA RUE 2 50 Using DHCP to Obtain an IP Address sues 2 51 Deleting the Management VLAN 2 0 00 000s 2 54 Operating Notes for Management VLANS 2 54 VOICE VLANS goo eee AAR Sy Lee p USUS Seas 2 55 Operating Rules for Voice VLANS 2 00 eee 2 55 Components of Voice VLAN Operation
48. No override 000111 No override Figure 5 16 Display the Current DSCP Map Configuration 2 Configure the policies in the DSCP table ProCurve config qos dscp map 000010 priority 6 name Level 6 ProCurve config qos dscp map 000101 priority 4 name Level 4 ProCurve config show qos dscp nmap DSCP 802 p priority mappings DSCP policy 802 1p tag Policy name 000000 No override 000001 No override 000010 6 000011 No override 000100 No override 000101 4 Level 4 000110 No override 000111 No override Figure 5 17 Example of Policies Configured with Optional Names in the DSCP Table 5 37 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic 9 Assign the policies to the codepoints in the selected packet types ProCurve config qos type of service diff services 001100 dscp 000010 ProCurve config qos type of service diff services 001101 dscp 000101 ProCurve config show qos type of service Tvpe of Service Disabled Differentiated Services Codepoint DSCP Policy Priority 000001 Con0010 000011 000100 Conul 000110 No override 000111 No override 001000 No override met No overtride The specified DSCP policies 001011 No override overwrite the original DSCPs No override 6D No override No override 000000 No override
49. Note that Spanning Tree operates differently in different devices For exam ple in the obsolete non 802 1Q ProCurve Switch 2000 and the ProCurve Switch 800T Spanning Tree operates on a per VLAN basis allowing redundant physical links as long as they are in separate VLANs Static Virtual LANs VLANs Effect of VLANs on Other Switch Features IP Interfaces There is a one to one relationship between a VLAN and an IP network inter face Since the VLAN is defined by a group of ports the state up down of those ports determines the state of the IP network interface associated with that VLAN When a port based VLAN or an IPv4 or IPv6 protocol based VLAN comes up because one or more of its ports is up the IP interface for that VLAN is also activated Likewise when a VLAN is deactivated because all of its ports are down the corresponding IP interface is also deactivated VLAN MAC Address The switches covered by this guide have one unique MAC address for all of their VLAN interfaces You can send an 802 2 test packet to this MAC address to verify connectivity to the switch Likewise you can assign an IP address to the VLAN interface and when you Ping that address ARP will resolve the IP address to this single MAC address In a topology where a switch has multiple VLANs and must be connected to a device having asingle forwarding database such as the Switch 4000M some cabling restrictions apply For more on this topic refer to Mult
50. Packet Criteria and Restrictions for QoS Support on page 5 66 Options for Assigning Priority Priority control options for TCP or UDP packets carrying a specified TCP or UDP port number include m 802 1p priority m DSCP policy Assigning a new DSCP and an associated 802 1p priority inbound packets must be IPv4 For a given TCP or UDP port number you can use only one of the above options at a time However for different port numbers you can use different options 5 15 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic TCP UDP Port Number Ranges There are three ranges m Well Known Ports 0 1023 m Registered Ports 1024 49151 m Dynamic and or Private Ports 49152 65535 For more information including a listing of UDP TCP port numbers go to the Internet Assigned Numbers Authority IANA website at www iana org Then click on Protocol Number Assignment Services P Under Directory of General Assigned Numbers heading Port Numbers Assigning an 802 1p Priority Based on TCP or UDP Port Number or Range of Port Numbers This option assigns an 802 1p priority to IPv4 TCP or UDP packets as described below Syntax qos lt udp port tcp port gt lt tcp or udp port number gt priority lt 0 7 gt Configures an 802 1p priority for outbound packets having the specified TCP or UDP application port number Thi
51. ProCurve canfigi show stack view Stack Members SN MAC Address System Name Device Type Status Remove this Member 0030e1 7fec40 3500yl Commander Up from the stack G060b0 880a80 Indian Ocean 350071 Member Up 0060b0 dfla00 Bering Sea 35 0v1 Member Up 030cs1 7fe700 North sea 350071 Member Up Figure 6 34 Example of a Commander and Three Switches in a Stack You would then execute this command to remove the North Sea switch from the stack ProCurve config no stack member 3 mac address 0030c1 7fc700 where e 3isthe North Sea Member s switch number SN e 0030c1 7 c700 is the North Sea Member s MAC address Using the Member s CLI To Remove the Member from a Stack Syntax no stack join lt mac addr gt To use this method you need the Commander s MAC address which is available using the show stack command in the Member s CLI For example CLI for North Sea North Sea config show stack Stack Member Stacking Stacking Status This Switch Stack State Member Transmission Interval 10 Switch Number 3 Stack Name Big Waters MAC Address ofthe Member Status Joined Successfully Commander for the Stack to Which the Commander Status Commander Up North Sea Switch M Commander IP Address 10 28 227 103 Belongs Commander MAC Address OO30c1 7fec40 Figure 6 35 Example of How To Identify the Commander s MAC Address from a Member Switch 6 41 Stack Management Configuring
52. Stack Listing with Two Stacks in the Subnet You would then execute the following command to pull the desired switch into the new stack ProCurve config stack member 1 mac address 0060b0 dfla00 Where 1 is an unused switch number SN Since a password is not set on the Candidate a password is not needed in this example You could then use show stack all again to verify that the move took place Using a Member CLI To Push the Member into Another Stack You can use the Member s CLI to push a stack Member into a destination stack if you know the MAC address of the destination Commander Syntax stack join lt mac addr gt where mac addr gt is the MAC address of the Commander for the destination stack Converting a Commander to a Member of Another Stack Removing the Commander from a stack eliminates the stack and returns its Members to the Candidate pool with Auto Join disabled 6 39 Stack Management Configuring Stack Management Syntax no stack name lt stack name stack join mac address If you don t know the MAC address of the destination Commander you can use show stack all to identify it For example suppose you have a switch operating as the Commander for a temporary stack named Test When it is time to eliminate the temporary Test stack and convert the switch into a member of an existing stack named Big Waters you would execute the following commands in the switch s CLI
53. Stack Management You would then execute this command in the North Sea switch s CLI to remove the switch from the stack North Sea config no stack join 0030c1 7fec40 Using the CLI To Access Member Switches for Configuration Changes and Traffic Monitoring After a Candidate becomes a Member you can use the telnet command from the Commander to access the Member s CLI or console interface for the same configuration and monitoring that you would do through a Telnet or direct connect access from a terminal Syntax telnet lt switch number gt where unsigned integer is the switch number SN assigned by the Com mander to each member range 1 15 To find the switch number for the Member you want to access execute the show stack view command in the Commander s CLI For example suppose that you wanted to configure a port trunk on the switch named North Sea in the stack named Big Waters Do do so you would go to the CLI for the Big Waters Commander and execute show stack view to find the switch number for the North Sea switch ProCurve canfigi show stack view Stack Members The switch number SN MAC Address System Name Device Type Status SN for the North Sea switch is 3 0302s1 7fec40 Commander Up n Db0 880a80 Indian Ocean 3500 1 Member Up OO060b0 df1a00 Bering Sea 3501 Member Up n030cs1 7fe700 North Bea 3500y1 Member Up Figure 6 36 Example of a Stack Showing Switch Number SN Assignments
54. Tree will force the blocking of one or more links This may include the link carrying the Management VLAN which will cause loss of management access to some devices This can also occur where meshing is configured and the Management VLAN is configured on a separate link 2 54 Static Virtual LANs VLANs Special VLAN Types m Monitoring Shared Resources The Management VLAN feature shares internal switch resources with several other features The switch provides ample resources for all features However if the internal resources become fully subscribed the Management VLAN feature cannot be con figured until the necessary resources are released from other uses For information on determining the current resource availability and usage refer to the appendix titled Monitoring Resources in the Management and Configuration Guide for your switch Mesh Domain Includes Membership in VLAN 20 Management VLAN Three VLANs Emm Even though the ports on the Management VLAN link do not belong to any of the VLANs in the mesh the link will be blocked if you enable Spanning Tree This is because Spanning Tree operates per switch and not per VLAN Figure 2 37 Example of Inadvertently Blocking a Management VLAN Link by Implementing Spanning Tree Voice VLANS Configuring voice VLANs separates voice traffic from data traffic and shields your voice traffic from broadcast stor
55. Unit These BPDUs carry region specific information such as the region identifier region name and revision number If a switch receives an MSTP BPDU with a region identifier that differs from its own then the port on which that BPDU was received is on the boundary of the region in which the switch resides MSTP Bridge In this manual an MSTP bridge is a switch or another 802 1s compatible device configured for MSTP operation 4 13 Multiple Instance Spanning Tree Operation 802 1s Multiple Spanning Tree Protocol MSTP MST Region An MST region forms a multiple spanning tree domain and is a component of a single spanning tree domain within a network For switches internal to the MST region m All switches have identical MST configuration identifiers region name and revision number m All switches have identical VLAN assignments to the region s IST and optional MST instances One switch functions as the designated bridge IST root for the region Noswitch has a point to point connection to a bridging device that cannot process RSTP BPDUs RSTP Rapid Spanning Tree Protocol defined in IEEE 802 1w and ratified in IEEE 802 1D 2004 Spanning tree Generic term to refer to the many spanning tree flavors now deprecated STP RSTP and VLAN aware MSTP STP Spanning Tree Protocol part of the original IEEE 802 1D specification The 2004 edition completely deprecates STP Both RSTP and MSTP have fallback modes to handl
56. Using the Menu To Manage a Candidate Switch 6 15 Using the Commander To Manage The Stack 6 17 Using the Commander To Access Member Switches for Configuration Changes and Monitoring Traffic 6 23 Converting a Commander or Member to a Member of Another Stack 00 0c cece cee eee eens 6 24 Monitoring Stack Status 0 0 eee cee eee eee 6 25 Using the CLI To View Stack Status and Configure Stacking 6 29 Using the CLI To View Stack Status Less 6 31 Using the CLI To Configure a Commander Switch 6 33 Adding to a Stack or Moving Switches Between Stacks 6 35 Using the CLI To Remove a Member from a Stack 6 40 Using the CLI To Access Member Switches for Configuration Changes and Traffic Monitoring 000 6 42 6 1 Stack Management Contents SNMP Community Operation ina Stack 6 43 Using the CLI To Disable or Re Enable Stacking 6 44 Transmission Interval ssesseeeeseeeee esee eee 6 44 Stacking Operation with Multiple VLANs Configured 6 44 Status Messages lees n 9 a 6 45 6 2 Stack Management Introduction to Stack Management Introduction to Stack Management ProCurve Stack Management stacking enables you to use a single IP address and standard network cabling to manage a group of up to 16 total switches in the same IP subnet
57. VLAN The Management VLAN does not support IGMP operation Routing between the Management VLAN and other VLANs is not allowed If there are more than 25 VLANs configured on the switch reboot the switch after configuring the management VLAN If you implement a Management VLAN in a switch mesh environment all meshed ports on the switch will be members of the Management VLAN Only one Management VLAN can be active in the switch If one Manage ment VLAN VID is saved in the startup config file and you configure a different VID in the running config file the switch uses the running config version until you either use the write memory command or reboot the switch During a Telnet session to the switch if you configure the Management VLAN to a VID that excludes the port through which you are connected to the switch you will continue to have access only until you terminate the session by logging out or rebooting the switch During a web browser session to the switch if you configure the Manage ment VLAN to a VID that excludes the port through which you are connected to the switch you will continue to have access only until you close the browser session or rebooting the switch The Management VLAN feature does not control management access through a direct connection to the switch s serial port Enabling Spanning Tree where there are multiple links using separate VLANs including the Management VLAN between a pair of switches Spanning
58. VLAN Tagging X 802 1p Priority X 802 1X Port Based Authentication X AAA Authentication X Authorized IP Managers X Authorized Manager List web telnet TFTP X Auto MDIX Configuration X BOOTP X Config File X Console Access X Copy Command X CoS Class of Service X Debug X DHCP Configuration X DHCP Option 82 X DHCP Bootp Operation X Diagnostic Tools X Downloading Software X Dynamic Configuration Arbiter X Eavesdrop Protection X Event Log X Product Documentation Feature Management Advanced Multicast Access and Traffic and Security Configuration Management Routing Guide Factory Default Settings X Flow Control 802 3x File Management File Transfers x lt M x Xx Friendly Port Names GVRP X Identity Driven Management IDM X IGMP X Interface Access Telnet Console Serial Web X IPv4 Addressing X IPv6 Addressing see the IPv6 Configuration Guide IP Routing X Jumbos Support X LACP Link LLDP LLDP Med x lt M KK Xx MAC Address Management MAC Lockdown MAC Lockout MAC based Authentication x gt x x MAC authentication RADIUS support Management VLAN X Monitoring and Analysis X Multicast Filtering X Multiple Configuration Files X Network Immunity Manager X xi Product Documentation Feature Management Advanced Multicast Access and Traffic and Security Configuration Management Routing Guide Network Management Appli
59. Yes No 000883 02a700 2 Yes No For Edge No admin edge port operation disabled indicates the port is configured for connecting to a LAN segment that includes a bridge or switch Yes indicates the port is configured for a host end node link Refer to the admin edge port description under Configuring MSTP Per Port Parameters on page 4 Figure 4 21 Example of Common Spanning Tree Status 4 56 Multiple Instance Spanning Tree Operation Displaying MSTP Statistics and Configuration Displaying Detailed Port Information The following commands display the MSTP statistics for the connections between MST regions in a network Syntax show spanning tree detail This command displays additional parameters concerning the common spanning tree CST ports Syntax show spanning tree lt port list gt detail This command displays detailed spanning tree status for the designated port s ProCurve show spanning tree a9 detail tatus and Counters CST Port s Detailed Information meu Port A9 Gives information concerning the Status Up Common Spanning Tree CST only BPDU Filtering Yes Use the show spanning tree instance Errant BPUDUs received 65 commands to view counters ST Region Boundary pertaining to particular IST instances External Path Cost 200000 External Root Path Cost 420021 Administrative Hello Time Use Global Operational Hello Time AZ AdminEdgePo
60. affect any 802 1p priority settings the switch may assign Fora given packet ifboth IGMP high priority and QoS are configured the QoS classification occurs and the switch marks the packet for downstream devices but the packet is serviced by the high priority queue when leaving the switch IGMP High QoS Configuration Switch Port Output Outbound 802 1p Setting Priority Affects Packet Queue Requires Tagged VLAN NotEnabled Yes Determined by QoS Determined by QoS Enabled See above para High As determined by QoS if QoS is graph active 5 68 Stack Management Contents Introduction to Stack Management Less 6 3 Stacking Support on ProCurve Switches 00 0 e eee 6 3 Components of ProCurve Stack Management 6 5 General Stacking Operation 00 c eee eee eee eens 6 5 Operating Rules for Stacking 0 e eee eee ee 6 7 General Rules 2 5 vu eU RE ARR ERE Race RR rn 6 7 Specific Rules ee g gree ona Sodas gh aa m e e Wo neers dens 6 8 Configuring Stack Management les lss 6 9 Overview of Configuring and Bringing Up a Stack 6 9 General Steps for Creating a Stack 0 00 6 11 Using the Menu Interface To View Stack Status and Configure Stacking 00 cece eee cece eens 6 13 Using the Menu Interface To View and Configure a Commander Switch 2 0 0 c eee eee eens 6 13
61. all switches in a region A switch intended to operate in a region does An MSTP switch intended for a particular region may not have the same not receive traffic from other switches inthe configuration name or region revision number as the other switches region intended for the same region The MSTP configuration name spanning tree config name command and MSTP configuration revision number spanning tree config revision command mustbe identical on all MSTP switches intended for the same region Another possible cause is that the set of VLANs and VLAN ID to MSTI mappings spanning tree instance vlan command configured on the switch may not match the set of VLANs and VLAN ID to MSTI mappings configured on other switches in the intended region 4 74 Quality of Service QoS Managing Bandwidth More Effectively Contents Introduction ccena erbe ERNSVRERI ERA PME ES 5 3 Terminology censes te ones x e A Re egere dU Mea des 5 6 rcu Fs 5 7 Classifiers for Prioritizing Outbound Packets 5 10 Packet Classifiers and Evaluation Order 5 10 Preparation for Configuring QoS 0 0 cece ene 5 11 Preserving 802 1p Priority 00 00 cece eee 5 11 Steps for Configuring QoS on the Switch 5 11 Viewing the QoS Configuration 0 00 cece eee ee 5 13 NO Overrides uias nee aha Rae MRR a tete EUR Pr ERR en 5 13 Using QoS Classifiers to Co
62. and the Commander s Manager password controls access to all stack Members Stack Management Introduction to Stack Management Usethe Commander s console orweb Wiring Closet A browser interface to access the user interface on any Member switch in the same stack Network Backbone Member Switch 1 IP Address None Assigned Manager Password leader Candidate Switch IP Address None Assigned Manager Password francois Commander Switch 0 IP Address 10 28 227 100 Manager Password leader Non Member Switch IP Address 10 28 227 105 Manager Password donald Member Switch 2 IP Address None Assigned Manager Password leader Figure 6 2 Example of Stacking with One Commander Controlling Access to Wiring Closet Switches Interface Options You can configure stacking through the switch s menu interface CLI or the web browser interface For information on how to use the web browser interface to configure stacking see the online Help for the web browser interface Web Browser Interface Window for Commander Switches The web browser interface window for a Commander switch differs in appearance from the same window for non commander switches 6 6 Stack Management Introduction to Stack Management Operating Rules for Stacking General Rules m Stacking is an optional feature enabled in the default configuration and can easily be disabled Stacking ha
63. and the port becomes a tagged member of the VLAN For example suppose that in figure 3 2 page 3 6 port 1 on switch A is con nected to port 5 on switch C Because switch A has VLAN 22 statically configured while switch C does not have this VLAN statically configured and does not Forbid VLAN 22 on port 5 VLAN 22 is handled as an Unknown VLAN on port 5 in switch C Conversely if VLAN 22 was statically configured on switch C but port 5 was not a member port 5 would become a member when advertisements for VLAN 22 were received from switch A When you enable GVRP on aswitch you have the per port join request options listed in table 3 1 3 7 GVRP Per Port Options for Handling GVRP Unknown VLANs Table 3 1 Options for Handling Unknown VLAN Advertisements UnknownVLAN Operation Mode Learn Enables the port to become a member of any unknown VLAN for which it the Default receives an advertisement Allows the port to advertise other VLANs that have at least one other port on the same switch as a member Block Prevents the portfrom joining any new dynamic VLANs for which it receives an advertisement Allows the port to advertise other VLANs that have at least one other port as a member Disable Causes the port to ignore and drop all GVRP advertisements it receives and also prevents the port from sending any GVRP advertisements The CLI show gvrp command and the menu int
64. appears as Tab and the Y key appears as Y 1 4 Note Getting Started Sources for More Information Sources for More Information For additional information about switch operation and features not covered in this guide consult the following sources Feature Index For information on which product manual to consult for a given software feature refer to the Feature Index on page x For the latest version of all ProCurve switch documentation including Release Notes covering recently added features visit the ProCurve Network ing Web Site at www procurve com click on Technical support and then click on Product Manuals all Software Release Notes Release notes are posted on the ProCurve Networking web site and provide information on new software updates e new features and how to configure and use them e software management including downloading software to the switch e software fixes addressed in current and previous releases To view and download a copy ofthe latest software release notes for your switch refer to Getting Documentation From the Web on page 1 7 Product Notes and Software Update Information The printed Read Me First shipped with your switch provides software update information product notes and other information For the latest version refer to Getting Documentation From the Web on page 1 7 Installation and Getting Started Guide Use the Installation and Get ting Started
65. as deter mined by the Common Spanning Tree CST The CST ensures that there is only one active path between any two regions or between a region and a switch running STP and RSTP Refer to figure 4 2 on page 4 7 MSTP Operation with 802 1Q VLANs As indicated in the preceding sections within a given MST instance a single spanning tree is configured for all VLANs included in that instance This means that if redundant physical links exist in separate VLANs within the same instance MSTP blocks all but one of those links However you can prevent the bandwidth loss caused by blocked redundant links for different VLANs in 4 11 Multiple Instance Spanning Tree Operation 802 1s Multiple Spanning Tree Protocol MSTP Note an instance by using a port trunk The following example shows how you can useaporttrunk with 802 1Q tagged VLANs and MSTP without unnecessarily blocking any links or losing any bandwidth Problem An MST instance with two Solution Configure one trunked separate non trunked link for the two VLAN memberships links blocks a VLAN link i i Red Blue 4 Switch A gt VIAN VEAN Red and Blue VLANs Trunked Link Red and Blue VLANs Red Blue VLAN VLAN H Nodes 1 and 2 cannot Nodes 1 and 2 can communicate because the communicate because MST instance sees the trunk as a single link and MSTP is blocking the link 802
66. assigned to the specified instance Use the show spanning tree debug counters instance ports command to troubleshoot at a finer level the more general MSTP diagnostic information displayed in show spanning tree debug counters instance command output when you suspect unauthorized MSTP activity on one or more MST ports in an MST instance Syntax show spanning tree debug counters instance lt instance id gt ports lt port list gt This command displays debug counters for MSTP activity on the specified ports configured for VLANs in the specified MST instance The valid values for instance lt instance id gt are from O0 to 16 0 specifies the default MST CIST instance e 1 to 16 specify an MST instance The ports lt port list gt parameter specifies one or more MST ports or trunk ports In the port list enter a series of ports by separating the first and last ports in the series with a dash for example a2 a8 or trk1 trk3 Separate individual ports and series of ports with a comma for example a2 a8 a20 trk1 trk4 trk5 The following examples shows sample output of the show spanning tree debug counters instance ports command for both the CIST default MST instance 0 and an MST instance instance 2 on port A15 For a description of each counter refer to Table 4 1 on page 4 71 4 69 Multiple Instance Spanning Tree Operation Troubleshooting an MSTP Configuration ProCurve config show spanning tree debug counters inst
67. be sensitive to frame duplication and misordering you can disable rapid transitions by setting the Force Protocol Version parameter to STP com patible The value of this parameter applies to all ports on the switch See information on force version on page 4 21 m One of the benefits of MSTP is the implementation of a larger range of port path costs which accommodates higher network speeds However this can create some incompatibility between devices running the older 802 1D STP You can adjust to this incompatibility by implementing the global spanning tree legacy path cost command see page 4 22 See also the Note on Path Cost below RSTP and MSTP implement a greater range of path costs than 802 1D STP and use different default path cost values to account for higher network speeds These values are shown below Port Type 802 1D STP Path Cost RSTP and MSTP Path Cost 10 Mbps 100 2 000 000 100 Mbps 10 200 000 1 Gbps 5 20 000 Because the maximum value for the path cost allowed by 802 1D STP is 65535 devices running that version of spanning tree cannot be configured to match the values defined by MSTB at least for 10 Mbps and 100 Mbps ports In LANs where there is a mix of devices running 802 1D STP RSTP and or MSTP you should reconfigure the devices so the path costs match for ports with the same network speeds 4 16 Multiple Instance Spanning Tree Operation Configuring MSTP Configuring MSTP This section ou
68. broadcast domain Using stacking you can Reduce the number of IP addresses needed in your network Simplify management of small workgroups or wiring closets while scaling your network to handle increased bandwidth demand Eliminate any specialized cables for stacking connectivity and remove the distance barriers that typically limit your topology options when using other stacking technologies Add switches to your network without having to first perform IP addressing tasks Stacking Support on ProCurve Switches As em of January 2008 the following ProCurve switches include stacking w ProCurve Series 6400cl m ProCurve Series 2500 ProCurve Series 6200yl m ProCurve Switch 8000M ProCurve Switch 6108 m ProCurve Switch 4000M ProCurve Series 4200vl m ProCurve Switch 2424M1 2 ProCurve Series 4100gl m ProCurve Switch 2400M 2 ProCurve Series 3500yl m ProCurve Switch 1600M 2 ProCurve Series 3400cl ProCurve Switch 2900 ProCurve Series 2600 ProCurve Series 2800 Requires software release C 08 03 or later which is included with the 8000M 4000M 2424M and 1600M models as of July 2000 Release C 08 03 or a later version is also available on the ProCurve Networking web site at www procurve com Click on Software updates 2Discontinued product 6 3 Stack Management Introduction to Stack Management Note Stacking and meshing cannot both be enabled at the same time on a Series 3500yl switch or a 6200yl switch
69. configuration with the current pending MSTP configuration Options are as follows apply Exchanges the currently active MSTP configuration with the pending MSTP configuration config name Specifies the pending MST region name Must be the same for all MSTP switches in the region Default The switch s MAC address config revision Specifies the pending MST region configuration revision number Must be the same for all MSTP switches in the region Default 0 instance lt 7 76 vlan lt vid vid range gt Creates the pending instance and assigns one or more VLANS to the instance reset Copies the switch s currently active MSTP configuration to the pending configuration This is useful when you want to experiment with the current MSTP configuration while maintaining an unchanged version To Create a Pending MSTP Configuration This procedure creates a pending MSTP configuration and exchanges it with the active MSTP configu ration 1 Configure the VLANs you want included in any instances in the new region When you execute the pending command all VLANs configured on the switch will be assigned to a single pending IST instance unless assigned to other pending MST instances The pending command creates the region s IST instance automatically Configure MSTP as the spanning tree protocol then execute write mem and reboot The pending option is available only with MSTP enabled Configure the pending region confi
70. configured with only one protocol type and you use the no form of this command to remove that protocol the switch changes the protocol VLAN to a port based VLAN if the VLAN does not have an untagged member port If an untagged member port exists on the protocol VLAN you must either con vert the port to a tagged member or remove the port from the VLAN before removing the last protocol type from the VLAN Note If you create an IPv4 protocol VLAN you must also assign the ARP protocol option to the VLAN to provide IP address resolution Otherwise IP packets are not deliverable A Caution message appears in the CLI if you configure IPv4 in protocol VLAN that does not already include the arp protocol option The same message appears if you add or delete another protocol in the same VLAN 2 36 Static Virtual LANs VLANs Configuring VLANs name ascii name string When included in a vlan command for creating a new static VLAN specifies a non default VLAN name Also used to change the current name of an existing VLAN Avoid spaces and the following characters in the lt ascii name string gt entry amp and To include a blank space in a VLAN name enclose the name in single or double quotes C or voice Designates a VLAN for VoIP use For more on this topic refer to Voice VLANs on page 2 55 For example to create a new port based static VLAN with a VID of 100 ProC
71. default VLAN VLAN 222 and VLAN 333 In this scenario switch B will dynamically join VLAN 222 and VLAN 333 3 16 GVRP Configuring GVRP On a Switch Switch A Switch B GVRP enabled Ze GVRP enabled 3 Static VLANs 1 Static VLANs DEFAULT VLAN D M DEFAULT VLAN VLAN 222 VLAN 333 The show vlans command lists the dynamic and static VLANs in switch B after it has learned and joined VLAN 222 and VLAN 333 Switch B show vlans Status and Counters VLAN Information VLAN support Yes Maximum VLANs to support 8 Dynamic VLANs Primary VLAN DEFAULT VLAN Learned from Switch A through Port 1 802 10 VLAN ID Status DEFAULT VLAN GVRP 222 Dynamic GVRP 333 Dynamic Figure 3 9 Example of Listing Showing Dynamic VLANs Converting a Dynamic VLAN to a Static VLAN If a port on the switch has joined a dynamic VLAN you can use the following command to convert that dynamic VLAN to a static VLAN Syntax static lt dynamic vlan id gt Converts the a dynamic VLAN to a static VLAN For example to convert dynamic VLAN 333 from the previous example to a static VLAN ProCurve config static 333 When you convert a dynamic VLAN to a static VLAN all ports on the switch are assigned to the VLAN in Auto mode 3 17 GVRP GVRP Operating Notes Web Viewing and Configuring GVRP To view enable disable or reconfigure GVRP 1 Click on the Config
72. e X4 Green VLAN Tagged AT2 Protocol VLAN Untagged Red VLAN Figure 2 28 Example of Networked 802 10 Compliant Devices with Multiple VLANs on Some Ports 2 44 Static Virtual LANs VLANs 802 10 VLAN Tagging m The VLANs assigned to ports X4 X6 Y2 Y5 can all be untagged because there is only one VLAN assigned per port m Port X1 has two AppleTalk VLANs assigned which means that one VLAN assigned to this port can be untagged and the other must be tagged m Ports X2 and Y1 have two port based VLANs assigned so one can be untagged and the other must be tagged on both ports m Ports X3 and Y6 have two port based VLANs and one protocol based VLAN assigned Thus one port based VLAN assigned to this port can be untagged and the other must be tagged Also since these two ports share the same link their VLAN configurations must match Switch X Switch Y Port AT 1VLAN AT 2VLAN Red VLAN Green VLAN Port AT 1VLAN AT 2VLAN Red VLAN Green VLAN X1 Untagged Tagged No No Y1 No No Untagged Tagged X2 No No Untagged Tagged Y2 No No No Untagged X3 No Untagged Untagged Tagged Y3 No Untagged No No X4 No No No Untagged Y4 No No No Untagged X5 No No Untagged No Y5 No No Untagged No X6 Untagged No No No Y6 No Untagged Untagged Tagged No means the port is not a member of that VLAN For example port X3 is not a member of the Red VLAN and does not carry Red VLAN traffic Also
73. from other stacks that may exist in the same subnet You cannot add a Candidate that the Commander has not discovered In its default configuration the Commander s Auto Grab parameter is set to No to give you manual control over which switches join the stack and when they join This prevents the Commander from automatically trying to add every Candidate it finds that has Auto Join set to Yes the default for the Candidate If you want any eligible Candidate to automatically join the stack when the Commander discovers it configure Auto Grab in the Commander to Yes When you do so any Candidate discovered with Auto Join set to Yes the default and no Manager password will join the stack up to the limit of 15 Members 6 35 Stack Management Configuring Stack Management Using the Commander s CLI To Manually Add a Candidate to the Stack To manually add a candidate you will use m Aswitch number SN to assign to the new member Member SNs range from 1 to 15 To see which SNs are already assigned to Members use show stack view You can use any SN not included in the listing SNs are viewable only on a Commander switch m TheMACaddress ofthe discovered Candidate you are adding to the stack To see this data use the show stack candidates listing For example ProCurve config show stack view Stack Members SH MAC Address System Name Device Type Status 0 O030 1 Tftec4O 350 0y1l Commander Up di OO060b0 880a80 India
74. has been manually configured as the controlling device for a stack When this occurs the switch s stacking configuration appears as Commander Candidate A switch that is ready to join become a Member of a stack through either automatic or manual methods A switch configured as a Candidate is not in a stack Member A switch that has joined a stack and is accessible from the stack Commander Before Stack named After Switch B joins the stack thus changing from a Engineering consists Candidate to a Member of the stack of Commander and Switch C Switch B is uirum prin qe CER a Candidate eligible to a Stack Name join the stack Stack Name Engineering Engineering Commander Switch A Commander Switch A i B a oe Candidate Switch B x Member Switch C Member Switch C 7 Figure 6 1 Illustration of a Switch Moving from Candidate to Member General Stacking Operation After you configure one switch to operate as the Commander of a stack additional switches can join the stack by either automatic or manual methods After a switch becomes a Member you can work through the Commander switch to further configure the Member switch as necessary for all of the additional software features available in the switch The Commander switch serves as the in band entry point for access to the Member switches For example the Commander s IP address becomes the path to all stack Members
75. it had before the DSCP policy was assigned This will be either a value from 0 7 or No override Syntax show qos type of service Displays a listing of codepoints with any corresponding DSCP policy re assignments for outbound packets Also lists the 802 1p priority for each codepoint that does not have a DSCP policy assigned to it For example suppose you want to configure the following two DSCP policies for packets received with the indicated DSCPs Received Policy 802 1p Policy Name DSCP DSCP Priority Optional 001100 000010 6 Level 6 001101 000101 4 Level 4 1 Determine whether the DSCPs already have priority assignments which could indicate use by existing applications This is not a problem as long as the configured priorities are acceptable for all applications using the 5 36 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic same DSCP Refer to the Notes on Changing a Priority Setting on page 5 58 Also a DSCP must have a priority configured before you can assign any QoS classifiers to use it ProCurve config show qos dscp map DSCP 802 p priority mappings DSCP policy 802 1p tag Policy name 000000 No override 000001 No override 0 nUU1 No override The DSCPs for this l1 No override example have not yet 000100 No override been assigned an 000101 No override 802 1p priority level 000110
76. mapping does not require a VLAN to be already configured on the switch The MSTP VLAN enhancement allows you to preconfigure MSTP topologies before the VLAN IDs associated with each instance exist on a switch When you use preconfigured VLAN ID to MSTI topologies ensure that MSTP switches remain in the same region by mapping all VLAN IDs used in the region to the same MSTIs on each regional switch When you upgrade switch software to release 13 x x and later the existing MSTP topology configuration is automatically saved All existing VLAN ID to MSTI assignments are maintained on a switch for uninterrupted MSTP network operation Syntax spanning tree instance lt 1 16 gt priority lt priority multiplier gt This command sets the switch bridge priority for the desig nated instance This priority is compared with the priorities of other switches in the same instance to determine the root switch for the instance The lower the priority value the higher the priority If there is only one switch in the instance then that switch is the root switch for the instance The IST regional root bridge provides the path to instances in other regions that share one or more of the same VLAN s The priority range for an MSTP switch is 0 61440 However this command specifies the priority as a multiplier 0 15 of 4096 That is when you specify a priority multiplier value of 0 15 the actual priority assigned to the switch for the specifie
77. of the switch to flash The saved configuration becomes the boot up configuration of the switch the next time it is booted If you need information on specific features in the ProCurve Web Browser Interface hereafter referred to as the web browser interface use the online help available for the web browser interface For more information on web browser Help options refer to Online Help for the ProCurve Web Browser Interface in the Management and Configuration Guide If you need further information on ProCurve switch technology visit the ProCurve Networking web site at WWW procurve com Need Only a Quick Start IP Addressing If you just want to give the switch an IP address so that it can communicate on your network or if you are not using VLANs ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing To do so do one of the following m Enter setup at the CLI Manager level prompt Procurve setup m Inthe Main Menu of the Menu interface select 8 Run Setup For more on using the Switch Setup screen see the Installation and Getting Started Guide you received with the switch Getting Started To Set Up and Install the Switch in Your Network To Set Up and Install the Switch in Your Network Physical Installation Use the ProCurve Installation and Getting Started Guide shipped with the switch for the following m Notes cautions and warnings related to installing and
78. override indicates that port A1 is not prioritized by QoS Port Apply rule DSCP Priority j Override No override No override No override Priority 2 No override Priority 2 No override Priority 3 No override Figure 5 28 Returning a QoS Prioritized VLAN to No override Status Assigning a DSCP Policy Based on the Source Port This option assigns a previously configured DSCP policy codepoint and 802 1p priority to outbound IP packets received from the specified source ports That is the switch 1 Selects an incoming IP packet on the basis of its source port on the switch 2 Overwrites the packet s DSCP with the DSCP configured in the switch for such packets 3 Assigns the 802 1p priority configured in the switch for the new DSCP Refer to Differentiated Services Codepoint DSCP Mapping on page 5 55 4 Forwards the packet through the appropriate outbound port queue For more on DSCB refer to Terminology on page 5 6 Steps for Creating a Policy Based on Source Port Classifiers Note You can select one DSCP per source port Also configuring a new DSCP for a source port automatically overwrites replaces any previous DSCP or 802 1p priority configuration for that port 1 Identify the source port classifier to which you want to assign a DSCP policy 2 Determine the DSCP policy for packets having the selected source port a Determine the DSCP you want to assign to the selected packets Th
79. packet head ers 2 63 Static Virtual LANs VLANs Migrating Layer 3 VLANs Using VLAN MAC Configuration m Immediately after you configure a VLAN MAC address or remove a configured MAC address a gratuitous ARP message is broadcast on the connected segment to announce the change of the IP to MAC address binding to all connected IP based equipment A configured VLAN MAC address supports proxy ARP and gracious ARP A new MIB variable ifRcvAddressTable is introduced to support VLAN MAC configuration m You cannot configure a VLAN MAC address using the web browser or menu interface You must use the CLI Example The following example shows how to configure a MAC address on VLAN 101 ProCurve configure terminal ProCurve config vlan 101 ProCurve vlan 101 ip recv mac address 0060b0 e9a200 interval 100 Verifying a VLAN MAC Address Configuration To verify the configuration of Layer 3 MAC addresses on the VLAN interfaces of a switch enter the show ip recv mac address command ProCurve show ip recv mac address VLAN L3 Mac Address Table VLAN L3 Mac Address Timeout DEFAULT VLAN 001635 024467 60 VLAN2 001635 437529 100 2 64 GVRP Contents Overview nosmet eee e eee ER Le eec eee ere igen i 3 2 Introduction reesen eee a ew etd Mey ER E 3 3 General Operation sese hn 9 4 Per Port Options for Handling GVRP Unknown VLANs 3 7 Per Port Options for Dynami
80. packet is received from a bridge external to the MST region with a Message Age value greater than the configured value of the Max Age parameter spanning tree maximum age command This may occur if the receiving bridge is located too farfromthe root bridge beyond the configured size of the spanning tree domain on the root bridge or if a BPDU packet with invalid root information is continuously circulating between bridges in a spanning tree domain and needs to be aged out This counter is maintained by the CIST default MST instance 0 on a per port basis Exceeded Max Hops BPDUs Number of times that a BPDU packet is received from a bridge internal to the MST region with a CIST Remaining Hops value less than or equal to 1 This may occur if the receiving bridge is located too far from the CIST regional root bridge beyond the configured size of the MST region onthe CIST regional root bridge or if a PDU packet with invalid CIST regional root bridge information is continuously circulating between bridges in the MST Region and needs to be aged out This counter is maintained by the CIST default MST instance 0 in the region on a per port basis 4 72 Field Exceeded Max Hops MSTI MSGs Multiple Instance Spanning Tree Operation Troubleshooting an MSTP Configuration Description Number of times that an MSTI MSG packet is received from a bridge internal to the MST region with an MSTI Remaining Hops value less than or equal t
81. spanning tree mst config This command displays the switch s regional configuration Note The switch computes the MSTP Configuration Digest from the VID to MSTI configuration mappings on the switch itself As required by the 802 1s standard all MSTP switches within the same region must have the same VID to MSTI assignments and any given VID can be assigned to either the IST or one of the MSTIs within the region Thus the MSTP Configuration Digest must be identical for all MSTP switches intended to belong to the same region When comparing two MSTP switches if their Digest identifiers do not match then they cannot be members of the same region Switch 2 config show spanning tree mst config MST Configuration Identifier Information MST Configuration Name REGION 1 MST Configuration Revision 1 MST Configuration Digest OxDAD6A13EC5141980B7EBDA71D8991E7C IST Mapped VLANs 1 66 Neel Refer to the Note above Instance ID Mapped VLANs 33 44 55 Figure 4 26 Example of a Region Level Configuration Display 4 61 Multiple Instance Spanning Tree Operation Displaying MSTP Statistics and Configuration Displaying the Pending MSTP Configuration This command displays the MSTP configuration the switch will implement if you execute the span ning tree pending apply command Refer to Enabling an Entire MST Region at Once or Exchanging One Region Configuration for Another on page 4 45 Syntax show spanning tree pending
82. subnet HP recommends that you leave Auto Grab disabled on all Commander switches and manually add Members to their stacks Similarly if you plan to install a stack in a subnet broadcast domain where stacking capable switches are not intended for stack membership you should set the Stack State parameter in the Stack Configuration screen to Disabled on those particular switches Configuring Stack Management Overview of Configuring and Bringing Up a Stack This process assumes that m All switches you want to include in a stack are connected to the same subnet broadcast domain m IfVLANsare enabled on the switches you want to include in the stack then the ports linking the stacked switches must be on the primary VLAN in each switch which in the default configuration is the default VLAN Ifthe primary VLAN is tagged then each switch in the stack must use the same VLAN ID VID for the primary VLAN Refer to The Primary VLAN on page 2 46 and Stacking Operation with Multiple VLANs Configured on page 6 44 m Ifyou are including a ProCurve Switch 8000M 4000M 2424M 2400M or 1600M in a stack you must first update all such devices to software version C 08 03 or later You can get a copy of the latest software version from the ProCurve Networking web site and or copy it from one switch to another For downloading instructions see appendix A File Transfers in the Management and Configuration Guide for your s
83. the DSCP policies in figure 5 7 to IPV4 packets received in the switch with the specified UDP TCP port applications This means the switch will m Overwrite the original DSCPs in the selected packets with the new DSCPs specified in the above policies m Assign the 802 1p priorities in the above policies to the selected packets 5 22 Note Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic QoS IP Device Priority QoS Classifier Precedence 2 The IP device option which applies only to IPv4 packets enables you to use up to 300 IP addresses source or destination as QoS classifiers Where a particular device IP address classifier has the highest precedence in the switch for traffic addressed to or from that device then traffic received on the switch with that address is marked with the IP address classifier s configured priority level Different IP device classifiers can have differing priority levels The switch does not allow a QoS IP device priority for the Management VLAN IP address if configured If there is no Management VLAN configured then the switch does not allow configuring a QoS IP device priority for the Default VLAN IP address Ip address QoS does not support layer 2 SAP encapsulation For more infor mation on packet type restrictions refer to table 5 13 Details of Packet Criteria and Restrictions for QoS Support on page
84. the primary VLAN see The Primary VLAN on page 2 46 2 Configure a Manager password on the switch intended for commander The Commander s Manager password controls access to stack Mem bers For more on passwords see the local manager and operator pass word information in the Access Security Guide for your switch Configure the Stack Commander Assigning a stack name to a switch makes it a Commander and automatically creates a stack Syntax stack commander lt name str gt This example creates a Commander switch with a stack name of Big_Waters Note that if stacking was previously disabled on the switch this command also enables stacking ProCurve config stack commander Big Waters As the following show stack display shows the Commander switchis now ready to add members to the stack Stack Management Configuring Stack Management ProCurve One ray how ica The stack commander command Stacking Stacking Status This Switch configures the Commander and names Stack State Commande the stack Transmission Interval 60 Stack Name Big Waters Number of members Auto Grab No Members unreachable SN MAC Address System Name Device Type Status OO30 1 beZ4acO 3500y1 350071 Commander Up The Commander appears in the stack as Switch Number SN 0 Figure 6 26 Example of the Commander s Show Stack Screen with Only the Commander Discovered Using a Member s CLI to Convert the Member to
85. time for implementing MSTP changes can be disruptive to your network To minimize such disruption consider using the spanning tree pending command refer to the following section on Enabling an Entire MST Region at Once or Exchanging One Region Configuration for Another Enabling an Entire MST Region at Once or Exchanging One Region Configuration for Another This operation exchanges the currently active MSTP configuration with the currently pending MSTP configuration It enables you to implement a new MSTP configuration with minimal network disruption or to exchange MSTP configurations for testing or troubleshooting purposes When you configure or reconfigure MSTP the switch re calculates the corre sponding network paths This can have a ripple effect throughout your net work as adjacent MSTP switches recalculate network paths to support the configuration changes invoked in a single switch Although MSTP employs rapid spanning tree operation the convergence time for implementing MSTP changes can be disruptive to your network However by using the spanning tree pending feature you can set up an MSTP on the switch and then invoke allinstances of the new configuration at the same time instead of one at atime 4 45 Multiple Instance Spanning Tree Operation Configuring MSTP Syntax no spanning tree pending apply config name config revision instance reset gt This command exchanges the currently active MSTP
86. to Yes e Yes enables the Commander to automatically take a Candidate into the stack as a Member if the Candidate has Auto Join set to Yes the default Candidate setting and does not have a previously configured password Accept or change the transmission interval default 60 seconds then press Enter to return the cursor to the Actions line Press S for Save to save your configuration changes and return to the Stacking menu Your Commander switch should now be ready to automatically or manually acquire Member switches from the list of discovered Candidates depending on your configuration choices 6 14 Stack Management Configuring Stack Management Using the Menu To Manage a Candidate Switch Using the menu interface you can perform these actions on a Candidate Switch m Add push the Candidate into an existing stack m Modify the Candidate s stacking configuration Auto Join and Transmission Interval Convert the Candidate to a Commander Disable stacking on the Candidate so that it operates as a standalone switch In its default stacking configuration a Candidate switch can either automati cally join astack or be manually added pulled into astack by a Commander depending on the Commander Auto Grab setting The following table lists the Candidate s configuration options Table 6 4 Candidate Configuration Options in the Menu Interface Parameter Stack State Auto Join Transmission Interva
87. to implement more than one stack in a subnet broadcast domain the easiest way to avoid unintentionally adding a Candidate to the wrong stack is to manually control the joining process by leaving the Commander s Auto Grab parameter set to No the default e The Commander assigns its Manager and Operator passwords to any Candidate switch that joins the stack e The Commander s SNMP community names apply to members For automatically or manually pulling Candidate switches into a stack you can leave such switches in their default stacking configuration If you need to access Candidate switches through your network before they join the stack assign IP addresses to these devices Otherwise IP addressing is optional for Candidates and Members Note that once a Candidate becomes a member you can access it through the Commander to assign IP addressing or make other configuration changes Make a record of any Manager passwords assigned to the switches intended for your stack that are not currently members You will use these passwords to enable the protected switches to join the stack If you are using VLANs in the stacking environment you must use the default VLAN for stacking links For more information see Stacking Operation with a Tagged VLAN on page 6 44 Ensure that all switches intended for the stack are connected to the same subnet broadcast domain As soon as you connect the Commander it will begin discovering the
88. untagged VLAN environment with DSCP policies where QoS can set priorities that downstream devices can support without re classifying the traffic By prioritizing traffic QoS supports traffic growth on the network while optimizing the use of existing resources and delaying the need for further investments in equipment and services That is QoS enables you to m Specify which traffic has higher or lower priority regardless of current network bandwidth or the relative priority setting of the traffic when it is received on the switch Change upgrade or downgrade the priority of outbound traffic Override illegal packet priorities set by upstream devices or applications that use 802 1Q VLAN tagging with 802 1p priority tags m Avoid or delay the need to add higher cost NICs network interface cards to implement prioritizing Instead control priority through network policy QoS on the switches covered in this guide support these types of traffic marking m 802 1p prioritization Controls the outbound port queue priority for traffic leaving the switch and if traffic exits through a VLAN tagged port sends the priority setting with the individual packets to the downstream devices m IP Type of Service ToS Enables the switch to set change and honor prioritization policies by using the Differentiated Services diffserv bits in the ToS byte of IPv4 packet headers 5 5 Quality of Service QoS Managing Bandwidth More
89. use preconfigured VLAN ID to MSTI topologies ensure that MSTP switches remain in the same region by mapping all VLAN IDs used in the region to the same MSTIs on each regional switch When you upgrade switch software to release K 13 XX and later the existing MSTP topology configuration is automatically saved AII existing VLAN ID to MSTI assignments are maintained on a switch for uninterrupted MSTP network operation 4 51 Multiple Instance Spanning Tree Operation Configuring MSTP How to Save Your Current Configuration You can save your current configuration before updating to a new version of software by following these steps Enterthe show config files command to display your current configura tion files as shown in Figure 4 18 ProCurve config show config files Configuration files id act pri sec l l 1 2 3 Figure 4 18 An Example of the show config files Command Output 2 To save a configuration file for software version T 12 43 enter this command ProCurve config copy config configl config configT1243 cfg You can choose any name for the saved configuration file that you prefer 3 Display the configuration files as shown in Figure 4 19 You will see your newly created configuration file listed ProCurve config show config files Configuration files id act pri sec name configl config2 configT1243 cfg Figure 4 19 A Con
90. using the switch and its related modules Instructions for physically installing the switch in your network Quickly assigning an IP address and subnet mask set a Manager pass word and optionally configure other basic features m Interpreting LED behavior For the latest version of the Installation and Getting Started Guide for your switch refer to Getting Documentation From the Web on page 1 7 1 9 Getting Started To Set Up and Install the Switch in Your Network 1 10 Static Virtual LANs VLANs Contents Overview airina ele ae a ae Pa ee wh ee 2 3 Introduction uno an a ate Rei er ERES 2 4 General VLAN Operation 0 0 0 cee eee eh 2 4 Types of Static VLANs Available in the Switch 2 5 Port Based VLANS seeseeeeeeee he 2 5 Protocol Based VLANS 0 e cece cece eee neces 2 5 Designated VLANS 00 c cece eee eee eee eee 2 5 Terminology 22 delet eae veh e a aa er eb edu 2 6 Static VLAN Operation 0 0 ccc cece eee eens 2 7 VLAN Environments 0 000 cece cece een eee eens 2 8 VEAN Operation iisx4x Re IsUex pA A RR iave LET ETT een 2 9 Routing Options for VLANS 00 c eee eee eee 2 10 Overlapping Tagged VLANS 000s cece eee eee 2 11 Per Port Static VLAN Configuration Options 2 13 VLAN Operating Rules 0 0 eee eens 2 14 General Steps for Using VLANS
91. 1 101 000101 000010 000010 Figure 5 11 The Completed Device Priority Codepoint Configuration The switch will now apply the DSCP policies in figure 5 10 to IPv4 packets received on the switch with the specified IP addresses source or destination This means the switch will m Overwrite the original DSCPs in the selected packets with the new DSCPs specified in the above policies m Assign the 802 1p priorities in the above policies to the appropriate packets 5 28 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic QoS IP Type of Service ToS Policy and Priority QoS Classifier Precedence 3 This feature applies only to IPv4 traffic and performs either of the following ToS IP Precedence Mode All IP packets generated by upstream devices and applications include precedence bits in the ToS byte Using this mode the switch uses these bits to compute and assign the corresponding 802 1p priority ToS Differentiated Services Diffserv Mode This mode requires knowledge of the codepoints set in IP packets by the upstream devices and applications It uses the ToS codepoint in IP packets coming from upstream devices and applications to assign 802 1p priorities to the pack ets You can use this option to do both of the following e Assign a New Prioritization Policy A policy includes both a codepoint and a corresponding 802 1p prio
92. 2 56 Voice VLAN QoS Prioritizing Optional 2 56 Voice VLAN Access Security 00 0 c cece eee eee 2 57 Effect of VLANs on Other Switch Features 2 57 Spanning Tree Operation with VLANs 0 02 e eee 2 57 IP Interfaces cscs esti etn a See vba Biel eg Rea 2 58 VLAN MAC Address 00 0 0 c eee cece ee 2 58 Port Trunks 2 zzz te e eua RU RR eae te tthe a as gna 2 58 Port Monitoring 0 E eee 2 58 Jumbo Packet Support 2 0 0 cece cece aae 2 58 VLAN Restrictions 2 0 00 c cece een eee 2 59 Migrating Layer 3 VLANs Using VLAN MAC Configuration 2 60 VLAN MAC Address Reconfiguration 02 000 2 60 Handling Incoming and Outgoing VLAN Traffic 2 61 Sending Heartbeat Packets with a Configured MAC Address 2 62 Configuring a VLAN MAC Address with Heartbeat Interval 2 63 Operating Notes 2 0 2 00 ck ene er mtm er 2 63 Example oes tege tpe qec eue Mec ERU M E en eect ee 2 64 Verifying a VLAN MAC Address Configuration 2 64 3 GVRP Contents io dL M etu seu cedes 3 1 Overview c i e cate Sle RE EE oe la Le AN EE CEU 3 2 Introduction eed cec Ree etre Sel mee Rr ee 3 3 General Operation eeeseeeee eee 3 4 Per Port Options for Handling GVRP Unknown VLANs 3 7 Per Port Options for Dynamic VLAN Advertising and Joining 3 9 GVRP and VLAN Access C
93. 2 58 redundant path 4 10 port trunk VLAN 2 58 precedence bits QoS definition 5 6 primary VLAN See VLAN priority 802 1p priority defined 5 6 codepoint defined 5 6 configuring number of queues 5 62 downstream device defined 5 6 DSCP policy defined 5 6 DSCP defined 5 6 inbound port defined 5 6 outbound port defined 5 6 queues per port 5 62 upstream device defined 5 7 priority QoS changing queues per port 5 62 criteria for prioritizing packets 5 10 device priority screen 5 23 IP address source and destination match 5 24 type of service screen 5 29 5 41 VID effect of eliminating 5 43 VLAN ID priority 5 43 5 49 PVST disabling 4 34 enabling 4 34 enabling filtering 4 35 filtering 4 33 manually re enabling port 4 35 protection 4 33 show configured ports 4 36 Q Quality of Service basic operation 5 7 changing the number of outbound queues 5 63 configuring 5 11 5 15 configuring IP type of service 5 29 5 41 configuring number of priority queues 5 62 criteria for prioritizing outbound packets 5 10 definitions of terms 5 6 device priority screen 5 23 DSCP Policy Table 5 56 GVRP not supported 5 43 maximum entry limit 5 66 no override definition 5 13 No override effect of 5 57 overview 5 1 prioritizing traffic based on IP ToS field 5 29 5 41 p
94. 2222 2 Switch Configuration VLAN VLAN Names DEFAULT VLAN 22 VLAN 22 Example of a New VLAN and ID ctions Back Edit Delete Help add a new record Use up down arrow keys to change record selection left right arrow keys to change action selection and Enter to execute action Figure 2 15 Example of VLAN Names Screen with a New VLAN Added 6 Repeat steps 2 through 5 to add more VLANS Remember that you can add VLANs until you reach the number specified in the Maximum VLANs to support field on the VLAN Support screen see figure 2 12 on page 2 23 This includes any VLANs added dynamically due to GVRP operation 7 Return to the VLAN Menu to assign ports to the new VLAN s as described in the next section Adding or Changing a VLAN Port Assignment Adding or Changing a VLAN Port Assignment Use this procedure to add ports to a VLAN or to change the VLAN assign ment s for any port Ports not specifically assigned to a VLAN are automat ically in the default VLAN 1 From the Main Menu select 2 Switch Configuration 8 VLAN Menu 3 VLAN Port Assignment You will then see a VLAN Port Assignment screen similar to the following The VLAN Port Assignment screen displays up to 32 static port based VLANs in ascending order by VID If the switch configuration includes more than 32 such VLANs use the CLI show vlans VID ports lt port list gt comman
95. 4 Untagged Port 7 Red VLAN Untagged Port 5 Red VLAN Untagged Green VLAN Tagged Green VLAN Tagged Figure 2 26 Example of Tagged and Untagged VLAN Port Assignments In switch X VLANs assigned to ports X1 X6 can all be untagged because there is only one VLAN assignment per port Red VLAN traffic will go out only the Red ports Green VLAN traffic will go out only the Green ports and so on Devices connected to these ports do not have to be 802 1Q compliant However because both the Red VLAN and the Green VLAN are assigned to port X7 at least one of the VLANs must be tagged for this port In switch Y VLANs assigned to ports Y1 Y4 can all be untagged because there is only one VLAN assignment per port Devices connected to these ports do not have to be 802 1Q compliant Because both the Red VLAN and the Green VLAN are assigned to port Y5 at least one of the VLANs must be tagged for this port In both switches The ports on the link between the two switches must be configured the same As shown in figure 2 26 above the Red VLAN must be untagged on port X7 and Y5 and the Green VLAN must be tagged on port X7 and Y5 or vice versa 2 42 Static Virtual LANs VLANs 802 10 VLAN Tagging Note Each 802 1Q compliant VLAN must have its own unique VID number and that VLAN must be given the same VID in every device in which it is configured That is ifthe Red VLAN has a VID of 10 in switch X then 10 must also be used
96. 5 66 Options for Assigning Priority Priority control options for packets carry ing a specified IP address include m 802 1p priority m DSCP policy Assigning a new DSCP and an 802 1p priority inbound packets must be IPv4 For operation when other QoS classifiers apply to the same traffic refer to Classifiers for Prioritizing Outbound Packets on page 5 10 For a given IP address you can use only one of the above options at a time However for different IP addresses you can use different options Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic Assigning a Priority Based on IP Address This option assigns an 802 1p priority to all IPv4 packets having the specified IP address as either a source or destination If both match the priority for the IP destination address has precedence Syntax qos device priority lt ip address gt priority lt 0 7 gt Configures an 802 1p priority for outbound packets having the specified IP address This priority deter mines the packet s queue in the outbound port to which it is sent If the packet leaves the switch on a tagged port it carries the 802 1p priority with it to the next downstream device Default Disabled no qos device priority lt ip address gt Removes the specified IP device priority QoS classifier and resets the priority for that VLAN to No override show qos
97. 61 Quality of Service QoS Managing Bandwidth More Effectively QoS Queue Configuration QoS Queue Configuration QoS queue configuration allows you to reduce the number of outbound queues that all switch ports will use to buffer packets for 802 1p user priorities By default there are four priority queues or traffic classes Using this feature you can reconfigure the switch to eight queue mode or two queue mode to increase the available bandwidth per queue Use the following commands to change the number of queues per port and display the current priority queue configuration on the switch Syntax qos queue config 2 queues 4 queues 8 queues Configures the number of outbound priority queues for all ports on the switch using one of the following options 2 queues 4 queues o 8 queues Default 4 queues Caution This command will execute a write memory followed by an immediate reboot replacing the Startup con figuration with the content of the current Running configu ration The new configuration will 1 Remove any previously configured bandwidth min output settings 2 Set the new number of outbound port queues If you select anything but yes for this operation the operation is aborted and a message stating Operation aborted appears show qos queue config Displays the current qos queue configuration Mapping of Outbound Port Queues The mapping of 802 1p priorities to outbound por
98. 802 1p downstream on tagged traffic on tagged VLANs bid with 802 1p priority VLANs Set Priority Change Priority Figure 5 1 Example of 802 1p Priority Based on CoS Class of Service Types and Use of VLAN Tags Edge Switch Honor Policy Downstream Honor New Policy Classify inbound traffic Switch on IP device address Downstream Classify on ToS DiffServ Downstream and VLAN ID VID Switch and Other CoS Switch Apply DSCP markers to Traffic arrives with DSCP Apply new DSCP markers Classify on ToS Diffserv selected traffic markers set by edge to selected traffic switch Set Policy Classify on ToS DiffServ Change Policy Figure 5 2 Example Application of Differentiated Services Codepoint DSCP Policies Quality of Service QoS Managing Bandwidth More Effectively Introduction At the edge switch QoS classifies certain traffic types and in some cases applies a DSCP policy At the next hop downstream switch QoS honors the policies established at the edge switch Further downstream another switch may reclassify some traffic by applying new policies and yet other down stream switches can be configured to honor the new policies QoS is implemented in the form of rules or policies that are configured on the switch While you can use QoS to prioritize only the outbound traffic while it is moving through the switch you derive the maximum benefit by using QoS in an 802 1Q VLAN environment with 802 1p priority tags or in an
99. 802 1s Multiple Spanning Tree Protocol MSTP 4 6 MSTP Struct re ert eee Um mete epe acest es eng Ande 4 7 How MSTP Operates 00 0 cece cece eee eee 4 9 MST ReSiONS ie e Ot ie ied ears Se EGER EE E eee 4 9 Regions Legacy STP and RSTP Switches and the Common Spanning Tree CST 2 0 0 eee eee eee eee 4 11 MSTP Operation with 802 1Q VLANs sese 4 11 Terminology 5c ho eR Rs DL aAA ER Ur 4 12 Operating Rules ccc eee Re re nh 4 14 MSTP Compatibility with RSTP or STP seessss 4 16 Configuring MSTP seen 4 17 Planning an MSTP Application seeseeeeeeeeee 4 17 MSTP Configuration Overview eeeeeeeeee eee 4 18 Configuring MSTP Operation Mode and Global Settings 4 20 Configuring MSTP Per Port Parameters seus 4 25 Configuring Per Port Parameters 2 0 00000 4 26 Configuring BPDU Filtering 2 0 0000 4 29 Configuring BPDU Protection 00 02 0000 eee 4 30 PVST Protection and Filtering 02000 4 33 Configuring Loop Protection 00 0 0 e eee eee 4 37 Configuring MST Instance Parameters 0 0005 4 39 Configuring MST Instance Per Port Parameters 4 42 Enabling or Disabling Spanning Tree Operation 4 45 Enabling an Entire MST Region at Once or Exchanging One Region Co
100. 9 on page 5 56 on page 5 56 5 46 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic Syntax vlan lt vid qos dscp lt codepoint gt Assigns a DSCP policy to packets carrying the specified VLAN ID and overwrites the DSCP in these packets with the assigned lt codepoint gt value This policy includes an 802 1p priority and determines the packet s queue in the outbound port to which it is sent If the packet leaves the switch on a tagged port it carries the 802 1p priority with it to the next downstream device Default No override Syntax no vlan vid qos Removes QoS classifier for the specified VLAN Syntax show qos device priority Displays a listing of all QoS VLAN ID classifiers currently in the running config file For example suppose you wanted to assign this set of priorities VLAN ID DSCP Priority 40 000111 7 30 000101 5 20 000010 1 1 000010 1 1 Determine whether the DSCPs already have priority assignments which could indicate use by existing applications This is not a problem as long as the configured priorities are acceptable for all applications using the same DSCP Refer to the Notes on Changing a Priority Setting on page 5 58 Also a DSCP must have a priority configured before you can assign any QoS classifiers to use it ProCurve config show qos dscp map DSCP 802 p priority mappin
101. AN Tagging on page 2 41 2 28 Static Virtual LANs VLANs Configuring VLANs VLAN Commands Page show vlans below show vlans lt vid gt 2 33 show vlans ports port list max vlans lt 1 2048 gt 2 34 primary vlan vid 2 35 no vlan lt vid gt 2 36 auto lt port list gt 2 38 Available if GVRP enabled forbid 2 38 name lt vlan name gt 2 38 protocol lt protocol list gt 2 36 tagged lt port list gt 2 38 untagged lt port list gt 2 38 voice 2 55 static vlan lt vlan id gt 2 38 Available if GVRP enabled Displaying the Switch s VLAN Configuration The show vlans command lists the VLANs currently running in the switch with VID VLAN name and VLAN status Dynamic VLANs appear only if the switch is running with GVRP enabled and one or more ports has dynamically joined an advertised VLAN In the default configuration GVRP is disabled Refer to chapter 3 GVRP Syntax show vlans Maximum VLANs to support Shows the number of VLANs the switch can currently support Default 256 Maximum 2048 Primary VLAN Refer to The Primary VLAN on page 2 46 Management VLAN Refer to The Secure Management VLAN on page 2 47 802 10 VLAN ID The VLAN identification number or VID Refer to Terminology on page 2 6 Name The default or specified name assigned to the VLAN For a static VLAN the default name consists of VLAN x where x matches the VID assigned to t
102. AN operation with non 802 1Q compliant devices A port can be an untagged member of one protocol based VLAN of each protocol type When assigning a port to multiple protocol based VLANs sharing the same type the port can be an untagged member of only one such VLAN m With routing enabled on the switch the switch can route traffic between e Multiple port based VLANs e Aport based VLAN and an IPv4 protocol based VLAN e Aport based VLAN and an IPv6 protocol based VLAN e AnIPv4 protocol based VLAN and an IPv6 protocol VLAN Other routable protocol based VLANs must use an external router to move traffic between VLANs With routing disabled all routing between VLANs must be through an external router m Prior to deleting a static VLAN you must first re assign all ports in the VLAN to another VLAN You can use the no vlan lt vid command to delete astatic VLAN For more information referto Creating a New Static VLAN Port Based or Protocol Based Changing the VLAN Context Level on page 2 36 2 59 Static Virtual LANs VLANs Migrating Layer 3 VLANs Using VLAN MAC Configuration Migrating Layer 3 VLANs Using VLAN MAC Configuration ProCurve routing switches provide an easy way to maintain Layer 3 VLAN configurations when you migrate distribution routers in a network configura tion that is not centrally managed By following the procedure described in this section you can upgrade to ProCurve routing switches without stopping
103. Also to help distinguish one switch from another in the stack you can configure a unique system name for each switch Otherwise the system name for a switch appearing in the Stacking Status screen appears as the stack name plus an automatically assigned switch number For example Pacific Ocean CONSOLE MANAGER MODE Stacking Stacking Status All For status descriptions see the table on page 6 45 Stack Name Mac Address System Name Status Big Waters G0 60b0 880a80 Pacific Ocean X Commander Up X 0060b0 dfiaD0 Coral Sea vu ember Up Online 0060b0 af7680 online D0 N Commander Up 001083 3c7480 online 1 Member Up 0060b0 312f00 online 2 er Up 001083 3c09cO online 3 Member Up Stack with unique system name foreach switch Stack named Online with no previously configured system names assigned to individual switches Actions gt Back Next page Prev page Help Return to previous Use up down arrow keys to scroll to other entries left right arrow keys to change action selection and lt Enter gt to execute action Figure 6 4 Using the System Name to Help Identify Individual Switches 6 11 Stack Management Configuring Stack Management Configure the Commander switch Doing this first helps to establish consistency in your stack configuration which can help prevent startup problems e Astackrequires one Commander switch If you plan
104. Assigning Priority From a RADIUS Server You can use a RADIUS server to impose a QoS source port priority during an 802 1X port access authentication session Refer to the RADIUS chapter in the Access Security Guide for your switch Assigning a Priority Based on Source Port This option assigns a priority to all outbound packets having the specified source port You can configure this option by either specifying the source port ahead ofthe qos command or moving to the port context for the port you want to configure for priority If you are configuring multiple source ports with the same priority you may find it easier to use the interface lt port list command to go to the port context instead of individually configuring the priority for each port Syntax interface lt port list qos priority lt 0 7 gt Configures an 802 1p priority for packets entering the switch through the specified source ports This priority determines the packet queue in the outbound port s to which traffic is sent If a packet leaves the switch on a tagged port it carries the 802 1p priority with it to the next downstream device You can configure one QoS classifier for each source port or group of source ports Default No override 5 49 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic Syntax no interface lt port list gt qos Disables use of the s
105. CIST CFG BPD Rx CIST RST BPD TX CEST D D D X DOTO CO QTO T jS O3 WO O OO RST BP Rx CIST MST BP TI MSGs Tx 10 CIS MST BP TI MSGs Rx 341802 CIS e Figure 4 31 Example of show spanning tree debug counters Command Output 4 66 Multiple Instance Spanning Tree Operation Troubleshooting an MSTP Configuration Displaying Debug Counters for One MST Instance The show spanning tree debug counters instance command allows you to dis play the aggregate values of all MSTP debug counters maintained on a switch for a specified spanning tree instance These aggregate values are a summary of information collected from all ports that have VLANs assigned to the specified instance Use the show spanning tree debug counters instance command to troubleshoot the global MSTP diagnostic information displayed in show spanning tree debug counters command output when you suspect unauthorized MSTP activ ity in a specific MST instance Syntax show spanning tree debug counters instance instance id This command displays debug counters for MSTP activity on all ports configured for VLANs in the specified MST instance The valid values for instance lt instance id gt are from O to 16 0 specifies the default MST CIST instance 1 to 16 specify a multiple spanning tree MST instance The following example shows sample output of the show spanning tree debug counter
106. Configuring MSTP Operation Mode and Global Settings 4 20 Configuring MSTP Per Port Parameters seus 4 25 Configuring Per Port Parameters 2 0 000005 4 26 Configuring BPDU Filtering 0 2 0 0 000 0 4 29 Configuring BPDU Protection 2 0000 ee 4 30 PVST Protection and Filtering 02000 4 33 Configuring Loop Protection 00 0202 eee eee 4 37 Configuring MST Instance Parameters 2 000005 4 39 Configuring MST Instance Per Port Parameters 4 42 Enabling or Disabling Spanning Tree Operation 4 45 Enabling an Entire MST Region at Once or Exchanging One Region Configuration for Another 4 45 MSTP VLAN Configuration Enhancement 4 47 PreConfiguring VLANs in an MST Instance 4 48 Configuring MSTP Instances with the VLAN Range Option 4 49 Operating Notes for the VLAN Configuration Enhancement 4 51 How to Save Your Current Configuration 4 52 Displaying MSTP Statistics and Configuration 4 54 Displaying Global MSTP Status 0 0 0 0 cee ee eee ee 4 55 Displaying Detailed Port Information 4 57 Displaying Status for a Specific MST Instance 4 58 Displaying the MSTP Configuration 4 59 Troubleshooting an MSTP Configuration
107. Effectively Introduction Terminology Term 802 1p priority 802 10 field codepoint downstream device DSCP DSCP policy edge switch inbound port IP Options IP precedence bits IPv4 outbound packet outbound port Use in This Document A traffic priority setting carried by a VLAN tagged packet moving from one device to another through ports that are tagged members of the VLAN to which the packet belongs This setting can be from 0 7 The switch handles an outbound packet on the basis of its 802 1p priority However if the packet leaves the switch through a VLAN on which the port is an untagged member this priority is dropped and the packet arrives at the next downstream device without an 802 1p priority assignment Afour byte field thatis presentin the header of Ethernet packets entering or leaving the switch through a portthatis a tagged member of a VLAN This field includes an 802 1p priority setting a VLAN tag or ID number VID and other data A packet entering or leaving the switch through a port that is an untagged member of the outbound VLAN does not have this field in its header and thus does not carry a VID or an 802 1p priority See also 802 1p priority Refer to DSCP below A device linked directly or indirectly to an outbound switch port That is the switch sends traffic to downstream devices Differentiated Services Codepoint Also termed codepoint A DSCP is comprised ofthe uppe
108. Example of Command Sequence for Changing the Number of VLANs Changing the Primary VLAN In the default VLAN configuration the port based default VLAN DEFAULT VLAN is the Primary VLAN However you can reassign the Primary VLAN to any port based static VLAN on the switch For more on the Primary VLAN refer to The Primary VLAN on page 2 46 To identify the current Primary VLAN and list the available VLANs and their respective VIDs use show vlans Syntax primary vlan lt vid ascii name string gt Reassigns the Primary VLAN function Re assignment must be to an existing port based static VLAN The switch will not reassign the Primary VLAN function to a protocol VLAN If you re assign the Primary VLAN to a non default VLAN you cannot later delete that VLAN from the switch until you again re assign the Primary VLAN to another port based static VLAN For example if you wanted to reassign the Primary VLAN to VLAN 22 and rename the VLAN with 22 Primary and display the result Reassigns the Primary VLAN to VLAN 22 ProCurve config primary vlan 22 lt _ ProCurve config vlan 22 name 22 Primary ProCurve config show vlans bi Renames VLAN 22to Status and Counters VLAN Information 22 Primary Maximum VLANs to support 8 Primary VLAN 22 Primary Management VL N 802 10 VL N ID Name Status Voice Jumbo DEFAULT VLAN Static 22 Primary Static Figure 2 24 Example of Reassigning Primary VLAN and
109. Example of Configuring and Listing 802 1p Priority Assignments on TCP UDP Ports Assigning a DSCP Policy Based on TCP or UDP Port Number or Range of Port Numbers The switches covered in this guide do not support DSCP policies on IPv4 packets with IP options For more information on packet type restrictions refer to Details of Packet Criteria and Restrictions for QoS Support on page 5 66 This option assigns a previously configured DSCP policy codepoint and 802 1p priority to IPv4 TCP or UDP packets having the specified port number or range of port numbers That is the switch 1 Selects an incoming IP packet if the TCP or UDP port number it carries matches the port number specified in the TCP or UDP classifier as shown in figure 5 4 above 2 Overwrites re marks the packet s DSCP with the DSCP configured in the switch for such packets Note 4 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic Assigns the 802 1p priority configured in the switch for the new DSCP Refer to Differentiated Services Codepoint DSCP Mapping on page 5 55 Forwards the packet through the appropriate outbound port queue For more on DSCP refer to Terminology on page 5 6 Steps for Creating a DSCP Policy Based on TCP UDP Port Number Classifiers This procedure creates a DSCP policy for IPv4 packets carrying the selected UDP or TCP port numb
110. GVRP Table 2 4 Per Port VLAN Configuration Options Parameter Effect on Port Participation in Designated VLAN Tagged Allows the port to join multiple VLANs Untagged Allows VLAN connection to a device that is configured for an untagged VLAN instead of a tagged VLAN A port can be an untagged member of only one port based VLAN A port can also be an untagged member of only one protocol based VLAN for any given protocol type For example if the switch is configured with the default VLAN plus three protocol based VLANs that include IPX then port 1 can be an untagged member of the default VLAN and one of the protocol based VLANS 2 13 Static Virtual LANs VLANs VLAN Operating Rules Parameter Effect on Port Participation in Designated VLAN No No Appears when the switch is not GVRP enabled prevents the port from or joining that VLAN Auto Auto Appears when GVRP is enabled on the switch allows the port to dynamically join any advertised VLAN that has the same VID Forbid Prevents the port from joining the VLAN even if GVRP is enabled on the switch VLAN Operating Rules DHCP Bootp If you are using DHCP Bootp to acquire the switch s configuration packet time to live and TimeP information you must des ignate the VLAN on which DHCP is configured for this purpose as the Primary VLAN In the factory default configuration the DEFAULT VLAN is the Primary VLAN Per VLAN Features IGMP and some other features
111. Guide shipped with your switch to prepare for and perform the physical installation This guide also steps you through connecting the switch to your network and assigning IP addressing as well as describing the LED indications for correct operation and trouble analysis You can download a copy from the ProCurve Networking web site See Getting Documentation From the Web on page 1 7 1 5 Getting Started Sources for More Information Management and Configuration Guide Use this guide for information on topics such as e various interfaces available on the switch e memory and configuration operation e interface access e IP addressing e time protocols e port configuration trunking and traffic control e SNMP LLDP and other network management topics e file transfers switch monitoring troubleshooting and MAC address management Advanced Traffic Management Guide Use this guide for information on topics such as e VLANs Static port based and protocol VLANs and dynamic GVRP VLANS e Spanning Tree 802 1s MSTP e Quality of Service QoS Multicast and Routing Guide Use this guide forinformation topics such as e IGMP e IP routing Access Security Guide Use this guide for information on topics such as e Local username and password security e Web Based and MAC based authentication e RADIUS and TACACS authentication e SSH Secure Shell and SSL Secure Socket Layer operation e 802 1X access cont
112. In figure 2 30 Workstation 1 has management access to all three switches through the Management VLAN while the PCs do not This is because config uring a switch to recognize a Management VLAN automatically excludes attempts to send management traffic from any other VLAN 2 48 Static Virtual LANs VLANs Special VLAN Types Links with Ports Configured as Members of the Management VLAN and other VLANs Links Not Belonging to the Management VLAN System Management Workstation xe Switch Switch N A C d 3 Port A1 lt M Port C2 e PortA3 OG A Portc3d3 l Port A7 Port C8 a3 1 Server Server 77 d System Server Server oh th Marketing DEFAULT VLAN Cl 4 QI E gee ley eg a Figure 2 30 Example of Management VLAN Control in a LAN Table 2 7 VLAN Membership in Figure 2 30 Switch A1 A3 A6 A7 H2 B4 B5 B9 C2 C3 C6 C8 Management VLAN VID 7 Y N N Y Y Y N N Y N N N Marketing VLAN VID 12 N N N N N N N N N Y Y Y Shipping Dept VLAN VID 20 N Y Y N N N N N N N N N DEFAULT VLAN VID 1 Y Y Y Y Y Y Y Y Y Y Y Y Preparation 1 Determine a VID and VLAN name suitable for you
113. LAN 1 in the Switch 8000 with the 2900 switch s MAC address in the destination field However this time the Switch 8000M s single forwarding database indicates that the 2900 is on port B1 VLAN 2 and the 8000M drops the packet instead of forwarding it Later the 2900 switch transmits a packet to the 8000M through the VLAN 1 link and the 8000M updates its address table to indicate that the 2900 switch is on port A1 VLAN 1 instead of port B1 VLAN 2 Thus the 8000M s information on the location of the 2900 switch changes over 2 20 Static Virtual LANs VLANs Multiple VLAN Considerations time For this reason the 8000M discards some packets directed through itforthe 2900 switch resulting in poor performance and the appearance of an intermittent or broken link The Solution To avoid the preceding problem use only one cable or port trunk between the single forwarding and multiple forwarding database devices and configure the link with multiple tagged VLANs Switch 8000M VLANI VLAN IVLAN2 PC A 1 amp 2 777 PC B MT S This switch has a single C1 forwarding database ates VLAN a A VLAN 11 182 i VLAN2 Iss 2900 Switch This switch has multiple forwarding databases Routing Enabled Figure 2 10 Example of a Solution for Single Forwarding to Multiple Forwarding Database Devices in a Multiple VLAN Environment Now the 8000M for
114. Manager and Operator passwords propagate to the candidate when it joins the stack The easiest way to automatically create a stack is to 1 Configure a switch as a Commander 2 Configure IP addressing and a stack name on the Commander 3 Setthe Commander s Auto Grab parameter to Yes 4 Connect Candidate switches in their factory default configuration to the network This approach automatically creates a stack of up to 16 switches including the Commander However this replaces manual control with an automatic process that may bring switches into the stack that you did not intend to include With the Commander s Auto Grab parameter set to Yes any switch conforming to all four of the following factors automatically becomes a stack Member 6 10 Stack Management Configuring Stack Management m Default stacking configuration Stack State set to Candidate and Auto Join set to Yes m Same subnet broadcast domain and default VLAN as the Commander If VLANs are used in the stack environment see Stacking Operation with a Tagged VLAN on page 6 44 m No Manager password m 14 or fewer stack members at the moment General Steps for Creating a Stack This section describes the general stack creation process For the detailed configuration processes see pages 6 13 through 6 36 for the menu interface and pages 6 29 through 6 41 for the CLI 1 Determine the naming conventions for the stack You will need a stack name
115. Memory 10 70 10 10 Figure 5 35 Displaying QoS Queue Configuration Quality of Service QoS Managing Bandwidth More Effectively QoS Operating Notes and Restrictions QoS Operating Notes and Restrictions QoS support based on packet type is shown below Table 5 13 Details of Packet Criteria and Restrictions for QoS Support Packet QoS Classifiers DSCP jose UDP TCP Device IP Type of Layer3 VLAN Source Incoming rid penile Priority IP Service Protocol Port 802 1p Marking Address Restricted to Yes Yes Yes No No No No Yes IPv4 Packets Only Allow Packets Yes Yes Yes Yes Ye23 Yes Yes No with IP Options Support IPv6 No No No Yes Yes Yes Yes No Packets Support Layer 2 Yes Yes Yes Yes Yes Yes Yes Yes Encapsulation For explicit QoS support of IPv6 packets force IPv6 traffic into its own set of VLANs and then configure VLAN based classifiers for those VLANs 20n IPv4 packets with IP options the switches covered in this guide support QoS for 802 1p priority policies but does not do any DSCP re marking for DSCP policies m All Switches For explicit QoS support of IP subnets ProCurve recom mends forcing IP subnets onto separate VLANs and then configuring VLAN based classifiers for those VLANs m For Devices that Do Not Support 802 1Q VLAN Tagged Ports For communication between these devices and the switch connect the device to a switch port configured as Untagged for the VLAN in whi
116. N GVRP Enabled No No Actions gt Edit save Help Cancel changes and return to previous screen Use arrow keys to change action selection and lt Enter gt to execute action Figure 3 4 The VLAN Support Screen Default Configuration 2 Do the following to enable GVRP and display the Unknown VLAN fields a Press E for Edit b Use to move the cursor to the GVRP Enabled field c Press the Space bar to select Yes d Press i again to display the Unknown VLAN fields GVRP Configuring GVRP On a Switch The Unknown VLAN fields enable you to configure each port to Learn Dynamically join any advertised VLAN and advertise all VLANs learned through other ports Block Do not dynamically join any VLAN but still advertise all VLANs learned through other ports Disable Ignore and drop all incoming advertisements and do not transmit any advertisements CONSOLE MANAGER MODE Switch Configuration VLAN VLAN Maximum VLANs to support 8 8 Primary VL N DEFAULT VLAN GVRP Enabled No Yes Support Port Unknown VLAN Unknown VLAN Al Az 43 44 AS 6 A 10 100TX 10 100TX 10 100TX 10 100TX 10 100TX 10 100TX 10 100TX 10 100TX 10 100TX 10 100TX 10 100TX 10 100TX 10 100TX 10 100TX Actions gt Cancel Help Use arrow keys to change field selection lt Space gt to toggle field choices and lt Enter gt to go to Actions Figure
117. PDU Filters in the Show Configuration Command Configuring BPDU Protection BPDU protection is a security feature designed to protect the active STP topology by preventing spoofed BPDU packets from entering the STP domain Inatypical implementation BPDU protection would be applied to edge ports connected to end user devices that do not run STP If STP BPDU packets are received on a protected port the feature will disable that port and alert the network manager via an SNMP trap as shown in Figure 4 7 4 30 Multiple Instance Spanning Tree Operation Configuring MSTP Management Station A t e NN MBISP Switch ee my Event Log port X is disable by STP BPDU protection un M EIER i Fake STP BPDU EndUser Figure 4 7 Example of BPDU Protection Enabled at the Network Edge The following commands allow you to configure BPDU protection Syntax no spanning tree port list bpdu protection Enables disables the BPDU protection feature on a port Syntax no spanning tree port list bpdu protection timeout timeout Configures the duration of time when protected ports receiving unauthorized BPDUs will remain disabled The default value of 0 zero sets an infinite timeout that is ports that are disabled by bpdu protection axe not by default re enabled automatically Rang
118. Priority Setting on a Policy When One or More Classifiers Are Currently Using the Policy Suppose that codepoint 000001 is in use by one or more classifiers If you try to change its priority you see a result similar to the following ProCurvefconfig qos dscp map 000001 priority 2 Cannot modify DSCP Policy 000001 in use by other qos rules Figure 5 33 Example of Trying To Change the Priority on a Policy In Use by a Classifier In this case you would use steps similar to the following to change the priority 1 Identify which classifiers use the codepoint you want to change 5 59 Quality of Service QoS Managing Bandwidth More Effectively Differentiated Services Codepoint DSCP Mapping Tveeclesiifiainss y ProCurve config show qos device priority the codepoint that is to be changed j Device priorities j Device Address Apply rule DSCP Priority 10 26 50 104 DSCP ProCurve config show qos port priority Port priorities P1 Port Apply rule DSCP Priority Radius Override L No override No override No override No override No override No override DSCP 000001 6 No override No override No override No override No override No override No override ProCurve config show qos tcp udp port priority I I l TCP UDP port based priorities Application Two classifiers do not Protocol Port Apply rule DSCP Priority use the codepointthat
119. ProCurve Networking by HP Advanced Traffic Management Guide ProCurve Switches T 13 01 www procurve com f invent ProCurve 2900 Switch January 2008 T 13 01 Advanced Traffic Management Guide Copyright 2006 2008 Hewlett Packard Development Company L P The information contained herein is subject to change with out notice All Rights Reserved This document contains proprietary information which is protected by copyright No part of this document may be photocopied reproduced or translated into another language without the prior written consent of Hewlett Packard Publication Number 5991 6197 January 2008 Applicable Products ProCurve Switch 2900 24G J9049A ProCurve Switch 2900 48G J9050A Trademark Credits Microsoft Windows and Microsoft Windows NT are US registered trademarks of Microsoft Corporation Disclaimer The information contained in this document is subject to change without notice HEWLETT PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE Hewlett Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing performance or use of this material The only warranties for HP products and services are set forth in the express warranty statements accompanying such produ
120. QoS priority determines which outbound queue the packet uses 5 8 Quality of Service QoS Managing Bandwidth More Effectively Introduction Table 5 2 QoS Priority Settings and Operation QoS Priority Setting Outbound Port Queue 1 2 low priority 1 2 0 3 normal priority 3 4 4 5 medium priority 5 6 6 7 high priority 7 8 If a packet is not in a VLAN tagged port environment then the QoS settings in table 5 2 control only to which outbound queue the packet goes Without VLAN tagging no 802 1p priority is added to the packet for downstream device use But if the packet is in a VLAN tagged environment then the above setting is also added to the packet as an 802 1p priority for use by downstream devices and applications shown in table 5 3 In either case an IP packet can also carry a priority policy to downstream devices by using DSCP marking in the ToS byte Table 5 3 Mapping Switch QoS Priority Settings to Device Queues Priority Setting Outbound Port 802 1p Priority Setting Added Queue Assignment in Downstream Devices With Queues in the m Tagged cen IMS 8 Queues 3 Queues 2 Queues Switch Leaving the Switch 1 Queue 1 1 low priority Queue 1 Queue 1 2 Queue 2 2 Queue 2 Queue 1 0 Queue 3 0 normal priority Queue 3 Queue 2 3 Queue 4 3 Queue 4 4 Queue 5 4 medium priority Queue 5 Queue 3 5 Queue 6 5 Queue 6 Queue 2 6 Queue 7 6 high priority Queue 7 7 Queue 8 7 Qu
121. SCP DiffServe Code point on tagged voice VLAN traffic moving through the switch For more on this and other QoS topics refer to the chapter titled Quality of Service QoS Managing Bandwidth More Effectively in this guide Voice VLAN Access Security You can use port security configured on an individual port or group of ports in a voice VLAN That is you can allow or deny access to a phone having a particular MAC address Refer to chapter titled Configuring and Monitoring Port Security in the Access Security Guide for your switch MAC authentication is not recommended in voice VLAN applications Effect of VLANS on Other Switch Features Spanning Tree Operation with VLANs Depending on the spanning tree option configured on the switch the span ning tree feature may operate as a single instance across all ports on the switch regardless of VLAN assignments or multiple instance on a per VLAN basis Forsingle instance operation this means that if redundant physical links exist betweenthe switch and another 802 1Q device all but one link will be blocked regardless of whether the redundant links are in separate VLANSs In this case you can use port trunking to prevent Spanning Tree from unnecessarily blocking ports and to improve overall network performance For multiple instance operation physically redundant links belonging to different VLANs can remain open Refer to chapter 4 Multiple Instance Spanning Tree Oper ation
122. ST instance e MSTI A 4 5 e MSTI B 7 9 e MSTI B 7 9 Figure 4 3 Active Topologies Built by Three Independent MST Instances While allowing only one active path through a given instance MSTP retains any redundant physical paths in the instance to serve as backups blocked paths in case the existing active path fails Thus if an active path in an instance fails MSTP automatically activates unblocks an available backup to serve as the new active path through the instance for as long as the original active path is down Note also that a given port may simultaneously operate in different states forwarding or blocking for different spanning tree instances within the same region This depends on the VLAN memberships to which the port is assigned For example if a port belongs to VLAN 1 in the IST instance of a region and also belongs to VLAN 4 in MSTI x in the same region the port may apply different states to traffic for these two different instances Multiple Instance Spanning Tree Operation 802 1s Multiple Spanning Tree Protocol MSTP Within a region traffic routed between VLANs in separate instances can take only one physical path To ensure that traffic in all VLANS within a region can travel between regions all ofthe boundary ports for each region should belong to all VLANs configured in the region Otherwise traffic from some areas within a region could be blocked from moving to othe
123. STP activity in your network by focusing on increasingly specific levels of operation For example you can display debug information for m All MST instances m All ports used in one MST instance m A specific port or several ports used in one MST instance Also you can display the change history for the root bridge switch used as the single forwarding path for m All MST regions STP bridges and RSTP bridges in an STP network m All VLANs on MSTP switches in a region m All VLANs on MSTP switches in an MST instance Displaying the Change History of Root Bridges The show spanning tree root history command allows you to display change history information up to 10 history entries for a specified root bridge in any of the following MSTP topologies m Common Spanning Tree cst Provides connectivity in a bridged network between MST regions STP LANs and RSTP LANs m Internal Spanning Tree ist Provides connectivity within an MST region for VLANs associated with the default Common and Internal Spanning Tree CIST instance in your network VLANs that have not been mapped to an MST instance 4 63 Multiple Instance Spanning Tree Operation Troubleshooting an MSTP Configuration m MST Instance mst Connects all static and starting from release 13 x x dynamic VLANs assigned to a multiple spanning tree instance Syntax show spanning tree root history cst ist mst lt instance id gt gt This command displays the cha
124. U arrived is shut down which isolates the sending switch from the rest ofthe network An event message is logged and an SNMP notification trap is generated The errant BPDU counter hpSwitchStpPortErrantBpduCounter is incremented The PVST protection feature is enabled per port 4 33 Multiple Instance Spanning Tree Operation Configuring MSTP ProCurve Switches inserted into the Core SOLUTION bis MSTP witch Switches ProCurve Switches xX Part shutdown after receipt of PVST BPDU Figure 4 10 PVST Switch Being Isolated after Sending a PVST BPDU Note This is similar to the BPDU Guard feature where BPDU protection is applied to edge ports connected to end user devices that do not run STP If STP BPDU packets are received on a protected port the feature will disable that port and alert the network manager via an SNMP trap Syntax no spanning tree lt port list gt pvst protection Enables or disables the PVST protection feature on the port or range of ports specified The command indicates which ports are not expected to receive any PVST BPDUs Default Disabled on all ports For example to enable the PVST protection feature on ports 4 through 8 enter this command ProCurve config spanning tree 4 8 pvst protection To disable the PVST protection feature on a port for example port 4 use this command ProCurve config no spanning tree 4 pvst protection 4 34 Multiple Instance Spanning Tre
125. Use of an inbound 802 1p packet priority as a classifier for remapping a packet s outbound priority to different 802 1p priority For example where inbound packets carry an 802 1p priority of 1 QoS cannot be configured use this priority as a classifier for changing the outbound priority to 0 m Monitoring Shared Resources The QoS feature shares internal switch resources with several other features The switch provides ample resources for all features However if the internal resources become fully subscribed additional QoS provisions cannot be configured until the necessary resources are released from other uses For information on determining the current resource availability and usage refer to the appendix titled Monitoring Resources in the Management and Config uration Guide for your switch 5 67 Quality of Service QoS Managing Bandwidth More Effectively QoS Operating Notes and Restrictions IP Multicast IGMP Interaction with QoS IGMP high priority forward causes the switch to service the subscribed IP multicast group traffic at high priority even if QoS on the switch has relegated the traffic to a lower priority This does not affect any QoS priority settings so the QoS priority is honored by downstream devices However QoS does take precedence over IGMP normal priority traffic The switch s ability to prioritize IGMP traffic for either a normal or high priority outbound queue overrides any QoS criteria and does not
126. VLAN configuration m Within the same broadcast domain a dynamic VLAN can pass through a device that is not GVRP aware This is because a hub or a switch that is not GVRP ware will flood the GVRP multicast advertisement packets out all ports m GVRP assigns dynamic VLANs as Tagged VLANs To configure the VLAN as Untagged you must first convert it to a static VLAN 3 18 GVRP GVRP Operating Notes Rebooting a switch on which a dynamic VLAN exists deletes that VLAN However the dynamic VLAN re appears after the reboot if GVRP is enabled and the switch again receives advertisements for that VLAN through a port configured to add dynamic VLANs By receiving advertisements from other devices running GVRP the switch learns of static VLANs on those other devices and dynamically automat ically creates tagged VLANS on the links to the advertising devices Similarly the switch advertises its static VLANs to other GVRP aware devices as well as the dynamic VLANs the switch has learned A GVRP enabled switch does not advertise any GVRP learned VLANs out of the port s on which it originally learned of those VLANs A VLAN enabled for jumbo traffic cannot be used to create a dynamic VLAN A port belonging to a statically configured jumbo enabled VLAN cannot join a dynamic VLAN 3 19 GVRP GVRP Operating Notes 3 20 Multiple Instance Spanning Tree Operation Contents Overview 22 se neds eR b xe e pee Ee RERN 4 eise eis 4 3
127. VLAN restrictions For more on this topic refer to Multiple VLAN Considerations on page 2 18 Terminology Dynamic VLAN An 802 1Q VLAN membership temporarily created on a port linked to another device where both devices are running GVRP See also Static VLAN For more information refer to chapter 3 GVRP Static VLAN A port based or protocol based VLAN configured in switch memory See also Dynamic VLAN Tagged Packet A packet that carries an IEEE 802 1Q VLAN ID VID which is atwo byte extension that precedes the source MAC address field of an ethernet frame A VLAN tag is layer 2 data and is transparent to higher layers Tagged VLAN A VLAN that complies with the 802 1Q standard including priority settings and allows a port to join multiple VLANs See also Untagged VLAN Untagged Packet A packet that does not carry an IEEE 802 1Q VLAN ID VID Untagged VLAN A VLAN that does not use or forward 802 1Q VLAN tagging including priority settings A port can be a member of only one untagged VLAN of a given type port based and the various protocol based types See also Tagged VLAN VID The acronym for a VLAN Identification Number Each 802 1Q compliant VLAN must haveits own unique VID number and that VLAN must be given the same VID in every device in which it is configured 2 6 Static Virtual LANs VLANs Static VLAN Operation Static VLAN Operation A group of networked ports assigned to a VLAN fo
128. While these VLANs are not limited to management traffic only they can provide improved security and availability for management traffic m The Default VLAN This port based VLAN is always present in the switch and in the default configuration includes all ports as members page 2 46 m The Primary VLAN The switch uses this port based VLAN to run certain features and management functions including DHCP Bootp responses for switch management In the default configuration the Default VLAN is also the Primary VLAN However you can designate another port based non default VLAN as the Primary VLAN page 2 46 mg The Secure Management VLAN This optional port based VLAN estab lishes an isolated network for managing the ProCurve switches that support this feature Access to this VLAN and to the switch s management functions are available only through ports configured as members page 2 47 m Voice VLANs This optional port based VLAN type enables you to sepa rate prioritize and authenticate voice traffic moving through your net work and to avoid the possibility of broadcast storms affecting VoIP Voice over IP operation page 2 55 2 5 Static Virtual LANs VLANs Terminology Note Inamultiple VLAN environmentthat includes some older switch models there may be problems related to the same MAC address appearing on different ports and VLANs on the same switch In such cases the solution is to impose some cabling and
129. a Syntax show spanning tree config instance ist 1 16 gt The upper part of this output shows the instance data for the specified instance The lower part of the output lists the spanning tree port settings for the specified instance Syntax show spanning tree lt port list gt config instance lt ist 1 16 gt This command shows the same data as the above command but lists the spanning tree port parameter settings for only the specified port s and or trunk s You can list data for a series of ports and port trunks by specifying the first and last port or trunk of any consecutive series of ports and trunks For example to display data for port A20 A24 and trk1 use this command show spanning tree a20 a24 trk1 config instance 1 Switch 2 config 4 show spanning tree config instance 1 MST Instance Configuration Information Instance Specific Data Switch Priority IMapped VLANs a l Priority 10 100TE 10 100TX 129 i Port Settings for the 10 100TX l specified instance 10 100TX 10 100TX 100000 Figure 4 25 Example of the Configuration Listing for a Specific Instance 4 60 Multiple Instance Spanning Tree Operation Displaying MSTP Statistics and Configuration Displaying the Region Level Configuration in Brief This command output is useful for quickly verifying the allocation of VLANs in the switch s MSTP configuration and for viewing the configured region identifiers Syntax show
130. a region Before astatic VLAN is configured ora dynamic VLAN is learned on the switch you can used the spanning tree instance vlan command to map VLANs to each MST instance in the region Later when the VLAN is created the switch automatically assigns it to the MST instance to which you had previously mapped it 4 48 Multiple Instance Spanning Tree Operation Configuring MSTP Syntax no spanning tree instance lt 1 16 gt vlan lt vid vid vid gt no spanning tree instance 1 16 Configuring MSTP on the switch automatically configures the IST instance and places all statically and dynamically configured VLANs on the switch into the IST instance This command creates a new MST instance MSTI and moves the VLANs you specify from the IST to the MSTI You must map at least one VLAN to an MSTI when you create it You cannot map a VLAN ID to more than one instance You can create up to 16 MSTIs in a region The no form of the command removes one or more VLANs from the specified MSTI If no VLANs are specified the no form of the command deletes the specified MSTI When you remove a VLAN from an MSTI the VLAN returns to the IST instance where it can remain or be re assigned to another MSTI configured in the region Note The valid VLAN IDs that you can map to a specified MSTI are from 1 to 4094 The VLAN ID to MSTI mapping does not require a VLAN to be already configured on the switch The MSTP VLAN enhancement allows
131. acking Status Screen Viewing Member Status This procedure displays the Member s stacking information plus the Commanders status IP address and MAC address To display the status for a Member 1 Go to the console Main Menu of the Commander switch and select 9 Stacking 5 Stack Access 2 Use the downarrow key to select the Member switch whose status you want to view then press X for eXecute You will then see the Main Menu for the selected Member switch 3 Inthe Member s Main Menu screen select 9 Stacking 1 Stacking Status This Switch You will then see the Member s Stacking Status screen 6 27 Stack Management Configuring Stack Management Return to pr JU 3 Use arrow keys to change action selection and lt Enter gt to execute action Coral Sea TELNET MANAGER MODE Stacking Stacking Status This Switch Stack State Member Transmission Interval 60 Switch Number 1 Stack Name Big Waters Member Status Joined Successfully Commander Status Commander Up Commander IP Address 10 28 227 102 Commander MAC Address 0060b0 880a80 Actions gt Figure 6 20 Example of a Member s Stacking Status Screen Viewing Candidate Status This procedure displays the Candidate s stacking configuration To display the status for a Candidate l Return to pre U een Use arrow keys to change action selection and lt Enter gt to execute action Use Telnet if the Cand
132. aging Bandwidth More Effectively Differentiated Services Codepoint DSCP Mapping affect the packet queuing priority or VLAN tagging In this case the packets are handled as follows as long as no other QoS feature creates priority assignments for them 802 10 Status Outbound 802 1p Priority Received and Forwarded on a tagged port member of a VLAN Unchanged Received on an Untagged port member of a VLAN Forwarded on a 0 zero normal tagged port member of a VLAN Forwarded on an Untagged port member of a VLAN None Notes on Changing a Priority Setting If a QoS classifier is using a policy codepoint and associated priority in the DSCP Policy table you must delete or change this usage before you can change the priority setting on the codepoint Otherwise the switch blocks the change and displays this message Cannot modify DSCP Policy codepoint in use by other qos rules In this case use show qos classifier to identify the specific classifiers using the policy you want to change that is show qos device priority show qos port priority show qos tcp udp port priority show qos vlan priority show qos type of service For example suppose that the 000001 codepoint has a priority of 6 and several classifiers use the 000001 codepoint to assign a priority to their respective types of traffic If you wanted to change the priority of codepoint 000001 you would do the following 1 Identify which QoS clas
133. ality of Service QoS Managing Bandwidth More Effectively Preparation for Configuring QoS VLAN Priority requires at least one tagged VLAN on the network g Source Port h Incoming 802 1p Priority requires at least one tagged VLAN on the network 2 Selectthe QoS option you want to use Table 5 6 lists the traffic types QoS classifiers and the QoS options you can use for prioritizing or setting a policy on these traffic types Table 5 6 Applying QoS Options to Traffic Types Defined by QoS Classifiers QoS Options for Prioritizing Outbound Traffic QoS Classifiers UDP IP IP ToS IP L3 VLAN Source TCP Device Precedence DiffServ Protocol ID Port Option1 Prioritize traffic by sending specific Yes Yes Yes Yes Yes Yes Yes Configure packet types determined by QoS 802 1p classifier to different outbound port Priority queues on the switch Rules Only Rely on VLAN tagged ports to carry packet priority as an 802 1p value to downstream devices Option 2 Prioritize traffic by sending specific Yes Yes No Yes No Yes Yes Configure packet types determined by QoS ToS DSCP classifier to different outbound port Policies queues on the switch with Propagate a service policy by 802 1p reconfiguring the DSCP in outbound Priorities P packets according to packet type The packet is placed in an outbound port queue according to the 802 1p priority configured for that DSCP policy The policy assumes that downstream devices can b
134. ance 0 ports al5 Status and Counters CIST Port s Debug Counters Information MST Instance ID Port A15 Counter Name Last Updated Invalid BPDUs Errant BPDUs ST Config Error BPDUS Looped back BPDUs Starved BPDUs Exceeded Max Age BPDUs Exceeded Max Hops BPDUs Topology Changes Detected 02 09 07 17 40 59 Topology Changes Tx 02 09 07 17 41 03 Topology Changes Rx 02 09 07 17 41 01 Topology Change ACKs Tx Topology Change ACKs Rx CN BPDU TCN PDU PDU PDU PDU PDU PDU PD 02 09 07 17 41 03 02 13 07 18 05 34 Q0 ooo0o000 NA Figure 4 33 Example of show spanning tree debug counters instance ports Command Output for One Port in the CIST Instance 4 70 Multiple Instance Spanning Tree Operation Troubleshooting an MSTP Configuration ProCurve config show spanning tree debug counters instance 2 ports al5 Status and Counters MSTI Port s Debug Counters Information MST Instance ID Port A15 Counter Name 2 Last Updated Starved MSTI MSGs Exceeded Max Hops Topology Changes MSTI MSGs Tx MSTI MSGs Rx MSTI MSGs Topology Changes Detected 02 09 07 Tx 02 09 07 Topology Changes Rx 02 09 07 02 09 07 02 13 07 Figure 4 34 Example of show spanning tree debug counters instance ports Command Output for One Port in an MST Instance Field Descriptions in MSTP Debug Command Output Table 4 1 contains descriptions of the debugging information disp
135. ander s stack i Use the space bar to select Member ii Press Tab once to display the Commander MAC Address param eter then enter the MAC address of the desired Commander e To change Auto Join or Transmission Interval use Tab to select the desired parameter and To change Auto Join use the Space bar To change Transmission Interval type in the new value in the range of 1 to 300 seconds Note All switches in the stack must be set to the same transmis sion interval to help ensure proper stacking operation HP recom mends that you leave this parameter set to the default 60 seconds Then go to step 5 5 press Enter to return the cursor to the Actions line 6 16 Stack Management Configuring Stack Management 6 Press S for Save to save your configuration changes and return to the Stacking menu Using the Commander To Manage The Stack The Commander normally operates as your stack manager and point of entry into other switches in the stack This typically includes m Adding new stack members m Moving members between stacks m Removing members from a stack m Accessing stack members for individual configuration changes and traffic monitoring The Commander also imposes its passwords on all stack members and pro vides SNMP community membership to the stack See SNMP Community Operation in a Stack on page 6 43 Using the Commander s Menu To Manually Add a Candidate to a Stack In the de
136. anning tree port parameter settings for only the specified port s and or trunk s You can list data for a series of ports and port trunks by specifying the first and last port or trunk of any consecutive series of ports and trunks For example to display data for port A20 A24 and trk1 use this command show spanning tree a20 a24 trk1 config Switch 2 config f show spanning tree config Global Priority Global Hello Time Multiple Spanning Tree MST Configuration Inforkation STP Enabled No Yes Force Version MSTP operation HSTP operation Per Port Hello Time MST Configuration Name REGION 1 Overrides Global Hello MST Configuration Revision 1 Switch Priority 32768 Time on individual ports Forward Delay 15 15 Hello Time 2 2 Max Age 20 20 Max Hops 20 20 Port Type Priority Edge Point to Point MCheck Hello Time 107100TX Force True Use Global 107100TX Force True Use Global 10 100TE Force True Use Global 10 100TE Force True Use Global 107100TX Force True Use Global 10 100TE Force True Use Global 107100TX Force True Use Global Force True Use Global Figure 4 24 Example of Displaying the Switch s Global Spanning Tree Configuration 4 59 Multiple Instance Spanning Tree Operation Displaying MSTP Statistics and Configuration Displaying Per Instance MSTP Configurations These commands dis plays the per instance port configuration and current state along with instance identifiers and regional root dat
137. are devices instead of manually having to set up VLANs across your network After the switch creates a dynamic VLAN you can optionally use the CLI static vlan id command to 3 3 GVRP General Operation Note convert it to a static VLAN or allow it to continue as a dynamic VLAN for as long as needed You can also use GVRP to dynamically enable port member ship in static VLANs configured on a switch On the switches covered in this guide GVRP can be enabled only if max vlans is set to no more than 256 VLANs General Operation When GVRP is enabled on a switch the VID for any static VLANs configured on the switch is advertised using BPDUs Bridge Protocol Data Units out all ports regardless of whether a portis up or assigned to any particular VLAN A GVRP aware port on another device that receives the advertisements over alink can dynamically join the advertised VLAN A dynamic VLAN that is a VLAN learned through GVRP is tagged on the port on which it was learned Also a GVRP enabled port can forward an advertise ment for a VLAN it learned about from other ports on the same switch internal source but the forwarding port will not itself join that VLAN until an adver tisement for that VLAN is received through a link from another device exter nal source on that specific port 3 4 GVRP General Operation Operating Note When a GVRP aware port on a switch learns a VID through GVRP from another device th
138. ase 2 18 2 21 multiple VLANs on port 2 43 non routable 2 54 number allowed including dynamic 2 26 per port configuration options 2 13 port assignment 2 26 port configuration 2 45 port monitoring 2 58 port restriction 2 59 port trunk 2 58 port based 2 5 primary 2 35 2 46 6 9 6 33 6 45 primary CLI command 2 29 2 35 primary select in menu 2 23 primary web configure 2 40 primary with DHCP 2 14 prioritizing traffic from with QoS 5 43 5 49 protocol 2 5 2 6 2 10 2 14 2 16 2 58 6 Index ARP requirement 2 14 2 36 capacity per VLAN 2 14 CLI only 2 22 commands 2 29 compared to port based 2 7 configuration 2 28 2 36 example 2 44 forbid option not allowed 2 39 IP addressing 2 7 IPv4 routing 2 8 IPv4 ARP requirement 2 14 2 36 IPv6 2 7 limit 2 13 limit on types per port 2 8 non routable 2 8 2 11 2 41 operation 2 16 port membership limit 2 8 primary VLAN not allowed 2 35 2 47 router external 2 9 2 11 2 59 routing 2 5 2 9 2 59 status 2 30 2 31 2 33 tagged 2 13 2 43 tagged member 2 8 tagging 2 9 traffic separation 2 4 types 2 10 2 36 untagged member 2 8 untagged packet forwarding 2 15 untagged limit 2 13 untagged multiple 2 43 untagged restriction 2 59 restrictions 2 59 routing between VLANs 2
139. at s lod Aca ea dine Sega 1 4 Sources for More Information eese 1 5 Getting Documentation From the Web lesse 1 7 Online Help 7 un oneIxP iA EIexRebvewehbb9exs SP MIX 1 7 Need Only a Quick Start ccc cnn ees 1 8 IP Addressing ree Re Rep ERR OE ER RR de 1 8 To Set Up and Install the Switch in Your Network 1 9 Physical Installation oel eiere nidek eirian ia ear a II 1 9 Static Virtual LANs VLANs Contents eie entree eERRQUBL AMO RERO PIA RR LA ae e 2 1 Overview 1x veces RR ais wa nets ee A mate Bass 2 3 Introduction soe Rome emere Reg dece 2 4 General VLAN Operation 000 cece een eens 2 4 Types of Static VLANs Available in the Switch L 2 5 Port Based VLANS 0 cece cece cece enn teen eens 2 5 Protocol Based VLANS 00 0 cece cece cence eens 2 5 Designated VLANS eese ee Titani he 2 5 Terminology x cs edie caved oe aet he men ae GUX I 2 6 Static VLAN Operation 0 0 ccc ccc eect eens 2 7 VLAN Environments 0 0 ccc cece cence eee nenee 2 8 VLAN Operation 20 senice ee Rh dete reae 2 9 Routing Options for VLANS 0 0c cee cece ee 2 10 Overlapping Tagged VLANs 0 cece cece eee 2 11 Per Port Static VLAN Configuration Options 2 13 VLAN Operating Rules 0 0 ccc eee 2 14 General Steps for Using VLANS eee 2 17
140. ations Example of an Unsupported Configuration and How To Correct It The Problem In figure 2 9 the MAC address table for Switch 8000M will sometimes record the switch as accessed on port A1 VLAN 1 and othertimes as accessed on port B1 VLAN 2 Switch 8000M pe VLAN 1 VLAN 2 PC A S M B1 PC B This switch has a single forwarding database C1 D1 VLAN 1 VLAN2 a Uu AAA i Sorea This switch has multiple aii n forwarding databases Same MAC address for all VLANs Figure 2 9 Example of Invalid Configuration for Single Forwarding to Multiple Forwarding Database Devices in a Multiple VLAN Environment In l figure 2 9 PC A sends an IP packet to PC B The packet enters VLAN 1 in the Switch 8000 with the 2900 switch s MAC address in the destination field Because the 8000M has not yet learned this MAC address it does not find the address in its address table and floods the packet out all ports including the VLAN 1 link port A1 to the 2900 switch The 2900 switch then routes the packet through the VLAN 2 link to the 8000M which forwards the packet on to PC B Because the 8000M received the packet from the 2900 switch on VLAN 2 port B1 the 8000M s single forwarding database records the 2900 switch as being on port B1 VLAN 2 PC A now sends a second packet to PC B The packet again enters V
141. ault Setting Page Reference Viewing the MSTP Status and n a page 4 54 Configuration Configuring MSTP Operation Disabled page 4 20 Mode and Global Parameters and following Configuring Basic Port admin edge port No disabled page 4 26 Connectivity Parameters auto edge port Yes enabled and bpdu filter No disabled following bpdu protection No disabled hello time 2 path cost auto point to point MAC Force True priority 128 multiplier 8 root guard No disabled tcn guard No disabled loop protection Send disable Configuring MSTP Instance instance MSTPI none page 4 39 Parameters priority 32768 multiplier 8 Configuring MSTP Instance path cost auto page 4 42 Per Port Parameters priority 128 multiplier 8 Enabling Disabling MSTP Disabled page 4 45 Spanning Tree Operation Enabling an Entire MST Region at n a page 4 45 Once Without spanning tree having more than one active path between a pair of nodes causes loops in the network which can result in duplication of mes sages leading to a broadcast storm that can bring down the network 4 3 Multiple Instance Spanning Tree Operation Overview Multiple Instance spanning tree operation 802 1s ensures that only one active path exists between any two nodes in a spanning tree instance A spanning tree instance comprises a unique set of VLANs and belongs to a specific spanning tree region A region can comprise multiple spanning tree instances each wit
142. available Candidates in the subnet e Ifyou configured the Commander to automatically add Members Auto Grab Yes the first fifteen discovered Candidates meeting both of the following criteria will automatically join the stack Auto Join parameter set to Yes the default Manager password not configured e Ifyou configured the Commander to manually add Members Auto Grab set to No the default you can begin the process of selecting and adding the desired Candidates Ensure that all switches intended for the stack have joined Ifyouneed to do specific configuration or monitoring tasks on a Member use the console interface on the Commander to access the Member 6 12 Stack Management Configuring Stack Management Using the Menu Interface To View Stack Status and Configure Stacking Using the Menu Interface To View and Configure a Commander Switch 1 Configure an IP address and subnet mask on the Commander switch Refer to the Management and Configuration Guide for your switch 2 Display the Stacking Menu by selecting Stacking in the Main Menu DEFAULT CONFIG CONSOLE MANAGER MODE Stacking Menu ELSE EEPLIS EE FEES R39 Stacking Status All Stack Configuration Return to Main Menu Shows the status of Stack To select menu item press item number or highlight item and press lt Enter gt Figure 6 5 The Default Stacking Menu 3 Display the Stack Configuration menu by pressing 3
143. c VLAN Advertising and Joining 3 9 GVRP and VLAN Access Control e esses 3 11 Advertisements and Dynamic Joins 00 00 eee eee 3 11 Port Leave From a Dynamic VLAN 0 00 eee eee eee 3 11 Planning for GVRP Operation 0 0 c cece eens 3 12 Configuring GVRP On a Switch 0 0 0 cece 3 13 Menu Viewing and Configuring GVRP 006 3 13 CLI Viewing and Configuring GVRP 02 000 3 14 Web Viewing and Configuring GVRP 2 0 200s 3 18 GVRP Operating Notes 0 0c ccc cece eee nnn 3 18 3 1 GVRP Overview Overview This chapter describes GVRP and how to configure it with the switch s built in interfaces and assumes an understanding of VLANs which are described in chapter 2 Static Virtual LANs VLANS For general information on how to use the switch s built in interfaces refer to these chapters in the Management and Configuration Guide for your switch Chapter 3 Using the Menu Interface m Chapter 4 Using the Command Line Interface CLD m Chapter 5 Using the Web Browser Interface m Chapter 6 Switch Memory and Configuration 3 2 Note GVRP Introduction Introduction Feature Default Menu CLI Web view GVRP configuration n a page 3 13 page 3 14 page 3 18 list static and dynamic VLANs n a page 3 16 page 3 18 on a GVRP enabled switch enable
144. cations SNMP X OpenView Device Management X Passwords and Password Clear Protection X PCM X Ping X Port Configuration X Port Monitoring X Port Security X Port Status X Port Trunking LACP X Port Based Access Control X Port Based Priority 802 10 X Protocol Filters X Protocol VLANS X Quality of Service QoS X RADIUS Authentication and Accounting X RADIUS Based Configuration X RADIUS VLAN Control RMON 1 2 3 9 X Routing X Routing IP Static X Secure Copy X SFLOW X SFTP X SNMPv3 X Software Downloads SCP SFTP TFPT Xmodem X Source Port Filters X xii Product Documentation Feature Management Advanced Multicast Access and Traffic and Security Configuration Management Routing Guide Spanning Tree MSTP X SSHv2 Secure Shell Encryption X SSLv3 Secure Socket Layer X Stack Management X Syslog X System Information X TACACS Authentication X Telnet Access X TFTP X Time Protocols TimeP SNTP X Traffic Security Filters X Troubleshooting X USB Autorun X VLANs X VLAN Mirroring 1 static VLAN X Web Authentication RADIUS Support X Web based Authentication X Web UI X Xmodem X xiii Product Documentation xiv Getting Started Contents Introduction 22 1 mo m Leer rh eee Re DE aide 1 2 CONVENTIONS 1 ree RE dee ERI Ade ied st daca EA 1 2 Feature Descriptions by Model 00 0 eee eee eee 1 2 Command Syntax State
145. ccess any of the Member switches For example you can use the public community to access the MIB in switches 1 and 3 by using their unique IP addresses However you must use the red or blue community to access the MIB for switch 2 snmpget MIB variable 10 31 29 100 blue sw2 Using the CLI To Disable or Re Enable Stacking In the default configuration stacking is enabled on the switch You can use the CLI to disable stacking on the switch at any time Disabling stacking has the following effects m Disabling a Commander Eliminates the stack returns the stack Mem bers to Candidates with Auto Join disabled and changes the Commander to a stand alone nonstacking switch You must re enable stacking on the switch before it can become a Candidate Member or Commander m Disabling a Member Removes the Member from the stack and changes itto astand alone nonstacking switch You must re enable stacking on the switch before it can become a Candidate Member or Commander m Disabling a Candidate Changes the Candidate to a stand alone non stacking switch Syntax no stack Disables stacking on the switch stack Enables stacking on the switch Transmission Interval All switches in the stack must be set to the same transmission interval to help ensure proper stacking operation HP recommends that you leave this param eter set to the default 60 seconds Syntax stack transmission interval lt seconds gt Stacking Operation
146. ce Default For most codepoints No override See figure 5 9 on page 5 56 on page 5 56 Syntax interface port list qos dscp lt codepoint gt Assigns a DSCP policy to packets from the specified source port s and overwrites the DSCP in these packets with the assigned lt codepoint gt value This policy includes an 802 1p priority and determines the packet s queue in the outbound port to which it is sent If the packet leaves the switch on a tagged port it carries the 802 1p priority with it to the next downstream device Default No override Syntax no interface e lt port list gt qos Removes QoS classifier for the specified source port s Syntax show qos source port Displays alisting of all source port QoS classifiers currently in the running config file 5 52 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic For example suppose you wanted to assign this set of priorities Source Port DSCP Priority A2 000111 7 B1 B3 000101 5 B4 C2 000010 1 1 Determine whether the DSCPs already have priority assignments which could indicate use by existing applications This is not a problem as long as the configured priorities are acceptable for all applications using the same DSCP Refer to the Notes on Changing a Priority Setting on page 5 58 Also a DSCP must have a priority configured before you can assign
147. ce classifier to apply to any given packet When a match between a packet and a classifier is found the switch applies the QoS policy configured for that classifier and the packet is handled accordingly Note that on the switches covered in this guide if the switch is configured with multiple classifiers that address the same packet the switch uses only the QoS configuration for the QoS classifier that has the highest precedence In this case the QoS configuration for another lower precedence classifier that may apply is ignored For example if QoS assigns high priority to packets belonging to VLAN 100 but normal priority to all IP protocol packets since protocol priority 4 has precedence over VLAN priority 5 IP protocol packets on VLAN 100 will be set to normal priority 5 10 Quality of Service QoS Managing Bandwidth More Effectively Preparation for Configuring QoS Preparation for Configuring QoS Preserving 802 1p Priority QoS operates in VLAN tagged and VLAN untagged environments If your network does not use multiple VLANs you can still implement the 802 1Q VLAN capability for packets to carry their 802 1p priority to the next down stream device To do so configure ports as VLAN tagged members on the links between switches and routers in your network infrastructure Table 5 5 Summary of QoS Capabilities Outbound Packet Options Port Membership in VLANs Tagged Untagged Control Port Queue Priority for Packe
148. ch and that port has established a link with another device then all other ports of that switch will send advertisements for that VLAN For example in the following figure Tagged VLAN ports on switch A and switch C advertise VLANs 22 and 33 to ports on other GVRP enabled switches that can dynamically join the VLANs 3 5 GVRP General Operation Switch A Switch C Switch C GVRP On GVRP On F Port5 dynamically joins VLAN 22 Ports 11 and 12 belong to Tagged VLAN 33 Tagged VLAN 22 Switch E GVRP On Switch B Switch D No GVRP GVRP On Tagged VLAN 22 Switch E Port 2 dynamically joins VLANs 22 and 33 Port 7 dynamically joins VLANs 33 and 22 Switch D Port 3 dynamically joins VLANs 22 and 33 Port 6 dynamically joins VLAN 22 and 33 Figure 3 2 Example of GVRP Operation Note A port can learn of a dynamic VLAN through devices that are not aware of GVRP Switch B above VLANs must be disabled in GVRP unaware devices to allow tagged packets to pass through A GVRP aware port receiving advertisements has these options m If there is not already a static VLAN with the advertised VID on the receiving port then dynamically create the VLAN and become a member m Ifthe switch already has a static VLAN assignment with the same VID as in the advertisement and the port is configured to Auto for that VLAN then the port will dynamically join the VLAN and begin moving that VLAN
149. ch excluded 4 74 region view configuration 4 61 region VLAN assignments 4 14 regional boundary port 4 13 regional root bridge per instance 4 11 regional root switch 4 13 regional root switch configuration 4 14 regions communication between 4 15 root bridge 4 8 root bridge per instance 4 11 root bridge per region 4 13 root port per instance 4 11 root switch instance 4 41 root switch IST instance 4 8 4 13 root switch MST instance 4 14 root switch regional 4 13 root CIST 4 22 root IST 4 14 root MSTI 4 10 routed traffic in a region 4 11 RSTP as a region 4 7 RSTP BPDU requirement 4 14 RSTP bridge 4 15 rules for operation 4 14 separate forwarding paths 4 8 show commands 4 54 4 63 SNMP MIB 4 54 STP as a region 4 7 switch excluded from region 4 74 topology between regions 4 10 troubleshooting 4 63 trunk root per instance 4 11 trunked link 4 59 trunked link example 4 12 types of MST instances 4 8 VLAN assignments region 4 14 VLAN membership region 4 12 VLAN change instance 4 19 VLAN configuration error 4 74 VLAN connectivity between regions 4 14 VLAN duplicate or missing packets 4 74 VLAN dynamic 4 8 VLAN instance assigned 4 10 4 14 4 40 4 49 with legacy STP and RSTP 4 7 stacking benefits 6 3 minimum software version oth
150. ch you want the device s traffic to move m Port Tagging Rules For a port on the switch to be a member of a VLAN the port must be configured as either Tagged or Untagged for that VLAN A port can be an untagged member of only one VLAN of a given protocol type Otherwise the switch cannot determine which VLAN should receive untagged traffic For more on VLANS refer to chapter 2 Static Virtual LANs VLANs m Maximum QoS Configuration Entries The switches covered in this guide acceptthe maximum outbound priority and or DSCP policy configuration entries shown in table 5 14 5 66 Quality of Service QoS Managing Bandwidth More Effectively QoS Operating Notes and Restrictions Table 5 14 Maximum QoS Entries Switch Software Maximum Notes Version QoS Entries Switch 2900 T 13 01 250 Each device IP address QoS configuration uses two entries e Each TCP UDP port QoS configuration uses two entries Allother classifier configurations use one entry each Configuring device IP address or TCP UDP QoS entries reduces this maximum See the Notes column Attempting to exceed the above limits generates the following message in the CLI Unable to add this QoS rule Maximum number entry already reached m Non Supported IP Packets The DSCP policy codepoint remarking operation is not supported in any QoS classifier for packets carrying IP options in the packet header m Not Supported
151. change action selection and Enter to execute action Figure 6 12 Example of How the Stacking Status All Screen Helps You Find Member MAC Addresses 3 Inthe Stacking Status All screen find the Member switch that you want to move and note its MAC address then press B for Back to return to the Stacking Menu 4 Display the Commander s Stack Management screen by selecting 4 Stack Management For an example of this screen see figure 6 9 on page 6 18 Press A for Add to add the Member You will then see a screen listing any available candidates See figure 6 10 on page 6 18 Note that you will not see the switch you want to add because itis a Member of another stack and not a Candidate Either accept the displayed switch number or enter another available number The range is 0 15 with 0 reserved for the Commander Use the downarrow key to move the cursor to the MAC Address field then type the MAC address ofthe desired Member you want to move from another stack 6 20 Note Stack Management Configuring Stack Management 8 Doone ofthe following e Ifthe stack containing the Member you are moving has a Manager password press the downarrow key to select the Candidate Password field then type the password e If the stack containing the Member you want to move does not have a password go to step 9 9 Press Enter to return to the Actions line then press S for Save to comple
152. cts and services Nothing herein should be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein Hewlett Packard assumes no responsibility for the use or reliability of its software on equipment that is not furnished by Hewlett Packard Warranty See the Customer Support Warranty booklet included with the product A copy of the specific warranty terms applicable to your Hewlett Packard products and replacement parts can be obtained from your HP Sales and Service Office or authorized dealer Hewlett Packard Company 8000 Foothills Boulevard m s 5551 Roseville California 95747 5551 hitp www procurve com Contents Product Documentation About Your Switch Manual Set c lees eee ix Feature Ind x ossia end Hohe baw wld ated abies ia pe X Getting Started Contents uos uleue entend PALO EE PR bre RE e dde e did 1 1 Introduction en oon Rer ne e cedes sts delet 1 2 Conventions i4 uei eee EX VEREEU Lea RR CER ERE KE 1 2 Feature Descriptions by Model 00 0 eee eee ee 1 2 Command Syntax Statements 00 0 c eee eee eee eee 1 3 Command Prompts 0 0 eee eee eee n 1 3 Screen Simulations 0 0 ccc cece n 1 4 Port Identity Examples isoeo recco renra aeie Ea e eee 1 4 Configuration and Operation Examples 000 cece eee 1 4 Keys eu a tte ntn ed te ci ba Me nid woe f
153. d to list data on VLANs having VIDs numbered sequentially higher than the first 32 2 26 Static Virtual LANs VLANs Configuring VLANs Default In this example the VLAN 22 hasbeen L222222222222 2 2 2 CONSOLE MANAGER MODE defined but no ports Switch Configuration VLAN VLAN Port Assignment have yet been assigned to it No means the T VLAN VLAN 22 Port DEFAULT VLAN VLAN 22 ortisnotassignedto 7777 n7272 Sa o E a EA OT t VLAN Untagged No 8 Untagged No al z a2 Tagged No 49 Untagged No Using GVRP If you plan A3 Untagged No 410 Untagged No on using GVRP any a4 Untagged No ii Untagged No ports you don t want to as Untagged No i12 Untagged No join should be changed 46 Untagged No 413 Untagged No to Forbid a Untagged No 414 Untagged No Actions gt Cancel Edit Save Help A port can be assigned to several VLANs but Cancel changes and return to previous screen 1 only one of those Use arrow keys to change action selection and Enter to execute action assignments can be Untagged Figure 2 16 Example of the Port Based VLAN Port Assignment Screen in the Menu Interface 2 Tochange a port s VLAN assignment s a Press E for Edit b Usethe arrow keys to select a VLAN assignment you want to change c Pressthe Space bar to make your assignment selection No Tagged Untagged or Fo
154. d MST instance is priority multiplier x 4096 For example if you configure 5 as the priority multiplier for MST Instance 1 on a given MSTP switch then the Switch Priority setting is 20 480 for that instance in that switch Note If multiple switches in the same MST instance have the same priority setting then the switch with the lowest MAC address becomes the root switch for that instance 4 41 Multiple Instance Spanning Tree Operation Configuring MSTP Configuring MST Instance Per Port Parameters Command Page spanning tree instance lt 1 16 gt lt port list gt path cost 4 42 lt auto 1 200000000 gt spanning tree instance lt 1 16 gt lt port list gt priority lt priority multiplier gt 4 43 spanning tree lt port list gt priority lt priority multiplier gt 4 44 Syntax spanning tree instance lt 1 16 gt lt port list path cost auto 1 200000000 gt This command assigns an individual port cost for the specified MST instance For a given port the path cost setting can be different for different MST instances to which the port may belong The switch uses the path cost to determine which ports are the forwarding ports in the instance that is which links to use for the active topology of the instance and which ports to block The settings are either auto or in a range from 1 to 200 000 000 With the auto setting the switch calculates the path cost from the link speed 10 Mbps
155. der include BPDU Filtering or BPDU Protec tion these provide additional per port control over spanning tree oper ations and security on the switch Configure MST instances e Configure one instance for each VLAN group that you want to operate as an active topology within the region to which the switch belongs When you create the instance you must include a minimum of one VID You can add more VIDs later if desired spanning tree instance lt n gt vlan lt vid gt To move a VLAN from one instance to another first use no spanning tree instance lt n gt vlan lt vid gt to unmap the VLAN from the current instance then add the VLAN to the other instance While the VLAN is unmapped from an MSTI it is associated with the region s IST instance Configure the priority for each instance spanning tree instance 7 priority n Configure MST instance port parameters ProCurve recommends that you apply changes on a per port basis only where a non default setting is clearly indicated by the circumstances of individual links For example you might want to set the path cost value for the port s used by a specific MST instance spanning tree instance lt 1 16 gt lt port list gt path cost lt auto 1 200000000 gt Alternatively leaving this setting at the default auto allows the switch to calculate the path cost from the link speed Enable spanning tree operation on the switch spanning tree 4 19
156. des The switch compares this priority with the priorities of other switches in the same region to determine the root switch for the region The lower the priority value the higher the priority If there is only one switch in the region then that switch is the root switch for the region The root bridge in a region provides the path to connected regions for the traffic in VLANs assigned to the region s IST instance Traffic in VLANs assigned to a numbered STP instance in a given region moves to other regions through the root switch for that instance The priority range for an MSTP switch is 0 61440 However this command specifies the priority as a multiplier 0 15 of 4096 That is when you specify a priority multiplier value of 0 15 the actual priority assigned to the switch is priority multiplier x 4096 For example if you configure 2 as the priority multiplier on a given MSTP switch then the Switch Priority setting is 8 192 Note If multiple switches in the same MST region have the same priority setting then the switch with the lowest MAC address becomes the root switch for that region Syntax spanning tree trap errant bpdu Enables SNMP traps for errant BPDUs Note that this command is designed to be used in conjunction with the spanning tree bpdu filter command see page 4 29 and bpdu protection command see page 4 30 The no form of the command disables traps on the switch Default Disabled 4 24
157. device priority Displays a listing of all IP device priority QoS classi fiers currently in the running config file For example configure and list the 802 1p priority for packets carrying the following IP addresses IP Address 802 1p Priority 10 28 31 1 7 10 28 31 130 5 10 28 31 100 1 10 28 31 101 1 5 24 Note Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic ProCurve config qos device priority 10 28 31 1 priority 7 ProCurve config qos device priority 10 28 31 130 priority 5 ProCurve config gos device priority 10 28 31 100 priority 1 ProCurve config f qos device priority 10 28 31 101 priority 1 ProCurve config show qos device priority Device priorities Device Address Apply rule DSCP Priority 10 28 31 1 Priority 10 28 31 130 Priority 10 28 31 100 Priority 10 28 31 101 Priority Figure 5 8 Example of Configuring and Listing 802 1p Priority Assignments for Packets Carrying Specific IP Addresses Assigning a DSCP Policy Based on IP Address On the switches covered in this guide DSCP policies cannot be applied to IPv4 packets having IP options For more information on packet criteria and restrictions refer to table 5 13 on page 5 66 This option assigns a previously configured DSCP policy codepoint and 802 1p priority to outbound IP packets having the specified IP address either source or destination That i
158. e 4 8 internal spanning tree See IST interoperating with 802 1D and 802 1w 4 13 IST 4 8 IST instance 4 8 4 40 4 49 IST root 4 8 4 10 4 14 IST root display change history 4 63 IST defined 4 13 IST dynamic VLAN 4 15 IST root switch 4 13 IST switch membership 4 13 IST VLAN membership 4 8 legacy devices and the CST 4 11 legacy STP and RSTP 4 11 mesh environment 4 6 4 15 MIB 4 54 MST region See region MSTI 4 8 4 15 MSTI root 4 10 MSTI root display change history 4 63 MSTI view status 4 58 MSTP 4 9 MSTP operation 4 9 MSTP view global configuration 4 59 multiple spanning tree instance See MSTI override hello time 4 14 path cost effect on 802 1D 4 16 pending configuration 4 62 pending option 4 9 4 21 4 45 per VLAN STP 4 6 planning 4 17 port connectivity 4 25 port states 4 10 4 15 priority resolution 4 41 priority device 4 19 4 24 priority IST port 4 44 priority MSTI port 4 43 rapid state transitions 4 16 redundant links 4 11 region 4 4 4 7 4 8 4 9 region name 4 14 4 20 region root switch 4 8 region configuration name 4 74 region Configuration Revision number 4 74 region defined 4 14 region enabling 4 45 region root bridge 4 13 region RSTP bridge 4 15 region switch configuration 4 14 region swit
159. e 0 65535 seconds Default 0 Syntax no spanning tree trap errant bpdu Enables disables the sending of errant BPDU traps This command should only be used to guard edge ports that are not expected to participate in STP operations Once BPDU protection is enabled it will disable the port as soon as any BPDU packet is received on that interface Caution 4 31 Multiple Instance Spanning Tree Operation Configuring MSTP Example To configure BPDU protection on ports 1 to 10 with SNMP traps enabled enter ProCurve config spanning tree 1 10 bpdu protection ProCurve config spanning tree trap errant bpdu The following steps will then be set in process 1 Whenan STP BPDU packet is received on ports 1 10 STP treats it as an unauthorized transmission attempt and shuts down the port that the BPDU came in on 2 Anevent message is logged and an SNMP notification trap is generated 3 The port remains disabled until re enabled manually by a network admin istrator using the interface lt port list enable command Note To re enable the bpdu protected ports automatically configure a timeout period using the spanning tree bpdu protection timeout command Viewing BPDU Protection Status The show spanning tree bpdu protection command displays a summary listing of ports with BPDU protection enabled To display detailed per port status information enter the specific port number s as shown in Figure 4 8 b
160. e configured to recognize the DSCP in IP packets and implement the service policy it indicates Use VLAN tagged ports to include packet priority as an 802 1p value to downstream devices T In this mode the configuration is fixed You cannot change the automatic priority assignment when using IP ToS Precedence as a QoS classifier 3 Ifyou want 802 1p priority settings to be included in outbound packets ensure that tagged VLANs are configured on the appropriate downstream links 5 12 Quality of Service QoS Managing Bandwidth More Effectively Preparation for Configuring QoS 4 Determine the actual QoS configuration changes you will need to make on each QoS capable device in your network in order to implement the desired policy Also if you want downstream devices to read and use DSCPs in IP packets from the switch configure them to do so by enabling ToS Differentiated Service mode and making sure the same DSCP policies are configured Viewing the QoS Configuration The following show commands are available on the switches covered in this guide Examples of the show qos output are included with the example for each priority type Syntax show qos priority classifier tcp udp port priority Displays the current TCP UDP port priority configura tion Refer to figure 5 7 on page 5 22 device priority Displays the current device IP address priority con figuration Refer to figure 5 8 on page 5 25 type of service
161. e Operation Configuring MSTP PVST FilteringI If you configure a port for PVST filtering instead of PVST protection the port remains in operation but traps are still generated and the BPDU counter hpSwitchStpPortErrantBpduCounter is incremented Caution Enabling the PVST filter feature allows the port to continuously forward packets without spanning tree intervention which could result in loop forma tion If this occurs disable the port and then reconfigure it with these com mands no spanning tree port list bpdu filter no spanning tree port list pvst filter Syntax no spanning tree lt port list gt pvst filter Enables or disables the PVST filter feature on the port or range of ports specified The command indicates which ports are not expected to receive any PVST BPDUs Default Disabled on all ports ProCurve config spanning tree 8 pvst filter Warning The BPDU filter allows the port to go into a continuous forwarding mode and spanning tree will not interfere even if the port would cause a loop to form in the network topology If you suddenly experience high traffic load disable the port and reconfigure the BPDU filter with the CLI command s no spanning tree PORT LIST bpdu filter no spanning tree PORT LIST pvst filter Figure 4 11 Example of Enabling PVST Filtering on a Port Manually Re enabling a Port You can re enable ports manually or use the automatic re enable ti
162. e STP SNMP Simple Network Management Protocol used to remotely manage network devices Operating Rules m All switches in a region must be configured with the same set of VLANs as well as the same MST configuration name and MST configuration number m Within a region a VLAN can be allocated to either a single MSTI or to the region s IST instance m All switches in a region must have the same VID to MST instance assign ment There is one root MST switch per configured MST instance Because boundary ports provide the VLAN connectivity between regions all boundary ports on a region s root switch should be configured as members of all static VLANs defined in the region m There is one root switch for the Common and Internal Spanning Tree CIST At any given time all switches in the network will use the per port hello time parameter assignments configured on the CIST root switch 4 14 Multiple Instance Spanning Tree Operation 802 1s Multiple Spanning Tree Protocol MSTP Where multiple MST regions exist in a network there is only one active physical communication path between any two regions or between an MST region and an STP or RSTP switch MSTP blocks any other physical paths as long as the currently active path remains in service Within a network an MST region appears as a virtual RSTP bridge to other spanning tree entities other MST regions and any switches running 802 1D or 802 1w spanning tree protocols
163. e also IP precedence bits and DSCP elsewhere in this table A device linked directly or indirectly to an inbound switch port That is the switch receives traffic from upstream devices Overview QoS settings operate on two levels m Controlling the priority of outbound packets moving through the Switch Each switch port has eight outbound traffic queues the queue with a priority value of one hasthe lowest priority and priority value seven has the highest priority Packets leave the switch port on the basis of their queue assignment and whether any higher queues are empty Table 5 1 Port Queue Exit Priorities Port Queue and 802 1p Priority for Exiting Priority Values From the Port Low 1 Eighth Low 2 Seventh Normal 0 Sixth Normal 3 Fifth Medium 4 Fourth Medium 5 Third High 6 Second High 7 First Quality of Service QoS Managing Bandwidth More Effectively Introduction Notes A QoS configuration enables you to set the outbound priority queue to which a packet is sent In an 802 1Q VLAN environment with VLAN tagged ports if QoS is not configured on the switch but is configured on an upstream device the priorities carried in the packets determine the forwarding queues in the switch m Configuring a priority for outbound packets and a service prior ity policy for use by downstream devices e DSCP Policy This feature enables you to set a priority policy in outbound IP packets
164. e default MSTP timer settings Hello Time and Forward Delay are usually adequate for MSTP operation Because a packet crossing a mesh may traverse several links within the mesh using smaller than default settings for the MSTP Hello Time and Forward Delay timers can cause unnecessary topology changes and end node connectivity problems For MSTP information beyond what is provided in this manual refer to the IEEE 802 1s standard MSTP Structure MSTP maps active separate paths through separate spanning tree instances and between MST regions Each MST region comprises one or more MSTP switches Note that MSTP recognizes an STP or RSTP LAN as a distinct spanning tree region Common and Internal Spanning Tree CIST MST Region pas IST ON instance J 1 1 i 1 Switch l MSTI N I Running STP Optional J l x I b MST Region MSTI Ni pana Optional y ist N Nu CE Instance 1 NRI EN A 1 MS N Optional J Meer m mam oe i MSTI N Switch Running RSTP Optional 4 Switch Running RSTP WSH N Switch Optional J i ME z Running RSTP Figure 4 2 Example of MSTP Network with Legacy STP and RSTP Devices Connected I l I I I I I I i 4 7 Multiple Instance Spanning Tree Operation 802 1s Multiple Spanning Tree Protocol MSTP Common and Internal Spanning Tree CIST The CIST identifies the regions in a network and admi
165. e of Show VLAN Ports Cumulative Listing 2 31 Static Virtual LANs VLANs Configuring VLANs Figure 2 20 is an example of the output when the detail option is used ProCurve show vlan ports al a4 detail Status and Counters VLAN Information for ports A1 Port name Voice Port VLAN ID Name Status Voice Jumbo Mode DEFAULT_VLAN Port based No No Untagged 10 VLAN 10 Port based Yes No Tagged Status and Counters VLAN Information for ports A2 Port name Uplink Port VLAN ID Name Status Voice Jumbo Mode 1 DEFAULT_VLAN Port based No No Untagged 20 VLAN 20 Protocol No No Tagged 33 GVRP 33 Dynamic No No Tagged Status and Counters VLAN Information for ports A3 VLAN ID Name Voice Jumbo Mode EFAULT_VLAN Port based No No Untagged Status and Counters VLAN Information for ports A4 VLAN ID Name Status Voice Jumbo Mode EFAULT_VLAN Port based No No Untagged Figure 2 20 Example of Show VLAN Ports Detail Listing 2 32 Static Virtual LANs VLANs Configuring VLANs Displaying the Configuration for a Particular VLAN This command uses the VID to identify and display the data for a specific static or dynamic VLAN Syntax show vlans vlan id 802 10 VLAN ID 7he VLAN identification number or VID Refer to Terminology on page 2 6 Name The default or specified name assigned to the VLAN For a static VLAN the default name consists of VLAN x where x matche
166. e same switch as a on the same switch as a member member Block The port The port The port e Belongstothe specified VLAN Will become a member of Will not become a member of e Advertises this VLAN specified VLAN if it receives the specified VLAN e Will not become a member of advertisements for this VLAN e Will not advertise this VLAN new dynamic VLANsforwhich Will advertise this VLAN Will not become a member of it receives advertisements Will not become a member of dynamic VLANs for which it Will advertise dynamic VLANs new dynamic VLANs for which receives advertisements that have at least one other it receives advertisements e Will advertise dynamic VLANs port as a member e Will advertise dynamic VLANs that have at least one other that have at least one other port on the same switch as a port on the same switch as a member member Disable The port The port The port e sa member of the specified VLAN e Will ignore GVRP PDUs Will not join any advertised VLANs Will not advertise VLANs Will not become a member of the specified VLAN Will ignore GVRP PDUs Will not join any dynamic VLANs Will not advertise VLANs Will not become a member of this VLAN Will ignore GVRP PDUs Will not join any dynamic VLANs Will not advertise VLANs Each port ofthe switch must be a Tagged or Untagged member of at least one VLAN Thus any port configured for GVRP to Learn or Block wi
167. e spanning tree instance for the entire network and includes all VLANs in the network An STP or RSTP network operates as a single instance network A region can include two types of STP instances m Internal Spanning Tree Instance IST Instance This is the default spanning tree instance in any MST region It provides the root switch for the region and comprises all VLANs configured on the switches in the region that are not specifically assigned to Multiple Spanning Tree Instances MSTIs described below Within a region the IST instance provides a loop free forwarding path for all VLANs associated with it VLANs that are not associated with an MSTI are by default associated with the IST instance Note that the switch automatically places dynamic VLANs resulting from GVRP operation in the IST instance Dynamic VLANs cannot exist in an MSTI described below m Multiple Spanning Tree Instance MSTI This type of configurable spanning tree instance comprises all static VLANs you specifically assign to it and must include at least one VLAN The VLAN s you assign to an 4 8 Caution Note Multiple Instance Spanning Tree Operation 802 1s Multiple Spanning Tree Protocol MSTP MSTI must initially exist in the IST instance ofthe same MST region When you assign a static VLAN to an MSTI the switch removes the VLAN from the IST instance Thus you can assign a VLAN to only one MSTI ina given region All VLANs in an MSTI o
168. e stack Commander to accessthe console interface menu interface or CLI of a stack member To view the list of SN assignments for a stack execute the show stack command in the Commander s CLI no stack join lt mac addr gt Candidate Causes the Candidate to join the stack whose Commander has the indicated MAC address No form is used in a Member to remove it from the stack of the Commander having the specified address Member Pushes the member to another stack whose Commander has the indicated MAC address no stack auto join Candidate Enables Candidate to automatically join the stack of any Commander inthe IP subnet that has Auto Grab enabled or disables Auto Join in the candidate Default Auto Join enabled Note If the Candidate has a Manager password or if the available stack s already have the maximum of 15 Members the automatic join will not occur stack transmission interval All Stack Members specifies the interval in seconds for transmitting stacking discovery packets Default 60 seconds 6 30 Stack Management Configuring Stack Management Using the CLI To View Stack Status You can list the stack status for an individual switch and for other switches that have been discovered in the same subnet Syntax show stack candidates view all Viewing the Status of an Individual Switch The following example illustrates how to use the CLI in a to display the stack status for t
169. e switch begins advertising that VID out all of its ports except the port on which the VID was learned Core switch with static VLANs VID 1 2 amp 3 Port 2 is a member of VIDs 1 2 amp 3 1 Port2 advertises VIDs 1 2 amp 3 Switch 1 GVRP On 2 Port 1 receives advertise ment of VIDs 1 2 amp 3 AND becomes a member of VIDs 1 2 amp 3 3 Port3 advertises VIDs 1 2 amp 3 but port 3 is NOT a member of VIDs 1 2 amp 3 at this point Switch 2 GVRP On 4 Port 4 receives advertise ment of VIDs 1 2 amp 3 AND becomes a member of VIDs 1 2 amp 3 5 Port5 advertises VIDs 1 2 amp 3 but port 5 is NOT a member of VIDs 1 2 amp 3 at this point to be a member of VID 3 Switch 3 GVRP On Static VLAN con figured End Device NIC or switch with GVRP On Port6is statically configured 11 Port 2 receives advertisement of VID 3 Port 2 is already statically configured for VID 3 9 Port 3 receives advertise ment of VID 3 AND becomes a member of VID 3 Still not a member of VIDs 1 amp 2 10 Port 1 advertises VID 3 7 Port 5 receives advertise ment of VID 3 AND becomes a member of VID 3 Still not a member of VIDs 1 amp 2 8 Port 4 advertises VID 3 6 Port 6 advertises VID 3 Figure 3 1 Example of Forwarding Advertisements and Dynamic Joining Note that if a static VLAN is configured on at least one port of a swit
170. ea Candidate North Seat config 3 Set the Candidate CLI to Config mode North Seafconfig stack join 3 cl 7fec4 4 Execute stack join with the n Commander s MAC address to push the Candidate into the stack Figure 6 31 Example of Pushing a Candidate Into a Stack To verify that the Candidate successfully joined the stack execute show stack all again to view the stacking status Using the Destination Commander CLI To Pull a Member from Another Stack This method uses the Commander in the destination stack to pull the Member from the source stack 6 38 Stack Management Configuring Stack Management Syntax stack member lt switch number gt mac address mac addr password password str In the destination Commander use show stack all to find the MAC address of the Member you want to pull into the destination stack For example suppose you created a new Commander with a stack name of Cold Waters and you wanted to move a switch named Bering Sea into the new stack ProCurve config show stack all Stacking Stacking Status All Stack Name MAC Address System Name Status Big Waters D030c1 7 ec40 Commander OO 60b0 880a80 Indian Ocean Member Up BD 060bO0 dflaD0U Bering sea Member Up Cold Waters D 3 cl 7 fe700 35001 Commander Move this switch into the Cold Waters stack Figure 6 32 Example of
171. eam or edge switch assigns to the selected packets When the down stream switch receives an IPv4 packet carrying one of these codepoints it assigns the configured priority to the packet and sends it out the appropriate priority queue The packet retains the codepoint it received from the upstream or edge switch You can use this option concurrently with the diffserv DSCP Policy option described later in this section as long as the DSCPs specified in the two options do not match 5 31 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic Operating Notes Different applications may use the same DSCP in their IP packets Also the same application may use multiple DSCPs if the application originates on different clients servers or other devices Using an edge switch enables you to select the packets you want and mark them with predictable DSCPs that can be used by downstream switches to honor policies set in the edge switch When enabled the switch applies direct 802 1p prioritization to all packets having codepoints that meet these criteria m The codepoint is configured with an 802 1p priority in the DSCP table Codepoints configured with No override are not used m The codepoint is not configured for a new DSCP policy assignment Thus the switch does not allow the same incoming codepoint DSCP to be used simultaneously for directly assign
172. ecedence Default ToS Configuration E Ne Current ToS Configuration Figure 5 12 Example of Enabling ToS IP Precedence Prioritization To replace this option with the ToS diff services option configure diff services as described below which automatically disables IP Precedence To disable IP Precedence without enabling the diff services option use this command ProCurve config no qos type of service 5 30 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic Assigning an 802 1p Priority to IPv4 Packets on the Basis of Incoming DSCP One of the best uses for this option is on an interior switch where you want to honor continue a policy set on an edge switch That is it enables you to select incoming packets having a specific DSCP and forward these packets with the desired 802 1p priority For example if an edge switch A marks all packets received on port A5 with a particular DSCB you can configure a downstream interior switch B to handle such packets with the desired priority regardless of whether 802 1Q tagged VLANS are in use mm Interior mm gt Switch Marked Traffic from port A5 on Edge Switch A Other Traffic Figure 5 13 Interior Switch B Honors the Policy Established in Edge Switch A To do so assign the desired 802 1p priority to the same codepoint that the upstr
173. ected Member For example if you selected switch number 1 system name Coral Sea in figure 6 16 and then pressed X you would see the Main Menu for the switch named Coral Sea 6 23 Stack Management Configuring Stack Management Pro To vides Coral Sea TELNET MANAGER MODE Main Menu Status Switch Configuration Console Passwords Event Log Command Line CLI Reboot Switch Download OS Run Setup Stacking Logout and Counters Main Menu for stack Member named Coral Sea SN 1 from figure 6 16 Ls 2 3 4 5 6 7 8 9 the menu to display configuration and counters press item number or highlight item and press Enter status select menu item Figure 6 17 The eXecute Command Displays the Console Main Menu for the Selected Stack Member You can now make configuration changes and or view status data for the selected Member in the same way that you would if you were directly connected or telnetted into the switch When you are finished accessing the selected Member do the following to return to the Commander s Stack Access screen a Return to the Member s Main Menu b Press 0 for Logout then Y for Yes c Press Return You should now see the Commander s Stack Access screen For an example see figure 6 16 on page 6 23 Converting a Commander or Member to a Member of Another Stack When moving a commander the fo
174. ed see page 4 30 for details Bridge See MSTP Bridge Common and Internal Spanning Tree CIST Comprises all LANs STP and RSTP bridges and MSTP regions in a network The CIST automatically determines the MST regions in a network and defines the root bridge switch and designated port for each region The CIST includes the Common Spanning Tree CST the Internal Spanning Tree IST within each region and any multiple spanning tree instances MSTIs in a region Common Spanning Tree CST Refers to the single forwarding path the switch calculates for STP 802 1D and RSTP 802 1w topologies and for inter regional paths in MSTP 802 1s topologies Note that all three types of spanning tree can interoperate in the same network Also the MSTP switch interprets a device running 802 1D STP or 802 1w RSTP as a separate region Refer to figure 4 2 on page 4 7 Internal Spanning Tree IST Comprises all VLANs within a region that are not assigned to a multiple spanning tree instance configured within the region All MST switches in a region should belong to the IST In a given region X the IST root switch is the regional root switch and provides information on region X to other regions MSTP Multiple Spanning Tree Protocol A network supporting MSTP allows multiple spanning tree instances within configured regions and a single spanning tree among regions STP bridges and RSTP bridges MSTP BPDU MSTP Bridge Protocol Data
175. ed Candidate does not have a password go to step 6 6 Press Enter to return to the Actions line then press S for Save to complete the Add process for the selected Candidate You will then see a screen similar to the one in figure 6 11 below with the newly added Member listed Note If the message Unable to add stack member Invalid Password appears in the console menu s Help line then you either omitted the Candidate s Manager password or incorrectly entered the Manager password For status descriptions see the table on page 6 45 Pacific Ocean mmmmmzmmmmzmzzzzzczcczzczczc CONSOLE MANAGER MODE 5ss2s2222szcczc kzc22llclllzzzzzn Stacking Stack Management SN Mac Address System Name Device Type Status 3500y1 Member Up 080005 08 3400c1 48G Member Up 3500y 1 Member Up New Member added in step 6 Figure 6 11 Example of Stack Management Screen After New Member Added Using the Commander s Menu To Move a Member From One Stack to Another Where two or more stacks exist in the same subnet broadcast domain you can easily move a Member of one stack to another stack if the destination stack is not full If you are using VLANs in your stack environ ment see Stacking Operation with a Tagged VLAN on page 6 44 This procedure is nearly identical to manually adding a Candidate to a stack page 6 17 If the stack from which you want to move the Member has a Manager password you will need to know
176. ed to the default VLAN Adding or Deleting VLANs Changing the number of VLANs supported on the switch requires a reboot From the CLI you must perform a write memory command before rebooting Other VLAN configuration changes are dynamic Inbound Tagged Packets If atagged packet arrives on a port that is not atagged member of the VLAN indicated by the packet s VID the switch drops the packet Similarly the switch will drop an inbound tagged packet if the receiving port is an untagged member of the VLAN indicated by the packet s VID Untagged Packet Forwarding To enable an inbound port to forward an untagged packet the port must be an untagged member of either a protocol VLAN matching the packet s protocol or an untagged member of a port based VLAN That is when a port receives an incoming untagged packet it processes the packet according to the following ordered crite ria a Ifthe port has no untagged VLAN memberships the switch drops the packet b Ifthe port has an untagged VLAN membership in a protocol VLAN that matches the protocol type of the incoming packet then the switch forwards the packet on that VLAN c Ifthe port is a member of an untagged port based VLAN the switch forwards the packet to that VLAN Otherwise the switch drops the packet Static Virtual LANs VLANs VLAN Operating Rules Port X receives an inbound untagged Packet Is the portan untagged member of any VLANs
177. egment 4 Determine security boundaries and how the individual ports in the seg ment will handle dynamic VLAN advertisements See table 3 1 on page 3 8 and table 3 2 on page 3 10 5 Enable GVRP on all devices you want to use with dynamic VLANs and configure the appropriate Unknown VLAN parameter Learn Block or Disable for each port 6 Configure the static VLANs on the switch es where they are needed along with the per VLAN parameters Tagged Untagged Auto and Forbid see table 3 2 on page 3 10 on each port 7 Dynamic VLANs will then appear automatically according to the config uration options you have chosen 8 Convert dynamic VLANs to static VLANs where you want dynamic VLANs to become permanent 3 12 GVRP Configuring GVRP On a Switch Configuring GVRP On a Switch The procedures in this section describe how to m View the GVRP configuration on a switch m Enable and disable GVRP on a switch m Specify how individual ports will handle advertisements To view or configure static VLANs for GVRP operation refer to Per Port Static VLAN Configuration Options on page 2 13 Menu Viewing and Configuring GVRP 1 From the Main Menu select 2 Switch Configuration 8 VLAN Menu 1 VLAN Support Sesessessssessese 2222 CONSOLE MANAGER MODE 25522222222222222 2 2 2 2 Switch Configuration VLAN VLAN Support Maximum VLANs to support 8 8 Primary VLAN DEFAULT VLA
178. elow ProCurve config show spanning tree bpdu protection G1 Status and Counters STP BPDU Protection Information c 5 Specifying the port displays additional status information BPDU Protection Timeout sec for the designated ports Protected Ports Al Port Type Protection Errant BPDUs Al 100 1000T Yes Figure 4 8 Example of Show Spanning Tree BPDU Protection Command 4 32 Multiple Instance Spanning Tree Operation Configuring MSTP BPDU protected ports are displayed as separate entries of the spanning tree category within the configuration file ProCurve config show configuration Rows showing ports with BPDU protection enabled spanning tree spanning tree A1 bpdu protecti spanning tree C7 bpdu protection spanning tree Trk2 priority 4 Figure 4 9 Example of BPDU Filters in the Show Configuration Command PVST Protection and Filtering Note These options are available for switches that support the MSTP protocol only They are not supported for switches running RSTP PVST Protection If a ProCurve switch in the core of a network receives Per Vlan Spanning Tree PVST BPDUs and forwards the unrecognized PVST BPDUs on to MSTP only switches those switches then disconnect themselves from the network This can create instability in the network infrastructure When the PVST protection feature is enabled on a port and a PVST BPDU is received on that port the interface on which the PVST BPD
179. en the switch joins the Belongs to the same SNMP Configuring an IP address allows access via Telnet or web browser interface without going through the Commander switch This is useful for example if the stack Commander fails and you need to convert a Member switch to operate as a replace ment Commander Stack Name N A per stack stack it automatically assumes the Commander s Manager and Operator pass words and discards any pass words it may have had while a Candidate Note If a Member leaves a stack for any reason it retains the passwords assigned to the stack Commander at the time of departure from the stack communities as the Commander which serves as an SNMP proxy to the Member for communities to which the Commander belongs To join other communities that exc ude the Commander the Member must have its own IP address Loss of stack membership means loss of membership in any commu nity that is configured only in the Commander See SNMP Community Opera tion in a Stack on page 6 43 Stack Management Configuring Stack Management Note In the default stack configuration the Candidate Auto Join parameter is enabled but the Commander Auto Grab parameter is disabled This prevents Candidates from automatically joining a stack prematurely or joining the wrong stack if more than one stack Commander is configured in a subnet or broadcast domain If you plan to install more than one stack in a
180. ent VLAN devices on Red VLAN cannot get an IP address from the DHCP server on Blue VLAN Management VLAN and Red VLAN does not receive an IP address See figure 2 32 Blue VLAN is Management VLAN receives IP DHCP address Server Red VLAN does not receive IP address l Red VLAN Blue VLAN is Management VLAN Figure 2 32 Example of DHCP Server on Management VLAN Static Virtual LANs VLANs Special VLAN Types 2 IfRed VLANisconfigured asthe Management VLAN andthe DHCP server ison Blue VLAN Blue VLAN receives an IP address but Red VLAN does not See figure 2 33 Red VLAN is Management VLAN does not DHCP receive IP address Server Blue VLAN receives IP address Red VLAN Blue VLAN Figure 2 33 Example of DHCP Server on Different VLAN from the Management VLAN 3 If no Management VLAN is configured both Blue VLAN and Red VLAN receive IP addresses See figure 2 34 No Management VLANs are configured DHCP Red VLAN and Blue VLAN receive IP Server addresses Red VLAN Blue VLAN Figure 2 34 Example of no Management VLANs Configured 2 52 Static Virtual LANs VLANs Special VLAN Types 4 IfRed VLAN is configured as the Management VLAN and the clie
181. entions This guide uses the following conventions for command syntax and displayed information Feature Descriptions by Model In cases where a software feature is not available in all of the switch models covered by this guide the section heading specifically indicates which product or product series offer the feature For example the switch is highlighted here in bold italics QoS Pass Through Mode on the Switch 2900 1 2 Getting Started Conventions Command Syntax Statements Syntax ip default gateway lt ip addr gt Syntax show interfaces port list Vertical bars separate alternative mutually exclusive elements m Square brackets indicate optional elements m Braces lt gt enclose required elements m Braces within square brackets lt gt indicate a required element within an optional choice m Boldface indicates use of a CLI command part of a CLI command syntax or other displayed element in general text For example Use the copy tftp command to download the key from a TFTP server m Italics indicate variables for which you must supply a value when execut ing the command For example in this command syntax you must provide one or more port numbers Syntax aaa port access authenticator lt port list gt Command Prompts In the default configuration your switch displays a CLI prompt similar to the following ProCurve 2900 24G To simplify recogni
182. epoint then the packet is not prioritized by ToS and by default is sent to the normal priority queue IPPacketSentOut Same as above plus the IP Prece Same as above plus the Priority value 0 7 will be used to an Untagged Port dence value 0 7 willbe usedto set seta corresponding 802 1p priority in the VLAN tag carried by in a VLAN a corresponding 802 1p priorityinthe the packet to the next downstream device Where No over VLAN tag carried bythe packettothe rideisthe assigned priority the VLAN tag carries a 0 normal next downstream device Refer to priority 802 1p setting if not prioritized by other QoS classi table 5 8 below fiers Table 5 8 ToS IP Precedence Bit Mappings to 802 1p Priorities ToS Byte IP Corresponding Service Priority Level Precedence Bits 802 1p Priority 000 1 Lowest 001 2 Low 002 0 Normal 003 3 004 4 005 5 006 6 007 7 Highest 5 40 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic QoS Protocol Priority QoS Classifier Precedence 4 When QoS on the switch is configured with a Layer 3 protocol as the highest precedence classifier and the switch receives traffic carrying that protocol then this traffic is assigned the priority configured for this classifier For operation when other QoS classifiers apply to the same traffic refer to Classifiers for Prioritizing Outbound Packets o
183. er ProCurve switches 6 9 primary 6 45 See also virtual stacking static VLAN convert to 3 3 subnet 2 4 subnet address 2 7 T ToS See Class of Service trunk spanning tree example 4 12 Type of Service using to prioritize IP traffic 5 29 5 41 Type of Service field IP configuring packet priority 5 29 5 41 how the switch uses it 5 40 U upstream device QoS definition 5 7 V VID See VLAN virtual stacking Index 5 transmission interval range 6 16 VLAN 2 58 broadcast domain 2 4 CLI commands 2 29 CLI configuring parameters 2 28 convert dynamic to static 2 38 3 3 dedicated management 2 46 default VLAN VID 2 46 default VLAN name change 2 46 DEFAULT VLAN 2 46 deleting 2 15 2 36 2 59 deleting with member ports 2 15 2 36 2 37 DHCP primary VLAN 2 46 duplicate MAC address 2 18 dynamic 2 4 2 17 2 22 2 28 2 38 effect on spanning tree 2 57 gateway IP 2 A7 GVRP auto 2 14 heartbeat packets configuring 2 62 layer 2 broadcast domain 2 5 layer 3 broadcast domain 2 5 limit 2 22 2 28 MAC address assignment 2 58 MAC address reconfiguration 2 60 MAC address verifying 2 64 maximum GVRP 3 18 menu configuring parameters 2 22 menu maximum capacity 2 26 menu missing VLAN 2 26 migrating layer 3 VLANs 2 60 multiple forwarding datab
184. er classifier 1 Identify the TCP or UDP port number classifier you want to use for assigning a DSCP policy Determine the DSCP policy for packets carrying the selected TCP or UDP port number or range of port numbers a Determine the DSCP you want to assign to the selected packets This codepoint will be used to overwrite re mark the DSCP carried in packets received from upstream devices b Determine the 802 1p priority you want to assign to the DSCP Configure the DSCP policy by using qos dscp map to configure the priority to the codepoint you selected in step 2a For details refer to the example later in this section and to Differentiated Services Codepoint DSCP Mapping on page 5 55 A codepoint must have an 802 1p priority assignment 0 7 before you can configure a policy for prioritizing packets by TCP or UDP port numbers or a range of port numbers If a codepoint you want to use shows No override in the Priority column of the DSCP map show qos dscp map then you must assign a 0 7 priority before proceeding 4 Configure the switch to assign the DSCP policy to packets with the specified TCP or UDP port number or range of port numbers 5 19 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic Syntax no qos lt udp port tcp port 1 65535 dscp lt codepoint gt priority lt 0 7 gt This command is
185. erface VLAN Support screen show a switch s current GVRP configuration including the Unknown VLAN settings ProCurve show qvrp GVRP support Maximum VLANs to support 8 GVRP Enabled Yes GVRP Enabled Port Type Unknown VLAN Required for Unknown VLAN operation al 10 100Tx A2 10 i100TX Learn A3 10 100Tx Block Unknown VLAN Settings a4 10 100TX Block a Default Learn A5 10 100TxX Learn AG i0 100TX Disable A7 i0 i100TX Learn 10 100Tx Learn Figure 3 3 Example of GVRP Unknown VLAN Settings GVRP Per Port Options for Dynamic VLAN Advertising and Joining Per Port Options for Dynamic VLAN Advertising and Joining Initiating Advertisements As described in the preceding section to enable dynamic joins GVRP must be enabled and a port must be configured to Learn the default However to send advertisements in your network one or more static Tagged Untagged or Auto VLANs must be configured on one or more switches with GVRP enabled depending on your topology Enabling a Port for Dynamic Joins You can configure a port to dynami cally join a static VLAN The join will then occur if that port subsequently receives an advertisement for the static VLAN This is done by using the Auto and Learn options described in table 3 2 on the next page Parameters for Controlling VLAN Propagation Behavior You can con figure an individual port to actively or pa
186. ering Enabled 4 36 Multiple Instance Spanning Tree Operation Configuring MSTP The show spanning tree port list detail command indicates which ports have PVST protection and or PVST Filtering enabled ProCurve config show spanning tree 7 detail Dort Status BPDU Protection BPDU Filtering PVST Protection PVST Filtering Errant BPDU Count Root Guard TCN Guard Figure 4 14 Example of Show Spanning tree Command Displaying PVST Protection Enabled Yes Configuring Loop Protection You can use BPDU protection for systems that have spanning tree enabled See Configuring BPDU Protection on page 4 30 however the BPDU pro tection feature cannot detect the formation of loops when an unmanaged device on the network drops spanning tree packets To protect against the formation of loops in these cases you can enable the Loop Protection feature which provides protection by transmitting loop protocol packets out ports on which loop protection has been enabled When the switch sends out a loop protocol packet and then receives the same packet on a port that has send disable configured it shuts down the port from which the packet was sent You can configure the disable timer parameter for the amount of time you want the port to remain disabled 0 to 604800 seconds If you configure a value of zero the port will not be re enabled To enable loop protection enter this command ProCurve c
187. ermines the packet s queue in the outbound port to which it is sent If the packet leaves the switch on a tagged port it carries the 802 1p priority with it to the next downstream device Default No override no gos device priority lt jp address gt Deletes the specified IP address as a QoS classifier 5 26 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic show qos device priority Displays a listing of all QoS Device Priority classifiers currently in the running config file For example suppose you wanted to assign these DSCP policies to the packets identified by the indicated IP addresses IP Address DSCP Policies DSCP Priority 10 28 31 130 000101 5 10 28 31 100 000010 1 10 28 31 101 000010 1 1 Determine whether the DSCPs already have priority assignments which could indicate use by existing applications This is not a problem if the configured priorities are acceptable for all applications using the same DSCP Refer to the Notes on Changing a Priority Setting on page 5 58 Also a DSCP must have a priority configured before you can assign any QoS classifiers to use it ProCurve config show qos dscp map DSCP 802 p priority mappings DSCP policy 802 1p tag Policy name 000000 No override 000001 No override C 000010 No override The DSCPs for this 000011 No override example have not yet 000100 N
188. ets you can use this feature to apply that setting for prioritizing packets for outbound port queues If the outbound packets are in a tagged VLAN this priority is carried as an 802 1p value to the adjacent downstream devices Syntax qos type of service ip precedence Causes the switch to automatically assign an 802 1p prior ity to all IPv4 packets by computing each packet s 802 1p priority from the precedence bits the packet carries This priority determines the packet s queue in the outbound port to which it is sent If the packet leaves the switch on a tagged port it carries the 802 1p priority with it to the next downstream device ToS IP Precedence Default Disabled no qos type of service Disables all ToS classifier operation including prioritiza tion using the precedence bits show qos type of service When ip precedence is enabled or if neither ToS option is configured shows the ToS configuration status If diff services is enabled lists codepoint data as described under Assigning a DSCP Policy on the Basis of the DSCP in IPv4 Packets Received from Upstream Devices on page 5 35 With this option prioritization of outbound packets relies on the IP Prece dence bit setting that IP packets carry with them from upstream devices and applications To configure and verify this option ProCurve config qos type of service ip precedence ProCurve config f show qos type of service Tvpe of Service Disabled IP Pr
189. etween a pair of nodes using VLANs belonging to the same instance all but one of those paths will be blocked for that instance However if there are different paths in different instances all such paths are available for traffic Separate forwarding paths exist through separate spanning tree instances A port can have different states forwarding or blocking for different instances which represent different forwarding paths MSTP interprets a switch mesh as a single link 4 15 Multiple Instance Spanning Tree Operation 802 1s Multiple Spanning Tree Protocol MSTP Note on Path Cost MSTP Compatibility with RSTP or STP IEEE 802 1s MSTP includes RSTP functionality and is designed to be compat ible with both IEEE 802 1D and 802 1w spanning tree protocols Using the default configuration values your switches will interoperate effectively with RSTP and STP devices MSTP automatically detects when the switch ports are connected to non MSTP devices in the spanning tree and communicates with those devices using 802 1D or 802 1w STP BPDU packets as appropriate To enable effective interoperation with STP 802 1D configured devices however you may need to adjust the default configuration values Here are two such examples m The rapid state transitions employed by MSTP may result in an increase inthe rates of frame duplication and misordering in the switched LAN To allow the switch to support applications and protocols that may
190. etwork policy refers to the network wide controls you can implement to m Ensure uniform and efficient traffic handling throughout your network while keeping the most important traffic moving at an acceptable speed regardless of current bandwidth usage m Exercise control over the priority settings of inbound traffic arriving in and travelling through your network Adding bandwidth is often a good idea but it is not always feasible and does not completely eliminate the potential for network congestion There will always be pointsinthe network where multiple traffic streams merge or where network links will change speed and capacity The impact and number ofthese congestion points will increase over time as more applications and devices are added to the network When not if network congestion occurs it is important to move traffic on the basis of relative importance However without Quality of Service QoS prioritization less important traffic can consume network bandwidth and slow down or halt the delivery of more important traffic That is without QoS most traffic received by the switch is forwarded with the same priority it had upon entering the switch In many cases such traffic is normal priority and competes for bandwidth with all other normal priority traffic regardless of its relative importance to your organization s mission 5 3 Quality of Service QoS Managing Bandwidth More Effectively Introduction Thi
191. eue 8 Note The QoS queue configuration feature can change the number of outbound port queues in the switch from eight to four queues the default or two queues For more information see QoS Queue Configuration on page 5 62 5 9 Quality of Service QoS Managing Bandwidth More Effectively Introduction Note On Using Multiple Criteria Classifiers for Prioritizing Outbound Packets ProCurve recommends that you configure a minimum number ofthe available QoS classifiers for prioritizing any given packet type Increasing the number of active classifier options for a packet type increases the complexity of the possible outcomes and consumes switch resources Packet Classifiers and Evaluation Order The switches covered in this guide provide seven QoS classifiers packet criteria you can use to configure QoS priority Table 5 4 Classifier Search Order and Precedence Search Precedence QoS Classifier Type Order 1 1 highest UDP TCP Application Type port 2 2 Device Priority destination or source IP address 3 3 IP Type of Service ToS field IP packets only 4 4 Protocol Priority IP IPX ARP AppleTalk SNA and NetBeui 5 5 VLAN Priority 6 6 Incoming source port on the switch 7 7 lowest Incoming 802 1p Priority present in tagged VLAN environments Where multiple classifier types are configured a switch uses the highest to lowest search order shown in table 5 4 to identify the highest preceden
192. fault configuration you must manually add stack Members from the Candidate pool Reasons for a switch remaining a Candidate instead of becoming a Member include any of the following m Auto Grab in the Commander is set to No the default m Auto Join in the Candidate is set to No Note When a switch leaves a stack and returns to Candidate status its Auto Join parameter resets to No so that it will not immediately rejoin a stack from which it has just departed m A Manager password is set in the Candidate m The stack is full Unless the stack is already full you can use the Stack Management screen to manually convert a Candidate to a Member If the Candidate has a Manager password you will need to use it to make the Candidate a Member of the stack 1 To adda Member start at the Main Menu and select 9 Stacking 4 Stack Management You will then see the Stack Management screen 6 17 Stack Management Configuring Stack Management For status descriptions see the table on page 6 45 Pacific Ocean Seesseesesesee5e CONSOLE MANAGER MODE 22222222222d 2 2 2 2 2 Stacking Stack Management System Name Device Type Status Coral North Atlantic 3500y1 Member Up Actions Add Edit Delete Help Return to p Ou n Use up down arrow keys to change record selection left right arrow keys to change action selection and Enter to execute action Figure 6 9 Exa
193. fig ProCurve config qos udp port range 1300 1399 dscp 001110 no qos range 1300 1399 The following example shows the 802 1p priority for the UDP and TCP port prioritization TCP UDP Port TCP Port 23 Telnet UDP Port 23 Telnet TCP Port 80 World Wide Web HTTP UDP Port 80 World Wide Web HTTP 802 1p Priority for TCP 802 1p Priority for UDP 7 7 7 7 2 2 5 17 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic Note ProCurve config ProCurve config qos tcp port 23 priority 7 ProCurve config qos udp port 23 priority 7 qos tcp port 80 priority 2 ProCurve config ProCurve config gos udp port 80 priority 1 gos udp port range 100 199 priority 3 ProCurve config show qos tcp udp port priority TCP UDP port based priorities Protocol Application Apply rule Priority TCP UDP TOE UDP UDP Nor Values in these two columns define the QoS classifiers to use for identifying Priority Priority Priority Priority 100 199 Priority t Indicates 802 1p priority assignments are in use for packets with 23 80 or 100 199 as a TCP or UDP AN Shows the 802 1p priority assignment for packets with the indicated QoS classifiers packets to prioritize Application port numbers Figure 5 4
194. fig File for the Current Software Version is Created 4 Now update your switch to the desired version for example T 12 51 Enter the show flash command to see the results The switch is now running the software version T 12 51 4 52 Multiple Instance Spanning Tree Operation Configuring MSTP ProCurve config show flash Size Bytes Date Version Primary Image 6771179 TO T5 07 T Secondary Image 7408949 08 24 07 T Boot Rom Version K 12 12 Default Boot Primary Figure 4 20 Show Flash Command after Upgrading the Switch to a New Version of the Software 1 12 51 5 Ifyou want to run the prior software version T 12 43 in this example enter this command ProCurve config boot system flash secondary config configT1243 cfg After rebooting the switch is running software version T 12 43 and is using the configuration file that you saved for this software version configT1243 cfg You can also save the T 12 43 configuration file on a TFTP server If you wanted to reload the T 12 43 version of the software again reload the config uration file before you do the reload 4 53 Multiple Instance Spanning Tree Operation Displaying MSTP Statistics and Configuration Displaying MSTP Statistics and Configuration Command Page MSTP Statistics show spanning tree port list below show spanning tree port list gt detail 4 57 show spanning tree instance lt ist 1 16 gt 4 58
195. for the Red VID in switch Y VID Numbers 22222222222 2 2222 2 CONSOLE MANAGER MODE 22222222 2 2222 2 2 2 2222 2 2 222 Switch Configuration VLAN VLAN Names DEFAULT VLAN 20 Blue_VLAN Actions gt Add Edit Delete Help Return to previous screen Use up down arrow keys to change record selection change action selection and lt Enter gt to execute action left right arrow keys to Figure 2 27 Example of VLAN ID Numbers Assigned in the VLAN Names Screen VLAN tagging gives you several options Since the purpose of VLAN tagging is to allow multiple VLANs on the same port any port that has only one VLAN assigned to it can be configured as Untagged the default if the authorized inbound traffic for that port arrives untagged Any port with two or more VLANs of the same type can have one such VLAN assigned as Untagged All other VLANs of the same type must be configured as Tagged That is Port Based VLANs Protocol VLANs A port can be a member of one untagged A port can be an untagged member of one port based VLAN All other port based protocol based VLAN of each protocol VLAN assignments for that port mustbe type When assigning a port to multiple tagged protocol based VLANs sharing the same type the port can be an untagged member of only one such VLAN A port can be a tagged member of any port A port can be a tagged member of any based VLAN See above p
196. g ProCurve config d qos protocol ip priority 0 qos protocol appletalk priority 7 qos protocol arp priority 5 ProCurve config show qos protocol Protocol priorities Protocol Priority IP 0 IPX No override ARP 5 AppleTalk 7 SNA No override Net BEUI No override ProCurve config no qos protocol ip z ProCurve config qos protocol arp priority 4 __ ProCurve config show qos protocol ml Protocol priorities Protocol Priority IP No override IPX No override ARP 4 AppleTalk 7 SNA No override Net BI No override Configures IP Appletalk and ARP as QoS classifiers Removes IP as QoS classifier Changes the priority of the ARP QoS classifier Displays the results of these changes Figure 5 20 Adding Displaying Removing and Changing QoS Protocol Classifiers 5 42 Note Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic QoS VLAN ID VID Priority QoS Classifier Precedence 5 The QoS protocol option enables you to use up to 256 VIDs as QoS classifiers Whereaparticular VLAN ID classifier has the highest precedence in the switch for traffic in that VLAN then traffic received in that VLAN is marked with the VID classifier s configured priority level Different VLAN ID classifiers can have differing priority levels Options for Assigning Priority Priority control options fo
197. g QoS Classifiers to Configure Quality of Service for Outbound Traffic a Configure a specific DSCP with a specific priority in an edge switch Configure the switch to mark a specific type of inbound traffic with that DSCP and thus create a policy for that traffic type c Configure the internal switches in your LAN to honor the policy For example you could configure an edge switch to assign a codepoint of 000001 to all packets received from a specific VLAN and then handle all traffic with that codepoint at high priority Fora codepoint listing and the commands for displaying and changing the DSCP Policy table refer to Differentiated Services Codepoint DSCP Mapping on page 5 55 m Precedence Bits This element is a subset of the DSCP and is comprised of the upper three bits of the ToS byte When configured to do so the switch uses the precedence bits to determine a priority for handling the associated packet The switch does not change the setting of the prece dence bits Usingthe ToS Precedence bits to prioritize IPv4 packets relies on priorities set in upstream devices and applications Figure 5 19 shows an example of the ToS byte in the header for an IPv4 packet andillustrates the diffserv bits and precedence bits in the ToS byte Note that the Precedence bits are a subset of the Differentiated Services bits Field Destination Source MAC 802 10 Field Type amp MAC Address Address Version Pac
198. g Tree Operation Troubleshooting an MSTP Configuration ProCurve config show spanning tree root history cst Status and Counters CST Root Changes History MST Instance ID 0 Root Changes Counter 2 2 Current Root Bridge ID 32768 000883 024500 Identifies the root bridge of the common Root Bridge ID spanning tree in a bridged network that _ E S ec connects different MST regions and STP 32768 000883 024500 02 09 07 17 40 59 BERSURSENIEOS 36864 001279 886300 02 09 07 17 40 22 Figure 4 28 Example of show spanning tree root history cst Command Output ProCurve config show spanning tree root history ist Status and Counters IST Regional Root Changes History MST Instance ID 00 Root Changes Counter 2 Current Root Bridge ID 32768 000883 024500 Identifies the root bridge of the internal Root Bridge ID spanning tree in an MST region 32768 000883 024500 02 09 07 17 40 59 36864 001279 886300 02 09 07 17 40 22 Figure 4 29 Example of show spanning tree root history ist Command Output ProCurve config show spanning tree root history mst 2 Status and Counters MST Instance Regional Root Changes History MST Instance ID 02 Root Changes Counter 1 2 Current Root Bridge ID 32770 000883 024500 Identifies the root bridge of an MST Root Bridge ID instance in an MST region 32770 000883 024500 02 09 07 17 40 59 32770 001279 886300 02 09 07 17 40 22 Figure 4 30 Example of show spanning tree root histo
199. g a DSCP Policy Based on TCP or UDP Port Number or Range of Port Numbers 0000 e eee eee eee 5 18 QoS IP Device Priority 0 cece eee ene 5 23 Assigning a Priority Based on IP Address 00 5 24 Assigning a DSCP Policy Based on IP Address 5 25 QoS IP Type of Service ToS Policy and Priority 5 29 Assigning an 802 1p Priority to IPv4 Packets on the Basis of the ToS Precedence Bits 0 cece cence eee 5 30 Assigning an 802 1p Priority to IPv4 Packets on the Basis of Incoming DSCP 2 0 00 cee ee eee eee 5 31 Assigning a DSCP Policy on the Basis of the DSCP in IPv4 Packets Received from Upstream Devices 5 35 Details of QoS IP Type of Service 0 c eee eee 5 38 QoS Protocol Priority 0 00 eens 5 41 Assigning a Priority Based on Layer 3 Protocol 5 41 QoS VLAN ID VID Priority 00 0 0 eee eee ee 5 43 Assigning a Priority Based on VLAN ID suse 5 43 Assigning a DSCP Policy Based on VLAN ID VID 5 45 QoS Source Port Priority 0 0 cee ences 5 49 Assigning a Priority Based on Source Port 4 5 49 Assigning a DSCP Policy Based on the Source Port 5 51 Differentiated Services Codepoint DSCP Mapping 5 55 Default Priority Settings for Selected Codepoints 5 56 Quickly Listing Non Default Codepoint Settings
200. g name to assign to the switch Configure the pending config revision number for the region name If you want an MST instance other than the IST instance configure the instance number and assign the appropriate VLANs VIDs using the pending instance lt 7 76 vlan lt vid vid range gt command Repeat step 5 for each additional MST instance you want to configure 4 46 Caution Multiple Instance Spanning Tree Operation Configuring MSTP 7 To review your pending configuration use the show spanning tree pending command see page 4 62 8 Toexchange the currently active MSTP configuration with the pending MSTP configuration use the spanning tree pending apply command MSTP VLAN Configuration Enhancement Starting in software release 13 x x the MSTP VLAN configuration enhance ment allows you to preconfigure an MSTP regional topology and ensure that the same VLAN ID to MSTI assignments exist on each MSTP switch in the region When this software version is installed the prior VLAN ID to MSTI mappings do not change However this enhancement is not backward compatible If you install a software version prior to this version and you have configured MSTI entries instances mapped to VLANs they will be removed from the configuration file when booting to the prior version of software You must do one of the following if you want to install or reload a prior version of the software 1 Remove all MSTP mappings from the conf
201. gs DSCP policy 802 1p tag Policy name 000000 No override 000001 No override 000010 No override The DSCPs for this 000011 No override example have not yet 000100 No override been assigned an 000101 No override 802 1p priority level 000110 No override 000111 No override Figure 5 24 Display the Current Configuration in the DSCP Policy Table 5 47 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic 2 Configure the priorities for the DSCPs you want to use ProCurve config qos dscp map 000111 priority 7 ProCurve config qos dsco map 000101 priority 5 ProCurve configi qos dscp map 000010 priority 1 ProCurve config f show qos dscp map DSCP 802 p priority mappings DSCP policy 802 1p tag Policy name 000000 000001 000010 000011 000100 000101 000110 000111 001000 Figure 5 25 Assign Priorities to the Selected DSCPs No override No override No override Priorities No override Configured in this step No override p No override M 9 Assign the DSCP policies to the selected VIDs and display the result ProCurve config vlan 1 qos dscp 000010 ProCurve config vlan 20 qos dscp 000010 ProCurve config vlan 30 qos dscp 000101 ProCurvefconfig vlan 40 qos dscp 000111 ProCurve config show qos vlan priority VL N priorities VLAN ID Apply rule DSCP Priority
202. h GVRP Enabled Enabling and Disabling GVRP on the Switch This command enables GVRP on the switch Syntax gvrp This example enables GVRP ProCurve config gvrp This example disables GVRP operation on the switch ProCurve config no gvrp Enabling and Disabling GVRP On Individual Ports When GVRP is enabled on the switch use the unknown vlans command to change the Unknown VLAN field for one or more ports You can use this command at either the Manager level or the interface context level for the desired port s 3 15 GVRP Configuring GVRP On a Switch Syntax interface lt port list unknown vlans lt learn block disable gt Changes the Unknown VLAN field setting for the specified port s For example to change and view the configuration for ports A1 A2 to Block ProCurve config interface al a2 unknown vlans block HP4108 config show qvrp GVRP support Maximum VLANs to support 8 Primary VLAN DEFAULT VLAN GVRP Enabled i Port Type Unknown VLAN 10 100Tx 10 100Tx 10 100Tx 10 100Tx Figure 3 8 Displaying the Static and Dynamic VLANs Active on the Switch Syntax show vlans The show vlans command lists all VLANs present in the switch For example in the following illustration switch B has one static VLAN the default VLAN with GVRP enabled and port 1 configured to Learn for Unknown VLANs Switch A has GVRP enabled and has three static VLANs the
203. h a different set of VLANs and allows one active path among regions in a network Applying VLAN tagging to the ports in a multiple instance spanning tree network enables blocking of redundant links in one instance while allowing forwarding over the same links for non redundant use by another instance For example suppose you have three switches in a region configured with VLANs grouped into two instances as follows VLANs Instance 1 Instance 2 10 11 12 Yes No 20 21 22 No Yes The logical and physical topologies resulting from these VLAN Instance groupings result in blocking on different links for different VLANs 4 4 Multiple Instance Spanning Tree Operation Overview Region A Logical Topology Path blocked for VLANs in instance 2 a Switch A Root for Instance 1 VLANs 10 11 12 Switch A Instance 2 VLANs 20 21 22 S X Switch C Instance 2 VLANs 20 21 22 Switch B Instance 1 VLANs 10 11 12 Switch B Root for Instance 2 VLANs 20 21 22 VLANs 10 11 F Switch C Instance 1 _f Path blocked for VLANs in instance 1 Region A Physical Topology E Path blocked for VLANs in instance 2 EN Switch A Root for Instance 1 Switch B Root for Instance 2 Switch C f E
204. hat VLAN For a dynamic VLAN the name consists of GVRP x where x matches the applicable VID Static Virtual LANs VLANs Configuring VLANs Status Port Based Port Based static VLAN Protocol Protocol Based static VLAN Dynamic Port Based temporary VLAN learned through GVRP Refer to chapter 3 GVRP Voice Indicates whether a port based VLAN is configured as a voice VLAN Refer to Voice VLANs on page 2 55 Jumbo Indicates whether a VLAN is configured for Jumbo packets For more on jumbos refer to the chapter titled Port Traffic Controls in the Management and Configuration Guide for your switch For example ProCurve show vlans When GVRP is disabled f the default Dynamic Status and Counters VLAN Information VLANs donotexist onthe Maximum VLANs to support 8 WARE a Primary VLAN DEFAULT VL N in this sung e 0 Management VLAN chapter 3 GVRP 802 10 VLAN ID Name Status Voice Jumbo VLAN_10 VLAN 15 VLAN_20 GVRP 33 Port based Yes Port based No Protocol No Dynamic No DEFAULT VLAN Port based No l Figure 2 18 Example of Show VLAN Listing GVRP Enabled Displaying the VLAN Membership of One or More Ports This command shows to which VLAN a port belongs Syntax show vlan ports lt port list gt detail Displays VLAN information for an individual port or a group of ports either cumulatively or on a detailed per port basis port list
205. hat switch In this case the switch is in the default stacking configuration Syntax show stack ProCurve config show stack Stacking Stacking Status This Switch Stack State Commander Transmission Interval 60 Stack Name Big Waters Number of members Auto Grab Yes Members unreachable SN MAC Address System Name Device Type Status 0030ce1 7 f cc40 3500y1 Commander Up 0030c1 7fec40 piles 1 Member Up Figure 6 22 Example of Using the Show Stack Command To List the Stacking Configuration for an Individual Switch Viewing the Status of Candidates the Commander Has Detected This example illustrates how to list stack candidates the Commander has discovered in the ip subnet broadcast domain Syntax show stack candidates ProCurve confiq show stack candidates Stack Candidates Candidate MAC System Name Device Type 0060b0 889e00 DEFAULT CONFIG 3500y1 Figure 6 23 Example of Using the Show Stack Candidates Command To List Candidates 6 31 Stack Management Configuring Stack Management Viewing the Status of all Stack Enabled Switches Discovered in the IP Subnet The next example lists all the stack configured switches discovered in the IP subnet Because the switch on which the show stack all command was executed is a candidate it is included in the Others category Syntax show stack all ProCurve contigi show stack all Stacking Stacking Status All Stack Name MAC Address System Na
206. he net work while keeping the switch s CPU load at a moderate level by aggregating multiple VLANs in a single spanning tree instance MSTP provides fault tolerance through rapid automatic reconfiguration if there is a failure in a network s physical topology With MSTP capable switches you can create a number of MST regions con taining multiple spanning tree instances This requires the configuration of a number of MSTP capable switches However it is NOT necessary to do this You can just enable MSTP on an MSTP capable switch and a spanning tree instance is created automatically This instance always exists by default when spanning tree is enabled and is the spanning tree instance that communicates with STP and RSTP environments The MSTP configuration commands oper ate exactly like RSTP commands and MSTP is backward compatible with the RSTP enabled and STP enabled switches in your network Spanning tree interprets a switch mesh as a single link Because the switch automatically gives faster links a higher priority the default MSTP parameter settings are usually adequate for spanning tree operation Also because incorrect MSTP settings can adversely affect network performance you should not change the MSTP settings from their default values unless you have a strong understanding of how spanning tree operates 4 6 Multiple Instance Spanning Tree Operation 802 1s Multiple Spanning Tree Protocol MSTP In a mesh environment th
207. hed to the same subnet Although it appears as an asymmetric path to network hosts the MAC address configuration feature enables Layer 3 VLAN migration A successful VLAN migration is achieved because the hosts do not verify that the source MAC address and the destina tion MAC address are the same when communicating with the routing switch Static Virtual LANs VLANs Migrating Layer 3 VLANs Using VLAN MAC Configuration Sending Heartbeat Packets with a Configured MAC Address On the VLAN interfaces of a routing switch the user defined MAC address only applies to inbound traffic As a result any connected switches need to learn the new address that is included in the Ethernet frames of outbound VLAN traffic transmitted from the routing switch If a connected switch does not have the newly configured MAC address ofthe routing switch as a destination in its MAC address table it floods packets to all of its ports until a return stream allows the switch to learn the correct destination address As a result the performance of the switch is degraded as it tries to send Ethernet packets to an unknown destination address To allow connected switches to learn the user configured MAC address of a VLAN interface the ProCurve routing switch can send periodic heartbeat like Ethernet packets The Ethernet packets contain the configured MAC address as the source address in the packet header IP multicast packets or Ethernet service frames are prefer
208. idate has a valid IP address for your network or a direct serial port connection to access the menu interface Main Menu for the Candidate switch and select 9 Stacking 1 Stacking Status This Switch You will then see the Candidate s Stacking Status screen Coral Sea mzmzzzzzzmzzzzzzzz2z22z222 222 TELNET MANAGER MODE 222222222 222 22 222222 22222 22 Stacking Stacking Status This Switch Stack State Candidate Transmission Interval 60 Auto Join No Actions gt Help Figure 6 21 Example of a Candidate s Stacking Screen 6 28 Stack Management Configuring Stack Management Using the CLI To View Stack Status and Configure Stacking The CLI enables you to do all ofthe stacking tasks available through the menu interface Table 6 6 CLI Commands for Configuring Stacking on a Switch CLI Command show stack candidates view all no stack Operation Commander Shows Commander s stacking configuration and lists the stack members and their individual status Member Lists Member s stacking configuration and status and the status and the IP address and subnet mask of the stack Commander Options candidates Commander only Lists stack Candidates view Commander only Lists current stack Members and their individual status all Lists all stack Commanders Members and Candidates with their individual status Any Stacking Capable Switch Enables or disables stac
209. ies 3400cl switches Switch 2900 Switch 2810 Series 2800 switches Series 2600 2600 PWR switches Series 2510 switches To determine whether other vendors devices use single forwarding or multiple forwarding database architectures refer to the documentation provided for those devices Single Forwarding Database Operation When a packet arrives with a destination MAC address that matches a MAC address in the switch s forwarding table the switch tries to send the packet to the port listed for that MAC address But if the destination port is in a different VLAN than the VLAN on which the packet was received the switch drops the packet This is not a problem for a switch with a multiple forwarding database refer to table 2 6 above because the switch allows multiple instances of a given MAC address one for each valid destination However a switch with a single forwarding database allows only one instance of a given MAC address If 1 you connect the two types of switches through multiple ports or trunks belonging to different VLANs and 2 enable routing on the switch having the multiple forwarding database then on the switch having the single forwarding database the port and VLAN record it maintains for the connected multiple forwarding database switch can frequently change This causes poor performance and the appearance of an intermittent or broken connection 2 19 Static Virtual LANs VLANs Multiple VLAN Consider
210. ig file and then reconfigure the instance mapping after you are running the desired software version 2 Save your current configuration file before updating your software to a new version If you later reload this older version of the software you can used this configuration file when you reload the older version See How to Save Your Current Configuration on page 4 52 The default behavior ofthe spanning tree instance vlan command changes so that before a static VLAN is configured or a dynamic VLAN is learned on the switch you can preconfigure its VLAN ID to MSTI mapping Later when the VLAN is created itis automatically assigned to the MSTI to which you had previously mapped it By supporting preconfigured VLAN ID to MSTI topologies the VLAN Config uration enhancement provides the following benefits m Scalability In a network design in which you plan to use a large number of VLANS you can preconfigure identical VLAN ID to MSTI mappings on all switches in a single campus wide MST region regardless of the specific VLANs that you later configure on each switch After the initial VLAN ID to MSTI mapping you can decide on the exact VLANs that you need on each switch 4 47 Multiple Instance Spanning Tree Operation Configuring MSTP All switches in a region must be configured with the same VLAN ID to MSTI mappings and the same MSTP configuration identifiers region name and revision number m Flexibility By preconfigu
211. imum number of IP addresses supported on a switch is 2048 which includes all IP addresses configured for both VLANs and loopback interfaces except for the default loopback IP address 127 0 0 1 Each IP address that you configure on a VLAN interface must be unique in the switch This means thatthe address cannotbe used by a VLAN interface or another loopback interface For more information refer to the chapter on Configuring IP Addressing inthe Management and Configuration Guide Static Virtual LANs VLANs Static VLAN Operation Port Based VLANs Protocol Based VLANs Untagged VLAN Membership A port can be a member of one untagged port based VLAN All other port based VLAN assignments for that port must be tagged A port can be an untagged member of one protocol VLAN ofa specific protocoltype such as IPX or IPv6 If the same protocol type is configured in multiple protocol VLANs then a port can be an untagged member of only one of those protocol VLANs For example if you have two protocol VLANs 100 and 200 and both include IPX then a port can be an untagged member of either VLAN 100 or VLAN 200 but not both VLANs A port s untagged VLAN memberships can include up tofour differentprotocoltypes This meansthata port can be an untagged member of one of the following e Four single protocol VLANs Two protocol VLANs where one VLAN includes a single protocol and the other includes up to three protocols
212. in as separate broadcast domains and cannot receive traffic from each other without routing If multiple non routable VLANs exist in the switch such as NETbeui protocol VLANs then they cannot receive traffic from each other under any circumstances The switch requires VLAN tagging on a given port if the port will be receiving inbound tagged VLAN traffic that should be forwarded Even if the port belongs to only one VLAN it forwards inbound tagged traffic only if it is a tagged member of that VLAN If the only authorized inbound VLAN traffic on a port arrives untagged then the port must be an untagged member of that VLAN This is the case where the port is connected to a non 802 1Q compliant device or is assigned to only one VLAN For example if port 7 on an 802 1Q compliant switch is assigned to only the Red VLAN the assignment can remain untagged because the port will forward traffic only for the Red VLAN However if both the Red and Green VLANs are assigned to port 7 then at least one of those VLAN assignments must be tagged so that Red VLAN traffic can be distinguished from Green VLAN traffic Figure 2 26 shows this concept Static Virtual LANs VLANs 802 10 VLAN Tagging Blue Server White Server Red Server Green Server Red VLAN Untagged A 3 Green VLAN Tagged Switch 5 y 1 2 Red VLAN Ports 1 6 Untagged Ports 1
213. ing an 802 1p priority and also assign ing a DSCP policy For a given incoming codepoint if you configure one option and then the other the second overwrites the first To use this option 1 Identify a DSCP used to set a policy in packets received from an upstream or edge switch 2 Determine the 802 1p priority 0 7 you want to apply to packets carrying the identified DSCP You can either maintain the priority assigned in the upstream or edge switch or assign a new priority 3 Use qos dscp map lt codepoint gt priority lt 0 7 gt to assign the 802 1p priority you want to the specified DSCP For more on this topic refer to Differ entiated Services Codepoint DSCP Mapping on page 5 55 4 Enable diff services 5 32 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic Syntax qos type of service diff services codepoint gt Causes the switch to read the codepoint DSCP of an incoming IPv4 packet and when a match occurs assign a corresponding 802 1p priority as configured in the switch s DSCP table page 5 56 no qos type of service Disables all ToS classifier operation no qos dscp map lt codepoint gt Disables direct 802 1p priority assignment to packets carry ing the lt codepoint gt by reconfiguring the codepoint priority assignment in the DSCP table to No override Note that if this codepoi
214. ing the maximum number of VLANs to support Changing the Primary VLAN selection See Changing the Primary VLAN on page 2 35 Enabling or disabling dynamic VLANs Refer to chapter 3 GVRP From the Main Menu select 2 Switch Configuration 8 VLAN Menu 1 VLAN Support You will then see the following screen 2 22222 22 22222 CONSOLE MANAGER MODE 2222222222 222 22 2 22 22222222 Switch Configuration VLAN VLAN Support Maximum VLANs to support 8 8 Primary VLAN DEFAULT VLAN GVRP Enabled No No Edit Save Help Figure 2 12 The Default VLAN Support Screen 2 Press E for Edit then do one or more of the following e To change the maximum number of VLANSs type the new number 1 2048 allowed default 256 e To designate a different VLAN as the Primary VLAN select the Primary VLAN field and use the space bar to select from the existing options Note that the Primary VLAN must be a static port based VLAN e To enable or disable dynamic VLANs select the GVRP Enabled field and use the Space bar to toggle between options For GVRP informa tion refer to chapter 3 GVRP For optimal switch memory utilization set the number of VLANs at the number you will likely be using or a few more If you need more VLANs later you can increase this number but a switch reboot will be required at that time 3 Press Enter and then S to save the VLAN support configuration a
215. ings on the communicating bridges The received BPDU is still processed by MSTP This counter is maintained by the CIST default MST instance 0 on a per port basis Looped back BPDUs Number of times a port has received self sent BPDU packets as the result of an external loop condition in which the BPDUs were looped back to the originating transmission port The received BPDU is still processed by MSTP and the port changes to a blocked state This counter is maintained by the CIST default MST instance 0 on a per port basis Starved BPDUs Number of times that no BPDUs are received within the scheduled interval three times the Hello Time value configured with the spanning tree hello time command from a downstream CIST designated peer port on the CIST root alternate or backup port As a result the starved porttriggers a spanning tree topology regeneration This counter is maintained by the CIST default MST instance 0 on a per port basis Starved MSTI MSGs Number of times that no BPDUs are received within the scheduled interval three times the Hello Time value configured with the spanning tree hello time command from a downstream MSTI designated peer port on the MSTI root alternate or backup port As a result the starved porttriggers a spanning tree topology regeneration This counter is maintained by the CIST default MST instance 0 on a per port basis Exceeded Max Age BPDUs Number of times that a BPDU
216. int e a2 ProCurve feth A2 qos dscp 000111 ProCurve eth A2 show qos port priority Port priorities Port Apply rule Priority No override DSCP 000111 7 No override No override No override No override DSCP 000101 DSCP 000101 DSCP No override No override No override No override No override No override No override No override No override Figure 5 31 The Completed Source Port DSCP Priority Configuration Radius Override Field During a client session authenticated by a RADIUS server the server can impose a port priority that applies only to that client session Refer to the RADIUS chapter in the Access Security Guide for your switch 5 54 Quality of Service QoS Managing Bandwidth More Effectively Differentiated Services Codepoint DSCP Mapping Differentiated Services Codepoint DSCP Mapping The DSCP Policy Table associates an 802 1p priority with a specific ToS byte codepoint in an IPv4 packet This enables you to set a LAN policy that operates independently of 802 1Q VLAN tagging Inthe default state most of the 64 codepoints do not assign an 802 1p priority as indicated by No override in table 5 9 on page 5 56 You can use the following command to list the current DSCP Policy table change the codepoint priority assignments and assign optional names to the codepoints Syntax show qos dscp map Displays the DSCP Policy Table qos dscp map lt codepoint gt pri
217. ion 1 11 22 Instance ID Mapped VLANs Switch Priority Topology Change Count Time Since Last Change Regional Root MAC Address Regional Root Priority Regional Root Path Cost Regional Root Port Remaining Hops Port Type 200000 200000 200000 uto 10 100TX 10 100TX 10 100TX 10 100TX 32768 4 6 secs 0001e7 948300 32768 400000 Al 18 Designated Priority Role State t Forwarding 000883 028300 Designated Forwarding 000883 02a700 Designated Forwarding 000883 02a3700 Disabled Disabled Figure 4 23 Example of MSTP Statistics for a Specific Instance on an MSTP Switch 4 58 Multiple Instance Spanning Tree Operation Displaying MSTP Statistics and Configuration Displaying the MSTP Configuration Displaying the Global MSTP Configuration This command displays the switch s basic and MST region spanning tree configuration including basic port connectivity settings Syntax show spanning tree config The upper part of this output shows the switch s global spanning tree configuration that applies to the MST region The port listing shows the spanning tree port parameter settings for the spanning tree region operation configured by the spanning tree lt port list command For information on these parameters refer to Configuring MSTP Per Port Parameters on page 4 25 Syntax show spanning tree port list config This command shows the same data as the above command but lists the sp
218. ion 2 Configure the DSCP policies for the codepoints you want to use 5 21 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic ProCurve config qos dscp map 000111 priority 7 ProCurve config qos dscp map 000101 priority 5 ProCurve configi qos dscp map 000010 priority 1 ProCurve config f show qos dscp map DSCP 802 p priority mappings DSCP policy 802 1p tag Policy name 000000 No override oooo01 No override Conani 1 000011 No override ODIUM Ro CNELESUR DSCP Policies 000110 NO OVOLzid Configured in this Step 000111 7 001000 No override Figure 5 6 Assign Priorities to the Selected DSCPs 3 Assign the DSCP policies to the selected UDP TCP port applications and display the result ProCurve config qos udp port 23 dscp 000111 ProCurve config qos tcp port 80 dscp 000101 ProCurve config qos tcp port 914 dscp 000010 ProCurve config qos udp port range 1001 2000 dscp 000010 ProCurve config show qos tcp udp port priority TCP UDP port based priorities Application Protocol Port Apply rule DSCP Priority UDP TCP TCP UDP DSCP 000111 80 DSCP 000101 914 DSCP 000010 1001 2000 DSCP 000010 Figure 5 7 The Completed DSCP Policy Configuration for the Specified UDP TCP Port Applications The switch will now apply
219. ion and Enter to execute action Figure 6 15 The Prompt for Completing the Deletion of a Member from the Stack 6 22 Stack Management Configuring Stack Management 4 To continue deleting the selected Member press the Space bar once to select Yes for the prompt then press Enter to complete the deletion The Stack Management screen updates to show the new stack Member list Using the Commander To Access Member Switches for Configuration Changes and Monitoring Traffic After a Candidate becomes a stack Member you can use that stack s Commander to access the Member s console interface for the same configu ration and monitoring that you would do through a Telnet or direct connect access 1 From the Main Menu select 9 Stacking 5 Stack Access You will then see the Stack Access screen For status descriptions see the table on page 6 45 Pacific Ocean Seeeseseseeeee5 CONSOLE MANAGER MODE 525222222222 2B Stacking Stack Access System Name Device Type Status HP 2512 Commander Up Coral Sea 3500yl Member Up 2 080009 8c5080 North Atlantic 3500y 1 Member Up Actions gt eXecute Help Return to previous screen Use arrow keys to change field selection Figure 6 16 Example of the Stack Access Screen Use the down arrow key to select the stack Member you want to access then press X for eXecute to display the console interface forthe sel
220. iple VLAN Considerations on page 2 18 Port Trunks When assigning a port trunk to a VLAN all ports in the trunk are automatically assigned to the same VLAN You cannot split trunk members across multiple VLANs Also a port trunk is tagged untagged or excluded from a VLAN in the same way as for individual untrunked ports Port Monitoring If you designate a port on the switch for network monitoring this port will appear in the Port VLAN Assignment screen and can be configured as a member of any VLAN For information on how broadcast multicast and unicast packets are tagged inside and outside of the VLAN to which the monitor port is assigned refer to the section titled VLAN Related Problems in the Troubleshooting appendix of the Management and Configuration Guide for your switch Jumbo Packet Support Jumbo packet support is enabled per VLAN and applies to all ports belonging to the VLAN For more information refer to the chapter titled Port Traffic Controls in the Management and Configuration Guide for your switch 2 58 Static Virtual LANs VLANs VLAN Restrictions VLAN Restrictions m A port must be a member of at least one VLAN In the factory default configuration all ports are assigned to the default VLAN DEFAULT_VLAN VID 1 m Aport can be a member of one untagged port based VLAN All other port based VLAN assignments for that port must be tagged The Untagged designation enables VL
221. is codepoint will be used to overwrite the DSCP carried in packets received through the source port from upstream devices b Determine the 802 1p priority you want to assign to the DSCP 5 51 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic Note Configure the DSCP policy by using qos dscp map to configure the priority for each codepoint For details refer to the example later in this section and to Differentiated Services Codepoint DSCP Mapping on page A codepoint must have an 802 1p priority assignment 0 7 before you can configure that codepoint as a criteria for prioritizing packets by source port If a codepoint shows No override in the Priority column of the DSCP Policy Table show qos dscp map then you must assign a 0 7 priority before 4 Configure the switch to assign the DSCP policy to packets from the specified source port Syntax qos dscp map lt codepoint gt priority lt 0 7 gt This command is optional if a priority has already been assigned to the lt codepoint gt The command creates a DSCP policy by assigning an 802 1p priority to a specific DSCP When the switch applies this priority to a packet the priority determines the packet s queue in the outbound port to which it is sent If the packet leaves the switch on a tagged port it carries the 802 1p priority with it to the next downstream devi
222. is line in the show running output spanning tree instance 1 A2 priority 3 4 43 Multiple Instance Spanning Tree Operation Configuring MSTP Syntax spanning tree lt port list gt priority lt priority multiplier gt This command sets the priority for the specified port s for the IST that is Instance 0 of the region in which the switch resides The priority component of the port s Port Identifier is set The Port Identifier is a unique identifier that helps distinguish this switch s ports from all others It consists of the Priority value with the port number extension PRIORITY PORT_NUMBER A port with a lower value of Port Identifier is more likely to be included in the active topology This priority is compared with the priorities of other ports in the IST to determine which port is the root port for the IST instance The lower the priority value the higher the priority The IST root port or trunk in a region provides the path to connected regions for the traffic in VLANs assigned to the region s IST instance The priority range for a port in a given MST instance is 0 240 However this command specifies the priority as a multiplier 0 15 of 16 That is when you specify a priority multiplier of 0 15 the actual priority assigned to the switch is priority multiplier x 16 For example configuring 5 as the priority multiplier on a given port in the IST instance for a region creates an actua
223. is to be changed ProCurve config show qos vlan priority VLAN ID Apply rule DSCP Priority No override VL N priorities No override ProCurve config show qos type of service Type of Service Disabled Disabled Figure 5 34 Example of a Search to Identify Classifiers Using a Codepoint You Want To Change 5 60 Quality of Service QoS Managing Bandwidth More Effectively Differentiated Services Codepoint DSCP Mapping 2 Change the classifier configurations by assigning them to a different DSCP policy or to an 802 1p priority or to No override For example a Deletethe policy assignment for the device priority classifier That is assign it to No override b Create anew DSCP policy to use for re assigning the remaining classifiers c Assign the port priority classifier to the new DSCP policy d Assign the udp port 1260 classifier to an 802 1p priority a ProCurve config f no qos device priority 10 26 50 104 b ProCurve config qos dscp map 000100 priority 6 ProCurve contig int e a3 qos dscp 000100 D ProCurve config qos udp port 1260 priority 2 9 Reconfigure the desired priority for the 000001 codepoint ProCurve config qos dscp map 000001 priority 4 4 Youcould now re assign the classifiers to the original policy codepoint or leave them as currently configured 5
224. itch VLAN Blue VLAN Blue Blue Blue n WAN VLAN VLAN VLAN Figure 2 5 Example of Tagged and Untagged VLAN Technology in the Same Network For more information on VLANS refer to m Overview of Using VLANs page 2 46 m Menu Configuring VLAN Parameters page 2 22 2 12 Static Virtual LANs VLANs Static VLAN Operation CLI Configuring VLAN Parameters page 2 22 Web Viewing and Configuring VLAN Parameters page 2 40 VLAN Tagging Information page 2 41 Effect of VLANs on Other Switch Features page 2 57 VLAN Restrictions page 2 59 Per Port Static VLAN Configuration Options The following figure and table show the options you can use to assign individual ports to a static VLAN Note that GVRP if configured affects these options and VLAN behavior on the switch The display below shows the per port VLAN configuration options Table 2 4 briefly describes these options Example of Per Port VLAN Configuration with GVRP Disabled the default Example of Per Port VLAN Configuration with GVRP Enabled Port DEFAULT VLAN VLAN 22 Al h2 43 44 AS Forbid Tagged Tagged Tagged Port Al h2 A3 44 AS DEFAULT VLAN VLAN 22 Forbid Tagged Enabling GVRP causes No to display as Auto Figure 2 6 Comparing Per Port VLAN Options With and Without
225. ket FF FF FF FF FF FF 08 00 09 00 00 16 08 00 45 Differentiated Services Codepoint Precedence Rsvd Bits Figure 5 19 The ToS Codepoint and Precedence Bits Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic Table 5 7 How the Switch Uses the ToS Configuration ToS Option 802 1p Value 0 7 Differentiated Services Outbound Port IPPacketSentOut Depending on the value of the IP For a given packet carrying a ToS codepoint that the switch an Untagged Port Precedence bits in the packet s ToS has been configured to detect in a VLAN field the packetwillgotooneofeight e Change the codepoint according to the configured policy outbound port queues in the switch and assign the 802 1p priority specified for the new codepoint in the DSCP Policy Table page 5 55 Donotchange the codepoint but assign the 802 1p priority 0 3 normal priority queue 3 4 a a codepoint in the DSCP Policy 1 2 low priority queue 1 2 Depending on the 802 1p priority used the packet will leave 4 5 medi Sediu priority Aquoud seb the switch through one of the following queues 6 7 high priority queue 7 8 1 2 low priority queue 1 2 0 3 normal priority queue 3 4 4 5 medium priority queue 5 6 6 7 high priority queue 7 8 If No override the default has been configured for a specified cod
226. king on the switch Default Stacking Enabled no stack commander stack name Candidate or Commander Converts a Candidate to a Commander or changes the stack name of an existing commander No form eliminates named stack and returns Commander and stack Members to Candidate status with Auto Join set to No No form prevents the switch from being discovered as a stacking capable switch Default Switch Configured as a Candidate no stack auto grab Commander Causes Commander to automatically add to its stack any discovered Candidate in the subnet that does not have a Manager password and has Auto Join set to Yes Default Disabled Note If the Commander s stack already has 15 members the Candidate cannot join until an existing member leaves the stack 6 29 Stack Management Configuring Stack Management CLI Command Operation no stack member switch num mac address mac addr password lt password str gt Commander Adds a Candidate to stack membership No form removes a Member from stack membership To easily determine the MAC address of a Candidate use the show stack candidates command To determine the MAC address of a Member you wantto remove use the show stack view command The password password str is required only when adding a Candidate that has a Manager password telnet 7 15 Used In Commander Only Commander Uses the SN switch number assigned by th
227. l Default Setting Other Settings Candidate Commander Member or Disabled Yes No 60 Seconds Range 1 to 300 seconds Using the Menu To Push a Switch Into a Stack Modify the Switch s Configuration or Disable Stacking on the Switch Use Telnet or the web browser interface to access the Candidate if it has an IP address Other wise use a direct connection from a terminal device to the switch s console port For information on how to use the web browser interface see the online Help provided for the browser l Display the Stacking Menu by selecting Stacking in the console Main Menu 2 Display the Stack Configuration menu by pressing 3 to select Stack Configuration Stack Management Configuring Stack Management DEFAULT CONFIG Stacking Stack Configuration Stack State Candidate Auto Join Yes Yes Transmission Interval 60 60 Actions gt Edit Save Help Cancel changes and return to previous screen Use arrow keys to change action selection and lt Enter gt to execute action Figure 6 8 The Default Stack Configuration Screen 3 Move the cursor to the Stack State field by pressing E for Edit 4 Do one of the following e To disable stacking on the Candidate use the Space bar to select the Disabled option then go to step 5 Note Using the menu interface to disable stacking on a Candidate removes the Candidate from all stacking menus e To insert the Candidate into a specific Comm
228. l Priority setting of 80 Thus after you specify the port priority multiplier for the IST instance the switch displays the actual port priority and not the multiplier in the show spanning tree instance ist or show spanning tree lt port list gt instance ist displays You can view the actual multiplier setting for ports in the IST instance by executing show running and looking for an entry in this format spanning tree lt port list gt priority lt priority multiplier gt For example configuring port A2 with a priority multiplier of 2 in the IST instance results in this line in the show running output spanning tree A2 priority 2 4 44 Note Multiple Instance Spanning Tree Operation Configuring MSTP Enabling or Disabling Spanning Tree Operation This command enables or disables spanning tree operation for any spanning tree protocol enabled on the switch Before using this command to enable spanning tree ensure that the version you want to use is active on the switch Syntax no spanning tree Enabling spanning tree with MSTP configured implements MSTP for all physical ports on the switch according to the VLAN groupings for the IST instance and any other configured instances Disabling MSTP removes protection against redundant loops that can significantly slow or halt a network This command simply turns spanning tree on or off It does not change the existing spanning tree configuration The convergence
229. l Based VLANs and dynamic GVRP learned VLANSs that have not been converted to a static VLAN cannot be the Primary VLAN To display the current Primary VLAN use the CLI show vlan command If you configure a non default VLAN as the Primary VLAN you cannot delete that VLAN unless you first select a different VLAN to serve as primary If you manually configure a gateway on the switch it ignores any gateway address received via DHCP or Bootp To change the Primary VLAN configuration refer to Changing the Primary VLAN on page 2 35 The Secure Management VLAN Configuring a secure Management VLAN creates an isolated network for managing the ProCurve switches that support this feature As of December 2005 the Secure Management VLAN feature is available on these ProCurve switches m Switch 8212zl m Series 4100gl switches m Series 6400cl switches m Series 3500yl switches m Switch 6200yl m Series 3400cl switches m Switch 6108 m Switch 2900 m Series 5400zl switches m Series 2800 switches m Series 5300xl switches m Series 2600 switches Series 4200vl switches If you configure a Secure Management VLAN access to the VLAN and to the switch s management functions Menu CLI and web browser interface is available only through ports configured as members m Multiple ports on the switch can belong to the Management VLAN This allows connections for multiple management stations you want to have access to the Management VLAN whi
230. late behavior of earlier versions of spanning tree protocol or return to MSTP behavior The command is useful in test or debug applications and removes the need to reconfigure the switch for temporary changes in spanning tree operation stp compatible The switch applies 802 1D STP operation on all ports rstp operation The switch applies 802 Iw operation on all ports except those ports where it detects a system using S02 1D Spanning Tree mstp operation The switch applies 802 1s MSTP operation on all ports where compatibility with 802 1D or 802 1w spanning tree protocols is not required Note that even when mstp operation is selected if the switch detects an 802 1D BPDU or an 802 1w BPDU on a port it communicates with the device linked to that port using STP or RSTP BPDU packets Also if errors are encountered as described in the Note on MSTP Rapid State Transitions on page 4 18 setting force version to stp compatible forces the MSTP switch to communicate out all ports using operations that are compatible with IEEE 802 1D STP 4 21 Multiple Instance Spanning Tree Operation Configuring MSTP Syntax spanning tree forward delay Sets time the switch waits between transitioning from listening to learning and from learning to forwarding states Range 4 30 Default 15 Syntax spanning tree legacy mode Sets spanning tree protocol to operate in 802 1D legacy mode STP compatible Default MSTP operation
231. layed in the output of show spanning tree debug counters commands Table 4 1 MSTP Debug Command Output Field Descriptions Field Description Invalid BPDUs Number of received BPDUs that failed standard MSTP 802 10 REV D5 0 14 4 validation checks and were dropped This counter is maintained by the CIST default MST instance 0 on a per port basis Errant BPDUs Number of received BPDUs that were dropped on a port that is configured to not expect BPDU packets This counter is maintained by the CIST default MST instance 0 in the network on a per port basis and is incremented each time a BPDU packet is received on a port configured with the BPDU filter to ignore incoming BPDU packets spanning tree bpdu filter command or the BPDU protection feature to disable the port when BPDU packets are received spanning tree bpdu protection command 4 71 Multiple Instance Spanning Tree Operation Troubleshooting an MSTP Configuration Field MST Config Error BPDUs Description Number of BPDUs received from a neighbor bridge with inconsistent MST configuration information For example BPDUs from a transmitting bridge may contain the same MST configuration identifiers region name and revision number and format selector as the receiving bridge but the value of the Configuration Digest field VLAN ID assignments to regional IST and MST instances is different This difference indicates a probable configuration error in MST region sett
232. le at the same time allowing Man agement VLAN links between switches configured for the same Manage ment VLAN 2 47 Static Virtual LANs VLANs Special VLAN Types m Only traffic from the Management VLAN can manage the switch which means that only the workstations and PCs connected to ports belonging to the Management VLAN can manage and reconfigure the switch Figure 2 29 illustrates use of the Management VLAN feature to support man agement access by a group of management workstations Switches A B and C are connected by ports belonging to the management VLAN zl Switch B o Hub X is connected to a switch port that belongs to the management VLAN As a result the devices connected to Hub X are included in the management VLAN Other devices connected to the H switches through ports B that are not in the management VLAN are excluded from management traffic Links with Ports Belonging to the Management VLAN and other VLANs Links Between Ports on a Hub and Ports belonging to the Management VLAN Links Not Belonging to the Management VLAN Management Workstations Links to Other Devices Figure 2 29 Example of Potential Security Breaches
233. ll generate and forward advertisements for static VLAN s configured on the switch and also for dynamic VLANs the switch learns on other ports To configure tagging Auto or Forbid see Configuring Static VLAN Per Port Settings on page 2 38 for the CLI or Adding or Changing a VLAN Port Assignment on page 2 26 for the menu Note GVRP GVRP and VLAN Access Control As the preceding table indicates when you enable GVRP a port that has a Tagged or Untagged static VLAN has the option for both generating advertise ments and dynamically joining other VLANs In table 3 2 above the Unknown VLAN parameters are configured on a per port basis using the CLI The Tagged Untagged Auto and Forbid options are configured per static VLAN on every port using either the menu interface or the CLI Because dynamic VLANs operate as Tagged VLANs and because a tagged port on one device cannot communicate with an untagged port on another device ProCurve recommends that you use Tagged VLANs for the static VLANs you will use to generate advertisements GVRP and VLAN Access Control Advertisements and Dynamic Joins When you enable GVRP on a switch the default GVRP parameter settings allow all of the switch s ports to transmit and receive dynamic VLAN adver tisements GVRP advertisements and to dynamically join VLANs The two preceding sections describe the per port features you can use to control and limit VLAN propagation To s
234. llowing procedure returns the stack mem bers to Candidate status with Auto Join set to No and converts the stack Commander to a Member of another stack When moving a member the procedure simply pulls a Member out of one stack and pushes it into another L 2 From the Main Menu of the switch you want to move select 9 Stacking To determine the MAC address of the destination Commander select 2 Stacking Status All 6 24 Stack Management Configuring Stack Management 3 Press B for Back to return to the Stacking Menu 4 Todisplay Stack Configuration menu for the switch you are moving select 3 Stack Configuration 5 Press E for Edit to select the Stack State parameter 6 Use the Space bar to select Member then press 1 to move to the Com mander MAC Address field 7 Enter the MAC address of the destination Commander and press Enter 8 Press S for Save Monitoring Stack Status Usingthe stacking options in the menu interface for any switch in astack you can view stacking data for that switch or for all stacks in the subnet broadcast domain If you are using VLANs in your stack environment see Stacking Operation with a Tagged VLAN on page 6 44 This can help you in such ways as determining the stacking configuration for individual switches identifying stack Members and Candidates and determining the status of individual switches in a stack See table 6 5 on page 6 25 Table 6
235. logy changes to other ports Default No disabled Configuring BPDU Filtering The STP BPDU filter feature allows control of spanning tree participation on a per port basis It can be used to exclude specific ports from becoming part of spanning tree operations A port with the BPDU filter enabled will ignore incoming BPDU packets and stay locked in the spanning tree forwarding state All other ports will maintain their role Here are some sample scenarios in which this feature may be used m To have STP operations running on selected ports of the switch rather than every port of the switch at a time m To prevent the spread of errant BPDU frames m To eliminate the need for a topology change when a port s link status changes For example ports that connect to servers and workstations can be configured to remain outside of spanning tree operations m To protect the network from denial of service attacks that use spoofing BPDUS by dropping incoming BPDU frames For this scenario BPDU protection offers a more secure alternative imple menting port shut down and a detection alert when errant BPDU frames are received see page 4 31 for details Ports configured with the BPDU filter mode remain active learning and forward frames however spanning tree cannot receive or transmit BPDUs on the port The port remains in a forwarding state permitting all broadcast traffic This can create a network storm if there are any loops that is
236. me 4 14 CIST root 4 27 CIST root display change history 4 63 common and internal spanning tree See CIST common spanning tree See CST compatibility 4 16 compatibility mode 4 21 configuration 4 20 4 45 configuration identifier 4 14 configuration steps 4 18 configuration BPDU port protection 4 29 configuration exchanging 4 45 configuration MST instance 4 39 configuration MSTI per port 4 42 configuration port 4 25 CST 4 8 4 11 4 13 CST and legacy devices 4 11 CST view status 4 56 4 57 debug display counters 4 66 4 67 4 69 default configuration 4 9 designated bridge 4 11 4 14 designated port 4 11 disabling MSTP 4 45 display statistics and configuration 4 54 dynamic VLANs disallowed 4 9 edge port 4 26 enabling a region 4 45 enabling MSTP 4 45 example of multiple topologies 4 10 4 Index fault tolerance 4 6 force protocol version 4 16 forward delay 4 22 forwarding paths 4 15 forwarding state 4 26 frame duplication and misordering 4 16 general operation 4 4 4 6 GVRP 4 8 4 15 hello time CIST root propagated 4 14 4 22 hello time override 4 14 hello time propagated 4 14 hop count decremented 4 22 instance 4 4 4 15 4 19 instance display debug counters 4 66 4 67 4 69 instance forwarding topology 4 15 instance IST 4 8 instance typ
237. me Big Waters D 3 0sli 7fece40 350071 Commander Up 3 cl 7fec4 Big Waters 1 Member Up Others 0n 60b0 289e 00 DEFAULT CONFIG Candidate Figure 6 24 Result of Using the Show Stack All Command To List Discovered Switches in the IP Subnet Viewing the Status of the Commander and Current Members of the Commander s Stack The next example lists all switches in the stack of the selected switch Syntax show stack view Procurve config show stack view Stack Members SN MAC Address System Name Device Type Status O B 3 el 7Tfee40 3500y1 3500y1 Commander Up 1 0030 1 7fec40 Big Waters 1 350071 Member Up Figure 6 25 Example of the Show Stack View Command To List the Stack Assigned to the Selected Commander 6 32 Note Stack Management Configuring Stack Management Using the CLI To Configure a Commander Switch You can configure any stacking enabled switch to be a Commander as long as the intended stack name does not already exist on the broadcast domain When you configure a Commander you automatically create a corresponding stack Before you begin configuring stacking parameters 1 Configure IP addressing on the switch intended for stack commander and if not already configured on the primary VLAN For more on configuring IP addressing refer to the Management and Configuration Guide for your switch The primary VLAN must have an IP address in order for stacking to operate properly For more on
238. ment the port automatically operates as non edge not enabled Default No disabled If admin edge port is disabled on a port and auto edge port has not been disabled the auto edge port setting controls the behavior of the port The no spanning tree lt port list gt admin edge port command disables edge port operation on the specified ports Syntax no spanning tree port list auto edge port Supports the automatic identification of edge ports The port will look for BPDUs for 3 seconds if there are none it begins forwarding packets If admin edge port is enabled for a port the setting for auto edge port is ignored whether set to yes or no If admin edge port is set to No and auto edge port has not been disabled set to No then the auto edge port setting controls the behavior of the port Default Yes enabled The no spanning tree lt port list gt auto edge port command disables auto edge port operation on the specified ports Syntax spanning tree lt port list gt mcheck Forces a port to send RST MST BPDUS for 3 seconds This tests whether all STP bridges on the attached LAN have been removed and the port can migrate to native MSTP mode and use RST MST BPDUS for transmission 4 26 Multiple Instance Spanning Tree Operation Configuring MSTP Syntax spanning tree port list gt hello time lt global 1 10 When the switch is the CIST root this parameter specifies the interval in seconds be
239. ments 00 0 cece eee eee eee 1 3 Command Prompts 00 0 cece eee eee n 1 3 Screen Simulations 0 ccc ccc cee eee cece ences 1 4 Port Identity Examples 00 c cece eee 1 4 Configuration and Operation Examples 0 0 5 1 4 Keys susct ree T parem aes uates Varela stetur 1 4 Sources for More Information seseeess 1 5 Getting Documentation From the Web sessesssss 1 7 Online Help 43 ue RE REID eue RR READ Rees 1 7 Need Only a Quick Start 0 0 0 0 ccc cc enn 1 8 IP Addressing oboe eil ere e b hte Erie ea 1 8 To Set Up and Install the Switch in Your Network 1 9 Physical Installation seeeeeeeeeeee eh 1 9 1 1 Getting Started Introduction Caution Introduction This Management and Configuration Guide is intended for use with the following switches m ProCurve Switch 2900 24G m ProCurve Switch 2900 48G This guide describes how to use the command line interface CLI Menu interface and web browser to configure manage monitor and troubleshoot switch operation For an overview of other product documentation for the above switches refer to Product Documentation on page ix You can download documentation from the ProCurve Networking Web Site WWW procurve com Use only the supported genuine ProCurve mini GBICs with your switch Non ProCurve mini GBICs are not supported Conv
240. mer com mand as shown ProCurve config spanning tree bpdu protection timeout 120 4 35 Multiple Instance Spanning Tree Operation Configuring MSTP Syntax no spanning tree bpdu protection timeout timeout Configures the duration of time protected ports remain disabled The default value of 0 zero sets an infinite timeout that is ports that are disabled are not by default re enabled automatically Note This is a GLOBAL command Range 0 65535 seconds Default 0 You can also set the timeout in the MIB with this MIB object hpSwitchStpBpduProtectionTimeout Showing Ports Configured with PVST Protection and Filtering To show which ports are configured for PVST protection enter this command ProCurve config show spanning tr pvst protection ProCurve config show spanning tree pvst protection Status and Counters PVST Port s BPDU Protection Information BPDU Protection Timeout sec 0 PVST Protected Ports 5 6 Figure 4 12 Example of Show Spanning tree Command Displaying All Ports with PVST Protection Enabled To show which ports are configured for PVST filtering enter this command ProCurve config show spanning tr pvst filter ProCurve config show spanning tree pvst filter Status and Counters PVST Port s BPDU Filter Information PVST Filtered Ports 8 Figure 4 13 Example of Show Spanning tree Command Displaying All Ports with PVST Filt
241. mple of an MSTP instance configured on a ProCurve switch other than the Series 3500 5400 6200 2900 Only VLANs 1 5 and 7 are included in the instance ProCurve config show spanning tree mst config Configuration Identifier Information Configuration Name MSTP1 T Configuration Revision 1 l Configuration Digest 0x51B7EBA6BEED8702D2BA4497D4367517 Mapped VLANs Instance ID Mapped VLANs 1 1 10 Figure 4 16 An Example of Mapping VLANs with the Range Option where all VLANs are Included The Configuration Digest value in Figure 4 17 is not the same as in Figure 4 16 indicating that these switches do not operate in the same instance The Common Spanning Tree CST will still have the correct root associations ProCurve config show spanning tree mst config MST Configuration Identifier Information MST Configuration Name MSTP1 MST Configuration Revision 1 MST Configuration Digest 0x89D3ADV471668D6D832F 6EC4AA9CF 4AA IST Mapped VLANs Instance ID Mapped VLANs Figure 4 17 Example of Mapping VLANs on Switches other than ProCurve Series 3500 5400 6200 2900 4 50 Multiple Instance Spanning Tree Operation Configuring MSTP Operating Notes for the VLAN Configuration Enhancement Configuring MSTP on the switch automatically configures the Internal Spanning Tree IST instance and places all statically and dynamically configured VLANs on the switch int
242. mple of the Stack Management Screen 2 Press A for Add to add a Candidate You will then see this screen listing the available Candidates Pacific Ocean Seeesssssseese5 CONSOLE MANAGER MODE 22522222222 2 2 2 22 2 22 222 22222 Stacking Stack Management Switch Number Jj lt The Commander automatically selects an MAC Address available switch number SN You have the Candidate Password option of assigning any other available number Candidate MAC System Name Device Type mm Candidate List O060b0 e94300 DEFAULT CONFIG 3500y1 O80009 918f80 DEFAULT CONFIG 3500y1 Actions gt Cancel Edit Save Help Use arrow keys to change field selection Space to toggle field choices and Enter to go to Actions Figure 6 10 Example of Candidate List in Stack Management Screen 3 Either accept the displayed switch number or enter another available number The range is 0 15 with 0 reserved for the Commander 4 Usethe downarrow key to move the cursor to the MAC Address field then type the MAC address of the desired Candidate from the Candidate list in the lower part of the screen 5 Doone ofthe following 6 18 Stack Management Configuring Stack Management e If the desired Candidate has a Manager password press the downarrow key to move the cursor to the Candidate Password field then type the password e If the desir
243. ms This section describes how to configure the switch for voice VLAN operation Operating Rules for Voice VLANs m Youmuststatically configure voice VLANs GVRP and dynamic VLANs do not support voice VLAN operation m Configure all ports ina voice VLAN as tagged members of the VLAN This ensures retention ofthe QoS Quality of Service priority included in voice VLAN traffic moving through your network m Ifa telephone connected to a voice VLAN includes a data port used for connecting other networked devices such as PCs to the network then you must configure the port as atagged member of the voice VLAN and a tagged or untagged member of the data VLAN you want the other net worked device to use 2 55 Static Virtual LANs VLANs Special VLAN Types Components of Voice VLAN Operation m Voice VLAN s Configure one or more voice VLANs on the switch Some reasons for having multiple voice VLANs include e Employing telephones with different VLAN requirements e Better control of bandwidth usage e Segregating telephone groups used for different exclusive purposes Where multiple voice VLANs exist on the switch you can use routing to communicate between telephones on different voice VLANS m Tagged Untagged VLAN Membership If the appliances using a voice VLAN transmit tagged VLAN packets then configure the member ports as tagged members of the VLAN Otherwise configure the ports as untagged members Voice VLAN QoS Prioriti
244. munity Names Community Names specifically configured in the switch public the default public the default If Member Switch 2 ceases to be a stack Member it gray loses membership in all SNMP communities Member Switch 2 If Member Switch 3 ceases to be a stack Member it IP Addr None loses membership in the blue and red communities but because it has its own IP addressing retains Community Names membership in the public and gray communities none Figure 6 37 Example of SNMP Community Operation with Stacking SNMP Management Station Access to Members Via the Commander To use a management station for SNMP Get or Set access through the Commander s IP address to a Member you must append sw lt switch number to the community name For example in figure 6 37 you would use the following command in your management station to access Switch 1 s MIB using the blue community snmpget MIB variable 10 31 29 100 blue swl Note that because the gray community is only on switch 3 you could not use the Commander IP address for gray community access from the management station Instead you would access switch 3 directly using the switch s own IP address For example snmpget MIB variable 10 31 29 15 gray 6 43 Stack Management Configuring Stack Management Note that in the above example figure 6 37 you cannot use the public community through the Commander to a
245. n Ocean 35n0 yl Member Up In this stack the only SNs in use are 0 and 1 Note When manually adding a switch you must assign an SN so you can use any SN number from 2through However if the Commander automatically adds a new Member 15 for new Members The SN of 0 is always it assigns an SN from the available pool of unused SNs reserved for the stack Commander Figure 6 28 Example of How To Determine Available Switch Numbers SNs To display all discovered Candidates with their MAC addresses execute show stack candidates from the Commander s CLI For example to list the discov ered candidates for the above Commander ProCurve config show stack candidates Stack Candidates Candidate MAC System Name Device Type MAC addresses O030c1 b24ac0 North Sea 350071 of discovered SCC Qu E 0060b0 df1a00 DEFAULT CONFIG 3500yl Figure 6 29 Example of How To Determine MAC Addresses of Discovered Candidates Knowing the available switch numbers SNs and Candidate MAC addresses you can proceed to manually assign a Candidate to be a Member of the stack Syntax stack member lt switch number gt mac address lt mac addr gt password lt password str gt 6 36 Stack Management Configuring Stack Management For example if the switch in the above listing did not have a Manager password and you wanted to make it a stack Member with an SN of 2 you would execute the following command ProCurve config
246. n page 5 10 Assigning a Priority Based on Layer 3 Protocol This option assigns an 802 1p priority to outbound packets having the speci fied Layer 3 protocol Syntax qos protocol lt ip l ipx arp appletalk sna netbeui gt priority lt 0 7 gt Configures an 802 1p priority for outbound packets having the specified protocol This priority determines the packet s queue in the outbound port to which it is sent If the packet leaves the switch on a tagged port it carries the 802 1p priority with it to the next down stream device You can configure one QoS classifier for each protocol type Default No override no qos protocol lt ip l ipx arp appletalk sna netbeui gt Disables use of the specified protocol as a QoS classifier and resets the protocol priority to No override show qos protocol Lists the QoS protocol classifiers with their priority settings For example 1 Configure QoS protocol classifiers with IP at 0 normal ARP at 5 medium and AppleTalk at 7 high and display the QoS protocol con figuration 2 Disable the QoS IP protocol classifier downgrade the ARP priority to 4 and again display the QoS protocol configuration Figure 5 20 shows the command sequence and displays for the above steps 5 41 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic ProCurve config ProCurve confi
247. n their default configurations unless the proposed changes have been supplied by an experienced network administrator who has a strong understanding of the IEEE 802 1D w s standards and operation MST Regions All MSTP switches in a given region must be configured with the same VLANs Also each MSTP switch within the same region must have the same VLAN to instance assignments A VLAN can belong to only one instance within any region Within a region m All of the VLANs belonging to a given instance compose a single active spanning tree topology for that instance m Fach instance operates independently of other regions 4 9 Multiple Instance Spanning Tree Operation 802 1s Multiple Spanning Tree Protocol MSTP Between regions there is a single active spanning tree topology How Separate Instances Affect MSTP Operation Assigning different groups of VLANs to different instances ensures that those VLAN groups use independent forwarding paths For example in figure 4 3 each instance has a different forwarding path Path through IST Instance to Other Regions Switch 1 IST Root VLAN Memberships e IST Instance VLANs 1 2 e MSTI A 4 5 e MSTI B 7 9 Blocks redundant Blocks redundant link for MSTI B link for MSTI A Switch 2 Switch 3 MSTI A Root MSTI B Root VLAN Memberships VLAN Memberships IST Instance VLANs 1 2 Blocks redundant e IST Instance VLANs 1 2 e MSTI A 4 5 link for I
248. nd return to the VLAN Menu screen Static Virtual LANs VLANs Configuring VLANs If you changed the value for Maximum VLANs to support you will see an asterisk next to the VLAN Support option see below An asterisk indicates you must reboot the messsenszssssnzessssssssssss CONSOLE MANAGER MODE sscessscessesessesessesesess Switch to implement Switch Configuration VLAN Menu the new Maximum VLANs setting VLAN Support VLAN Names VLAN Port Assignment Return to Previous Menu Return to Main Menu O 8B UNH Displays the menu to activate and configure or deactivate VLAN support To select menu item press item number or highlight item and press lt Enter gt Needs reboot to activate changes Figure 2 13 VLAN Menu Screen Indicating the Need To Reboot the Switch e Ifyou changed the VLAN Support option you must reboot the switch before the Maximum VLANs change can take effect You can go on to configure other VLAN parameters first but remember to reboot the switch when you are finished e If you did not change the VLAN Support option a reboot is not necessary 4 Press 0 to return to the Main Menu Adding or Editing VLAN Names Use this procedure to add anew VLAN or to edit the name of an existing VLAN 1 From the Main Menu select 2 Switch Configuration 8 VLAN Menu 2 VLAN Names If multiple VLANs are not yet configured you will see a screen similar to figure 2 14
249. nd root port for each instance Determine the designated bridge and designated port for each LAN seg ment Determine which VLANS to assign to each instance and use port trunks with 802 1Q VLAN tagging where separate links for separate VLANs would result in a blocked link preventing communication between nodes on the same VLAN Refer to MSTP Operation with 802 1Q VLANs on page 4 11 4 17 Multiple Instance Spanning Tree Operation Configuring MSTP Note on MSTP Rapid State Transitions m Identify the edge ports connected to end nodes and enable the admin edge port setting for these ports Leave the admin edge port setting dis abled for ports connected to another switch a bridge or a hub Under some circumstances the rapid state transitions employed by MSTP can increase the rates of frame duplication and misordering in the switched LAN To allow MSTP switches to support applications and protocols that may be sensitive to frame duplication and misordering setting the Force Protocol Version force version parameter to stp compatible allows MSTP to operate with rapid transitions disabled The value ofthis parameter applies to all ports on the switch See the information on force version on page 4 21 MSTP Configuration Overview This section outlines the general steps for configuring MSTP via the CLI assuming that you have already determined the VLANs you want MSTP to use see Planning an MSTP Application on page
250. nfiguration 2 62 I inbound port QoS definition 5 6 IP gateway 2 47 traffic priority based on ToS field 5 29 5 41 IP type of service configuring priority 5 29 5 41 J jumbo packets GVRP 3 19 L legacy VLAN 2 12 loop protection 4 37 disable timer 4 37 send disable 4 37 show 4 38 transmit interval 4 38 trap 4 88 loop network 4 10 M MAC address duplicate 2 18 2 Index same for all VLANs 2 58 single forwarding database 2 18 MAC address per switch 2 18 MAC address per VLAN 2 18 management VLAN secure See also secure management VLAN maximum VLANs GVRP 3 18 mesh management VLAN 2 54 spanning tree 4 15 message VLAN already exists 2 39 MSTI configuration 4 39 MSTP instance mapping 4 48 preconfigure benefits 4 47 preconfigure topology 4 A7 preconfigure vlans in instance 4 48 saving current configuration 4 52 See spanning tree 802 1s vlan range option 4 49 multiple 2 18 multiple forwarding database 2 18 N non routable VLAN 2 54 O outbound port QoS definition 5 6 outbound port queue QoS changing the number of queues 5 63 definition 5 7 P path costs 802 1D STP versus RSTP and MSTP 4 16 configuring 802 1D STP pathcost values 4 22 port blocked by STP operation 4 10 loop 4 10 manually re enabling 4 35 monitoring
251. nfiguration for Another 4 45 MSTP VLAN Configuration Enhancement 4 47 PreConfiguring VLANs in an MST Instance 4 48 4 1 Multiple Instance Spanning Tree Operation Contents Configuring MSTP Instances with the VLAN Range Option 4 49 Operating Notes for the VLAN Configuration Enhancement 4 51 How to Save Your Current Configuration 4 52 Displaying MSTP Statistics and Configuration 4 54 Displaying Global MSTP Status 00 0 eee ee eee eee 4 55 Displaying Detailed Port Information 4 57 Displaying Status for a Specific MST Instance 4 58 Displaying the MSTP Configuration 4 59 Troubleshooting an MSTP Configuration 4 63 Displaying the Change History of Root Bridges 4 63 Displaying Debug Counters for All MST Instances 4 66 Displaying Debug Counters for One MST Instance 4 67 Displaying Debug Counters for Ports in an MST Instance 4 69 Field Descriptions in MSTP Debug Command Output 4 71 Troubleshooting MSTP Operation 2 0 ee eeee 4 74 4 2 Multiple Instance Spanning Tree Operation Overview Overview The switches covered in this guide use the IEEE 802 1s Multiple Spanning Tree Protocol MSTP standard MSTP Features 802 1s Spanning Tree Protocol Def
252. nfigure Quality of Service for Outbound Traffic 5 15 QoS UDP TGP Priority 2 el RIT GN be ae ete 5 15 Assigning an 802 1p Priority Based on TCP or UDP Port Number or Range of Port Numbers 5 16 Operating Notes on Using Port Ranges 5 17 Assigning a DSCP Policy Based on TCP or UDP Port Number or Range of Port Numbers 00002 eee ee eee 5 18 QoS IP Device Priority 00 0 ccc eee eee 5 23 Assigning a Priority Based on IP Address 5 24 Assigning a DSCP Policy Based on IP Address 5 25 QoS IP Type of Service ToS Policy and Priority 5 29 Assigning an 802 1p Priority to IPv4 Packets on the Basis of the ToS Precedence Bits 0 0 0 0 cee eee ee eee 5 30 Assigning an 802 1p Priority to IPv4 Packets on the Basis of Incoming DSCP 2 0 0 cee eee eee eee 5 31 5 1 Quality of Service QoS Managing Bandwidth More Effectively Contents Assigning a DSCP Policy on the Basis of the DSCP in IPv4 Packets Received from Upstream Devices 5 35 Details of QoS IP Type of Service 02 0 002 eee 5 38 QoS Protocol Priority 0 0 cc eee 5 41 Assigning a Priority Based on Layer 3 Protocol 5 41 QoS VLAN ID VID Priority sees eee ee 5 43 Assigning a Priority Based on VLAN ID s esee 5 43 Assigning a DSCP Policy Based on VLAN ID VID
253. ng Device Used in a Stacking Environment 6 7 Stack Management Introduction to Stack Management Specific Rules Table 6 2 Specific Rules for Commander Candidate and Member Switch IP Addressing and Number Allowed Passwords SNMP Communities Stack Name Per Stack Commander IP Addr Requiresan Only one The Commander s Manager Standard SNMP community assigned IP address Commander and Operator passwords are operation The Commander and mask for access switch is allowed assigned to any switch also operates as an SNMP via the network per stack becoming a Member of the proxy to Members for all Stack Name Required stack SNMP communities config If you change the ured in the Commander Commander s passwords the Commander propagates the new passwords to all stack Members Candidate IP Addr Optional n a Passwords optional If the Uses standard SNMP Configuring an IP Candidate becomes a stack community operation if the address allows access Member it assumes the Candidate has its own IP via Telnet or web Commander s Manager and addressing browser interface Operator passwords while the switch is not poda d ede If a candidate has a password aep e ates Igu it cannot be automatically E y e switch auto added to a stack In this case iP dd y ERI an if you want the Candidate in a a cn ABER stack you must manually add networkincludes it to the stack service Stack Name N A Member IP Addr Optional Up to 15 Members Wh
254. ng Multiple Forwarding Databases in a Multiple VLAN Environment Configuring VLANs Menu Configuring Port Based VLAN Parameters The Menu interface enables you to configure and view port based VLANs The Menu interface configures and displays only port based VLANs The CLI configures and displays port based and protocol based VLANs page 2 28 In the factory default state support is enabled for up to 256 VLANs You can reconfigure the switch to support up to 2048 vids up to 4094 VLANs Also inthe default configuration all ports on the switch belong to the default VLAN and are in the same broadcast multicast domain The default VLAN is also the default Primary VLAN refer to The Primary VLAN on page 2 46 In addition to the default VLAN you can configure additional static VLANs by adding new VLAN names and VIDs and then assigning one or more ports to each VLAN The maximum of 2048 VLANs includes the default VLAN all additional static VLANs you configure and any dynamic VLANs the switch creates if you enable GVRP page 3 1 Note that each port can be assigned to multiple VLANs by using VLAN tagging See 802 1Q VLAN Tagging on page 2 41 2 22 Note Static Virtual LANs VLANs Configuring VLANs To Change VLAN Support Settings This section describes Cancel change and return to previous screen Use arrow keys to change action selection and Enter to execute action Actions gt Chang
255. nge history for the root bridge in the specified MSTP topology The cst parameter displays the change history for the root bridge of a spanning tree network including MST regions and STP and RSTP bridges The ist parameter displays the change history for the root bridge in the IST instance of an MST region The mst instance id parameter displays the change history for the root bridge in an MST instance where lt instance id gt is an ID number from 1 to 16 Use the show spanning tree root history command to view the number and dates of changes in the assignment of a root bridge Possible intrusion into your MST network may occur if an unauthorized external device gains access to a spanning tree by posing as the root device in a topology To prevent an MST port connected to the device from being selected as the root port in a topology use the spanning tree root guard command The following examples show sample output of the show spanning tree root history command for different MSTP topologies Note that in each example the root bridge ID is displayed in the format lt priority mac address gt Where m lt priority gt isthe MSTP switch priority calculated for one of the following e The IST regional root switch using the spanning tree priority command e An MSTI root switch using the spanning tree instance priority command m lt mac address gt is the MAC address of the root bridge switch 4 64 Multiple Instance Spannin
256. nisters the CIST root bridge for the network the root bridge for each region and the root bridge for each spanning tree instance in each region Common Spanning Tree CST The CST administers the connectivity among the MST regions STP LANs and RSTP LANs in a bridged network MST Region An MST region comprises the VLANs configured on physically connected MSTP switches All switches in a given region must be configured with the same VLANs the same Multiple Spanning Tree Instances MSTIs and the same MST configuration identifiers Internal Spanning Tree IST The IST administers the topology within a given MST region When you configure a switch for MSTP operation the switch automatically includes all of the static VLANs configured on the switch in a single active spanning tree topology instance within the IST This is termed the IST instance Any VLANs you subsequently configure on the switch are added to this IST instance To create separate forwarding paths within a region group specific VLANs into different Multiple Spanning Tree Instances MSTIs Refer to Multiple Spanning Tree Instance MSTI below Types of Multiple Spanning Tree Instances A multiple spanning tree network comprises separate spanning tree instances existing in an MST region There can be multiple regions in a network Each instance defines a single forwarding topology for an exclusive set of VLANs By contrast an STP or RSTP network has only on
257. nning configuration In addition to setting the number of outbound port queues the new configuration will remove any previously configured bandwidth min output settings For example to change the number of outbound priority queues for all ports on the switch from eight queues to four 1 Specify the number of outbound priority queues to be configured using the qos queue config command ProCurve config qos queue config 4 queues A caution message appears see Caution above for details concluding with the following prompt Do you wish to proceed Proceed Cancel 2 Type Proceed to continue A second confirmation prompt appears Please confirm reset Yes Cancel 3 Type Yes to initiate a write memory followed by an immediate reboot entering Cancel at either of the two prompts will cancel the command and maintain the current queue configuration on the switch The changes will be committed to the startup configuration and the switch will reboot automatically with the new priority queue changes in effect see Table 5 12 on page 5 63 for a listing of the default GMB percentages that are allocated per queue 5 64 Quality of Service QoS Managing Bandwidth More Effectively QoS Queue Configuration Viewing the QoS Queue Configuration To display the current priority queue configuration and memory allocations per queue use the show qos queue config command ProCurve show qos queue config 802 1p Queue Priority
258. nt is in use as a DSCP policy for another diffserv codepoint you must disable or redirect the other diffserv codepoint s DSCP policy before you can disable or change the codepoint For example in figure 5 14 you cannot change the priority for the 000000 codepoint until you redirect the DSCP policy for 000001 away from using 000000 as a policy Refer to Notes on Changing a Priority Setting on page 5 58 Refer also to Differentiated Services Codepoint DSCP Mapping on page 5 55 show qos type of service Displays current Type of Service configuration In diffserv mode it also shows the current direct 802 1p assignments and the current DSCP assignments covered later in this section For example an edge switch A in an untagged VLAN assigns a DSCP of 000110 on IP packets it receives on port A6 and handles the packets with high priority 7 When these packets reach interior switch B you want the switch to handle them with the same high priority To enable this operation you would Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic configure an 802 1p priority of 7 for packets received with a DSCP of 000110 and then enable diff services ProCurve config show qos type of service Type of Service Disabled Disabled DM Codepoint DSCP Policy Priority T Executingthis command displays the current ToS configuration and
259. nt is on Red VLAN but the DHCP server is on Blue VLAN the client will not receive an IP address See figure 2 35 DHCP Server Red VLAN is the Management VLAN and the client is on Red VLAN The DHCP server is on Blue VLAN The client does not receive an IP address Red VLAN Blue VLAN Figure 2 35 Example of Client on Different Management VLAN from DHCP Server 5 IfBlue VLAN is configured as the Management VLAN the client is on Blue VLAN and the DHCP server is on Blue VLAN the client receives an IP address Blue VLAN is the Management VLAN and the client is on Blue VLAN The DHCP server is on Blue VLAN The client receives an IP address Red VLAN Blue VLAN Client Figure 2 36 Example of DHCP Server and Client on the Management VLAN 2 53 Static Virtual LANs VLANs Special VLAN Types Note Deleting the Management VLAN You can disable the Secure Management feature without deleting the VLAN itself For example either of the following commands disables the Secure Management feature in the above example ProCurve config no management vlan 100 ProCurve config no management vlan my vlan Operating Notes for Management VLANs Use only a static port based VLAN for the Management
260. nu To Manage a Candidate Switch Using the Commander To Manage The Stack Using the Commander To Access Member Switches for Configuration Changes and Monitoring Traffic Converting a Commander or Member to a Member of Another Stack r a ios rb eren e e ter Monitoring Stack Status sse Using the CLI To View Stack Status and Configure Stacking Using the CLI To View Stack Status Lees Using the CLI To Configure a Commander Switch Adding to a Stack or Moving Switches Between Stacks Using the CLI To Remove a Member from a Stack Using the CLI To Access Member Switches for Configuration Changes and Traffic Monitoring 004 SNMP Community Operation ina Stack Using the CLI To Disable or Re Enable Stacking Transmission Interval 0 00 cece cece eee eee Stacking Operation with Multiple VLANs Configured Status Messages Index Product Documentation Note About Your Switch Manual Set The switch manual set includes the following documentation Read Me First a printed guide shipped with your switch Provides software update information product notes and other information Installation and Getting Started Guide a printed guide shipped with your switch This guide explains how to prepare for and perform the physical installation and connect the
261. o VLAN 22 Actions gt Cancel Edit Save Help All other ports are assigned onlytothe Default VLAN Select the tagging mode for the port VLAN combination Use arrow keys to change field selection lt Space gt to toggle field choices and lt Enter gt to go to Actions Figure 2 17 Example of Port Based VLAN Assignments for Specific Ports For information on VLAN tags Untagged and Tagged refer to 802 1Q VLAN Tagging on page 2 41 d Ifyouare finished assigning ports to VLANs press Enter and then S for Save to activate the changes you ve made and to return to the Configuration menu The console then returns to the VLAN menu 3 Return to the Main menu CLI Configuring Port Based and Protocol Based VLAN Parameters In the factory default state all ports on the switch belong to the port based default VLAN DEFAULT_VLAN VID 1 and are in the same broadcast multicast domain The default VLAN is also the Primary VLAN For more on this topic refer to The Primary VLAN on page 2 46 You can configure up to 255 additional static VLANs by adding new VLAN names and then assigning one or more ports to each VLAN The switch accepts a maximum of 2048 vids numbered up to 4094 VLANs including the default VLAN and any dynamic VLANs the switch creates if you enable GVRP Refer to chapter 3 GVRP Note that each port can be assigned to multiple VLANs by using VLAN tagging See 802 1Q VL
262. o 1 This may occur if the receiving bridge is located too far from the MSTI regional root bridge beyond the configured size of the MST region on the MSTI regional root bridge or if a BPDU packet with invalid MSTI regional root bridge information is continuously circulating between bridges in an MST region and needs to be aged out This counter is maintained on a per MSTI per port basis Topology Changes Detected Number of times that a Topology Change event is detected by the CIST or MSTI port and the port triggers a topology change propagation throughout the network A Topology Change event occurs when a non edge port enters forwarding state This counter is maintained on a per CIST per port and on a per MSTI per port basis Topology Changes Tx Number of times that Topology Change information is propagated sent out through the port to the rest of the network For a CIST port the counter is the number of times that a CFG RST or MST BPDU with the TC flag set is transmitted out of the port For an MSTI port the counter is the number of times that a MSTI configuration message with the TC flag set is transmitted out of the port This counter is maintained on a per CIST per port and on a per MSTI per port bases Topology Changes Rx Number of times that Topology Change information is received from the peer port For a CIST port the counter is the number of times that a CFG RST or MST BPDU with the TC flag set is received
263. o or if GVRP is enabled to Auto untagged lt port list gt Configures the indicated port s as Untagged for the specified VLAN The no version sets the port s to either No or if GVRP is enabled to Auto 2 38 Note Static Virtual LANs VLANs Configuring VLANs forbid port list gt Used in port based VLANs to configures lt port list gt as forbidden to become a member of the specified VLAN as well as other actions Does not operate with protocol VLANs The no version sets the port s to either No or if GVRP is enabled to Auto Refer to chapter 3 GVRP in this guide auto lt port list gt Available if GVRP is enabled on the switch Returns the per port settings for the specified VLAN to Auto operation Note that Auto is the default per port setting for a static VLAN if GVRP is running on the switch For information on dynamic VLAN and GVRP operation refer to chapter 3 GVRP in this guide For example suppose you have a VLAN named VLAN100 with a VID of 100 and all ports are set to No for this VLAN To change the VLAN name to Blue Team and set ports Al A5 to Tagged you would use these commands ProCurve config vlan 100 name Blue Team ProCurve config vlan 100 tagged al a5 To move to the vlan 100 context level and execute the same commands ProCurve config vlan 100 ProCurve vlan 100 name Blue Team ProCurve vlan 100
264. o override been assigned an 000101 No override 802 1p priority level 000110 No override C 000111 No overrids Figure 5 9 Display the Current DSCP Map Configuration 5 27 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic 2 Configure the priorities for the DSCPs you want to use ProCurve config qos dscp map 000111 priority 7 ProCurve config qos dscp map 000101 priority 5 ProCurve configi qos dscp map 000010 priority 1 ProCurve config f show qos dscp map DSCP 802 p priority mappings DSCP policy 802 1p tag Policy name 000000 No override 000001 No override C 000010 1 000011 No override 000100 No override DSCP Policies Configured in this step Cno0i01 D 000110 No override Canniii D 001000 No override Figure 5 10 Assigning 802 1p Priorities to the Selected DSCPs 9 Assignthe DSCP policies to the selected device IP addresses and display the result ProCurve config gos device priority 10 28 31 1 dscp 000111 ProCurve config qos device priority 10 28 31 130 dscp 000101 ProCurve config qos device priority 10 28 31 100 dscp 000010 ProCurve config qos device priority 10 28 31 101 dscp 000010 ProCurve config f show qos device priority Device priorities Device Address Apply rule DSCP Priority T 10 29 31 1 000111 10 28 31 130 10 28 31 100 10 28 3
265. o the IST instance The spanning tree instance vlan command creates a new MST instance and moves the VLANs you specify from the IST to the MSTI You must map a least one VLAN ID to an MSTI when you create it You cannot map a VLAN ID to more than one instance You can create up to 16 MSTIs in a region The noform ofthe spanning tree instance vlan command removes one or more VLANs from the specified MSTI If no VLANs are specified the no form of the command deletes the specified MSTI When you remove a VLAN from and MSTI the VLAN returns to the IST instance where it can remain or be re assigned to another MSTI config ured in the region If you enter the spanning tree instance vlan command before a static or dynamic VLAN is configured on the switch to preconfigure VLAN ID to MSTI mappings no error message is displayed Later each newly configured VLAN that has already been associated with an MSTI is automatically assigned to the MSTI This new default behavior differs from automatically including configured static and dynamic VLANs in the IST instance and requiring you to manually assign individual static VLANs to an MSTI The valid VLAN IDs that you can map to a specified MSTI are from 1 to 4094 The VLAN ID to MSTI mapping does not require a VLAN to be already configured on the switch The MSTP VLAN enhancement allows you to preconfigure MSTP topologies before the VLAN IDs associated with each instance exist on a switch When you
266. oS prioritization ProCurve config no vlan 20 qos ProCurve config f show qos vlan In this instance No override indicates that VLAN 20 is not VLAN priorities prioritized by QoS VLAN ID Apply rule DSCP Priority T Priority No override No override Priority 5 Priority 7 Figure 5 23 Returning a QoS Prioritized VLAN to No override Status Assigning a DSCP Policy Based on VLAN ID VID This option assigns a previously configured DSCP policy codepoint and 802 1p priority to outbound IP packets having the specified VLAN ID VID That is the switch 1 Selects an incoming IP packet on the basis of the VLAN ID it carries 2 Overwrites the packet s DSCP with the DSCP configured in the switch for such packets 3 Assigns the 802 1p priority configured in the switch for the new DSCP Refer to Differentiated Services Codepoint DSCP Mapping on page 5 55 4 Forwards the packet through the appropriate outbound port queue For more on DSCB refer to Terminology on page 5 6 5 45 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic Note Steps for Creating a Policy Based on VLAN ID Classifier 1 Determine the VLAN ID classifier to which you want to assign a DSCP policy 2 Determine the DSCP policy for packets carrying the selected VLAN ID a Determine the DSCP you want to as
267. onfig loop protect port list 4 37 Multiple Instance Spanning Tree Operation Configuring MSTP Syntax no loop protect port list receiver action send disable no disable gt transmit interval 1 10 disable timer 0 604800 trap loop detected Allows you to configure per port loop protection on the switch receiver action send disable no disable gt Sets the action to be taken when a loop is detected on the port The port that received the loop protection packet determines what action is taken If send disable is configured the port that transmitted the packet is disabled If no disable is con figured the port is not disabled Default send disable trap lt loop detected gt Allows you to configure loop protection traps The loop detected trap indicates that a loop was detected on a port disable timer lt 0 604800 gt How long in seconds a port is disabled when a loop has been detected A value of zero disables the auto re enable function ality Default Timer is disabled transmit interval lt 1 10 gt Allows you to configure the time in seconds between the transmission of loop protection packets Default 5 seconds To display information about ports with loop protection enter this command Syntax show loop protect port list Displays the loop protection status If no ports are specified the information is displayed only for the ports that have loop p
268. ontrol 002 0 e eee eee 3 11 Advertisements and Dynamic Joins 0000 e eee 3 11 Port Leave From a Dynamic VLAN 0 0 eee eee eee 3 11 Planning for GVRP Operation 00 0 e eee eee ee 3 12 Configuring GVRP On a Switch sseeess 3 13 Menu Viewing and Configuring GVRP 0065 3 13 CLI Viewing and Configuring GVRP 02 0 00 3 14 Web Viewing and Configuring GVRP 2 0 200s 3 18 GVRP Operating Notes 0 0 ccc ccc eee eens 3 18 4 Multiple Instance Spanning Tree Operation Contents Seed asada et oes ce Ri eis ee IRA Mein Ra ees 4 1 Overview o oeo a ei RR eel Y un p eee ee 4 3 802 1s Multiple Spanning Tree Protocol MSTP 4 6 MSTP Structure oc aes See CU RE IN RR ee 4 7 How MSTP Operates 00 0 cece cece eee eee 4 9 MST R gions oe o e eL eR bs e 4 9 Regions Legacy STP and RSTP Switches and the Common Spanning Tree CST usseeseesee eese 4 11 MSTP Operation with 802 1Q VLANs sese 4 11 Terminology nete eI eene rentes rete RT n n enden 4 12 Operating Rule8 perineen vinenn Ba les Ba dtu wld Barked EH 4 14 MSTP Compatibility with RSTP or STP sssessss 4 16 Configuring MSTP seeee en 4 17 Planning an MSTP Application lesse 4 17 MSTP Configuration Overview seeeeeeee ene 4 18
269. operate on a per VLAN basis This means you must configure such features separately for each VLAN in which you want them to operate Default VLAN You can rename the default VLAN but you cannot change its VID 1 or delete it from the switch VLAN Port Assignments Any ports not specifically removed from the default VLAN remain in the DEFAULT VLAN regardless of other port assignments Also a port must always be a tagged or untagged member of at least one port based VLAN Voice Over IP VoIP VoIP operates only over static port based VLANs Multiple VLAN Types Configured on the Same Port A port can simultaneously belong to both port based and protocol based VLANs Protocol Capacity A protocol based VLAN can include up to four protocol types In protocol VLANs using the IPv4 protocol ARP must be one of these protocol types to support normal IP network operation Otherwise IP traffic on the VLAN is disabled If you configure an IPv4 Static Virtual LANs VLANs VLAN Operating Rules protocol VLAN that does not already include the ARP VLAN protocol the switch displays this message ProCurve config f vlan 97 protocol ipv4 Caution IPv4 assigned without ARP undeliverable IP packets Indicates a protocol VLAN configured with IPv4 but not ARP Deleting Static VLANs On the switches covered in this guide you can delete a VLAN regardless of whether there are currently any ports belong ing to that VLAN The ports are mov
270. optional if a priority has already been assigned to the lt codepoint gt The command creates a DSCP policy by assigning an 802 1p priority to a specific DSCP When the switch applies this policy to a packet the priority determines the packet s queue in the outbound port to which itis sent If the packet leaves the switch on a tagged port it carries the 802 1p priority with it to the next downstream device For IPv4 packets the DSCP will be replaced by the codepoint specified in this command Default No override for most codepoints See table 5 9 on page 5 56 Syntax no qos lt udp port tcp port gt lt portnum l range lt start gt lt end gt gt gt lt priority lt 0 7 gt dscp lt codepoint gt gt Assigns a DSCP policy to outbound packets having the specified TCP or UDP application port number and overwrites the DSCP in these packets with the assigned lt codepoint gt value This policy includes an 802 1p priority and determines the packet s queue in the out bound port to which it is sent The lt codepoint gt must be configured with an 802 1p setting See step 3 on page 5 19 If the packet leaves the switch on a tagged port it carries the 802 1p priority with it to the next down stream device Default No override A port range can be from 1 to 65535 inclusive ports or any subset thereof See Operating Notes on Using Port Ranges on page 5 17 The minimum port number must precede the maximum port n
271. or disable GVRP disabled page 3 13 page 3 15 page 3 18 enable or disable GVRP on enabled page 3 13 page 3 15 mE individual ports control how individual ports Learn page 3 13 page 3 15 page 3 18 handle advertisements for new VLANs convert a dynamic VLAN to a n a page 3 17 static VLAN configure static VLANs DEFAULT VLAN page 2 22 page 2 28 page 2 40 VID 1 GVRP GARP VLAN Registration Protocol is an application of the Generic Attribute Registration Protocol GARP GVRP is defined in the IEEE 802 1Q standard and GARP is defined in the IEEE 802 1D 1998 standard To understand and use GVRP you must have a working knowledge of 802 1Q VLAN tagging Refer to chapter 2 Static Virtual LANs VLANS GVRP uses GVRP Bridge Protocol Data Units GVRP BPDUs to adver tise static VLANs In this manual a GVRP BPDU is termed an advertisement Advertisements are sent outbound from ports on a switch to the devices directly connected to those ports GVRP enables the switch to dynamically create 802 1Q compliant VLANs on links with other devices running GVRP This enables the switch to automati cally create VLAN links between GVRP aware devices A GVRP link can include intermediate devices that are not GVRP aware This operation reduces the chances for errors in VLAN configuration by automatically pro viding VLAN ID VID consistency across the network That is you can use GVRP to propagate VLANs to other GVRP aw
272. ore you can configure a policy for prioritizing packets by IP address If a codepoint you want to use shows No override in the Priority column of the DSCP map show qos dscp map then you must assign a 0 7 priority before proceeding On the switches covered in this guide DSCP policies cannot be applied to IPv4 packets having IP options For more information on packet criteria and restrictions refer to 5 13 on page 5 66 4 Configure the switch to assign the DSCP policy to packets with the specified IP address Syntax qos dscp map lt codepoint gt priority lt 0 7 gt This command is optional if a priority is already assigned to the codepoint The command creates a DSCP policy by assigning an 802 1p priority to a specific DSCP When the switch applies this policy to a packet the priority determines the packet s queue in the outbound port to which it is sent If the packet leaves the switch on a tagged port it carries the 802 1p priority with it to the next downstream device If the packet is IPv4 the packet s DSCP will be replaced by the codepoint specified in this command Default For most codepoints No override See figure 5 9 on page 5 56 Syntax qos device priority ip address gt dscp lt codepoint gt Assigns a DSCP policy to packets carrying the specified IP address and overwrites the DSCP in these packets with the assigned lt codepoint gt value This policy includes an 802 1p priority and det
273. ority lt 0 7 gt name lt ascii string gt Configures an 802 1p priority for the specified codepoint and optionally an identifying policy name no qos dscp map codepoint Reconfigures the 802 1p priority for lt codepoint gt to No over ride Also deletes the codepoint policy name if configured no qos dscp map lt codepoint gt name Deletes only the policy name if configured for lt codepoint gt 5 55 Quality of Service QoS Managing Bandwidth More Effectively Differentiated Services Codepoint DSCP Mapping Table 5 9 The Default DSCP Policy Table 000000 000001 000010 000011 000100 000101 000110 000111 001000 001001 001010 001011 001100 001101 001110 001111 010000 010001 010010 010011 010100 010101 DSCP Policy 802 1p Priority No override No override No override No override No override No override No override No override No override No override 1 No override 1 No override 2 No override No override No override 0 No override 0 No override DSCP Policy 802 1p Priority 010110 010111 011000 011001 011010 011011 011100 011101 011110 011111 100000 100001 100010 100011 100100 100101 100110 100111 101000 101001 101010 3 No override No override No override 4 No override 4 No override 5 No override No override No override 6 No override 6 No override 7 No override No override No override No override
274. oth Direct 802 1p Priority Assignment and DSCP Policy Assignment 5 34 Note Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic Assigning a DSCP Policy on the Basis of the DSCP in IPv4 Packets Received from Upstream Devices The preceding section describes how to forward a policy set by an edge or upstream switch This option changes a DSCP policy in an IPv4 packet by changing its IP ToS codepoint and applying the priority associated with the new codepoint A DSCP policy consists of a differentiated services codepoint and an associated 802 1p priority You can use this option concurrently with the diffserv 802 1p priority option above as long as the DSCPs specified in the two options do not match To use this option to configure a change in policy 1 Identify a DSCP used to set a policy in packets received from an upstream or edge switch 2 Create anew policy by using qos dscp map lt codepoint gt priority 0 7 gt to configure an 802 1p priority for the codepoint you will use to overwrite the DSCP the packet carries from upstream For more on this topic refer to Differentiated Services Codepoint DSCP Mapping on page 5 55 3 Use qos type of service diff services incoming DSCP dscp outgoing DSCP gt to change the policy on packets coming from the edge or upstream switch with the specified incoming DSCP Figu
275. owest unassigned number in the Member range 1 15 0 is reserved for the Commander 6 21 Stack Management Configuring Stack Management To remove a Member from a stack use the Stack Management screen 1 From the Main Menu select 9 Stacking 4 Stack Management You will then see the Stack Management screen Pacific Ocean DRE Forstatus descriptions CONSOLE MANAGER MODE Seethetableonpage Stacking Stack Management 6 45 Device Type Status Stack Member List North Atlantic 3500y1 Member Up 3 0060b0 e94300 Big Waters 3 3500y 1 Member Up Actions gt Add Edit Delete Help Return to prev Use up down arrow keys to change record selection left right arrow keys to change action selection and lt Enter gt to execute action Figure 6 13 Example of Stack Management Screen with Stack Members Listed 2 Use the downarrow key to select the Member you want to remove from the stack SN Mac Address System Name Device Type Status 1 O060b0 dfia00 Coral Sea 080009 8c5080 North Atlantic D060b0 e94300 Big Waters 3 Member Up Member Up Member Up Figure 6 14 Example of Selecting a Member for Removal from the Stack 3 Type D for Delete to remove the selected Member from the stack You will then see the following prompt Continue Deletion of record Use up down arrow keys to change record selection left right arrow keys to change action select
276. pecified source port s for QoS classi fier s and resets the priority for the specified source port s to No override Syntax show qos port priority Lists the QoS port priority classifiers with their priority data For example suppose that you want to prioritize inbound traffic on the following source ports Source Port Priority A1 A3 2 A4 3 B1 B4 5 C1 C3 6 You would then execute the following commands to prioritize traffic received on the above ports ProCurve config interface e cl c3 qos priority 6 ProCurve config interface e bl b4 qos priority 5 ProCurve config interface e a4 qos priority 3 ProCurve config f interface e al a3 qos priority 2 ProCurve config show qos port priority Port priorities Port Apply rule DSCP Priority Radius Overrj Priority Priority Priority Priority Priority No override o override No override No override Priority Priority Priority Priority No override No override o override No override No override No override No override No override Figure 5 27 Configuring and Displaying Source Port QoS Priorities 5 50 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic If you then decided to remove port A1 from QoS prioritization ProCurve config no interface e al qos ProCurve config f show qos port priority Port priorities Inthis instance No
277. perate as part of the same single spanning tree topology The switch does not allow dynamic VLANs in an MSTI When you enable MSTP on the switch the default MSTP spanning tree configuration settings comply with the values recommended in the IEEE 802 1s Multiple Spanning Tree Protocol MSTP standard Note that inappro priate changes to these settings can result in severely degraded network performance For this reason ProCurve strongly recommends that changing these default settings be reserved only for experienced network administra tors who have a strong understanding of the IEEE 802 1D w s standards and operation How MSTP Operates In the factory default configuration spanning tree operation is off Also the switch retains its currently configured spanning tree parameter settings when disabled Thus if you disable spanning tree then later re enable it the param eter settings will be the same as before spanning tree was disabled The switch also includes a Pending feature that enables you to exchange MSTP config urations with a single command Refer to Enabling an Entire MST Region at Once or Exchanging One Region Configuration for Another on page 4 45 The switch automatically senses port identity and type and automatically defines spanning tree parameters for each type as well as parameters that apply across the switch Although these parameters can be adjusted ProCurve strongly recommends leaving these settings i
278. port a member of an untagged port based VLAN Yes Drop the packet Forward the packet on that protocol VLAN Forward the packet on the port based VLAN Figure 2 7 Untagged VLAN Operation Drop the packet Tagged Packet Forwarding If a port is a tagged member of the same VLAN as an inbound tagged packet received on that port then the switch forwards the packet to an outbound port on that VLAN To enable the forwarding of tagged packets any VLAN to which the port belongs as a 2 16 Static Virtual LANs VLANs General Steps for Using VLANs tagged member must have the same VID as that carried by the inbound tagged packets generated on that VLAN Port X receives an inbound tagged Packet From VLAN A Is port X atagged Drop the member of packet VLAN A Forward the packetto any port Note that the outbound Y on VLAN A port can be either a for outbound tagged or untagged transmission member of the VLAN Figure 2 8 Tagged VLAN Operation See also Multiple VLAN Considerations on page 2 18 General Steps for Using VLANs 1 Planyour VLAN strategy and create a map ofthe logical topology that will result from configuring VLANs Include consideration for the interaction between VLANs and other features such as Spanning Tree Protocol port trunking and IGMP Refer to Effect of VLANs on O
279. ptionally configure the time interval to use for sending heartbeat packets with the configured MAC address Syntax no ip recv mac address lt mac address gt interval seconds ip recv mac address lt mac address gt Configures a VLAN interface with the specified MAC address Enter the no version of the command to remove the configured MAC address and return to the original MAC address of the ProCurve switch interval lt seconds gt Optional Configures the time interval in seconds used between transmissions of heartbeat packets to all network devices configured on the VLAN Valid values are from one to 255 seconds The default is 60 seconds Operating Notes m The ip recv mac address command allows you to configure only one MAC address for a specified VLAN If you re enter the command to configure another MAC address the previously configured MAC address is overwrit ten m Enter the no form of the command to remove a configured MAC address and restore the default MAC address of the ProCurve switch m When you configure a VLAN MAC address you may also specify a heart beat interval The interval seconds parameter is optional m After you configure a VLAN MAC address e IP router and MAC ARP replies to other VLAN devices contain the user defined MAC address as the Ethernet sender hardware address e Outbound VLAN traffic contains the ProCurve MAC address not the configured MAC address as the source MAC address in
280. r Management VLAN 2 Plan your Management VLAN topology to use ProCurve switches that support this feature Refer to page 2 47 The ports belonging to the Management VLAN should be only the following e Ports to which you will connect authorized management stations such as Port A in figure 2 30 e Ports on one switch that you will use to extend the Management VLAN to ports on other ProCurve switches such as ports Al and B2 or B4 and C2 in figure 2 30 on page 2 49 2 49 Static Virtual LANs VLANs Special VLAN Types Note Hubs dedicated to connecting management stations to the Management VLAN can also be included in the above topology Note that any device connected to a hub in the Management VLAN will also have Management VLAN access 3 Configure the Management VLAN on the selected switch ports 4 Testthe management VLAN from all of the management stations autho rized to use the Management VLAN including any SNMP based network management stations Ensure that you include testing any Management VLAN links between switches If you configure a Management VLAN on a switch by using a Telnet connection through a port that is not in the Management VLAN then you will lose management contact with the switch if you log off your Telnet connection or execute write memory and reboot the switch Configuration Syntax no management vlan lt vlan id vlan name gt Configures an existing VLAN as the management VLAN
281. r packets carry ing a specified VLAN ID include m 802 1p priority m DSCP policy Assigning a new DSCP and an associated 802 1p priority inbound packets must be IPv4 For operation when other QoS classifiers apply to the same traffic refer to Classifiers for Prioritizing Outbound Packets on page 5 10 QoS with VID priority applies to static VLANs only and applying QoS to dynamic VLANs created by GVRP operation is not supported A VLAN must exist while a subject of a QoS configuration and eliminating a VLAN from the switch causes the switch to clear any QoS features configured for that VID Assigning a Priority Based on VLAN ID This option assigns a priority to all outbound packets having the specified VLAN ID VID You can configure this option by either specifying the VLAN ID ahead of the qos command or moving to the VLAN context for the VLAN you want to configure for priority Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic Syntax vlan lt vid qos priority 0 7 Configures an 802 1p priority for outbound packets belong ing to the specified VLAN This priority determines the packet s queue in the outbound port to which it is sent If the packet leaves the switch on a tagged port it carries the 802 1p priority with it to the next downstream device You can configure one QoS classifier for each VLAN ID Default No over
282. r regions All MSTP switches as well as STP and RSTP switches in a network use BPDUs Bridge Protocol Data Units to exchange information from which to build multiple active topologies in the individual instances within a region and between regions From this information m The MSTP switches in each LAN segment determine a designated bridge and designated port or trunk for the segment m TheMSTP switches belonging to a particular instance determine the root bridge and root port or trunk for the instance m For the IST instance within a region the MSTP switches linking that region to other regions or to STP or RSTP switches determine the IST root bridge and IST root port or trunk for the region For any Multiple Spanning Tree instance MSTI in a region the regional root may be a different switch that is not necessarily connected to another region m The MSTP switches block redundant links within each LAN segment across all instances and between regions to prevent any traffic loops As a result each individual instance spanning tree within a region deter mines its regional root bridge designated bridges and designated ports or trunks Regions Legacy STP and RSTP Switches and the Common Spanning Tree CST The IST instance and any MST instances in a region exist only within that region Where a link crosses a boundary between regions or between a region and a legacy STP or RSTP switch traffic is forwarded or blocked
283. r six bits of the ToS Type of Service byte in IP packets There are 64 possible codepoints In the default QoS configuration for the switches covered in this guide some codepoints are configured with default 802 1p priority settings for Assured Forwarding and Expedited Forwarding All other codepoints are unused and listed with No override for a priority A DSCP configured with a specific 802 1p priority 0 7 Default No override Using a DSCP policy you can configure the switch to assign priority to IP packets That is for an IP packet identified by the specified classifier you can assign a new DSCP and an 802 1p priority 0 7 For more on DSCP refer to Details of QoS IP Type of Service on page 5 38 For the DSCP map see figure 5 17 on page 5 39 In the QoS context this is a switch that receives traffic from the edge of the LAN or from outside the LAN and forwards itto devices within the LAN Typically an edge switch is used with QoS to recognize packets based on classifiers such as TCP UDP application type IP device address Protocol LAN VLAN ID VID and Source Port although it can also be used to recognize packets on the basis of ToS bits Usingthis packet recognition the edge switch can be usedto set802 1p priorities or DSCP policies that downstream devices will honor Any port on the switch through which traffic enters the switch In an IPv4 packet optional these are extra fields in the packet header The upper th
284. rbid Note For GVRP Operation If you enable GVRP on the switch No converts to Auto which allows the VLAN to dynamically join an advertised VLAN that has the same VID See Per Port Options for Dynamic VLAN Advertising and Joining on page 3 9 Untagged VLANs Only one untagged VLAN is allowed per port Also there must be at least one VLAN assigned to each port In the factory default configuration all ports are assigned to the default VLAN DEFAULT VLAN For example if you want ports A4 and A5 to belong to both DEFAULT VLAN and VLAN 22 and ports A6 and A7 to belong only to VLAN 22 you would use the settings in figure page 2 28 This example assumes the default GVRP setting disabled and that you do not plan to enable GVRP later 2 27 Static Virtual LANs VLANs Configuring VLANs mzmzmzsmzmzsszssszszesssszssssezs CONSOLE MANAGER MODE 2222222s2s222e2e22ee22222222222 Switch Configuration VLAN VLAN Port Assignment Port DEFAULT VLAN VLAN 22 Port DEFAULT VLAN VLAN 22 AL Untagged No A8 Untagged No A2 Untagged No 49 Untagged No Ports A4 and A5 are 43 Untagged No 410 Untagged No i a4 Untagged Tagged ii Untagged No assigned to both as Untagged Tagged 412 Untagged No VLANs 6 No Untagged A13 Untagged No Ports A6 and A7 are a7 No 214 Untagged No assigned only t
285. re 5 13 on page 5 31 illustrates this scenario On the switches covered in this guide DSCP policies codepoint re marking cannot be applied to outbound IPv4 packets having IP options The 802 1p priority in the VLAN tag is applied For more information on packet criteria and restrictions refer to 5 13 on page 5 66 5 85 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic Syntax qos type of service diff services Enables ToS diff services Syntax qos type of service diff services lt current codepoint gt dscp lt new codepoint gt Configures the switch to select an incoming IP packet carry ing the lt current codepoint gt and then use the lt new codepoint gt to assign a new previously configured DSCP policy to the packet The policy overwrites the lt current codepoint gt with the lt new codepoint gt and assigns the 802 1p priority specified by the policy Use the qos dscp map command to define the priority for the DSCPs page 5 55 Syntax no qos type of service Disables all ToS classifier operation Current ToS DSCP policies and priorities remain in the configuration and will become available if you re enable ToS diff services Syntax no qos type of service diff services lt codepoint gt Deletes the DSCP policy assigned to the lt codepoint gt and returns the lt codepoint gt to the 802 1p priority setting
286. red because they do not interrupt the normal opera tion of client devices connected on the segment Because the aging time of destination addresses in MAC address tables varies on network devices you must also configure a time interval to use for sending heartbeat packets Heartbeat packets are sent at periodic intervals with a specific ProCurve unicast MAC address in destination field This MAC address is assigned to ProCurve and is not used by other non ProCurve routers Because the heart beat packet contains a unicast MAC address it does not interrupt host operation Even if you have multiple ProCurve switches connected to the network there is no impact on network performance because each switch sends heartbeat packets with its configured MAC address as the destination address The format of a heartbeat packet is an extended Ethernet OUI frame with an extended OUI Ethertype 88B7 and a new protocol identifier in the 5 octet protocol identifier field 2 62 Static Virtual LANs VLANs Migrating Layer 3 VLANs Using VLAN MAC Configuration Configuring a VLAN MAC Address with Heartbeat Interval When installing ProCurve routing switches in the place of existing routers in a network configuration you can achieve Layer 3 VLAN migration by using the ip recv mac address command at the VLAN configuration level to m Configure the MAC address of the previously installed router on each VLAN interface of a ProCurve routing switch m O
287. ree bits in the Type of Service ToS field of an IP packet Version 4 of the IP protocol A packet leaving the switch through any LAN port Any port on the switch through which traffic leaves the switch Quality of Service QoS Managing Bandwidth More Effectively Introduction Term outbound port queue re marking DSCP re marking tagged port membership Type of Service ToS byte upstream device Use in This Document For any port a buffer that holds outbound traffic until it can leave the switch through that port By default there are eight outbound queues for each port in the switch Queue 8 is the highest priority queue queue 1 is the lowest priority queue Traffic in a port s high priority queue leaves the switch before any traffic in the port s medium or low priority queues Assigns a new QoS policy to an outbound packet by changing the DSCP bit settings in the ToS byte Identifies a port as belonging to a specific VLAN and enables VLAN tagged packets belonging to that VLAN to carry an 802 1p priority setting when outbound from that port Where a port is an untagged member of a VLAN outbound packets belonging to that VLAN do not carry an 802 1p priority setting Comprised of a three bit high order precedence field and a five bit low order Type of Service field Later implementations may use this byte as a six bit high order Differentiated Services field and a two bit low order reserved field Se
288. ride Syntax no vlan lt vid gt qos Removes the specified VLAN ID as a QoS classifier and resets the priority for that VLAN to No override Syntax show qos vlan priority Displays a listing of the QoS VLAN ID classifiers currently in the running config file with their priority data 1 For example suppose that you have the following VLANs configured on the switch and want to prioritize them as shown ProCurve config show vlan Status and Counters VLAN Information Maximum VLANs to support 8 Primary VL N DEFAULT VL N 802 10 VL N ID Name Status Set Priority To 2 pudet Set Priority To 5 VLAN 20 Static ED VLAN 30 Static Set Priority T07 4 40 VLAN 40 Static DEFAULT VLAN Static Figure 5 21 Example of a List of VLANs Available for QoS Prioritization 5 44 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic 2 You would then execute the following commands to prioritize the VLANs by VID ProCurve config vlan 1 qos priority 2 ProCurve config vlan 20 qos priority 5 ProCurve config vlan 30 qos priority 5 ProCurve config vlan 40 qos priority 7 ProCurve config show qos vlan VL N priorities VLAN ID Apply rule DSCP Priority Priority Priority Priority Priority Figure 5 22 Configuring and Displaying QoS Priorities on VLANs If you then decided to remove VLAN_20 from Q
289. ring identical VLAN ID to MSTI mappings on all switches in an MST region you can combine switches that support different maximum numbers of VLANs m Network stability You can reduce the interruptions in network connec tivity caused by the regeneration of spanning trees in the entire network each time a configuration change in VLAN to MSTI mapping is detected on a switch The negative impact on network performance is reduced if all newly created VLANs are pre mapped to the correct MST instances Later VLAN creation and deletion are ignored by MSTP and no interrup tion in spanning tree traffic occurs m Usability Dynamically learned GVRP VLANs can be mapped to MSTIs and support MSTP load balancing PreConfiguring VLANs in an MST Instance When you configure an MSTP regional topology you create multiple spanning tree instances Each MST instance provides a fully connected active topology for a particular set of VLANs Each switch in an MSTP region is configured with the following set of common parameters m Region name spanning tree config name m Region revision number spanning tree config revision m Identical VLAN ID to MSTI mapping spanning tree instance vlan Each MST instance supports a different set of VLANs A VLAN that is mapped to an MST instance cannot be a member of another MST instance The MSTP VLAN configuration enhancement allows you to ensure that the same VLAN ID to MSTI assignments exist on each MSTP switch in
290. riority multiplier of 3 results in this line in the show running output spanning tree A2 priority 3 Syntax spanning tree lt port list gt root guard MSTP only When a port is enabled as root guard it cannot be selected as the root port even if it receives superior STP BPDUs The port is assigned an alternate port role and enters a blocking state if it receives superior STP BPDUS A superior BPDU contains better information on the root bridge and or path cost to the root bridge which would normally replace the current root bridge selection The superior BPDUs received on a port enabled as root guard are ignored All other BPDUs are accepted and the external devices may belong to the spanning tree as long as they do not claim to be the Root device Use this command on MSTP switch ports that are connected to devices located in other administrative network domains to Ensure the stability of the core MSTP network topology so that undesired or damaging influences external to the network do not enter Protect the configuration of the CIST root bridge that serves as the common root for the entire network Default The root guard setting is disabled 4 28 Caution Multiple Instance Spanning Tree Operation Configuring MSTP Syntax spanning tree port list gt tcn guard When tcn guard is enabled for a port it causes the port to stop propagating received topology change notifications and topo
291. riority settings map to outbound queues 5 9 priority settings mapped to downstream devices 5 9 queue configuration 5 62 type of service screen 5 29 5 41 VLAN ID priority 5 43 5 49 quick start 1 8 R reboot 3 12 redundant path 4 10 region 4 10 See spanning tree 802 1s revision number 4 14 root history 4 63 routing non routable VLAN 2 54 S secure management VLAN 2 47 secure management VLAN DNS not affected setup screen 1 8 single forwarding database 2 18 spanning tree 802 1s See spanning tree 802 1s blocked link 4 12 blocked port 4 10 broadcast storm 4 3 enabling MSTP 4 45 MSTP See spanning tree 802 1s VLAN effect on 2 57 spanning tree config name 4 48 config revision 4 48 instance vlan 4 47 4 48 root history 4 63 spanning tree 802 1s 4 4 4 6 802 1D and 802 1w connections 4 15 802 1D as a region 4 13 4 15 Index 3 802 1Q VLANs 4 11 802 1s standard compliant 4 6 802 1w as a region 4 13 active path 4 10 active paths 4 15 bandwidth loss 4 11 benefit 4 6 blocked traffic 4 11 boundary port region 4 13 4 14 boundary port VLAN membership 4 11 BPDU 4 11 4 18 4 21 4 22 4 26 BPDU requirement 4 14 BPDU function 4 13 bridge 4 13 bridge designated for region 4 14 caution 4 6 4 9 CIST 4 8 4 13 4 14 CIST per port hello ti
292. rity This option selects an incoming IPv4 packet on the basis of its codepoint and assigns a new codepoint and corresponding 802 1p priority Use the qos dscp map command to specify a priority for any codepoint page 5 55 e Assign an 802 1p Priority This option reads the DSCP of an incoming IPv4 packet and without changing this codepoint assigns the 802 1p priority to the packet as configured in the DSCP Policy Table page 5 55 This means that a priority value of 0 7 must be configured for a DSCP before the switch will attempt to perform a QoS match on the packet s DSCP bits Before configuring the ToS Diffserv mode you must use the dscp map command to configure the desired 802 1p priorities forthe codepoints you want to use for either option This command is illustrated in the following examples and is described under Differentiated Services Codepoint DSCP Mapping on page 5 55 Unless IP Precedence mode and Diffserv mode are both disabled the default setting enabling one automatically disables the other For more on ToS operation refer to Details of QoS IP Type of Service on page 5 38 5 29 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic Assigning an 802 1p Priority to IPv4 Packets on the Basis of the ToS Precedence Bits If a device or application upstream of the switch sets the precedence bits in the ToS byte of IPv4 pack
293. rm a broadcast domain that is separate from other VLANs that may be configured on the switch Ona given switch packets are bridged between source and destination ports that belong to the same VLAN Thus all ports passing traffic for a particular subnet address should be configured to the same VLAN Cross domain broadcast traffic in the switch is eliminated and bandwidth is saved by not allowing packets to flood out all ports Table 2 1 Comparative Operation of Port Based and Protocol Based VLANs IP Addressing Port Based VLANs Usually configured with at least one unique IP address You can create a port based VLAN with out an IP address However this limits the switch features available to ports on that VLAN Refer to How IP Addressing Affects Switch Operation in the chapter Configuring IP Addressing in the Management and Configuration Guide for the switch You can also use multiple IP addresses to create multiple subnets within the same VLAN For more on this topic refer to the chapter on Configuring IP Addressing in the Management and Configuration Guide for the switch Protocol Based VLANs You can configure IP addresses on all protocol VLANs However IP addressing is used only on IPv4 and IPv6 protocol VLANs Restrictions When you configure an IP address on a VLAN interface the following restrictions apply Loopback interfaces share the same IP address space with VLAN configurations The max
294. rol e Port security operation with MAC based control e Authorized IP Manager security e Key Management System KMS 1 6 Getting Started Sources for More Information Getting Documentation From the Web 1 Goto the ProCurve Networking Web Site at Www procurve com 2 Click on Technical support Click on Product manuals 4 Click on the product for which you want to view or download a manual Online Help If you need information on specific parameters in the menu interface refer to the online help provided in the interface For example LmIz z lL L Ll l l ll l l l l ll lll l ll CONSOLE MANAGER MODE 2222zzzzzzzzzz z Switch Configuration Internet IP Service Default Gateway 10 35 204 1 Default TTL 64 IP Config DHCP Bootp Manual IP Address 10 35 204 104 Subnet Mask 255 255 240 0 Online Help Y for Menu ctions Cancel Edit Save Display help information Use arrow keys to change action selection and Enter to execute action If you need information on a specific command in the CLI type the command name followed by help For example Getting Started Need Only a Quick Start ProCurve write help Usage write lt memory terminal gt Description View or save the running configuration of the switch write terminal displays the running configuration of the switch on the terminal write memory saves the running configuration
295. rotec tion enabled 4 38 Multiple Instance Spanning Tree Operation Configuring MSTP ProCurve config show loop protect 1 4 Status and Counters Loop Protection Information Transmit Interval sec Port Disable Timer sec Loop Detected Trap Loop Loop Loop Time Rx Port Protection Detected Count Since Last Loop Action Status Yes No send disable Up Yes No send disable Up Yes No send disable Up Yes No send disable Up Figure 4 15 Example of Show Loop Protect Display Configuring MST Instance Parameters When you enable MSTP on the switch a spanning tree instance is enabled automatically The switch supports up to sixteen configurable MST instances for each VLAN group that you want to operate as an active topology within the region to which the switch belongs When creating an instance you must include a minimum of one VID You can add more VIDs later if desired Command Page no spanning tree instance lt 1 16 gt vlan lt vid vid vid 4 26 no spanning tree instance 1 16 spanning tree instance lt 1 16 gt priority lt 0 15 gt 4 40 4 39 Multiple Instance Spanning Tree Operation Configuring MSTP Syntax no spanning tree instance 1 16 gt vlan vid vid vid gt no spanning tree instance 1 16 Configuring MSTP on the switch automatically configures the IST instance and places all statically and dynamically configured VLANs on the swi
296. rotocol based VLAN See above Note A given VLAN must have the same VID on all 802 10 compliant devices in which the VLAN occurs Also the ports connecting two 802 10 devices should have identical VLAN configurations 2 43 Static Virtual LANs VLANs 802 10 VLAN Tagging m fall end nodes on a port comply with the 802 1Q standard and are configured to use the correct VID then you can configure all VLAN assignments on a port as Tagged if doing so either makes it easier to manage your VLAN assignments or if the authorized inbound traffic for all VLANs on the port will be tagged For a summary and flowcharts of untagged and tagged VLAN operation on inbound traffic refer to the following under VLAN Operating Rules on pages 2 14 through 2 17 e Inbound Tagged Packets e Untagged Packet Forwarding and figure 2 7 e Tagged Packet Forwarding and figure 2 8 Example Inthe following network switches X and Y and servers S1 S2 and the AppleTalk server are 802 1Q compliant Server S3 could also be 802 1Q compliant but it makes no difference for this example This network includes both protocol based AppleTalk VLANs and port based VLANs AT1 Protocol VLAN Untagged AppleTalk System System Server Server S1 Server S2 Red VLAN Untagged Green VLAN Tagged X1 X2 Green VLAN Only Switch System xi 4 Y Server S3 X6 Red VLAN Untagged
297. rt No OperEdgePort No AdminPointToPointMAC Force True OperPointToPointMAC Yes Aged BPDUs Count 0 Loop back BPDUs Count 2 20 TC ACK Flag Transmitted 0 TC ACK Flag Received 0 l l l l l l I l MST MST CFG CFG TCN TCN l BPDUs Tx BPDUs RX BPDUs TX BPDUs Rx BPDUs Tx BPDUs Rx 7 l 0 0 0 0 Figure 4 22 Example of CST Port Information using Show Spanning Tree Detail Command Note This command gives information about the CST only To view details of specific MST Instances use the show spanning tree instance commands 4 57 Multiple Instance Spanning Tree Operation Displaying MSTP Statistics and Configuration Displaying Status for a Specific MST Instance The following commands display the MSTP statistics for a specified MST instance Syntax show spanning tree instance ist 1 16 gt This command displays the MSTP statistics for either the IST instance or a mumbered MST instance running on the switch Syntax show spanning tree instance lt ist 1 16 gt detail This command displays status on all active ports for a specific instance of MSTP Syntax show spanning tree lt port list instance lt ist 1 16 gt detail This command displays detailed status for the designated port s for a specific instance of MSTP Switch l config show spanning tree instance 1 MST Instance Informat
298. rve Switch 802 10 Compliant Server Figure 2 3 Example of Overlapping VLANs Using the Same Server Similarly using 802 1Q compliant switches you can connect multiple VLANs through a single switch to switch link Static Virtual LANs VLANs Static VLAN Operation Red Server Blue Server The same link carries Red X a VLAN and Blue VLAN traffic Red ProCurve ProCurve Red VLAN Swi Switch VLAN Red VLAN Figure 2 4 Example of Connecting Multiple VLANs Through the Same Link Introducing Tagged VLAN Technology into Networks Running Legacy Untagged VLANs You can introduce 802 1Q compliant devices into net works that have built untagged VLANs based on earlier VLAN technology The fundamental rule is that legacy untagged VLANs require a separate link for each VLAN while 802 1Q or tagged VLANs can combine several VLANs in one link This means that on the 802 1Q compliant device separate ports config ured as untagged must be used to connect separate VLANs to non 802 1Q devices The legacy non 802 1Q compliant switch requires a separate link for each VLAN LAN tagging Red Red Server enables the Link to VLAN carry Red VLAN and Blue Server Blue VLAN Traffic Red VLAN Non 802 10 ProCurve ProCurve Red Switch Switch Sw
299. ry if you want to make the VLAN permanent on the switch Syntax static vlan vlan id Converts a dynamic port based VLAN membership to a static port based VLAN membership Allows port based VLANs only For this command lt vlan id gt refers to the VID of the dynamic VLAN membership Use show vlan to help identify the VID you need to use This command requires that GVRP is running on the switch and a port is currently a dynamic member of the selected VLAN After you convert a dynamic VLAN to static you must configure the switch s per port participation in the VLAN in the same way that you would for any static VLAN For GVRP and dynamic VLAN operation refer to chapter 3 GVRP For example suppose a dynamic VLAN with a VID of 125 exists on the switch The following command converts the VLAN to a port based static VLAN ProCurve config static vlan 125 Configuring Static VLAN Per Port Settings The vlan vlan id com mand used with the options listed below changes the name of an existing static VLAN and changes the per port VLAN membership settings You can use these options from the configuration level by beginning the command with vlan lt vid gt or from the context level of the specific VLAN by just typing the command option Syntax no vlan lt vid gt tagged port list Configures the indicated port s as Tagged for the specified VLAN The no version sets the port s to either N
300. ry msti Command Output 4 65 Multiple Instance Spanning Tree Operation Troubleshooting an MSTP Configuration Displaying Debug Counters for All MST Instances The show spanning tree debug counters command allows you to display the aggregate values of all MSTP debug counters that are maintained on a switch These aggregate values are a summary of the information collected from all ports and from all spanning tree instances that forward traffic on switch ports Use the displayed diagnostic information to globally monitor MSTP operation on a per switch basis Syntax show spanning tree debug counters This command displays debug counters for MSTP activity on all ports configured for VLANs used in spanning tree instances The following example shows sample output of the show spanning tree debug counters command for all ports For a description of each counter refer to Table 4 1 on page 4 71 ProCurve config show spanning tr debug counters Status and Counters MSTP Bridge Common Debug Counters Information Counter Name Aggregated Value Collected From Invalid BPDUs 0 CIS Errant BPDUs CIS 1 ST Config Error BPDUS CIS 1 Looped back BPDUs CIS Starved BPDUs MSTI MSGs CIS Exceeded Max Age BPDUs GIS Exceeded Max Hops BPDUs MSTI MSGs CIS Topology Changes Detected CIS Topology Changes Tx CTS Topology Changes Rx CTS Topology Change ACKs Tx CIS Topology Change ACKs Rx CIS TCN BPD TX CISTI TCN BPD Rx CIS CFG BPD
301. s the switch 1 Selectsan incoming IPv4 packet on the basis ofthe source or destination IP address it carries 2 Overwrites the packet s DSCP with the DSCP configured in the switch for such packets and assigns the 802 1p priority configured in the switch for the new DSCP Refer to Differentiated Services Codepoint DSCP Mapping on page 5 55 3 Forwards the packet through the appropriate outbound port queue For more on DSCP refer to Terminology on page 5 6 Steps for Creating a Policy Based on IP Address This procedure cre ates a DSCP policy for IPv4 packets carrying the selected IP address source or destination l Identify the IP address to use as a classifier for assigning a DSCP policy 2 Determine the DSCP policy for packets carrying the selected IP address Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic Notes b Determine the DSCP you want to assign to the selected packets This codepoint will be used to overwrite the DSCP carried in packets received from upstream devices Determine the 802 1p priority you want to assign to the DSCP 3 Configure the DSCP policy by using dscp map to configure the priority to the codepoint you selected in step 2a For details refer to Differentiated Services Codepoint DSCP Mapping on page 5 55 A codepoint must have an 802 1p priority assignment 0 7 bef
302. s in the default VLAN priorities state while VLANs 22 and 33 have been configured for 802 1p and DSCP Policy priorities respectively VLAN ID Apply rule DSCP Priority No override No override Priority 0 DSCP 000010 6 Figure 5 3 Example of the Show QoS Output for VLAN Priority 5 14 Note Note Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic Using QoS Classifiers to Configure Quality of Service for Outbound Traffic QoS Feature Default Reference UDP TCP Priority Disabled page5 15 IP Device Priority Disabled page 5 23 IP Type of Service Priority Disabled page 5 29 VLAN ID Priority Disabled page 5 43 Source Port Priority Disabled page 5 49 In addition to the information in this section on the various QoS classifiers refer to QoS Operating Notes and Restrictions on page 5 66 QoS UDP TCP Priority QoS Classifier Precedence 1 When you use UDP or TCP and a layer 4 Application port number as a QoS classifier traffic carrying the specified UDP TCP port number s is marked with the UDP TCP classifier s configured priority level without regard for any other QoS classifiers in the switch You can have up to 50 UDP TCP application port numbers as QoS classifiers UDP TCP QoS applications are supported for IPv4 packets only For more information on packet type restrictions refer to Details of
303. s instance command when applied to the Common and Internal Span ning Tree CIST instance default MST instance 0 in the network For a description of each counter refer to Table 4 1 on page 4 71 4 67 Multiple Instance Spanning Tree Operation Troubleshooting an MSTP Configuration ProCurve config show spanning tree debug counters instance 0 Status and Counters CIST Common Debug Counters Information MST Instance ID Counter Name Aggregated Value Collected From Invalid BPDUs 0 Port Errant BPDUS Por ST Config Error BPDUS Port Looped back BPDUs Por Starved BPDUs Por Exceeded Max Age BPDUs Exceeded Max Hops BPDUs Topology Changes Detected Topology Changes Tx Topology Changes Rx Topology Change ACKs Tx Topology Change ACKs Rx TCN DU Tx TCN Us Rx CFG Us T CFG U RST RST MST MST x Q0 oo0oo0000 O0 Figure 4 32 Example of show spanning tree debug counters instance Command Output for All Ports in the CIST Instance 4 68 Multiple Instance Spanning Tree Operation Troubleshooting an MSTP Configuration Displaying Debug Counters for Ports in an MST Instance The show spanning tree debug counters instance ports command allows you to display the aggregate values of all MSTP debug counters maintained on one or more ports used by a specified spanning tree instance These aggregate values are a summary of information collected from the specified ports that have VLANs
304. s no effect on the normal operation of the switch in your network m A stack requires one Commander switch Only one Commander allowed per stack m All switches in a particular stack must be in the same IP subnet broadcast domain A stack cannot cross a router m A stack accepts up to 16 switches numbered 0 15 including the Commander always numbered 0 m The stacking feature supports up to 100 switches in the same IP subnet broadcast domain however a switch can belong to only one stack In the event that the 100 switch limit is exceeded it may take multiple attempts to add or move a member to any given stack Once a member is added to a stack it is not forgotten by the Commander m The stack status all command will display up to 100 devices Devices that are not members of a given stack may periodically drop out of the list m If multiple VLANs are configured stacking uses only the primary VLAN on any switch In the factory default configuration the DEFAULT VLANisthe primary VLAN See Stacking Operation with Multiple VLANs Configured on page 6 44 and The Primary VLAN on page 2 46 m Stacking allows intermediate devices that do not support stacking This enables you to include switches that are distant from the Commander Commander Switch Switch with Stacking Candidate Switch Disabled or Not Available a Member Switch Figure 6 3 Example of a Non Stacki
305. s of traffic usage A dynamic VLAN is an 802 1Q compliant VLAN membership that the switch temporarily creates on a port to provide a link to another port in the same VLAN on another device This chapter describes static VLANs configured for port based or protocol based operation Static VLANs are configured with a name VLAN ID number VID and port members For dynamic VLANs refer to chapter 3 GVRP By default the switches covered in this guide are 802 1Q VLAN enabled and allow up to 2048 static and dynamic VLANs The default static VLAN setting is 8 802 1Q compatibility enables you to assign each switch port to multiple VLANS if needed 2 4 Static Virtual LANs VLANs Introduction Types of Static VLANs Available in the Switch Port Based VLANs This type of static VLAN creates a specific layer 2 broadcast domain com prised of member ports that bridge IPv4 traffic among themselves Port Based VLAN traffic is routable on the switches covered in this guide Protocol Based VLANs This type of static VLAN creates a layer 3 broadcast domain for traffic of a particular protocol and is comprised of member ports that bridge traffic of the specified protocol type among themselves Some protocol types are routable on the switches covered in this guide Refer to table 2 1 on page 2 7 Designated VLANs The switch uses these static port based VLAN types to separate switch management traffic from other network traffic
306. s parameter informs the switch of the type of device to which a specific port connects Force True default Indicates a point to point link to a device such as a switch bridge or end node Force False Indicates a connection to a hub which is a shared LAN segment Auto Causes the switch to set Force False on the port if it is not running at full duplex Connections to hubs are half duplex 4 27 Multiple Instance Spanning Tree Operation Configuring MSTP Syntax spanning tree lt port list gt priority lt priority multiplier gt MSTP uses this parameter to determine the port s to use for forwarding The port with the lowest priority number has the highest priority for use The range is 0 to 240 and is configured by specifying a multiplier from 0 15 When you specify a priority multiplier of O 15 the actual priority assigned to the switch is priority multiplier x 16 For example if you configure 2 as the priority multiplier on a given port then the actual Priority setting is 32 Thus after you specify the port priority multiplier the switch displays the actual port priority and not the multiplier in the show spanning tree or show spanning tree port list displays You can view the actual multiplier setting for ports by executing show running and looking for an entry in this format spanning tree lt port list gt priority lt priority multiplier gt For example configuring port A2 with a p
307. s priority determines the packet s queue in the outbound port to which it is sent If the packet leaves the switch on a tagged port it carries the 802 1p priority with it to the next downstream device A port range can be from 1 to 65535 inclusive ports or any subset thereof See Operating Notes on Using Port Ranges below The minimum port number must precede the maximum port number in the range Default Disabled The no form of the command deletes the specified UDP or TCP port number or range of port numbers as a QoS classifier Note If you have specified a range of port numbers you must specify the entire range in the no command you cannot remove part of a range 5 16 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic show qos tcp udp port priority Displays a listing of all TCP and UDP QoS classifiers currently in the running config file Operating Notes on Using Port Ranges You can only have 6 concurrent policies when using unique ranges You cannot have ranges that include any port numbers that have been configured as part of another QoS application port number policy m An error message is generated if there are not enough hardware resources available when configuring a policy You must specify the entire range of configured port numbers when using the no form of the command for example ProCurve con
308. s section gives an overview of QoS operation and benefits and describes how to configure QoS in the console interface Quality of Service is a general term for classifying and prioritizing traffic throughout a network That is QoS enables you to establish an end to end traffic priority policy to improve control and throughput of important data You can manage available bandwidth so that the most important traffic goes first For example you can use Quality of Service to m Upgrade or downgrade traffic from various servers m Control the priority of traffic from dedicated VLANs or applications m Change the priorities of traffic from various segments of your network as your business needs change m Set priority policies in edge switches in your network to enable traffic handling rules across the network Edge Switch Honor Priority Downstream Honor New Priority Classify inbound traffic Switch on these Class of Downstream Tagged WANS on some Downstream Service CoS types Switch or all inbound and Switch P device address Tagged VLANs on outbound ports Tagged VLANS on at e Protocol LAN inbound and outbound Classify inbound traffic least some inbound e VLAN ID VID ports on CoS types ports e Source Port Traffic arrives with Change priority on Traffic arrives with the A priority set by edge selected CoS type s priority set in the VLAN Apply 802 1p priority to switch tag Carry priority selected outbound Forward with
309. s the VID assigned to that VLAN For a dynamic VLAN the name consists of GVRP_x where x matches the applicable VID Status Port Based Port Based static VLAN Protocol Protocol Based static VLAN Dynamic Port Based temporary VLAN learned through GVRP Refer to chapter 3 GVRP in this guide Voice Indicates whether a port based VLAN is configured as a voice VLAN Refer to Voice VLANs on page 2 55 Jumbo Indicates whether a VLAN is configured for Jumbo packets For more on jumbos refer to the chapter titled Port Traffic Controls in the Management and Configuration Guide for your switch Port Information Lists the ports configured as members of the VLAN DEFAULT Shows whether a port is a tagged or untagged member of the listed VLAN Unknown VLAN Shows whether the port can become a dynamic member of an unknown VLAN for which it receives an advertisement GVRP must be enabled to allow dynamic joining to occur Refer to table 3 1 on page 3 8 Status Shows whether the port is participating in an active link Static Virtual LANs VLANs Configuring VLANs ProCurve config f show vlans 22 Status and Counters VLAN Information Ports VLAN 22 802 10 VLAN ID 22 Name VLAN22 Status Port based Voice Yes Jumbo No Port Information Mode Unknown VLAN Status Untagged Untagged Untagged Untagged Untagged Untagged Untagged Figure 2 21 Example of Show VLAN for a Specific Sta
310. shows that the selected No override DSCP is not currently in use 000000 000001 000000 000010 000011 000100 001001 The 000110 codepoint is unused No override 100101 No ov i and thus available for directly 000110 No override assigning an 802 1p priority 000111 No override without changing the packet s 001000 No override DSCP 001001 5 001010 1 Note All codepoints without a 001011 No override DSCP Policy entry are available for direct 802 1p priority assignment Figure 5 14 Example Showing Codepoints Available for Direct 802 1p Priority Assignments ProCurve config qos dscp map 000110 priority 7 ProCurve config qos type of service diff services ProCurve config show qos type of service Tvpe of Service Disabled Differentiated Services Codepoint DSCP Policy Priority 000000 000001 000000 000010 No override 000011 No override 000100 001001 5 000101 Co00110 000111 001000 001001 No override Outbound IP packets 7 with a DSCP of 000110 No override will have a priority of 7 No override 5 Notice that codepoints 000000 and 001001 are named as DSCP policies by other codepoints 000001 and 000110 respectively This means they are not available for changing to a different 802 1p priority Figure 5 15 Example of a Type of Service Configuration Enabling B
311. sifiers use the codepoint 2 Change the classifier configurations by assigning them to a different DSCP policy or to an 802 1p priority or to No override 3 Reconfigure the desired priority for the 000001 codepoint 4 Either reassign the classifiers to the 00001 codepoint policy or leave them as they were after step 2 above 5 58 Quality of Service QoS Managing Bandwidth More Effectively Differentiated Services Codepoint DSCP Mapping Error Messages caused by DSCP Policy Changes Refer to the following table on ways to fix errors that may be generated when configuring DSCP policy changes Message Meaning DSCP Policy decimal codepoint not You have attempted to map a QoS classifier to configured a codepoint for which there is no configured priority No override Use the qos dscp map command to configure a priority for the codepoint then map the classifier to the codepoint Cannot modify DSCP Policy lt codepoint in You have attempted to map a QoS classifier to use by other qos rules a codepointthatis already in use by other QoS classifiers Before remapping the codepoint to a new priority you must reconfigure the other QoS classifiers so that they do not use this codepoint You can have multiple QoS classifiers use this same codepoint as long as it is acceptable for all such classifiers to use the same priority Table 5 10 Error Messages Generated by DSCP Policy Changes Example of Changing the
312. sign to the selected packets This codepoint will be used to overwrite the DSCP carried in packets received from upstream devices b Determine the 802 1p priority you want to assign to the DSCP 3 Configure the DSCP policy by using qos dscp map to configure the priority for each codepoint For details see the example later in this section and to Differentiated Services Codepoint DSCP Mapping on page 5 55 A codepoint must have an 802 1p priority 0 7 before you can configure the codepoint for use in prioritizing packets by VLAN ID If a codepoint you want to use shows No override in the Priority column of the DSCP Policy table show qos dscp map then assign a priority before proceeding 4 Configure the switch to assign the DSCP policy to packets with the specified VLAN ID Syntax qos dscp map lt codepoint gt priority 0 7 gt This command is optional if a priority has already been assigned to the lt codepoint gt The command creates a DSCP policy by assigning an 802 1p priority to a specific DSCP When the switch applies this priority to a packet the priority determines the packet s queue in the outbound port to which it is sent If the packet leaves the switch on a tagged port it carries the 802 1p priority with it to the next downstream device If the packet is IPv4 the packet s DSCP will be replaced by the codepoint specified in this command Default For most codepoints No override See figure 5
313. some cabling and port VLAN assignment restrictions Table 2 5 illustrates the func tional difference between the two database types Table 2 5 Example of Forwarding Database Content Multiple Forwarding Database Single Forwarding Database MAC Address Destination Destination MAC Address Destination Destination VLAN ID Port VLAN ID Port 0004ea 84d9f4 1 Ab 0004ea 84d9f4 100 A9 0004ea 84d9f4 22 A12 0060b0 880af9 105 A10 0004ea 84d9f4 44 A20 0060b0 880a81 107 A17 0060b0 880a81 33 A20 This database allows multiple destinations This database allows only one destination for the same MAC address If the switch for a MAC address If the switch detects a detects a new destination for an existing new destination for an existing MAC entry MAC entry it just adds a new instance of it replaces the existing MAC instance with that MAC to the table a new instance showing the new destination Table 2 6 lists the database structure of current ProCurve switch models 2 18 Static Virtual LANs VLANs Multiple VLAN Considerations Table 2 6 Forwarding Database Structure for Managed ProCurve Switches Multiple Forwarding Databases Single Forwarding Database Switch 82122 Switch 1600M 2400M 2424M Series 6400cl switches Switch 4000M 8000M Switch 6200yl Series 2500 switches Switch 6108 Switch 2000 Series 5400zl switches Switch 800T Series 5300xl switches Series 4200vl switches Series 4100gl switches Series 3500yl switches Ser
314. ss of Service D dedicated management VLAN 2 46 DHCP gateway ignored 2 47 domain 2 22 2 28 downstream device QoS definition 5 6 effect of priority settings 5 9 DSCP Policy Table 5 56 policy defined 5 6 See also priority F forbid option See GVRP forwarding database See VLAN G GARP See GVRP gateway manual config 2 47 GVRP 4 8 advertisement 3 19 advertisement defined 3 3 advertisement responses to 3 6 advertisements generating 3 11 auto option 3 10 benefit 3 3 block 3 8 CLI configuring 3 14 configurable port options 3 6 configuring learn block disable 3 8 convert dynamic to static 3 7 converting to static VLAN 3 3 disable 3 8 dynamic VLAN and reboots 3 19 dynamic VLANs always tagged 3 4 forbid option 3 10 GARP 3 3 general operation 3 4 IP addressing 3 7 jumbo packets 3 19 learn 3 8 learn block disable 3 10 menu configuring 3 13 non GVRP aware 3 18 non GVRP device 3 18 Index 1 operating notes 3 18 port control options 3 11 port leave from dynamic 3 11 reboot switch 3 12 recommended tagging 3 11 standard 3 3 tagged dynamic VLAN 3 4 unknown VLAN 3 11 unknown VLAN options 3 7 VLAN behavior 2 13 VLAN dynamic adds 2 26 VLAN maximum 3 18 with QoS 5 43 H heartbeat packets in VLAN MAC co
315. ssively participate in dynamic VLAN propagation or to ignore dynamic VLAN GVRP operation These options are controlled by the GVRP Unknown VLAN and the static VLAN configuration parameters as described in the following table 3 9 GVRP Per Port Options for Dynamic VLAN Advertising and Joining Table 3 2 Controlling VLAN Behavior on Ports with Static VLANs Per Port Unknown VLAN GVRP Configuration Learn the Default Static VLAN Options Per VLAN Specified on Each Port Port Activity Tagged or Untagged Per VLAN The port Belongs to specified VLAN e Advertises specified VLAN Can become a member of dynamic VLANs for which it receives advertisements e Advertises dynamic VLANs that have at least one other port on the same switch as a Port Activity Auto Per VLAN The port Will become a member of specified VLAN if it receives advertisements for specified VLAN from another device Will advertise specified VLAN Can become a member of other dynamic VLANs for which it receives Port Activity Forbid Per VLAN The port 1 2 3 Will not become a member of the specified VLAN Will not advertise specified VLAN Can become a member of other dynamic VLANs for which it receives advertisements member advertisements 4 Willadvertise a dynamic VLAN e Willadvertise a dynamic VLAN thathas atleastone other port thathas atleastone other port on th
316. stack configuration is inconsistent A Member has become detached from the stack A possible cause is an interruption to the link between the Member and the Commander The Commander has stacking connectivity to the Member The Candidate has failed to be added tothe stack None required Manually add the candidate to the stack Check connectivity between the Commander and the Member None required Initially wait for an update If condition persists reconfigure the Commander or the Member Check the connectivity between the Commander and the Member None required The candidate may have a password In this case manually add the candidate Otherwise the stack may already be full A stack can hold up to 15 Members plus the Commander 6 45 Stack Management Configuring Stack Management 6 46 Index Numerics 802 1p priority QoS definition 5 6 802 1w as a region 4 15 A advertisement GVRP definition 3 3 B bandwidth effect of QoS 5 1 bandwidth loss spanning tree 4 11 blocked link from STP operation 4 12 blocked port from STP operation 4 10 Bootp gateway ignored 2 47 BPDU 3 8 BPDU port protection See spanning tree 802 1s bridge protocol data unit 3 3 broadcast domain 2 4 broadcast storm 4 3 C configuration 4 10 Class of Service 5 11 factory default 2 22 2 28 4 9 spanning tree protocol 4 10 CoS See Cla
317. switch to your network Management and Configuration Guide a PDF on the ProCurve Net working Web Site that describes how to configure manage and monitor basic switch operation Advanced Traffic Management Guide a PDF on the ProCurve Network ing Web Site that explains how to configure traffic management features such as VLANs MSTP and QoS Multicast and Routing Guide a PDF on the ProCurve Networking Web Site that explains how to configure IGMP and IP routing Access Security Guide a PDF on the ProCurve Networking Web Site that explains how to configure access security features and user authen tication on the switch Release Notes posted on the ProCurve Networking Web Site to provide information on software updates The release notes describe new fea tures fixes and enhancements that become available between revisions of the main product guide For the latest version of all ProCurve switch documentation including Release Notes covering recently added features visit the ProCurve Network ing Web Site at www procurve com click on Technical support and then click on Product manuals all Product Documentation Feature Index Forthe manual set supporting your switch model the following feature index indicates which manual to consult for information on a given software feature Feature Management Advanced Multicast Access and Traffic and Security Configuration Management Routing Guide 802 10
318. t 20 4 22 Multiple Instance Spanning Tree Operation Configuring MSTP Syntax spanning tree pending lt apply config name config revision instance reset Manipulates the pending MSTP configuration The command is useful in test or debug applications and enables rapid reconfiguration of the switch for changes in spanning tree operation apply Apply pending MSTP configuration swaps active and pending configurations config name Sets the pending MST region configuration name default is switch s MAC address config revision Sets the pending MST region configuration revision number default is 0 instance Change pending MST instance configuration reset Copy active configuration to pending 4 23 Multiple Instance Spanning Tree Operation Configuring MSTP Syntax spanning tree priority priority multiplier Every switch running an instance of MSTP has a Bridge Identifier which is a unique identifier that helps distinguish this switch from all others The switch with the lowest Bridge Identifier is elected as the root for the tree The Bridge Identifier is composed of a configurable Priority component 2 bytes and the bridge s MAC address 6 bytes The ability to change the Priority component provides flexibility in determining which switch will be the root for the tree regardless of its MAC address This command sets the switch bridge priority for the designated region in which the switch resi
319. t Types Yes Ys Carry 802 1p Priority Assignment to Next Downstream Device Yes No Carry DSCP Policy to Downstream Devices The policy includes Yes Yes Assigning a ToS Codepoint Assigning an 802 1p Priority 2 to the Codepoint 1 Except for non IPv4 packets or packets processed using either the Layer 3 Protocol or QoS IP Precedence methods which do not include the DSCP policy option Also to use a service policy in this manner the downstream devices must be configured to interpret and use the DSCP carried in the IP packets This priority corresponds to the 802 1p priority scheme and is used to determine the packet s port queue priority When used in a VLAN tagged environment this priority is also assigned as the 802 1p priority carried outbound in packets having an 802 10 field in the header Steps for Configuring QoS on the Switch 1 Determine the QoS policy you want to implement This includes analyzing the types of traffic flowing through your network and identifying one or more traffic types to prioritize In order of QoS precedence these are a UDP TCP applications b Device Priority destination or source IP address Note that destina tion has precedence over source See Table 5 6 c IP Type of Service Precedence Bits Leftmost three bits in the ToS field of IP packets d IP Type of Service Differentiated Service bits Leftmost six bits in the ToS field of IP packets e Protocol Priority 5 11 Qu
320. t queues is shown in Table 5 11 5 62 Note Quality of Service QoS Managing Bandwidth More Effectively QoS Queue Configuration Table 5 11 Mapping of 802 1p Priorities to Outbound Port Queues 802 1p 8 Queues 4 Queues 2 Queues Priority default 1 lowest 1 i 2 2 f 0 normal 3 n 3 4 4 5 3 5 6 2 6 7 4 7 highest 8 Impact of QoS Queue Configuration on Guaranteed Minimum Band width GMB Changing the number of queues removes any bandwidth min output settings in the startup configuration and automatically re allocates the GMB per queue as shown in Table 5 12 Table 5 12 Default GMB Percentage Allocations per QoS Queue Configuration 802 1p Priority 8 Queues 4 Queues 2 Queues default 1 lowest 2 10 2 3 90 0 normal 30 70 3 10 4 10 10 5 10 10 6 15 10 7 highest 20 For more information on configuring GMB refer to the chapter titled Port Traffic Controls in the Management and Configuration Guide Configuring the Number of Priority Queues To change the number of outbound priority queues for all ports on the switch use the qos queue config command Quality of Service QoS Managing Bandwidth More Effectively QoS Queue Configuration Caution This command will execute a write memory followed by an immediate reboot replacing the Startup configuration with the contents of the current Ru
321. tch into the IST instance This command creates a new MST instance MSTI and moves the VLANs you specify from the IST to the MSTI You must map at least one VLAN to an MSTI when you create it You cannot map a VLAN ID to more than one instance You can create up to 16 MSTIs in a region The no form of the command removes one or more VLANs from the specified MSTI If no VLANs are specified the no form of the command deletes the specified MSTI When you remove a VLAN from an MSTI the VLAN returns to the IST instance where it can remain or be re assigned to another MSTI configured in the region Note Starting in software release 13 x x you can enter the spanning tree instance vlan command before a static or dynamic VLAN is configured on the switch to preconfigure VLAN ID to MSTI mappings No error message is displayed Later each newly configured VLAN that has already been associated with an MSTI is automatically assigned to the MSTI This new default behavior differs from automatically including configured static and dynamic VLANs in the IST instance and requiring you to manually assign individual static VLANs to an MSTI 4 40 Multiple Instance Spanning Tree Operation Configuring MSTP Syntax no spanning tree instance lt 1 16 gt vlan lt vid vid vid gt no spanning tree instance 1 16 Continued Note The valid VLAN IDs that you can map to a specified MSTI are from 1 to 4094 The VLAN ID to MSTI
322. te the Add process for the selected Member You will then see a screen similar to the one in figure 6 9 on page 6 18 with the newly added Member listed If the message Unable to add stack member Invalid Password appears in the console menu s Help line then you either omitted the Manager password for the stack containing the Member or incorrectly entered the Manager pass word You can push a Member from one stack to another by going to the Member s interface and entering the MAC address of the destination stack Commander in the Member s Commander MAC Address field Using this method moves the Member to another stack without a need for knowing the Manager password in that stack but also blocks access to the Member from the original Commander Using the Commander s Menu To Remove a Stack Member These rules affect removals from a stack m When a Candidate becomes a Member its Auto Join parameter is automatically set to No This prevents the switch from automatically rejoining a stack as soon as you remove it from the stack m When you use the Commander to remove a switch from a stack the switch rejoins the Candidate pool for your IP subnet broadcast domain with Auto Join set to No m When you remove a Member from a stack it frees the previously assigned switch number SN which then becomes available for assignment to another switch that you may subsequently add to the stack The default switch number used for an add is the l
323. the Commander of a New Stack This procedure requires that you first remove the Member from its current stack then create the new stack If you do not know the MAC address for the Commander of the current stack use show stack to list it Syntax no stack stack commander stack name Suppose for example that a ProCurve switch named Bering Sea is a Member of a stack named Big Waters To use the switch s CLI to convert it from a stack Member to the Commander of a new stack named Lakes you would use the following commands 6 34 Stack Management Configuring Stack Management The output from this command tells you the MAC address of the current stack Commander L Bering Sea config show stack Stacking Stacking Status This Switch Stack State Transmission Interval Switch Number Stack Commander Big Waters Member Status Joined Successfully from the Big Waters Commander Status Commander Up stack Commander IP Address 10 28 227 104 Removes the Member Commander MAC Address D030c1 7fc700 Converts the former F ie Member to the Com Bering Sea config no stack join 0030c1 7fc700 mander of the new Bering Sea config stack name Lakes Lakes stack Figure 6 27 Example of Using a Member s CLI To Convert the Member to the Commander of a New Stack Adding to a Stack or Moving Switches Between Stacks You can add switches to astack by adding discovered Candidates or by moving switches
324. the Menu Interface m Chapter 4 Using the Command Line Interface CLD m Chapter 5 Using the Web Browser Interface m Chapter 6 Switch Memory and Configuration 2 3 Static Virtual LANs VLANs Introduction Introduction VLAN Features Feature Default Menu CLI Web view existing VLANs n a page 2 23 page2 29 page 2 40 thru 2 28 configuring static default VLAN with page 2 23 page2 28 page 2 40 VLANs VID 1 thru 2 28 VLANs enable you to group users by logical function instead of physical location This helps to control bandwidth usage within your network by allowing you to group high bandwidth users on low traffic segments and to organize users from different LAN segments according to their need for common resources and or their use of individual protocols You can also improve traffic control at the edge of your network by separating traffic of different protocol types VLANs can also enhance your network security by creating separate subnets to help control in band access to specific network resources General VLAN Operation A VLAN is comprised of multiple ports operating as members of the same subnet broadcast domain Ports on multiple devices can belong to the same VLAN and traffic moving between ports in the same VLAN is bridged or switched Traffic moving between different VLANs must be routed A static VLAN is an 802 1Q compliant VLAN configured with one or more ports that remain members regardles
325. the password to make the move 1 To move a Member from one stack to another go to the Main Menu of the Commander in the destination stack and display the Stacking Menu by selecting 9 Stacking 2 To learn or verify the MAC address of the Member you want to move display a listing of all Commanders Members and Candidates in the subnet by selecting 6 19 Stack Management Configuring Stack Management 2 Stacking Status All You will then see the Stacking Status All screen For status descriptions see the table on page 6 45 Pacific Ocean Sesesesesseee25e CONSOLE MANAGER MODE 2222222222 2 X 2 2 2 2 2 22 222 Stacking Stacking Status A11 Mac Address Status System Name Big Waters Pacific Commander Up Coral Se Member Up 080009 8c5060 North Atlantic Member Up Newstack 001083 c3fcO00 Newstack 0 Commander Up n80009 Si8f80 Newstack 1 Member Up 0060b0 df2a00 Newstack 2 Member Up Others 001083 3c09cO0 DEFAULT CONFI Candidate This column lists the MAC 0060b0 e94300 DEFAULT CONF Candidate 080009 918f80 DEFAULT CONHFG Candidate Addresses for switches discovered in the local subnet thatare configured NM for Stacking Actions Using the MAC addresses for these Members you can move them between stacks in the same subnet Next page Prev page Help Return to previous screen Use up down arrow keys to scroll to other entries left right arrow keys to
326. ther Switch Features on page 2 57 If you plan on using dynamic VLANs include the port configuration planning necessary to support this feature Refer to chap ter 3 GVRP By default VLAN support is enabled and the switch is configured for eight VLANs 2 Configure at least one VLAN in addition to the default VLAN 3 Assign the desired switch ports to the new VLAN s Static Virtual LANs VLANs Multiple VLAN Considerations 4 Ifyouare managing VLANs with SNMP in an IP network the VLAN through which you are managing the switch must have an IP address For information on the procedure and restrictions when you configure an IP address on a VLAN interface refer to Table 2 1 on page 2 7 Multiple VLAN Considerations Switches use a forwarding database to maintain awareness of which external devices are located on which VLANs Some switches such as the switches covered in this guide have a multiple forwarding database which means the switch allows multiple database entries of the same MAC address with each entry showing the different source VLAN and source port Other switch models have a single forwarding database which means they allow only one database entry of a unique MAC address along with the source VLAN and source port on which it is found All VLANs on a switch use the same MAC address Thus connecting a multiple forwarding database switch to a single forwarding database switch where multiple VLANs exist imposes
327. tic VLAN Show VLAN lists this ProCurve show vlans 33 data when GVRP is Status and Counters VLAN Information Ports VLAN 33 enabled and at least one portonthe switch 802 10 VLAN ID 33 has dynamically Name GVRP 33 joined the designated Status Dynamic VLAN Voice No Jumbo No Port Information DEFAULT Unknown VLAN Status Figure 2 22 Example of Show VLAN for a Specific Dynamic VLAN Changing the Number of VLANs Allowed on the Switch In the default VLAN configuration the switch allows a maximum of 256 VLANs You can specify any value from 1 to 2048 Syntax max vlans 1 2048 Specifies the maximum number of VLANs to allow If GVRP is enabled this setting includes any dynamic VLANs on the switch As part of implementing a new setting you must execute a write memory command to save the new value to the startup config file and then reboot the switch Note If multiple VLANs exist on the switch you cannot reset the maximum number of VLANs to a value smaller than the current number of VLANs 2 34 Static Virtual LANs VLANs Configuring VLANs For example to reconfigure the switch to allow 10 VLANs ProCurve config max vlans 10 Command will take effect after saving configuration and reboot Note thatyou can LS urve contig f write memory ProCurve config boot Device will be rebooted do you want to continue y n V execute these three steps at another time Figure 2 23
328. tion this guide uses ProCurve to represent command prompts for all models For example ProCurve You can use the hostname command to change the text in the CLI prompt 1 3 Getting Started Conventions Screen Simulations Displayed Text Figures containing simulated screen text and command output look like this ProCurve show version Image stamp Sw code build info March 1 2006 13 43 13 T 11 01 139 ProCurve gt Figure 1 1 Example of a Figure Showing a Simulated Screen In some cases brief command output sequences appear without figure iden tification For example ProCurve config clear public key ProCurve config show ip client public key show_client_public_key cannot stat keyfile Port Identity Examples This guide describes software applicable to both chassis based and stackable ProCurve switches Where port identities are needed in an example this guide uses the chassis based port identity system such as A1 B3 B5 C7 etc However unless otherwise noted such examples apply equally to the stack able switches which typically use only numbers such as 1 3 5 15 etc for port identities Configuration and Operation Examples Unless otherwise noted examples using a particular switch model apply to all switch models covered by this guide Keys Simulations of actual keys use a bold sans serif typeface with square brackets For example the Tab key
329. tlines the main pre requisites for configuring MSTP in your network and describes MSTP settings at the global level per individual port and per MST instance Planning an MSTP Application Before configuring MSTP keep in mind the following tips and considerations Ensure that the VLAN configuration in your network supports all of the forwarding paths necessary for the desired connectivity All ports con necting one switch to another within a region and one switch to another between regions should be configured as members of all VLANs config ured in the region Configure all ports or trunks connecting one switch to another within a region as members of all VLANs in the region Otherwise some VLANs could be blocked from access to the spanning tree root for an instance or for the region Plan individual regions based on VLAN groupings That is plan on all MSTP switches in a given region supporting the same set of VLANs Within each region determine the VLAN membership for each spanning tree instance Each instance represents a single forwarding path for all VLANs in that instance Verify that there is one logical spanning tree path through the following e Any inter regional links e Any IST or MST instance within a region e Any legacy 802 1D or 802 1w switch or group of switches Where multiple paths exist between an MST region and a legacy switch expect the CST to block all but one such path Determine the root bridge a
330. tween periodic BPDU transmissions by the designated ports This interval also applies to all ports n all switches downstream from each port in the port list A setting of global indicates that the ports n port list on the CIST root are using the value set by the global spanning tree hello time value page 4 22 When a given switch X is not the CIST root the per port hello time for all active ports on switch X is propagated from the CIST root and is the same as the hello time in use on the CIST root port in the currently active path from switch X to the CIST root That is when switch X is not the CIST root then the upstream CIST root s port hello time setting overrides the hello time setting configured on switch X Default Per Port setting Use Global Default Global Hello Time 2 Syntax spanning tree lt port list gt path cost lt auto 1 200000000 gt Assigns an individual port cost that the switch uses to determine which ports are forwarding ports in a given spanning tree In the default configuration auto the switch determines a port s path cost by the port s type 10 Mbps 2000000 100 Mbps 200000 1 Gbps 20000 Refer to Note on Path Cost on page 4 16 for information on compatibility with devices running 802 1D STP for the path cost values Default Auto Syntax spanning tree lt port list gt point to point mac lt force true force false auto Thi
331. u can swap the physical port of a router to the ProCurve switch after the switch has been properly configured in the network 2 60 Static Virtual LANs VLANs Migrating Layer 3 VLANs Using VLAN MAC Configuration Handling Incoming and Outgoing VLAN Traffic Incoming VLAN data packets and ARP requests are received and processed onthe routing switch according to the MAC address ofthe previously installed router that is configured for each VLAN interface Outgoing VLAN traffic uses the MAC address of the ProCurve switch as the source MAC address in packet headers The MAC address configured on VLAN interfaces is not used on outbound VLAN traffic Whenthe routing switch receives an ARP request forthe IP address configured ona VLAN interface the ARP reply uses the reconfigured MAC address in both the m ARP Sender MAC address field m Source MAC address field in the Ethernet frame header When proxy ARP is enabled on a VLAN interface the gracious ARP reply sent for an ARP request received from VLAN devices located outside the directly connected IP subnets also contains the reconfigured MAC address in the m ARP Sender MAC address field m Source MAC address field in the Ethernet frame header To hosts in the network VLAN traffic continues to be routed using the reconfigured MAC address as destination address but outbound VLAN traffic appears to be sent from another router using the ProCurve MAC address as source address attac
332. u change the priority of any codepoint setting to a non default value and then execute write memory the switch will list the non default setting in the show config display For example in the default configuration the following codepoint settings are true Codepoint Default Priority 001100 1 001101 No override 001110 2 If you change all three settings to a priority of 3 and then execute write memory the switch will reflect these changes in the show config listing ProCurve config qos dscp map 001100 priority 3 ProCurve config qos dscp map 001101 priority 3 ProCurve config qos dscp map 001110 priority 3 ProCurve config write memory N ProCurve config show config Configure these three codepoints Startup configuration with non default priorities J8697A Configuration Editor Created on release K 11 00 hostname ProCurve time daylight time rule None qos dscp map 001100 priority 3 os dscp map 001101 priority 3 dus a 001110 Dicite 3 m Show config lists the non default 2 codepoint settings module 3 type J4820A Figure 5 32 Example of Show Config Listing with Non Default Priority Settings in the DSCP Table Effect of No override In the QoS Type of Service differentiated services mode a No override assignment for the codepoint of an outbound packet means that QoS is effectively disabled for such packets That is QoS does not 5 57 Quality of Service QoS Man
333. umber in the range The no form of the command deletes the specified UDP or TCP port number or range of port numbers as a QoS classifier Note If you have specified a range of port numbers you must specify the entire range in the no command you cannot remove part of a range show qos tcp udp port priority Displays a listing of all TCP and UDP QoS classifiers currently in the running config file 5 20 Quality of Service QoS Managing Bandwidth More Effectively Using QoS Classifiers to Configure Quality of Service for Outbound Traffic For example suppose you wanted to assign these DSCP policiesto the packets identified by the indicated UDP and TDP port applications Port Applications DSCP Policies DSCP Priority 23 UDP 000111 7 80 TCP 000101 5 914 TCP 000010 1 1001 UDP 000010 1 1 Determine whether the DSCPs already have priority assignments which could indicate use by existing applications Also a DSCP must have a priority configured before you can assign any QoS classifiers to use it ProCurve config show qos dscp map DSCP 802 p priority mappings DSCP policy 802 1p tag Policy name ooo000 No override 000001 No override Coo0010 No override The DSCPs for this 000011 No override example have not yet 000100 No override been assigned an C 000101 No override 802 1p priority level 000110 No override C 000111 No override Figure 5 5 Display the Current DSCP Map Configurat
334. ummarize you can m Allow a port to advertise and or join dynamic VLANs Learn mode the default m Allow a port to send VLAN advertisements but not receive them from other devices that is the port cannot dynamically join a VLAN but other devices can dynamically join the VLANs it advertises Block mode m Prevent a port from participating in GVRP operation Disable mode Port Leave From a Dynamic VLAN A dynamic VLAN continues to exist on a port for as long as the port continues to receive advertisements of that VLAN from another device connected to that port or until you m Convert the VLAN to a static VLAN See Converting a Dynamic VLAN to a Static VLAN on page 3 17 m Reconfigure the port to Block or Disable 3 11 GVRP Planning for GVRP Operation m Disable GVRP m Reboot the switch The time to live for dynamic VLANs is 10 seconds That is if a port has not received an advertisement for an existing dynamic VLAN during the last 10 seconds the port removes itself from that dynamic VLAN Planning for GVRP Operation These steps outline the procedure for setting up dynamic VLANs for a seg ment 1 Determine the VLAN topology you want for each segment broadcast domain on your network 2 Determine the VLANs that must be static and the VLANs that can be dynamically propagated 3 Determine the device or devices on which you must manually create static VLANs in order to propagate VLANs throughout the s
335. uration tab 2 Click on VLAN Configuration and do the following e To enable or disable GVRP click on GVRP Enabled e To change the Unknown VLAN field for any port i Click on GVRP Security and make the desired changes ii Click on Apply to save and implement your changes to the Unknown VLAN fields For web based Help on how to use the web browser interface screen click on the button provided on the web browser screen GVRP Operating Notes m Adynamic VLAN must be converted to a static VLAN before it can have an IP address m On the switches covered in this guide GVRP can be enabled only if max vlans is set to no more than 256 VLANs m The total number of VLANs on the switch static and dynamic combined cannot exceed the current Maximum VLANs setting For example in the factory default state the switch supports eight VLANs Thus in a case where four static VLANs are configured on the switch the switch can accept up to four additional VLANs in any combination of static and dynamic Any additional VLANs advertised to the switch will not be added unless you first increase the Maximum VLANS setting In the Menu inter face click on 2 Switch Configuration 8 VLAN Menu 1 VLAN Support In the global config level of the CLI use max vlans m Converting a dynamic VLAN to a static VLAN and then executing the write memory command saves the VLAN in the startup config file and makes it a permanent part of the switch s
336. urve config vlan 100 Creates the new VLAN ProCurve vlan 100 show vlans Si et Shows the VLANs Status and Counters VLAN Information currently configured in Maximum VLANs to support 8 the switch Primary VLAN DEFAUIT VLAN Management VL N 802 10 VL N ID Name tatus Voice Junbo 1 DEFAULT VLAN PorX based No No 100 VLAN100 Portl based No No If this field is empty a Secure Management VLAN is not configured in the switch Refer to The Secure Management VLAN on page 2 47 Figure 2 25 Example of Creating a New Port Based Static VLAN To go to a different VLAN context level such as to the default VLAN ProCurve vlan 100 vlan default vlan ProCurve vlan 1 Deleting a VLAN If ports B1 B5 belong to both VLAN 2 and VLAN 3 and ports B6 B10 belong to VLAN 3 only then deleting VLAN 3 causes the CLI to prompt you to approve moving ports B6 B10 to VLAN 1 the default VLAN Ports B1 B5 are not moved because they still belong to another VLAN ProCurve config no vlan 3 The following ports will be moved to the default VLAN B6 B10 Do you want to continue y n y ProCurve config 2 37 Static Virtual LANs VLANs Configuring VLANs Note Converting a Dynamic VLAN to a Static VLAN Use this feature if you want to convert a dynamic port based VLAN membership to a static port based VLAN membership This is necessa
337. use certain features and management functions run on only one VLAN in the switch and because DHCP and Bootp can run per VLAN there is a need for a dedicated VLAN to manage these features and ensure that multiple instances of DHCP or Bootp on different VLANs do not result in conflicting configuration values for the switch The Primary VLAN is the VLAN the switch uses to run and manage these features and data In the factory default config uration the switch designates the default VLAN DEFAULT VLAN VID 1 as the Primary VLAN However to provide more control in your network you can designate another static port based VLAN as primary To summarize designating a non default VLAN as primary means that m The switch reads DHCP responses on the Primary VLAN instead of on the default VLAN This includes such DHCP resolved parameters as the TimeP server address Default TTL and IP addressing including the Gateway IP address when the switch configuration specifies DHCP as the source for these values m The default VLAN continues to operate as a standard VLAN except as noted above you cannot delete it or change its VID 2 46 Note Static Virtual LANs VLANs Special VLAN Types m Any ports not specifically assigned to another VLAN will remain assigned to the Default VLAN regardless of whether it is the Primary VLAN Candidates for Primary VLAN include any static port based VLAN currently configured on the switch Protoco
338. warding database always lists the 2900 MAC address on port A1 and the 8000M will send traffic to either VLAN on the 2900 To increase the network bandwidth of the connection between the devices you can use atrunk of multiple physical links rather than a single physical link Multiple Forwarding Database Operation If you want to connect one of the switches covered by this guide to another switch that has a multiple forwarding database you can use either or both of the following connection options m A separate port or port trunk interface for each VLAN This results in a forwarding database having multiple instances of the same MAC address with different VLAN IDs and port numbers See table 2 5 The fact that the switches covered by this guide use the same MAC address on all VLAN interfaces causes no problems m The same port or port trunk interface for multiple tagged VLANs This results in a forwarding database having multiple instances of the same MAC address with different VLAN IDs but the same port number Allowing multiple entries of the same MAC address on different VLANs enables topologies such as the following Static Virtual LANs VLANs Configuring VLANs Note 4108gl Switch VLAN 1 jl VLAN 2 ANI p I VLAN 1 i VLAN 2 Both switches have f a m i E E multiple forwarding 2900 Switch databases Figure 2 11 Example of a Valid Topology for Devices Havi
339. witch 6 9 Stack Management Configuring Stack Management Options for Configuring a Commander and Candidates Depending on how Commander and Candidate switches are configured Candidates can join astack either automatically or by a Commander manually adding pulling them into the stack In the default configuration a Candidate joins only when manually pulled by a Commander You can reconfigure a Commander to automatically pull in Candidates that are in the default stacking configura tion You can also reconfigure a Candidate switch to either push itself into a particular Commanders stack convert the Candidate to a Commander for a stack that does not already have a Commander or to operate as a standa lone switch without stacking The following table shows your control options for adding Members to a stack Table 6 3 Stacking Configuration Guide Join Method Commander Candidate IP Addressing Required IP Addressing Optional Auto Grab Auto Join Passwords Automatically add Candidate to Stack Yes Yes default No default Causes the first 15 eligible discovered switches in the subnet to automatically join a stack Manually add Candidate to Stack No default Yes default Optional Prevent automatic joining of switches you x don t want in the stack Yes No Optional Yes Yes default or No Configured Prevent a switch from being a Candidate N A Disabled Optional The Commander s
340. witch is disabled the default This means that communication between any routable VLANs on the switch must go through the external router In this case VLANs W and X can exchange traffic through the external router but traffic in VLANs Y and Z is restricted to the respective VLANs Note that VLAN 1 the default VLAN is also present but not shown The default VLAN cannot be deleted from the switch However ports assigned to other VLANs can be removed from the default VLAN if desired If internal IP routing is enabled on the switch then the external router is not needed for traffic to move 2 9 Static Virtual LANs VLANs Static VLAN Operation between port based VLANs Switch with Multiple VLANs Configured and Internal Routing External Disabled Router Figure 2 2 Example of Multiple VLANs on the Switch Protocol VLAN Environment Figure 2 2 can also be applied to a protocol VLAN environment In this case VLANs W and X represent routable protocol VLANs VLANs Y and Z can be any protocol VLAN As noted for the discussion of multiple port based VLANs VLAN 1 is not shown Enabling internal IP routing on the switch allows IP traffic to move between VLANs on the switch However routable non IP traffic alwa
341. with Multiple VLANs Configured Stacking uses the primary VLAN in a switch In the factory default configura tion the DEFAULT_VLAN is the primary VLAN However you can designate any VLAN configured in the switch as the primary VLAN See The Primary VLAN on page 2 46 When using stacking in a multiple VLAN environment the following criteria applies 6 44 Stack Management Configuring Stack Management m Stacking uses only the primary VLAN on each switch in a stack m The primary VLAN can be tagged or untagged as needed in the stacking path from switch to switch m The same VLAN ID VID must be assigned to the primary VLAN in each stacked switch Status Messages Stacking screens and listings display these status messages Message Candidate Auto Condition Action or Remedy Indicates a switch configured with Stack State join Candidate Commander Down Commander Up Mismatch Member Down Member Up Rejected set to Candidate Auto Join set to Yes the default and no Manager password Candidate cannot automatically join the stack because one or both of the following conditions apply Candidate has Auto Join set to No Candidate has a Manager password Member has lost connectivity to its Commander The Member has stacking connectivity with the Commander This may be a temporary condition while a Candi date is trying to join a stack Ifthe Candidate does not join then
342. you to preconfigure MSTP topologies before the VLAN IDs associated with each instance exist on a switch When you use preconfigured VLAN ID to MSTI topologies ensure that MSTP switches remain in the same region by mapping all VLAN IDs used in the region to the same MSTIs on each regional switch Configuring MSTP Instances with the VLAN Range Option For the switches covered in this guide if you use the spanning tree instance command with the VLAN range option even if the range includes VLANs that are not currently present on the switch the entire range of VLANs is config ured For example if VLANs 1 5 and 7 are currently present and you enter this command ProCurve config spanning tree instance 1 vlan 1 10 then all the VLANs from 1 through 10 are included even those VLANs that are not present 4 49 Multiple Instance Spanning Tree Operation Configuring MSTP On other ProCurve switches only the VLANs that are present will be included that is only VLANS 1 5 and 7 would be included The switch will map these VLANs to MSTP Instance 1 which results in a Configuration Digest that is not the same as the Configuration Digest for the Series 3500 5400 6200 2900 switches running this enhancement See Figure 4 16 and Figure 4 17 Figure 4 16 shows an example of an MSTP instance configured with the VLAN range option All the VLANs are included in the instance whether they exist or not Figure 4 17 shows an exa
343. ys requires an external router Routing Options for VLANs Table 2 3 Options for Routing Between VLAN Types in the Switch Port IPX IPv4 IPv6 ARP Apple SNA Netbeui Based Talk Port Based Yes Yes Protocol IPX Yes IPv4 Yes Yes IPv6 Yes ARP Yes AppleTalk Yes 2 10 Static Virtual LANs VLANs Static VLAN Operation Port PX IPv4 IPv6 ARP Apple SNA Netbeui Based Talk SNAZ NETbeui2 TRequires an external router to route between VLANs 2Not a routable protocol type End stations intended to receive traffic in these protocols must be attached to the same physical network Overlapping Tagged VLANs A port can be amember of more than one VLAN of the same type if the device to which the port connects complies with the 802 1Q VLAN standard For example a port connected to a central server using a network interface card NIC that complies with the 802 1Q standard can be a member of multiple VLANs allowing members of multiple VLANs to use the server Although these VLANs cannot communicate with each other through the server they can all access the server over the same connection from the switch Where VLANs overlap in this way VLAN tags are used in the individual packets to distin guish between traffic from different VLANs A VLAN tag includes the particu lar VLAN I D VID of the VLAN on which the packet was generated ProCu
344. zing Optional Without configuring the switch to prioritize voice VLAN traffic one of the following conditions applies m Ifthe ports in a voice VLAN are not tagged members then the switch forwards all traffic on that VLAN at normal priority m Ifthe portsinavoice VLAN are tagged members then the switch forwards all traffic on that VLAN at whatever priority the traffic has when received inbound on the switch Using the switch s QoS VLAN ID VID Priority option you can change the priority of voice VLAN traffic moving through the switch If all port member ships on the voice VLAN are tagged the priority level you set for voice VLAN traffic is carried to the next device With all ports on the voice VLAN config ured as tagged members you can enforce a QoS priority policy moving through the switch and through your network To set a priority on a voice VLAN use the following command Syntax vlan lt vid gt qos priority lt 0 7 gt The qos priority default setting is O normal with 1 as the lowest priority and 7 as the highest priority For example if you configured a voice VLAN with a VID of 10 and wanted the highest priority for all traffic on this VLAN you would execute the following command ProCurve config 4 vlan 10 qos priority 7 ProCurve config write memory 2 56 Note Static Virtual LANs VLANs Effect of VLANs on Other Switch Features Note that you also have the option of resetting the D
Download Pdf Manuals
Related Search