Hp Hp 830 series User manual

HP 830 Series PoE+ Unified Wired-WLAN

Switch Switching Engine

W

eb-Based Configuration Guide

Part number: 5998-3947

Software version: 3308P26

Document version: 6W101-20130628

Legal and notice information

No part of this documentation may be reproduced or transmitted in any form or by any means without

prior written consent of Hewlett-Packard Development Company, L.P.

The information contained herein is subject to change without notice.

HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS

MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY

AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained

herein or for incidental or consequential damages in connection with the furnishing, performance, or use

of this material.

The only warranties for HP products and services are set forth in the express warranty statements

accompanying such products and services. Nothing herein should be construed as constituting an

additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

i

Contents

Web overview······························································································································································ 1

Web interface ···································································································································································1

Web user level ··································································································································································2

Web-based NM functions················································································································································2

Common items on the Web pages ······························································································································ 10

Logging in to the Web interface·······························································································································15

Restrictions and guidelines············································································································································ 15

Operating system requirements ··························································································································· 15

Web browser requirements·································································································································· 15

Others····································································································································································· 18

Logging in through HTTP ······································································································································ 18

Logging in from the controller engine ················································································································· 19

Logging out of the Web interface ································································································································ 20

Configuration wizard·················································································································································21

Basic service setup ························································································································································· 21

Entering the configuration wizard homepage···································································································· 21

Configuring system parameters ··························································································································· 21

Configuring management IP address·················································································································· 22

Finishing configuration wizard ···························································································································· 24

Accessing the controller engine from the switching engine····················································································26

Specifying management IP addresses at the CLI ········································································································ 26

Accessing the controller engine from the switching engine's Web interface·························································· 27

Displaying information summary ······························································································································28

Displaying system information······································································································································ 28

Basic system information ······································································································································ 28

System resource state············································································································································ 29

Recent system logs················································································································································· 29

Displaying device information ······································································································································ 29

Configuring basic device settings·····························································································································31

Configuring system name·············································································································································· 31

Configuring Web idle timeout period ························································································································· 31

Maintaining devices···················································································································································32

Rebooting the device ····················································································································································· 32

Displaying the electronic label information················································································································· 33

Generating the diagnostic information file·················································································································· 33

Configuring the system time ······································································································································35

Configuration guidelines ··············································································································································· 35

Displaying the system time ············································································································································ 35

Configuring the system time·········································································································································· 35

Configuring network time ····································································································································· 36

System time configuration example ····························································································································· 37

Network requirements··········································································································································· 37

Configuration procedure ······································································································································ 38

Verifying the configuration··································································································································· 38

ii

Managing logs···························································································································································39

Displaying syslogs·························································································································································· 39

Setting the log host························································································································································· 41

Setting buffer capacity and refresh interval ················································································································ 42

Managing the configuration······································································································································43

Backing up the configuration········································································································································ 43

Restoring the configuration ··········································································································································· 43

Saving the configuration ··············································································································································· 44

Initializing the configuration ········································································································································· 45

Managing files ···························································································································································46

Displaying files ······························································································································································· 46

Downloading a file ························································································································································ 46

Uploading a file ····························································································································································· 47

Removing a file······························································································································································· 47

Managing ports··························································································································································48

Setting operation parameters for a port ······················································································································ 48

Displaying port operation parameters························································································································· 53

Displaying a specified operation parameter for all ports················································································· 53

Displaying all the operation parameters for a port ··························································································· 53

Port management configuration example···················································································································· 54

Network requirements··········································································································································· 54

Configuration procedure ······································································································································ 55

Configuring port mirroring ········································································································································59

Terminologies of port mirroring ··························································································································· 59

Local port mirroring implementation ··················································································································· 59

Configuration guidelines ··············································································································································· 60

Recommended configuration procedures···················································································································· 60

Creating a mirroring group ·········································································································································· 61

Configuring ports for a mirroring group······················································································································ 61

Local port mirroring configuration example················································································································ 63

Network requirements··········································································································································· 63

Creating a local port mirroring group ················································································································ 63

Configuring the mirroring ports ··························································································································· 64

Configuring the monitor port································································································································ 65

Managing users ·························································································································································67

Creating a user······························································································································································· 67

Setting the super password ··········································································································································· 68

Switching to the management level ····························································································································· 69

Configuring a loopback test······································································································································71

Configuring VCT ························································································································································73

Configuring the flow interval·····································································································································74

Setting the traffic statistics generating interval············································································································ 74

Displaying port traffic statistics ····································································································································· 74

Configuring storm constrain ······································································································································76

Setting the traffic statistics generating interval············································································································ 76

Configuring storm constrain·········································································································································· 77

Configuring RMON ···················································································································································79

Overview········································································································································································· 79

Operating mechanism ·········································································································································· 79

iii

RMON groups ······················································································································································· 79

Recommended configuration procedure······················································································································ 81

Configuring the RMON statistics function ·········································································································· 81

Configuring the RMON alarm function ·············································································································· 81

Displaying RMON running status························································································································ 82

Configuring a statistics entry········································································································································· 83

Configuring a history entry ··········································································································································· 84

Configuring an event entry ··········································································································································· 85

Configuring an alarm entry··········································································································································· 86

Displaying RMON statistics ·········································································································································· 88

Displaying RMON history sampling information········································································································ 90

Displaying RMON event logs······································································································································· 91

RMON configuration example ····································································································································· 92

Network requirements··········································································································································· 92

Configuration procedure ······································································································································ 92

Verifying the configuration··································································································································· 95

Configuring energy saving········································································································································96

Configuring SNMP·····················································································································································98

Overview········································································································································································· 98

SNMP mechanism ················································································································································· 98

SNMP protocol versions ······································································································································· 99

Recommended configuration procedure······················································································································ 99

Enabling SNMP agent ········································································································································100

Configuring an SNMP view········································································································································102

Creating an SNMP view·····································································································································102

Adding rules to an SNMP view ·························································································································103

Configuring an SNMP community ·····························································································································104

Configuring an SNMP group······································································································································105

Configuring an SNMP user·········································································································································106

Configuring SNMP trap function································································································································108

Displaying SNMP packet statistics ·····························································································································109

SNMPv1/v2c configuration example························································································································110

SNMPv3 configuration example ································································································································113

Displaying interface statistics ································································································································· 118

Configuring VLANs················································································································································· 119

Overview·······································································································································································119

VLAN fundamentals·············································································································································119

VLAN types ··························································································································································120

Port-based VLAN ·················································································································································121

Configuration guidelines ·············································································································································122

Recommended VLAN configuration procedures·······································································································123

Recommended configuration procedure (modifying ports in a VLAN)··························································123

Recommended configuration procedure (modifying the VLANs to which a port belongs) ·························123

Creating VLANs ···························································································································································123

Selecting VLANs···························································································································································124

Modifying a VLAN·······················································································································································125

Modifying ports····························································································································································127

VLAN configuration example······································································································································128

Configuring VLAN interfaces ································································································································· 133

Overview·······································································································································································133

Configuration guidelines ·············································································································································133

Creating a VLAN interface··········································································································································133

iv

Modifying a VLAN interface·······································································································································135

Configuring a voice VLAN ····································································································································· 137

Overview·······································································································································································137

OUI addresses ·····················································································································································137

Voice VLAN assignment modes·························································································································137

Security mode and normal mode of voice VLANs···························································································139

Configuration guidelines ·············································································································································140

Recommended voice VLAN configuration procedure ······························································································140

Configuring voice VLAN globally ······························································································································141

Configuring voice VLAN on ports ······························································································································142

Adding OUI addresses to the OUI list ·······················································································································143

Voice VLAN configuration examples ·························································································································144

Configuring voice VLAN on a port in automatic voice VLAN assignment mode·········································144

Configuring voice VLAN on a port in manual voice VLAN assignment mode·············································149

Configuring the MAC address table ····················································································································· 156

Overview·······································································································································································156

How a MAC address entry is created ··············································································································156

Types of MAC address entries···························································································································156

MAC address table-based frame forwarding ··································································································157

Displaying and configuring MAC address entries ···································································································157

Setting the aging time of MAC address entries········································································································159

MAC address table configuration example ··············································································································160

Configuring MSTP··················································································································································· 161

Overview·······································································································································································161

Why MSTP····································································································································································161

STP and RSTP limitations·····································································································································161

Features of MSTP·················································································································································161

Basic concepts in MSTP···············································································································································162

MST region···························································································································································162

VLAN-to-MSTI mapping table·····························································································································163

IST ·········································································································································································163

CST········································································································································································163

CIST·······································································································································································163

MSTI······································································································································································163

Regional root bridge···········································································································································163

Common root bridge···········································································································································164

Boundary port······················································································································································164

Port roles·······························································································································································164

Port states ·····························································································································································165

How MSTP works ·························································································································································166

CIST calculation···················································································································································166

MSTI calculation ··················································································································································166

MSTP implementation on devices·······························································································································166

Protocols and standards ··············································································································································166

Configuration guidelines ·············································································································································167

Recommended MSTP configuration procedure·········································································································167

Configuring an MST region ········································································································································167

Configuring MSTP globally ·········································································································································169

Configuring MSTP on a port·······································································································································171

Displaying MSTP information for a port ····················································································································173

MSTP configuration example······································································································································176

v

Configuring link aggregation and LACP··············································································································· 180

Overview·······································································································································································180

Basic concepts ·····················································································································································180

Link aggregation modes ·····································································································································181

Load sharing mode of an aggregation group··································································································183

Configuration guidelines ·············································································································································183

Recommended link aggregation and LACP configuration procedures ··································································184

Creating a link aggregation group····························································································································185

Displaying information about an aggregate interface·····························································································186

Setting LACP priority····················································································································································187

Displaying information about LACP-enabled ports···································································································188

Link aggregation and LACP configuration example·································································································190

Configuring LLDP····················································································································································· 193

Overview·······································································································································································193

Basic concepts ·····················································································································································193

LLDP operating modes·········································································································································197

How LLDP works ··················································································································································197

Compatibility of LLDP with CDP··································································································································197

Protocols and standards ··············································································································································198

Configuration guidelines ·············································································································································198

Recommended LLDP configuration procedure···········································································································198

Enabling LLDP on ports ················································································································································199

Configuring LLDP settings on ports ·····························································································································200

Setting LLDP parameters for a single port ·········································································································200

Configuring LLDP settings for ports in batch·····································································································203

Configuring global LLDP setup····································································································································204

Displaying LLDP information for a port ······················································································································206

Displaying global LLDP information ···························································································································210

Displaying LLDP information received from LLDP neighbors····················································································212

LLDP configuration examples ······································································································································212

LLDP basic settings configuration example ·······································································································212

CDP-compatible LLDP configuration example···································································································219

Configuring ARP······················································································································································ 226

Overview·······································································································································································226

ARP message format ···········································································································································226

ARP operation mechanism ·································································································································226

ARP table······························································································································································227

Gratuitous ARP·····················································································································································228

Configuring ARP entries ··············································································································································228

Displaying ARP entries········································································································································228

Creating a static ARP entry ································································································································229

Removing ARP entries ··················································································································································229

Configuring gratuitous ARP·········································································································································229

Static ARP configuration example ·····················································································································230

Configuring ARP attack defense ···························································································································· 234

Overview·······································································································································································234

User validity check ··············································································································································234

ARP packet validity check ··································································································································234

Configuring ARP detection··········································································································································234

Configuring IGMP snooping ·································································································································· 236

Overview·······································································································································································236

Basic concepts in IGMP snooping·····················································································································236

vi

How IGMP snooping works ·······························································································································238

Protocols and standards ·····································································································································239

Recommended configuration procedure····················································································································239

Enabling IGMP snooping globally ·····························································································································240

Configuring IGMP snooping in a VLAN····················································································································240

Configuring IGMP snooping port functions···············································································································242

Displaying IGMP snooping multicast table entries ···································································································243

IGMP snooping configuration example·····················································································································244

Configuring IPv4 and IPv6 routing ························································································································ 249

Overview·······································································································································································249

Routing table························································································································································249

Static route ···························································································································································249

Default route·························································································································································250

Configuration guidelines ·············································································································································250

Displaying the IPv4 active route table ·······················································································································250

Creating an IPv4 static route·······································································································································251

Displaying the IPv6 active route table ·······················································································································252

Creating an IPv6 static route·······································································································································252

IPv4 static route configuration example·····················································································································253

IPv6 static route configuration example·····················································································································257

Configuring IPv6 services ······································································································································· 260

DHCP overview ······················································································································································· 261

DHCP·············································································································································································261

DHCP snooping····························································································································································261

Configuring the DHCP server······································································································································262

Recommended configuration procedure····················································································································262

Enabling DHCP ····························································································································································262

Creating a static address pool for the DHCP server························································································263

Creating a dynamic address pool for the DHCP server··················································································264

Enabling the DHCP server on an interface·······································································································266

Displaying assigned IP addresses ·····················································································································266

Configuring the DHCP relay agent ····························································································································267

Recommended configuration procedure···········································································································267

Enabling DHCP and configuring advanced parameters for the DHCP relay agent ····································267

Creating a DHCP server group··························································································································269

Enabling the DHCP relay agent on an interface······························································································270

Configuring and displaying clients' IP-to-MAC bindings ················································································271

Configuring DHCP snooping ······································································································································272

Recommended configuration procedure···········································································································272

Enabling DHCP snooping···································································································································272

Configuring DHCP snooping functions on an interface ··················································································273

Displaying clients' IP-to-MAC bindings ·············································································································274

DHCP server configuration examples ························································································································275

Static IP address assignment configuration example·······················································································275

Dynamic IP address assignment configuration example·················································································277

DHCP relay agent configuration example·················································································································281

DHCP snooping configuration example ····················································································································283

Managing services·················································································································································· 286

Overview·······································································································································································286

Configuring service management ······························································································································287

Using diagnostic tools············································································································································· 289

Ping················································································································································································289

vii

Traceroute ·····································································································································································289

Ping operation ······························································································································································289

Traceroute operation ···················································································································································291

Configuring MAC authentication··························································································································· 293

Overview·······································································································································································293

User account policies··········································································································································293

Authentication procedures··································································································································293

MAC authentication timers·································································································································294

Using MAC authentication with other features ·········································································································294

VLAN assignment ················································································································································294

ACL assignment ···················································································································································294

Auth-Fail VLAN ····················································································································································294

Configuration prerequisites·········································································································································295

Configuration procedure·············································································································································295

Configuring MAC authentication globally ················································································································295

Configuring MAC authentication on a port ··············································································································297

MAC authentication configuration examples············································································································298

Local MAC authentication configuration example···························································································298

ACL assignment configuration example············································································································301

Configuring 802.1X ··············································································································································· 310

Overview·······································································································································································310

802.1X architecture ············································································································································310

Access control methods ······································································································································310

802.1X timers ······················································································································································311

Configuration prerequisites·········································································································································311

Configuration guidelines ·············································································································································311

Configuration procedure·············································································································································312

Configuring 802.1X globally ·····································································································································312

Configuring 802.1X on a port ···································································································································313

Configuring an 802.1X guest VLAN·················································································································315

Configuring an Auth-Fail VLAN ·························································································································316

802.1X configuration example ··································································································································317

ACL assignment configuration example ····················································································································323

Configuring port security········································································································································ 332

Overview·······································································································································································332

Port security features ···········································································································································332

Port security modes ·············································································································································332

Configuration guidelines ·············································································································································334

Configuration procedures ···········································································································································334

Configuring global settings for port security·············································································································335

Configuring basic port security control······················································································································336

Configuring secure MAC addresses ··························································································································337

Configuring advanced port security control··············································································································338

Configuring permitted OUIs········································································································································340

Port security configuration examples ·························································································································340

Basic port security mode configuration example·····························································································340

Advanced port security mode configuration example ····················································································344

Configuring portal authentication·························································································································· 350

Overview·······································································································································································350

Extended portal functions ···································································································································350

Portal system components···································································································································350

Portal system using the local portal server········································································································352

viii

Portal authentication modes ·······························································································································353

Portal support for EAP·········································································································································353

Layer 2 portal authentication process ···············································································································354

Layer 3 portal authentication process ···············································································································355

Configuring portal authentication ······························································································································357

Configuration prerequisites ································································································································357

Configuration task list ·········································································································································358

Configuring the Layer 2 portal service··············································································································359

Configuring the Layer 3 portal service··············································································································361

Configuring advanced parameters for portal authentication ·········································································364

Configuring a portal-free rule·····························································································································365

Portal authentication configuration examples ···········································································································367

Configuring Layer 2 portal authentication········································································································367

Configuring direct portal authentication···········································································································375

Configuring cross-subnet portal authentication ································································································381

Configuring AAA ···················································································································································· 389

Overview·······································································································································································389

AAA application··················································································································································389

Domain-based user management ······················································································································390

Configuration prerequisites·········································································································································390

Configuration procedure·············································································································································391

Configuring an ISP domain·········································································································································391

Configuring authentication methods for the ISP domain ·························································································392

Configuring authorization methods for the ISP domain···························································································394

Configuring accounting methods for the ISP domain·······························································································395

AAA configuration example ·······································································································································397

Configuring RADIUS ··············································································································································· 402

Overview·······································································································································································402

Client/server model ············································································································································402

Security and authentication mechanisms ··········································································································402

Basic RADIUS message exchange process ······································································································403

RADIUS packet format ········································································································································404

Extended RADIUS attributes ·······························································································································406

Protocols and standards ·····································································································································407

Configuration guidelines ·············································································································································407

Configuring RADIUS ····················································································································································408

Configuration procedure ····································································································································408

Configuring RADIUS servers ······························································································································408

Configuring RADIUS parameters·······················································································································410

RADIUS configuration example ··································································································································412

Configuring users ···················································································································································· 418

Configuring a local user··············································································································································418

Configuring a user group············································································································································420

Managing PKI·························································································································································· 422

Overview·······································································································································································422

PKI terms·······························································································································································422

PKI architecture····················································································································································422

PKI operation ·······················································································································································423

PKI applications ···················································································································································424

Configuration guidelines ·············································································································································424

Recommended configuration procedures··················································································································424

Configuration procedure for manual requests ·································································································425

HP HP 830 Series User manual

Popular Switch manuals by other brands