Instruction/ maintenance manual of the product 3400CL-24G HP (Hewlett-Packard)
Go to page of 197
i Release Notes: V ersion M.10.72 Software for the HP ProCurve Series 3400cl Switches "M” software versions are su p ported on these switches: Release M.
© Copyright 2004 - 2009 Hewlett-Packard Development Company , LP . The information contained herein is subjec t to change without notice. Publication Number 5991-4764 May , 2009 Applicable Product Pr.
iii Contents Software Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
iv Connection-Rate Filtering Based On Vi rus-Thrott ling Technology . . . . . . . . . . . . . . . . . . . . . . . 19 Identity-Driven Management (IDM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 9 Clarifications and Updates .
v QoS Pass-Through Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Release M.08.94 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
vi Release M.10.26 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Release M.10.27 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
vii Release M.10.65 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 MSTP VLAN Configuration Enhan cement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
viii Release M.08.76 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Release M.08.77 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ix Release M.10.10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 Release M.10.11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
x Release M.10.42 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Release M.10.43 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1 Software Management Software Updates Software Management Software Updates Check the ProCurve Networking W eb site frequent ly for free software updates for the various ProCurve switches you may have in your netw ork.
2 Software Management Downloading Software to the Switch Note Downloading ne w software does not chang e the cu rrent switch config uratio n. The switch configu- ration is contained in a separate file that can also be transferred, for example, for archive purposes or to be used in another swit ch of the same model.
3 Software Management Downloading Software to the Switch TFTP Download from a Server Syntax: copy tftp flash < ip-address > < remote-os-file > [ < primary | secondary > ] Note that if you do not specify the flash destination , the TFTP download defaults to the primary flash.
4 Software Management Downloading Software to the Switch ■ The terminal emulator you are using includes the Xmod em binary transfer feature . (For example, in the HyperT ermina l appli cation includ ed with Wi ndows NT , you would use the Send File opti on in the T ransfer dropdown men u.
5 Software Management Saving Configurations While Using the CLI Saving Configurations While Using the CLI The switch operates with two configuratio n files: ■ Running-Config File: Exists in volatile memory and controls switch op eration.
6 Software Management Install Recommendations for I.08.12 Boot ROM Update Install Recommendations fo r I.08.12 Boot ROM Update When instal ling the M.10.17 soft ware to load the I.08. 12 ROM version , ProCurve r ecommends that you use the “fastboot” feature and the “reload” co mmand after updating to M.
7 Software Management ProCurve Switch, Routing Swit ch, and Router Software Keys ProCurve Switch, Routing Swit ch, and Router Software Keys Software Letter ProCurve Networking Products C 1600M, 2400M,.
8 Software Management ProCurve Switch, Routing Switch, and Router Software Keys numeric Switch 9408sl, Switch 9300 Seri es (9304M, 9308M, and 9315M), Switch 6208M- SX and Switch 6308M-SX (Uses software version number only; no al phabetic prefix. For example 07.
9 Software Management Minimum Software Versions for Series 3400cl Switch Features Minimum Softw are V ers ions for Series 340 0cl Switch Features For Software Features. T o view a tabular list ing of major switc h software featur es and the minimum software version each feat ure requires: 1.
10 Enforcing Switch Security Switch Management Access Security Enforcing Switch Security ProCurve switches are designed as “plug and play” devices, allowing quick and easy installat ion in your network.
11 Enforcing Switch Security Switch Management Access Security It is important to evaluate the le vel of manageme nt access vulnerabil ity existing i n your network and take steps to ensure that all reasonable security precautions are in place. This includes both configurable sec urity options and ph ys ical access to the switch hardware.
12 Enforcing Switch Security Switch Management Access Security SNMP Access (Simple Network Management Protocol) In the default configuration, the switch is open to access by management station s running SN MP management applications capabl e of viewing and changing the settings and status data i n the switch’ s MIB (Managemen t Information Base).
13 Enforcing Switch Security Switch Management Access Security Caution: Downloading an d booting from the M.08.89 or grea ter software versi on for the first time enables SNMP access to the authenticat ion configurat ion MIB (the default action).
14 Enforcing Switch Security Switch Management Access Security For the commands to implement th e above actions, refer to “Front-Panel Secu rity” in the chapter titled “Configu ring Username s and Passw ords” in the Access Security Guide for your switch.
15 Enforcing Switch Security Network Access Security Network Access Security This section outlin es provisions for protecting access through the switch to the network.
16 Enforcing Switch Security Network Access Security Secure Shell (SSH) SSH provides T eln et-like function s through encry pted, authenti cated transactions of the following types: ■ client public- key authentication: uses one or more publi c keys (from cli ents) that must be stored on the switch.
17 Enforcing Switch Security Network Access Security ■ source-port filters: Inbound traffic from a designated, physical source-port will be forwarded or dropped on a per -port (destination) basis.
18 Enforcing Switch Security Network Access Security Refer to the chap ter titled “Co n figuring Port-Based and Clie nt -Ba sed Access Control” in the Access Security Guide for your switch model.
19 Enforcing Switch Security Network Access Security keys.) KMS provides specific instances of ro uting protocols wit h one or more Send or Accept keys that must be active at the time of a reque st. Refer to the chapter titled “Key Management Sy stem” in the Access Security Guide for your switch model.
20 Clarifications and Updates Operating Notes for Jumbo Traffic-Handling Clarifications and Updates Operating Notes for Jumbo T raffic-Handling In the Management and Configuration Guide, (Oct.
21 Clarifications and Updates IGMP Command Update IGMP Command Update The following inf ormation upd ates and clarifies info rmation in Chapter 4, “M ultime dia T raffic Control with IP Multicast (IGMP)” in th e Advanced T raffic Management Guide —part number 5990-6051, September 2004 edition.
22 Clarifications and Updates General Switch Traffic Security Guideline Setting Fast-Leave and Forced Fast-Leave from the CLI. In earlier switch mod els, includ ing the 5300xl switches, fast-leave and fo rced fast-leave options for a port were configured with a le ngthy setmib command.
23 Clarifications and Updates The Management VLAN IP Address 4. Port security 5. Authorized IP Managers 6. Application features at higher l evels in the OSI model, such as SSH. (The above l ist does not add ress the mutual ly exclusiv e relationship that exists among some securi ty features.
24 Known Issues Rate-Limiting Known Issues Release M.10.17 The followin g is a known issue related to installa tion of Release M.10.17 software, which includes a required update to ROM version I.
25 Enhancements Release M.08.69 Enhancements Enhancements Enhancments are listed in chrono logical order , oldest to newest software release. T o review the l ist of enhancements i ncluded since th e last general rele ase that was published, b egin with “Release M.
26 Enhancements Release M.08.78 Enhancements Release M.08.78 Enhancements Using Fastboot T o Reduce Boot T ime The fastboot command allows a boot sequ ence that skip s the internal p ower -on self-tests, resulting in a faster boot ti me. For example: Release M.
27 Enhancements Release M.08.80 thr ough M.08.83 Enhancements The following sho ws a sample ou tput from this new command. Figure 2. Example rate display ou tput for ports Operating Notes ■ For each.
28 Enhancements Release M.08.84 Enhancements Release M.08.84 Enhancements Release M.08.84 includes th e following enhancement: Added the show tech transceivers comma nd to allow removable transceive r serial numbers to be read without removal of the tr ansceivers from the switch.
29 Enhancements Release M.08.89 Enhancements IP address of 10.10.100.27 is assigned a host name of accounts015 and another IP address of 10.10.100.33 is assigned a host name of sales021 , then the switch configured wit h the domain suffix evergreen.trees.
30 Enhancements Release M.08.89 Enhancements ■ The host’ s domain must be reachable f rom the swit ch. This requires that the DNS server for the switch must be able to co mmunicate with the DNS server(s) in the path to the domain in which the targ et host operat es.
31 Enhancements Release M.08.89 Enhancements Configuring a DNS Entry The switch allows one DN S server entry , which in cludes the DNS server IP address and the chosen domain name suffix. Config urin g the entry enables the use of ping and tracerou te with a target’ s host name instead of the target’ s IP address.
32 Enhancements Release M.08.89 Enhancements Figure 5. Example Netw ork Domain Configuring switch “A” with the dom ain name and the IP address of a DNS server for th e domain enables the switch to use host names assigned to IP addresses in th e domain to perform ping and traceroute actions on the devices in the domain.
33 Enhancements Release M.08.89 Enhancements Figure 7. Example of Pi ng and T raceroute Ex ecution for the Netw ork in Figure 5 on Pa ge 32 As mentioned un der “Basic Operat ion” on page 29 , if t.
34 Enhancements Release M.08.89 Enhancements Figure 9. Example of Viewing the Current DNS Co nfiguration Operating Notes ■ The DNS server must be accessible to the switch , but it is not nece ssary for any intermediate devices between the switch and t h e D N S s e r ve r t o b e c o nf i g u r ed to support DNS operation.
35 Enhancements Release M.08.89 Enhancements Event Log Messages Using SNMP T o View and Configure Switch Authentication Features In earlier software releases, SNMP MIB object a ccess has not been available for switch au thenti cation configuration (hpS witchAuth) features.
36 Enhancements Release M.08.89 Enhancements Security Notes Passwords and keys confi gured in the hp Switch Auth MI B are not returned via SNMP , and th e response to SNMP queries for such information is a null string. Ho wever , SNMP sets can be used to configure passwo rd an d key MIB objects.
37 Enhancements Release M.08.89 Enhancements For example, to disable SNMP access to the switch’ s authentication MIB and then display the result in the Excluded MIB field, you woul d execu te the fo ll owing two comm ands.
38 Enhancements Releases M.08.90 and M.08.91 Enhancements Figure 11. Using the show ru n Command to View the Current Authenticatio n MIB Access State Releases M.08.90 and M.08.91 Enhancements ■ The MSTP enhancement implementing the CLI command for sp anning-tree legacy-path-cost was included in releaseM.
39 Enhancements Releases M.08.90 and M.08.91 Enhancements The “legacy-path-cost” CLI comman d does not affe ct or replace functionality of the “spanning- tree force-version” command. The “spanning-tr ee force-version” controls whether MSTP will send and process 802.
40 Enhancements Releases M.08.90 and M.08.91 Enhancements Note Changing the QoS Pass-Thr ough Mode can be done without rebootin g the switch. Howe ver , the switch ports are toggled down and back up, allowing the Qo S queues to be reconfig ured. This may affect routing and sp anning tree operation.
41 Enhancements Releases M.08.90 and M.08.91 Enhancements QoS Pass-Through Mode SNMP MIB Object. A read-write MIB object, 1.3.6.1.4.1.11.2.14.11.5.1. 7.1.24.1, has been added to the ProCurve switch MI B. The QoS Pass-Through Mode can be changed using either an SNMP network management appl ication or the CLI setmib command.
42 Enhancements Release M.08.94 Enhancements The current QoS Pass-Thro ugh Mode also is displ ayed in the show running -config command output. Operating Notes ■ T o use the same QoS queue structure used in pre-M.08.78 software , se t the QoS Pass-Through Mode to balanced .
43 Enhancements Release M.08.94 Enhancements Example In the routin g switch shown belo w , option 82 has been configu red with mgmt-vlan for t he Remote ID. ProCurve(config)# dhcp-relay option 82 append mgmt-vlan The resulting effect on DHCP operation for clients X, Y , and Z is shown in Ta b l e 3 .
44 Enhancements Release M.08.94 Enhancements T able 3. DHCP Operation for th e T opology in Figure 12 Operating Notes ■ Routing is not allowed between the Manage ment VLAN and other V LANs. Thus, a DHCP server must be available in the Management VL AN if there are clie nts in the Manageme nt VLAN that require a DHCP server .
45 Enhancements Releases M.08.95 th rough M.10.01 Enhancements Releases M.08.95 throug h M.10.01 Enhancements Software fixes only; no new enhancements. Release M.08.96 Enhancements ■ Enabled use of login "Messa ge of the Day" (MOT D) banner .
46 Enhancements Release M.10.02 Enhancements ■ An ACL must be configured on the RADIUS ser ver (instead of the sw itch) by creating and assigning one or more Access Control Entrie s to the username/password pair or MAC address of the client f or which you want ACL support.
47 Enhancements Release M.10.02 Enhancements T able 4. Contrasting Dynamic a nd Static ACLs RADIUS-Based (Dynamic) ACLs Port-Based (Static) ACLs Operates on the 3400cl switches. Operates on both the 3400cl and 6400c l switches. Configured in client a ccounts on a RADIUS server .
48 Enhancements Release M.10.02 Enhancements T erminology ACE: See Access Control Entry , b elow . Access Control Entry (ACE): An ACE is a policy consisting of a packet-handling actio n and criteria to define the packets on which to apply th e action.
49 Enhancements Release M.10.02 Enhancements packet (from the authenticated c lient) that is no t explicitly permit ted or denied by ot her ACEs configured seq uentially earlier in the ACL. Unless otherwise no ted, “implicit deny IP any” refers to the “deny” act ion enforced by both standard and ex tended ACLs.
50 Enhancements Release M.10.02 Enhancements the client MAC ad dress is the select ion criteria, o n ly the client having that MAC address can use the correspondin g ACL. Wh en a RADIU S server authen ticates a client, it also assig ns the ACL configured with that client’ s cr edentials to the port.
51 Enhancements Release M.10.02 Enhancements Example. Suppose the ACL in Figure 3 is assigned to filt er the traffic from an authenticated client on a given port in the switch: Figure 3. Example of Seque ntial Comparison As shown above, the ACL tries to apply the first ACE in the list.
52 Enhancements Release M.10.02 Enhancements Figure 4. The Packet-Filteri ng Process in an ACL with N Entr ies (ACEs) Note The order in which an ACE oc curs in an ACL is significant.
53 Enhancements Release M.10.02 Enhancements For example, suppose you want to configure a RAD IUS-based ACL to invoke these policies in the 11.11.11.0 network: 1. Permit inbound client traf fic with a DA of 11.11.11.42. 2. Permit inbound T elnet traffic for DA 11.
54 Enhancements Release M.10.02 Enhancements General Steps These steps suggest a process for using ACLs to estab lish client access policies. The topi cs following this section provide details. 1. Determine the polices you want to e nforce for client traffic inbound o n the switch.
55 Enhancements Release M.10.02 Enhancements ■ Is it important to keep track of the number of matches for a particular client or ACE? If so, you can use the op tional cnt (counter) feature in ACEs wh ere you want to know this information. This is especially useful if you want to verify that the sw itch is denying unwanted cli ent packets.
56 Enhancements Release M.10.02 Enhancements ■ Explicitly Denying Any IP T raffic: Enter ing a deny in ip from any to any ACE in an ACL denies all IP traffi c not previously pe rmitted or denied by that ACL. Any ACEs listed after that point have no effect.
57 Enhancements Release M.10.02 Enhancements Limits for RADIUS-Bas ed ACLs, Associated ACEs, and Counters T a ble 5 describes limi ts the switch supports in ACLs applied by a RADIUS server . Exceeding a li mit causes the related client authentication to fail.
58 Enhancements Release M.10.02 Enhancements Configuring an ACL in a RADIUS Server This section provides general gu idelines for conf iguring a RADIUS server to specify RADIUS-based ACLs. Also include d is an example con figuration for a FreeRADIUS server application.
59 Enhancements Release M.10.02 Enhancements Figure 6. Example of Configuring the VSA for RADIUS-Based ACLs in a FreeRADIUS Server 2. Enter the switch IP address, NAS (Network Attached Server) type, and the key in the FreeRA- DIUS clients.con f file. For example, if the switch IP ad dress is 10.
60 Enhancements Release M.10.02 Enhancements Figure 8. Example of Configuring the FreeRADI US Server T o Support ACLs for the Indicated Clients Format Details for ACEs Configured in a RADIUS-Based ACL.
61 Enhancements Release M.10.02 Enhancements The following syntax and operating information refers to ACLs configured in a RAD IUS server . ACE Syntax: < permit | deny > in < ip | ip-protocol.
62 Enhancements Release M.10.02 Enhancements Configuring the Switch T o Support RADIUS-Based ACLs An ACL configured in a RADIUS server is identified by th e authenti cation credentials of the client or group of client s the ACL is designed to suppo rt .
63 Enhancements Release M.10.02 Enhancements 3. Configure an authentication method. Opt ions include 802.1X, W eb authentication, and MAC authentication. (Y ou can configure 802.1X and ei ther W eb or MAC authentication to operate simultaneously on the same ports.
64 Enhancements Release M.10.02 Enhancements Displaying the Current RADIUS-Based ACL Activity on the Switch These commands ou tput data indi cati ng the current ACL activity imposed pe r - port by RADIUS server responses to client auth entication.
65 Enhancements Release M.10.02 Enhancements Syntax: show port-a ccess authen ticato r < port-list > For ports,in < port-list > that are configured for authenti cation, this command indicates whether there are any RADIUS-assigned features active on the port(s).
66 Enhancements Release M.10.02 Enhancements Figure 10. Example of Output Show ing Current RADIUS-Applied Featu res Event Log Messages Message Meaning ACE parsing error, permit/deny keyword < ace-# > client < mac-address > port < port-# > .
67 Enhancements Release M.10.02 Enhancements Causes of Client Deauthenticati on Immediately After Authenticating ■ ACE formatted incorrectly in the RADIUS server • “from”, “any”, or “to” keyword missin g • An IP protocol number in the ACE exceeds 255.
68 Enhancements Release M.10.02 Enhancements • An ACE in the ACL for a given authen ticated client exceeds 8 0 characters. • An ACL assigned to an authenticat ed client causes the number of optional counters needed on the ACL t o exceed the per -ACL maximum (32).
69 Enhancements Release M.10.02 Enhancements Figure 13. Viewing sFlow Agent Information The show sflow destination command includes information about the management-station ’ s destina- tion address, receiver port, and owner .
70 Enhancements Release M.10.04 Enhancements Figure 15. Example of Viewing sFlow Sampling and Poll ing Information The show sflow all command combin es the outputs of the preceding three show commands including sFlow status information for all the ports on the switch.
71 Enhancements Release M.10.04 Enhancements Operating Notes ■ T o generate alerts for monitored events, you mu st enable the instrumentation monitoring log and/or SNMP trap . The threshold for each m onitored pa rameter is configurable and can be adjusted to minimize false alarms (see “Configuring Instru mentation Monito r” on page 73 ).
72 Enhancements Release M.10.04 Enhancements ■ Alerts are automatical ly rate limited to preven t filling t he log file wi th redundant information . The following is an example of alerts that o ccur when the device is continually subject to the same attack (too many MAC addresses in this instance): Figure 17.
73 Enhancements Release M.10.04 Enhancements Configuring Instrumentation Monitor The following commands and parameters are used to configure the op erational t hresholds that are monitored on the switch. By default, the instru mentation monitor is disabled.
74 Enhancements Release M.10.04 Enhancements Examples T o turn on monit oring and event log messaging with the default medium values: ProCurve(config)# instrumentation monitor T o turn off monit oring.
75 Enhancements Release M.10.04 Enhancements Figure 18. Viewing the Instrumentati on Monitor Configuration TCP/UDP Port Closure In earlier software re leases, cer tain UDP ports were always open .
76 Enhancements Release M.10.04 Enhancements Enabling/Disabling TFTP The TFTP server and client can be en ab led and/or disabl ed independently . Enabling/Disabling SNMP T o enable/disable SNMP , use the follow ing commands.
77 Enhancements Release M.10.04 Enhancements Note The router rip command exists in previous software versi ons. In this im plemen tation, however , RIP must be enabled in order to open the port on the switch. Enabling/Disabling Stacking T o enable/disable stacking, use the following command.
78 Enhancements Release M.10.04 Enhancements The following sho ws RSTP sample outp ut from the enhanced command. Figure 19. Example of Sh ow Spanning-T ree Detai l Operating Notes ■ TC refers to a T opology Ch ange detect ed on the given port.
79 Enhancements Release M.10.05 Enhancements • TC Flag Received counter shows the number of TC notifi cations (RSTP or MSTP styl e BPDU with the TC flag set) received on the port. • TC ACK Flag T ransmitted is an 802.1D mode counter . It will only increment when the port is operating in 802.
80 Enhancements Release M.10.07 Enhancements Release M.10.07 Enhancements Release M.10.07 includes the following enhancement: ■ Added support fo r PIM Dense Mode.
81 Enhancements Release M.10.09 Enhancements Figure 20. UDLD Example Similarly , UDLD is effective for moni toring fiber opt ic links that use t wo uni-direction f ibers to transmit and receive p ackets.
82 Enhancements Release M.10.09 Enhancements Configuration Considerations ■ UDLD is configure d on a pe r -po rt basis and must be ena bled at both ends of the link.
83 Enhancements Release M.10.09 Enhancements Enabling UDLD. UDLD is enabled on a per port basis. Fo r example, to enable UDLD on port a1, enter: T o enable the fe ature on a tru nk group, ente r the appropriate port rang e.
84 Enhancements Release M.10.09 Enhancements Notes ■ Y ou must configure the same VL ANs that will be used for UDLD on all devices across the network; otherwi se, the UDLD li nk cannot be mai ntained. ■ If a VLAN ID is not specifi ed, then UDLD cont rol packets are sent out of the port as unta gged packets.
85 Enhancements Release M.10.09 Enhancements Displaying Summary UDLD Information. T o display summar y information on all UDLD-e nabled ports, enter the show link-keepali ve command. Fo r example: Figure 21. Example of UDLD In formation displayed using Sh ow Link-Keepalive Com mand Port 5 has been disabled by the System Administr ator .
86 Enhancements Release M.10.09 Enhancements Displaying Detailed UDLDP Status Information. T o display detailed UDLD inform ation for specific ports, enter ente r the show link-keepalive sta tistics command.
87 Enhancements Release M.10.09 Enhancements Configuration W arnings and Event Log Messages W arning Messages. The fo llowing table shows the warn ing me ssages that may be issued and their possible causes, when UDLD is configured for tagged ports. T able 6.
88 Enhancements Release M.10.10 Enhancements Release M.10.10 Enhancements Release M.10.10 includes the following enhancement: Spanning T ree Per -Port BPDU Filtering The STP BPDU filter feat ure allows control of span ning-tree participat ion on a per -port basis.
89 Enhancements Release M.10.10 Enhancements Caution Ports configured with the BPDU filter mode remai n active (learning a nd forward frames); however , spanning-tree cannot receive or tr ansmit BPDUs on th e port. The port remains in a forwarding state, permitting all broadc ast traffic.
90 Enhancements Release M.10.10 Enhancements The show spanning-tree command has also been extended to display BP DU filtered ports. Figure 24. Example of BPDU Filtere d Ports Field in Show Spannin g T ree Command Viewing Configuration of BPDU Filtering The BPDU filter mode adds an en try to the spanning tree category within the config uration file.
91 Enhancements Releases M.10.11 th rough M.10.12 Enhancements Releases M.10.11 throug h M.10.12 Enhancements Software fixes only , no new enhancements. Release M.10.13 Enhancements Release M.10.13 includes the following enhancement: ■ Enhancement (PR_1000354065) - Added DHCP prot ection feature.
92 Enhancements Release M.10.17 Enhancements Figure 27. Example of BPDU Protecti on Enabled at the Netw ork Edge T erminology BPDU — Acronym f or bridge prot ocol data u nit. BP DUs are data messages that are exchanged between the switches within an extended LAN that use a spanning tree protocol topology .
93 Enhancements Release M.10.17 Enhancements STP — Spanning T ree Protocol, part of the original IEEE 802.1D specific ation. The 2004 edition completely deprecate s STP . Both RSTP and MSTP have fallback modes to handle STP . SNMP — Simple Netwo rk Management Protocol , us ed to remotely manage network devices.
94 Enhancements Release M.10.17 Enhancements Viewing BPDU Protection Status The show spanning-tree command has addition al informati on on BPDU prot ection as shown bel ow .
95 Enhancements Release M.10.21 Enhancements Release M.10.21 Enhancements Software fixes only , no new enhancements. Release M.10.22 Enhancements Release M.
96 Enhancements Release M.10.22 Enhancements T o display infor mation about por ts with loop protection, enter this co mmand. Figure 28. Example of Show Loop Protect Display [trap <loop-detec ted>] Allows you to configure l oop protection traps The “loop -detected” trap indicates that a loop was detected on a port.
97 Enhancements Release M.10.23 Enhancements Release M.10.23 Enhancements Release M.10.23 includes the following enhancement: ■ Enhancement (PR_100037980 4) — Historical in formation abou t MAC addresses that have been moved has b een added to the " show tech " command output.
98 Enhancements Release M.10.27 Enhancements Release M.10.27 Enhancements Release M.10.27 includes the following enhancement: ■ Enhancement (PR_1000374085 ) — This enhancement expands the use of the Controlled Directions parameter to also support MAC/ W eb authentication.
99 Enhancements Release M.10.27 Enhancements Notes : ■ The aaa port-access controlled-direction in comman d allows Wake-on-LAN traffic to be transmitted on a MAC-a uthenticate d outbound port that h.
100 Enhancements Release M.10.28 Enhancements Release M.10.28 Enhancements Software fixes only , no new enhancements. Release M.10.29 Enhancements Release M.
101 Enhancements Release M.10.32 Enhancements ■ The <hash-type> parameter specifies the type of algorithm (if any) used to hash the password. V alid values are pl aintext or sha-1 . ■ The <password> parameter is the clear ASCII text string or SHA-1 hash of the password.
102 Enhancements Release M.10.33 Enhancements T o schedule a reload in 3 hours: ProCurve# reload after 03:00 T o schedule a reload for the same time the following day: ProCurve# reload after 01:00:0 0.
103 Enhancements Release M.10.33 Enhancements ■ The port is temporarily assigned as a member of an untagged (static or dynamic) VLAN for use during the client session accor ding to the following order of options. a. The port joins the VLAN to which it has been a ssigned by a RADIUS server during client authentication.
104 Enhancements Release M.10.33 Enhancements When the authenticatio n session ends, the switch removes the temporary untagged VLAN assignment and re-activates the temporar ily disabled, untagged VLAN assignment.
105 Enhancements Release M.10.33 Enhancements Figure 8. Example of an Active VLAN Configuration In Figure Figure 8 , if RADIUS authorizes an 802.1X client on port A2 with the requirement that the client use VLAN 22, then: ■ VLAN 22 becomes av ailable as Untagged on port A2 for the duration of the session.
106 Enhancements Release M.10.33 Enhancements Figure 10. Active Configurati on for VLAN 33 T e mporarily Drops Port 22 for the 802.1X Session When the 802.
107 Enhancements Release M.10.33 Enhancements Enabling the Use of GVRP-Learned Dy namic VLANs in Authentication Sessions Syntax: aaa port-acce ss gvrp-vlans Enables the use of dynamic VLA Ns (learned through GVRP) in the temporary untagged VLAN assigned by a RADIUS server on an authenticated port in an 802.
108 Enhancements Release M.10.34 Enhancements Release M.10.34 Enhancements Release M.10.34 includes the following enhancement: ■ Enhancement (PR_100041274 7) — T ACACS+ Single Sign -on for Administrators Concurrent T ACAS+ and SFTP It is now possi ble to have SFTP/SCP sessi ons run concurr ently with T ACACS+ authentication.
109 Enhancements Release M.10.35 Enhancements Release M.10.35 Enhancements Release M.10.35 includes the following enhancement: ■ Enhancement (PR_100041992 8) — The Dynamic ARP Protection feature was added.
110 Enhancements Release M.10.35 Enhancements • If a bind ing is inv alid, the swit ch drops th e packet, pr eventing ot her netwo rk device s from receiving the invalid IP-to-MAC information. DHCP snooping intercepts and examines DHCP packets received on switch ports before forwarding the packets.
111 Enhancements Release M.10.35 Enhancements Configuring T rusted Ports In a similar way to DHCP snooping, dynamic ARP p rotection allows yo u to configure VLAN interfaces in two categories: trusted and untrusted ports. ARP packets recei ved on trusted ports are forwarded without valid ation.
112 Enhancements Release M.10.35 Enhancements T o configure one or more Et hernet interfaces t hat handle VLAN traffic as trusted por ts, enter the arp protect trust command at the global config uration level. The switch does not check ARP requests and responses received on a trusted port.
113 Enhancements Release M.10.35 Enhancements An example of the ip source binding command is shown here: ProCurve(config)# ip source binding 0030c1-7f49c0 interface vlan 100 10.10.20.1 interface A4 Note Note that the ip source bi nding comman d is the same command used by the Dynamic IP Lockdown feature to configure static bi nd ings.
114 Enhancements Release M.10.35 Enhancements V erifying the Configuration of Dynamic ARP Protection T o display the current configu ration of dynamic ARP prot ection, includ ing the additional validation checks and the trusted ports th at are conf igured, ente r the show arp protect command: Figure 13.
115 Enhancements Release M.10.36 Enhancements Monitoring Dynamic ARP Protection When dynamic ARP protecti on is enabled, yo u can monitor and troub leshoot the vali dation of ARP packets with the debug arp protect command.
116 Enhancements Release M.10.37 Enhancements Configuring MSTP Port Connectivity Parameters W ith release K.12.04, all ports are configured as auto-edge-ports by defaul t, and the spanning tree edge-port option has been removed. This section describes selected spanning-tree < port-list > com- mand parame ters for enhanc ed operation.
117 Enhancements Release M.10.37 Enhancements [root-guard] MSTP only . When a port is enabled as root-guard , it cannot be sel ected as the root port even if it receives superior STP BPDU s. The port is assi gned an “alternate” port role and enters a bloc king state if it receives superior STP BPDUs.
118 Enhancements Release M.10.38 Enhancements Release M.10.38 Enhancements Release M.10.38 includes the following enhancement: ■ Enhancement (PR_100042864 2) — SNMP v2c describes two different notification-type PDUs: traps and info rms. Prior to thi s software release, only the tr aps sub-type was supported.
119 Enhancements Release M.10.38 Enhancements Send SNMP v2c Informs Enabling and Configuring SNMP Informs Y ou can use the snmp-server informs command (SNMPv2c and SNMPv3 ve rsions) to send notificatio ns when certain events occur . When an SNMP Manager receives an informs request, it can send an SNMP response back to the sending agent.
120 Enhancements Release M.10.39 Enhancements Y ou can see if informs are enabled or disabled with the show snmp-server command as shown in Figure 11. Figure 11.
121 Enhancements Release M.10.39 Enhancements ■ Enhancement (PR_100042821 3) — This software enhancement adds the ability to configure a secondary authenti cation method to be used when the RADIUS server is unavailable for the primary port-access method.
122 Enhancements Release M.10.39 Enhancements Y ou can config ure local , chap-radius or eap -radius as the primary passwor d authentication method for the port-access method. Y o u also need to select none or au thorized as a secondary , or backup, method.
123 Enhancements Release M.10.39 Enhancements Figure 12. Example of AAA Authent ication Using Authorized for the Sec ondary Authenticatio n Method Specifying the MAC Address Format The MAC address for.
124 Enhancements Release M.10.39 Enhancements ■ Enhancement (PR_100041515 5) — The ARP age timer was e nhanced from the previous limit of 240 minut es to allow for configu ration of values up to 1440 minutes (24 hours) or "infinite" (99,999,999 seconds or 3.
125 Enhancements Release M.10.39 Enhancements Y ou can also view the value of the Ar p Age timer in the configuration file. Figure 15. Example Showin g ip arp-age Value in the Running Config File Y ou can set or display the arp-age value using the menu interface ( Menu > Switch Configuration > IP Config ).
126 Enhancements Release M.10.40 Enhancements If the ARP cache should b ecome full beca use entries are not clear ed (due to increased time out limits) you can use the clear arp command to remove all non-perm anent entr ies in the ARP cache. T o remove a specific entry in th e ARP cac he, enter this command: Release M.
127 Enhancements Release M.10.43 Enhancements Protection Agai nst IP Source Addr ess Spoofing Many network attacks occur when an attacker injects pac kets with fo rged IP source addresses into the network. Also, some ne twork service s use the IP source address as a component in their authentication schemes.
128 Enhancements Release M.10.43 Enhancements Prerequisite: DHCP Snoo ping Dynamic IP lockdo wn requires th at you enable DHCP snooping as a prerequisite for its operation on ports and VLAN traffic : .
129 Enhancements Release M.10.43 Enhancements In this ex ample, the f ollowing DHCP leases have been learned by DHCP snooping on port 5. VLANs 2 and 5 are enabled for DHCP snooping.
130 Enhancements Release M.10.43 Enhancements Enabling Dynamic IP Lockdown T o enable dynamic IP lockdow n on all ports or specified port s, enter the ip source-lockdown command at the global configuration level. Use th e no form of th e command to di sable dynamic IP lockdown.
131 Enhancements Release M.10.43 Enhancements • Remove the trusted-por t configuration. ■ Y ou can config ure dynamic IP lo ckdown only from the CLI; this feature cannot be configured from the W eb ma nagement or menu interface. ■ If you enable dynamic IP lo ckdown on a po rt, you cannot add th e port to a trunk.
132 Enhancements Release M.10.43 Enhancements Adding a Static Binding T o add the static configur ation of an IP-to-MAC binding for a port to the lease database, enter the ip source-binding command at the global configura tion level. Use the no form of the command to remove the IP-to-MAC binding from the database.
133 Enhancements Release M.10.43 Enhancements An example of the show i p source-lockdown status command output is sho wn in Figure 20. Note that the operational status of all swit ch ports is displayed. This info rmation indicates wheth er or not dynamic IP lock down is support ed on a port.
134 Enhancements Release M.10.43 Enhancements Figure 21. Example of show ip source-lockdow n bindings Command Out put In the show ip source-loc kdown bindings command output, the “Not in HW” co lu.
135 Enhancements Release M.10.44 thr ough M.10.64 Enhancements Figure 22. Example of debu g dynamic-ip-lo ckdown Command Outp ut Release M.10.44 throug h M.10.64 Enhancements Software fixes only , no new enhancements. ProCurve(config)# debug dynamic-ip- lockdown DIPLD 01/01/90 00:01:25 : denied ip 192.
136 Enhancements Release M.10.65 Enhancements Release M.10.65 Enhancements Release M.10.65 includes the following enhancement: ■ Enhancement (PR_000000131 6) — The MSTP VLAN Assignment is enhanced. MSTP VLAN Configuration Enhancement Caution When this software version is installed, the prior VLAN ID-to-MS TI mappings do no t change.
137 Enhancements Release M.10.65 Enhancements All switches in a region must be configur ed wi th the same VLAN ID-to- MSTI mappings and the same MSTP configurati on identifiers (region name and revision number).
138 Enhancements Release M.10.65 Enhancements Each MST instance supports a differ ent set of VLANs. A VLAN t hat is mapp ed to an MST instance cannot be a member of another MST instance. The MSTP VLAN Configuration enhancement allows yo u to ensure that the same VLAN ID-to-MSTI assignments exist on each MSTP switch in a region.
139 Enhancements Release M.10.65 Enhancements Figure 23. Example of Mapping VLANs wi th the Range Option where all VLANs a re Included Note If you want all switches to be in the same MST region, they should all have a softwa re version that supports this enhancement installed, or have the same VLANS configured.
140 Enhancements Release M.10.66 Enhancements ■ If you enter the span ning-tree instance vlan command be fore a static or dyna mic VLAN is configured on the switch to preconfigure VL AN ID-to-MSTI mappings, no er ror message is displayed.
141 Enhancements Release M.10.66 Enhancements Adding a Description for a Syslog Serve r Y ou can associate a user -friendly description with each of the IP addresses ( IPv4 only) config ured for syslog using the CLI or SN MP . The CLI command is: Figure 29.
142 Enhancements Release M.10.66 Enhancements Figure 30. Example of the Logg ing Command with a Priority Description Note A notificat ion is sent to the SNMP age nt if there are any ch anges to the syslo g parameters eithe r through the CLI or with SNMP .
143 Enhancements Release M.10.67 Enhancements Release M.10.67 Enhancements Software fixes only , no new enhancements. Release M.10.68 Enhancements Release M.10.68 includes the following enhancement: ■ Enhancement (PR_0000003127 ) — A Link T rap and LACP Glob al enable/dis able feature has been ad ded.
144 Enhancements Release M.10.69 Enhancements hpSwitchLinkUpDownTrapAllPortsStatus OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } ACCESS read-write STATUS current DESCRIPTION “Used to either enable/disable the Link Up/Link Down traps for all the ports.
145 Software Fixes in Release M.08.51 - M.10.72 Release M.08.52 Software Fixes in Release M.08.51 - M.10.72 Software fixes are listed in chronological ord er , olde st to newest. T o review th e list of fixe s included since the last general release that was published, go to “Release M.
146 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.08.61 2. In show CDP the Yes is changed to Yes,(Receive Only) . ■ CLI (PR_1000192677) — Show access-list ports <tab> does not list the all keyword. The command only shows [PORT-LIST] as input for the command.
147 Software Fixes in Release M.08.51 - M.10.72 Release M.08.62 ■ W eb UI (PR_1000177915) — Device V iew from the W eb user interface is missing. ■ W eb UI/Port Security (PR_1000195894) — The W eb user interface does not allow the user to se lect mult iple ports w hen config uring po rt-security .
148 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.08.64 Release M.08.64 Problems Resolved in Re lease M.08.64 (Not a ge neral release ) ■ IP Routing (PR_100022 0668) — Fatal exception when routin g with more than 8 trunks configured and IP routing enabled.
149 Software Fixes in Release M.08.51 - M.10.72 Release M.08.68 Release M.08.68 Problems Resolved in Re lease M.08.68 (Not a ge neral release ) ■ Switching (PR_1000232 312) — In cases where traffic is be ing L2 switched or L3 routed from one port at Gigabit speeds to a gr oup of ports (i.
150 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.08.70 ■ Port Security (PR_1000203984) — CLI port-security "mac-address" comm and will save address above the limit. ■ SNMP (PR_1000212170) — The Switch tran smits W arm and Cold St art traps with an agent address of 0.
151 Software Fixes in Release M.08.51 - M.10.72 Release M.08.72 ■ LLDP (PR_1000241315) — CLI command "sho w LLDP" does not display info rmation correctly . ■ W eb Auth (PR_1000230444) — Using port-based web authenticati on on the Switch w ill cause some users to never rec eive the web auth entic ation screen.
152 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.08.75 Release M.08.75 Problems Resolved in Re lease M.08.75 ■ LR optic (PR_1000282195) — After a switch reboot, certain 10GbE X2-SC LR Optic (J8437A) transceivers will lose its configuratio n.
153 Software Fixes in Release M.08.51 - M.10.72 Release M.08.78 Release M.08.78 Problems Resolved in Re lease M.08.78 (Not a ge neral release ) ■ Enhancement (PR_100029180 6) — Fast boot enhancement. ■ MSTP (PR_1000286883) — Slow MSTP fail-over and fall-back ti me.
154 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.08.83 ■ RSTP (PR_1000300623) — Under some circumstances, the switch may allow packets to loop for an extended period of time.
155 Software Fixes in Release M.08.51 - M.10.72 Release M.08.87 ■ SNMP (PR_1000295753) — Removing 'public' SNMP co mmuni ty generates an empty Event Log message.
156 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.08.90 • RADIUS Configuration via SNMP . For details refer to “Using SNMP T o View and Configure Swit ch Authentication Feat ures” on page 35 .
157 Software Fixes in Release M.08.51 - M.10.72 Release M.08.93 Release M.08.93 Problems Resolved in Re lease M.08.93 (Not a ge neral release ) ■ Help (PR_100031771 1) — In the VLAN menu Help text , the word 'default' is spe lled incorrectly .
158 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.08.97 Release M.08.97 Problems Resolved in Re lease M.08.97 (Never released) ■ OSPF (PR_1000 319678) — Switch does not accept IP fragmented OSP F packets. Release M.10.01 Note: The M.10.xx so ftware releases r un only on the ProCurve 3400cl series.
159 Software Fixes in Release M.08.51 - M.10.72 Release M.10.04 ■ sFlow (PR_10003211 95) — A network m anagement applicati on may incorrectly report spikes in traff ic when sFlow is first re-ena bled. Release M.10.04 Problems Resolved in Re lease M.
160 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.07 ■ Stacking (PR_100031 1510) — When stacking is enabled, a stack member cannot be ‘pinged’ using the stack number .
161 Software Fixes in Release M.08.51 - M.10.72 Release M.10.09 Release M.10.09 Problems Resolved in Re lease M.10.09 ■ CLI (PR_1000317554) — Th e show version command does not display full minor versi on if it's three digits.
162 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.11 Release M.10.11 Problems Resolved in Re lease M.10.11 ■ Crash (PR_1000336436) — A “ get/put” operati on on config fil e via SCP crashes the box with an error message similar to : Software exception at ssh_alarm.
163 Software Fixes in Release M.08.51 - M.10.72 Release M.10.14 Release M.10.14 Problems Resolved in Re lease M.10.14 ■ CLI (PR_1000342461) — Comm and “ show lldp info remote <port nu mber> " reports incorrect information for remote management address.
164 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.17 ■ DHCP Protection (PR_1000360273) — DHCP Lease renewal packets received on an untrusted p ort are dropped. ■ DHCP Protection (PR_1000360254) — An entry with an expired lease i s not removed from the bind ing table.
165 Software Fixes in Release M.08.51 - M.10.72 Release M.10.21 ■ Enhancement (PR_1000358900 ) — A RADIUS accounti ng enhancement was made. More information about this enh ancement wi ll be made availab le in a future u pdate. Release M.10.21 Problems Resolved in Re lease M.
166 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.23 Release M.10.23 Problems Resolved in Re lease M.10.23 (Never released) ■ Crash (PR_1000362248) — While attempting t o configure " qos type-of-service diff-services " the switch may crash with a message similar to: Assertion failed: !VALUE_TOO_BIG_FOR_FIELD, file drvmem.
167 Software Fixes in Release M.08.51 - M.10.72 Release M.10.26 ■ STP/RSTP/MSTP (PR_1000386113) — In some cases STP/ RSTP/MSTP may allow a loop on 10-Gig ports, resultin g in a broadcast storm.
168 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.28 Release M.10.28 Problems Resolved in Re lease M.10.28 (Not a ge neral release ) ■ CLI/LLDP (PR_1000377191) — Output from the CLI command, " show lldp info remote- device <port> " shows a blank field for the chassis ID.
169 Software Fixes in Release M.08.51 - M.10.72 Release M.10.30 ■ T ransceiver hotswap (PR_1000 390888) — T ransceiv er hotswap issues: • Simultaneous hotswap of transceivers on bot h dual-personalit y ports will only detect a single change.
170 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.32 ■ RIP (PR_1000393366) — Th e switch does not process RIP (v2) responses containing subnets with a classful subnet mask , when the recei ving RIP switch has a co nnected VLSM network defined that would fall within that classful ra nge.
171 Software Fixes in Release M.08.51 - M.10.72 Release M.10.34 ■ Crash (PR_1000407542) — Atte mpting to chan ge the spannin g-tree protoco l version from STP to RSTP or MSTP may cause the switch .
172 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.36 ■ BPDU Protection (PR_1000 395569) — BPDU-protection fai ls after module hot-swap .
173 Software Fixes in Release M.08.51 - M.10.72 Release M.10.39 Release M.10.39 Problems Resolved in Re lease M.10.39 ■ Enhancement (PR_100042821 3) — This software enhancement adds the ability to configure a secondary authenti cation method to be used when the RADIUS server is unavailable for the primary port-access method.
174 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.42 ■ SCP (PR_1000428142) — The switch does not exit a s ecure copy protocol (SCP) session properly . Release M.10.42 No Problems Resolved in Release M. 10.42 (Never Released) Release M.
175 Software Fixes in Release M.08.51 - M.10.72 Release M.10.45 Release M.10.45 Problems Resolved in Re lease M.10.45 (Not a Public Release) ■ W eb-UI (PR_1000416955) — Inserting an LH GBIC into du al personality ports results in the LH ports not appear ing in the device vi ew .
176 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.48 • The switch does not send an appropriate exit status message to the client. This corrects the symptom that occurs in some appl ications, which reports a message simil ar to: Fatal error: Server unexpectedly closed connection.
177 Software Fixes in Release M.08.51 - M.10.72 Release M.10.50 through M.10.64 Routed traffic is off by a factor of 1000 Switched traffic is not sampled at all ■ Security (PR_10 00388616) — Possible cross-site scripting vulnerability in W eb Manage- ment Interface.
178 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.66 ■ Authentication (PR_1000454 714) — Concurrent 802.1X an d MAC Authentication does not give the 802.1X value precedence. This fix gives 802.1X VLAN assignment precedence over MAC Auth RADIU S VLAN assignment.
179 Software Fixes in Release M.08.51 - M.10.72 Release M.10.67 ■ CLI (1000415243) — Ou tput from the CL I command show na me still lists 10-GbE trans- ceiver names, even afte r the transceivers ar e removed and replace d with another type of transceiver .
180 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.68 ■ Crash (PR_0000004023) — Repeat ed PCM configuration scans using SSH/SCP may cause the switch to crash with a me ssage similar to the follow ing.
181 Software Fixes in Release M.08.51 - M.10.72 Release M.10.70 ■ PC Phone/Authentication (PR_0 000007209) — When an IP phone is used in tandem with a PC connect ed to the phone, if the ph one is moved to a tagged VLA N, some phone manufactures send some traffic to the switch untagged.
182 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.70 ■ Dynamic ARP Protection (PR_00000099 42) — When a switch using Dynamic ARP Protection is rebooted, it b locks all ARP traffi c on untrusted ports, includi ng traffic consi d- ered valid according to the binding database.
183 Software Fixes in Release M.08.51 - M.10.72 Release M.10.71 Release M.10.71 Problems Resolved in Re lease M.10.71 (Not a Public Release) ■ 802.1X (PR_0000014 842) — If an invalid number of cha.
184 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.72 ■ Config (PR_0000005002 ) — If a fr iendly port name us es the characters TRUNK=, then after a reload, all the trunking configuration will ha ve been removed from the configurat ion.
185 Software Fixes in Release M.08.51 - M.10.72 Release M.10.72 Drop offer from <DHCP server IP address> of <DHCP address offer> because the address is assigned to some other client Drop r.
186 Software Fixes in Rel ease M.08.51 - M.10.72 Release M.10.72 Message 2 (when an unauth-vid conf ig is attempted on a port with an existing 802.1 X unauth-vid ): Configuration change denied for port <number>.Only Web or MAC- authenticator can have unauthenticated VLAN enabled if 802.
© 2004 - 2009 Hewle tt-Packard Development Company , LP . The information contained herein is subject to change without notice. October 2009 Manual Part Number 5991-4764.
An important point after buying a device HP (Hewlett-Packard) 3400CL-24G (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought HP (Hewlett-Packard) 3400CL-24G yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data HP (Hewlett-Packard) 3400CL-24G - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, HP (Hewlett-Packard) 3400CL-24G you will learn all the available features of the product, as well as information on its operation. The information that you get HP (Hewlett-Packard) 3400CL-24G will certainly help you make a decision on the purchase.
If you already are a holder of HP (Hewlett-Packard) 3400CL-24G, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime HP (Hewlett-Packard) 3400CL-24G.
However, one of the most important roles played by the user manual is to help in solving problems with HP (Hewlett-Packard) 3400CL-24G. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device HP (Hewlett-Packard) 3400CL-24G along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center