Hp v1910 manual




















Page Otherwise, the network ensure that the paths are fault-free. HP Timer recommends you set the network diameter and then have Set the maximum length of time a Page Transmit Limit The larger the transmit limit is, the more network resources will be occupied.

HP recommends you to use the default value. Set whether or not the port migrates to the MSTP mode. You can set these ports as edge ports to achieve Edged Port fast transition for these ports.

HP recommends you to enable the BPDU guard function in conjunction with the edged port function to avoid network topology changes when the edge ports receive configuration BPDUs. If aggregate interfaces are configured on the device, the page displays a list of aggregate interfaces below the chassis front panel, and you can select aggregate interfaces from this list.

Page Field Description Path cost of the port. The field in the bracket indicates the standard used for port path cost calculation, which can be Legacy, dot1d, or dot1t. Designated bridge ID and port ID of the port.

Forward delay s Port state transition delay, in seconds. Max hops Maximum hops of the current MST region. Return to MSTP configuration task list. Page The Region tab Click Modify to enter the page shown in c. See d. Select the Instance option. To restore its port role as a boundary port, you need to restart the port.

Page Link Aggregation And Lacp Configuration Link aggregation and LACP configuration Ethernet link aggregation, or simply link aggregation, combines multiple physical Ethernet ports into one logical link, called an aggregate link. In an aggregate link, traffic is distributed across the member ports. Page Creating A Link Aggregation Group Dynamic aggregation group configuration task list Task Remarks Required Create a dynamic aggregate interface and configure member ports for the dynamic aggregation group Creating a link aggregation group automatically created by the system when you create the aggregate interface.

LACP is enabled automatically on all the member ports. Page Create a link aggregation group Configuration items of creating a link aggregation group Item Description Assign an ID to the link aggregation group to be created.

The Summary tab is displayed by default, as shown in a. Aggregation interface Bridge-Aggregation indicates a Layer 2 aggregate interface. Select the ports where the port LACP priority you set will apply on the chassis front panel. To view information about the partner port of a LACP-enabled port, select it in the port list, and then click View Details. If a port is selected, its state is active and the ID of the State aggregation group it belongs to will be displayed.

Page Network diagram for static link aggregation configuration Configuration procedure You can create a static or dynamic link aggregation group to achieve load balancing. Table 54 Approach 1: Create a static link aggregation group Create static link aggregation group 1. Approach 2: Create a dynamic link aggregation group Table 55 Create dynamic link aggregation group 1. To keep these configurations consistent, you should configure the port manually.

Page Lldp Configuration LLDP configuration Background In a heterogeneous network, it is important that different types of network devices from different vendors can discover one other and exchange configuration for interoperability and management sake.

To ensure compatibility, a standard configuration exchange platform was created. Page PVID of the sending port.

Protocol Identity Protocols supported on the port. Page How Lldp Works Management address The management address of a device is used by the network management system to identify and manage the device for topology maintenance and network management.

The management address is encapsulated in the management address TLV. The voice traffic is confined in the configured voice VLAN, and differentiated from other types of traffic. You can configure LLDP settings on ports individually or in batch. Page To configure LLDP settings on individual ports, click the icon for the port you are configuring.

Displays the LLDP enabling status on the port you are configuring. With the LLDP trapping function enabled on a port, traps are sent out the port to Trap Interval advertise the topology changes detected over the trap interval to neighbors.

By tuning this interval, you can prevent excessive traps from being sent when topology is instable. All endpoints that require the discovery service of LLDP belong to this category. The class II endpoint devices support the Device class media stream capabilities in addition to the capabilities of generic endpoint devices. Page The Port Setup tab Click the Global Setup tab. Click the Global Setup tab, as shown in f.

Page Igmp Snooping Querier After receiving the IGMP leave group message from a host, the IGMP querier resolves from the message the address of the multicast group that the host just left and sends an IGMP group-specific query to that multicast group through the port that received the leave group message.

After hearing the IGMP group-specific query, the switch forwards it through all its router ports in the VLAN and all member ports for that multicast group, and performs the following to the port before the member port aging timer of the port expires in case it is a dynamic member port Return to Configuration task list. HP recommends you to The port can be an Ethernet port or Layer-2 aggregate port.

After a port is selected, advanced features configured on this port are displayed at the lower part of this page. The detailed configuration steps are omitted. Select the Untagged radio button for Select membership type.

Page Click Apply to complete the operation. Click the Advanced tab. Upon receiving a packet, a router determines the optimal route based on the destination address and forwards the packet to the next router in the path. When the packet reaches the last router, it then forwards the packet to the destination host. Page Default Route Default route A default route is used to forward packets that match no entry in the routing table.

Without a default route, the packet is discarded. An IPv4 static default route has both its destination IP address and mask being 0. Interface You can select any available interface, for example, a virtual interface, of the device. Static route configuration example Network requirements The IP addresses of devices are shown in a. Type 1. Type 0. Page Configure a default route Configuration verification Display the active route table.

Enter the IPv4 route page of Switch A, Switch B, and Switch C respectively to verify that the newly configured static routes are displayed in the active route table. Page Precautions Precautions When configuring a static route, note the following: Table 73 If you do not specify the preference when configuring a static route, the default preference will be used.

Reconfiguration of the default preference applies only to newly created static routes. The web interface does not support configuration of the default preference. This facilitates configuration and centralized management.

Page Dhcp Options file: Bootfile name and path information, defined by the server to the client. It records the location information of the DHCP client. The administrator can locate the DHCP client to further implement security control and accounting. Therefore, a DHCP server must be available on each subnet, which is not practical.

DHCP relay agent solves the problem. Enable or disable unauthorized DHCP server detection. In the User Information field, click the User Information button to view static and dynamic bindings, as shown in a.

In the Server Group field, click Add and then perform the following operations, as shown in c. Return to DHCP snooping configuration task list. You can view trusted and untrusted ports in the Interface Config field. Click the icon of a specific interface to enter the page shown in a. You can enable or disable the services as needed. In this way, the performance and security of the system can be enhanced, thus secure management of the device can be achieved.

You can view this configuration item by clicking the expanding button in front of HTTP. Page Diagnostic Tools Diagnostic tools Ping The ping command allows you to verify whether a device with a specified address is reachable, and to examine network connectivity. Table 88 The source device determines whether the destination is reachable based on whether it receives an ICMP echo reply. Page Diagnostic Tool Operations Table 93 The process continues until the ultimate destination device is reached.

No application of the destination uses this UDP port. Table 94 When the source device receives the port unreachable ICMP error message, it knows that the packet has reached the destination, and it can get the addresses of all the Layer 3 devices involved to get to the destination device 1. Before performing the trace route operation on the Web interface, on the intermediate device execute the ip ttl-expires enable command to enable the sending of ICMP timeout packets and on the destination device execute the ip unreachables enable command to enable the sending of ICMP destination unreachable packets.

Page Type in the IP address or host name of the destination device in the Trace Route text box, and click Start to execute the trace route command. You will see the output in the Summary area, as shown in b.

Trace route operation result When the aging timer expires or the interface goes down, the corresponding dynamic ARP entry will be removed.

Select the Advanced Options checkbox to expand advanced configuration items, as shown in a. Page Click the Modify Port tab and then perform the following operations, as shown in b. The device can provide multiple features to detect and prevent such attacks. This chapter mainly introduces these features.

Page Architecture of Access control methods HP implements port-based access control as defined in the Page Configuring After a user in the guest VLAN passes By default, Required Error!

Reference source not Enable Page Item Description Specify the authentication method for If the device receives no response before this timer TX-Period expires, it retransmits the request. Only Page Configuration Examples Item Description Specify whether to enable the online user handshake function. The online user handshake function checks the connectivity status of online The network access device sends handshake messages to online users at the interval specified by the Handshake Period setting.

If no response is received from an online user after the maximum number of handshake attempts set by the Retry Times setting has been made, the network access device sets the HandShake Page All users belong to default domain test.

The IP addresses of the servers are Page Global Enable and configure In the Ports With Page Enter the primary server IP address Select the Authentication tab. A configuration progress dialog box appears, as shown in i. Page Select Accounting Server as the server type. A configuration progress dialog box appears, as shown in g.

Page Enter as the ACL number. Select the Advanced Setup tab. Page Select Deny as the operation action. Click Add to finish the operation. Page Ping operation summary It can provide the following security functions: Authentication—Identifies users and determines whether a user is valid.

A NAS determines the ISP domain a user belongs to by the username entered by the user at login, and controls access of the user based on the AAA methods configured for the domain. Domain Name You can type a new domain name to create a domain, or specify an existing domain to change its status whether it is the default domain.

Specify whether to use the ISP domain as the default domain. For security, do not use this mode whenever possible. Accounting When no accounting server is available or communication with the accounting servers Optional fails, this feature allows users to use network resources and stops the switch from sending real-time accounting updates for the users.

AAA configuration example Network requirements As shown in a, configure the switch to perform local authentication, authorization, and accounting for Telnet users.

Page Configure a local user Enter telnet as the username. Configure the ISP domain to use local authorization. Configure the ISP domain to use local authorization Select the domain test. A configuration progress dialog box appears. It can protect networks against unauthorized access and is often used in network environments where both high security and remote user access are required.

Table The user stops access to network resources. It ensures the smooth message exchange between the RADIUS server and the client through a series of mechanisms, including the timer management mechanism, retransmission mechanism, and slave server mechanism.

Page Table The Identifier field 1 byte long is used to match request packets and response packets and to detect duplicate request packets. Request and response packets of the same type have the same identifier. Table The Length field 2 byte long indicates the length of the entire packet, including the Code, Identifier, Length, Authenticator, and Attribute fields.

As shown in a, a sub-attribute that can be encapsulated in Attribute 26 consists of the following parts: Vendor-ID—Indicates the ID of the vendor. If the IP address of the primary server is not specified or the specified IP address is to be removed, the status is blocked. Page Item Description Set the maximum number of transmission attempts. Timeout Retransmission Times The product of the timeout value and the number of retransmission attempts cannot exceed Set the real-time accounting interval, whose value must be n times 3 n is an integer.

To implement real-time accounting on users, it is necessary to set the real-time accounting interval. Page Users Users This module allows you to configure local users and user groups. Local user A local user represents a set of user attributes configured on a device such as the user password, service type, and authorization attribute , and is uniquely identified by the username.

For a user requesting a network service to pass local authentication, you must add an entry as required in the local user database of the device. Page Local user configuration page Local user configuration items Item Description Username Specify a name for the local user. Password Specify and confirm the password of the local user. The settings of these two fields must be the same. Confirm Select a user group for the local user.

Page Specify the ACL to be used by the access device to control the access of users of the user group after the users pass authentication.

Specify the user profile for the user group. Page Pki Configuration PKI configuration PKI overview The Public Key Infrastructure PKI is a hierarchical framework designed for providing information security through public key technologies and digital certificates and verifying the identities of the digital certificate owners.

PKI employs digital certificates, which are bindings of certificate owner identity information and public keys. It allows users to obtain certificates, use certificates, and revoke certificates. Page Applications Of Pki PKI architecture Entity An entity is an end user of PKI products or services, such as a person, an organization, a device like a router or a switch, or a process running on a computer.

Ethernet link aggregation, or simply link aggregation, combines multiple physical Ethernet ports into one logical link, called an aggregate link.

Link aggregation delivers the following benefits:. In an aggregate link, traffic is distributed across the member ports.

The member ports dynamically back up one another. It can both used for rack mounting and desktop operation, supporting QoS traffic prioritization and security features such as In addition, it also has the following features:. Simple Web management: intuitive Web GUI allows for easy management of device by even nontechnical users;. Layer 3 static routing: provides manually configured routing; includes ECMP capability.

To avoid any equipment damage or bodily injury caused by improper use, be sure to observe the following requirements before installing the HP VG JEA switch:. You can mount it in a rack or on a workbench;.



0コメント

  • 1000 / 1000