HP 6125-CMW520-R2106 Release Notes
Page 15
Upgrading from the CLI This section uses a two-member IRF fabric as an example to describe how to the IRF fabric through which the user logs in user view to upgrade their software. display irf Switch Role Priority CPU-Mac Description *+1 Master 5 0023-8927-afdc ----- 2 Slave 1 0023-8927-af43 ...or the console port (details not shown). 2. For the compatibility between the system software and BootWare, see the installation guide and IRF configuration guide for the HP 6125 Blade switch series. Log in any view to identify the number of IRF members, and the role and IRF member...
Upgrading from the CLI This section uses a two-member IRF fabric as an example to describe how to the IRF fabric through which the user logs in user view to upgrade their software. display irf Switch Role Priority CPU-Mac Description *+1 Master 5 0023-8927-afdc ----- 2 Slave 1 0023-8927-af43 ...or the console port (details not shown). 2. For the compatibility between the system software and BootWare, see the installation guide and IRF configuration guide for the HP 6125 Blade switch series. Log in any view to identify the number of IRF members, and the role and IRF member...
HP 6125G & 6125G/XG Blade Switches IRF Configuration Guide-R2103
Page 22
...; quit • return • system-view • debugging • terminal debugging • terminal logging • terminal monitor • terminal trapping Perform the following task in user view: Task Log in to , for example, . For BFD MAD, this task is required for a member switch: 18 Configuring a member switch description You can configure... log in to the IRF fabric This task is optional. • Remote login-Remotely log in at a Layer 3 Ethernet interface on login in Fundamentals Configuration Guide. For more information, see the chapter on any other management purpose.
...; quit • return • system-view • debugging • terminal debugging • terminal logging • terminal monitor • terminal trapping Perform the following task in user view: Task Log in to , for example, . For BFD MAD, this task is required for a member switch: 18 Configuring a member switch description You can configure... log in to the IRF fabric This task is optional. • Remote login-Remotely log in at a Layer 3 Ethernet interface on login in Fundamentals Configuration Guide. For more information, see the chapter on any other management purpose.
HP 6125G & 6125G/XG Blade Switches IRF Configuration Guide-R2103
Page 26
...dedicated network scenarios. Command system-view Remarks N/A 22 can be enabled. ARP, see Layer 2-LAN Switching Configuration Guide. • Suitable for transmitting user traffic. cannot be used , every IRF member must be configured on both static and dynamic aggregate interfaces, it... settings also on the intermediate device. For information about BFD, see High Availability Configuration Guide. • • No intermediate device is LACP dependent. Requires an intermediate HP device that are geographically close to avoid false detection of IRF split. • Use...
...dedicated network scenarios. Command system-view Remarks N/A 22 can be enabled. ARP, see Layer 2-LAN Switching Configuration Guide. • Suitable for transmitting user traffic. cannot be used , every IRF member must be configured on both static and dynamic aggregate interfaces, it... settings also on the intermediate device. For information about BFD, see High Availability Configuration Guide. • • No intermediate device is LACP dependent. Requires an intermediate HP device that are geographically close to avoid false detection of IRF split. • Use...
HP 6125G & 6125G/XG Blade Switches IP Multicast Configuration Guide-R2103
Page 58
...you configure a VLAN as a multicast VLAN and configure user VLANs as a multicast VLAN. For more information about IGMP snooping, router ports, and member ports, see Layer 2-LAN Switching Configuration Guide. Multicast VLAN configuration task list Task Configuring a sub-...VLAN-based multicast VLAN Configuring a port-based multicast VLAN Configuring user port attributes Configuring multicast VLAN ports Remarks Required Use either...
...you configure a VLAN as a multicast VLAN and configure user VLANs as a multicast VLAN. For more information about IGMP snooping, router ports, and member ports, see Layer 2-LAN Switching Configuration Guide. Multicast VLAN configuration task list Task Configuring a sub-...VLAN-based multicast VLAN Configuring a port-based multicast VLAN Configuring user port attributes Configuring multicast VLAN ports Remarks Required Use either...
HP 6125G & 6125G/XG Blade Switches IP Multicast Configuration Guide-R2103
Page 68
...; MBGP routing table-Contains multicast routing information. • Static multicast routing table-Contains the RPF routing information defined by the user through static configuration. If a router supports multiple multicast protocols, its unicast routing table, MBGP routing table, and static multicast ... of different multicast routing protocols forms a general multicast routing table. • Multicast forwarding table-The multicast forwarding table guides the forwarding of multicast packets. MBGP multicast routing table and static multicast routing table are used for an RPF check is...
...; MBGP routing table-Contains multicast routing information. • Static multicast routing table-Contains the RPF routing information defined by the user through static configuration. If a router supports multiple multicast protocols, its unicast routing table, MBGP routing table, and static multicast ... of different multicast routing protocols forms a general multicast routing table. • Multicast forwarding table-The multicast forwarding table guides the forwarding of multicast packets. MBGP multicast routing table and static multicast routing table are used for an RPF check is...
HP 6125G & 6125G/XG Blade Switches IP Multicast Configuration Guide-R2103
Page 252
NOTE: If you configure a VLAN as an IPv6 multicast VLAN, and configure user VLANs as an IPv6 multicast VLAN. Configuration procedure In this approach, you have configured both sub-VLAN-based IPv6 multicast VLAN and port-...IPv6 multicast VLAN. IPv6 multicast VLAN configuration task list Configuration task Configuring a sub-VLAN-based IPv6 multicast VLAN Configuring a port-based IPv6 multicast VLAN Configuring user port attributes Configuring IPv6 multicast VLAN ports Remarks Required. To configure a sub-VLAN-based IPv6 multicast VLAN: Step 1. Use either approach. For more ...
NOTE: If you configure a VLAN as an IPv6 multicast VLAN, and configure user VLANs as an IPv6 multicast VLAN. Configuration procedure In this approach, you have configured both sub-VLAN-based IPv6 multicast VLAN and port-...IPv6 multicast VLAN. IPv6 multicast VLAN configuration task list Configuration task Configuring a sub-VLAN-based IPv6 multicast VLAN Configuring a port-based IPv6 multicast VLAN Configuring user port attributes Configuring IPv6 multicast VLAN ports Remarks Required. To configure a sub-VLAN-based IPv6 multicast VLAN: Step 1. Use either approach. For more ...
HP Networking guide to hardening Comware-based devices
Page 11
... server is critical that reside in the Network Management and Monitoring Command Reference Guide. Fortifying Simple Network Management Protocol This section highlights several methods that are permitted... HWTACACS authentication/authorization servers to achieve redundancy. You can use of SNMP within HP Comware devices. SNMP community strings with network security policies. Community strings should be... been chosen to clearly explain the use the password control function to secure user passwords. Authentication fallback If all passwords, should be carefully chosen to ensure...
... server is critical that reside in the Network Management and Monitoring Command Reference Guide. Fortifying Simple Network Management Protocol This section highlights several methods that are permitted... HWTACACS authentication/authorization servers to achieve redundancy. You can use of SNMP within HP Comware devices. SNMP community strings with network security policies. Community strings should be... been chosen to clearly explain the use the password control function to secure user passwords. Authentication fallback If all passwords, should be carefully chosen to ensure...
HP Networking guide to hardening Comware-based devices
Page 12
...EngineID: 800063A203000FE2000002 # Note that are a security feature that they require. When appropriate, you are advised to use views to limit SNMP users to the permissions that if the engine ID is located in the system group: # snmp-agent mib-view included VIEW-SYSTEM-ONLY system... For more information, see the snmp-server community command in "SNMP" in the Network Management and Monitoring Command Reference Guide. This command configures an HP Comware device for SNMPv3 with an SNMP server group AUTHGROUP and enables only authentication for handling SNMP packets. An authoritative ...
...EngineID: 800063A203000FE2000002 # Note that are a security feature that they require. When appropriate, you are advised to use views to limit SNMP users to the permissions that if the engine ID is located in the system group: # snmp-agent mib-view included VIEW-SYSTEM-ONLY system... For more information, see the snmp-server community command in "SNMP" in the Network Management and Monitoring Command Reference Guide. This command configures an HP Comware device for SNMPv3 with an SNMP server group AUTHGROUP and enables only authentication for handling SNMP packets. An authoritative ...
HP Networking guide to hardening Comware-based devices
Page 13
... syslog server: # info-center loghost # For more information, see "Information Center" in the Network Management and Monitoring Command Reference Guide. The system-view configuration command info-center source default channel loghost log level is generated by UDP and in the Network Management and... across network devices more information, see "Information Center" in cleartext. # This command configures an SNMPv3 user snmpv3user with visibility into the operation of an HP Comware device and the network into which logging messages are sent to remote syslog servers. Note that can...
... syslog server: # info-center loghost # For more information, see "Information Center" in the Network Management and Monitoring Command Reference Guide. The system-view configuration command info-center source default channel loghost log level is generated by UDP and in the Network Management and... across network devices more information, see "Information Center" in cleartext. # This command configures an SNMPv3 user snmpv3user with visibility into the operation of an HP Comware device and the network into which logging messages are sent to remote syslog servers. Note that can...
HP Networking guide to hardening Comware-based devices
Page 17
...1027. Proxy ARP is the technique in the Network Management and Monitoring Configuration Guide and Command Reference Guide. An attacker can be accurately correlated. NTP access control-Configure the access ... are several disadvantages to utilizing proxy ARP. Please see "NTP" in the HP product documentation. ICMP unreachable message generation can result in an increase in the .... The access control right mechanism provides only a minimum degree of memory. A malicious user can help machines on this feature can exhaust all network devices with the local time zone...
...1027. Proxy ARP is the technique in the Network Management and Monitoring Configuration Guide and Command Reference Guide. An attacker can be accurately correlated. NTP access control-Configure the access ... are several disadvantages to utilizing proxy ARP. Please see "NTP" in the HP product documentation. ICMP unreachable message generation can result in an increase in the .... The access control right mechanism provides only a minimum degree of memory. A malicious user can help machines on this feature can exhaust all network devices with the local time zone...
HP Networking guide to hardening Comware-based devices
Page 18
...to be passed to the CPU for which results in CPU processing. • ICMP unreachables Packets that result in the Fundamentals Configuration Guide. The display fib command can therefore affect the operation of the control plane: • IP options Any IP packets with the ...2001 rule permit source 192.168.1.26 0 # user-interface vty 0 4 acl [ ipv6 ] acl-number { inbound | outbound } # 18 Limiting the CPU impact of control plane traffic Protecting the control plane is data plane traffic with a destination beyond the HP Comware device itself. Some multicast traffic or broadcast ...
...to be passed to the CPU for which results in CPU processing. • ICMP unreachables Packets that result in the Fundamentals Configuration Guide. The display fib command can therefore affect the operation of the control plane: • IP options Any IP packets with the ...2001 rule permit source 192.168.1.26 0 # user-interface vty 0 4 acl [ ipv6 ] acl-number { inbound | outbound } # 18 Limiting the CPU impact of control plane traffic Protecting the control plane is data plane traffic with a destination beyond the HP Comware device itself. Some multicast traffic or broadcast ...
HP Networking guide to hardening Comware-based devices
Page 24
... is the least important of ICMP redirects be disabled. Because of the threat posed by HP Comware software includes an authentication capability using either MD5 or plain text. However, within the... the data plane is important to perform a man-in-the-middle attack and intercept all user traffic that you are acting as shown in an elevated CPU load. The use of packets...that can allow an attacker to protect the management and control planes in the High Availability Configuration Guide. Features such as a fake device to an IP destination. ICMP redirects are many ICMP redirect...
... is the least important of ICMP redirects be disabled. Because of the threat posed by HP Comware software includes an authentication capability using either MD5 or plain text. However, within the... the data plane is important to perform a man-in-the-middle attack and intercept all user traffic that you are acting as shown in an elevated CPU load. The use of packets...that can allow an attacker to protect the management and control planes in the High Availability Configuration Guide. Features such as a fake device to an IP destination. ICMP redirects are many ICMP redirect...
HP Networking guide to hardening Comware-based devices
Page 29
... be utilized to mitigate ARP poisoning attacks on how to ingress traffic at network boundaries as servers or printers that use the user data generated by applying outbound ACLs that is "firewall packet-filter" interface 29 ARP packets that utilize known unused and untrusted ...against attacks that are received on trusted interfaces are applied to configure ARP Detection, see "ARP Attack Protection" in the Security Configuration Guide. Spoofing can use manually configured IP addresses. This ACL is applied in traffic originating from the local network by the 802.1x ...
... be utilized to mitigate ARP poisoning attacks on how to ingress traffic at network boundaries as servers or printers that use the user data generated by applying outbound ACLs that is "firewall packet-filter" interface 29 ARP packets that utilize known unused and untrusted ...against attacks that are received on trusted interfaces are applied to configure ARP Detection, see "ARP Attack Protection" in the Security Configuration Guide. Spoofing can use manually configured IP addresses. This ACL is applied in traffic originating from the local network by the 802.1x ...
HP 6125G & 6125G/XG Blade Switches Layer 2 - LAN Switching Configuration Guide-R2103
Page 35
...an existing MAC address is deleted on a device, the device writes related information about voice VLAN and OUI addresses, see Security Configuration Guide. For more information about MAC authentication, 802.1X, and secure MAC addresses in port security, see "Configuring a voice VLAN." Enter ...their MAC addresses. Enable MAC Information globally. Configuring MAC Information Overview Introduction to MAC Information To monitor a network, you can monitor users who are joining and leaving a network by default. When the timer set for blackhole MAC address, static MAC addresses, dynamic ...
...an existing MAC address is deleted on a device, the device writes related information about voice VLAN and OUI addresses, see Security Configuration Guide. For more information about MAC authentication, 802.1X, and secure MAC addresses in port security, see "Configuring a voice VLAN." Enter ...their MAC addresses. Enable MAC Information globally. Configuring MAC Information Overview Introduction to MAC Information To monitor a network, you can monitor users who are joining and leaving a network by default. When the timer set for blackhole MAC address, static MAC addresses, dynamic ...
HP 6125G & 6125G/XG Blade Switches Layer 2 - LAN Switching Configuration Guide-R2103
Page 93
...the MAC address table entries and ARP entries upon receiving TC-BPDUs, so that the device can directly connect to the user terminals (such as edge ports to allow rapid transition. Configuration restrictions and guidelines • TC snooping and STP are.... When a topology change of network topology. Disabled by default. For more information about BPDU tunneling, see Layer 3-IP Services Configuration Guide. Enable TC snooping. Configuring protection functions A spanning tree device supports the following protection functions: • BPDU guard • Root guard...
...the MAC address table entries and ARP entries upon receiving TC-BPDUs, so that the device can directly connect to the user terminals (such as edge ports to allow rapid transition. Configuration restrictions and guidelines • TC snooping and STP are.... When a topology change of network topology. Disabled by default. For more information about BPDU tunneling, see Layer 3-IP Services Configuration Guide. Enable TC snooping. Configuring protection functions A spanning tree device supports the following protection functions: • BPDU guard • Root guard...
HP 6125G & 6125G/XG Blade Switches Layer 2 - LAN Switching Configuration Guide-R2103
Page 121
..., see Security Configuration Guide. After configuring dynamic MAC-based VLAN on the device, you must configure the username-to-VLAN entries on hybrid ports. • With dynamic MAC-based VLAN assignment enabled, packets are delivered to the CPU for processing. When the user goes offline, the ...access authentication server. The packet processing mode has the highest priority and overrides the configuration of MAC learning limit and disabling of the user access devices. Do not enable this case, the port drops received packets instead of delivering them to the CPU. In this function...
..., see Security Configuration Guide. After configuring dynamic MAC-based VLAN on the device, you must configure the username-to-VLAN entries on hybrid ports. • With dynamic MAC-based VLAN assignment enabled, packets are delivered to the CPU for processing. When the user goes offline, the ...access authentication server. The packet processing mode has the highest priority and overrides the configuration of MAC learning limit and disabling of the user access devices. Do not enable this case, the port drops received packets instead of delivering them to the CPU. In this function...
HP 6125G & 6125G/XG Blade Switches Layer 2 - LAN Switching Configuration Guide-R2103
Page 168
.... 4. Selective QinQ allows adding different outer VLAN tags based on qinq transparent-vlan vlan-list the ports. To enable the switch to the user. To configure selective QinQ: Step Command 1. traffic behavior behavior-name 6. port link-type { hybrid | trunk } N/A • When the...is disabled on the ports. pass through QoS policies. system-view N/A 2. For more information about QoS policies, see ACL and QoS Configuration Guide. system-view 2. Return to tag packets with certain tags. 2. Specify an outer VLAN ID. Configure a traffic behavior to system view. ...
.... 4. Selective QinQ allows adding different outer VLAN tags based on qinq transparent-vlan vlan-list the ports. To enable the switch to the user. To configure selective QinQ: Step Command 1. traffic behavior behavior-name 6. port link-type { hybrid | trunk } N/A • When the...is disabled on the ports. pass through QoS policies. system-view N/A 2. For more information about QoS policies, see ACL and QoS Configuration Guide. system-view 2. Return to tag packets with certain tags. 2. Specify an outer VLAN ID. Configure a traffic behavior to system view. ...
HP 6125G & 6125G/XG Blade Switches Fundamentals Configuration Guide-R2103
Page 29
... the PC. On Windows Server 2008, Windows 7, Windows Vista, or some other operating system, obtain a third-party terminal control program first, and then follow the user guide or online help to the console port of modems. At the CLI, you are the same as described in through the console port, make sure...
... the PC. On Windows Server 2008, Windows 7, Windows Vista, or some other operating system, obtain a third-party terminal control program first, and then follow the user guide or online help to the console port of modems. At the CLI, you are the same as described in through the console port, make sure...
HP 6125G & 6125G/XG Blade Switches Fundamentals Configuration Guide-R2103
Page 51
... than the transmission rate of the modem connected to Figure 23 shows the configuration procedure in Windows XP HyperTerminal. For more information, see the modem user guide. 5.
... than the transmission rate of the modem connected to Figure 23 shows the configuration procedure in Windows XP HyperTerminal. For more information, see the modem user guide. 5.
HP 6125G & 6125G/XG Blade Switches Fundamentals Configuration Guide-R2103
Page 52
Figure 22 Dialing the number 8. At the default user view prompt , enter commands to configure the device or view the running status of that program to log in to the device. 7. To get help ... in this document. On Windows Server 2008, Windows 7, Windows Vista, or some other operating system, obtain a third-party terminal control program first, and follow the user guide or online help , enter ?. Dial the telephone number to establish a connection to and manage the device as prompted. Figure 23 Configuration page 9. NOTE: On Windows...
Figure 22 Dialing the number 8. At the default user view prompt , enter commands to configure the device or view the running status of that program to log in to the device. 7. To get help ... in this document. On Windows Server 2008, Windows 7, Windows Vista, or some other operating system, obtain a third-party terminal control program first, and follow the user guide or online help , enter ?. Dial the telephone number to establish a connection to and manage the device as prompted. Figure 23 Configuration page 9. NOTE: On Windows...