HP 6125-CMW520-R2106 Release Notes
Page 15
...Perform the display irf command in . Perform the dir command in user view to the IRF fabric through which the user logs in any view to identify the number of IRF members, ... space of each member switch. For more than two subordinate switches, repeat the steps for the HP 6125 Blade switch series. The Bridge MAC of the master switch. Identify the free Flash space... shown). 2. For the compatibility between the system software and BootWare, see the installation guide and IRF configuration guide for the subordinate switch to upgrade software from the CLI This section uses a two-...
...Perform the display irf command in . Perform the dir command in user view to the IRF fabric through which the user logs in any view to identify the number of IRF members, ... space of each member switch. For more than two subordinate switches, repeat the steps for the HP 6125 Blade switch series. The Bridge MAC of the master switch. Identify the free Flash space... shown). 2. For the compatibility between the system software and BootWare, see the installation guide and IRF configuration guide for the subordinate switch to upgrade software from the CLI This section uses a two-...
HP 6125G & 6125G/XG Blade Switches IRF Configuration Guide-R2103
Page 22
...; system-view • debugging • terminal debugging • terminal logging • terminal monitor • terminal trapping Perform the following task in user view: Task Log in to identify its physical location, or for a member switch: 18 Command system-view irf domain domain-id Remarks N/A By ...default, the domain ID of a subordinate switch, you are placed in user view, and the command prompt changes to the IRF fabric. Enter system view. 2. For more information, see the chapter on any other management...
...; system-view • debugging • terminal debugging • terminal logging • terminal monitor • terminal trapping Perform the following task in user view: Task Log in to identify its physical location, or for a member switch: 18 Command system-view irf domain domain-id Remarks N/A By ...default, the domain ID of a subordinate switch, you are placed in user view, and the command prompt changes to the IRF fabric. Enter system view. 2. For more information, see the chapter on any other management...
HP 6125G & 6125G/XG Blade Switches IRF Configuration Guide-R2103
Page 26
... one another. To configure LACP MAD: Step 1. Link aggregation is used , every IRF member must be an HP device that support extended LACP for transmitting user traffic. physical ports and Layer • If no MAD-dedicated physical ports or interfaces. mechanism is only suitable... device is required. • If no MAD dedicated • Spanning tree feature ports. cannot be enabled. ARP, see High Availability Configuration Guide. • • No intermediate device is LACP dependent. Enter system view. Configuring LACP MAD When you use LACP MAD, follow these guidelines...
... one another. To configure LACP MAD: Step 1. Link aggregation is used , every IRF member must be an HP device that support extended LACP for transmitting user traffic. physical ports and Layer • If no MAD-dedicated physical ports or interfaces. mechanism is only suitable... device is required. • If no MAD dedicated • Spanning tree feature ports. cannot be enabled. ARP, see High Availability Configuration Guide. • • No intermediate device is LACP dependent. Enter system view. Configuring LACP MAD When you use LACP MAD, follow these guidelines...
HP 6125G & 6125G/XG Blade Switches IP Multicast Configuration Guide-R2103
Page 58
Configuration procedure In this approach, you configure a VLAN as a multicast VLAN and configure user VLANs as sub-VLANs of the multicast VLAN. To configure a sub-VLAN-based multicast VLAN: Step 1. Configure the specified VLANs as sub-VLANs of the ... configured as a multicast VLAN and enter multicast VLAN view. 3. For more information about IGMP snooping, router ports, and member ports, see Layer 2-LAN Switching Configuration Guide. Multicast VLAN configuration task list Task Configuring a sub-VLAN-based multicast VLAN Configuring a port-based multicast VLAN Configuring...
Configuration procedure In this approach, you configure a VLAN as a multicast VLAN and configure user VLANs as sub-VLANs of the multicast VLAN. To configure a sub-VLAN-based multicast VLAN: Step 1. Configure the specified VLANs as sub-VLANs of the ... configured as a multicast VLAN and enter multicast VLAN view. 3. For more information about IGMP snooping, router ports, and member ports, see Layer 2-LAN Switching Configuration Guide. Multicast VLAN configuration task list Task Configuring a sub-VLAN-based multicast VLAN Configuring a port-based multicast VLAN Configuring...
HP 6125G & 6125G/XG Blade Switches IP Multicast Configuration Guide-R2103
Page 68
...MBGP routing table-Contains multicast routing information. • Static multicast routing table-Contains the RPF routing information defined by the user through static configuration. The router chooses the optimal route from the RPF neighbor arrived on the existing unicast routes, MBGP ... routing information of different multicast routing protocols forms a general multicast routing table. • Multicast forwarding table-The multicast forwarding table guides the forwarding of (S, G) entries. In addition, the RPF check mechanism also helps avoid data loops. If a router supports ...
...MBGP routing table-Contains multicast routing information. • Static multicast routing table-Contains the RPF routing information defined by the user through static configuration. The router chooses the optimal route from the RPF neighbor arrived on the existing unicast routes, MBGP ... routing information of different multicast routing protocols forms a general multicast routing table. • Multicast forwarding table-The multicast forwarding table guides the forwarding of (S, G) entries. In addition, the RPF check mechanism also helps avoid data loops. If a router supports ...
HP 6125G & 6125G/XG Blade Switches IP Multicast Configuration Guide-R2103
Page 252
... attributes Configuring IPv6 multicast VLAN ports Remarks Required. NOTE: If you configure a VLAN as an IPv6 multicast VLAN, and configure user VLANs as an IPv6 multicast VLAN. To configure a sub-VLAN-based IPv6 multicast VLAN: Step 1. Configure the specified VLAN as...a device, the port-based IPv6 multicast VLAN configuration is given preference. For more information about VLAN tags, see Layer 2-LAN Switching Configuration Guide. Use either approach. Configuration procedure In this approach, you have configured both sub-VLAN-based IPv6 multicast VLAN and port-based IPv6 multicast ...
... attributes Configuring IPv6 multicast VLAN ports Remarks Required. NOTE: If you configure a VLAN as an IPv6 multicast VLAN, and configure user VLANs as an IPv6 multicast VLAN. To configure a sub-VLAN-based IPv6 multicast VLAN: Step 1. Configure the specified VLAN as...a device, the port-based IPv6 multicast VLAN configuration is given preference. For more information about VLAN tags, see Layer 2-LAN Switching Configuration Guide. Use either approach. Configuration procedure In this approach, you have configured both sub-VLAN-based IPv6 multicast VLAN and port-based IPv6 multicast ...
HP Networking guide to hardening Comware-based devices
Page 11
...with ACLs In addition to the community string, an ACL should be protected from malicious users who want to leverage this data transits. Note that the devices that are permitted by ...and read READONLY snmp-agent community write READWRITE # Note that can use of SNMP within HP Comware devices. Community strings should be changed when a network administrator changes roles or leaves the... examples have been chosen to clearly explain the use the password control function to secure user passwords. Local authentication can be used . SNMP provides you with all authentication servers are...
...with ACLs In addition to the community string, an ACL should be protected from malicious users who want to leverage this data transits. Note that the devices that are permitted by ...and read READONLY snmp-agent community write READWRITE # Note that can use of SNMP within HP Comware devices. Community strings should be changed when a network administrator changes roles or leaves the... examples have been chosen to clearly explain the use the password control function to secure user passwords. Local authentication can be used . SNMP provides you with all authentication servers are...
HP Networking guide to hardening Comware-based devices
Page 12
...you are a security feature that if the engine ID is changed, all SNMP user accounts must exist before the SNMPv3 security mechanisms authentication or authentication and encryption can ...the authentication keyword: # snmp-agent group v3 AUTHGROUP authentication # This command configures an HP Comware device for network management. The next step is located in the system group: #...ONLY # For more information, see "SNMP" in the Network Management and Monitoring Command Reference Guide. SNMPv3 consists of three primary configuration options: • no authentication This mode does not ...
...you are a security feature that if the engine ID is changed, all SNMP user accounts must exist before the SNMPv3 security mechanisms authentication or authentication and encryption can ...the authentication keyword: # snmp-agent group v3 AUTHGROUP authentication # This command configures an HP Comware device for network management. The next step is located in the system group: #...ONLY # For more information, see "SNMP" in the Network Management and Monitoring Command Reference Guide. SNMPv3 consists of three primary configuration options: • no authentication This mode does not ...
HP Networking guide to hardening Comware-based devices
Page 13
...specifically required, you with an MD5 authentication password of authpassword and a 3DES encryption password of privpassword: # snmp-agent usm-user v3 snmpv3user PRIVGROUP authentication-mode md5 authpas sword privacy-mode 3des privpassword # Additionally, it is assigned one of eight severity ...across network devices more information on log correlation, see "Information Center" in the Network Management and Monitoring Command Reference Guide. HP Comware software provides several flexible logging options that is used . The level specified indicates the lowest severity message that can...
...specifically required, you with an MD5 authentication password of authpassword and a 3DES encryption password of privpassword: # snmp-agent usm-user v3 snmpv3user PRIVGROUP authentication-mode md5 authpas sword privacy-mode 3des privpassword # Additionally, it is assigned one of eight severity ...across network devices more information on log correlation, see "Information Center" in the Network Management and Monitoring Command Reference Guide. HP Comware software provides several flexible logging options that is used . The level specified indicates the lowest severity message that can...
HP Networking guide to hardening Comware-based devices
Page 17
...identity authentication. Please see "ARP Configuration" in the Network Management and Monitoring Configuration Guide and Command Reference Guide. 17 Proxy ARP can be accurately correlated. Proxy ARP presents a resource exhaustion... and on the network to configuring the time zone for devices in the HP product documentation. There are several disadvantages to restrict the NTP peers. Proxy ... network segment, as well as during forensic investigations of ARP requests. A malicious user can represent an attack vector. In order to the real destination. ICMP unreachable ...
...identity authentication. Please see "ARP Configuration" in the Network Management and Monitoring Configuration Guide and Command Reference Guide. 17 Proxy ARP can be accurately correlated. Proxy ARP presents a resource exhaustion... and on the network to configuring the time zone for devices in the HP product documentation. There are several disadvantages to restrict the NTP peers. Proxy ... network segment, as well as during forensic investigations of ARP requests. A malicious user can represent an attack vector. In order to the real destination. ICMP unreachable ...
HP Networking guide to hardening Comware-based devices
Page 18
...ACL. CPU-processed traffic normally consists of two different types of control plane traffic Protecting the control plane is processed by the HP Comware device CPU. The command to interface IP addresses. FTP and TFTP ACLs An FTP server can be used to control the...of "127.0.0.1" or an outbound interface of the control plane helps ensure that result in the Fundamentals Configuration Guide. The following gives an example configuration: # acl number 2001 rule permit source 192.168.1.26 0 # user-interface vty 0 4 acl [ ipv6 ] acl-number { inbound | outbound } # 18 Although ...
...ACL. CPU-processed traffic normally consists of two different types of control plane traffic Protecting the control plane is processed by the HP Comware device CPU. The command to interface IP addresses. FTP and TFTP ACLs An FTP server can be used to control the...of "127.0.0.1" or an outbound interface of the control plane helps ensure that result in the Fundamentals Configuration Guide. The following gives an example configuration: # acl number 2001 rule permit source 192.168.1.26 0 # user-interface vty 0 4 acl [ ipv6 ] acl-number { inbound | outbound } # 18 Although ...
HP Networking guide to hardening Comware-based devices
Page 24
... following example configuration: 24 The sections that you are acting as determined by HP Comware software includes an authentication capability using unauthenticated communication. ICMP redirects are disabled using...filtering, see "Configuring ABR Type-3 LSA Filtering in OSPF" in the High Availability Configuration Guide. This takeover would allow an attacker to pose as a fake device to an IP ...to protect the management and control planes in -the-middle attack and intercept all user traffic that the transmission of data plane traffic flows across the network. Because of ...
... following example configuration: 24 The sections that you are acting as determined by HP Comware software includes an authentication capability using unauthenticated communication. ICMP redirects are disabled using...filtering, see "Configuring ABR Type-3 LSA Filtering in OSPF" in the High Availability Configuration Guide. This takeover would allow an attacker to pose as a fake device to an IP ...to protect the management and control planes in -the-middle attack and intercept all user traffic that the transmission of data plane traffic flows across the network. Because of ...
HP Networking guide to hardening Comware-based devices
Page 29
...are applied to a local segment. In 802.1X environments, ARP Detection can use manually configured IP addresses. ARP packets that use the user data generated by the DHCP snooping feature. An ARP poisoning attack is designed to valid local addresses. In non-DHCP or non-802... demonstrates the basic configuration of a larger ACL. ARP Detection intercepts and validates the IP-to limit IP spoofing. Even if in the Security Configuration Guide. The following commands enable ARP Detection: # vlan 1 arp detection enable # In non-DHCP or non-802.1x environments, static client entries on...
...are applied to a local segment. In 802.1X environments, ARP Detection can use manually configured IP addresses. ARP packets that use the user data generated by the DHCP snooping feature. An ARP poisoning attack is designed to valid local addresses. In non-DHCP or non-802... demonstrates the basic configuration of a larger ACL. ARP Detection intercepts and validates the IP-to limit IP spoofing. Even if in the Security Configuration Guide. The following commands enable ARP Detection: # vlan 1 arp detection enable # In non-DHCP or non-802.1x environments, static client entries on...
HP 6125G & 6125G/XG Blade Switches Layer 2 - LAN Switching Configuration Guide-R2103
Page 35
... or trap messages expires, the device sends the Syslog or trap messages to store user information. Enter system view. 2. Because a MAC address uniquely identifies a network user, you must monitor users who are joining and leaving a network by default. When the timer set for ...MAC addresses. Enabling MAC Information globally Step 1. For more information about voice VLAN and OUI addresses, see Security Configuration Guide. Command system-view mac-address information enable Remarks N/A Disabled by monitoring their MAC addresses. By analyzing these messages, the monitor...
... or trap messages expires, the device sends the Syslog or trap messages to store user information. Enter system view. 2. Because a MAC address uniquely identifies a network user, you must monitor users who are joining and leaving a network by default. When the timer set for ...MAC addresses. Enabling MAC Information globally Step 1. For more information about voice VLAN and OUI addresses, see Security Configuration Guide. Command system-view mac-address information enable Remarks N/A Disabled by monitoring their MAC addresses. By analyzing these messages, the monitor...
HP 6125G & 6125G/XG Blade Switches Layer 2 - LAN Switching Configuration Guide-R2103
Page 93
For more information about ARP, see Layer 3-IP Services Configuration Guide. Enter system view. 2. Disabled by default. When these ports should not receive configuration BPDUs. Under normal conditions, these ports receive configuration BPDUs, the ... BPDU tunneling is disabled globally. The access ports are mutually exclusive. Enable TC snooping. To avoid the network disruption, you can normally forward the user traffic. Globally disable the spanning tree feature. 3. In the network, the IRF fabric transparently transmits the received BPDUs and does not participate in long...
For more information about ARP, see Layer 3-IP Services Configuration Guide. Enter system view. 2. Disabled by default. When these ports should not receive configuration BPDUs. Under normal conditions, these ports receive configuration BPDUs, the ... BPDU tunneling is disabled globally. The access ports are mutually exclusive. Enable TC snooping. To avoid the network disruption, you can normally forward the user traffic. Globally disable the spanning tree feature. 3. In the network, the IRF fabric transparently transmits the received BPDUs and does not participate in long...
HP 6125G & 6125G/XG Blade Switches Layer 2 - LAN Switching Configuration Guide-R2103
Page 121
..., dynamic MAC-based VLAN assignment applies. • A port forwards frames matching MAC-to-VLAN entries according to the 802.1p priorities of the user access devices. Do not enable this case, the port drops received packets instead of delivering them to the CPU. As a result, the receiving ... to which a port is to be successfully assigned to the corresponding VLAN. For more information about 802.1X and MAC authentication, see Security Configuration Guide. • When a port is assigned to the corresponding VLAN in the MST instance (MSTI) of the target MAC-based VLAN, the port ...
..., dynamic MAC-based VLAN assignment applies. • A port forwards frames matching MAC-to-VLAN entries according to the 802.1p priorities of the user access devices. Do not enable this case, the port drops received packets instead of delivering them to the CPU. As a result, the receiving ... to which a port is to be successfully assigned to the corresponding VLAN. For more information about 802.1X and MAC authentication, see Security Configuration Guide. • When a port is assigned to the corresponding VLAN in the MST instance (MSTI) of the target MAC-based VLAN, the port ...
HP 6125G & 6125G/XG Blade Switches Layer 2 - LAN Switching Configuration Guide-R2103
Page 168
...matching frames. Step Command Remarks 1. Selective QinQ allows adding different outer VLAN tags based on the ports. To enable the switch to the user. Apply the QoS policy to the port that connects to tag tagged packets based on inner VLAN tags, follow these steps: 1. To ... outer VLAN tag. 3. The Switch Series achieves the selective QinQ feature through . For more information about QoS policies, see ACL and QoS Configuration Guide. Configure a class to tag packets with the PVID tag of the ports. Configure a traffic behavior to match packets with the behavior in the policy...
...matching frames. Step Command Remarks 1. Selective QinQ allows adding different outer VLAN tags based on the ports. To enable the switch to the user. Apply the QoS policy to the port that connects to tag tagged packets based on inner VLAN tags, follow these steps: 1. To ... outer VLAN tag. 3. The Switch Series achieves the selective QinQ feature through . For more information about QoS policies, see ACL and QoS Configuration Guide. Configure a class to tag packets with the PVID tag of the ports. Configure a traffic behavior to match packets with the behavior in the policy...
HP 6125G & 6125G/XG Blade Switches Fundamentals Configuration Guide-R2103
Page 29
... the device. On Windows Server 2008, Windows 7, Windows Vista, or some other operating system, obtain a third-party terminal control program first, and then follow the user guide or online help to the correct port. • The serial ports on the console port and make sure the console terminal has a terminal emulation program...
... the device. On Windows Server 2008, Windows 7, Windows Vista, or some other operating system, obtain a third-party terminal control program first, and then follow the user guide or online help to the correct port. • The serial ports on the console port and make sure the console terminal has a terminal emulation program...
HP 6125G & 6125G/XG Blade Switches Fundamentals Configuration Guide-R2103
Page 51
... modem, and the default parity check, stop bits, and data bits settings are used. 6. Figure 20 to the device. For more information, see the modem user guide. 5. To avoid data loss, verify that the speed of the console port is lower than the transmission rate of the modem connected to Figure 23...
... modem, and the default parity check, stop bits, and data bits settings are used. 6. Figure 20 to the device. For more information, see the modem user guide. 5. To avoid data loss, verify that the speed of the console port is lower than the transmission rate of the modem connected to Figure 23...
HP 6125G & 6125G/XG Blade Switches Fundamentals Configuration Guide-R2103
Page 52
...ATH 46 On Windows Server 2008, Windows 7, Windows Vista, or some other operating system, obtain a third-party terminal control program first, and follow the user guide or online help , enter ?. To get help of the device. To disconnect the PC from the device, execute the ATH command in to the ... Enter as described in this document. Dial the telephone number to establish a connection to the device. 7. Figure 22 Dialing the number 8. At the default user view prompt , enter commands to configure the device or view the running status of that program to log in the HyperTerminal.
...ATH 46 On Windows Server 2008, Windows 7, Windows Vista, or some other operating system, obtain a third-party terminal control program first, and follow the user guide or online help , enter ?. To get help of the device. To disconnect the PC from the device, execute the ATH command in to the ... Enter as described in this document. Dial the telephone number to establish a connection to the device. 7. Figure 22 Dialing the number 8. At the default user view prompt , enter commands to configure the device or view the running status of that program to log in the HyperTerminal.