HP 18108 Instruction Manual
Have a look at the manual HP 18108 Instruction Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
4SwitchingPages YoucanusetheSwitchingPagestoconfigureportoperationandcapabilities. PortConfiguration UsethePortConfigurationpagetoviewandconfiguretheAdminmodeandlinkspeedsettingfor eachportontheswitch.Itisalsousedtodisplaythelinkstatusandphysicaltypeofeachswitch port. TheAdminmodeisenabledbydefaultandthedefaultlinkspeedissettoautosothattheduplex modeandspeedissetbytheauto-negotiationprocess,andtheport'smaximumcapability(full duplexand1000MbpsinthecaseofGigabitports)isadvertised. WhentheminiGBICfibertransceiversareused,thelinkspeedcanbeconfiguredas 100/1000MbpsFull-Duplexdependingonthetransceivercapability. AutoDetectandConfigureFiberModules Theautodetectandconfigurefeaturedetectsthetypeoffibermoduleinsertedinafiberportand automaticallyconfiguresitwiththeappropriatesettings.Whenafibermoduleisinsertedor changed,thelinkspeedmenushowstheavailablespeedoptions. TodisplaythePortConfigurationpage,clickSwitching>PortConfigurationinthenavigation pane. Figure19PortConfigurationPage NOTE:Thedisplayandthecontentofthispagechangesbasedonthephysicalportselected. Forexample,iftheselectedportisanoptionalcopper/fiberportandfiberisbeingused,thenthe LinkSpeedselectionswilldisplayonlyvalidoptionsforthatport. Table16PortConfigurationFields DescriptionField Selecttheinterfacetoconfigure.Interface Describestheporttype(i.e.,CopperorFiber).PhysicalType DisplaysUporDowntoindicateoperationalstatus.LinkStatus Enableaccesstotheportonthenetwork.Cleartodisabletheport.AdminMode Configuretheduplexmodeandtransmissionratefortheselectedport.(Theseoptions maychangedependingontheporttype.) LinkSpeed •Auto—Theratesandduplexmodewillbeauto-negotiated. •10HDX—10Mbps,half-duplex •100HDX—100Mbps,half-duplex •10FDX—10Mbps,full-duplex PortConfiguration31
Table16PortConfigurationFields(continued) DescriptionField •100FDX—100Mbps,full-duplex •1000FDX—1000Mbps,fullduplex(forfiberports) NOTE:Theport'smaximumcapabilityisadvertised. ClickApplytosaveanychangesforthecurrentbootsession;thechangestakeeffectimmediately. Toviewasummaryofportinformation,clickStatus>PortSummaryinthenavigationpane. JumboFrames UsetheJumboFramespagetoenabletheswitchtoforwardjumboEthernetframes.Thejumbo framesfeatureextendsthestandardEthernetMaximumTransmissionUnit(MTU)from1518bytes (1522byteswithaVLANheader)to9216bytes.Ifitisenabled,anydeviceconnectingtothe samebroadcastdomainshouldalsosupportjumboframes. Thisfeatureisdisabledbydefault. TodisplaytheJumboFramespage,clickSwitching>JumboFramesinthenavigationpane. Figure20JumboFramesPage Table17JumboFramesFields DescriptionField Enabletheswitchtoforwardjumboframesupto9216bytes.EnableJumboFrames ClickApplytosaveanychangesforthecurrentbootsession;thechangestakeeffectimmediately. PortMirroring Portmirroringsendsacopyofallpacketssentand/orreceivedononeport(thesourceport)to anotherport(thedestinationport)formonitoringandanalysisbyanexternalnetworkanalyzer. Multipleswitchportscanbeconfiguredassourceports,witheachportmirroredtothesame destination.YoucanalsomirrortheinternalCPUtraffictoanexternalportfordebuggingtheCPU. Nodestinationportisdefinedbydefault.Initsdefaultstate,thedestinationportdoesnotparticipate intrafficforwarding,anditcannotbeconfiguredtoparticipateinVLANs. CAUTION: •Whenconfiguringportmirroring,avoidoversubscribingthedestinationporttopreventthe lossofmirroreddata. •Whileaportisusedasthedestinationportformirroreddata,theportcannotbeusedfor anyotherpurpose;theportwillnotreceiveandforwardtraffic. TodisplaythePortMirroringpage,clickSwitching>PortMirroringinthenavigationpane. IntheexampleconfigurationinFigure21,portmirroringisconfiguredtomirrorTXandRXpackets onSourcePort1toDestinationPort4. 32SwitchingPages
Figure21PortMirroringPage Table18PortMirroringFields DescriptionField Enableportmirroringcapabilitygloballyontheswitch.Cleartodisablethefeature.EnableMirroring Selecttheporttowhichpacketswillbemirrored.DestinationPort Foreachsourceportyouwanttomirrortothedestinationport,selectthedirection ofthepacketstobemirrored: SourcePortDirection •TxandRx—Allpacketstransmittedandreceivedonthesourceportaremirrored. •Rx—Onlypacketsreceivedonthesourceportaremirrored. •Tx—Onlypacketstransmittedonthesourceportaremirrored. •None—Nopacketsaremirroredfromthisport(default). TheportselectedastheDestinationPortisgreyed-outandunavailableforselection. Portsthatareincludedaspartofatrunkcannotbeselectedindividuallyassource ports,buttrunkscanbeselectedassourceports. NOTE:TheSourcePortCPUcanbemirroredtoanexternalporttodebugtraffic toandfromtheCPU. ClickApplytosaveanychangesforthecurrentbootsession;thechangestakeeffectimmediately. FlowControl Whenaportbecomesoversubscribed,itmaybegindroppingalltrafficforsmallburstsoftime duringthecongestioncondition.Thiscanleadtohigh-priorityand/ornetworkcontroltrafficloss. When802.3xflowcontrolisenabled,alower-speedswitchcancommunicatewithahigher-speed switchbyrequestingthatthehigher-speedswitchrefrainfromsendingpackets.Transmissionsare temporarilyhaltedtopreventbufferoverflows. NOTE:FlowcontrolworkswellwhentheLinkSpeedisauto-negotiated. UsetheFlowControlpagetoenableordisablethisfunctionality.Itisdisabledbydefaultandcan beconfiguredgloballyacrossalltheports. TodisplaytheFlowControlpage,clickSwitching>FlowControlinthenavigationpane. FlowControl33
AsshownintheexampleconfigurationinFigure22,flowcontrolisenabledglobally,whichwould enableflowcontrolonalltheportsintheswitch. Figure22FlowControlPage Table19FlowControlFields DescriptionField Enableflowcontrolontheswitch.Cleartodisablethefeature.EnableFlowControl ClickApplytosaveanychangesforthecurrentbootsession;thechangestakeeffectimmediately. GreenFeatures Theswitchsoftwareallowstheusertoenableordisableport,cable,andLEDenergysavingfeatures thatconsumelesspowerthanthenormalhigh-performancemode. TodisplaytheGreenFeaturesconfigurationpage,clickSwitching>GreenFeaturesinthenavigation pane. Figure23GreenFeatures Table20GetConnectedFields DescriptionField PortEnergySavingConfiguration Enablepowersavemodewhenthereisnolink.Thisfeatureisdisabledby default. AutoPortPower-Down EEE(EnergyEfficientEthernet)isdesignedtosavepowerbyturningoffnetwork portsthatarenotpassingtraffic.EEEworksforportsinauto-negotiationmode, Low-TrafficIdle(EEE) wheretheportisnegotiatedtoeither100MbpsFullDuplexor1Gbps(1000 Mbps)FullDuplex.ValidvaluesareDisableandEnable.Thisfeatureisdisabled bydefault. 34SwitchingPages
Table20GetConnectedFields(continued) DescriptionField CableEnergySavingConfiguration Enableportpowerconsumptionbaseduponthecablelengthsuchthatshorter cablesuselesspower.Thisfeatureisdisabledbydefault. CableLengthDetect LEDintensityConfiguration EnableLEDintensitycontrolgloballyonallports.LEDIntensity SetsthedesiredLEDintensitylevel.ValidvaluesareHigh,Medium,Low,and Off.DefaultvalueisOff. IntensityLevel SpecifiesthetimeofdaywhentheconfiguredLEDintensitylevelisactivated. Validvaluesareanyhourorhalf-hourfrommidnight(12:00AM)through 11:30PM.Defaultvalueis7:00PM. StartTime SpecifiesthenumberofhourstheconfiguredLEDIntensitylevelisineffect. Validvaluesareintherangeof1hourto24hours.Defaultvalueis12hours. Duration SpecifieswhethertheLEDintensitysettingsareineffectonetimeonly,ordaily. SettoYestorepeattheconfiguredLEDIntensityleveldaily.Validvaluesare YesandNo.DefaultvalueisYes. RecurDaily ClickApplytosaveanychangesforthecurrentbootsession;thechangestakeeffectimmediately. LoopProtection Loopsinanetworkcanconsumeswitchresourcesanddegradeperformance.Detectingloops manuallycanbeverycumbersomeandtimeconsuming.TheHP1810seriesswitchsoftware providesanautomaticLoopProtectionfeature. LoopProtectionmaybeenabledordisabledgloballyandonaport-by-portbasis.Whenenabled globally,thesoftwaresendsloopprotectionpacketstoareservedlayer2multicastdestination addressonalltheportsonwhichthefeatureisenabled.Transmissionofthepacketcanbedisabled selectivelyoncertainports,evenwhenLoopProtectionisenabled. Ifthismulticastpacketcomesbacktotheswitchwithanyoftheports’MACaddressesasthe source,theswitchdeterminesthataloophasoccurred.Theportthatreceivedtheloopprotection packetfromtheswitchcanbeshutdownforaconfiguredperiod,oralogentrycanbemade. PortsonwhichLoopProtectionisdisableddroptheloopprotectionpacketssilently. TodisplaytheLoopProtectionconfigurationpage,clickSwitching>LoopProtectioninthenavigation pane. LoopProtection35
Figure24LoopProtection Table21LoopProtectionFields DescriptionField Enablethisfeatureglobally.LoopProtection Enterthetimeinterval,inseconds,betweensendingLoopProtectionpackets.TransmissionTime Setthenumberofsecondsthataportremainsshutdownifaloophasbeen detectedontheport. ShutdownTime SelecthowyouwanttoconfigureLoopProtection:LoopProtectionSelect •All—EnablesallinterfaceswithLoopProtection. •OnebyOne—EnablesyoutoconfigureLoopProtectiononportsindividually (default). •None—DisablesLoopProtectiononallinterfaces. SelectEnableforeachportonwhichyouwanttousethisfeature.Interface/LoopProtection IfLoopProtectionisenabledonaport,selectoneofthefollowingactionsto occurwhenaloopisdetected: Action •Log—Theeventisloggedandtheportremainsoperational. •Shutdownport—Theportisshutdownfortheconfiguredperiod. •LogandShutdownPort—Theeventisloggedandtheportitshutdownfor theconfiguredperiod. IfLoopProtectionisenabledonaport,selectEnabletoallowtheporttoforward packetstothemulticastdestinationMACaddressdesignatedfortheLoop Protectionfeature.SelectDisabletodisallowforwarding. TxMode ClickApplytosaveanychangesforthecurrentbootsession;thechangestakeeffectimmediately. Toviewasummaryofhowthisfeatureisconfiguredoneachport,clickStatus>LoopProtection inthenavigationpane. 36SwitchingPages
SpanningTree TheRapidSpanningTreeProtocol(RSTP,IEEE802.1w)reducestheconvergencetimefornetwork topologychangestoabout3-5secondsfromthe30secondsormorefortheIEEE802.1DSTP standard. RSTPisintendedasacompletereplacementforSTP,butcanstillinteroperatewithswitchesrunning theSTPprotocolbyautomaticallyreconfiguringportstoSTP-compliantmodeiftheydetectSTP protocolmessagesfromattacheddevices. HP1810seriesswitchessupporttheSpanningTreeversionsIEEE802.1DSTP,and802.1wRSTP inconformancewiththeIEEE802.1Q2005. TodisplaytheSpanningTreeconfigurationpage,clickSwitching>SpanningTreeinthenavigation pane. Figure25SpanningTree Table22SpanningTreeFields DescriptionField SpanningTreeBridgeConfiguration EnabletheSpanningTreeprotocolmodeglobally.Thisfeatureisdisabledbydefault.ProtocolMode Specifytheprotocol,RSTPorSTP.RSTPissetbydefault.ProtocolVersion SpecifyanSTP/RSTPbridgepriorityvaluebetween0–61440.Thedefaultis32768.BridgePriority IntervalbetweenperiodictransmissionsofSTPBPDUsbydesignatedports.Thedefaultis2 seconds. HelloTime DelayusedbySTPbridgestotransitrootanddesignatedportstoforwarding(usedinSTP compatiblemode).Thedefaultis15seconds. ForwardDelay NumberofsecondsuntiltheBPDUinformationisconsideredtobeagedoutorinvalid.This valuemustbe=(HelloTime+1)*2.Thedefaultis20seconds. MaxAge SpanningTreeInterfaceConfiguration SpanningTree37
Table22SpanningTreeFields(continued) DescriptionField Settheporttorecoverfromanerror-disabledstate.Ifrecoveryisnotenabled,aporthasto bedisabledandre-enabledfornormalSTPoperation.Theconditionisalsoclearedbya systemreboot. BPDUPortErrorRecovery Timeafterwhichaportintheerror-disabledstatecanbeenabled.Thisvalueisalso applicableontheper-portBPDUGuardoperations. BPDUPortErrorRecovery Timeout SpanningTreePortSettings Listofallphysicalportsandtrunkinterfacesconfiguredonthesystem.Interface Thepathcostisusedwhenestablishingtheactivetopologyofthenetwork.Lowerpathcost portsarechosenasforwardingportsinfavorofhigherpathcostports.SpecifyAutoor PathCost assignavaluebetween1-200000000.ThedefaultisAutowherethepathcostissetusing the802.1Drecommendedvalues. Specifyavaluebetween0-240inincrementsof16tocontrolthepriorityofportswith identicalportcosts.Thedefaultis128;64fortrunkports. Priority Configuretheporttoactasanon-edgeoredgeportforSpanningTree.Thedefaultis non-edge. AdminEdge Enableautomaticedgeportdetectionfortheport.AutoEdge Whenrootguardisenabledonaport,thatportcannotbeselectedastherootportevenif itreceivessuperiorSTPBPDUs.Theportisassignedan“alternate”portroleandentersa RootGuard blockingstateifitreceivessuperiorSTPBPDUs.Selectthisoptiontoenablerootguardfor theport.Itisnotselectedbydefault. WithTCNguardenabled,aportdoesnotpropagatereceivedtopologychangenotifications andtopologychangestootherports.SelectthisoptiontoenableTCNguardfortheport. Itisnotselectedbydefault. TCNGuard WhenanSTPBPDUisreceivedonaportthathasBPDUprotectionenabled,theportdisables itself.SelectthisoptiontoenableBPDUprotectionfortheport.Itisnotselectedbydefault. BPDUProtect WithBPDUfilteringenabled,theportdoesnotparticipateinSpanningTree,andtheport remainsintheforwardingstate.SelectthisoptiontoenableBPDUfilteringfortheport.Itis notselectedbydefault. BPDUFilter Thisparameterinformstheswitchwhethertheportconnectstoasingledeviceortoashared mediumwithmultipledevices.Apoint-to-pointlinkhasonlyonedeviceatthefarend.This Point-to-Point canbeautomaticallydetermined,orforcedeithertrueorfalse.ValidvaluesareForcedTrue, ForcedFalse,andAuto.DefaultvalueisForcedTrue. ClickApplytosaveanychangesforthecurrentbootsession;thechangestakeeffectimmediately. 38SwitchingPages
5Security TheHP1810seriesswitchsoftwareincludesarobustsetofbuilt-indenial-of-service(DoS)and stormcontrolprotections,andallowsconfiguringsecureHTTP(HTTPS)managementsessions. AdvancedSecurity TheHP1810seriesswitchsoftwareprovidesthefollowingbuilt-insecurityfeatures: •StormControl—ThisfeatureprotectsagainstconditionwhereincomingpacketsfloodtheLAN, causingnetworkperformancedegradation.ThesoftwareincludesStormControlprotection forunicast,broadcast,andmulticasttraffic.Thetrafficisdroppediftherateofincomingtraffic onaninterfaceincreasesbeyondthethresholdof64Kppsfor1810-24G/1810-8Gor4K ppsfor1810-24/1810-8. •AutoDenial-of-Service(DoS)protections—ADoSattackisanattempttosaturatetheswitch withexternalcommunicationrequeststopreventtheswitchfromperformingefficiently,orat all.YoucanenableAutoDoSprotectionthatpreventscommontypesofDoSattacks. CAUTION:TheDoSfeaturedoesnotgenerateanynotifications(suchaserrormessages,syslog messages,SNMPtraps)ifaDoSattackoccurs. TodisplaytheAdvancedSecuritypage,clickSecurity>AdvancedSecurityinthenavigationpane. Figure26AdvancedSecurityPage Table23AdvancedSecurityFields DescriptionField Activatestormcontrolprotectionforbroadcastandmulticastgloballyinthesystem.The defaultthresholdis64Kppsonthe1810Gigabitswitchesand4KppsontheFast Ethernetswitches.CleartonotusetheStormControlfeature. StormControl Enabledenialofserviceattackprotection,orcleartodisableDoSprotection.Itis disabledbydefault. AutoDoS ClickApplytosaveanychangesforthecurrentbootsession;thechangestakeeffectimmediately SecureConnection TheHP1810seriesswitchsoftwareallowstheadministratortoenableordisableSecureHTTP protocol(HTTPS).Whenenabled,theadministratorcanestablishasecureconnectionwiththe switchusingtheSecureSocketsLayer(SSL)protocol.SecureHTTPcanhelpensurethat communicationbetweenthemanagementsystemandtheswitchisprotectedfromeavesdropping andman-in-the-middleattacks.TheHP1810seriesswitchsoftwaresupportsSSLversion3.0. SSLenablestheswitchtogenerateandstoreacertificatethatfunctionsasadigitalpassport, enablingclientWebbrowserstoverifytheidentityoftheswitchbeforeaccessingit. AdvancedSecurity39
NOTE:SSLisdescribedinclient/serverterminology,wheretheSSL-enabledswitchistheserver andaWebbrowseristheclient. Thecertificateprovidesinformationtothebrowsersuchastheservername,thetrustedcertificate authority(CA)thatissuedthecertificate,thedateitwasissued,andtheswitch’spublickey. Thebrowserandserverusethisinformationtonegotiateasecureconnectioninthefollowing manner: •Thebrowserverifiesthecertificateauthority’sauthenticitybycheckingitagainstitsownlist ofCAs.(WebbrowserssuchasMicrosoftInternetExplorerandMozillaFirefoxmaintaindata ontrustedCAs.) •AftervalidatingtheCA,thebrowserandswitchnegotiatethehighestlevelofsecurityavailable toboth.Thebrowserusesthepublickeytoencryptarandomnumberandsendittotheswitch. Theswitchusesaprivatekeystoredinmemory(notadvertisedonthecertificate)todecrypt it.Fromthisprocess,thebrowserandswitchdetermineanalgorithmforencryptingand decryptingallfurthercommunicationduringtheHTTPSsession. ToenablesecureHTTPSconnectionsviaSSL,theHTTPSAdminmodemustbeenabledonthe switch,andtheWebservermusthaveapublickeycertificate.Theswitchcangenerateitsown certificates,oryoucangeneratetheseexternallyanddownloadthemtotheswitch. •Certificatesgeneratedbytheswitchareself-signed;thatis.,thevalidityoftheinformation providedinthecertificateisattestedtobytheswitchitself. •Downloadedcertificatescanalsobeself-signed(byaserverotherthantheswitch),orthey canberootcertificates.ArootcertificatehasbeendigitallysignedbyaCA,andistherefore consideredtoprovideahigherlevelofsecurity. Youcanalsodownloadtheencryptionparameterfilesthatprovidealgorithmsforencryptingthe keyexchanges. TomanageHTTPparametersandcertificates,youuseboththeSecureConnectionpageandthe UpdateManagerpage. TodisplaytheSecureConnectionpage,clickSecurity>SecureConnectioninthenavigationpane. Figure27SecureConnectionPage Table24SecureConnectionFields DescriptionField EnabletheAdministrativemodeofHTTP.Thismodecanonlybedisabledwhenthe HTTPSAdminmodeisenabled. HTTPAdminMode EnablesecureHTTPSsessions.(VerifythattheCertificatePresentfieldissettoTrue.)HTTPSAdminMode YoucanonlydownloadSSLcertificateswhenthismodeisdisabled. ThenumberofminutesafterwhichanHTTPSsessiontimes-outifthereisnouser activity. SessionSoftTimeout 40Security