HP 18108 Instruction Manual
Have a look at the manual HP 18108 Instruction Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Table24SecureConnectionFields(continued) DescriptionField ThenumberofminutesafterwhichanHTTPSsessiontimes-out,regardlessofrecent useractivity. SessionHardTimeout True—AcertificateisavailableforusewithHTTPSsessions.CertificatePresent? False—Nocertificateisavailableontheswitch. Indicatesthatacertificateisbeinggeneratedorthatnocertificategenerationisin progress. CertificateGenerationStatus •IfthevalueoftheCertificatePresent?fieldisTrue,youcanclickDeletetodeletetheexisting certificate. •IfyouclickDownloadCertificates,theUpdateManagerpagewillbedisplayedtoenableyou todownloadacertificatefiletotheswitch.See“DownloadingSSLCertificatesand Diffie-HellmanFiles”(page41). •IfyouclickGenerateCertificates,theswitchcreatesitsownself-signedpublickeycertificate. See“GeneratingCertificates”(page42). •IfyouenableordisableHTTPSAdminMode,orchangethetimeoutsettings,clickApplyto savethechangesforthecurrentbootsession;thechangestakeeffectimmediately. NOTE:Downloadorregenerateacertificatewhenthepreviouscertificatehasexpired,orwhen youhavereasontosuspectthatsecurityhasbeenbreachedandthecertificatehasbeentakenfor usebyanotherserver. DownloadingSSLCertificatesandDiffie-HellmanFiles UsetheUpdateManagerpagetodownloadapublickeycertificatethathasbeensignedby anotherserver,orarootcertificatethathasbeensignedbyacertificateauthority.Youcanalso downloadDiffie-Hellman(DH)encryptionparameterfiles,whichestablishthealgorithmsfor encryptingkeyexchanges. Beforeyoudownloadafiletotheswitch,thefollowingconditionsmustbetrue: •Thefileisontheserverintheappropriatedirectory. •Thefileisinthecorrectformat. •Theswitchhasapathtotheserver. UsethefollowingprocedurestodownloadanSSLcertificateorDHfiles. 1.ClickDownloadCertificates. TheUpdateManagerpagedisplays. SecureConnection41
Figure28UsingUpdateManagertoDownloadCertificates 2.Selecttheprotocoltouse,basedontheservertypethatthecertificateisstoredon:TFTPor HTTP. 3.ForanHTTPupload,browseforthefileonyourlocalcomputerornetwork. ForaTFTPupload,entertheServerIPaddress,andspecifytheFilePathandFileName. 4.FromtheUpdateTypefieldontheFileDownloadpage,selectoneofthefollowing: •SSLTrustedRootCertificatePEMFile:SSLTrustedRootCertificateFile(PEMEncoded)—An SSLcertificatethathasbeendigitallysignedbyacertificateauthority. •SSLServerCertificatePEMFile:SSLServerCertificateFile(PEMEncoded)—AnSSL certificatethathasbeensignedbyanotherserver. •SSLDHWeakEncryptionParameterPEMFileorSSLDHStrongEncryptionParameterPEM File—DHcertificatesprovidethealgorithmsforencryptingkeyexchangesandareused independentofthecertificate.Theweakversionusesacipherstrengthof512bitsand thestrongversionusesacypherstrengthof1024bits.Browsersettingsdeterminewhich DHfileparametersarerequestedatthestartoftheSSLsession. 5.ClickDownload. Toviewthatstatusoftheupdate,youcanviewtheStatus>Logpage. 6.ToreturntotheSecureHTTPConfigurationpage,clickSecurity>SecureConnectioninthe navigationpane. 7.ToenabletheHTTPSadminmode,selectEnablefromtheHTTPSAdminModefield,andthen clickApply. GeneratingCertificates Tohavetheswitchgeneratethecertificates: 1.ClickGenerateCertificates. Thepagerefresheswiththemessage“Certificatehasbeengenerated.” 2.ClickApplytocompletetheprocess. Whentheprocessiscomplete,thepagerefresheswiththemessage“Nocertificategeneration inprogress,”andtheCertificatePresentfielddisplaysasTrue. WhenacertificateispresentaDeletebuttonappearstoenabledeletingthecertificate. 42Security
6Trunks Trunksenableaggregatingmultiplefull-duplexEthernetlinksintoasinglelogicallink.Network devicestreatanaggregationasifitwereasinglelink,whichincreasesfaulttoleranceandprovides loadsharingcapability.YouassignthetrunkVLANmembershipaftercreatingthetrunk. Atrunkinterfacecanbeeitherstaticordynamic,butnotboth. •DynamictrunksusetheLinkAggregationControlProtocol(LACP,IEEEstandard802.3ad). AnLACP-enabledportautomaticallydetectsthepresenceofotheraggregation-capablenetwork devicesinthesystemandexchangesLinkAggregationControlProtocolDataUnits(LACPDUs) throughlinksinthetrunk.ThePDUscontaininformationabouteachlinkandenablethetrunk tomaintainthem. •Statictrunksareassignedtoabundlebytheadministrator.Membersdonotexchange LACPDUs.Astatictrunkdoesnotrequireapartnersystemtobeabletoaggregateitsmember ports. •Membersofatrunkmustbeeitherallstaticoralldynamic,andallportsbelongingtoatrunk musthavethesameFullDuplexspeed. TrunkConfigurationandMembership IMPORTANT:Configureporttrunkingbeforeyouconnectthetrunkedlinksbetweenswitches. Otherwise,abroadcaststormcouldoccur.Ifyouneedtoconnecttheportsbeforeconfiguring themfortrunking,youcantemporarilydisabletheportsuntilthetrunkisconfigured. LinkAggregation/Trunkingenablesoneormorefullduplex(FDX)Ethernetlinkstobeaggregated togethertoformalinkaggregationgroup,suchthatthenetworkingdevicecantreatthistrunkas ifitwereasinglelink. TodisplaytheTrunkConfigurationpage,clickTrunk>TrunkConfigurationinthenavigationpane. Figure29TrunkConfigurationPage Table25TrunkConfigurationFields DescriptionField TrunkIDforthesettings.“Normal”indicatestheportisnotpartofanytrunk.Trunk Trunkname.1–15alphanumericcharacters.Name TrunkConfigurationandMembership43
Table25TrunkConfigurationFields(continued) DescriptionField Mode(staticordynamic)configuredforthetrunk.Mode Selectthetrunkmembershipforaport.Bydefault,noportsbelongtoanytrunk.Agrayed outportindicatesthatithasbeenconfiguredforportmirroring(destinationorsourceport), PortMembers orthatitissettohalfduplex.Theuserisnotallowedtoperformanytrunkmembership configurationonthisportuntiltheportisremovedfromthemirroringconfigurationoris reconfiguredtofullduplexmode. Trafficacrossatrunkisdistributedamongtrunkmembers.Allportsinatrunkhavethesamefull duplexspeed. LoopprotectionisnotsupportedonLACPtrunks.Loopprotectionwillbeauto-disabledifitwas previouslyenabledonastatictrunkthatisnowbeingconfiguredasLACPActiveorPassive. RSTPcanbeenabledonatrunk.WhenRSTPiseitherenabledordisabledonatrunk,theindividual PortmemberslosetheirSTPconfigurationandwilltakeonthetrunk'sconfiguration.Whenports areremovedfromatrunk,theportmembersreturntotheirearlierconfiguredSTPstates. Anactiveport(LACPandStaticactivemembers)addedtoatrunklosesportVLANmembership andisassignedtothattrunkgroup’sVLANmembership.Whentheportisremovedfromatrunk itrevertstothedefaultVLAN. TrunkModes Atrunkcanbeconfiguredinfourdifferentmodes:Disabled,Static,LACPActive,andLACPPassive. Afterconfiguringtrunkmodes,clickApplytosavechangestotheselectedtrunk.Changestake effectimmediately. DisabledTrunkMode Whenatrunkisdisabled,notrafficflowsandLACPDUsaredropped.Thelinksthatformthetrunk arenotreleased. IntheexampleinFigure30TRK1,TRK2,andTRK3areconfiguredinDisabledMode. Figure30DisabledTrunkMode 44Trunks
StaticTrunkMode Astatictrunkinterfacedoesnotrequireapartnersystemtobeabletoaggregateitsmemberports. InthismodeitdoesnottransmitorprocessreceivedLACPDUs;memberportsdonottransmit LACPDUsandalltheLACPDUsreceivedaredropped.However,theportsinastatictrunkonone devicemustbeconnectedtoportsonanotherdevicethatisalsoconfiguredforthesamestatic trunk. InFigure31,alltrunkmodesareconfiguredinStaticmode. Figure31StaticTrunkMode CAUTION:Removingaportfromatrunkcancreatealoopandcauseabroadcaststorm.When youremoveaportfromatrunkwherespanningtreeisnotinuse,HPrecommendsthatyoufirst disabletheportordisconnectthelinkonthatport. LACPTrunkModes TherearetwotypesofLACPTrunkModes:LACPActiveandLACPPassive.InLACPActive,atrunk isinitiatedandmaintainedbyperiodicexchangesofLACPDUs.InLACPPassive,atrunkonly participatesiftheotherendsendsLACPDUs(otherendisLACPActive). InFigure32TRK1isconfiguredinLACPActiveModeandTRK2isconfiguredinLACPPassive Mode. TrunkConfigurationandMembership45
Figure32LACPTrunkMode(ActiveandPassive) TrunkingCapacities TrunkingCapacityFeature HP1810-8Switch (J9800A) HP1810-24Switch (J9801A) HP1810-8GSwitch (J9802A) HP1810-24GSwitch (J9803A) 412412Trunkssupported 7878Maximumportsina trunk 46Trunks
7VirtualLAN OnaLayer2switch,VirtualLAN(VLAN)supportofferssomeofthebenefitsofbothbridgingand routing.Likeabridge,aVLANswitchforwardstrafficbasedontheLayer2header,whichisfast, andlikearouter,itpartitionsthenetworkintologicalsegments,whichprovidesbetteradministration, securityandmanagementofmulticasttraffic. AVLANisasetofendstationsandtheswitchportsthatconnectthem.Manyreasonsexistforthe logicaldivision,suchasdepartmentorprojectmembership.Theonlyphysicalrequirementisthat theendstationandtheporttowhichitisconnectedbothbelongtothesameVLAN. EachVLANinanetworkhasanassociatedVLANID,whichdisplaysintheIEEE802.1Qtagin theLayer2headerofpacketstransmittedonaVLAN.Anendstationmayomitthetag,orthe VLANportionofthetag,inwhichcasethefirstswitchporttoreceivethepacketmayeitherreject itorinsertatagusingitsdefaultVLANID.Agivenportmayhandletrafficformorethanone VLAN,butitcanonlysupportonedefaultVLANID. HP1810seriesswitchessupportupto64VLANs. VLANConfiguration UsetheVLANConfigurationpagetodefineVLANgroups.VLAN1isthedefaultVLANofwhich allportsaremembers.Youcancreateupto64VLANs. TodisplaytheVLANConfigurationpage,clickVLANs>VLANConfigurationinthenavigation pane. Figure33VLANConfigurationPage Table26VLANConfigurationFields DescriptionField SelectthisboxtocreateanewVLAN.CreateVLAN SpecifythenumericVLANIdentifierfrom2to4094andclickApplytocreatetheVLAN.CreateVLANID NOTE:VLANID1ispre-configuredontheswitchandisalwaysnamed“Default.” ThedefaultVLANcannotbedeleted. VLANConfiguration47
Table26VLANConfigurationFields(continued) DescriptionField ThecurrentnumberofVLANs.Upto64VLANscanbecreated.NumberofVLANs AftertheVLANIDhasbeencreatedusingthepreviouslydescribedfields,youcanapply anametoitordeleteit. VLANName DeleteVLAN •TodeleteaVLAN,selectDeleteVLANandclickApply.ThedefaultVLANcannotbe deleted.SetName •TospecifyaVLANname,selectSetName,typeanameintheVLANNamefield, andclickApply.AVLANnamecanhaveupto32alphanumericcharacters,including spaces. ClickApplytosaveanychangesforthecurrentlyselectedVLAN.Thechangestakeeffect immediately. VLANPorts UsetheVLANPortspagetoviewthePortVLANIDthataportwillassigntountaggedframesthat itforwards,andtoconfiguretheportpriority. TodisplaytheVLANPortspage,clickVLANs>VLANPortsinthenavigationpane. Figure34VLANPortsPage Table27VLANConfigurationFields DescriptionField SelecttheportonwhichtoconfiguretheVLANsettings.Interface TheVLANIDthatthisportwillassigntountaggedframesorpriority-taggedframes receivedonthisport(range1–4094,default=1).ThePVIDisnotuser-configurable PVID andalwayscorrespondstoVLANIDoftheport’suntaggedVLANmembership.You assignportstoVLANsontheVLANParticipation/Taggingpage. ThePVIDvaluedisplaysasNoneifalltheVLANsareconfiguredastaggedonthisport orifthisportisconfiguredasthedestinationportinaportmirroringconfiguration. Specifythedefault802.1ppriorityassignedtountaggedpacketsarrivingattheport. Avalueof0indicatesthelowestpriority,commonlyusedforroutinetraffic,and7 PortPriority indicatesthehighestpriority,oftenreservedforapplicationsuchasvoiceandvideo. (0–7,default=0) NOTE:IngressFilteringisenabledonallports;therefore,aframeisdiscardediftheportisnot amemberoftheVLANthattheframeisassociatedwith.Inataggedframe,theVLANisidentified bytheVLANIDinthetag.Inanuntaggedframe,theVLANisthePortVLANIDspecifiedforthe portthatreceivedthisframe. ClickApplytosaveanychangesforthecurrentbootsession;thechangestakeeffectimmediately. 48VirtualLAN
VLANParticipation/Tagging UsethispagetoincludeportsortrunksinparticularVLANsandtospecifythetaggingpolicyfor outgoingpacketsonaportortrunk. NOTE: •AllportsaremembersofVLAN1bydefault. •EachportmustbeamemberofatleastoneVLAN.Anerrormessageisdisplayedifauser attemptstoexcludeaportfromparticipationinitsonlyVLAN. •PortsbelongingtoatrunkcannotbeassignedmembershipinaVLAN,althoughthetrunkitself canbeamemberofoneormoreVLANs.WhenamemberportisaddedtoaTrunk,itloses anypreviousVLANmembershipsandacquiresthoseofthetrunk.Whendeletedfromatrunk, aportlosestheVLANmembershipsofthetrunkandacquiresuntaggedmembershipinVLAN 1. TodisplaytheParticipation/Taggingpage,clickVLANs>Participation/Tagginginthenavigation pane. Figure35Participation/TaggingPage Table28Participation/TaggingFields DescriptionField SelecttheVLANtoconfigure.VLAN ForaportortrunktoparticipateinaVLAN,itstaggingpolicymustbedefined.By default,allportsandtrunksareconfiguredasuntaggedmembersofVLAN1,andare excludedfromallothernewlycreatedVLANs. Tag/Untag/ExcludeAll YoucanconfigureeachportindividuallyorusetheTag/Untag/ExcludeAllboxto configureallportsatonce.Clicktheboxuntiltheappropriateoptionisdisplayed: •E—excludefromVLAN. •T—participateintheselectedVLANandtagallframes. •U—participateintheselectedVLANandleavealloutgoingframesuntagged.Each portcanhaveonlyoneuntaggedVLANmembership.Ifaportisanuntaggedmember ofaVLANandasecondVLANisselectedforuntaggedmembership,thenthefirst VLANmembershipisautomaticallychangedtoE(Exclude). •Agrayedoutboxindicatestheportiseitherconfiguredasamemberofatrunkor cannotparticipateinanyVLAN. UsetheindividualportboxestospecifywhetheraportparticipatesinthisVLANby identifyingthetaggingpolicy,orbyexcludingtheportfromtheVLAN. Port ClickApplytosaveanychangesforthecurrentbootsession;thechangestakeeffectimmediately VLANParticipation/Tagging49
8LinkLayerDiscoveryProtocol(LLDP) TheIEEE802.1ABdefinedstandard,LinkLayerDiscoveryProtocol(LLDP),allowsstationsresiding onanIEEE802LANtoadvertisemajorcapabilitiesandphysicaldescriptions.Thisinformationis viewedbyanetworkmanagertoidentifysystemtopologyanddetectbadconfigurationsonthe LAN. LLDPisaone-wayprotocol;therearenorequest/responsesequences.Informationisadvertised bystationsimplementingthetransmitfunction,andisreceivedandprocessedbystations implementingthereceivefunction.Thetransmitandreceivefunctionscanbeenabled/disabled separatelyperport.Bydefault,bothtransmitandreceiveareenabledonallports.Theapplication isresponsibleforstartingeachtransmitandreceivestatemachineappropriately,basedonthe configuredstatusandoperationalstateoftheport. LLDPConfiguration UsetheLLDPConfigurationpagetospecifyglobalLLDPparametersandtoconfiguretheprotocol onindividualports. TodisplaytheLLDPConfigurationpage,clickLLDP>LLDPConfigurationinthenavigationpane. Figure36LLDPConfigurationPage Table29LLDPConfigurationFields DescriptionField GlobalMode Specifytheintervalatwhichframesaretransmitted.Thedefaultis30seconds,andthe validrangeis5–32768seconds. TransmitInterval Specifythemultiplieronthetransmitintervalto,whichisusedtocomputetheTTL(range 2–10,default=4). TransmitHold Specifythedelaybeforeare-initialization(range1–10seconds,default=2).Re-InitializationDelay 50LinkLayerDiscoveryProtocol(LLDP)