HP A 5120 Manual

Download as PDF Print this page Share this page

Have a look at the manual HP A 5120 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

View all the pages

Add page 31 to Favourites

image text

Enable zoom

							21 
Task Remarks 
Configuring RADIUS accounting-on Optional 
Specifying a security policy server Optional 
Configuring interpretation of RADIUS class attribute as CAR 
parameters Optional 
Enabling the RADIUS trap function Optional 
Enabling the listening port of the RADIUS client Optional 
Displaying and maintaining RADIUS Optional 
 
Creating a RADIUS scheme 
Before performing other RADIUS configurations, follow these steps to create a RADIUS  scheme and enter 
RADIUS scheme view: 
To do… Use the command… Remarks 
Enter system view system-view — 
Create a RADIUS scheme and 
enter RADIUS scheme view 
radius scheme radius-scheme-
name 
Required 
No RADIUS scheme by default 
 
 NOTE: 
A RADIUS scheme can be referenced by multiple ISP domains at the same time.  
Specifying the RADIUS authentication/authorization servers 
Follow these steps to specify the RADIUS authentication/authorization servers: 
To do… Use the command… Remarks 
Enter system view system-view — 
Enter RADIUS scheme view radius scheme radius-scheme-name — 
Specify the primary RADIUS 
authentication/authorization 
server 
primary authentication { ip-address [ port-
number | key string] * | ipv6 ipv6-address [ 
port-number | key string ] * } 
Required 
Configure at least one 
command. 
No 
authentication/authorizat
ion server is specified by 
default. 
Specify the secondary 
RADIUS 
authentication/authorization 
server 
secondary authentication { ip-address [ port-
number | key string] * | ipv6 ipv6-address [ 
port-number | key string ] * }

Add page 32 to Favourites

image text

Enable zoom

							22 
 NOTE: 
 If both the primary and secondary authentication/authorization servers are specified, the secondary one is used 
when the primary one is not reachable.  
 If redundancy is not required, specify only the primary RADIUS authentication/authorization server. 
 In practice, you may specify one RADIUS server as the primary authentication/authorization server, and up to 
16 RADIUS servers as the secondary authentication/authorization servers, or specify a server as the primary 
authentication/authorization server for a scheme and as the secondary authentication/authorization servers for 
another scheme at the same time. 
 The IP addresses of the primary and secondary authentication/authorization servers for a scheme must be 
different from each other. Otherwise, the configuration will fail.  
 All servers for authentication/authorization and accountings, primary or secondary, must use IP addresses of the 
same IP version.  
Specifying the RADIUS accounting servers and relevant parameters 
You can specify one primary accounting server and up to 16 secondary accounting servers for a RADIUS 
scheme. When the primary server is not available, a secondary server is used, if any. When redundancy 
is not required, specify only the primary server. 
By setting the  maximum  number  of real-time accounting attempts for  a  scheme, you  make the  device 
disconnect users for whom no accounting response is received before the number of accounting attempts 
reaches the limit. 
When  the  device  receives  a  connection  teardown  request  from  a  host  or  a  connection  teardown 
notification from  an  administrator,  it  sends  a  stop-accounting  request  to  the  accounting  server. You  can 
enable  buffering  of non-responded stop-accounting  requests to allow  the  device  to  buffer and  resend a 
stop-accounting request until it receives a response or the number of stop-accounting attempts reaches the 
configured limit. In the latter case, the device discards the packet. 
Follow these steps to specify the RADIUS accounting servers and perform related configurations: 
To do… Use the command… Remarks 
Enter system view system-view — 
Enter RADIUS scheme view radius scheme radius-scheme-name — 
Specify the primary RADIUS 
accounting server 
primary accounting { ip-address [ port-number 
| key string ] * | ipv6 ipv6-address [ port-
number | key string ] * } 
Required 
Configure at least one 
command. 
No accounting server is 
specified by default. 
Specify the secondary RADIUS 
accounting server 
secondary accounting { ip-address [ port-
number | key string ] * | ipv6 ipv6-address [ 
port-number | key string ] * } 
Enable the device to buffer 
stop-accounting requests to 
which no responses are 
received 
stop-accounting-buffer enable Optional 
Enabled by default 
Set the maximum number of 
stop-accounting attempts retry stop-accounting retry-times Optional 
500 by default 
Set the maximum number of 
real-time accounting attempts retry realtime-accounting retry-times Optional 
5 by default

Add page 33 to Favourites

image text

Enable zoom

23
NOTE:
 The IP addresses of the primary and secondary accounting servers must be different from each other. Otherwise,
the configuration fails.
 All servers for authentication/authorization and accountings, primary or secondary, must use IP addresses of the
same IP version.
 If you delete an accounting server serving users, the device can no longer send real-time accounting requests
and stop-accounting requests for the users to that server, or buffer the stop-accounting requests.
 You can specify a RADIUS accounting server as the primary accounting server for one scheme and as the
secondary accounting server for another scheme at the same time.
 RADIUS does not support accounting for FTP users.
Setting the shared keys for RADIUS packets
The RADIUS client and RADIUS server use the MD5 algorithm to encrypt packets exchanged between
them and use shared keys to verify the packets. They must use the same shared key for the same type of
packets.
A shared key configured in this task is for all servers of the same type (accounting or authentication) in
the scheme, and has a lower priority than a shared key configured individually for a RADIUS server.
Follow these steps to set the shared keys for RADIUS packets:
To do… Use the command… Remarks
Enter system view system-view —
Enter RADIUS scheme view radius scheme radius-scheme-
name —
Set the shared key for RADIUS
authentication/authorization or
accounting packets
key { accounting | authentication
} string
Required
No shared key by default

NOTE:
A shared key configured on the device must be the same as that configured on the RADIUS server.
Setting the maximum number of RADIUS request transmission attempts
Because RADIUS uses UDP packets to transfer data, the communication process is not reliable. RADIUS
uses a retransmission mechanism to improve reliability. If a NAS sends a RADIUS request to a RADIUS
server but receives no response before the response timeout timer expires, it retransmits the request. If the
number of transmission attempts exceeds the specified limit but it still receives no response, it tries to
communicate with other RADIUS servers in the active state. If no other servers are in the active state at the
time, it considers the authentication a failure. For more information about RADIUS server states, see
―Setting the status of RADIUS servers.―
Follow these steps to set the maximum number of RADIUS request transmission attempts:
To do… Use the command… Remarks
Enter system view system-view —
Enter RADIUS scheme view radius scheme radius-scheme-
name —
Set the maximum number of
RADIUS request transmission
attempts
retry retry-times Optional
3 by default

Add page 34 to Favourites

image text

Enable zoom

24
.
NOTE:
 The maximum number of transmission attempts of RADIUS packets multiplied by the RADIUS server response
timeout period cannot be greater than 75 seconds.
 For more information about the RADIUS server response timeout period, see “Setting timers for controlling
communication with RADIUS servers.“
Setting the supported RADIUS server type
The supported RADIUS server type determines the type of the RADIUS protocol that the device uses to
communicate with the RADIUS server. It can be standard or extended:
 Standard—Uses the standard RADIUS protocol, compliant to RFC 2865 and RFC 2866 or later.
 Extended—Uses the proprietary RADIUS protocol of HP.
When the RADIUS server runs iMC, you must set the RADIUS server type to extended. When the RADIUS
server runs third-party RADIUS server software, either RADIUS server type applies. For the device to
function as a RADIUS server to authenticate login users, you must set the RADIUS server type to standard.
Follow these steps to set the RADIUS server type:
To do… Use the command… Remarks
Enter system view system-view —
Enter RADIUS scheme view radius scheme radius-scheme-
name —
Set the RADIUS server type server-type { extended |
standard }
Optional
standard by default

NOTE:
Changing the RADIUS server type will restore the unit for data flows and that for packets that are sent
to the RADIUS server to the defaults.
Setting the status of RADIUS servers
By setting the status of RADIUS servers to blocked or active, you can control which servers the device will
communicate with for authentication, authorization, and accounting or turn to when the current servers
are not available anymore. In practice, you can specify one primary RADIUS server and multiple
secondary RADIUS servers, with the secondary ones as the backup of the primary one. Generally, the
device chooses servers based on these rules:
 When the primary server is in the active state, the device communicates with the primary server. If
the primary server fails, the device changes the state of the primary server to blocked and starts a
quiet timer for the server, and then turns to a secondary server in the active state (a secondary
server configured earlier has a higher priority). If the secondary server is unreachable, the device
changes the server’s status to blocked, starts a quiet timer for the server, and continues to check the
next secondary server in the active state. This search process continues until the device finds an
available secondary server or has checked all secondary servers in the active state. If the quiet timer
of a server expires or an authentication or accounting response is received from the server, the state
of the server changes back to active automatically, but the device does not check the server again. If
no server is found reachable during one search process, the device considers the authentication or
accounting attempt a failure.
 Once the accounting process of a user starts, the device keeps sending the user’s real-time
accounting requests and stop-accounting requests to the same accounting server. If you remove the

Add page 35 to Favourites

image text

Enable zoom

							25 
accounting server, real-time accounting requests and stop-accounting requests of the user cannot be 
delivered to the server anymore.  
 If  you  remove an  authentication or  accounting  server  in  use, the  communication of  the device with 
the  server  will soon time out,  and  the  device  will  look  for  a  server  in the active state  from  scratch: it 
checks the  primary  server (if  any)  first  and then  the  secondary  servers in the order  they  are 
configured. 
 When  the  primary  server  and  secondary  servers  are  all  in the blocked state,  the  device 
communicates  with  the  primary  server.  If  the  primary  server  is  available,  its state changes  to active; 
otherwise, its state remains to be blocked.  
 If  one  server  is  in the active state and the  others are in the blocked  state,  the  device  only  tries  to 
communicate with the server in the active state, even if the server is unavailable.  
 After receiving an authentication/accounting response from a server, the device changes the state of 
the  server identified  by the  source  IP  address of the  response  to active if  the  current  state  of  the 
server is blocked. 
By default,  the  device  sets  the  status  of  all  RADIUS  servers  to active. In  some  cases,  however, you may 
need  to  change  the  status  of  a  server. For example, if  a  server  fails, you  can  change  the  status  of  the 
server to blocked to avoid communication with the server.  
Follow these steps to set the status of RADIUS servers: 
To do… Use the command… Remarks 
Enter system view system-view — 
Enter RADIUS scheme view radius scheme radius-scheme-name — 
Set the status of the primary RADIUS 
authentication/authorization server 
state primary authentication { 
active | block } 
Optional 
active for every server 
specified in the RADIUS 
scheme by default 
Set the status of the primary RADIUS 
accounting server 
state primary accounting { active | 
block } 
Set the status of the secondary 
RADIUS authentication/authorization 
server 
state secondary authentication [ ip 
ipv4-address | ipv6 ipv6-address ] 
{ active | block } 
Set the status of the secondary 
RADIUS accounting server 
state secondary accounting [ ip 
ipv4-address | ipv6 ipv6-address ] 
{ active | block } 
 
 NOTE: 
 The server status set by the state command cannot be saved in the configuration file and will be restored to 
active every time the server restarts.  
 To display the states of the servers, use the display radius scheme command.   
Setting the username format and traffic statistics units 
A username  is usually in  the  format  of userid@isp-name,  where isp-name represents  the  name  of the ISP 
domain  the  user  belongs  to  and  is  used  by  the  device  to  determine  which  users  belong  to  which  ISP 
domains. However, some earlier RADIUS servers cannot recognize usernames that contain an ISP domain 
name.  In  this  case, the device must  remove  the  domain  name of  each  username before  sending the 
username. You can set the username format on the device for this purpose. 
The  device  periodically  sends  accounting  updates  to  RADIUS  accounting  servers  to  report  the  traffic 
statistics  of  online  users.  For  normal  and  accurate  traffic  statistics,  make  sure  that  the  unit for data flows 
and that for packets on the device are consistent with those on the RADIUS server.

Add page 36 to Favourites

image text

Enable zoom

26
Follow these steps to set the username format and the traffic statistics units for a RADIUS scheme:
To do… Use the command… Remarks
Enter system view system-view —
Enter RADIUS scheme view radius scheme radius-scheme-
name —
Set the format for usernames sent
to the RADIUS servers
user-name-format { keep-original
| with-domain | without-domain
}
Optional
By default, the ISP domain name
is included in the username.
Specify the unit for data flows or
packets sent to the RADIUS
servers
data-flow-format { data { byte |
giga-byte | kilo-byte | mega-byte
} | packet { giga-packet | kilo-
packet | mega-packet | one-
packet } }*
Optional
byte for data flows and one-
packet for data packets by
default.

NOTE:
 If a RADIUS scheme defines that the username is sent without the ISP domain name, do not apply the RADIUS
scheme to more than one ISP domain. Otherwise, users using the same username but in different ISP domains
will be considered the same user.
 For level switching authentication, the user-name-format keep-original and user-name-format without-domain
commands produce the same results: they ensure that usernames sent to the RADIUS server carry no ISP domain
name.
Specifying a source IP address for outgoing RADIUS packets
The source IP address of RADIUS packets that a NAS sends must match the IP address of the NAS
configured on the RADIUS server. A RADIUS server identifies a NAS by its IP address. Upon receiving a
RADIUS packet, a RADIUS server checks whether the source IP address of the packet is the IP address of
any managed NAS. If yes, the server processes the packet. If not, the server drops the packet.
Usually, the source address of outgoing RADIUS packets can be the IP address of the NAS’s any interface
that can communicate with the RADIUS server.
You can specify a source IP address for outgoing RADIUS packets in RADIUS scheme view for a specific
RADIUS scheme, or in system view for all RADIUS schemes. Before sending a RADIUS packet, a NAS
selects a source IP address in this order:
1. The source IP address specified for the RADIUS scheme.
2. The source IP address specified in system view.
3. The IP address of the outbound interface specified by the route.
Follow these steps to specify a source IP address for all RADIUS schemes:
To do… Use the command… Remarks
Enter system view system-view —
Specify a source IP address
for outgoing RADIUS packets
radius nas-ip { ip-address |
ipv6 ipv6-address }
Required
By default, the IP address of the outbound
interface is used as the source IP address.

Follow these steps to specify a source IP address for a specific RADIUS scheme:

Add page 37 to Favourites

image text

Enable zoom

							27 
To do… Use the command… Remarks 
Enter system view system-view — 
Enter RADIUS scheme view radius scheme radius-scheme-
name — 
Specify a source IP address 
for outgoing RADIUS packets 
nas-ip { ip-address | ipv6 
ipv6-address } 
Required 
By default, the IP address of the outbound 
interface is used as the source IP address. 
 
Setting timers for controlling communication with RADIUS servers 
The device uses the following types of timers to control the communication with a RADIUS server:  
 Server  response  timeout timer (response-timeout)—Defines the RADIUS  request  retransmission 
interval. After  sending  a  RADIUS  request  (authentication/authorization  or  accounting  request),  the 
device starts  this  timer.  If  the  device receives  no  response  from the  RADIUS  server before  this  timer 
expires, it resends the request. 
 Server quiet  timer  (quiet)—Defines  the  duration  to  keep  an  unreachable  server  in  the blocked state. 
If a server is not reachable, the device changes the server’s status to blocked, starts this timer for the 
server,  and tries  to  communicate  with another  server  in  the active state.  After  this  timer  expires,  the 
device changes the status of the server back to active.  
 Real-time  accounting timer (realtime-accounting)—Defines  the  interval  at  which  the  device  sends 
real-time  accounting  packets  to  the  RADIUS  accounting  server  for  online  users.  To  implement  real-
time  accounting,  the  device  must  periodically  send  real-time  accounting  packets  to  the  accounting 
server for online users. 
Follow these steps to set timers for controlling communication with RADIUS servers: 
To do… Use the command… Remarks 
Enter system view system-view — 
Enter RADIUS scheme view radius scheme radius-scheme-
name — 
Set the RADIUS server response 
timeout timer timer response-timeout seconds Optional 
3 seconds by default 
Set the quiet timer for the servers timer quiet minutes Optional 
5 minutes by default 
Set the real-time accounting timer timer realtime-accounting minutes Optional 
12 minutes by default

Add page 38 to Favourites

image text

Enable zoom

							28 
 NOTE: 
 For an access module, the maximum number of transmission attempts multiplied by the RADIUS server response 
timeout period must be less than the client connection timeout time and must not exceed 75 seconds. Otherwise, 
stop-accounting messages cannot be buffered, and the primary/secondary server switchover cannot take place. 
For example, because the client connection timeout time for voice access is 10 seconds, the product of the two 
parameters must be less than 10 seconds; because the client connection timeout time for Telnet access is 30 
seconds, the product of the two parameters must be less than 30 seconds. 
 When configuring the maximum number of RADIUS packet transmission attempts and the RADIUS server 
response timeout period, be sure to take the number of secondary servers into account. If the retransmission 
process takes too much time, the client connection in the access module may be timed out while the device is 
trying to find an available server.  
 When a number of secondary servers are configured, the client connections of access modules that have a short 
client connection timeout period may still be timed out during initial authentication or accounting, even if the 
packet transmission attempt limit and server response timeout period are configured with small values. In this 
case, the next authentication or accounting attempt may succeed because the device has set the state of the 
unreachable servers to blocked and the time for finding a reachable server is shortened. 
 Be sure to set the server quiet timer properly. Too short a quiet timer may result in frequent authentication or 
accounting failures because the device has to repeatedly attempt to communicate with a server that is in the 
active state but is unreachable. 
 For more information about the maximum number of RADIUS packet retransmission attempts, see “Setting the 
maximum number of RADIUS request transmission attempts.“  
Configuring RADIUS accounting-on 
The  accounting-on feature  enables a device to send  accounting-on  packets  to  the  RADIUS  server after it 
reboots, making the server log out users who logged in through the device before the reboot. Without this 
feature,  users  who  were  online  before  the  reboot  cannot  re-log  in  after  the  reboot,  because  the  RADIUS 
server considers they are already online. 
If  a  device  sends  an  accounting-on  packet  to  the  RADIUS  server  but  receives  no  response,  it  resends  the 
packet to the server at a particular interval for a specified number of times. 
Follow these steps to configure the accounting-on feature for a RADIUS scheme: 
To do… Use the command… Remarks 
Enter system view system-view — 
Enter RADIUS scheme view radius scheme radius-scheme-
name — 
Enable accounting-on and 
configure parameters 
accounting-on enable [ 
interval seconds | send send-
times ] * 
Required 
Disabled by default. 
The default interval is 3 seconds and the 
default number of send-times is 5.  
 
 NOTE: 
The accounting-on feature requires the cooperation of the iMC network management system.  
Specifying a security policy server 
The  core  of  the  EAD  solution  is  integration  and  cooperation,  and  the  security  policy  server  is  the 
management  and  control  center.  As  a  collection  of  software,  the  security  policy  server  provides  functions 
such  as  user  management,  security  policy  management,  security  status  assessment,  security  cooperation 
control, and security event audit.

Add page 39 to Favourites

image text

Enable zoom

							29 
The  NAS  checks  the  validity  of  received  control  packets  and  accepts  only  control  packets  from  known 
servers.  To  use  a  security  policy  server  that  is  independent  of  the  AAA  servers,  you  must  configure  the  IP 
address  of  the  security  policy  server  on the NAS.  To  implement all EAD functions, configure  both the  IP 
address of the iMC security policy server and that of the iMC configuration platform on the NAS. 
Follow these steps to specify a security policy server: 
To do… Use the command… Remarks 
Enter system view system-view — 
Enter RADIUS scheme view radius scheme radius-scheme-name — 
Specify a security policy server security-policy-server ip-address 
Required 
No security policy server is 
specified by default 
 
 NOTE: 
You can specify up to eight security policy servers for a RADIUS scheme.  
Configuring interpretation of RADIUS class attribute as CAR parameters 
According  to  RFC  2865,  a  RADIUS  server  assigns  the RADIUS class  attribute  (attribute  25)  to  a  RADIUS 
client. However, the RFC only requires the RADIUS client to send the attribute to the accounting server on 
an ―as is‖ basis; it does not require the RADIUS client to interpret the attribute. Some RADIUS servers use 
the  class  attribute  to  deliver  the  assigned committed  access  rate (CAR)  parameters.  In  this  case,  the 
access  devices  need  to  interpret  the  attribute  to  implement  user-based  traffic  monitoring  and  controlling. 
To  support  such  applications,  configure  the access  devices to  interpret  the  class  attribute as the  CAR 
parameters. 
Follow these steps to configure the RADIUS client to interpret the class attribute as the CAR parameters: 
To do… Use the command… Remarks 
Enter system view system-view — 
Enter RADIUS scheme view radius scheme radius-
scheme-name — 
Specify to interpret the class 
attribute as the CAR parameters attribute 25 car 
Required 
Be default, RADIUS attribute 25 is not 
interpreted as CAR parameters.  
 
 NOTE: 
Whether to configure this feature depends on the implementation of the device and the RADIUS server.   
Enabling the RADIUS trap function 
With the RADIUS trap function, a NAS sends a trap message in either of these situations: 
 The  status  of  a  RADIUS  server  changes. If  a  NAS  sends and  retransmits an accounting or 
authentication  request to a RADIUS  server but gets no  response before  the  maximum  number  of 
transmission  attempts  is  reached,  it considers  the  server  unavailable  and sends  a  trap  message.  If 
the NAS receives a response from a RADIUS server in the blocked state, the NAS considers that the 
RADIUS server is reachable again and also sends a trap message. 
 The  ratio  of  the  number  of  failed  transmission  attempts  to  the  total  number  of  authentication  request 
transmission attempts reaches the threshold. This threshold ranges from 1% to 100% and defaults to 
30%. This threshold can only be configured through the MIB.

Add page 40 to Favourites

image text

Enable zoom

							30 
The failure  ratio  is generally small.  If  you  see  a  trap  message  triggered  due  to  a  higher  failure  ratio, 
check the configurations on the NAS and the RADIUS server and the communications between them. 
Follow these steps to enable the RADIUS trap function: 
To do… Use the command… Remarks 
Enter system view system-view — 
Enable the RADIUS trap 
function 
radius trap { accounting-server-down | 
authentication-error-threshold | authentication-
server-down } 
Required 
Disabled by default 
 
Enabling the listening port of the RADIUS client 
Follow these steps to enable the listening port of the RADIUS client:  
To do… Use the command… Remarks 
Enter system view system-view — 
Enable the listening port of the 
RADIUS client radius client enable Optional 
Enabled by default 
 
Displaying and maintaining RADIUS 
To do… Use the command… Remarks 
Display the configuration information 
of RADIUS schemes 
display radius scheme [ radius-scheme-
name ] [ slot slot-number ] [ | { begin 
| exclude | include } regular-
expression ] 
Available in any view 
Display statistics about RADIUS 
packets 
display radius statistics [ slot slot-
number ] [ | { begin | exclude | 
include } regular-expression ] 
Available in any view 
Display information about buffered 
stop-accounting requests that get no 
responses 
display stop-accounting-buffer { 
radius-scheme radius-server-name | 
session-id session-id | time-range 
start-time stop-time | user-name user-
name } [ slot slot-number ] [ | { begin 
| exclude | include } regular-
expression ] 
Available in any view 
Clear RADIUS statistics reset radius statistics [ slot slot-number 
] Available in user view 
Clear buffered stop-accounting 
requests that get no responses 
reset stop-accounting-buffer { radius-
scheme radius-server-name | session-
id session-id | time-range start-time 
stop-time | user-name user-name } [ 
slot slot-number ] 
Available in user view 
 
Configuring HWTACACS schemes  
 NOTE: 
You cannot remove the HWTACACS schemes in use or change the IP addresses of the HWTACACS 
servers in use.

All HP manuals Comments (0)

Related Manuals for HP A 5120 Manual

HP A 5120 Manual
1464 pages | HP Switch
HP 18108 Instruction Manual
71 pages | HP Switch