Procurve cli

De Linuxmemo.

https://h22208.www2.hpe.com/eginfolib/networking/docs/switches/common/15-18/5998-8158_bog/content/ch03s03.html

Sommaire 1 Plus utile 2 Creating and assigning VLANS 3 Additional VLAN commands 4 Trunking 4.1 Trunk 4.2 LACP (Link Aggregation Control Protocol) 5 IP Routing 6 Multicast and Multicast Routing 7 Spanning Tree 8 LLDP (Link Layer Discovery Protocol) 9 Access Lists 10 DHCP Snooping 11 Flow Control 12 Management Modules (For 8000 series switches) 13 Configuration ssh for publickey 14 LOG 15 MAC 16 Memo 17 Plus 18 VLAN port Status

[modifier] Plus utile

• aide sur les commande

<commande> help

• informations systeme

show system information
show tech buffers

• voir la config

show runnig-config  (en ram)
show config         (au start-up)

• Compare les 2 configuration (start-up et running)

show config status

• sauvegarder la runnig-config dans la start-up config

write memory

• voir la configuration ip

show ip

• configuration ip différente sur chaque vlan

vlan 1
ip address 192.168.0.1/24
show ip

• gérer les sessions sur le switch

show ip ssh 
kill numero-de-sesion

• gestion des interfaces

show interfaces brief
show interfaces brief | include Up
show interfaces config
show interfaces port-utilization

configure
[no] interface < port-list > [< disable | enable >]
interface c1-c3,c6 speed-duplex 100-full
interface A1 name le port machin
show name

• Trunks

show trunks
show lacp

• LLDP

show lldp config

• transfert de data

ip ssh version 2
ip ssh filetransfer 
no tftp-enable
copy event-log sftp username@192.168.0.152 log

Copying a Configuration from a Remote Host:
copy sftp < startup-config | running-config > < ip-address > < remote-file > [ pc | unix ]

Copying a Configuration File to a Remote Host:
copy < startup-config | running-config > tftp < ip-addr > < remote-file > [ pc | unix ]

Copying Command Output to a Destination Device:
copy command-output < “cli-command” > sftp < ip-address > < filepath­ filename >

• gestion des modules

show modules

• gestion des tables mac

show mac-address
[ vlan < vlan-id >]
[< port-list >]
[< mac-addr >]

[modifier] Creating and assigning VLANS

HP-Switch(Config)#Vlan 10 (Creates VLAN 10)
HP-Switch(vlan-10)#untagged a1 (Puts interface a1 into vlan 10 as untagged, meaning any packets that are untagged are on vlan 10)
HP-Switch(Config)#Vlan 20 (Creates VLAN 20)
HP-Switch(vlan-20)#tagged a1 (Makes interface a2 an 802.1q trunked port. Tagging this port with vlan 20 means that interface a2 accepts vlan 20 tagged packets)
HP-Switch(Config)#show vlan (Shows vlan ID, Name, Status, Voice and Jumbo support)
HP-Switch(Config)#show vlan ports a1 (Shows the vlans belonging to a1)
HP-Switch(Config)#show vlan 1 (Shows ports that are assigned to vlan 1)

[modifier] Additional VLAN commands

HP-Switch(vlan-10)#ip helper-address 192.168.1.1 (Sends DHCP or BOOTP packets to the following IP address)
HP-Switch(vlan-10)#jumbo (Enables Jumbo Frames on this vlan)

[modifier] Trunking

[modifier] Trunk

Trunking in HP terms is bundling 2 or more ports together to create a larger bandwidth port. In Cisco terms it is referred to as Etherchannel. The connecting switch must also be configured for trunking.

HP-Switch(Config)#trunk a4-a7 trk1 trunk (Creates a 4 port bundled trunk port with interface a4-a7)
HP-Switch(Config)#trunk a4-a7 trk1 lacp (Creates a 4 port bundles trunk port with interface a4-a7 using the lacp protocol)
HP-Switch(Config)#show trunk (Shows Port name, connection speeds, trunk group and type trunk | LACP)
HP-Switch(Config)#show trunk a4 (Shows trunk information for the interface a4 member)
HP-Switch(Config)#show lacp (Displays information about lacp status on port members)

[modifier] LACP (Link Aggregation Control Protocol)

Pour monter un LAG (Link Aggregation Group) en liens dynamique avec LACP.

show lacp
show log lacp

Now coming to LACP mode, it can be active or passive, but for LAG to be functional at least one side must be configured with active (by default when configured LACP its mode is passive). Active member sends LACP PDUs to passive member ever one second and passive member also responds by sending PDUs. Now if both members are in active mode then they both will actively transmit LACP PDUs and other side will respond.

[modifier] IP Routing

HP-Switch(Config)#ip routing (Turns on IP routing for the switch. Out of the box the switch support static routes and RIP. With a Premium license you will get OSPF)
HP-Switch(Config)#ip route 192.168.2.0/24 192.168.1.1 (Routes the subnet 192.168.2.0/24 to 192.168.1.1)

[modifier] Multicast and Multicast Routing

HP-Switch(vlan-10)#ip igmp (Enables Internet Group Management Protocol controls. IGMP allows the ports to detect IGMP queries and report packets and manage IP multicast traffic through the switch.
By default multicast traffic is flooded through all ports except the port it was received on)
HP-Switch(Config)#ip multicast-routing (Enables Multicast Routing across subnets, you must have a license to enable this feature an you must have ip routing enabled also)
HP-Switch(Config)#router pim (Enables Pim Dense Mode Multicast Routing)
HP-Switch(vlan-1)#ip pim 192.168.1.1 (Assigns the routers pim source address statically)

[modifier] Spanning Tree

HP-Switch(Config)#spanning-tree (Turns on Spanning Tree)
HP-Switch(Config)#spanning-tree priority 0 (Makes this switch the root switch with a priority of 4096)
HP-Switch(Config)#spanning-tree force-version rstp-operation (Operates spanning tree in Rapid Spanning Tree mode)
HP-Switch(Config)#spanning-tree a1 bpdu-filter (Stops the port from transmitting or receiving bpdu’s. The port will continuously forward traffic. Useful for bridging devices)
HP-Switch(Config)#spanning-tree a1 bpdu-protection (Disables the port if it receives bpdu’s)
HP-Switch(Config)#spanning-tree a1 admin-edge-port (Makes a1 an admin edge port. Used for connected to end devices)
HP-Switch(Config)#no spanning-tree a1 admin-edge-port (Makes a1 a non-admin edge port. Used for connections to switches)
HP-Switch(Config)#show spanning-tree (Shows spanning tree information for vlans and ports)
HP-Switch(Config)#show spanning-tree bpdu-protection (Shows which ports are configured with bpdu protection)
HP-Switch(Config)#show spanning-tree detail (Shows extended information on vlans and ports)

[modifier] LLDP (Link Layer Discovery Protocol)

Utilisés dans la découverte des topologies réseau de proche en proche, mais aussi à apporter des mécanismes d'échanges d'informations entre équipements réseaux, et utilisateurs finaux.

show lldp config

[modifier] Access Lists

HP-Switch(Config)#ip access-list extended “100″ (Creates an extended access list 100)
HP-Switch(config-ext-nacl)#10 deny tcp 0.0.0.0 255.255.255.255 192.168.1.2 0.0.0.0 eq 25 (Denies everyone access to port 25 on 192.168.1.2)
HP-Switch(config-ext-nacl)#20 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 (Permit any to any for any IP service)
HP-Switch(vlan10)#ip access-group “100″ in (Applies the access list 100 in an inbound direction for vlan 10)
HP-Switch(Config)#show access-list (Displays configured access-lists)

[modifier] DHCP Snooping

DHCP Snooping prevents unauthorized DHCP servers from being used and providing invalid configuration data to clients on the network

HP-Switch(Config)#dhcp-snooping (Turns on DHCP Snooping)
HP-Switch(Config)#dhcp-snooping vlan 1 (Turns on DHCP Snooping for vlan 1)
HP-Switch(eth-a1)#dhcp-snooping trust (Makes interface a1 a trusted DHCP snooping interface i.e. an uplink to known DHCP Server)
HP-Switch(Config)#dhcp-snooping authorized-server 192.168.1.2 (Authorized DHCP Server address, the DHCP Server packet must also be received on a trusted port)
HP-Switch(Config)#show dhcp-snooping stats (Shows packet type action and reason. i.e. Server, Client, forward, drop, Reason and count)

[modifier] Flow Control

You can turn on Flow Control between switch uplinks. Flow Control will not allow packets to drop if the link is being saturated.

HP-Switch(Config)#interface a4 (First step is to go into the interface)
HP-Switch(eth-A4)#flow-control (Second Step is to turn on Flow-Control on the interface)

[modifier] Management Modules (For 8000 series switches)

HP Procurve Advanced CLI Commands Reference

HP-Switch(Config)#redundancy management-module nonstop-switching (Turns on nonstop-switching for redundant management modules. This allows a management module to fail without dropping packets. This is Active/Active)
HP-Switch(Config)#redundancy management-module (Turns on normal management module redundancy where the passive module reboots once the primary fails. This is Active/Passive)
HP-Switch(Config)#redundancy active-management management-module2 (Will make management module 2 active on next boot)
HP-Switch(Config)#redundancy switchover (Make the standby management module active immediately)
HP-Switch(Config)#show redundancy (Brief details on the redundant management and fabric modules)
HP-Switch(Config)#show redundancy details (Displays the following)

[modifier] Configuration ssh for publickey

no ip ssh filetransfer
tftp client
copy tftp pub-key-file @IP key.pub
display public-key peer
show crypto client-public-key
ip ssh filetransfer
aaa authentication ssh login public-key none
aaa authentication ssh enable tacacs local
#aaa authentication ssh enable tacacs authorized #enable sans mot de passe
show authentication

[modifier] LOG

show logging 	Display log events (most recent last)
'showlog -r' 	Display log events (most recent first)
show log A12 	Display log events of port a12
show log A12 -r 	Display log events of port a12 (most recent first)
show log 192.168.0.1 	Display log events of 192.168.0.1

[modifier] MAC

show mac A5 	Show MAC-address of the device on port A5
show mac A4-A6 	Show MAC-adresss of the devices on ports between A4 and A6
show mac 00112233-445566 	Show which port device with MAC-address 00112233-445566 is connected

[modifier] Memo

• VLAN

show vlans 	Show information about vlans on this swtich
show vlans ports A19 	Show VLAN ID and status of specific ports (A19)
show vlans IDduVlan 	Show ports on this vlan and port status

• configure

vlan 19 	Set switch to vlan 19
name SupportVLAN 	Name this vlan as “SupportVLAN”
tag A12 	Set port a12 as tagged on vlan 19 (First do vlan <19>)
tag A12,A13 	Set ports a12 and 13 tagged on vlan 19 (First do vlan <19>)
untag A12 	Set port a12 as untagged on vlan 19
vlan 19 tagged A12 	Set port a12 as tagged on vlan 19
vlan 19 untagged A12 	Set port a12 as untagged on vlan 19
vlan 19 untagged A12-A20 	Set port a12-a20 as untagged on vlan 19
no vlan 30 	Remove vlan setting on port 30

• FLASH

show flash 	Displays info about flash (version etc.)
copy running-config tftp filename.txt 	Copy your running config to file filename.txt at tftp server which IP is .
copy tftp startup 192.168.0.2 hp_2524 	Copy your config (filename hp2524) from server 192.168.0.2 via tftp to switch
copy tftp flash file.swi 	Download and update your flash with file.swi from tftp server at

• MISC

copy flash flash secondary 	Copy software from primary to secondary image is not intuitive
copy flash flash primary 	Updated secondary image first then You could copy from secondary to primary
hostname poro_1 	Set switch hostname as poro_1
link-test 00112233-445566 	Test connectivity between switches (this switch and 00112233-445566)
show run 	Show running config
password operator 	Set operator password (Normal user / read-only )
password manager 	Set manager password (Admin user / read-write)
password all 	Set operator and manager password
enable 	Switch to manager lever from operator level
ping 192.168.0.1 	Ping IP 192.168.0.1
chassislocate 	Turn on/off switch locator led or blink it (30 minutes)
chassislocate blink 10 	Blink switch locator led 10 minutes
ntp1 first.timeserver.net 	Add first.timeserver.net to NTP server list
timesync ntp 	Enable NTP syncronization with servers

• PROMPT

Switch# 	Manager prompt
Switch>_ 	Operator prompt

• Name

interface <port> name <port-name> --- Assign a port name to port-list
show name --- Show port name

• PoE

#show power-over-ethernet brief [<port>] --- To show PoE
#no interface <port> power-over-ethernet --- To turn off for a port
#interface <port> power-over-ethernet --- To turn on for a port

[modifier] Plus

• Display logs or debug on current session:

terminal monitor (Cisco)
debug destination session (HP Procurve)

• By default HP Procurve switch don't display packets drops by queue. You can enable the monitoring only on 1 interface with the command below:

qos watch-queue xx out (where XX is the interface you want to monitor)

• Obtain 'show tech':

copy command-output "show tech all" sftp user ftpuser 10.10.10.10 show-tech.txt

• Filter a 'show runnning' command: Like Cisco, it's possible to use '|' after the 'show running'

Switch# show running-config | include router
ip router-id 1.1.1.1
router ospf
router vrrp
Switch# show running-config | begin router
ip router-id 1.1.3.1

• Affichage en continu dans le terminal (sans --more--)

enable
terminal length 1000
show config

• Port monitor

Turn on:
configure terminal
mirror-port <port>
int <port range>, monitor  (Example: int 1-4, monitor)
show monitor
exit

Turn off:
no mirror-port A1

[modifier] VLAN port Status

Tagged
   Allows the port to join multiple VLANs.

Untagged 	
   Allows VLAN connection to a device that is configured for an untagged VLAN instead of a tagged VLAN.
   A port can be an untagged member of only one port-based VLAN.
   A port can be an untagged member of only one protocol-based VLAN for any given protocol type.
For example, if the switch is configured with the default VLAN plus three protocol-based VLANs that include IPX,
then port 1 can be an untagged member of the default VLAN and one of the protocol-basedV LANS.

No or Auto 	
   No: When the switch is not GVRP-enabled; prevents the port from joining that VLAN.
   Auto: When GVRP is enabled on the switch; allows the port to dynamically join any advertised VLAN that has the same VID.

Forbid
   Prevents the port from joining the VLAN, even if GVRP is enabled on the switch.