ProCurve Adaptive EDGE Fundamentals 8.41 - Lab Activity Guide - 20081121

Adaptive EDGE Fundamentals
Version 8.41
Lab Guide
Technical Training
Contents
Lab Overview
Introduction .............................................................................................................. 1
Equipment List ......................................................................................................... 1
Scenario .................................................................................................................... 2
Module 1 Lab 1: Enabling Remote Management
Objectives ................................................................................................................. 1
Overview .................................................................................................................. 2
Getting started .......................................................................................................... 3
Network diagram ...................................................................................................... 4
Task 1. Explore the different CLI privilege levels........................................... 5
Task 2. Explore the CLI command syntax....................................................... 6
Task 3: Define host names for the switches..................................................... 8
Task 4. Define usernames and passwords for the privilege levels................... 9
Task 5. Define an IP address and mask for in-band management ................. 10
Task 6. Establish an in-band management session ........................................ 12
Task 7. Explore the Switch Setup screen ....................................................... 13
Task 8. Use the Menu interface to configure IP authorized managers .......... 14
Task 9. Verify the IP authorized managers configuration ............................. 15
Task 10. Explore the Web interface............................................................... 16
Command Reference .............................................................................................. 17
Module 1 Lab 2: Software and File Management
Objectives ................................................................................................................. 1
Overview .................................................................................................................. 1
Network diagram ...................................................................................................... 2
Task 1. Upgrade the switch software ............................................................... 3
Task 2. Create a back-up of the switch configuration file ............................... 5
Task 3. Boot the switch with a factory default configuration file.................... 6
Task 4. Implement the multiple configuration files feature............................. 7
Task 5. Implement the SNTP service............................................................... 9
Task 6. View the Event Log and implement Syslog services ........................ 11
Task 7. View interfaces and define friendly port names................................ 13
Task 8. View LLDP information ................................................................... 14
Task 9. Back up your switch configuration files............................................ 15
Optional tasks ......................................................................................................... 16
Optional Task 10. Use advanced options of the copy command ................... 16
Optional Task 11. Use the show tech command ............................................ 17
Rev. 8.41 1
ProCurve Adaptive EDGE Fundamentals
Module 2 Lab : Configuring VLANs

Objectives ................................................................................................................. 1
Overview .................................................................................................................. 1
Network diagram ...................................................................................................... 2
Task 1. Perform initial configuration of the Core and Edge_3 switches ......... 3
Task 2. Add the necessary user VLANs to each switch .................................. 5
Task 3. Tag switch-to-switch links with the appropriate VLANs ................... 7
Task 4. Define IP addresses for the VLANs .................................................... 9
Task 5. Test reachability of the IP addresses ................................................. 10
Task 6. Enable IP routing on the core switch ................................................ 11
Task 7. Configure default gateways............................................................... 12
Task 8. Configure an IP helper address ......................................................... 13
Task 9. Test the IP helper address on VLANs 10 and 20 .............................. 15
Task 10. Back up your switch configuration files.......................................... 16
Module 3 Lab : Using ProCurve Manager Plus
Objectives ................................................................................................................. 1
Overview .................................................................................................................. 1
Network diagram ...................................................................................................... 2
Task 1. Install the PCM+ network management application ........................... 3
Task 2. Install the PCM+ remote client software........................................... 17
Task 3. Configure PCM+ for remote client connections ............................... 24
Task 4. Start and navigate the PCM+ user interface...................................... 26
Task 5. Perform common management tasks – Configuration management
and VLANs .................................................................................................... 42
Task 6. Manage switch software updates....................................................... 52
Task 7. Use the Find Node and Trace Path diagnostic tools.......................... 56
Optional tasks ......................................................................................................... 60
Optional Task 9. Run the traffic generator program ...................................... 60
Optional Task 10. Use the Traffic Manager to examine the traffic data........ 62
Optional Task 11. Modify threshold alarms .................................................. 67
Optional Task 12. Configure an RMON Manager threshold......................... 71
Module 4 Lab 1: Configuring Link Aggregation
Objectives ................................................................................................................. 1
Overview .................................................................................................................. 1
Network diagram ...................................................................................................... 2
Task 1. Prepare a Windows client connection ................................................. 3
Task 2. Define two ports as members of a static LACP trunk between Core
and Edge_1....................................................................................................... 4
Task 3. Examine connectivity .......................................................................... 5
Task 4. Assign the trunk ports to the appropriate VLANs............................... 6
Task 5. Implement a static LACP trunk between Core and Edge_2................ 7
Task 6. Implement a static LACP trunk between Edge_2 and Edge_3 ........... 9
2 Rev. 8.41
Contents
Optional task........................................................................................................... 12
Optional Task 8. Verify load sharing............................................................. 12
Module 4 Lab 2: Configuring RSTP
Objectives ................................................................................................................. 1
Overview .................................................................................................................. 1
Network diagram ...................................................................................................... 2
Task 1. Configure VLAN 30 support on your switches................................... 3
Task 2. Configure the spanning tree bridge priority and version..................... 4
Task 3. View spanning tree details and enable RSTP...................................... 5
Task 4. Add a redundant link and verify the state of each port ....................... 6
Task 5. Verify connectivity and proper configuration ..................................... 7
Task 6. Add the second redundant link and verify the state of each port ........ 8
Task 7. Verify connectivity and proper configuration ..................................... 9
Task 8. Tag connected ports to carry all user VLANs................................... 10
Module 4 Lab 3: Configuring MSTP
Objectives ................................................................................................................. 1
Overview .................................................................................................................. 1
Network diagram ...................................................................................................... 2
Task 1. Tag the currently connected ports to carry all user VLANs................ 3
Task 2. Configure the spanning tree bridge priority and version..................... 4
Task 3. Enable spanning tree and view spanning tree information for the CST5
Task 4. Configure MST region and per-instance parameters .......................... 6
Task 5. Add a redundant link and verify the state of each port ....................... 7
Task 6. Verify connectivity and proper configuration ................................... 10
Task 7. Add the second redundant link and verify the state of each port ...... 11
Task 8. Verify connectivity and proper configuration for the second link .... 13
Module 4 Lab 4: Enabling HP Switch Meshing
Objectives ................................................................................................................. 1
Overview .................................................................................................................. 1
Network diagram ...................................................................................................... 2
Task 1. Modify the Core switch configuration ................................................ 3
Task 2. Modify the Edge_3 switch configuration............................................ 4
Task 3. Modify the Edge_1 and Edge_2 switch configurations ...................... 5
Task 4. Modify the Windows server computer configuration ......................... 6
Task 5. Configure additional ports on Core, Edge_1 and Edge_2................... 7
Task 6. Enable switch meshing on Core, Edge_1 and Edge_2........................ 8
Task 7. Verify proper spanning tree operation and network connectivity....... 9
Task 8. View the spanning tree details for MST instance 2........................... 11
Task 9. Verify switch meshing operation and network connectivity............. 12
Task 10. Restore your switch configuration files from lab 4.2 or lab 4.3...... 13
Rev. 8.41 3

Module 5 Lab : Configuring WAN Connectivity
Objectives ................................................................................................................. 1
Overview .................................................................................................................. 1
Network diagram ...................................................................................................... 2
Task 1. Connect to your Secure Router 7000dl ............................................... 3
Task 2. Configure a console password using MD5.......................................... 4
Task 3. Configure a hostname.......................................................................... 6
Task 4. Configure and enable an Ethernet interface ........................................ 7
Task 5. Configure a password for Telnet sessions using MD5........................ 8
Task 6. Start a Telnet session with your Secure Router 7000dl....................... 9
Task 7. Configure a T1 interface.................................................................... 10
Task 8. Configure PPP for the T1 interface ................................................... 12
Task 9. Verify connectivity............................................................................ 13
Task 10. Configure static routes .................................................................... 14
Task 11. Use summary and default routes to reach other networks............... 16
Optional Tasks........................................................................................................ 19
Optional Task 13. Using the Web interface of the Secure Router 7000dl..... 19
Optional Task 14. Using PCM to manage the Secure Router 7000dl............ 22
Module 6 Lab : Configuring Dynamic Routing
Objectives ................................................................................................................. 1
Overview .................................................................................................................. 1
Network diagram ...................................................................................................... 2
Task 1. Modify the static routes on Router ...................................................... 3
Task 2. Enable RIP on Router.......................................................................... 4
Task 3. Remove the static routes on Core........................................................ 5
Task 4. Enable RIP on Core............................................................................. 6
Task 5. Observe updates to the routing tables.................................................. 7
Task 6. Change the routing metric on Router .................................................. 9
Task 7. Create a new VLAN on Core ............................................................ 10
Task 8. Enable RIP on the new VLAN .......................................................... 11
Task 9. Observe updates to the routing tables with the new VLAN.............. 12
Task 10. Verify dynamic updates .................................................................. 13
Module 7 Lab : Configuring Traffic Prioritization
Objectives ................................................................................................................. 1
Overview .................................................................................................................. 1
Network diagram ...................................................................................................... 2
Student group partners ..................................................................................... 3
Task 1. Modify the network connectivity ........................................................ 4
Task 2. Configure a port for 10 Mbps FDX operation and VLAN 40............. 5
Task 3. Configure VLAN 40 support for the Windows client......................... 6
4 Rev. 8.41
Contents
Task 4. Access the video file on your partner group’s Windows computer .... 7
Task 5. Use TfGen to generate additional traffic........................................... 10
Task 6. Configure QoS for the video traffic in VLAN 40 ............................. 11
Task 7. Reconfigure your network................................................................. 12
Module 8 Lab 1: Configuring the Access Point 530
Objectives ................................................................................................................. 1
Overview .................................................................................................................. 1
Network diagram ...................................................................................................... 2
Task 1. Configure a port for VLAN 20 on Edge_2.......................................... 3
Task 2. Navigating the CLI of the Access Point 530....................................... 4
Task 3. Change the Default Password ............................................................. 6
Task 4. Assigning the country code ................................................................. 7
Task 5. Configuring the IP address of the Ethernet interface .......................... 8
Task 6. Using the web interface to configure the Access Point 530.............. 10
Task 7. Configuring System Information....................................................... 11
Task 8. Configuring WLAN for your group at PCU ..................................... 13
Task 9. Check Radio Status ........................................................................... 15
Task 10. Save Configuration.......................................................................... 16
Task 11. Configure the Windows client computer for wireless connectivity 18
Module 8 Lab 2: Configuring the Wireless Edge Services zl Module
Objectives ................................................................................................................. 1
Overview .................................................................................................................. 1
Network diagram ...................................................................................................... 2
Task 1. Access the Web browser interface for the Wireless Edge Services
Module ............................................................................................................. 3
Task 2. Configure Radio Settings .................................................................... 4
Task 3. Configure PoE Source switch for RP Connection............................... 8
Task 4. Configure the WLANs ...................................................................... 11
Task 5. Associate to the WLANs................................................................... 16
Task 6. Save the Configuration File to your TFTP Server ............................ 17
Module 9 Lab : Network Troubleshooting
Objectives ................................................................................................................. 1
Overview .................................................................................................................. 1
Module 10 Lab : Network Design
Objectives ................................................................................................................. 1
Overview .................................................................................................................. 1
Scenario .................................................................................................................... 2
Rev. 8.41 5
Appendices
Appendix A: Configuration File Solutions
Appendix B: Answers to Lab Questions
Appendix C: Step-by-Step Lab Guide
6 Rev. 8.41
Lab Overview
Introduction
These lab activities are designed as a supplement to the Adaptive EDGE
Fundamentals course to prepare network engineers to install, configure, and
troubleshoot ProCurve switching and routing products.
Equipment List
Each group of students is assigned to an equipment set that typically consists of
the following equipment:
Quantity Component Notes
1 ProCurve 5400zl Switch Alternatively, a 5300xl series switch
2 ProCurve 3500yl Switch Alternatively, a 5400zl series switch
Alternatively, a 2650, 2800, 4100gl series or 6108

1 ProCurve 2610 Switch
switch
1 ProCurve 7102dl Secure Router With 1 port (or 2 port) T1/E1 module
1 ProCurve Wireless AP 530
1 ProCurve Wireless RP 230 Alternatively, a 210 or 220 radio port
ProCurve Wireless Edge Services

1
zl Module
1 Windows Server Windows 2000 Server or Windows Server 2003
1 Windows Client Windows XP Professional
1 Wireless NIC Internal or External 802.11b/g for Windows client
2 Null modem console cable
12 1-meter Cat 5e cable
1 5-meter Cat 5e cable Cable long enough to reach Instructor switch
1 T1/E1 crossover cable
The two Windows computers should have the following additional software
installed:
HyperTerminal or Tera Term Pro
TFTP, SNTP, and Syslog server applications
Traffic generator application
Rev. 8.41 Overview 1 – 1

Scenario
The lab activities in the HP ProCurve Adaptive EDGE Fundamentals course are
based upon a scenario involving an enterprise network at an educational institution
named “ProCurve University”. Throughout the lab exercises, the various
configuration tasks that you perform are described from the perspective of the
evolving networking environment at ProCurve University.
The lab activities begin with the initial configuration of multiple ProCurve
switches in a basic LAN topology simulating a small portion of the university’s
infrastructure. The subsequent lab exercises, introduce a variety of ProCurve
networking features and technologies in a progressively more complex topology
that includes additional switches and wide area networking. Some of the ProCurve
networking capabilities that will be implemented include VLANs, high-availability
and high-capacity features, WAN connections, static and dynamic routing, traffic
prioritization, and wireless access controls.
The configuration tasks will be accomplished primarily using the command line
interface (CLI). To introduce you to other ProCurve configuration tools that are
available, some configuration tasks will be performed using the menu interface,
web interface, and ProCurve Manager application.
Each group of two or more students will be assigned to work with a set of
ProCurve switches and Windows computers.
Overview 1 – 2 Rev. 8.41

Enabling Remote Management
Module 1 Lab 1
Objectives
After completing this activity you will be able to:
Use the CLI to develop familiarity with the syntax of switch commands and
the different context levels.
Assign switch identities and passwords for the different privilege levels.
Assign an IP address to the switches to enable remote management.
Use the menu interface to configure switch features.
Explore the switch Setup screen and web management interface.
Note
Please note that the network topologies and approaches presented in this Lab
Activity Guide are developed to expedite learning of specific products and
solutions. Consequently, some of the approaches used here would not be
suitable for a production network and should not be considered best practices.
Students should not assume that all material presented here is appropriate for
implementation in their work environments. For instance, the instructions
suggest insecure passwords in many cases, as they are easier to remember and
use than more complex passwords. Similarly, this topology uses VLAN 1, the
Default VLAN, for device management, which may not be suitable for all
environments.
Rev. 8.41 L1.1 – 1

Overview
ProCurve University is in the process of upgrading their enterprise network and
has acquired several ProCurve switches that will be deployed in the main
administration building. Initially, the switches will support a small LAN
environment consisting of three LAN segments. To begin the deployment, you
will first need to develop familiarity with the command line, menu and web
interfaces supported by the switches for management and configuration tasks.
Initially, you will access the switch using the command line interface (CLI)
through a serial port (out-of-band) connection from a Windows computer.
Since these are new ProCurve switches they come with a minimal, factory default
configuration. As part of the process of developing familiarity with the switch
CLI, you perform a number of initial configuration tasks that are commonly done
by network engineers. One of the first configuration tasks to be done involves
implementing basic security for the switches. This will include assigning a
password to each of the privilege levels, operator and manager, and limiting in-
band management access from a particular IP address.
Another initial configuration task involves assigning an IP address to the switch’s
default VLAN, VLAN 1, which will serve as the management VLAN. After the
IP address has been assigned, you will be able access the switch over an in-band
connection using a Telnet client program on the Windows computer.
Note
Be sure to read the following instructions and background information before
starting the lab exercise.
L1.1 – 2 Rev. 8.41

Getting started
Equipment set
In this lab, you will work on your own or in a team of two students to configure
and physically connect the switches and workstations.
Your lab equipment includes two Windows computers, four ProCurve switches,
one ProCurve Access Point 530 and one ProCurve Secure WAN router. Initially,
the two Windows computers will be used for out-of-band (serial port connection)
access to two of the switches for the purpose of performing initial configuration
tasks. These tasks include assigning passwords to the operator and manager
privilege levels and an IP address to the management VLAN.
Later during this lab, the Windows computers will be used for in-band (Telnet)
access to the switches. For in-band management, the Windows computers should
have the Tera Term Pro or Microsoft HyperTerminal terminal emulator program
installed.
Terminal emulator setup

To connect a console to the switch, configure the terminal emulator as a VT-100
terminal with the following settings:
Parameter Setting
Baud rate 9600
Data bits 8
Parity none
Stop bits 1
Flow control none
Note
For Microsoft HyperTerminal, ensure the “Function, arrow, and ctrl keys act
as Windows keys” parameter is disabled.
Windows logon accounts

Unless otherwise specified by the instructor, the logon accounts for the Windows
computers are the following:
Computer User Name Password
Windows Server administrator procurve
Windows XP Client procurve <none>
Rev. 8.41 L1.1 – 3

Addressing scheme
The classroom contains six groups of equipment, similar to that shown in the
diagram in the next section. Your instructor will assign a number to your student
group that will be used for substitution in various references to IP address and
hostnames in the lab exercises. For example, for the IP address 10.x.1.0/24, the
“x” in the second octet is used to represent your group number. If you are
assigned to group 1, then this IP address would be 10.1.1.0/24.
In addition, the third octet in each IP address is used to identify the VLAN to
which a device belongs. For example, the third octet in the IP address 10.1.1.0/24
implies it is associated with VLAN 1.
Network diagram
When this lab activity is complete, your network’s topology and IP addressing
should resemble the diagram below.
In this lab exercise, you will use the two edge switches labeled Edge_1 and
Edge_2 and the two Windows computers. Substitute your assigned group number
for the “x” in each of the IP addresses.
L1.1 – 4 Rev. 8.41

Task 1. Explore the different CLI privilege levels

1. Connect the console cables to the Windows computers and ProCurve
switches as follows:
Connect From Connect To
Windows Server Switch labeled Edge_1
Windows XP Client Switch labeled Edge_2
Note
If there are two students in your group, each of you can select one of the
switches labeled Edge_1 or Edge_2 and perform the activities of this
task independently.
2. On your desktop, double-click the Tera Term Pro icon or equivalent to run
the terminal emulation program. Press <Enter> several times to display the
prompt from the switch. It should appear similar to the following.
ProCurve Switch <switch-model>#

a. Which privilege level have you entered? _______________________
3. Type “exit” to leave this privilege level.
b. Now which privilege level have you entered? ___________________
4. Using the “?” key, list the commands available at this level.
5. Return to the manager privilege level and view the commands available at
that level.
Note
If the output listing exceeds the screen size you will see the following
instructions.
-- MORE --, next page: Space, next line: Enter, quit:
Control-C
You can also type the letter “q” to return to the prompt.
Rev. 8.41 L1.1 – 5

Task 2. Explore the CLI command syntax

1. Type “configure” to access the global configuration level. Then check the
available commands at this level.
a. What has the prompt changed to? _____________________________
2. Type “vlan 1” to enter the VLAN 1 context level. View the available
commands at this level.
b. What has the prompt changed to? _____________________________
3. To enter an interface context level, type “int <port-id>”. Substitute a port
identifier of one of your switch’s modules for <port-id>.
c. What has the prompt changed to? _____________________________
4. View the available commands at the interface context level.
5. Return to the global configuration context level. Then type the letter “p”
followed by a “?”to list available commands that start with that letter.
6. Find the commands that start with “h” using a“?”.
7. Type “h” and then use the tab key for completion.
d. What did you receive as output? ______________________________
e. What would you need to type to tab-complete the “hostname”
command? ___________
8. Use tab completion to display the complete command associated with “show
system” and then press Enter. The show system command displays general
information about the switch.
9. You can also use the up arrow key to recall previous commands. Recall the
“show system” command.
10. Some commands have multiple choices that are needed to complete the
command. To view these choices you would type the top level command and
the “?” key with a space between to list the choices. For example, typing
“password ?” will list the available choices for that command.
11. ProCurve switches also support command shortcuts by entering just enough
characters needed to make the command unique. Below is a table of some
commands with their meanings to practice with.
L1.1 – 6 Rev. 8.41

Shortcut Full Command Explanation
wr t write terminal Display the running configuration of

the switch on the terminal
sh ru show running-config Show the switch running
configuration
sh conf show config Show the switch startup configuration
sh cons show console Show serial link/console settings
sh sys show System Show globally configured and
operational system parameters
Note
You will receive an “Ambiguous input error” message if you do not
enter enough characters to make the command unique from others that
have the same initial sequence of characters.
12. Type “show history” to view a numbered list of previously executed

commands.
13. Type “repeat” with the “?” key to list the available choices. The “repeat”
command will allow you to execute a command of choice by using the listed
number along with an optional count value. This is useful to view and reuse
commands that are character intensive.
14. Use the “repeat” command with the count value to exit to the operator level.
Note that you may log yourself out by using too large of a count value. If
this happens, simply reestablish an out-of-band management session with the
switch.
Rev. 8.41 L1.1 – 7

Task 3: Define host names for the switches

1. Continuing with your out-of-band management session, access the global
configuration level.
2. Configure the host names for the switches according to the following table.
Host Name Switch
Edge_1 Labeled Edge_1
3. Display the running configuration and the startup configuration and note any
differences that you can see.
4. Type “show running-config status” and then “show config status” and note
the status information displayed.
5. Type “write memory” to save the running-configuration into the startup-
configuration.
6. Once again, view the status of either the running or the startup configuration.
L1.1 – 8 Rev. 8.41

Task 4. Define usernames and passwords for the privilege levels

1. From the global configuration level, use the “password ?”command to
determine how to configure both a username and password for each of the
Operator and Manager privilege levels. Specify the usernames and
passwords from the following table.
Privilege Level Username Password
Operator operator password
Manager manager password
Note
If you do NOT explicitly define a username for the Operator or Manager
privilege level, then the switch does not prompt you for a username
when accessing the respective privilege level. As you have seen, up to
this point the switch also has NOT prompted you for a password since
the factory default configuration is a null password.
2. Log out from the switch.

3. Return to the manager level and view the running configuration.
a. Do you have to save the switch configuration for the passwords to be
retained? __________________
Rev. 8.41 L1.1 – 9

Task 5. Define an IP address and mask for in-band management

By default, all switch ports are assigned to VLAN 1. It is for this VLAN that you
define the IP address of the switch in this task. In your lab environment, VLAN 1
will serve as the management VLAN—a VLAN that can be used to reach and
manage all switches in your group.
Note
Although it is not necessary to define a default gateway for the switches
and Windows computers for traffic to flow correctly in this particular
lab, a default gateway will be required in later labs. More background
on VLANs and default gateways will be provided in later modules.
1. On the Edge_1 and Edge_2 switches you are managing, enter the VLAN 1
context level.
2. Assign the IP addresses from the following table. Also, verify and/or
reconfigure the Windows computers to match the IP addresses listed in the
table below.
Device IP Address
Edge_1 10.x.1.2/24
Edge_2 10.x.1.3/24
Windows Server 10.x.1.10/24
Windows XP Client 10.x.1.20/24
Note
Substitute your group number for “x”.
3. After the IP addresses are assigned, verify your switch’s running

configuration corresponds to the table above. When verified, save your
switch configurations.
a. If you needed to change the IP address assigned to the VLAN, what
command would you have to enter before redefining the IP address?
_________________________
4. Connect the switches and workstations together using the Ethernet cables
provided.
L1.1 – 10 Rev. 8.41

Edge_1 port 12 Edge_2 port 12
Windows Server Edge_1 port 1
Windows XP Client Edge_2 port 1
Note
The port identifiers specified in the table are examples. Substitute a port
identifier of your choice that is appropriate for the switch model you are
using.
5. Verify connectivity to the assigned IP addresses by using the ping command

from the switch CLI and from a Command Prompt on the Windows
computers.
6. Close your out-of-band management session by logging out.
Rev. 8.41 L1.1 – 11

Task 6. Establish an in-band management session

1. Using a Command Prompt, Telnet to the IP address of the switch you are
managing and log in using the manager username.
2. View the management sessions by using “show telnet”.
3. Not only can the switch operate as a Telnet server, but it can also operate as a
Telnet client as well. From the switch CLI, Telnet to your partner’s switch
and log in using the operator username. Then view the Telnet connections.
4. The switch supports up to four concurrent management sessions. You can use
“show telnet” to list the currently active management sessions and “kill” to
terminate a currently active console or remote session.
If you are using the switch’s serial port for a console session and want to
terminate some other currently active Telnet session, you could do either of
the following to explore the use of the “kill” command:
• Terminate your partner’s active session to the switch you are managing.
or
• Open multiple command prompt windows and Telnet to your local
switch until you consume all four management sessions. Then you can
proceed to kill those active sessions and view the sessions disconnecting
in the command prompt windows.
L1.1 – 12 Rev. 8.41

Task 7. Explore the Switch Setup screen

The quickest and easiest way to minimally configure the switch for management
and password protection in your network is to access the Switch Setup screen using
a console connection to the switch. The setup screen can be accessed directly from
the switch CLI and also through the switch menu interface.
1. From the CLI Manager privilege level, type “setup”.
Notice that from the Switch Setup screen you can configure:
• System Name (hostname), contact name, and SNMP community name
• Manager password
• Logon Default (CLI or menu)
• Time settings including the time synchronization method (TIMEP or
SNTP), TIMEP or SNTP mode, and the time zone
• IP address configuration method (manual or DHCP) and default
gateway
• Spanning tree protocol (enabled or disabled)
Note
At the bottom of some Switch Setup screens are navigation or edit
instructions, depending on whether you are navigating through the menu
items or within a configuration screen.
2. Move the cursor to the “Logon Default” field and press the space bar to
toggle through the choices.
3. Move the cursor to the “Time Sync Method” field and press the space bar to
toggle through the choices. Select ‘SNTP’.
4. Move the cursor to the “SNTP Mode” field. Notice this field name changed
based on the ‘Time Sync Method’ field value.
5. Press the space bar to toggle through the choices.
6. Press <Enter> to position the cursor in the Actions field. Select “Cancel” so
that any changes you may have made are not saved. Press <Enter> to exit the
Switch Setup screen and return to the CLI.
For more on using the Switch Setup screen, see the Installation and Getting
Started Guide for the associated switch.
Rev. 8.41 L1.1 – 13

Task 8. Use the Menu interface to configure IP authorized

managers
In this task, you explore the switch menu interface and use it to configure
authorized IP managers. While complete switch management can be accomplished
using the CLI, the switch also supports a slightly reduced feature set through an
intuitive menu interface.
1. Establish a management session with your switch and then type “menu”.
You may be asked to save your configuration. If so, answer “y” at the
prompt.
The menu interface, like the Switch Setup screen, also has navigation or edit
instructions at the bottom of some screens depending on whether you are
navigating through the menu items or within a configuration screen.
Note
A good time saver when navigating through the menu interface is to try
and remember the numbering scheme to move through the menus to
arrive at your destination menu item more quickly.
For instance from the main menu, the number sequence “2 → 7 →3”
will take you to the VLAN Port Assignment screen and the number
sequence “2 → 6” will take you the IP Authorized Managers screen.
2. Select the “Status and Counters” menu item and explore the menu listing
displayed which provides access to a variety of helpful switch information.
3. Navigate to the IP Authorized Managers screen. Add the IP address of your
Windows computer and select “Manager” for the Access Level. Then save
the configuration.
Note
To add a single station, the mask must be specified as 255.255.255.255.
The Authorized IP Managers feature uses IP addresses and masks to

determine which computers can access the switch through the network. This
covers access using the following methods:
• Telnet and other terminal emulation applications
• Web interface of the switch
• SNMP (with a correct community name)
You can configure up to 10 authorized manager IP addresses, where each
address applies to either a single management station or a group of stations,
depending on the mask you specify. You can also configure Manager or
Operator access privileges for Telnet, SNMPv1, and SNMPv2 access.
L1.1 – 14 Rev. 8.41

Task 9. Verify the IP authorized managers configuration

1. Open a Command Prompt on your Windows computer and telnet to the
switch you are managing to establish a second in-band management session.
Log in to the manager level.
Note
During the remaining steps of this task, you will need to coordinate with
your partner so that you synchronize the activities performed.
2. Open a second Command Prompt and telnet to your partner’s switch.

a. Were you allowed to establish a Telnet session? __________________
3. Return to the IP Authorized Manager’s menu screen and add the IP address
of your partner’s Windows computer and select “Operator” for the Access
Level. Then save the configuration.
4. Open a Command Prompt and once again try to telnet to your partner’s
switch and attempt to log in using the manager level username and password.
b. What was the response? __________________
5. Log in using the Operator level username and password. Then try to access
the Manager level.
c. What was the response? __________________
6. From the switch menu interface, return to the CLI.
7. At the CLI from where you have manager access, view the IP Authorized
Managers.
8. Remove each of the IP authorized manager entries using the following
command.
no ip authorized-managers <ip-address>
If the IP authorized manager entries were to remain, the configuration would
adversely affect subsequent lab exercises. In addition, since the Windows XP
computer will be changing subnets, the IP authorized managers settings
would prevent it from managing the switches using in-band management.
9. Save your configuration changes on Edge_1 and Edge_2.
Rev. 8.41 L1.1 – 15

Task 10. Explore the Web interface

1. Open a browser session on your Windows computer. Enter the IP address of
your switch as the URL.
If you are prompted for authentication credentials, enter the manager
username and password. Depending on the Java console that you are using
you may be asked to enter the manager password again.
2. The initial display shows the Status window. The Overview tab on this
window shows a row of ports near the middle of the screen. Click anywhere
on the “Port Counters” area and use the <Right arrow> to see the status of
any ports that are not visible. Move the mouse pointer over any active port to
see its utilization.
3. Select the “Identity” tab to see the IP address and system information.
4. To see a graphical depiction of the front panel of the switch, select the
“Configuration” tab. Explore some of the other options available from this
tab. However, do not change the IP address or your web management session
may be terminated.
5. The Diagnostics tab allows you to perform ping of link tests from the web
interface. You can also reset the switch and view the running configuration
from this tab.
L1.1 – 16 Rev. 8.41

Command Reference
The following CLI commands are used in this lab exercise. Refer to them as
needed.
Command Description
show history Displays a list of previous commands
show running-config Displays current in-memory configuration file
show running-config status Displays status of in-memory configuration file
Displays current status of running and startup

show config status
configuration files
show telnet Displays currently active management sessions
enable Accesses manager privilege level
exit Exits from a configuration level
logout Logs off current user from switch
configure Accesses global configuration mode
? Displays commands available in current context
Displays commands beginning with specified

<character-string>?
string consisting of 1 or more characters
Displays a completed command if partial

<character-string><Tab>
character string is unique
<Up Arrow> Recalls a previous command
Displays command options for password

password ?
command
repeat ? Displays command options for repeat command
password operator user-name operator Defines operator level user name and password
password manager user-name manager Defines manager level user name and password
hostname <name> Defines a hostname for the switch
interface <port-id> Accesses the interface context for specified port
vlan <vlan-id> Defines a VLAN identifier
Within the VLAN context, assigns an IP address

ip address <ip-address>/<mask-bits>
to a VLAN
ping <ip-address> Pings an IP address
telnet <ip-address> Invokes Telnet session with specified IP address
kill <session-number> Terminates specified Telnet session
setup Displays the Switch Setup screen
menu Displays the Switch Menu screen
no ip authorized-managers <ip-address> Deletes authorized manager IP address entry
write memory Saves the in-memory configuration to flash
Rev. 8.41 L1.1 – 17

L1.1 – 18 Rev. 8.41

Software and File Management
Module 1 Lab 2
Objectives
View the current and stored software revisions on a switch and upgrade
switch software.
Manage switch configuration files and use the multiple configurations
feature.
Enable SNTP services.
View event logs and implement a Syslog service.
View interfaces and define friendly port names.
View LLDP information.
Overview
As the network manager for ProCurve University, you realize it is important to
understand how to manage the switch system software and configuration files.
ProCurve University, like many IT organizations, has standard procedures that
must be followed for maintaining systems in the network. These procedures
include backing up configuration files on a scheduled basis, evaluating and
updating system images as a vendor releases them, and implementing syslog
facilities. Therefore, you will need to develop familiarity with the management of
configuration and system software files on the ProCurve switches.
In addition, you plan on continuing with several other initial configuration tasks.
These include configuring the switch to use a time server and syslog server and
modifying the port names to use a more user friendly scheme.
Rev. 8.41 L1.2 – 1

Network diagram
L1.2 – 2 Rev. 8.41

Software File Management
Task 1. Upgrade the switch software

ProCurve periodically provides switch software updates through the ProCurve
website. In this task you will upgrade the switch software.
1. Establish an in-band session to the switch you are managing using Telnet or
an out-of-band session using the console port. Determine the software
version your switch is using by performing “show version”.
Write the version here: __________________
2. On your desktop, double-click the shortcut for the TFTP application installed
on your Windows computer. It should be called “TFTPd32” or a similar
name.
Note
While there are other TFTP programs available, TFTPd32 is used in
these lab exercises. This is a free TFTP program and can be
downloaded from the website at http://tftpd32.jounin.net.
3. Browse to the directory where the switch software is stored to establish that
directory as the TFTP root directory.
Note
Your instructor will provide a copy of the latest firmware for the
switches and their location on the Windows computers.
4. Using the CLI “copy” command, transfer the latest software image from the
TFTP server to the switch’s secondary flash location.
copy tftp flash <ip-address> <remote-file> secondary
Rev. 8.41 L1.2 – 3

5. After the prompt reappears, use “show flash” to list the software image
versions stored on flash.
Write the two versions below:
Primary: _____________________
Secondary: _____________________
Note
With the Primary/Secondary flash option you can test a new image in
your system without having to replace a previously existing image. You
can also use the image options for troubleshooting. For example, you
can copy a problem image into Secondary flash for later analysis and
place another, proven image in Primary flash to run your system. The
switch can use only one image at a time.
6. Use the “boot system flash secondary” command to reboot the switch with
the new software.
7. Use “show version” to verify the secondary software image is the one the
switch was booted with.
8. Use the “copy” command to copy the secondary flash contents to the primary
flash location. This is a local operation—you do not use the TFTP service to
do this.
a. What is the command syntax that you would use?
__________________________________________________________
9. After the prompt reappears, verify that the primary location has been updated.
L1.2 – 4 Rev. 8.41

Task 2. Create a back-up of the switch configuration file

In this task you will be saving your switch configurations to the TFTP server on
your Windows computer.
1. In the TFTP application window, browse to the following directory to
establish that directory as the TFTP root directory.
c:\kits\classconfigs
Create the directory using Windows Explorer if it does not exist.
2. Start an out-of-band management session with the switch you are managing
using the manager level username and password.
Alternatively, you can do the following activities using Telnet, but since you
will be erasing the configuration in a later step, you will eventually have to
go back to using the console port.
3. From the switch CLI, use the “copy” command to transfer the file named
startup-config to your Windows computer and specify a filename based on
the table below.
Switch Filename
Edge_1 lab1.1_edge_1
copy startup-config tftp <tftp-ip-address> <file-name>

You can view the progress of the transfer on the TFTP application window.
4. After the CLI prompt reappears, verify that the configuration was copied to
your Windows computer by using Windows Explorer.
Rev. 8.41 L1.2 – 5

Task 3. Boot the switch with a factory default configuration file

In this task you will erase the switch’s startup configuration file and reboot the
switch to determine the effect it has on your password configuration.
1. Erase the startup configuration file. This will cause the switch to reboot.
2. After the switch reboots, establish an out-of-band management session and
view the configuration.
a. Was the password information lost when the configuration was erased?
_____________
3. Reassign the IP address to VLAN 1 so that you can access your TFTP server
on your Windows computer.
4. Copy the lab1.1 instance of your switch’s configuration file from the TFTP
server on your Windows computer to your switch.
5. After the switch reboots, view the configuration and verify that the
previously configured hostname has been restored.
Verify the hostname has been restored by establishing a console session and
examining the CLI prompt.
L1.2 – 6 Rev. 8.41

Task 4. Implement the multiple configuration files feature

1. Use “show config files” to view the three memory slot identifiers associated
with configuration files. You should see a listing similar to the following,
although your listing may be different depending on whether or not the flash
had been reset prior to this class.
Configuration files:
id | act pri sec | name

---+-------------+------------------------------------------------
1 | |
2 | * * * | workingConfig
3 | |
Note
If you see additional configuration files other than “oldConfig” or
“workingConfig” they may be from the previous class and will need to
be deleted so that a slot can be freed up.
You can delete a configuration file using the command below.
erase config <filename>
a. What is the “workingConfig” operating as?

__________________________________________________________
Note
At the first reboot with a software release supporting multiple
configurations, the switch does the following:
Assigns the filename oldConfig to the existing startup-config file
which is stored in memory slot 1.
Saves a copy of the existing startup-config file in memory slot 2
with the filename workingConfig.
Assigns the workingConfig file as the active and default
configuration for all subsequent reboots using either the primary
or secondary flash.
2. Go to the directory where you saved your startup-config and open it using a
text editor such as Notepad or WordPad. Add the text “Secondary” to the
hostname and then save the file as “secondaryconfig” in the same directory.
Rev. 8.41 L1.2 – 7

Note
When copying switch configuration files the filename must be exact.
This includes extensions if the file has one. Since you will have saved
this file using a new name, Notepad or WordPad will append the “.txt”
extension to the filename. Therefore, you will need to either rename the
file and remove the .txt extension or remember to specify the extension
when copying the file.
3. Copy the configuration file named “secondaryconfig” to the flash keeping

the destination filename the same as the source filename using the following
command syntax.
copy tftp config <dst-filename> <tftp-ip-address>
<src-filename>
4. List and then view the configuration files located on the flash.
5. Use the “startup-default” command to associate the secondary flash image
with the “secondaryconfig” configuration file.
Note
This will assign the configuration file “secondaryconfig” to boot with
the secondary software image.
6. Use “show config files” to verify the secondary configuration file is

associated with the secondary software image.
7. Use the following command to reboot the switch so that the secondary
software image is loaded.
boot system flash secondary
8. After the switch boots, view the configuration file and the version of the
software image that the switch is currently running.
b. What is the active configuration file? __________________________
c. Which boot image are you running? ___________________________
9. Reconfigure the switch to use your original (unedited) configuration file as
the active, primary and secondary configuration. Then save your
configuration.
L1.2 – 8 Rev. 8.41

Task 5. Implement the SNTP service

Using time synchronization ensures a uniform time among interoperating devices.
This helps you to manage and troubleshoot switch operation by attaching
meaningful time data to event and error messages. The TFTP server application
installed on your Windows computer includes an SNTP server that you will
configure your switch to use in this task.
1. Access the TFTP server control panel and look for the “SNTP server” tab. If
the tab is not visible, select the “Settings” button and enable the Global
Settings “SNTP server” check box. This action may require that you restart
the TFTP application.
Note
Only one of the Windows computers in your group will be running the
SNTP service. Use the Windows Server as the time server.
Rev. 8.41 L1.2 – 9

2. From the switch CLI, view the current time and SNTP settings on the switch.
3. From the global context level, use the “sntp” command to specify the time
server IP address and priority and the use of unicast mode.
4. Use the “timesync” command to set the mode to “SNTP”.
5. View the current time setting again. Depending on your local time zone, you
may notice that the time displayed at the switch CLI is not the same as the
time displayed on the SNTP server.
6. Use the “time” command to specify a GMT offset in minutes. For example,
if your time zone is five hours west of GMT, the offset is -300. View the
current time setting once completed.
7. Change the time on the Windows computer running the SNTP service and
see how long it takes for the switch to reflect the updated time.
8. To view the results faster, use the “sntp” command to adjust the polling
interval for updates of the system clock. By default, the switch is set to poll
every 720 seconds (12 minutes).
9. Use the “time” command to adjust the “daylight-time-rule” to reflect your
location.
L1.2 – 10 Rev. 8.41

Task 6. View the Event Log and implement Syslog services

The TFTP server application installed on your Windows computer includes a
Syslog server that you will configure your switch to use in this task.
The switch Event Log records operating events as single-line entries listed in
chronological order, and serves as a tool for isolating problems. Each Event Log
entry is composed of five fields:
Severity is one of the following codes:

I (information) indicates routine events.
W (warning) indicates that a service has behaved unexpectedly.
M (major) indicates that a severe switch error has occurred.
D (debug) reserved for HP internal diagnostic information.
1. From the switch CLI, type “show logging”. This command will display a list
of events that the switch has recognized since the last time it was rebooted.
2. Perform an action that will generate an event, such as disconnecting a link. If
you are managing the switch using Telnet, ensure you do NOT disconnect the
cable used for that connection. View the log to see the result of
disconnecting and then reconnecting a cable.
3. Access the TFTP server control panel and look for the “Syslog server” tab.
If the tab is not visible, select the “Settings” button and enable the Global
Settings “Syslog server” check box. This action may require that you restart
the TFTP server application.
Also, enable the Syslog file to be saved locally. You can accept the default
file name (syslog.txt) or have the TFTP server create a text file of your choice
in the folder defined as the Syslog default folder You may also change this
location to a directory of your choice.
4. From the global context level, enable events to be sent to a Syslog server by
using the “logging” command and specifying the Syslog server’s IP address.
5. Generate one or more events on the switch. You can do this, for example, by
disconnecting and then reconnecting the Ethernet cable between your two
switches.
Other ways to generate an event include starting a Telnet session and
changing the current time on the SNTP server computer.
6. You will be able to view the events as they happen in the “Syslog server” tab
of the TFTP application window. Also, view the text file you specified for the
Syslog server to use and verify that the events appear in that file.
Rev. 8.41 L1.2 – 11
7. From the CLI, type “reload” to reboot one of the switches. When the switch
becomes available, view the event log and verify that the events that occurred
before the reboot are no longer listed.
8. Here are some options for viewing the log at the CLI using the “show
logging” command.
List recorded log messages since last reboot.
show logging
List all recorded log messages, including those before the last reboot.
show logging -a
List log messages with “system” in the text or module name.
show logging system
Lists all log messages since the last reboot that have “system” in the text or
module name.
show logging -a system
Lists all log messages since the last reboot in reverse order.
show logging -r
L1.2 – 12 Rev. 8.41

Task 7. View interfaces and define friendly port names

A helpful tool in troubleshooting network issues is the ability to view port
configurations and statistics.
The friendly port naming feature enables you to assign alphanumeric port names to
augment the numeric port names that are automatically assigned. This means you
can configure meaningful port names to make it easier to identify the source of
information listed by some show commands. Note that this feature augments port
numbering, but does not replace it.
1. Display the current status of the switch’s interfaces using the following
commands.
Command
show interface
show interface brief
show interface config
What type of information is displayed using each of the following

commands?
a. Command: show interface?
_________________________________________________________
b. Command: show interface brief?
_________________________________________________________
c. Command: show interface config?
_________________________________________________________
2. Display details for one of the ports for which the status is “Up” by using the
“show int” command with the port number.
3. Define a friendly name for the port that connects the two switches together as
well as the port to which the Windows Computer is connected by using the
“interfaces <port-id> name <port-name >” command. Include the identity
of the switch on the other side of the link.
4. To see a list of ports, including their names, use the “show name” command.
You can also see friendly names per port when you view detailed port
counters.
5. Save your configuration changes.
6. Open a Web session with the switch. View port status, port counters, and
detailed port counters for one of the ports for which the status is “Up”. You
should be able to see the friendly name in the Details for Selected Port
window.
Rev. 8.41 L1.2 – 13

Task 8. View LLDP information

The Link Layer Discovery Protocol (LLDP) provides a standards-based method
for enabling the switches to advertise themselves to adjacent (neighbor) devices
and to learn about adjacent devices. An LLDP packet contains data about the
transmitting switch and port.
The switch advertises itself to adjacent devices by transmitting LLDP packets on
all ports for which outbound LLDP is enabled. The switch processes LLDP
packets received from adjacent devices over ports for which inbound LLDP is
enabled. LLDP is a one-way protocol and does not include any acknowledgement
mechanism. An LLDP-enabled port receiving LLDP packets inbound from
adjacent devices stores the information in a neighbor database of the MIB.
In the default switch configuration, LLDP is globally enabled on the switch.
1. From the switch CLI, use the appropriate “show lldp” command to view the
LLDP configuration.
a. What is the default AdminStatus of the ports? ____________________
2. View the LLDP information of the local switch that you are managing.
3. View the LLDP information of devices that are remotely connected.
4. View the LLDP detailed information of a remote device that is connected to a
specific port.
Note
As you progress through the subsequent labs and you start connecting more
switches, practice the “lldp” commands to view the information as your
network increases in size.
L1.2 – 14 Rev. 8.41

Task 9. Back up your switch configuration files

Back up the configuration file of each switch by transferring the configuration file
to the Windows client computer using TFTP. Notice that the client computer is
specified here. In subsequent lab exercises, you will also be backing up the
configuration files using TFTP to the Windows Client computer.
1. Save the configuration changes you have made to your switches.
2. Use the “copy” command shown below and specify a filename for each
switch from the following table.
Switch Filename
copy running-config tftp <tftp-ip-address> <file-name>
Rev. 8.41 L1.2 – 15

Optional tasks
Continue on with these optional tasks if you have completed the required section
of the lab exercise.
Optional Task 10. Use advanced options of the copy command

Now that you have experienced the process for exporting your configuration file to
a TFTP server, you can also use a similar process to copy other types of switch
data to a text file on the TFTP server.
1. Type “copy ?” to examine the command features.
Some of the command options are:
• command-output: Copies the output of a CLI command to a file on the
destination device.
• event-log: Copies the switch Event Log to a file on the destination
device.
• crash-data: Copies software-specific data useful for determining the
reason for a system crash to a file on the destination device.
• crash-log: Copies processor-specific operating data useful for
determining the reason for a system crash to a file on the destination
device.
The copy command-output is a great tool and can be used to export
command output to a text file on a remote host. For example if you should
find yourself troubleshooting an issue with a third-party, you can send them
the output of a “show tech” command.
2. Use the “command-output” command to send the output of some show
commands as a text file to the TFTP server on your Windows computer. For
example, try it for the “show running-config” command
To copy command output to a destination device:
copy command-output ’cli-command’ tftp <tftp-ip-address>
<filename>
Note
The command you specify can be enclosed in single or double quotation
marks.
3. View the file content sent to the TFTP server using Windows Explorer.
L1.2 – 16 Rev. 8.41

Optional Task 11. Use the show tech command

1. Type “show tech ?” to examine the command options.
The “show tech” command sends the output to the terminal as a streaming
listing. This information includes switch operation and running configuration
details from several internal switch sources, including:
• Image stamp (software version data)
• Running configuration
• Event Log listing
• Boot History
• Port settings
• Status and counters—port status
• IP routes
• Status and counters—VLAN information
• GVRP support
• Load balancing (trunk and LACP)
When you type “show tech” be prepared for a lot of information. Although
the “show tech” command does not include screen scroll controls, you can
type <Ctrl-c> to stop the streaming of output to the screen.
2. Use the “command-output” command to send the output of the “show tech”
command.
Rev. 8.41 L1.2 – 17

L1.2 – 18 Rev. 8.41

Command Reference
needed.
Command Description
Displays version of currently active software
show version
image
Displays versions of primary and secondary

show flash
software images stored on flash
Displays the names of the configuration files in

show config files
the active, primary and secondary flash slots
show config <filename> Displays contents of named configuration file
show time Displays current time settings
show sntp Displays configured SNTP settings
Displays log messages recorded since last

show logging
reboot

show logging -r
reboot in reverse order
Displays all log messages including those

show logging -a
recorded since last reboot
Displays log messages containing the string

show logging system
“system”
Displays all log messages containing the string

show logging –a system
“system”
show interfaces Displays port status information
Displays brief listing of the current status of all

show interfaces brief
ports
show interfaces config Displays configuration of all ports
show lldp config Displays configured LLDP settings
show lldp info local-device Displays LLDP information of the local system
show lldp info remote-device Displays LLDP information of remote devices
Displays LLDP information of remote devices

show lldp info remote-device <port-id>
connected to specified port
show tech ? Displays options for show tech command
Displays variety of switch configuration and

show tech
status information
timesync sntp Defines SNTP as the time management protocol
sntp server priority 1 <ip-address> Specifies the IP address of an SNTP server
sntp unicast Specifies SNTP unicast mode is to be used
sntp <seconds> Sets the SNTP polling interval
time timezone -<offset> Defines the time zone relative to GMT
time daylight-time-rule <location> Specifies a daylight time saving rule
Rev. 8.41 L1.2 – 19

Command Description
logging <ip-address> Specifies the IP address of a Syslog server
interfaces <port-id> name <name> Defines a friendly port name for specified port
copy tftp flash <ip-address> <filename> Copies software image file from a TFTP server
secondary to secondary flash slot
Copies software image file in secondary slot to

copy flash flash primary
primary slot on flash
copy startup-config tftp <ip-address> Copies the startup configuration file on flash to
<filename> a TFTP server
copy tftp startup-config <ip-address> Copies the named configuration file from a TFTP
<filename> server to startup-config on flash
copy ? Displays options for copy command
copy command-output <’cli-command’> tftp Copies the output of the specified command to
<ip-address> <filename> the named file on a TFTP server
erase startup-config Deletes the startup configuration file on flash
Sets the named configuration file as the startup

startup-default secondary config <filename>
default configuration file
Reboots the switch using software image in

secondary slot
reload Performs a warm reboot of the switch
L1.2 – 20 Rev. 8.41

Configuring VLANs
Module 2 Lab
Objectives
Add/Define VLANs
Enable IP routing on the core switch
Tag switch-to-switch links with the appropriate VLANs and verify
connectivity
Configure an IP helper address
Overview
At this point, as the network manager for ProCurve University you have developed
an overall familiarity with the essential tasks of locally and remotely managing a
ProCurve switch. You are now ready to take the next step and introduce an
additional ProCurve switch and deploy user VLANs. This additional switch will
be deployed as a core switch and will support routing between the user VLANs.
The addition of multiple VLANs into the network environment will allow for the
segmentation of traffic types. This segmentation will allow for easier management
as well as configuration of QoS policies in the future. For example, providing a
voice VLAN will provide a more solid foundation with higher call quality and
fewer dropped calls.
VLANs are utilized to create logical networks, maximizing physical connections;
grouping together users by application, geographical location or department
through port specifications. Alternatively, or in addition, protocol VLANs could
also be useful for similar purposes. For instance, one might wish to create a
VLAN to handle IPv4 traffic only, while creating an additional VLAN for IPv6
traffic. This would allow for easier administration, and where IPv6 may be a
phased rollout, this design would also allow for easier reporting, baselining and
capacity planning when adding new devices that will be configured for IPv6 only.
In this lab exercise you will deploy port-based VLANs.
In this hands-on activity you will perform basic configuration of four VLANs,
numbered 1, 10, 20 and 30. VLAN 1, the management VLAN, will be modified
on the Edge 1 and Edge 2 switches and initial configuration will be done on the
Core and Edge_3 switches. VLANs 10, 20 and 30 will serve as user VLANs and
will be added selectively to each of the switches.
Rev. 8.41 L2.1 – 1

Network diagram
In this lab exercise, you will use two additional switches labeled Core and Edge_3.
Note the following configuration changes:
Default gateway specification has been added to Edge_1, Edge_2, Edge_3,
and the Windows Server computer.
IP address assignment for Windows XP computer set to DHCP.
Ethernet cable between Edge_1 and Edge_2 has been removed. Windows
XP computer Ethernet cable connects to Edge_3.
Substitute your assigned group number for the “x” in each of the IP addresses.
L2.1 – 2 Rev. 8.41

Configuring VLANs
Task 1. Perform initial configuration of the Core and Edge_3

switches
During this task you will perform initial configuration activities on two additional
switches identified as Core and Edge_3.
Note
switches labeled Core or Edge_3 and perform the activities of this task
independently.
1. Connect a console cable from one of your Windows computers to the Core or
Edge_3 switch and establish a console session.
2. Since this is the first time you are accessing these switches, use the
“password” command to configure both a username and password for each
of the Operator and Manager privilege levels. Specify the usernames and
3. Configure a host name for each switch.
Host Name Switch
Core Labeled Core
4. Assign an IP address to VLAN 1.
Device IP Address
Core 10.X.1.1/24
Edge_3 10.X.1.4/24
5. Other configuration activities you should do are:

• Define friendly port names for the ports that will be used to connect to
Edge_1 and Edge_2.
• Define SNTP server and timezone settings.
• Define Syslog server settings.
Rev. 8.41 L2.1 – 3
6. Based on the network diagram, connect the switches and workstations

together using the Ethernet cables provided.
computers.
L2.1 – 4 Rev. 8.41

Configuring VLANs
Task 2. Add the necessary user VLANs to each switch

In order to create the environment as shown in the network diagram, it is necessary
to create three additional VLANs. VLAN 1 exists by default as a port-based
management VLAN. Using the CLI, VLANs 10, 20 and 30 will be created and
later made available to other users by tagging ports. Tagging allows the VLAN
traffic to cross appropriate switches.
Note
In the steps that follow, divide the switch management responsibilities
with your partner. Ensure you do not attempt to edit a switch’s
configuration at the same time.
When defining ports as untagged members of the user VLAN, be sure

that you do not interrupt your Telnet session used for switch
management.
1. From one of the Windows computers, open a Telnet session with the core
switch using Tera Term Pro. Remember only one person in your group will
do this.
2. Access the global configuration level and define VLANs 10, 20, and 30 using
the “vlan <vlan-id>”command.
3. Use “show vlans” to verify the VLANs have been created.
4. You should see a listing of the newly created VLANs on the Core switch
similar to the following.
Status and Counters - VLAN Information

Maximum VLANs to support : 8
Primary VLAN : DEFAULT_VLAN
Management VLAN :
802.1Q VLAN ID Name | Status Voice Jumbo

-------------- ------------ + ---------- ----- -----
1 DEFAULT_VLAN | Port-based No No
10 VLAN10 | Port-based No No
Note
Depending on the switch model you are using for the Core switch. The
column labeled Jumbo (indicating whether jumbo frame support is
enabled) may not be listed.
5. Connect to Edge_1 and add VLAN 10.

Rev. 8.41 L2.1 – 5
6. Connect to Edge_2 and add VLANs 20 and 30.

The following table summarizes which VLANs should be defined on each
switch.
Core Edge_1 Edge_2 Edge_3
VLAN 1 Yes Yes Yes Yes
VLAN 10 Yes Yes No No
VLAN 20 Yes No Yes No
VLAN 30 Yes No Yes Yes
Additional notes:
We have been using the CLI, which is capable of configuring and displaying
both port-based and protocol-based VLANs. The Menu interface can ONLY
be used to configure and display port-based VLANs whereas ProCurve
Manager Plus can be used to configure and display both port-based and
protocol-based VLANs.
For additional information, refer to the ProCurve documentation for the
3500yl, 5400zl, 6200yl, and 8212zl series switches — static VLAN section
of the Advanced Traffic Management Guide and the Management and
Configuration Guide. This can be found at www.procurve.com/manuals.
L2.1 – 6 Rev. 8.41

Configuring VLANs
Task 3. Tag switch-to-switch links with the appropriate VLANs

It is necessary to “tag” the ports connecting the switches that will be handling
routed traffic for the VLANs. For a source on a given VLAN to reach a
destination by way of the connected port, the port must be tagged. Since the
Windows computers are not supporting VLAN tagging in the packets they send
and receive, the switch ports connecting to those Windows computers will NOT be
tagged.
Note that in the network diagram for this lab, the core switch is aware of all four
VLANs, whereas the edge switches are only aware of a subset of the VLANs —
those that they will receive traffic from or send traffic to. VLAN 30 traffic sent
from the core switch is allowed to pass through Edge_2 and arrive at Edge_3, but
does not pass through Edge_1. Traffic for VLAN 1, the management VLAN, can
pass through any switch on the network.
Based on the network diagram, determine which ports need to be tagged on each
switch for the traffic to flow as intended in the network diagram. It is
recommended you use the Gigabit ports for the switch-to-switch connections and
the 10/100 Mps or 10/100/1000 Mbps ports for connection to the Windows
computers.
1. For each connected port on a switch, determine the port identifier and its
tagged status for each VLAN the switch will support.
Port Tag / Port Tag / Port Tag / Port Tag /

VLANs VLANs VLANs VLANs
ID Untag ID Untag ID Untag ID Untag
Port
#1
Port
#2
Note
All remaining ports that are not explicitly referenced retain an
“untagged” status in VLAN 1.
2. Connect to the Core switch and use the “vlan <vid> tagged <port-list>”
command to tag the appropriate switch-to-switch ports.
3. Use “show vlan <vid>” to examine the status of each tagged port.
4. Connect to each of the Edge_1, Edge_2, and Edge_3 switches and access the
global configuration context level. Tag the switch-to-switch ports as
necessary, based on the network diagram and the table above.
Rev. 8.41 L2.1 – 7

The table below summarizes some basic rules of port-based and protocol-based
VLANs in terms of untagged and tagged status. We have created port-based
VLANs in order to allow traffic to pass from one switch to another. A protocol-
based VLAN will generally require more planning due to the number of protocols
on the network and the variety of devices, applications, and end-users that may use
these protocols.
Port-based VLANs Protocol-based VLANs
A port can be a member of one A port can be an untagged member

untagged, port-based VLAN. All other of one protocol-based VLAN of each
port-based VLAN assignments for that protocol type. When assigning a
port must be tagged. port to multiple, protocol-based
VLANs sharing the same type, the
port can be an untagged member of
only one such VLAN.
A port can be a tagged member of A port can be a tagged member of
one or more port-based VLANs. one or more protocol-based VLANs.
L2.1 – 8 Rev. 8.41

Configuring VLANs
Task 4. Define IP addresses for the VLANs

The core switch will be responsible for forwarding traffic between hosts in
VLANs 1, 10, 20 and 30. It is necessary to define IP addresses that will act as
routing interfaces on the Core switch to enable the forwarding of traffic between
different subnets.
1. Use the “show ip” command to see the IP addresses currently defined on the
Core switch.
You should see one IP address is currently defined for VLAN 1, 10.x.1.1/24.
2. Define the additional IP addresses that are needed on the Core switch within
the appropriate VLAN context as indicated on the network diagram.
3. Do another “show ip” command to see the IP addresses that are NOW
defined on your Core switch.
Rev. 8.41 L2.1 – 9

Task 5. Test reachability of the IP addresses

1. Prepare the Edge_3 switch for a basic reachability test by configuring one of
the ports on Edge_3 to be in VLAN 30.
a. Should the port be tagged or untagged and why? __________________
2. On the Windows XP computer, configure its IP address so that it matches the
VLAN 30 subnet. Pick any unused host number for the fourth octet.
3. Connect your Windows XP computer to the port you defined as a member of
VLAN 30 in the prior step.
4. Using “ping” from a Command Prompt, test reachability of the VLAN 30 IP
address you defined on the Core switch.
Note
If you were not successful, use the previous steps to verify your
configuration. Also verify the tagged/untagged state of your switch-to-
switch links.
5. From your Windows XP computer, use the “ping” command to test

connectivity to the other IP subnets configured on your switches.
a. Were you successful? ____________________________________
b. If no, what additional configuration step must be completed?
________________________________________________________
L2.1 – 10 Rev. 8.41

Configuring VLANs
Task 6. Enable IP routing on the core switch

It is necessary to enable routing on the Core switch for traffic to pass from one
subnet to another.
1. From the CLI of the Core switch, use the “ip routing” command to enable IP
routing.
Note
The edge switches will remain configured as layer 2 switches. Do not
enable routing on the edge switches.
2. Verify that the Core switch has a local path to the four networks by viewing
the IP route table. Use the “show ip route” command. You should see
information similar to the following where “x” is replaced with your group
number.
IP Route Entries
Destination Gateway VLAN Type Sub-Type Metric Dist.

------------------- --------------- ---- --------- ---------- ---------- -----
10.x.1.0/24 DEFAULT_VLAN 1 connected 0 0
10.x.10.0/24 VLAN10 10 connected 0 0
10.x.20.0/24 VLAN20 20 connected 0 0
10.x.30.0/24 VLAN30 30 connected 0 0
127.0.0.0/8 reject static 0 250
127.0.0.1/32 lo0 connected 0 0
3. Using “ping”, test connectivity to the other subnets from your Windows
computers and switches.
a. Were you successful? ______________
b. If you were not successful, what added configuration would be needed
for your Windows computer to pass their network traffic to networks
not in its local subnet?
_______________________________________________________
Rev. 8.41 L2.1 – 11

Task 7. Configure default gateways

1. Configure a default gateway IP address on each of your three edge switches.
Based on the network diagram, you should configure the default gateway IP
address as 10.x.1.1.
2. Configure a default gateway IP address on each of your two Windows
computers.
address for the Windows server computer as 10.x.1.1.
Configure the default gateway IP address on the Windows XP computer as
10.x.30.1 since this Windows computer will be a member of VLAN 30.
3. Using “ping”, verify connectivity to the other subnets from your Windows
L2.1 – 12 Rev. 8.41

Configuring VLANs
Task 8. Configure an IP helper address

The function of the DHCP relay agent is to forward the DHCP messages to other
subnets so that the DHCP server does not have to be on the same subnet as the
DHCP clients. The DHCP relay agent transfers the DHCP messages from DHCP
clients, located on a subnet without a DHCP server, to one or more other subnets
where a DHCP server is located.
The DHCP relay agent on the Core switch forwards DHCP client packets to all
DHCP servers that are configured in a table associated with each VLAN. The
forwarding can be accomplished using either a unicast or a broadcast mode of
operation.
In this task you will be configuring Unicast Forwarding.
Minimum Requirements for DHCP Relay Operation

For the DHCP relay agent on the Core switch to operate properly, the following
conditions must be met:
DHCP Relay is enabled on the routing switch. This is the default setting.
A DHCP server is servicing the routing switch.
IP Routing is enabled on the routing switch.
There is a route from the DHCP server to the routing switch and back.
An IP Helper address is configured on the routing switch for the applicable
VLAN. The IP Helper address is set to the IP address of the DHCP server on
the VLAN that will provide service to the DHCP clients.
1. Verify the Windows Server includes a running DHCP service and verify that
the following three scopes are defined, one for each of user VLANs. If the
scopes have not yet been defined, then configure the DHCP server. The
following table summarizes the scope configuration.
Scope
IP Range Subnet Mask Router
Name
10.x.10.50 to /24 or
VLAN 10 10.x.10.1
10.x.10.150 255.255.255.0
10.X.20.50 to /24 or
VLAN 20 10.x.20.1
10.x.20.150 255.255.255.0
10.x.30.50 to /24 or
VLAN 30 10.x.30.1
10.x.30.150 255.255.255.0
2. Configure an IP helper address for VLAN 30. The IP helper address should
be that of the Windows Server running the DHCP service.
c. On which switch or switches should this task be done?
___________________
Use the command “ip helper-address 10.x.1.10”.
Rev. 8.41 L2.1 – 13

3. Configure a port on Edge_3, the switch the Windows XP computer will be

connected to, so that the switch will support access to VLAN 30. This should
have been done in a previous step where a port was configured as untagged in
VLAN 30.
4. Change the network configuration on the Windows XP computer to request
an IP address using DHCP.
5. At a command prompt on the Windows XP computer, verify that you have
received an IP address. You may have to use the command “ipconfig
/release” followed by “ipconfig /renew”.
6. Using “ping” to verify connectivity to the other subnets.
L2.1 – 14 Rev. 8.41

Configuring VLANs
Task 9. Test the IP helper address on VLANs 10 and 20

Verify the IP helper address works for VLANs 10 and 20. You can do this using
the Edge_1, Edge_2, or Edge_3 switch as the connectivity point for the Windows
XP computer to access VLANs 10 and 20.
1. Determine which switch you will use as the connectivity point for the
Windows XP computer to access VLAN 10.
2. If necessary, configure that switch so that it can transport VLAN 10 traffic.
3. Configure the upstream switch, if applicable, so that it can also transport
VLAN 10 traffic.
Note
You only need to configure switches to the extent that VLAN 10 traffic
from the Windows XP computer can reach the Core switch. The Core
switch will be sending the DHCP messages to the Windows Server that
is located in VLAN 1.
4. Configure the IP Helper address for VLAN 10 on the Core switch.

5. Configure a port on the switch the Windows XP computer will be connected
to so that the switch will support access to VLAN 10.
6. Verify the workstation acquires an IP address in VLAN 10.
7. Using “ping”, verify connectivity to the other subnets.
8. Repeat the steps above for VLAN 20.
9. Move your Client back to a VLAN 30 connection on Edge_3.
Rev. 8.41 L2.1 – 15


to the Windows client computer using TFTP.
2. Use the “copy” command and specify a filename for each switch from the
following table.
Switch Filename
Core lab2_core
Edge_1 lab2_edge_1
Edge_2 lab2_edge_2
Edge_3 lab2_edge_3
L2.1 – 16 Rev. 8.41

Configuring VLANs
Command Reference
needed.
Command Description
show vlans Displays list of defined VLANs
show vlans <vlan-id> Displays tagged/untagged VLAN status of ports
show interface Displays port status information
show ip Displays the IP addresses configured for VLANs
show ip route Displays the IP routing table
configure Access global configuration mode
exit Exit from a configuration level

to a VLAN
vlan <vlan-id> ip address

Assigns an IP address to a VLAN
<ip-address>/<mask-bits>
vlan <vlan-id> ip helper-address
Defines an IP helper address for a VLAN
<ip-address>
vlan <vlan-id> tagged <port-list> Defines port list as tagged members of a VLAN
Defines port list as untagged members of a

vlan <vlan-id> untagged <port-list>
VLAN
Within the interface context, defines a friendly

name <port-name>
port name
sntp server <ip-address> Specifies the IP address of an SNTP server
ip routing Enables IP routing
ip default-gateway <ip-address> Defines the default gateway IP address
copy running-config tftp <ip-address> Copies the running configuration file to a TFTP
<filename> server
Rev. 8.41 L2.1 – 17

L2.1 – 18 Rev. 8.41

Using ProCurve Manager Plus
Module 3 Lab
Objectives
Install the PCM+ network management application
Install the PCM+ remote client component and configure the PCM+ server
for remote client connections
Manage switch configuration changes and software updates using PCM+
Use the find node and trace path diagnostic tools to determine the location
and connectivity of systems and network paths between systems
Monitor link utilization and examine traffic composition using the traffic
monitoring tool
Generate events based on traffic threshold settings use the alerts feature to be
notified of network conditions
Use configuration templates to deploy pre-built configurations to switches
Overview
In this lab exercise, you deploy the ProCurve Manager Plus (PCM+) network
management application on your Windows server computer and the remote client
component of PCM+ on your Windows client computer. The primary objective is
to demonstrate the installation process and the functionality of the product.
At this point as the network manager for ProCurve University, you have deployed
several switches and implemented multiple VLANs, primarily using the CLI.
PCM+ provides a graphical interface that is useful when implementing ProCurve
Networking’s Intelligent Edge features and to perform various network monitoring
and management tasks. In preparation for those tasks, ProCurve University would
like to investigate how the PCM+ tool is installed and examine some of the
configuration and network management capabilities that it provides.
Rev. 8.41 L3.1 – 1

Network diagram
Verify and modify the network connections, if necessary, so that the Windows XP
computer that will be used as a PCM+ remote client is connected to Edge_3. The
Windows server computer will be used as the PCM+ server and should be
connected to Edge_1.
L3.1 – 2 Rev. 8.41

Task 1. Install the PCM+ network management application

In this task you perform a full installation and configuration of PCM+ on your
Windows server computer. This task will cover all of the steps and configuration
activities necessary to perform a successful network discovery and mapping.
Note
This task is only performed on your Windows server computer. In a
subsequent task you will install a PCM+ remote client component on your
Windows XP client computer.
PCM+ software is available for purchase or as a 30-day free trial. The PCM+
software is shipped on a CD with the purchase of any ProCurve managed switch.
The software can also be downloaded from the ProCurve website.
For this lab, you will be using a copy of the software stored on your Windows
server computer.
1. On your Windows server computer, start the ProCurve Manager Installation
Wizard by clicking on the install.exe file.
Note
Unless otherwise indicated by the instructor, the software can be found in the
directory named C:\Kits\PCM.
Rev. 8.41 L3.1 – 3

2. Click Next to continue.
L3.1 – 4 Rev. 8.41

3. Click I accept the terms of the License Agreement and then click Next to
continue.
4. Use the scroll bar to view the contents of the Readme file.
5. After you have finished viewing the Readme file, click Next to continue.
Rev. 8.41 L3.1 – 5

The PCM+ installation wizard will automatically detect the system

configuration and determine the appropriate PCM+ software option, either
standalone or the PCM+ Network Node Manager (NNM) version.
Note
To install PCM+ NNM, you must already have OpenView NNM
installed on your computer. Otherwise, the standalone PCM+ version
will be installed.

When the configuration detection process completes, the recommended
PCM+ features for installation on your network are displayed.
This window indicates whether the installation wizard recommends a

standalone or NNM-integrated installation. In this lab environment, you will
install a standalone version.
L3.1 – 6 Rev. 8.41

7. Click Next to Continue.
Rev. 8.41 L3.1 – 7

8. For the purposes of this lab, ensure only the ProCurve Manager check box is
checked and then click Next to continue. The ProCurve Identity Driven
Management and ProCurve Mobility Manager will not be used in this lab.
9. Accept the default installation location and then click Next to continue.
You have the option of changing this to a directory of your choosing.
However, for the purposes of this lab the default installation path will be
used, but as a helpful reference it is good to know where PCM+ is installed
so you can explore these folders later and see some of the behind the scenes
structure of PCM+.
L3.1 – 8 Rev. 8.41

10. Review the pre-installation summary and then click Install to continue.
Note
Once the Installation Wizard begins the process of installing the PCM+
files on your system, you cannot safely cancel the installation. You must
wait until the installation process is complete and then uninstall PCM+
using the Add/Remove Programs function on the Windows Control
Panel.
If you do cancel the installation while files are being copied to your
system, PCM+ may not be able to uninstall the files, or properly
reinstall over the existing files.
After this stage of the installation process has completed, the Setup
Administrator Password window appears. Various user settings will be
configured in this window and those that follow.
Rev. 8.41 L3.1 – 9

11. Configure the password for the Administrator account. For the purposes of
this lab, set the password to password in lower case.
Note
It is very important to remember what you set for this password as this
account is the primary and only method for configuring PCM+ until
some other administrator level accounts are created.
L3.1 – 10 Rev. 8.41

To start the discovery of the network devices, you need to identify a Start
from device by its IP address or DNS name. For the discovery process to take
place most efficiently, this device should be a ProCurve switch that is
centrally located in your network. Avoid using routing devices, non-
ProCurve devices, or an edge device that is primarily connected to end nodes.
13. For this lab, enter the IP address 10.x.1.1. Substitute your group number for
“x”. This IP address corresponds to the closest routing interface and is
located in VLAN 1 which the Windows Server computer is a member.
Rev. 8.41 L3.1 – 11

The default for PCM+ is to use SNMPv2 with Read Community and Write
Community names of public to communicate with devices. PCM+ supports
the use of both SNMP version 2 and version 3. Both versions can be selected
by using the Primary Version and Secondary Version radio buttons.
At this point in the lab exercises, the switches are configured to use the
default settings of SNMPv2 with a read-write (unrestricted) community name
of public which correspond to the PCM+ default settings.
L3.1 – 12 Rev. 8.41

This window is used to configure the settings for how PCM+ will interface
with the network switches in its management domain. The default
configuration uses Telnet with the Username and Password set to public.
That username and password are not the switch settings that you currently
have configured.
16. For the purposes of this lab, your switches are already configured with
Operator and Manager accounts named operator and manager, respectively.
Both of these accounts should have the password set to password. Specify
that information in the applicable fields.
In your company’s or organization’s network, if a switch is configured for
more secure management, you can also configure PCM+ to use SSH for
encrypted CLI commands so that network information won’t be passed over
the network in clear text.
Rev. 8.41 L3.1 – 13

PCM+ requires access to the Internet for downloading program and switch
software updates. If your network has a proxy server, you would specify the
proxy information here so that PCM+ can communicate with the Internet.
Note
Check with your instructor to determine if a proxy server is needed. If a
proxy server is used, specify the IP address and port information in the
applicable fields.
L3.1 – 14 Rev. 8.41

Automatic Updates allows PCM+ to automatically connect to the Internet to

download product and switch firmware and device updates. Select the option
you want to use for automatically installing ProCurve software updates.
• Download and install automatically—PCM+ checks the ProCurve
web site for updates and installs them automatically. By default,
automatic updates are scheduled for the first day of every month.
• Notify if updates are available—PCM+ checks the ProCurve web site
for updates and logs an event message for every update available for
download. Review the PCM+ event log to identify updates and install
them manually. Automatic update events are named Automatic Updates
and have a minor severity level.
• Disable automatic updates—Do not use the automatic update feature.
19. Check with the instructor to see if there is an Internet connection available. If
there is, you can choose one of the two automatic updates settings. If there is
not an Internet connection available, disable automatic updates.
You can always change the settings at a later time using the Preferences
options in PCM+.
Rev. 8.41 L3.1 – 15

21. Use the scroll bar to review the configuration information.

If necessary, click Previous to go back through the configuration windows to
revise the settings.
22. Click Next to complete the installation process.
23. In the Install Complete window, click Done to exit the installation wizard.
L3.1 – 16 Rev. 8.41
Task 2. Install the PCM+ remote client software

At this point in the lab exercise you have the PCM+ software installed on your
Windows Server computer. The PCM+ installation on the Windows Server
computer also includes a client component that enables you to access the PCM+
user interface from the client computer. In this task, you install the PCM+ remote
client component on your Windows XP computer so that you can develop
familiarity with this basic installation task.
Note
This task is only performed on your Windows XP client computer.
1. To install the PCM+ remote client component, open a web browser on your
Windows XP computer and type the following URL:
http://10.x.1.10:8040
Substitute your group number for “x”. The following window appears.
Rev. 8.41 L3.1 – 17

2. Click the Download the PCM remote client link.

3. Depending on whether you have the Sun Java JRE installed on your
Windows client computer, and if so, the particular version, the security
warning dialog box that appears next will vary.
If this dialog box appears, simply click Yes and the browser window should
refresh with a web page similar to the following.
L3.1 – 18 Rev. 8.41

4. Click Download Installer for Windows, if that button is displayed on your

web page, or click the Download link near the bottom of the web page.
5. Click Run in any subsequent File Download or Security Warning dialog
boxes to install the PCM+ remote client software.
Rev. 8.41 L3.1 – 19

6. The installer checks for space on the hard drive and then launches the
installation program.
7. Read the introduction and then click Next to continue.
L3.1 – 20 Rev. 8.41

8. Click I accept the terms of the License Agreement and then click Next to
continue.
The installation wizard will automatically detect the system configuration and
determine the appropriate client software.

The PCM Client Configuration Detection window will be updated indicating
the PCM client version to be installed.
Rev. 8.41 L3.1 – 21

11. For the purposes of this lab, accept the default installation location and then
click Next to continue.
12. Review the pre-installation summary and then click Install to continue. The
Installing ProCurve Manager Client window appears, and provides progress
indicators for the software installation process.
L3.1 – 22 Rev. 8.41
After the installation process has completed, the Install Complete window
appears.
13. In the Install Complete window, click Done to exit the installation wizard.
14. Close the web browser window.
Rev. 8.41 L3.1 – 23

Task 3. Configure PCM+ for remote client connections

Although the PCM+ remote client component is now installed on your Windows
XP client computer, you will need to configure the PCM+ server running on your
Windows Server computer to accept remote client connections. Otherwise, the
PCM+ server will reject any remote client connections. The following steps will
show you how to enable remote client access on your PCM+ server.
Note
This task is only performed on your Windows server computer.
1. Using Windows Explorer on your Windows server computer, navigate to the

following folder.
If you specified a different installation location, locate the equivalent folder.

2. In this folder, open the text file named access.txt for editing with Notepad.
In the access.txt file, you can specify the IP address of any subnet or
individual computer that has the PCM+ remote client installed and for which
you want to allow access to the PCM+ management application. To allow a
range of IP addresses to access the server, you specify an asterisk character
(*) for the host octets of the IP address range.
For example:
• If you specify 10.1.1.50, then only a host with the IP address of
10.1.1.50 would be able to access PCM+ from a computer with the
PCM+ remote client component installed.
• If you specify 10.1.1.*, then any host with an IP address beginning with
10.1.1 would be able to access PCM.
For the purposes of the lab, you will allow your Windows client computer to
access PCM+ from any of the subnets that exist in your group. The easiest
way to accomplish this is to specify 10.x.*.* in the access.txt file.
Note
L3.1 – 24 Rev. 8.41

3. Save and close the access.txt file and then exit Windows Explorer.
From this point on you can either access PCM+ directly on your Windows
server computer or using the PCM+ remote client installed on your Windows
XP client.
Rev. 8.41 L3.1 – 25

Task 4. Start and navigate the PCM+ user interface

In this task you will start the PCM+ application, either on the PCM+ server or
using the PCM+ remote client, and navigate through the user interface to develop
familiarity with many of PCM’s features.
1. Start the PCM+ application on either your Windows server or Windows
client computer.
Windows server: Click Start → Programs → HP ProCurve Manger →
ProCurve Manager
Windows client: Click Start → Programs → HP ProCurve Manger →
HP ProCurve Manager Remote Client
Note
Access the PCM+ application from only one of your Windows computers.
2. You may receive a Windows Security Alert dialog box when you start the
PCM+ remote client and have the Windows Firewall running. If the security
alert appears, click Unblock to continue.
The first time you start the PCM+ application the server discovery process
will run and attempt to find all PCM+ servers that may be located on the
network.
L3.1 – 26 Rev. 8.41

After several seconds the server discovery process completes and the
ProCurve Manager Startup window appears. The information shown on the
window will depend on whether you started PCM+ on the Windows server or
Windows client computer.
If you start PCM+ on the Windows server computer, then the ProCurve
Manager Startup window will identify the PCM+ server running on that
computer.
3. You can then simply select the management server entry and click Connect.
If you start PCM+ on the Windows client computer, then the ProCurve
Manager Startup window may not identify a PCM+ server.
Rev. 8.41 L3.1 – 27

4. In that case, you will need to manually type the IP address of your PCM+
server, 10.x.1.10, in the Direct Address field and then click Connect.
In either case, a window appears indicating various PCM+ components are

being downloaded and started.
You will then be prompted about the licensing of the product. You can run
PCM+ for 30 days in an evaluation mode. This will allow you to evaluate the
wide array of features the product offers. If the evaluation period expires
without purchase, the PCM+ product will automatically downgrade itself to
the PCM version. In this lab, you will run PCM+ in the evaluation mode.
L3.1 – 28 Rev. 8.41

5. Click No. Continue to continue.
You will then be prompted for the PCM+ administrator username and
password that you defined during the PCM+ software installation process.
Note
If you are attempting to access PCM+ using the remote client on your
Windows client computer and a Login Failure dialog box appears indicating
the PCM+ server could not authenticate the client, then either you did not add
an IP address entry in the access.txt file or the entry does not match the
client’s IP address.
6. Enter administrator for Username and password for Password and then
click Login.
After you successfully log on to PCM+, the Network Management Home window
appears.
Rev. 8.41 L3.1 – 29

Dashboard window overview

The Network Management Home window provides a quick view of your network
status in the Dashboard tab, along with a navigation tree and provides access to
menu and toolbar functions. You can resize the entire window, and/or resize the
panes (sub-windows) within the Network Management window frame.
The Dashboard tab, within the Network Management Home window, contains six
separate panels. Selecting Network Management Home within the navigation tree
will always return you to the Dashboard window.
The dashboard window consists of following panels:
Network Device Status—Indicates the number of devices by operational
status. Clicking on this sub-panel will open the Device List window.
• Good indicates the device is responding normally to discovery and
status polling actions.
• Warning indicates the device is responding to polling and discovery
actions, but needs attention. Warnings can be triggered by events
received from the device or by agents monitoring the device.
• Unreachable indicates the device is not responding to discovery or
polling actions.
End-node Status—Indicates the number of end-nodes by operational status.
Similar to Network Device Status, End-node status provides Good, Warning,
and Unreachable status for End-nodes. Clicking on the End-node Status sub-
L3.1 – 30 Rev. 8.41

panel will open the Device List window. If you are using PCM+ for HP
OpenView NNM, end node information will not be available within PCM+.
Device Configurations—This panel displays two charts.
• A histogram indicating the number of devices with software
configurations that have changed since the original PCM+ device scan,
and days since the configuration changed. Clicking on this sub-panel
will open the Device Configuration window.
• A pie chart indicating the number of devices with the Preferred or
Other switch software installed. Hovering over the chart sections
displays a tool tip indicating the number of devices in that segment.
Events—This panel displays a summary of the outstanding
(unacknowledged) events, including a count (from left to right) of the number
of informational, warning, minor, major, and critical events. Clicking on this
panel will open the Events Monitor window. The color coded square
correlates to the severity level, e.g., purple is used for informational events.
Traffic Status—A color-coded gauge indicating traffic measurement in the
worst segment of the network based on threshold settings. If you do not have
PCM+ installed, an unavailable message is displayed within the Traffic
Status panel. The message “No devices monitored” is displayed if you do not
have any devices configured in the Traffic Monitor. Clicking on the Traffic
Status sub-panel will open the Traffic Monitor window. The color indicators
used in the Traffic gauge are:
• Green indicates the values are within normal range.
• Yellow indicates threshold values have exceeded the normal range, but
are not critical.
• Red indicates threshold values are in the critical range, and corrective
action is needed.
7. You can access most of the contextual tools and commands provided with
PCM+ using the right-click menus. To use the right-click menu, fully expand
the navigation tree on the left-hand side of the window and then right-click
on a switch node to display the menu. The menu should look as follows:
Rev. 8.41 L3.1 – 31

You can also access the right-click menus when you select a switch device in
the Devices List tab located on the right-hand side.
The options enabled in the right-click menu will vary based on the node or
device you have selected in the navigation tree, whether you are using PCM
or PCM+, and your login account type. Disabled functions will be grayed out.
L3.1 – 32 Rev. 8.41

8. To review Device Properties, double-click a device entry in the Devices List

window on the right or click the device node in the navigation tree on the left.
In addition to the general device properties, device name, IP address, and

other properties, the bottom portion of the window provides a static,
graphical view of the switch.
Rev. 8.41 L3.1 – 33

9. For those models that support it, you can select the “Live View” tab to
display a front panel view of the switch indicating such things as module and
port status.
10. Now that you have seen some of the key windows and navigation features in
PCM+, take some time to go exploring and get comfortable with the
interface. Navigate through the main PCM+ menus and see the options under
each one. From the Dashboard tab, select the Network Device Status
histogram to expand the currently installed devices.
11. Examine each device navigation tool bar by letting your mouse sit on each
one for a few seconds to see the mouse-over display of each button. Also
make sure to use the right mouse button so you can see what menu options
are available at the different levels of PCM.
12. Explore the connectivity options available to you for the devices through the
Device Access Menu icon.
13. Connect to your switch with the Telnet or Web interface available in PCM.
You can change PCM+ communication parameters per device through the
Device Wizard.
14. Examine the events collected so far by clicking on one of the status bars for
an event in the Events window.
This will open a new window allowing you to see the events listed up above
and detailed information for a selected event below.
L3.1 – 34 Rev. 8.41

15. Determine how you can filter events by severity which will eliminate events
that are not of interest at the moment, for example, if you trying to
troubleshoot a specific problem.
16. On the PCM+ menu bar, click Tools > Preferences to display the
Preferences window.
Rev. 8.41 L3.1 – 35

Most of the settings specified during the installation wizard and many others
can be changed using the PCM+ Preferences menu.
17. Looking down through the options on the left side, you will see the settings
that control the operation of the server. Take a few moments here and
expand the menus to see the various settings you can control.
18. Click the Automatic Updates menu option.
This is where you can configure how you would like the PCM+ application to
manage software updates for PCM.
L3.1 – 36 Rev. 8.41

19. If you have Internet access, click on the Check Now button to have PCM+
find any updates and install them.

21. If there are any updates to PCM+, they will be downloaded and installed on
the server. You may be asked to restart PCM+ after the updates are
downloaded and applied. If so, restart the application and access the
Preferences menu again.
22. To determine if you have the latest software images for each type of switch,
click the Configuration Management menu option.
Rev. 8.41 L3.1 – 37

23. At the bottom of the menu is the Software Update section. Click the
Download now! button. If the download is successful, the Last downloaded
field will be updated to match the date and time on your server.
24. Click the Device Access menu option.
L3.1 – 38 Rev. 8.41

You can control how device names are displayed, for example, in the
navigation tree and in the Devices List window and whether any friendly port
names that may have been configured are displayed.
25. Enable the System Name (IP Address) radio button to have PCM+ show the
hostname and IP address of your switches. Also, enable the Use Port
Friendly Names checkbox. Then click Apply.
You will be able to see the updated system names after the devices are
rediscovered in a step below.
26. Click the Discovery menu option and notice the managed and unmanaged
networks that are listed.
By default, PCM+ will only add the subnet of the discovery starting point
device (specified during the installation process) as a managed subnet. This
prevents the discovery process from running on networks where no network
devices exist and therefore generating unnecessary traffic.
Rev. 8.41 L3.1 – 39

27. Edit each of the three user VLANs and configure the following information.
Subnet Name Gateway
10.x.10.0 VLAN 10 10.x.10.1
10.x.20.0 VLAN 20 10.x.20.1
10.x.30.0 VLAN 30 10.x.30.1

28. Next, move the three user VLAN subnets from the Unmanaged Subnets
column to the Managed Subnets column and click Apply.
Notice how the discovery process restarts to find any manageable devices on
those subnets.
Depending on how your networks are configured, the number of networks
you have specified as managed subnets could vary greatly. For example, if
you have a management VLAN in place, then there may only be one
managed subnet in place, typically VLAN 1. If ProCurve network devices
are spread throughout a facility or campus then there could be many networks
listed as managed subnets.
L3.1 – 40 Rev. 8.41

29. Close the Preferences window. Examine the display name format that you
configured for your switches in a prior step by expanding the nodes in the
navigation tree or by double clicking on the Interconnect Devices node.
Rev. 8.41 L3.1 – 41

Task 5. Perform common management tasks – Configuration

management and VLANs
In this task, you use PCM+ to perform a configuration scan of one of your
switches and save it in the PCM+ configuration library. You will then make a
configuration change in the form of adding a VLAN to the switch using PCM+.
Once the configuration change has been made, you perform another configuration
scan and then examine the differences displayed in the PCM+ configuration
viewer. The configuration viewer enables you to see a line-by-line comparison
with any differences automatically highlighted.
1. To begin, ensure that the PCM+ server and the switches in your group can
communicate successfully. To test this communication, click the
Interconnect Devices node in the left pane and highlight your group’s 2610 or
equivalent edge switch.
2. With the Edge_3 device (10.x.1.4) selected in the Devices List tab, click the
Device Access menu icon and then select Test Communication
Parameters in PCM.
This will launch the Testing Communication Parameters window:
If your switch is configured correctly, the window should look like the
example below when the testing is finished:
Repeat these steps for each of your devices
L3.1 – 42 Rev. 8.41

Note
If one of these tests fails, consult with your instructor before continuing on
with the rest of the lab as you may not be able to perform all of the needed
procedures without full access to the switch.
3. By default, PCM+ is set to run configuration scans of ProCurve devices.

Since you may not want to wait for the initial scan, you can initiate a scan
manually and let PCM+ archive it.
With the Edge_3 device (10.x.1.4) selected in the Devices List tab click the
Tool menu drop down icon and choose the Scan option.
4. Enter “First Config” as the comment and click Next to continue.

If the CLI settings that you configured during the installation process are
correct, a new window will open showing the status of the configuration
scan.
Rev. 8.41 L3.1 – 43

5. You will have the option of using TFTP or Secure Copy, accept the default
“TFTP” and click Next. After the scan completes, click Next to continue.
L3.1 – 44 Rev. 8.41

6. If you had other configurations in your library then you could do a

comparison, but since this is the first scan just click Close to exit.
You will revisit this feature in a later step after you have made a
configuration change to your switch using PCM+.
Rev. 8.41 L3.1 – 45

7. Click on the Configuration tab above the device. You should see a window
that looks similar to the image below.
The configuration viewing window is divided into two panels.

• The upper panel shows the current configuration running on the switch.
An administrator would have a direct effect on the upper panel when in
configuration mode on the switch and making any changes.
• The lower panel shows the hardware configuration of the switch and
includes information about the chassis type, fans, modules, and ports.
The hardware configuration panel will only be updated if for some
reason the hardware of the switch has been changed.
8. Scroll through both panels and examine the information that is available to
you here.
Next, you will modify the software configuration file by creating a VLAN and
assigning some ports to the VLAN using PCM+ instead of the switch CLI.
9. The Create VLAN Wizard is only available in a certain context within
PCM+. To ensure that you will have access to the Create VLAN option,
click the Interconnect Devices folder in the left pane and then select your
Edge_3 switch in the right pane.
L3.1 – 46 Rev. 8.41

10. On the device tool bar, click the VLAN tool button and choose Create
VLAN to run the Create VLAN wizard.
The Create VLAN Wizard window appears.
Rev. 8.41 L3.1 – 47

11. Click Next to Continue.
12. Type 40 in the VLAN ID field and click Next to configure VLAN-specific
settings.
13. Add two currently unused ports as untagged members of VLAN 40. Leave
the IP Config setting disabled since there is no need to assign an IP address at
this time.
L3.1 – 48 Rev. 8.41

15. Review your settings. If everything looks correct, click Next to create the new
VLAN.
If the VLAN is created successfully, the status of the operation and a

summary of what was changed or added are displayed.
16. Click Close to exit the Create VLAN Wizard.
Rev. 8.41 L3.1 – 49
17. Now that you have made a change to your switch configuration, revisit the
configuration management features by running a new configuration scan on
your switch. But this time enter the comment “New VLAN 40”.
18. When the scan completes, choose the View Differences option this time and
click Next.
This is an example of what you will see. The window is divided into four
separate panels. PCM+ will highlight any differences between the two
configurations in a color-coded manner. You can scroll through the software
configurations line by line.
19. Scroll through your configuration files to note the changes that adding a
VLAN had on the configuration file.
20. Close the Configuration Difference Viewer window.
21. If these changes were unauthorized, the administrator has the option of
rolling back to the previously saved version of the configuration file.
Access the Configuration History tab for the Edge_3 device in the
Interconnect Device window.
L3.1 – 50 Rev. 8.41

This screen shows the history of the configuration scans and any changes
between the configuration files between scan as well as their timestamp. This
gives the network administrator the flexibility in being able to select an older
configuration and rolling back to it with the deploy button

22. Move your mouse over the icons on the left side of the tool bar to see what
other configuration options are available.
Rev. 8.41 L3.1 – 51

Task 6. Manage switch software updates

Another one of the more popular features of PCM+ is the ability to apply software
updates to ProCurve switches. The list of available software updates presented by
PCM+ can be updated automatically using the Internet. You can then select from
a list of software versions for your switches and either apply an update
immediately or schedule it for a future date and time.
1. To begin, select your Edge_3 switch on the Devices List tab of the
Interconnect Devices window.
2. Click the Software Update wizard icon in the tool bar. The Software
Update Wizard window appears.

PCM+ will perform a scan to determine the current software state of the
switch.
L3.1 – 52 Rev. 8.41

4. Once the Refresh is complete, click Next to continue.
This window shows the current software versions installed in the primary and
secondary flash areas and a list of other software versions the PCM+ server
has available.
5. Select the Primary or Secondary flash image area that you want to update and
then use the Select Version drop-down menu to choose a software version to
be installed.
Rev. 8.41 L3.1 – 53

6. Click Next to continue:
This window allows you to specify the time for the software update and
whether or not the switch is to be rebooted after the update is completed.
7. Accept the default settings and click Finish to continue. The software update
will begin.
8. In the upper tool bar of the PCM+ window is a Software Update Status icon
that can be used to check the status of the software update.
L3.1 – 54 Rev. 8.41

9. Click the Software Update Status icon .
After several minutes the update process and reboot of the switch should be
complete.
10. Once your switch reboots, access the switch CLI via Telnet or the serial port
and use the show version command to verify that the software update has
been successful.
11. Once you have successfully deployed the latest software update for your
Edge_3 switch, you can perform the equivalent task for your Core switch.
The software for the Edge_1 and Edge_2 switches were updated in lab 1.
Rev. 8.41 L3.1 – 55

Task 7. Use the Find Node and Trace Path diagnostic tools
PCM+ has several diagnostic tools, but two of the most useful and easiest to use
are the Find Node and Node to Node Trace Path tools. These tools allow you to
find a node on your network and return information that not only indicates whether
the node is reachable, but also to which switch and port the node is connected.
This can be done based on the device’s IP address or MAC address.
1. Connect your Windows client computer into a port on the Edge_3 switch that
you configured as an untagged member of VLAN 30. That configuration task
was done in lab 2.
2. Use “ipconfig” from a DOS prompt to verify the Windows client computer
has an IP address in VLAN 30 (10.x.30.y), where “x” is your group number
and “y” is a host number from the scope defined on the DHCP server (50 to
150).
3. Verify you can “ping” other devices on the network from the Windows client
computer.
4. Click the Find Node icon in the upper tool bar of the PCM+ window.
The Find Node window appears.
L3.1 – 56 Rev. 8.41

5. Enter the IP address of your Windows client computer and click Find.
In this example, the Windows client computer with the IP address of

10.1.30.50 is connected to the Edge_3 switch (2610) with the IP address
10.1.1.4. The port the client is connected to has a friendly port name of
Win_Client. Notice that the client’s MAC address is displayed (grayed) in
the MAC field that is below the IP Address field. The MAC address listed in
the Connected Devices table entry is that of the switch.
6. Next, you use the Node to Node Trace Path tool to determine the path
between two devices on your network. The information acquired will include
both switch hop information and port information.
Click the Node to Node Trace Path icon in the upper tool bar of the
PCM+ window. The Node to Node Path Trace window appears.
Rev. 8.41 L3.1 – 57

7. Specify the IP address of your Windows client computer as the source device
and the IP address of your Windows server computer as the destination
device.
Note
You can reverse the order of what you specify as the source and destination
devices.
8. Click Find Path.
The output of a node to node path trace will display each hop traversed
between the Windows client computer and the Windows server computer.
The output will also show the uplink ports traversed.
L3.1 – 58 Rev. 8.41


In this task you back up the configuration file of each of your switches to the PCM
Management Server using the configuration scan tool and to the Windows client
computer using the CLI copy command.
1. Click the Interconnect Devices node in the navigation tree pane and then
select one of your switches in the Devices List window.
2. In the Devices List tab, click the Tool menu drop-down icon and
choose the Scan option.
3. Enter the appropriate comment from the table below and click Next to
continue.
Comment/
Switch
Filename
Core lab3_core
Edge_1 lab3_edge_1
Edge_2 lab3_edge_2
Edge_3 lab3_edge_3
4. After the scan completes, click Next to continue.

5. Click Close to exit. Repeat the steps above for each of the remaining
switches.
6. Back up the configuration file of each switch from the CLI by transferring the
configuration file to the Windows client computer using TFTP.
Use the “copy” command and specify a filename for each switch from the
table above.
NOTE: Now that PCM+ is running with a built in TFTP server your tftp
copy commands will place the file into the PCM+ Default directory which is:
C:\Program Files\Hewlett-Packard\PNM\server\data\download
Rev. 8.41 L3.1 – 59

Optional tasks
In this lab exercise, you explore the traffic monitoring capabilities of PCM+. This
includes the ability to monitor network traffic showing utilization percentage, and
packet and error transmission rates. You will be using the Traffic Manager to
examine network traffic produced by a basic traffic generator program. Using the
traffic generator program, you can designate the destination IP address and port
number, and the relative traffic loading level. The Traffic Manager’s main window
will provide an overview of the traffic activity on a given segment and the Top
Overview Window will provide a means to drill-down and examine the traffic
profile in more detail.
Optional Task 9. Run the traffic generator program

In this task, you will run a traffic generator program called TfGen on the Windows
client computer. Your objective is to generate a relatively high volume of unicast
traffic that will be targeting port 69. Port 69 is the Trivial File Transfer Protocol
(TFTP) port. We will use this port to see traffic generated in the Traffic Manager
from the Core switch and a lesser volume of traffic targeting port 137 on the
Windows server computer.
1. To begin, first connect the Windows client computer to an unused port on

Edge_1.
2. Since the Windows client computer is currently configured to acquire an IP
address using DHCP, you will need to configure Edge_1 so that the port you
selected is an untagged member of VLAN 10. VLAN 10 is currently the only
user VLAN configured on Edge_1.
Alternatively, you could manually assign an unused IP address to the
Windows client computer from VLAN 1, such as 10.x.1.11.
3. On the Windows client computer, launch the TfGen program.
An icon may be located on the desktop or you may need to use Start
> Programs to locate the program.
4. Configure the following options:
• Utilization rate: 15000
• Destination: 10.x.1.1 (Core switch)
Substitute your Group number for “x”.
• User-definable port: 69
L3.1 – 60 Rev. 8.41

5. In the TfGen window, click Start to start the traffic flow.

You should see the switch activity lights illuminate on your switches.
6. On the Windows client computer, launch a second instance of the TfGen
program.
7. Configure the following options:
• Destination: 10.x.1.10 (Windows server computer)
Substitute your Group number for “x”.
This second instance of TfGen is being used to introduce some variety into
the network traffic so that the Top Overview windows will be more
interesting to examine.
8. In the second TfGen window, click Start to start the traffic flow.
Rev. 8.41 L3.1 – 61

Optional Task 10. Use the Traffic Manager to examine the traffic
data
In this task, you will examine a variety of traffic statistics collected by the Traffic
Monitor.
1. In the PCM+ navigation pane, click Interconnect Devices and then click the
Devices List tab.
2. Click the core switch and then click the Traffic tab.
You will see the Traffic Manager window. On the left is the Top Overview
summary which displays the worst measures for each metric group, and the
number of ports that have reached critical or warning thresholds in the last
interval. To the right is the Traffic Gauge and Mini-Trend panel which
displays the worst port in the current minute. When a heading row is selected,
for example Utilization (0 Critical, 1 Warning), the worst metric in that group
is selected. Below is the Overview Panel which displays a table with the
device/ports for the selected device or device group in the navigation pane.
Note
You may have to wait several minutes for activity to appear in the
gauges and the segment view. If relatively low activity levels appear,
you may need to increase the TfGen utilization values proportionately.
You should see the activity on the gauge increasing. From the traffic you are
generating, you should be able to cause the utilization of a 100 Mbps client
port to easily exceed 50%.
L3.1 – 62 Rev. 8.41
The other statistics will likely be relatively low on that port and register
primarily in the green region of the gauges.
Notice the port identified in the gauge, it will likely be the Edge_1 port
connecting to the client in most cases, but not necessarily.
3. In the Top Overview, expand the Utilization node and then click the port
connecting to the edge0x switch.
4. To view the levels better, use the horizontal sliders to decrease the time for
both Rx and Tx traffic.
Notice the relative levels of the Horizontal threshold indicators. Assuming

this switch-to-switch port is 1 Gbps and the edge port is 100 Mbps, the
indicators on the Horizontal threshold indicators will likely register in the
green region.
Rev. 8.41 L3.1 – 63

5. Disable the Show Inactive Ports checkbox.
The Show Inactive Ports checkbox is on by default. When unchecked, PCM

will only show the active ports on the switch.
6. Right click the port connecting to the edge_1 switch and click Port
Summary from the pop-up menu.
The Statistics tab provides a table that lists the summary details for each
traffic metric of the selected port.
L3.1 – 64 Rev. 8.41

7. Click the Threshold Violations tab.
You should not see any threshold violations from the traffic you have
generated from this point. Later in the lab you will move the thresholds to
create violations.
8. Click the Port tab.
The Port tab provides port attributes like the port name, speed, whether the
port is active or inactive the port index number. Notice that this tab also
displays if the port is using the Default Thresholds for traffic.
Rev. 8.41 L3.1 – 65

9. Click the Device tab.
The Device tab lists the basic information for the device the port belongs to,
including IP Address, Product Name (model or device group) and if sFlow
and XRMON functions are supported on the device (yes or no).
10. Click the Log tab.
The Log tab displays timestamps for the latest received traffic updates. It is
essentially a history of the contents of the Traffic tab's Msg/Time column. It
is a good place to start troubleshooting traffic issues.
11. Close the Port Summary window.
12. Stop both TfGen programs.
L3.1 – 66 Rev. 8.41

Optional Task 11. Modify threshold alarms

In this task, you will modify the warning and critical threshold alarms for the
Utilization % statistical attribute on the port connecting to the Windows client
computer. By enabling the warning alarm, in addition to the critical alarm, will
allow an event to be generated should your currently configured traffic load only
be in the warning (yellow) range.
1. Right click the port connecting to the edge_1 switch and click Configure
Thresholds.
Notice that the sliders allow you to adjust the relative ranges that correspond
to the warning and critical thresholds.
Rev. 8.41 L3.1 – 67
2. In the interest of time for this lab, move the Rx and Tx sliders of the
Utilization % Warning threshold to 3 % and the Critical threshold to 5%.
You could also change the values from 75% to 5% and 3% respectively.
3. Click OK.
4. Restart both TfGen programs.
5. Increase the TfGen program instance that had Utilization set at 15000 to
45000.
Notice that the traffic gauge has now changed its thresholds
L3.1 – 68 Rev. 8.41

6. Wait for the first alarm by viewing the Traffic tab.
Notice that the warning alarm is lit in three places; the Top Overview, the
traffic gauge and in the Port summary view.
7. In the Top Overview panel of the Traffic tab, expand the Summary node and
then the Utilization node.
8. Click the port connecting to the edge_1 switch.
Notice that the bars have changed color from green to yellow denoting a
warning.
Rev. 8.41 L3.1 – 69

9. In the navigation pane, click Network Management Hone and then click the
Events tab.
You should be able to locate an event describing a threshold being exceeded

10. Right click the port connecting to the edge0x switch and select Port
Summary.
The Threshold Violations should look similar to the graphic above. Notice
that the only metric type that is in violation is the Rx side of the Utilization.
11. Close the Port Summary window.
L3.1 – 70 Rev. 8.41

Optional Task 12. Configure an RMON Manager threshold

In this task, you will use the RMON Manager feature to generate events. The
RMON Manager allows you to generate events based on a wide variety of SNMP
MIB and RMON interface statistics. As a simple example, you will configure the
RMON Manager to generate an event based on the received bytes threshold being
exceeded.
1. In the navigation pane, click the Interconnect Devices node.

2. In the Devices List window, right-click the core_1 switch and click RMON
Manager in the pop-up menu.
3. Click Add.
4. In the RMON Threshold window, select the port connecting to the Windows
client computer.
5. Accept the defaults for the remaining parameters and click OK.
6. Click Close.
7. In the navigation pane, click the Network Management Home node and
then click the Events tab.
Wait a few minutes for the RMON threshold for bytes received by the Core
switch on the client port to be exceeded. The event will be sourced from the
Core switch as an enterprise-specific trap with a critical severity level.
Rev. 8.41 L3.1 – 71

8. On the Windows client computer, close each of the TfGen program

instances.
L3.1 – 72 Rev. 8.41

Command Reference
needed.
Command Description
<filename> server
Rev. 8.41 L3.1 – 73

L3.1 – 74 Rev. 8.41

Configuring Link Aggregation
Module 4 Lab 1
Objectives
Configure a port trunk between two switches
Verify operation of the port trunk
Overview
ProCurve University is expecting that the links connecting the core switch to the
edge switches will require additional bandwidth to support increasing use of
convergence technologies, data warehousing, and system backups. In this lab
exercise, you will implement three port trunks to increase the capacity of the links
between the switches. You will configure a port trunk between the Core switch
and Edge_1, one between the Core switch and Edge_2, and one between Edge_2
and Edge_3.
Link aggregation, which is also referred to as “trunking” or “load sharing”, is used
primarily to increase throughput between switches and maximize the efficiency of
available bandwidth. The connected ports forming a trunk can have differing
characteristics such as speed, flow control settings and media type. It is also very
important to remember that the links being added to form a port trunk are
disconnected or disabled while you are carrying out the configuration tasks to
avoid a broadcast storm on the network.
One common example of a trunk is to use multiple ports as a network backbone,
shuttling traffic to and from a building, for instance. Another example might be to
use a trunk to move large data files, such as graphics or video to/from a server
farm. This same scenario might apply to backups or data warehousing. In any case,
trunks provide increased bandwidth while allowing for increased efficiency
throughout the attached networks.
Rev. 8.41 L4.1 – 1

Network diagram
In this lab exercise, you will be implementing redundant uplinks between your
switches by configuring a port trunk using the switch CLI. You may select any
ports you prefer, but it is recommended that you use gigabit ports when available.
You will require three additional Ethernet cables for the redundant links.
L4.1 – 2 Rev. 8.41

Task 1. Prepare a Windows client connection

In this task, you configure Edge_1 by adding a port to VLAN 10 as an untagged
member so that the Windows client computer can be used for testing purposes in a
later task.
1. Using the CLI on Edge_1, configure an unused port as an untagged member
of VLAN 10.
Note
Depending on whether you performed the optional tasks in lab exercise
2, you may have previously configured a port on Edge_1 as an untagged
member of VLAN 10.
2. Connect the Windows client computer to the port you configured above.
3. Verify the Windows client computer is assigned an IP address in VLAN 10
using DHCP.
4. Verify you can ping the IP address of the Core switch in VLAN 10,
10.x.10.1, from the Windows client computer.
Rev. 8.41 L4.1 – 3

Task 2. Define two ports as members of a static LACP trunk

between Core and Edge_1
Note
Do not connect the ports representing the second link of a port trunk
with an Ethernet cable until the configuration is complete.
1. Using the CLI on the Core switch, define two ports as members of a static
LACP trunk that will connect to Edge_1. Use the “trunk” command to
create the static trunk. For example, use trk1 as the trunk name.
The network diagram illustrates the use of two gigabit ports as a trunk. If
you choose to aggregate 10/100 ports into a trunk, be sure to use ports that
are untagged members of VLAN 1 on both sides of the trunk and not
members of one of the user VLANs.
Use the CLI help or refer to the switch documentation provided on your
Windows computer for assistance with command syntax.
2. Using the CLI on Edge_1, define two ports as members of a static LACP
trunk that will connect to the Core switch. For example, use trk1 as the
trunk name.
3. From the CLI on Edge_1, verify that the Core switch is reachable.
4. Connect the second link of the trunk you defined between the two switches
using an available Ethernet cable.
L4.1 – 4 Rev. 8.41

Task 3. Examine connectivity

1. Use the “show lldp info remote” and “ping” commands on the Core and
Edge_1 switches to verify that all switches in your group are available.
2. From a command prompt on the Windows client computer, “ping” the IP
address of the Core switch in VLAN 10, 10.x.10.1.
The ICMP echo request will not be successful because you lost your
connection with the switch after you issued the command to create the trunk.
a. Why was the connection lost? _________________________________
__________________________________________________________
3. From a command prompt on the Windows server computer, “ping” the IP
This ICMP echo request should be successful
b. Why was this connection maintained? __________________________
__________________________________________________________
Rev. 8.41 L4.1 – 5

Task 4. Assign the trunk ports to the appropriate VLANs

1. Display a list of the VLANs defined on the Core and Edge_1 switches.
2. Display a list of the ports assigned to each VLAN.
3. Make the appropriate port VLAN assignments on both switches to enable
connectivity for hosts in VLAN 10.
address of the Core switch in VLAN 10, 10.x.10.1, to verify connectivity has
been restored for VLAN 10.
L4.1 – 6 Rev. 8.41

Task 5. Implement a static LACP trunk between Core and Edge_2

1. Prepare a Windows client connection on Edge_2 by doing the following:
• On Edge_2, configure an unused port as an untagged member of VLAN
20. You may have previously configured a port on Edge_2 as an
untagged member of VLAN 20 during lab exercise 2.
• Connect the Windows client computer to the port you configured above.
• Verify the Windows client computer is assigned an IP address in VLAN
20 using DHCP
• Verify you can ping the IP address of the Core switch in VLAN 20,
10.x.20.1.
2. On the Core switch, define two ports as members of a static LACP trunk that
will connect to Edge_2.
The diagram illustrates the use of two gigabit ports as a trunk. If you choose
to aggregate 10/100 ports into a trunk, be sure to use ports that are untagged
members of VLAN 1 on both sides of the trunk and not members of one of
the user VLANs.
Note
Ensure you use a trunk name that is different than the one used
previously. Otherwise, the ports will be added to the existing trunk. For
example, use trk2 as the trunk name.
3. On Edge_2, define two ports as members of a static LACP trunk that will
connect to the Core switch.
6. Verify that all switches in your group are available using the “show lldp info
remote” and “ping” commands.
been lost for VLAN 20.
connectivity for hosts in VLAN 20 and 30.
Rev. 8.41 L4.1 – 7

address of the Windows client computer to verify connectivity has been
restored for VLAN 20.
L4.1 – 8 Rev. 8.41

Task 6. Implement a static LACP trunk between Edge_2 and

Edge_3
30 using DHCP
• Verify you can “ping” the IP address of the Core switch in VLAN 30,
10.x.30.1.
connect to Edge_3.
the user VLANs.
Note
previously. Otherwise the ports will be added to the existing trunk. For
connect to Edge_2.
4. From the CLI on Edge_3, verify that Edge_2 is reachable.
8. Display a list of the VLANs defined on the Edge_2 and Edge_3 switches.
Rev. 8.41 L4.1 – 9
12. From a command prompt on the Windows server computer, ping the IP
L4.1 – 10 Rev. 8.41


2. Use the PCM configuration scan tool to back up the configuration file of each
switch to the PCM Management Server.
Enter a comment from the table below.
Comment/
Switch
Filename
Core lab4.1_core
table above.
Rev. 8.41 L4.1 – 11

Optional task
Continue on with this optional task if you have completed the required section of
the lab exercise.
Optional Task 8. Verify load sharing

In this task, you introduce traffic over the trunk and observe the port counters to
see a demonstration of load sharing.
1. On your Windows client computer, start the TfGen program and configure
the following options:
• Destination: 10.x.1.3 (Edge_2) or 10.x.1.1 (Core) or 10.x.1.2 (Edge_1)
• Traffic pattern: Continuous and constant
Note
For the IP address you need to specify an IP address of any device that
is on the other side of a trunk relative to the Windows client computer.
Although the TfGen window shows that utilization is expressed in Kbps, this
is not a literal measurement, so don't make the number so high that the links
will be saturated.
3. Use the “show interface” command to view a snapshot of the port counters.
Since the CLI does not refresh dynamically, you will need to repeat the
command to see the port counters increment. Traffic is shared by
“conversation”. Because you have started only one conversation, the traffic
is not balanced over the links in the trunk.
4. To view the port counters dynamically, access the web interface and choose
“Port counters” from the “Status and Counters” submenu.
5. Without terminating the first instance of TfGen, start a second instance of
TfGen and specify a different IP address on the other side of the trunk as the
destination.
Because this is a second distinct conversation (source IP address/destination
IP address pair), it may be assigned to a different link in the trunk.
It is important to note that there is no guarantee the second conversation will
be assigned to a different link in the trunk compared to the first conversation.
However, conversations among a larger group of hosts are more likely to
result in evenly distributed traffic.
L4.1 – 12 Rev. 8.41

Command Reference
needed.
Command Description

VLAN
trunk <port-list> <trunk-name> lacp Defines a static LACP port trunk
<filename> server
Rev. 8.41 L4.1 – 13

L4.1 – 14 Rev. 8.41

Configuring RSTP
Module 4 Lab 2
Objectives
Configure RSTP
Verify operation of RSTP
View RSTP operational status and information
Overview
Now that additional links using port trunking have been put in place to address
bandwidth concerns, ProCurve University would like to have redundant links in
place in the event a trunk fails between a pair of switches. To address this issue,
you will use redundant links and the Rapid Convergence Spanning Tree Protocol
(RSTP).
In this lab exercise, you enable RSTP on your core and edge switches. Additional
links will be implemented to provide the necessary link redundancy. You will
then examine spanning tree detail, record the active path through the network, and
make any necessary configuration changes to enable user VLAN traffic to be
transported in the modified topology.
Note
At the instructor’s discretion, you may be given the option of performing either lab
exercise 4.2 or lab exercise 4.3.
Rev. 8.41 L4.2 – 1

Network diagram
In this lab exercise, you will be implementing RSTP and additional links for
redundancy. You will need to modify the Ethernet cabling among three of your
switches as indicated in the network diagram. You will be using the CLI to
perform all of the configuration tasks.
L4.2 – 2 Rev. 8.41

Configuring RSTP
Task 1. Configure VLAN 30 support on your switches

In this task, you configure your four switches so that they can transport traffic for
VLAN 30. This is being done in support of the Windows client computer that you
will be using to verify network operation. The Windows client computer should be
connected to Edge_3 and assigned an IP address in VLAN 30.
1. On your four switches, where necessary, configure the trunks to transport
traffic for VLAN 30. Use the “show vlans 30” command to see which trunks
are configured.
2. Verify the Windows client computer connected to Edge_3 can “ping” each of
the IP addresses of the user VLANs on the Core switch.
3. Verify the Windows client computer connected to Edge_3 and the Windows
server computer connected to Edge_1 can ping each other.
Do not proceed until you have resolved all connectivity issues.
Rev. 8.41 L4.2 – 3

Task 2. Configure the spanning tree bridge priority and version

1. On your four switches, configure the spanning tree bridge priority as follows:
Spanning Tree
Switch
Bridge Priority
Core 1
Edge_1 2
Edge_2 2
Edge_3 3
2. On your four switches, force the version of spanning tree for RSTP operation.
L4.2 – 4 Rev. 8.41

Configuring RSTP
Task 3. View spanning tree details and enable RSTP

1. Use LLDP to determine which trunk ports connect to other switches and
define those trunk ports as non-edge ports, i.e., switch-to-switch links.
2. Enable RSTP.
a. Based on the configured settings, which switch do you expect to be the
Root Bridge of the spanning tree? _____________________________
3. On each switch, display the spanning tree information for all switch-to-switch
ports to verify your answer.
Rev. 8.41 L4.2 – 5

Task 4. Add a redundant link and verify the state of each port
1. Connect the new link between Edge_1 and Edge_2 shown on the network
diagram below. Select any unused ports to connect the Ethernet cable.
2. Define the new ports as non-edge ports, i.e., switch-to-switch links.

ports.
4. Record the state of each port on the network diagram above using “F” to
indicate forwarding or “B” to indicate blocking.
L4.2 – 6 Rev. 8.41

Configuring RSTP
Task 5. Verify connectivity and proper configuration

1. Use LLDP to verify the status of neighboring switches.
a. Do all switches appear as neighbors? _________
b. Why or why not? __________________________________________
2. Verify the Windows client computer connected to Edge_3 can ping each of
3. If a ping fails, then do the following:
• Verify physical and logical connectivity to determine the cause of the
failure. Use the “show vlan ports” command to verify which VLANs
are being carried by the switch-to-switch links and indicate the VLAN
assignments on the network diagram above.
• Modify the configurations on the necessary switches to enable the user
VLAN traffic to be transported to the destination.
• Repeat the ping tests and modify your switch configurations as needed
until all ping tests are successful.
4. If all pings were successful, then do the following:
• Disconnect both links comprising the trunk between the Core and
Edge_2 switches. This will ensure the new redundant link is used for the
ping tests to be done next.
• Repeat the ping tests. The pings should now fail. Verify physical and
logical connectivity to determine the cause of the failure.
• After testing is complete, reconnect both links comprising the trunk
between the Core and Edge_2 switches.
Rev. 8.41 L4.2 – 7

Task 6. Add the second redundant link and verify the state of each
port

ports.
L4.2 – 8 Rev. 8.41

Configuring RSTP

• Disconnect both links comprising the trunk between the Edge_2 and
between the Edge_2 and Edge_3 switches.
Rev. 8.41 L4.2 – 9

Task 8. Tag connected ports to carry all user VLANs

1. In preparation for subsequent lab exercises, verify all switch to switch links
are tagged for all user vlans. Make any configuration changes that may be
necessary.
L4.2 – 10 Rev. 8.41

Configuring RSTP

Comment/
Switch
Filename
Core lab4.2_core
table above.
Rev. 8.41 L4.2 – 11

L4.2 – 12 Rev. 8.41

Configuring RSTP
Command Reference
needed.
Command Description
Displays spanning tree status information for a

show spanning-tree <port-list>
list of ports
spanning-tree Enable spanning tree
spanning-tree priority <number> Sets spanning tree bridge priority
spanning-tree force-version rstp-operation Sets RSTP as spanning tree protocol version
no spanning-tree <port-list> edge-port Defines port list as non-edge ports
reload Performs a cold reboot
<filename> server
Rev. 8.41 L4.2 – 13

L4.2 – 14 Rev. 8.41

Configuring MSTP
Module 4 Lab 3
Objectives
Configure MSTP
Verify operation of MSTP
View operational status and details of multiple MST instances
View operational status and details of the CST
Overview
bandwidth concerns, ProCurve University would like to address the need for
redundant links in the event a trunk fails between a pair of switches. To address
this issue, you will use redundant links and the Multiple Spanning Tree Protocol
(MSTP) to improve network availability for the ProCurve University environment.
In contrast to how RSTP operates, ProCurve University management would like to
investigate how MSTP could be used to help distribute user VLAN traffic more
efficiently across the network. Instead of having all user VLAN traffic traverse a
common spanning tree as it does when using RSTP, MSTP will be deployed with
multiple MST instances to distribute traffic load based on VLANs. The switches
will map two of the user VLANs to one MST instance and the remaining VLAN to
the other MST instance.
The tasks you perform include configuring parameters common to the MST
Region and parameters specific to each of two MST instances. After defining MST
parameters, you will examine MST operational status and other detailed
information using CLI commands.
Note
Rev. 8.41 L4.3 – 1

Network diagram
In this lab exercise, you will be implementing MSTP with two MST instances.
You will need to modify the Ethernet cabling among your four switches as
indicated in the network diagram. The Core switch will be configured as the Root
Bridge of MST instance 1 and Edge_2 will be configured as the Root Bridge of
MST instance 2. You will be using the CLI to perform all of the configuration
tasks.
L4.3 – 2 Rev. 8.41

Configuring MSTP
Task 1. Tag the currently connected ports to carry all user VLANs
1. Verify each of the user VLANs have all currently connected ports of the
trunks as tagged members. Make any configuration changes that may be
necessary.
Rev. 8.41 L4.3 – 3


Spanning Tree
Switch
Bridge Priority
Core 1
Edge_1 2
Edge_2 2
Edge_3 3
2. On each of your four switches, configure spanning tree for MSTP operation.
3. Save your configuration and reboot each switch for MSTP to become active.
L4.3 – 4 Rev. 8.41

Configuring MSTP
Task 3. Enable spanning tree and view spanning tree information

for the CST
1. Use the “spanning-tree” command to enable spanning tree on each switch.
2. Use the “show span” command on each switch to see the Common Spanning
Tree (CST) details.
a. What are the VLAN mappings for the Internal Spanning Tree (IST)?
____________
b. Which switch is the Root of the CST? ____________
3. Examine the running configuration on the switch that is the CST Root.
c. What spanning tree configuration parameter in the running
configuration caused this switch to become the CST Root?
_________________________________________________________
Rev. 8.41 L4.3 – 5

Task 4. Configure MST region and per-instance parameters

In this task, you complete the configuration of MSTP.
1. Define an MST Region identity on each of your switches using the following
settings:
Parameter Value
config-name procurve
config-revision 1
Note
All switches in your group will be members of the same MSTP Region and
therefore must have the same region configuration parameters.
2. Associate user VLANs with MST instances on each of your switches using
the following settings:
Instance VLANs
1 10
2 20 and 30
3. Configure Bridge Priorities for each MST instance on the switches that will
function as the Root Bridges using the following settings:
Switch Instance Priority
Edge_1 1 1
Edge_1 2 2
Edge_2 1 2
Edge_2 2 1
4. View the MST configuration on each switch.

5. Verify the same VLANs are mapped for each MST instance on each switch.
All switches must have the same ‘config-name’ and ‘config-revision’
parameters. All switches must also have the same VLANs assigned to each
MST instance. If you have not configured the same MST parameters for all
switches, there may be multiple Root Bridges for MST instance 1 and/or
MST instance 2 within the MST Region.
L4.3 – 6 Rev. 8.41

Configuring MSTP
diagram at the beginning of the lab. Select any unused ports to connect the
Ethernet cable.
Note
For MSTP, the default setting of each port is “non-edge” port, i.e., the
port is assumed to be used for a switch-to-switch link. In contrast, for
RSTP, the default is “edge” port, i.e., the port is assumed to be used for
connectivity to an end station.
Therefore, you can use the default MSTP setting for the ports of the two
new switch-to-switch links you add in this lab exercise.
2. View the spanning tree details for MST instance 1 on each of your switches.
3. Record the Regional Root MAC Address reported by each of the switches.
Switch Regional Root MAC Address
Core
Edge_1
Edge_2
Edge_3
4. Verify that all four switches agree that Edge_1 is the Root Bridge of MST
instance 1.
5. Using the output from the “show span instance 1” command, record the state
of each port on the network diagram below using “F” to indicate forwarding
or “B” to indicate blocking
Rev. 8.41 L4.3 – 7

Active Path for MST Instance 1 (VLAN 10)
instance 2.
or “B” to indicate blocking.
L4.3 – 8 Rev. 8.41

Configuring MSTP
Active Path for MST Instance 2 (VLANs 20 and 30)
Rev. 8.41 L4.3 – 9


b. Why or why not? _______________________________________
If a ping fails, then the likely cause is that the ICMP echo request packet can
not traverse the spanning tree path that includes the new switch-to-switch link
because the new ports are not tagged members of VLAN 30.
If a ping is successful, then the ICMP echo request packet traversed a
spanning tree path that includes the previously implemented links of which
the ports are already tagged members of VLAN 30.
3. On Edge_1 and Edge_2, determine the tagged/untagged status of the ports
comprising the new switch-to-switch link.
Use the “show vlan ports <port-list>” command to determine which VLANs
the ports are members. Then use the “show vlans <vlan-id>” command to
determine the tagged/untagged status.
You should see that, by default, the new ports are not tagged members of any
VLAN, but they are untagged members of VLAN 1.
4. Configure the ports of the new switch-to-switch link on Edge_1 and Edge_2
as tagged members of VLAN 10, 20 and 30.
L4.3 – 10 Rev. 8.41

Configuring MSTP
port
Ethernet cable.
Rev. 8.41 L4.3 – 11

L4.3 – 12 Rev. 8.41

Configuring MSTP
Task 8. Verify connectivity and proper configuration for the second

link
2. On Edge_1 and Edge_3, configure the ports of the new switch-to-switch link
Rev. 8.41 L4.3 – 13


Comment/
Switch
Filename
Core lab4.3_core
table above.
L4.3 – 14 Rev. 8.41

Configuring MSTP
Command Reference
needed.
Command Description
show vlans ports <port> Displays the VLANs a port is a member of
show spanning-tree Displays common spanning tree information
show spanning-tree mst-config Displays the MST configuration
show spanning-tree instance <instance-id> Displays MST information for an instance
spanning-tree Enables spanning tree
spanning-tree force-version mstp-operation Sets MSTP as spanning tree protocol version
spanning-tree protocol-version mstp Sets MSTP as spanning tree protocol version
spanning-tree config-name <name> Defines the name of the MST region
spanning-tree config-revision <number> Defines the revision number of the MST region
spanning-tree instance <instance-id> vlan

Assigns VLANs to an MST instance
<vlan-id>
<filename> server
Rev. 8.41 L4.3 – 15

L4.3 – 16 Rev. 8.41

Enabling HP Switch Meshing
Module 4 Lab 4
Objectives
Enable HP Switch Meshing
Verify operation of HP Switch Meshing
Overview
Up to this point you have investigated how network capacity between switches can
be improved using HP port trunking and multiple links. You have also deployed
either RSTP or MSTP with redundant paths to address network availability.
In this activity, you will examine an alternative approach to Layer 2 redundancy,
HP Switch Meshing, which can also support redundant paths in a network, but
with an important difference. With HP Switch Meshing, the alternative paths can
be used concurrently rather than be blocked by a spanning tree protocol. This
capability will enable ProCurve University to use the available bandwidth more
efficiently.
Before you actually move forward with implementing HP switch meshing, there
are various changes that you will need to make to the lab environment in terms of
the switch configurations and physical connections. These changes are necessary
for this lab scenario, because of two factors. The first factor is IP routing and HP
switch Meshing cannot be enabled concurrently on a ProCurve switch. The second
factor is the switch that you are using as Edge_3 (2610 series) does not support HP
Switch Meshing.
Rev. 8.41 L4.4 – 1

Network diagram
In this lab exercise, you will be implementing HP Switch Meshing on the Core,
Edge_1, and Edge_2 switches using the CLI. Edge_3, a 2610 series switch, does
not support HP Switch Meshing and so will not participate in the mesh. The IP
routing support will be “moved” from the Core switch to Edge_3 because IP
routing and HP switch Meshing cannot be enabled concurrently on a ProCurve
switch.
Edge_3 will forward IP traffic on behalf of users connected to VLANs 10, 20, and
30. RSTP (if lab 4.2 was completed) or MSTP (if lab 4.3 was completed) will
remain enabled since redundant paths exist between Edge_3 and the other two
edge switches.
L4.4 – 2 Rev. 8.41

Task 1. Modify the Core switch configuration

In this task, you remove IP address and IP helper address assignments from the
user VLANs and disable IP routing on the Core switch. You also modify the
spanning tree bridge priority and assign a default gateway IP address on the Core
switch.
Note
Due to the various IP addressing and Ethernet cabling changes you will
be making, it is recommended you access the CLI of each switch
directly using the console port instead of a Telnet connection.
1. Remove the IP address assigned to each user VLAN—VLANs 10, 20 and 30.
2. Remove IP routing.
3. Specify a default gateway IP address identifying the Edge_3 switch, 10.x.1.4.
4. Change the common spanning tree bridge priority to 2.
Rev. 8.41 L4.4 – 3

Task 2. Modify the Edge_3 switch configuration

In this task, you assign an IP address and IP helper address to the user VLANs and
enable IP routing on Edge_3. You also modify the spanning tree bridge priority
and remove the default gateway IP address on Edge_3.
1. Remove the default gateway IP address that identified the Core switch as the
default gateway.
2. Assign an IP address and IP helper address to each user VLAN—VLANs 10,
20 and 30.
VLAN IP Address IP Helper
10 10.X.10.1/24 10.X.1.10
20 10.X.20.1/24 10.X.1.10
30 10.X.30.1/24 10.X.1.10
3. Enable IP routing.
L4.4 – 4 Rev. 8.41

Task 3. Modify the Edge_1 and Edge_2 switch configurations

In this task, you change the default gateway IP address on Edge_1 and Edge_2.
1. Change the default gateway IP address to the IP address of Edge_3, 10.x.1.4.
Make this configuration change to both Edge_1 and Edge_2.
Rev. 8.41 L4.4 – 5

Task 4. Modify the Windows server computer configuration

L4.4 – 6 Rev. 8.41

Task 5. Configure additional ports on Core, Edge_1 and Edge_2

In this task, you configure additional ports on each switch that will be used for the
new network connections. These additional ports will be tagged members of all
three user VLANs. You will need to define four additional ports on Core, Edge_1,
and Edge_2. No additional ports will be configured on Edge_3.
Note
Any ports configured in previous lab exercises can remain unchanged.
In most cases, you will be disconnecting the Ethernet cables from those
ports and using them to connect the additional ports you configure in
this task.
1. On the Core switch, configure four unused ports as tagged members of

VLANs 10, 20 and 30.
2. On Edge_1, configure four unused ports as tagged members of VLANs 10,
20 and 30.
20 and 30.
4. Connect the additional ports you just configured for Core, Edge_1, and
Edge_2 by using the Ethernet cables currently used for the port trunks. Refer
to the network diagram for the general layout.
Note
The single link connecting Edge_1 to Edge_3 and the links of the port
trunk connecting Edge_2 to Edge_3 remain in place.
Rev. 8.41 L4.4 – 7

Task 6. Enable switch meshing on Core, Edge_1 and Edge_2

Since HP Switch Meshing and IP routing cannot be simultaneously enabled on a
switch, you will be enabling HP Switch Meshing only on the Core, Edge_1,
Edge_2 switches. Edge_3 will provide IP routing support.
1. Enable HP Switch Meshing for the additional ports you configured on Core,
Edge_1, and Edge_2.
2. Save your configuration and reboot Core, Edge_1, and Edge_2.
L4.4 – 8 Rev. 8.41

Task 7. Verify proper spanning tree operation and network

connectivity
1. Verify that each switch-to-switch link is a tagged member of VLANs 10, 20,
and 30.
Note
If you show the list of ports in VLAN 1, you will see that the “Mesh”
entry is also tagged in this VLAN.
2. Verify the Windows server and client computers can successfully ping the IP
address of Core, Edge_1 and Edge_2, and the four IP addresses of Edge_3. If
any of the systems are unreachable, resolve the problem before proceeding.
3. Verify the Windows client computer can acquire a DHCP-assigned IP
address in each user VLAN.
4. If you have RSTP running, then display the spanning tree information for the
CST instance on all four switches for the currently connected links.
Otherwise, skip this step.
5. If you have MSTP running, then display the spanning tree information for
MST instance 1 on all four switches. Otherwise, skip this step.
6. Record the state of each port on the network diagram below using “F” to
Rev. 8.41 L4.4 – 9

L4.4 – 10 Rev. 8.41

Task 8. View the spanning tree details for MST instance 2

If you have MSTP running, then perform the steps of this task. Otherwise, skip all
steps of this task.
1. Display the spanning tree information for MST instance 2 on all four
switches.
2. Record the state of each port for MST instance 2 on the network diagram
below using “F” to indicate forwarding or “B” to indicate blocking.
Rev. 8.41 L4.4 – 11

Task 9. Verify switch meshing operation and network connectivity

1. Examine the status of all mesh ports. All mesh ports should show an
“Established” status.
2. From the Windows server or client computer, verify that you can reach the
other Windows computer and each of the switch IP addresses.
3. Use the TfGen application to generate traffic flows through the network. On
your Windows client computer, start the TfGen program and configure the
following options:
• Destination: 10.x.1.1 (Core), 10.x.1.2 (Edge_1) or 10.x.1.3 (Edge_2)
Note
For the IP address, specify an IP address of any device that is on the
other side of a mesh link relative to the Windows client computer.
will be saturated.
To view the port counters dynamically, access the web interface and choose
L4.4 – 12 Rev. 8.41

Task 10. Restore your switch configuration files from lab 4.2 or lab
4.3
In preparation for the next lab exercise, you will need to restore the configuration
file you saved at the end of either lab 4.2 or lab 4.3 to each of your switches.
1. Using either the Deploy Configuration tool of ProCurve Manager or the
TFTP server on the Windows client, restore the respective configuration file
to Core, Edge_1, Edge_2, and Edge_3.
Note
To avoid disconnecting your Telnet connection(s), it is recommended
that you perform this step progressing from the farthest switch to the
nearest switch relative to the Windows computer you are using.
2. Reboot each of the switches.

3. On the Windows server computer, change the default gateway IP address to
the IP address of the Core switch, 10.x.1.1.
Rev. 8.41 L4.4 – 13

L4.4 – 14 Rev. 8.41

Command Reference
needed.
Command Description
Displays common spanning tree information for
a list of ports
show mesh Displays status of mesh ports

no vlan <vlan-id> ip-address
Deletes an IP address from a VLAN
<ip-address>
no ip routing Disables IP routing
no ip default-gateway Deletes a default gateway IP address
mesh <port-list> Defines port list as mesh ports
<filename> server
Rev. 8.41 L4.4 – 15

L4.4 – 16 Rev. 8.41

Configuring WAN Connectivity
Module 5 Lab
Objectives
Perform the initial configuration of a Secure Router 7000dl
Configure passwords for serial console port, Telnet and privilege mode
access
Configure a WAN link that will use T1/E1 facilities and the Point-to-Point
protocol
Configure static routes to enable routing between your network and other
networks
Overview
ProCurve University is in the process of expanding geographically in the local
region by including a campus that has served as a separate community college in
the recent past. This expansion of the university will require deployment of a
Wide Area Network (WAN) link and two ProCurve Secure Router 7000dl series
systems. With the introduction of additional routers in the topology there is also
the need for the exchange of routing information. Initially, this will be
accomplished using static routes.
Deploying the Secure Router 7000dl will involve configuring one of its Ethernet
interfaces for local access and an E1/T1 interface that will support the Point-to-
Point (PPP) protocol for the WAN connection. A T1 connection is used primarily
in North America and Canada, whereas E1 is commonly used in locations. Since,
the ProCurve University main and remote campus locations comprise a routed
environment, either static routes will need to be defined or a dynamic routing
protocol such as Routing Information Protocol (RIP) or Open Shortest Path First
(OSPF) could be used. In this lab exercise, you will implement static routes. In a
later lab exercise you will implement dynamic routing.
Rev. 8.41 L5 – 1
Network diagram
In this lab exercise, you will configure a ProCurve Secure Router 7000dl labeled
Router. Router will connect to the instructor’s Secure Router 7000dl using a T1 (or
E1) crossover cable providing WAN connectivity between your network and the
instructor’s network.
L5 – 2 Rev. 8.41
Task 1. Connect to your Secure Router 7000dl

Since the Secure Router 7000dl is currently set to the factory default settings, you
will need to perform several initial configuration tasks. The initial tasks will
include assigning an IP address to an Ethernet interface so that you can access the
Secure Router 7000dl using Telnet over the management VLAN, 10.x.1.0.
The Secure Router 7000dl, like the other switches you have managed during this
course, supports an out-of-band connection (serial console port) for access to the
CLI. The default console port settings are the following:
Parameter Setting
Baud rate 9600
Data bits 8
Parity none
Stop bits 1
Flow control none
Note
Only one student will perform the configuration tasks on the Secure
Router 7000dl.
1. Using the console cable, connect your Windows computer to the Secure
Router 7000dl and start the Tera Term Pro or other terminal emulation
application you are using.
2. Press enter a few times and you should see a prompt similar to the following:
ProCurveSR7102dl>
Note
The CLI supports the use of command syntax shortcuts and
tab completion. To display a list of commands type “?”. To
see a list of options for a given command type a space and a
“?” after the command.
Rev. 8.41 L5 – 3
Task 2. Configure a console password using MD5

The console password is used to control out-of-band access to the Secure Router
7000dl CLI. By default, the console password is not set. In this task, you will
configure the console password.
To set the console password, you use the CLI “password” command. This
command supports a password encryption option that allows you to specify the
MD5 hash algorithm. Doing so, allows the password information to be encrypted
within the configuration file.
Note
In cryptography, MD5 (Message-Digest algorithm 5) is a widely-used
cryptographic hash function with a 128-bit hash value. MD5 is
commonly used with such facilities as the Challenge Handshake
Authentication Protocol (CHAP) and IPSec VPN tunnels. MD5 is
defined in RFC 1321.
1. Access the privilege mode level.

2. Access the global configuration context level.
3. Access the “console line” context level using the “line” command.
The prompt should look like the following:
ProCurveSR7102dl(config-con0)#
4. Configure the console password using the “password md5” command.

Specify “password” for the password.
5. View the running configuration and verify that your console password has
been set.
a. Are you able to read your configured password? __________
If you are able to read your password, then retrace your steps and verify your
configuration.
6. Exit from the CLI. Then reestablish your out-of-band connection.
a. Are you asked to provide a password? __________
b. What is needed in the configuration to prompt for a password for an out-
of-band management session? _____________________________
_________________________________________________________
7. Change the console configuration to require a password to log on.
8. Exit from the CLI. Then reestablish your out-of-band connection by
providing your configured password.
You should be prompted for your password.
L5 – 4 Rev. 8.41
9. Access the global configuration context level and use the “do write
memory” command to commit the configuration changes to memory.
The “do” command provides a way to execute commands in other
configuration modes without taking the time to exit the current configuration
mode and enter the desired one.
Note
For the 7000dl series, it is necessary to commit password changes to the
startup configuration file stored on the compact flash.
Rev. 8.41 L5 – 5
Task 3. Configure a hostname

1. Configure a hostname using the “hostname” command. Specify “Router”
for the hostname.
The prompt should then look like the following:
Router(config)#
L5 – 6 Rev. 8.41
Task 4. Configure and enable an Ethernet interface

There are two Ethernet ports on your Secure Router 7000dl that are internally
identified as “eth 0/1” and “eth 0/2”. In this task, you will configure an IP address
for eth 0/1, the first Ethernet interface. After an IP address is assigned, you will be
able to use Telnet to access your Secure Router 7000dl and continue on with the
configuration tasks involved in setting up WAN connectivity.
Note
The Ethernet ports on the 7000dl series must be activated before the
configured IP addresses can be used.
1. Access the Ethernet interface context of the port 1 using the “interface”
command.
Router(config-eth 0/1)#
2. Assign the IP address “10.x.1.5” to Ethernet interface 1 using the “ip

address” command.
Note
Like other ProCurve switches, you can use CIDR notation when
assigning an IP address. One difference is that for the Secure Router
7000dl series you must insert a space between the IP address and the “/”
that precedes the number of mask bits.
Example: ip address 10.1.1.5 /24
3. Examine the interface status using the “do show interfaces ethernet
0/1” command.
Notice that the interface is indicated as “administratively down”. The
Ethernet ports on the 7000dl series must be explicitly enabled before they can
be used.
4. Enable Ethernet interface 1 using the “no shutdown” command.
5. Connect an Ethernet cable to the port labeled Eth 0/1 on the Secure Router
7000dl and the other end to an unused port on the Core switch that is an
untagged member of VLAN 1.
A message should be displayed in the console window indicating the
interface’s state has changed to up “INTERFACE_STATUS.eth 0/1
changed state to up”.
Rev. 8.41 L5 – 7
Task 5. Configure a password for Telnet sessions using MD5

Although an IP address has been assigned and the Ethernet interface is enabled and
physically connected, Telnet access can only be established by doing one of the
following:
Assigning a password to one or all of the Telnet sessions, or
Changing the Telnet configuration from “login” to “no login”. This
latter approach is not recommended due to the inherent lack of security.
When you assign a password, it is used for all incoming Telnet connections. Once
connected, you will be prompted for the user executive level password. To enter
the privilege level exec, a password will need to be configured.
1. Access the context for Telnet sessions 0-4 using the “line telnet 0 4”
command.
Note
You will be assigning a password for all the Telnet sessions (0 to 4), but
you can setup an distinct password for each session. By doing so, you
would need to know the association of a session number to its password.

Router(config-telnet0-4)#
2. Assign an MD5 encrypted password for Telnet sessions. Specify

“password” for the password.
3. Save your configuration and leave your console port session open for now.
L5 – 8 Rev. 8.41
Task 6. Start a Telnet session with your Secure Router 7000dl

1. Using a Command Prompt on your Windows server computer, Telnet to the
IP address you assigned to the Eth 0/1 interface on Router.
a. Are you allowed to access the privilege mode? Why? _____________
__________________________________________________________
3. From your out-of-band console session, configure a password that will be
required for accessing privilege mode. At the global configuration context
level, use the “enable password md5” command. Specify “password”
for the password.
Note
At this point, you have configured three passwords. One password to
access the CLI through the console port, a second password to connect
through Telnet, and a third password for accessing the privilege mode
level. Privilege mode access is initiated using the enable command.
4. Save your configuration changes and close your out-of-band console session.
5. Now, you should be able to return to a Telnet session, login, and use the
enable command to access the privilege mode level.
Rev. 8.41 L5 – 9
Task 7. Configure a T1 interface

1. Access the T1 context level using the “interface t1 1/1” command.
Router(config-t1 1/1)#
2. Assign the Time Division Multiplexing (TDM) group and timeslots using the
“tdm-group 1 timeslots 1-24” command.
Note
Time Division Multiplexing is assigned by a service provider. TDM
group assigns DS0 channels. A TDM group consists of some number of
DS0 channels from 1 to 24, with anything less than 24 implying
fractional T1 service. 24 channels multiplied by 64 Kbps is equal to 1.5
Mbps for full T1 service.
3. Connect a T1 crossover cable from your T1 interface to the instructor’s

Secure Router 7000dl. Ask the instructor which port on the instructor’s
Secure Router 7000dl you should use to connect the T1 crossover cable.
Typically, the port number you should use will correspond to your group
number—port 1 for group 1, port 2 for group 2, and so forth.
4. Examine the status of the T1 interface using the “do show interface t1
1/1” command.
You should see a listing similar to the following:
t1 1/1 is administratively down

Receiver has no alarms
T1 coding is B8ZS, framing is ESF
Clock source is line, FDL type is ANSI
Line build-out is 0dB
No remote loopbacks, No network loopbacks
Acceptance of remote loopback requests enabled
Tx Alarm Enable: rai
Last clearing of counters 02:58:30
loss of frame : 0
loss of signal : 0
AIS alarm : 0
Remote alarm : 0
DS0 Status: 123456789012345678901234

DDDDDDDDDDDDDDDDDDDDDDDD
Status Legend: '-' = DS0 is unallocated
'N' = DS0 is dedicated (nailed)
'D' = DS0 is allocated to DSX port
Line Status: -- No Alarms --
5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec
Current Performance Statistics:
L5 – 10 Rev. 8.41
0 Errored Seconds, 0 Bursty Errored Seconds

0 Severely Errored Seconds, 0 Severely Errored Frame Seconds
0 Unavailable Seconds, 0 Path Code Violations
0 Line Code Violations, 0 Controlled Slip Seconds
0 Line Errored Seconds, 0 Degraded Minutes
TDM group 1, line protocol is not set

Encapsulation is not set
5. Enable the T1 interface.

Several messages similar to the following should be displayed in the console
window indicating the interface’s state has changed to “up”.
T1.t1 1/1 Yellow

INTERFACE_STATUS.t1 1/1 changed state to administratively up
T1.t1 1/1 No Alarms
INTERFACE_STATUS.t1 1/1 changed state to up
6. Check the status of the T1 interface again to examine the “up” status
information in more detail.
Rev. 8.41 L5 – 11
Task 8. Configure PPP for the T1 interface

Next you will configure the Point-to-Point protocol (PPP) for the T1 interface.
The T1 interface configuration you did in the prior step corresponds to Layer 1
operation. Configuring PPP defines the Layer 2 protocol that will be used to
transport frames over the T1 link.
1. Access the PPP interface context level.
Any number from 1 to 1024 can be used.
Router(config-ppp 1)#
Note
2. View the running configuration and note the PPP interface configuration.
a. By default, what is the state of a newly created PPP interface?
_________________________________________________________
3. Assign the IP address and mask from the network diagram to the PPP
interface. Note that the mask is 29 bits, 255.255.255.248.
4. Bind the T1 interface to PPP using the “bind” command.
2005.08.08 00:32:13 PPP.NEGOTIATION t1 1/1: LCP up

2005.08.08 00:32:13 PPP.NEGOTIATION t1 1/1: LCP down
2005.08.08 00:32:21 PPP.NEGOTIATION ppp 1: LLDPCP up
2005.08.08 00:32:21 PPP.NEGOTIATION ppp 1: IPCP up
2005.08.08 00:32:22 INTERFACE_STATUS.ppp 1 changed state to up
The bind command creates a bind group which, as it sounds, binds the T1
physical interface with the virtual PPP interface and then considers the two as
one unique group.
Command syntax: bind <bind number (1-1024)> <physical interface type (t1
or e1)> <slot number>/<port number> <tdm* group number> <virtual
interface type (ppp or frame relay) > <virtual interface number (1-1024)>
5. Examine the PPP interface status using the “show interfaces” command.
L5 – 12 Rev. 8.41
Task 9. Verify connectivity

1. Determine the peer IP address of the instructor’s Secure Router 7000dl by
examining the output from the “show interfaces ppp” command. Look
for the line entry “Peer address=<ip-address>”.
2. From Router, ping the PPP peer IP address to verify connectivity.
Rev. 8.41 L5 – 13
Task 10. Configure static routes

Static routes will be configured to allow for connectivity outside of the local
network. You will begin by defining static routes that will allow for connections to
the instructor’s network. Then, you will add routes identifying routes to other
devices of other student groups.
1. From Router, try to ping a device located in the instructor’s inside network,
10.100.1.0/24.
Unless otherwise specified by the instructor, try 10.100.1.254 (instructor’s
Secure Router 7000dl) and 10.100.1.1 (instructor’s 5400zl switch).
a. Were you successful? __________
2. View the routing table entries on Core, which is functioning as a router, and
Router, which has routing enabled by default, using the “show ip route”
command.
Notice that neither system has an entry for the 10.100.1.0 network.
Note
Use the show ip route command throughout the remaining steps to
verify routing table entries and to help you in troubleshooting. There are
additional options that you can specify with the show ip route
command that you may find useful such as ‘static’, ‘connected’,
‘rip’, ‘summary’ (7000dl) and ‘table’ (7000dl).
3. Add the following static route to Router.
Destination Mask Gateway
10.100.1.0 255.255.255.0 192.168.x.2
The command will specify the instructor’s inside network as the destination
and the instructor’s PPP interface as the next hop.
Note
Remember, you must insert a space between the IP address and the “/”
that precedes the number of mask bits when using CIDR notation.
4. Try again to ping a device in the instructor’s inside network from Router.
a. Were you successful this time? _________
b. What do you think may be configured on the instructor’s router that tells
it where to respond to your ping request? ________________________
__________________________________________________________
L5 – 14 Rev. 8.41
5. Now, try to ping a device in the instructor’s network from a command

prompt on both your Windows server and client computers. The Windows
client computer should have an IP address assigned via DHCP.
a. Were you successful from the Windows computers? Why? ________
________________________________________________________
________________________________________________________
________________________________________________________
6. On your Core switch, add the following route:
10.100.1.0 255.255.255.0 10.x.1.5
Using this route, you are telling the Core switch that the path to the
10.100.1.0/24 network is reached through the Ethernet interface of Router,
10.x.1.5.
7. Try again to ping a device in the instructor’s inside network from your
Windows server and client computers.
The ping from the Windows server computer should be successful.
a. Why was the ping from the Windows client computer unsuccessful?
_______________________________________________________
_______________________________________________________
_______________________________________________________
_______________________________________________________
b. Where do you need to add a route so that you can ping a device in the
instructor’s inside network from one of your user VLANs?
Hint: Examine the routing tables of Core and Router.
_______________________________________________________
_______________________________________________________
8. On Router, add one of the following routes based on the VLAN in which the
Windows client computer is located. Then, verify you can successfully ping
a device in the instructor’s inside network from your Windows client
computer?
10.x.10.0 255.255.255.0 10.x.1.1
10.x.20.0 255.255.255.0 10.x.1.1
10.x.30.0 255.255.255.0 10.x.1.1
Rev. 8.41 L5 – 15
Task 11. Use summary and default routes to reach other networks
To reach each of the networks of other student groups (10.x.1.0, 10.x.10.0, and so
forth), you could add a route for each network that includes the student group
number in the second octet of the route’s destination network. Alternatively, you
could use a shortcut approach that involves defining a summarized route.
1. On Router, add the following summary route.
10.0.0.0 255.0.0.0 192.168.x.2
a. Are there any potential negative aspects to using the summary route as
opposed to adding individual routes? ___________________________
__________________________________________________________
2. From Router, test connectivity by pinging devices in another student group’s
network.
In general, when the router receives a packet that it does not know how to forward,
it drops it. You can configure a default route, which allows the router to forward
all such packets toward a destination most likely to be able to route them.
To configure a default route, you define a route that has a destination IP address of
all zeros and a subnet mask of all zeros. The subnet of all zeros tells the router that
a packet’s IP address does not have to match any of the destination address bits of
the default route to be valid. Because the router attempts to match a packet’s
destination IP address to the most specific route, it will only use the default route
as the last choice.
Note
The addition of the default route on your router will be performed during the
“Configuring Dynamic Routing” lab. At that time, once all teams have
performed that task, you will be able to ping from your router to another
student group’s network.
3. On your Core switch, add a default route that specifies the IP address of
Router’s Ethernet interface as the gateway.
0.0.0.0 0.0.0.0 10.x.1.5
a. What does the command above do? ____________________________

__________________________________________________________
L5 – 16 Rev. 8.41
4. From your Windows server and client computers, test connectivity to the
other student group networks by pinging the IP address of the other student
group’s Core switch.
Write the group number below when you receive a successful ping response,
implying that student group has completed the equivalent configuration tasks
on their side of the network.
10._____.1.1
10._____.1.1
10._____.1.1
10._____.1.1
10._____.1.1
10._____.1.1
5. From your Windows server and client computers, try using the “tracert”
command to follow the path from your source network to any of the other
student group networks.
Rev. 8.41 L5 – 17

1. Save the configuration changes you have made to your switches and router.
2. Use the PCM configuration scan tool to back up the configuration file of your
Core switch to the PCM Management Server.
Note
To use PCM to back up your Secure Router’s configuration file, you
must first configure SNMP on the Secure Router 7000dl and then
discover the device using PCM. See the optional task at the end of this
lab for the steps on how to do that.
3. Enter a comment from the table below.
Comment/
Switch
Filename
Core lab5_core
Router lab5_router
4. Back up the configuration file of the Router from the CLI by transferring the
Note
The syntax of the “copy” command on the Secure Router 7000dl series
is different from that of the other ProCurve switches you have been
using during this course. Here is an example of the syntax for the
Secure Router 7000dl series:
Router(config)# copy startup-config tftp

Address of remote host? 10.1.30.50
Destination filename? lab5_router
Initiating TFTP transfer...
Sent 1438 bytes.
Transfer complete.
Router#
L5 – 18 Rev. 8.41
Optional Tasks
Optional Task 13. Using the Web interface of the Secure Router
7000dl
In this task you configure the Secure Router 7000dl to allow access to the built-in
web interface and then use a browser to access the web interface.
1. From global configuration context level, enable the HTTP server using the
“ip” command.
2. Configure a username and password for the HTTP authentication realm using
the “username” command. Specify “procurve” for the username and
3. Save the configuration changes.
4. On your Windows computer, open a web browser and specify the IP address
of Router for the URL.
5. In the authentication realm dialog box, specify the username and password
you configured in the prior step.
6. After you acknowledge the registration window prompt, the ProCurve Secure
Router 7000dl main window appears.
Rev. 8.41 L5 – 19
7. Examine some of the options listed in the left pane of the main window. For
example, if you click “IP interfaces”, you should see the IP addresses you
defined for the Ethernet 0/1 and the PPP 1 interfaces.
L5 – 20 Rev. 8.41
8. If you click “Route Table”, you should see the directly connected routes and
the static routes you added.
9. Close your browser window when you are done examining the web interface.
Rev. 8.41 L5 – 21
Optional Task 14. Using PCM to manage the Secure Router 7000dl
In this task you configure the Secure Router 7000dl to allow SNMP access so it
can be discovered by ProCurve Manager.
1. From global configuration context level, enable the SNMP agent using the
“ip” command.
2. Configure the SNMP community name as “public” for read-write access
using the “snmp-server” command.
3. Start ProCurve Manager and click Tools > Manual Discovery Wizard.
4. In the “Welcome to the Device Discovery Wizard” window, click Next.
5. In the “SNMP Version Selection” window accept the default of “SNMP
V2” and click Next.
6. In the “Enter Device Information” window, specify “10.x.1.5” for the

Device IP address and “public” for the SNMP Read and Write Community
Names. Then click Next. ProCurve Manager will attempt to connect to the
device.
7. In the “Connection Status” window, click Next. The discovery process
starts.
8. In the “Discovery Status” window, click Next. Then click Finish.
9. In the “Devices List” window, Router should now be listed. At this point,
you can examine other PCM aspects as they pertain to the Secure Router
7000dl such as its placement on the Network Map, accessing the device CLI,
and so forth.
L5 – 22 Rev. 8.41
Rev. 8.41 L5 – 23
Command Reference
needed.
Command * Description
show running-config Displays the running configuration
show interfaces ethernet <slot>/<port> Displays status of an Ethernet interface
show interfaces t1 <slot>/<port> Displays status of a T1 interface
show interfaces ppp <interface-id> Displays status of a virtual PPP interface
enable Accesses privilege mode level
logout Logs off current user from router
configure terminal Accesses global configuration mode
line console 0 Accesses console line context level
interface ethernet <slot>/<port> Accesses an Ethernet interface context level
interface t1 <slot>/<port> Accesses an T1 interface context level
interface ppp <interface-id> Accesses a virtual PPP interface context level
Runs the named command of another context

do <command>
within the current context level
Defines a console password that will be stored

password md5 <password>
encrypted
login Enables password for console login
hostname <name> Defines a hostname for the router
no shutdown Within an interface context, enables an interface
tdm-group <group-number> timeslots 1-24 Defines a TDM group consisting of 24 channels
bind <group-number> t1 <slot>/<port> ppp Creates a bind group consisting of a T1 interface

<interface-id> and a virtual PPP interface
Within an interface context, assigns an IP address

ip address <ip-address> /<mask-bits>
to an interface
ip route <network-address> /<mask-bits>

Defines a static route
<gateway-ip-address>
ip route <network-address>/<mask-bits>
Defines a static route on a switch
ip http server Enables the HTTP server
ip snmp agent Enables the SNMP agent
Defines the SNMP community name and read/write

snmp-server community <name> rw
access rights
username <name> password <password> Defines a username ands password account
L5 – 24 Rev. 8.41
copy startup-config tftp Copies startup configuration file to a TFTP server
copy running-config tftp <ip-address> Copies the running configuration file of a switch to
* All commands are applicable to the secure router and switches unless otherwise noted.
Rev. 8.41 L5 – 25
Configuring Dynamic Routing
Module 6 Lab
Objectives
Configure routing switches to use RIP
Examine routing tables to determine the active path used to reach destinations
Implement alternate paths to a destination and examine how RIP selects the
preferred route
Modify RIP operation by adjusting the route metric
Overview
The next step for ProCurve University is to migrate from the initial use of static
routes for connectivity to the remote campus to the use of a RIP for their interior
network. RIP is not new technology and has been in fairly widespread use since
the early 1990’s. RIP allows for dynamic changes in network connectivity to occur
and for the network to recover and use alternate paths if they are available.
In this lab exercise, you will be deploying RIP so that your network can
dynamically adjust to topology changes such as a link-down condition where the
primary path to a destination is no longer available. RIP will automatically switch
to another available link, allowing the source and destination to reestablish
network connectivity.
As part of your task, you will be implementing an additional LAN link to the
instructor’s network. This additional link will serve as an alternative path to the
existing one that uses the WAN link to the instructor’s network and which was
implemented in the prior lab exercise.
Rev. 8.41 L6 – 1
Network diagram
In this lab exercise, you will be implementing RIP and examining the affects on
route selection when multiple paths exist to the same destination and how RIP
adjusts the route selection when a link in the primary path fails. RIP will be
enabled on the Core and Router routing switches. On Router, you will enable RIP
on the 10.x.1.0/24 network. On Core, you will enable RIP on VLANs 1 and 1x.
L6 – 2 Rev. 8.41
Task 1. Modify the static routes on Router

In the prior lab exercise, you added one or more static routes to your Secure
Router 7000dl. In this task, you remove the static routes and add a default route.
This is being done as part of the reconfiguration of your network topology in
preparation for the implementation of RIP.
1. On Router, examine the static routes that are currently configured by listing
the routing table. Use the option with the “show ip route” command that
allows you to display only static routes.
2. Remove the static routes to the 10.0.0.0 network and the 10.100.1.0 subnet
using the “no ip route” command.
3. You may have also added one or more static routes in the prior lab that were
used to reach your Windows client computer in user networks on VLAN’s
10, 20 or 30. If you did, remove those static routes as well.
4. Add a default route that uses the WAN link to the instructor’s network.
5. At this point, the routing table on Router should look similar to the following
where “x” will be replaced by your group number.
DESTINATION MASK GATEWAY INTERFACE SOURCE

0.0.0.0 0.0.0.0 192.168.x.2 ppp 1 Static
10.x.1.0 255.255.255.0 0.0.0.0 eth 0/1 Connected
192.168.x.0 255.255.255.248 0.0.0.0 ppp 1 Connected
192.168.x.2 255.255.255.255 0.0.0.0 ppp 1 Connected
Note
Be sure your routing table includes the default route highlighted in bold above.
If the default route is not added, you will not be able to ping across your router
to another student group’s network. As long as that student group has also
added the default route on their router.
Rev. 8.41 L6 – 3
Task 2. Enable RIP on Router

In this task, you configure RIP version 2 on your Secure Router 7000dl.
1. Access the RIP configuration context using the “router” command.
2. Configure RIP version 2. The version must be set to either 1 or 2. Since
version 2 has improvements over version 1 and is also the default for the
5400zl, which you will configure next, you will use version 2 in this lab.
3. Configure RIP to redistribute static routes using the “redistribute”
command.
The “redistribute” command allows RIP to send designated routing
information to neighboring devices. Connected, static, and OSPF routes can
be redistributed into the RIP routing domain. Since redistribution of
connected routes is the default setting, you will need to change that setting to
include redistribution of static routes.
4. Specify 10.x.1.0/24 as a network that RIP will be enabled on using the
“network” command.
Note
You must specify the mask using dotted-decimal quad notation, not a
prefix length format, because RIP does not support CIDR.
5. Examine your running configuration. You should see a section specifying

the RIP configuration that looks similar to the following where “x” will be
replaced by your group number.
!
router rip
version 2
redistribute static
network 10.x.1.0 255.255.255.0
!
L6 – 4 Rev. 8.41
Task 3. Remove the static routes on Core

Removing the static routes on Core will allow RIP to “learn” the best route. Static
routes, if allowed to remain on Core, would take precedence over routes
dynamically learned through RIP, once RIP is enabled.
Note
Unplugging a cable connected to a port used by a static route will only
temporarily disable that route. The route will be removed from the
routing table, however, when the port is reconnected, the route will be
inserted back into the routing table.
1. On Core, examine the static routes that are currently configured by listing the
routing table.
2. Remove the static routes to the 10.100.1.0 subnet and the default route using
the “no ip route” command.
3. At this point the routing table on Core should look similar to the following
IP Route Entries

---------------- --------------- ---- --------- --------- --------- -----
10.x.10.0/24 VLAN10 10 connected 0 0
10.x.20.0/24 VLAN20 20 connected 0 0
10.x.30.0/24 VLAN30 30 connected 0 0
127.0.0.0/8 reject static 0 250
127.0.0.1/32 lo0 connected 0 0
Rev. 8.41 L6 – 5
Task 4. Enable RIP on Core

Although you previously enabled IP routing on Core during lab exercise 2, no
dynamic routing update protocol such as RIP or OSPF was enabled. In this task
you will enable RIP version 2, making RIP available to the VLAN interfaces.
When you enable RIP, version 2 is used by default. If you require version 1, you
must use a command to explicitly enable version 1 use only. Alternatively, there is
a compatibility mode which allows for both versions 1 and version 2 within the
same VLAN. The associated commands can be found in the Advanced Traffic
Management guide.
2. Enable RIP on VLAN 1.
To actually use RIP, you must enable it at the VLAN level for each VLAN
that will need to send and/or receive RIP updates.
Note
You can enable RIP on VLAN 1 from within the RIP configuration
context (Core(rip)#) using a single command. Alternatively, you can
first access the VLAN configuration context (Core(vlan-1)#) and
then enable RIP.
Additional options, such as version, redistribute, metric, and split

horizon/poison reverse (loop prevention) can be configured for each
RIP-enabled VLAN as well. These options can be found in the Advanced
Traffic Management Guide
Q 1. What command would you use to change the RIP version used on Core?
__________________________________________________
the RIP configuration that looks similar to the following.
router rip
exit
vlan 1
ip rip 10.x.1.1
exit
L6 – 6 Rev. 8.41
Task 5. Observe updates to the routing tables

At this time, you should check to see that RIP is working properly.
1. On Core and Router, display the routing tables.
The routing table on Core should look similar to the following where “x” will
be replaced by your group number.
IP Route Entries

---------------- --------------- ---- --------- --------- --------- -----
0.0.0.0/0 10.1.1.5 1 rip 2 120
10.x.10.0/24 VLAN10 10 connected 0 0
10.x.20.0/24 VLAN20 20 connected 0 0
10.x.30.0/24 VLAN30 30 connected 0 0
127.0.0.0/8 reject static 0 250
127.0.0.1/32 lo0 connected 0 0
The routing table on Router should look similar to the following where “x”
will be replaced by your group number.

0.0.0.0 0.0.0.0 192.168.x.2 ppp 1 Static
10.x.1.0 255.255.255.0 0.0.0.0 eth 0/1 Connected
10.x.10.0 255.255.255.0 10.x.1.1 eth 0/1 RIP
10.x.20.0 255.255.255.0 10.x.1.1 eth 0/1 RIP
10.x.30.0 255.255.255.0 10.x.1.1 eth 0/1 RIP
192.168.x.0 255.255.255.248 0.0.0.0 ppp 1 Connected
192.168.x.2 255.255.255.255 0.0.0.0 ppp 1 Connected
Router (Secure Router 7000dl) should be redistributing the default route to

Core (5400zl). The type of route becomes labeled as a RIP route on Core as
opposed to a static route on Router. Notice the “gateway IP address”.
Router should be showing the VLAN networks distributed by Core. The
routing table should show the VLAN subnets and the corresponding gateway
IP address. Likewise, notice the gateway IP address.
2. Try using the “connected”, “static”, and “rip” options with the show ip route
command to filter the display of the routing table information.
Rev. 8.41 L6 – 7
3. From your Windows client computer, test connectivity using ping. Check to
see that devices in the instructor’s network as well as other student networks
are reachable.
For example, you should be able to ping the instructor’s WAN link IP
address (192.168.x.2) corresponding to your group number and those of the
other student groups. You should also be able to ping the VLAN 1, 10, 20,
and 30 IP addresses of the Core, Edge_1, Edge_2, Edge_3, and Router
systems in the networks of other students.
L6 – 8 Rev. 8.41
Task 6. Change the routing metric on Router

Changing metrics associated with routes can be used to control which routes are
used to reach destinations. You will use this capability in this lab exercise to see
the affect on the route selection process. It is not necessarily recommended that
you do so in a production network, since you may cause a route to become
“unusable”, i.e., the destinations to be considered unreachable through that route.
Note
By default, the Secure Router increases the cost of a RIP route that is
learned on an interface. The Secure Router increases the cost by adding
one to the route's metric before storing the route. You can change the
amount that an individual VLAN interface adds to the metric of RIP
routes learned on the interface.
RIP considers a route with a metric of 16 to be unreachable. Use this
metric only if you do not want the route to be used. In fact, you can
prevent the switch from using a specific interface for routes learned
though that interface by setting its metric to 16.
1. On Router, change the RIP default metric value to a value of “2”.

2. On Core, display the routing table. You should see that the metric for the
default route entry has increased by a value of 2. You may have to wait
several seconds for the updated entry to be sent by Router.
Rev. 8.41 L6 – 9
Task 7. Create a new VLAN on Core

This new VLAN will be used to demonstrate the affect of RIP on two networks
and show the functionality of how RIP dynamically updates the routing table and
chooses its default route.
1. On Core, create VLAN 1x with an IP address of 10.x.1x.1/24.
Note
Substitute your group number for “x” in the VLAN identifier and the IP
address.
Remember, you can create the VLAN and assign the IP address from
within the RIP configuration context using a single command.
Alternatively, you can first access the VLAN configuration context and
then assign the IP address.
2. Add an unused port as a tagged member of this VLAN.
L6 – 10 Rev. 8.41
Task 8. Enable RIP on the new VLAN

On Core, RIP will be enabled for this new VLAN. You will be connecting a link
from your Core switch to the instructor’s 5400zl (or equivalent) switch.
1. Enable RIP on VLAN 1x.
Note
An additional VLAN is being added and RIP enabled on this VLAN to
expedite the time that RIP takes to send a triggered update when a
routing topology change occurs. The default route entry on Core,
learned via RIP, will be more quickly updated when the LAN link
associated with the new VLAN fails. In contrast, if you had assigned the
new LAN link to VLAN 1, then you would simply have to wait thirty
seconds or more for the switch to learn the new default path.
2. Connect an Ethernet cable from the port you assigned to VLAN 1x on Core
to the instructor’s switch. Ask the instructor which port on the instructor’s
switch you are to use to connect your Core switch.
Rev. 8.41 L6 – 11
Task 9. Observe updates to the routing tables with the new VLAN
1. Display the RIP routes in the routing table using the “show ip route
rip” command on Core. Indicate below, the differences in the routing table
compared to how the routing table appeared prior to connecting the second
link to the instructor’s network.
Include the default route, routes to destinations in the instructor’s network,
and routes to destinations in the networks of other students. Summarize the
routes to the other students’ networks by substituting the “x” for the second
octet.
Destination/Mask Gateway VLAN Metric
Note
The number of routes in the instructor’s network may vary depending
on how the instructor has configured the switches.
rip” command on Router and indicate the differences below.
Destination/Mask Gateway Metric
L6 – 12 Rev. 8.41
Task 10. Verify dynamic updates

In this last step, the goal is to examine dynamic routing changes to the network.
1. Disconnect the Ethernet cable you connected in the task above
2. Display the routing table on Core and Router. With RIP it may take a few
seconds for changes due to the disconnected link to be reflected in the routing
table.
3. Reconnect the Ethernet cable and examine the routing table.
4. Again, disconnect the Ethernet cable and examine the routing table.
5. Make note of the results below:
Q 1. When the link is disconnected, what happens?
__________________________________________________________
__________________________________________________________
__________________________________________________________
Q 2. Then, when you reconnect, what happens?
__________________________________________________________
__________________________________________________________
__________________________________________________________
Rev. 8.41 L6 – 13

2. Use the PCM configuration scan tool to back up the configuration file of
Core and Router to the PCM Management Server.
Comment/
Switch
Filename
Core lab6_core
Router lab6_router
table above.
L6 – 14 Rev. 8.41
Command Reference
needed.
show ip route ? Displays options for ip route command
show ip route Displays all routes
show ip route rip Displays RIP-learned routes
show ip route static Displays static routes
show ip route connected Displays directly connected routes
Displays all routes in a formatted tabular layout on

show ip route table
a secure router

do <command>

no ip route <network-address> /<mask-bits>
Deletes a static route
no ip route <network-address> <mask-bits>
Deletes a static route on a switch
router rip Accesses the RIP context level
version 2 Sets the RIP version to 2
redistribute static Enables redistribution of static routes
Enables RIP on the interface with the specified

network <network-address> <decimal-mask>
network address
vlan <vlan-id> ip rip Enables RIP on the specified VLAN of a switch
vlan <vlan-id> ip address Assigns an IP address to the specified VLAN of a

<ip-address>/<mask-bits> switch
Sets the value of the default metric added to

default-metric <value>
learned routes
Rev. 8.41 L6 – 15
L6 – 16 Rev. 8.41
Configuring Traffic Prioritization
Module 7 Lab
Objectives
Enable simple, non-redundant connectivity and generate delay-sensitive
traffic by playing a video over the network
Simulate network congestion by manually configuring the link speed and
mode to 10 Mbps between your core and edge switches and observe any
impact this action may have on the delay-sensitive traffic
Use a traffic generator to add load to the network and observe any impact this
action might have on the delay-sensitive traffic.
Define policies at the edge of the network that will assign high priority to the
delay-sensitive traffic and observe any impact
Overview
ProCurve University would like to investigate how traffic prioritization can be
implemented on ProCurve switches for its delay-sensitive video conferencing
traffic. In this lab exercise, you will investigate how to configure Quality of
Service prioritization on your switches to ensure video traffic is given high
priority.
Rev. 8.41 L7 – 1
Network diagram
In this lab exercise, you will be implementing prioritization for delay-sensitive

traffic. Playing of a video clip will be used to simulate delay-sensitive traffic. To
accomplish this task you will need to configure your switches that are traversed
when you play the video clip. You will play the video clip by mapping a network
drive to another student team’s Windows client computer from your Windows
client computer.
As part of the network reconfiguration that will be necessary for this lab exercise,
you will be disconnecting the trunk between Core and Edge_1 and replacing it
with a slower speed single link.
You will be using the CLI to perform all of the configuration tasks and the PCM+
client to back up your switch configuration files to the PCM+ Management Server.
L7 – 2 Rev. 8.41
Student group partners

In the steps that follow, you will need to work with a student group that is
designated as your partner group. Refer to the following diagram for your assigned
partner group.
Note
It is recommended that only one student group has the role of the video
playback source while the other student group only has the role of the
video playback destination. Once the lab steps that follow are
completed, the roles can be reversed.
Rev. 8.41 L7 – 3
Task 1. Modify the network connectivity

For this exercise, it is necessary to adjust your lab network connectivity so that we
can show the performance results when working with Quality of Service
parameters. The intention is to use a relatively slow speed link between Core and
Edge_1. This is done so that the performance improvement achieved using QoS
priority is more readily observable given the constraints of using two Windows
computers as the simulated sources of typical data and video traffic.
1. Disconnect the two links connecting Core and Edge_1 that are used for the
Trunk group.
2. Disconnect the single link connecting Edge_1 and Edge_2 that is used as a
redundant link.
redundant link.
Note
After disconnection your links, please keep in mind that the XP client will be
isolated from Core and Edge_1. Therefore, in order to configure either of those
switches it will be necessary to use the serial cable.
L7 – 4 Rev. 8.41
Task 2. Configure a port for 10 Mbps FDX operation and VLAN 40

1. On Core and Edge_1, configure an unused port to operate at 10 Mbps and
full-duplex mode.
Note
You will need to constrain the inter switch link in your lab environment
so that you can introduce a sufficient traffic load and create a queuing
build-up. Then you will be able to actually demonstrate how QoS can
improve the video application performance.
2. On Core and Edge_1, add a new VLAN based on the information in the table
below.
IP Helper
Switch VLAN ID Name IP Address
Address
Core 40 Voice 10.x.40.1/24 10.x.1.10
Edge_1 40 Voice <none> <none>
3. On Core and Edge_1, add the 10 Mbps FDX ports you configured above as
tagged members of VLAN 40.
4. Connect Core and Edge_1 through the 10 Mbps FDX ports you configured
above. Use one of the Ethernet cables that are currently disconnected.
Rev. 8.41 L7 – 5
Task 3. Configure VLAN 40 support for the Windows client

1. On Edge_1, configure an unused port as an untagged member of VLAN 40.
2. If necessary, on the Windows server computer, configure a DHCP scope for
VLAN 40 using the table below.
Scope
Name
10.x.40.50 to /24 or
VLAN 40 10.x.40.1
10.x.40.150 255.255.255.0
3. Connect the Windows client computer to the VLAN 40 port on Edge_1 you
configured above. Verify the Windows client computer is assigned an IP
address in network 10.x.40.0/24.
L7 – 6 Rev. 8.41
Task 4. Access the video file on your partner group’s Windows

computer
1. Test connectivity to your partner group’s Windows client computer using
ping. Ask your partner group for the IP address of their Windows client
computer in VLAN 40.
2. On your Windows client computer, map a network drive to your partner
group’s Windows client computer in VLAN 40. Ask your instructor for the
folder location to be used for the network drive.
3. Unless otherwise specified by the instructor, on your desktop, locate the icon
named “VLC media player” or similar.
Note
VLC is a free cross-platform media player available from
www.videolan.org. It also can be used as a server for unicast or
multicast streams in a high-bandwidth IPv4 or IPv6 network.
Rev. 8.41 L7 – 7
4. Double click this icon to run the media player application. The following
window appears.
5. In the menubar, click File > Open File….
6. Click the Browse button. Select the mapped network drive and the media
file.
L7 – 8 Rev. 8.41
7. Unless otherwise configured, the media stream will only play once. In the
menubar, click View > Playlist.
8. Click the Repeat One button to enable constant replay of video.
Rev. 8.41 L7 – 9
Task 5. Use TfGen to generate additional traffic

Work with you partner group and use the TfGen program on one side initially. Due
to the small number of computers that you have, you use the TfGen program to
introduce additional traffic to hinder network performance.
1. On the Windows server computer of the student group that is viewing the
video clip, start the TfGen program and configure the following options:
• Destination: 10.x.1.10
This is the IP address of your partner group’s Windows server
computer. Your partner group is the video playback source.
Note
Start TfGen on only one side initially.
3. Watch the video for a response. You should see the video playback
performance degrade.
L7 – 10 Rev. 8.41
Task 6. Configure QoS for the video traffic in VLAN 40

1. On Edge_1 of the student group that is viewing the video clip, configure QoS
parameters for the VLAN 40 video traffic using following table.
VLAN QoS Priority
40 7
You should see the video playback performance improve.

2. Now, from the student group that is originating the video playback, use
TfGen to send traffic to the student group that is viewing the video.
On the Windows server computer, start the TfGen program and configure the
following options:
computer. Your partner group is the video playback destination.
3. In the TfGen window, click Start to start the traffic flow. The other student
group should see the video playback performance degrade.
4. On Edge_1 of the student group that is sending the video clip, configure QoS
VLAN QoS Priority
40 7
The other student group should see the video playback performance improve.
5. Working with your partner group, take turns disabling and then re-enabling
QoS on the VLAN designated for prioritized traffic and view the results.
Rev. 8.41 L7 – 11
Task 7. Reconfigure your network

In this task, you reconfigure your network to the state it was at the beginning of the
lab.
1. Stop TfGen and close the program.
2. Reconnect the two links between Core and Edge_1 that are used for the
Trunk group.
3. Reconnect the single link between Edge_1 and Edge_2 that is used as a
redundant link.
redundant link.
L7 – 12 Rev. 8.41

2. Use the PCM configuration scan tool to back up the configuration file of the
Core and Edge_1 switches to the PCM Management Server.
Comment/
Switch
Filename
Core lab7_core
Edge_1 lab7_edge_1
table above.
Rev. 8.41 L7 – 13
L7 – 14 Rev. 8.41
Command Reference
needed.
Command Description
Sets the speed and duplex mode of the
interface <port-id> speed-duplex 10-full
specified port
vlan <vlan-id> name <name> Defines a name for a VLAN

Defines an IP address for a VLAN
<ip-address>
vlan <vlan-id> tagged <port-id> Defines a port as tagged member of a VLAN
vlan <vlan-id> untagged <port-id> Defines a port as untagged member of a VLAN
vlan <vlan-id> qos priority <value> Sets the QoS priority value for traffic of a VLAN
no vlan <vlan-id> qos Disables QoS for traffic of a VLAN
<filename> server
Rev. 8.41 L7 – 15
L7 – 16 Rev. 8.41
Configuring the Access Point 530
Module 8 Lab 1
Objectives
Access the ProCurve Access Point (AP) 530’s command line interface (CLI)
locally and remotely
Configure the IP address for the AP 530’s Ethernet interface
Secure access to management interfaces
Use the web interface to Configure your AP 530
Save an AP 530 configuration file to a Trivial File Transfer Protocol (TFTP)
server
Overview
ProCurve University is in the process of deploying wireless connectivity
throughout the main and remote campuses. You have been assigned the task of
developing familiarity with the installation and configuration of the ProCurve
Access Point 530.
In order to provide greater access to network resources for administrators, faculty,
and students, ProCurve University has decided to install a campus-wide wireless
network. To test the viability of providing wireless connectivity, they have decided
to set up a prototype wireless network in the student union. Since this network is
intended only for proof-of-concept purposes, the network will be left open to the
public and controlled with ACLs on VLAN 20. To implement this wireless
network you will need to do the following:
Connect the hardware components based on the network topology.
Verify your networks IP addressing and routing configuration and add the
access point to the appropriate VLAN
Set the country code, disable DHCP, assign an IP address, set the SSID,
adjust radio settings, and disable SNTP on the ProCurve Access Point 530
Configure the wireless client
Test wireless network connectivity.
Rev. 8.41 L 8.1 – 1

Network diagram
In this lab exercise, you will be installing and configuring a ProCurve Access
Point 530. Your Windows client computer will require a wireless 801.11b/g
interface. For the initial setup of the Access Point 530, you connect your Windows
computer to the Access Point 530 using a ProCurve switch console cable.
You will be using the Access Point 530’s CLI and web interface to perform the
configuration tasks.
L 8.1 – 2 Rev. 8.41

Configuring Access Point 530
Task 1. Configure a port for VLAN 20 on Edge_2

In this task, you add an untagged port to VLAN 20 on Edge_2 and connect the
Access Point 530 to it.
You may have already configured a port for this purpose in a prior lab
exercise. If so, use that port.
2. With your Access Point 530 powered off, connect the access point to the
VLAN 20 port you configured above. Use the Ethernet cable currently
connecting your Windows client computer to one your switches.
Rev. 8.41 L 8.1 – 3

Task 2. Navigating the CLI of the Access Point 530

Similar to the ProCurve switches you have managed in this lab environment, the
Access Point 530 can be configured using the CLI and a web interface. Initially,
the CLI will be accessed through a direct console connection. After an IP address
has been assigned to the access point’s Ethernet interface, you can use Telnet to
access the CLI or a web browser to access the web interface.
Note
At the factory default settings, the Access Point 530 first tries to obtain
an IP address using DHCP. If the access point is unable to obtain an IP
address using DHCP, the device will use IP address 192.168.1.1.
In this lab, you will disable DHCP and manually assign an IP address.
1. Use a serial cable to connect the COM port on the Windows XP station to the
console port on the back of the AP 530.
2. On the Windows XP station, use Tera Term Pro to open a terminal session
with the AP, using the following settings:
a. Select Serial.
b. Choose COM1 for the port.
c. Click OK.
d. Press Enter.
3. When prompted for your username and password, enter admin for both.
These are the default settings for the AP 530. (If the default password does
not work try password and then ask your instructor for the configured
password.)
Note
The prompt is displayed as follows:
ProCurve Access Point 530#
For simplicity, the labs will display the AP 530 prompt as:
ProCurve AP 530#
4. To ensure that the AP 530 is using the factory default settings, copy the
factory default file to the startup configuration.
ProCurve AP 530# copy factory-default startup-config
The CLI will notify you that the AP 530 is automatically rebooting.
5. After the AP 530 reboots, re-enter the default username and password to
again access the CLI.
6. You are now in the Exec privilege mode of the CLI. To get familiar with the
command structure, type “help”.
L 8.1 – 4 Rev. 8.41

a. What information is displayed? _______________________________

__________________________________________________________
Note
The up and down arrow keys allow you to scroll through the history of
previously entered commands from which you can select one to repeat.
7. Type a question mark (?.)

a. What commands are displayed? ________________________________
_________________________________________________________
8. Use the other commands and configuration context levels to help in
answering the following questions.
a. Which command is used to view device events?
__________________________________________________________
b. Which command identifies the software version?
__________________________________________________________
c. Which command displays system up time and IP settings?
__________________________________________________________
d. Which command is used to access the global configuration mode?
__________________________________________________________
e. What differences are there when you are in the global configuration
mode?
__________________________________________________________
__________________________________________________________
f. What is the difference between the end and exit commands?
__________________________________________________________
__________________________________________________________
Rev. 8.41 L 8.1 – 5

Task 3. Change the Default Password

The PCU network administrators want to immediately change the AP 530’s
password to prevent unauthorized users from tampering with the configuration.
1. Move to the global configuration mode context.
ProCurve AP 530# configure
2. Enter a new management password.
ProCurve AP 530(config)# password manager procurve
L 8.1 – 6 Rev. 8.41

Task 4. Assigning the country code

Setting the country code ensures that the AP 530 uses the channels and transmit
powers allowed by your country’s regulations. If you are using the AP 530 North
American model, the country code is set to US by default. You can skip to the
next task.
If you are using the Worldwide model, you must set the country code as explained
below.
1. Move to the global configuration mode and view the options for configuring
the country code.
ProCurve AP 530(config)# country ?
2. Enter your country code.
ProCurve AP 530(config)# country <code>
Replace <code> with the two-digit code for the country in which you are
operating the AP 530.
Note
If the “% Unrecognized Command” response is displayed, then the
country code has already been set or was preset at the time of shipment.
The country code is preset on the North American products and you will
not be able to modify this option on these units. For the worldwide
product, the country code is the first configuration task that must be
completed before any other tasks can be performed. Setting the country
code allows the radio to be enabled. Use the show system command
to verify the country code setting.
3. If necessary, configure the appropriate country code for your location.
Rev. 8.41 L 8.1 – 7

Task 5. Configuring the IP address of the Ethernet interface

By default, the Access Point 530 uses DHCP to acquire an IP address. If there is a
DHCP server on the network, the access point may have been assigned an IP
address. In this task, you will manually assign an IP address to the Ethernet
interface.
1. Determine the IP address currently assigned to the access point.
a. Which command displays the IP address of the Ethernet interface?
_________________________________________________________
Note
If the IP address of the Access Point 530 is 192.168.1.1, then the access
point was unable to obtain an IP address using DHCP. If DHCP is
working properly, you should see an IP address in VLAN20 such as
10.X.20.50, or something similar.
2. Access the global configuration context level and configure the System Name
as Groupx, where x is your group number, using the “Hostname”
command.
The ProCurve AP 530 takes its management address from the address configured
on its Ethernet interface. By default, this interface receives a DHCP address. To
ensure that the AP always has the same IP address, the PCU administrators want to
assign the Ethernet interface a static IP address. Use this table to assign your
AP530 a static address, subnet mask and gateway.
Parameter Value
IP Address 10.x.20.20
Subnet mask: 255.255.255.0
Default Gateway 10.x.20.1
3. Move to the Ethernet interface configuration mode context.

ProCurve AP 530(config)# interface ethernet
4. Assign the Ethernet interface the static IP address required for this lab:
ProCurve AP 530(ethernet)# ip address 10.x.20.20/24
ProCurve AP 530(ethernet)# ip default-gateway 10.x.20.1
Replace x with the number that your instructor assigned you and your
partner.
5. Exit to the global configuration mode.
ProCurve AP 530(ethernet)# exit
6. Return to the Exec privilege mode.
L 8.1 – 8 Rev. 8.41
7. Save your configuration.

ProCurve AP 530(config)# write memory
8. Terminate your session.
Rev. 8.41 L 8.1 – 9

Task 6. Using the web interface to configure the Access Point 530
In this task, you will use your Windows server computer to access the web
interface of the Access Point 530, since the Windows client computer will be used
as a wireless client in this lab exercise. For the remainder of this lab, you will use
the Web browser interface to configure the AP 530.
1. Open a Web browser on the Windows Server 2003 and enter the IP address
that you assigned your AP 530 as the URL:
http://10.x.20.20
2. Enter the username (admin) and password (procurve) to access the Web
browser interface.
L 8.1 – 10 Rev. 8.41

Task 7. Configuring System Information

In this task, you will explore some of the general features of the Web browser
interface and enter global information about the AP 530.
1. The Web browser interface will open to the Device Information window,
which displays the AP’s IP address, MAC address, software version, country
code, and system uptime.
2. Record the MAC address on the AP 530’s Ethernet interface.

______________________________________________________________
3. What software version is the AP running?
______________________________________________________________
4. Enter the following information for the AP:
System Name: GroupX (where X is your group number)
Location: PCU Student Union
Contact: Your name
5. Click Update to save the settings.
Click the plus sign icon next to Device Information to expand the options
underneath this heading.
6. View the AP/LAN Statistics window. How many packets have been sent
over the Ethernet connection?
______________________________________________________________
Rev. 8.41 L 8.1 – 11

7. Click Event Log. What information is recorded in the event log?

______________________________________________________________
______________________________________________________________
______________________________________________________________
L 8.1 – 12 Rev. 8.41

Task 8. Configuring WLAN for your group at PCU

In this task, you will use your Windows server computer to access the webgui interface.
1. On the AP 530, you will create the WLAN listed in the table below. Replace
x with the group number your instructor assigned you and your partner.
AP 530 Index VLAN ID Open or Supported on

WLANs Number closed? Radio
Groupx 1 20 Open 1 and 2
2. Click Network Setup > WLANs.
3. Configure the Groupx WLAN.

a. By default, WLAN 1 is enabled on Radio 1 and Radio 2. Accept this
setting. In the SSID field, enter GroupX and replace X with the group
number that your instructor assigned to you and your partner. This will
give you WLAN a unique name so that you can log into the correct
WLAN.
Rev. 8.41 L 8.1 – 13

4. Configure the Groupx WLAN using the settings shown in the table at the
beginning of this section.
5. Click Update to save your changes.
L 8.1 – 14 Rev. 8.41

Task 9. Check Radio Status

1. By default, the AP 530’s radios are disabled. To protect your network, you
should not enable the radios until you configure security for the WLANs. To
verify that the radios are disabled, click Network Setup > Radio.
2. As shown above, the Network Setup > Radio window shows the settings for
one radio at a time. To view the status for the other radio, select it from the
Radio drop-down menu.
3. Turn the Radio status to On and click update. Do this for both Radio 1 and
Radio 2.
Rev. 8.41 L 8.1 – 15

Task 10. Save Configuration

Whenever you select Update, the AP 530 automatically saves your configurations
to the startup-config file from which it boots. You can also save a configuration in
a custom default file to be used as the baseline configuration for all APs in your
network. You can back up the startup-config or the custom default-config to a
remote server.
1. Open the Tftpd32 program on the Windows XP station.
2. In the Web browser interface for the AP 530, select Management > System
Maintenance.
3. Select the Configuration Files tab.
4. Under Save Running Configuration, click Save to save the running-config

to the custom default. A message is displayed, telling you the changes were
saved successfully. Click Return.
5. Start the Tftp32 server on the Windows Server 2003.
6. Under Transfer Configuration on the System Maintenance-Configuration
Files window, enter these settings to back up your configuration to the TFTP
server:
Server Type: TFTP
Direction: Upload (Save)
Config Type: Custom Default
L 8.1 – 16 Rev. 8.41

Server IP: 10.x.10.10

File Name: Lab8_AP530_custom
7. Select Update. A prompt should be displayed, telling you that the
configuration was saved successfully to the TFTP server. Click Return.
Rev. 8.41 L 8.1 – 17

Task 11. Configure the Windows client computer for wireless

connectivity
1. Disconnect the Ethernet cable from the Windows client computer, if one is
currently attached, so that it is no longer connected to any switch.
2. Verify that either an integrated or PCMCIA wireless adapter is installed on
your Windows client computer.
3. Open the Properties window of the wireless adapter.
4. Click the Wireless Networks tab and ensure Use Windows to configure my
wireless networks check box is enabled.
5. Click the View Wireless Networks button. You should see your group’s
access point and possibly others in the lab.
6. Select your group’s wireless network and click the Connect button. Once the
association process completes and you get connected, your Windows client
computer should be assigned an IP address in the VLAN 20 network.
7. Verify you have full connectivity to your network and other network groups
in the class.
8. From your wireless client, connect to the web interface of your group’s
access point and click on the status tab.
a. How many stations are currently connected? _____________________
b. If there is more than one station connected to your access point can it be
determined easily who the other clients are? _____________________
_________________________________________________________
9. Turn the Radio status off and click update for both Radio 1 and Radio 2.
10. Unplug your AP530 from network.
L 8.1 – 18 Rev. 8.41

Command Reference
needed.
help Displays help information
Displays a list of commands at the current privilege

?
or context level
show system Displays the country code setting
interface ethernet Accesses the Ethernet interface context level
no ip dhcp Disables DHCP client mode
ip address <ip-address> <decimal-mask> Defines the IP address of the Ethernet interface

copy factory-default-config startup-config Configures the AP 530 to
reboot from the factory
defaults
? Displays available commands
show ? Displays options available
to the show command
configure Accesses the global
configuration mode context
password manager <password> Assigns the password that
you must enter to access any
management interface on the
AP 530
interface Ethernet Accesses the AP 530’s
Ethernet interface
ip address <A.B.C.D>/<prefix length> Specifies the IP address on
the AP 530’s Ethernet
interface
ip default-gateway <A.B.C.D> Specifies the IP address of
the device to which the AP
530 should send traffic to
be routed to another
subnetwork
end Exits to manager EXEC mode
exit Exits one level—for example,
from an interface
configuration mode to global
configuration mode
write memory Copies the running-config to
the startup-config
• All these commands apply only to the access point 530.
Rev. 8.41 L 8.1 – 19

L 8.1 – 20 Rev. 8.41

Configuring the Wireless Edge Services zl
Module
Module 8 Lab 2
Objectives
After completing this lab, you should be able to:
Access the web browser interface for the ProCurve Wireless Edge Services zl
Module
Ensure that the ProCurve Radio Ports (RPs) are automatically adopted
Configure wireless LANs (WLANs) on the Wireless Module
Overview
The ProCurve University (PCU) network administrators are ready to deploy the
Wireless LAN System into there campus. In this lab, you will explore the Web
browser interface for the Wireless Edge Service zl Module. You will configure a
WLAN for your group:
GroupX—for students and faculty
Rev. 8.41 L 8.2 – 1

Network diagram
In this lab exercise, you will be

L 8.2 – 2 Rev. 8.41

Configuring the Wireless Edge Services zl Module
Task 1. Access the Web browser interface for the Wireless Edge
Services Module
1. Launch Internet Explorer from either your Windows XP workstation or
Windows Server system.
2. In the Address bar enter http://10.100.1.11 and press enter.
3. For the login enter the username manager and password procurve. Then
click login.
4. At this point take some time to become familiar with the available menu items
listed at the left of the window.
Rev. 8.41 L 8.2 – 3

Task 2. Configure Radio Settings

In this task, you will decrease the transmit power in the radio adoption default
settings, and verify radios are automatically adopted. These are configurations that
the Radio will receive when the Wireless Module adopts them.
1. Click Network Setup > Radio Adoption Defaults. You should be at the
Configuration tab.
2. Highlight 802.11bg and click the Edit button.
L 8.2 – 4 Rev. 8.41

3. Under Radio Settings, in the Desired Power field, use the drop-down menu
to select 8 dB. On the Wireless Module, you set the transmit power as an
absolute value, and available settings are determined by both the channel you
select and the country code (which, of course, makes the RPs comply with
regulations in your area).
4. Click OK. A warning is displayed. Click OK again.

5. Click Save in the upper right corner.
6. Click Yes to the save popup window then click OK.
7. Next click on the Radio option you should be in the configuration tab
8. Click on Global Settings in the lower right hand corner
Rev. 8.41 L 8.2 – 5

9. Verify and if needed check Adopt unconfigured radios automatically and

click OK.
10. Next click on WLAN Setup and verify you are in the Configuration tab.
L 8.2 – 6 Rev. 8.41

11. Click on Global Settings in the lower right hand corner and select or verify
that the Advanced Configuration option is checked, click OK.
Rev. 8.41 L 8.2 – 7

Task 3. Configure PoE Source switch for RP Connection
1. In this task we will configure our GroupX Core 5400zl switch for our RP:
When you install the Wireless Edge Services Module into the 5400zl Switch, the
switch, by default, automatically creates the Radio Port VLAN (2100). Likewise,
the switch automatically detects RPs when they are connected to the network and
makes each RP’s switch port an untagged member of the Radio Port VLAN.
Note
For each Group’s 5400zl Switch to provide power for the RPs, you must make
sure the port to which you connect the RP are untagged members of VLAN
210x (we will accomplish this by using the auto-provision function of lldp).
You must also make sure the uplink port to the instructor’s 5400 on your
groups 5400zl Switch is a tagged member of VLAN 210x and 2x.
2. Connect to your group’s Core 5400zl switch.

3. Set the auto-provision option to put your group’s radio into your group’s
wlan vlan and leave your console connection open.
4. Next set the uplink port to be a tagged member of both 210x and 2x.
5. Configure Vlan 2x
6. Verify DHCP scope on your windows server for vlan 2x
L 8.2 – 8 Rev. 8.41

7. In the Web browser interface for the Wireless Module, click Network Setup
> Radio. The Configuration tab should be selected. This window displays
the RPs that the Wireless Module has adopted. If you are the first one to do
this step the window will be empty.
8. Connect the RP to an unused port on the 5400zl Switch.(In our example we

will use A11)
As the RPs power up, view their LEDs to monitor both the bootup process and
the adoption process.
LED Behavior in Sequence Bootup or Adoption Process
Green and amber LEDs illuminate RP performs a self-test.
Amber LED flashes three times per second; RP attempts to communicate

green LED is off. with a Wireless Module.
Both LEDs go off for a moment; then both If no error conditions have
illuminate for a few seconds. occurred, RP is communicating
with Wireless Module.
Green LED indicates the status of the 802.11bg Normal operation

radio; amber LED indicates status of the
802.11 a radio. (For an RP 210, only the green
LED flashes during normal operation.)
Without wireless traffic, LEDs flash once
every 5 seconds.
With wireless traffic, the LEDs flash more
frequently.
Green and Amber LEDs flash steadily once Error conditions

every second.
Rev. 8.41 L 8.2 – 9

If one of the RPs experiences an error condition, verify that you have set the
country code.
9. Refresh the Network Setup > Radio window in the Wireless Module’s Web
browser interface. The RPs’ radios should be listed.
10. From your 5400zl console connection review the port you plugged your RP
into
L 8.2 – 10 Rev. 8.41

Task 4. Configure the WLANs

In this task, you will begin to configure the following WLANs on the Wireless
Module:
Wireless Module’s Index Number VLAN ID Open or Closed?

WLANs (SSIDs)
Groupx 1 2x Open
1. Click Network Setup > WLAN Setup. You should be at the Configuration
tab.
Rev. 8.41 L 8.2 – 11


a. Select Index x (Where x is your group#) and click Edit. The Edit
window is displayed.
b. In the SSID field, enter Groupx. Replace x with your group #.
c. In the VLAN ID field, enter 2x.
d. Next select the box under Encryption for WPA/WPA2-TKIP and then
click on Config…
L 8.2 – 12 Rev. 8.41

e. Under the Key Settings verify and select if needed the ASCII
Passphrase button and enter groupXwpa as the passphrase (where X is
your group number).
f. Click OK. You are returned to the Network Setup > WLAN Setup
window.
g. Click OK and you should be returned to the Network Setup > WLAN
Setup window.
By default, the WLANs are disabled. In a production environment, you should not
enable the WLANs until you have configured security for the WLANs.
Remember, however, that enabling a WLAN before you configure the security for
it is not a best practice.
3. Next you need to navigate to Network Setup > Radio and find the MAC
address for your RADIO1.
Rev. 8.41 L 8.2 – 13

4. Once you locate your RADIO# MAC address highlight the one with
802.11bg listed under the type filed and click Edit.
5. Under Radio Descr. Enter GroupX and click OK
6. Next click on the WLAN Assignments tab
7. Hightlight GroupX and click Edit.
L 8.2 – 14 Rev. 8.41

8. Select GroupX SSID and Click apply then close.
9. Next navigate to WLAN setup and Select the Groupx SSID and click Enable.
10. Click Save in the upper right corner to save your changes and click Yes and
OK to complete the save function.
Rev. 8.41 L 8.2 – 15

Task 5. Associate to the WLANs

In this task, you will associate to the WLANs to check the WLAN and DHCP
settings. (Remember that in a production network, you should always configure
WLAN security before enabling the WLAN.)
1. On the Windows XP workstation, right-click the wireless icon in the
Windows toolbar (which is typically at the bottom of your window) and
select Open Network Connections.
2. Next right click on Wireless Network Connection and select Properties.
3. Select the Wireless Networks tab.
4. Under the Preferred networks section select GroupX and click Properties.
5. If GroupX is not listed click on Add and enter GroupX into the Network
name (SSID) field.
6. Under Network Authentication drop down select WPA-PSK.
7. Under Data encryption select TKIP.
8. Under Network and Confirm Network Key enter groupXwpa where X is
your group number and click OK then click OK again.
select View Available Wireless Networks. The Choose a wireless network
10. Locate and select the GroupX WLAN that you configured on the Wireless
Module.
11. Click Connect Your station should associate to the GroupX WLAN, and
your station should receive an IP address on the 10.x.20.0/24 subnet.
12. Check the IP address on the Windows XP station.
a. Click Start > Run.
b. Enter cmd.
c. At the command prompt, enter ipconfig.
L 8.2 – 16 Rev. 8.41

Task 6. Save the Configuration File to your TFTP Server

The Wireless Module allows you to save configuration files to:
A TFTP or FTP server
The local disk on the Windows XP workstation
The Wireless Module
In this task, you will save the Wireless Module’s configuration to the Windows XP
station.
1. On the Windows XP station, open an Internet browser and enter the IP
address for the Wireless Module:
2. Click Management > System Maint.—Config Files. From this window you
can:
• View configuration files
• Delete configuration files (except the startup-config file) stored on the
Wireless Module
• Return the startup-config to factory default settings
• Transfer files to a server (FTP or TFTP), local disk, or Wireless Module
3. Select the startup-config file and click View. Although you can view the
settings included in the startup-config, you cannot edit them from here. Click
Close.
Rev. 8.41 L 8.2 – 17

4. Click Transfer Files.
5. Configure the source.

a. In the From box, select Wireless Services Module. The window
changes to display the options needed to transfer files from the Wireless
Module.
b. In the File box, select startup-config.

6. Configure the target.
a. In the To box, select Local Disk.
b. Use the Browse button to select the Tftp32 directory in which the AP
530 files are stored. For the filename, enter lab8.2_WESMzl_GroupX.
Click Open to return to the Transfer window; the filename, with the
correct path, is displayed in the File box.
c. Click Transfer. Ensure that the transfer is successful.
d. Click Close. You are returned to the Management > System Maint.—
Config Files window.
L 8.2 – 18 Rev. 8.41

Command Reference
The following commands are used in this lab. Refer to them as needed.
Command Description
Configure terminal Enters the global configuration mode
context
Ip address Set IP parameters for communication
within an IP network
Ip helper-address Add or remove a DHCP server IP address
for the VLAN.
Lldp auto-provision Configure various parameters related to
lldp automatic provisioning.
Show vlans Show status information for all VLANs
vlan <number> tagged <port #> Makes a port a tagged member of a VLAN
wireless-services <slot letter> Accesses the CLI for the Wireless Module
write memory Saves the changes to the startup-config
Rev. 8.41 L 8.2 – 19

L 8.2 – 20 Rev. 8.41

Network Troubleshooting
Module 9 Lab
Objectives
Use CLI commands to examine the network configuration and connectivity
Use the output from system status displays and the event log to assist in
troubleshooting
Use basic tools to diagnose network connectivity
Overview
For this lab exercise, your instructor introduces several problems to the equipment
in your student station. These problems can involve a range of possibilities from
misconfiguration errors, and physical connectivity and equipment failures.
Based on the presence of network reachability problems for your Windows
computers, you must determine why some communications is prevented and repair
the problems.
Rev. 8.41 L9–1

L9–2 Rev. 8.41

Network Design
Module 10 Lab
Objectives
Apply the principles of a network design methodology to develop a basic
switched network
Identify the appropriate placement of various ProCurve networking
equipment to address high performance, high availability, and convergence
needs in an Adaptive Edge network
Overview
In this activity, your team will specify a network design solution based on a set of
requirements.
Rev. 8.41 L 10 – 1
Scenario
ProCurve University has two sites. The main campus consists of one building with
four floors and a remote campus has one building with two floors. The remote
campus is located several kilometers from the main campus.
The remote campus location is temporary and the personnel and associated
departments will eventually be moved to the main campus when a new building at
the main campus is completed.
Main campus
School of
4th School of Computer
floor Engineering Science
3rd
floor School of Computer Science
Remote campus
2nd School of 2nd

School of Computer
floor floor School of Graphic Design
Business Science
Security
Security
1st 1st
floor Administration IT floor Administration IT
The general layout and locations of the wiring closets of each floor at the main and
remote campuses is shown below.
Wiring Wiring
closet closet
Main
entrance
Elevators`
The layout of the first floor at the main and remote campuses consists of office
space allocated to the university’s administration, IT, and security departments,
and storage areas. The typical build-out of the upper floors consists of classrooms,
some larger lecture auditoriums, library or research rooms, and faculty offices. IP
video surveillance cameras are installed in the primary common areas such as
building entrances, hallways, stairways, and elevator waiting areas.
L 10 – 2 Rev. 8.41
Network Design
Network connectivity support

The following list summarizes the characteristics of the overall network
connectivity that ProCurve University would like to provide:
Main campus will have an Internet connection.
Wireless LAN support will be provided in the faculty office locations and the
larger lecture rooms. All communications must be secure.
The connection between the main and remote campuses is expected to require
low to moderate bandwidth. The university believes public carrier services
will suffice. The two locations are not in line of sight. All communications
between the campuses must be secure.
Most desktop computers have 10/100 Mbps adapters, but some have 1 Gbps
adapters.
Notebook computers used by the faculty are equipped with 802.11b/g
wireless LAN and Ethernet adapters.
All servers have 1 Gbps network adapters.
IP phones are used extensively for the faculty and support staff offices.
IP video surveillance cameras are installed on all four floors of the main
campus and remote campus buildings. The live video is fed to a security
monitoring office at each site.
Application support
The major applications supported by the network include the following:
The faculty of each department use video conferencing for distance learning
applications.
The IT department provides file and database backup services to the
departments at both campuses.
The computer science and engineering departments uses a variety of
bandwidth intensive and multimedia applications.
Network design solution goals

The network design solution should address interconnection of the main and
remote campuses and incorporate the device counts and connectivity capabilities.
The network design should highlight the following general characteristics:
High availability
Convergence
Security
Mobility
Performance
Cost-effectiveness
Rev. 8.41 L 10 – 3
Device support requirements

The connectivity requirements for the main campus are the following:
Floor Department Device Quantity Total

1 IT Servers 14 40
PCs 20
Printers 3
Wireless APs 3
Administration Servers 4 20
PCs 12
Printers 4
Security 1 Servers 3 15
PCs 10
Cameras 60
Printers 2
2 School of Business Servers 3 35
PCs 16
Printers 4
IP phones 9
Wireless APs 3
School of Computer Servers 3 30
Science PCs 12
Printers 2
IP phones 10
Wireless APs 3
3 School of Computer Servers 6 65
Science PCs 27
Printers 6
IP phones 20
Wireless APs 6
4 School of Engineering Servers 4 40
PCs 19
Printers 4
IP phones 10
Wireless APs 3
School of Computer Servers 3 30
Science PCs 15
Printers 2
IP phones 7
Wireless APs 3
1
Security department monitors a total of 60 IP cameras installed in the building
L 10 – 4 Rev. 8.41
Network Design
The connectivity requirements for the remote campus are the following:
Floor Department Device Quantity Total

1 Administration Servers 2 10
PCs 5
Printers 3
School of Graphic Servers 2 15
Design PCs 11
Printers 2
Security
1
Servers 2 10
PCs 6
Cameras 30
Printers 2
School of Graphic Servers 3 45
Design PCs 38
Printers 4
1
Security department monitors a total of 30 IP cameras installed in the building
Rev. 8.41 L 10 – 5
Worksheets
Use the following worksheets to help organize and document your network design
solution. Two examples of the types of entries you may create are listed.
Ports PoE Uplink Type

Location Device Model
Available Ports (fiber/copper)
Example 5406zl 144 144 4 Gbps fiber trunk
Example 530 AP NA Y NA
Main
Campus
Floor 1
Main
Campus
Floor 2
Main
Campus
Floor 3
Main
Campus
Floor 4
L 10 – 6 Rev. 8.41
Network Design
Ports PoE Uplink Type

Location Device Model
Available Ports (fiber/copper)
Remote
Campus
Floor 1
Remote
Campus
Floor 2
VLAN VLAN Subnet IP Default Gateway

ID Name Address/Mask IP Address
Rev. 8.41 L 10 – 7
L 10 – 8 Rev. 8.41
Configuration File Solutions
Appendix A
Rev. 8.41 A–1

A–2 Rev. 8.41

Appendix A
Lab 1.1: Edge 1

hostname "Edge_1"
module 1 type J86xxA
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1-24
ip address 10.1.1.2 255.255.255.0
exit
no autorun
password manager
password operator
Lab 1.1: Edge 2

hostname "Edge_2"
vlan 1
name "DEFAULT_VLAN"
untagged 1-24
ip address 10.1.1.3 255.255.255.0
exit
no autorun
password manager
password operator
Lab 1.2: Edge 1

hostname "Edge_1"
time timezone -300
time daylight-time-rule Continental-US-and-Canada
interface 12
name "Edge_2"
exit
timesync sntp
Rev. 8.41 A–3

Lab 1.2: Edge 1 (cont.)

sntp unicast
sntp 30
vlan 1
name "DEFAULT_VLAN"
untagged 1-24
ip address 10.1.1.2 255.255.255.0
exit
logging 10.1.1.10
sntp server priority 1 10.1.1.10
no autorun
password manager
password operator
Lab 1.2: Edge 2

hostname "Edge_2"
time timezone -300
interface 12
name "Edge_1"
exit
timesync sntp
sntp unicast
sntp 30
vlan 1
name "DEFAULT_VLAN"
untagged 1-24
ip address 10.1.1.3 255.255.255.0
exit
logging 10.1.1.10
no autorun
A–4 Rev. 8.41

Appendix A
Lab 1.2: Edge 2 (cont.)

password manager
password operator
Lab 2: Core
hostname "Core"
time timezone -300
module 1 type J8702A
interface A12
name "Edge_1"
exit
interface A23
name "Edge_2"
exit
ip routing
timesync sntp
sntp unicast
vlan 1
name "DEFAULT_VLAN"
untagged A1-A24
ip address 10.1.1.1 255.255.255.0
exit
vlan 10
name "VLAN10"
ip helper-address 10.1.1.10
ip address 10.1.10.1 255.255.255.0
tagged A12
exit
vlan 20
name "VLAN20"
ip address 10.1.20.1 255.255.255.0
tagged A23
Rev. 8.41 A–5

Lab 2: Core (cont.)

exit
vlan 30
name "VLAN30"
ip address 10.1.30.1 255.255.255.0
tagged A23
exit
logging 10.1.1.10
no autorun
password manager
password operator
Lab 2: Edge_1
hostname "Edge_1"
time timezone -300
interface 12
name "Edge_2"
exit
ip default-gateway 10.1.1.1
timesync sntp
sntp unicast
sntp 30
vlan 1
name "DEFAULT_VLAN"
untagged 1-14,16-24
ip address 10.1.1.2 255.255.255.0
no untagged 15
exit
vlan 10
name "VLAN10"
A–6 Rev. 8.41

Appendix A
Lab 2: Edge_1 (cont.)

untagged 15
tagged 14
no ip address
exit
logging 10.1.1.10
no autorun
password manager
password operator
Lab 2: Edge_2
hostname "Edge_2"
time timezone -300
interface 12
name "Edge_1"
exit
timesync sntp
sntp unicast
sntp 30
vlan 1
name "DEFAULT_VLAN"
untagged 1-14,16-24
ip address 10.1.1.3 255.255.255.0
no untagged 15
exit
vlan 20
name "VLAN20"
untagged 15
tagged 24
no ip address
exit
Rev. 8.41 A–7


vlan 30
name "VLAN30"
tagged 23-24
no ip address
exit
logging 10.1.1.10
no autorun
password manager
password operator
Lab 2: Edge_3
hostname "Edge_3"
time timezone -300
interface 1
name "WinClient"
exit
interface 9
name "Edge_2"
exit
sntp server 10.1.1.10
timesync sntp
sntp unicast
logging 10.1.1.10
vlan 1
name "DEFAULT_VLAN"
untagged 2-9
ip address 10.1.1.4 255.255.255.0
no untagged 1
exit
vlan 30
A–8 Rev. 8.41

Appendix A

name "VLAN30"
untagged 1
tagged 9
exit
password manager
password operator
Lab 4.1: Core

hostname "Core"
time timezone -300
interface A12
name "Edge_1"
exit
interface A23
name "Edge_2"
exit
trunk A13-A14 Trk1 LACP
ip routing
timesync sntp
sntp unicast
vlan 1
name "DEFAULT_VLAN"
untagged A1-A12,A15-A22,Trk1-Trk2
ip address 10.1.1.1 255.255.255.0
exit
vlan 10
name "VLAN10"
ip address 10.1.10.1 255.255.255.0
tagged A12,Trk1
Rev. 8.41 A–9

Lab 4.1: Core (cont.)

exit
vlan 20
name "VLAN20"
ip address 10.1.20.1 255.255.255.0
tagged Trk2
exit
vlan 30
name "VLAN30"
ip address 10.1.30.1 255.255.255.0
tagged Trk2
exit
logging 10.1.1.10
spanning-tree Trk1 priority 4
no autorun
password manager
password operator
Lab 4.1: Edge_1

hostname "Edge_1"
time timezone -300
interface 12
name "Edge_2"
exit
trunk 13-14 Trk1 LACP
timesync sntp
sntp unicast
sntp 30
A – 10 Rev. 8.41
Appendix A
Lab 4.1: Edge_1 (cont.)

vlan 1
name "DEFAULT_VLAN"
untagged 1-12,16-24,Trk1
ip address 10.1.1.2 255.255.255.0
no untagged 15
exit
vlan 10
name "VLAN10"
untagged 15
tagged Trk1
no ip address
exit
logging 10.1.1.10
no autorun
password manager
password operator
Lab 4.1: Edge_2

hostname "Edge_2"
time timezone -300
interface 12
name "Edge_1"
exit
trunk 22,24 Trk2 LACP
timesync sntp
sntp unicast
sntp 30
Rev. 8.41 A – 11

vlan 1
name "DEFAULT_VLAN"
untagged 1-14,16-20,Trk2-Trk3
ip address 10.1.1.3 255.255.255.0
no untagged 15
exit
vlan 20
name "VLAN20"
untagged 15
tagged Trk2
no ip address
exit
vlan 30
name "VLAN30"
tagged Trk2-Trk3
no ip address
exit
logging 10.1.1.10
no autorun
password manager
password operator
Lab 4.1: Edge_3

hostname "Edge_3"
time timezone -300
interface 1
name "WinClient"
exit
interface 8
A – 12 Rev. 8.41
Appendix A

no lacp
exit
interface 9
name "Edge_2"
no lacp
exit
trunk 8-9 Trk3 LACP
timesync sntp
sntp unicast
logging 10.1.1.10
vlan 1
name "DEFAULT_VLAN"
untagged 2-7,Trk3
ip address 10.1.1.4 255.255.255.0
no untagged 1
exit
vlan 30
name "VLAN30"
untagged 1
tagged Trk3
exit
password manager
password operator
Lab 4.2: Core

hostname "Core"
time timezone -300
interface A12
name "Edge_1"
Rev. 8.41 A – 13

exit
interface A23
name "Edge_2"
exit
ip routing
timesync sntp
sntp unicast
vlan 1
name "DEFAULT_VLAN"
ip address 10.1.1.1 255.255.255.0
exit
vlan 10
name "VLAN10"
ip address 10.1.10.1 255.255.255.0
tagged A12,Trk1-Trk2
exit
vlan 20
name "VLAN20"
ip address 10.1.20.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 30
name "VLAN30"
ip address 10.1.30.1 255.255.255.0
tagged Trk1-Trk2
exit
logging 10.1.1.10
A – 14 Rev. 8.41
Appendix A

spanning-tree
spanning-tree priority 1 force-version RSTP-operation
no autorun
password manager
password operator
Lab 4.2: Edge_1

hostname "Edge_1"
time timezone -300
interface 12
name "Edge_2"
exit
timesync sntp
sntp unicast
sntp 30
vlan 1
name "DEFAULT_VLAN"
ip address 10.1.1.2 255.255.255.0
no untagged 15
exit
vlan 10
name "VLAN10"
untagged 15
tagged 7,9,Trk1
no ip address
exit
vlan 30
Rev. 8.41 A – 15

name "VLAN30"
tagged 7,9,Trk1
no ip address
exit
vlan 20
name "VLAN20"
tagged 7,9,Trk1
no ip address
exit
logging 10.1.1.10
spanning-tree
no autorun
password manager
password operator
Lab 4.2: Edge_2

hostname "Edge_2"
time timezone -300
interface 12
name "Edge_1"
exit
timesync sntp
sntp unicast
sntp 30
vlan 1
name "DEFAULT_VLAN"
A – 16 Rev. 8.41
Appendix A

ip address 10.1.1.3 255.255.255.0
no untagged 15
exit
vlan 20
name "VLAN20"
untagged 15
tagged 9,Trk2-Trk3
no ip address
exit
vlan 30
name "VLAN30"
tagged 9,Trk2-Trk3
no ip address
exit
vlan 10
name "VLAN10"
tagged 9,Trk2-Trk3
no ip address
exit
logging 10.1.1.10
spanning-tree
no autorun
password manager
password operator
Lab 4.2: Edge_3

hostname "Edge_3"
time timezone -300
interface 1
Rev. 8.41 A – 17

name "WinClient"
exit
interface 8
no lacp
exit
interface 9
name "Edge_2"
no lacp
exit
trunk 8-9 Trk3 LACP
timesync sntp
sntp unicast
logging 10.1.1.10
vlan 1
name "DEFAULT_VLAN"
untagged 2-7,Trk3
ip address 10.1.1.4 255.255.255.0
no untagged 1
exit
vlan 30
name "VLAN30"
untagged 1
tagged 7,Trk3
exit
vlan 10
name "VLAN10"
tagged 7,Trk3
exit
vlan 20
name "VLAN20"
tagged 7,Trk3
exit
A – 18 Rev. 8.41
Appendix A

spanning-tree
no spanning-tree 7 admin-edge-port
no spanning-tree Trk3 admin-edge-port
spanning-tree priority 3
password manager
password operator
Lab 4.3: Core

hostname "Core"
time timezone -300
interface A12
name "Edge_1"
exit
interface A23
name "Edge_2"
exit
ip routing
timesync sntp
sntp unicast
vlan 1
name "DEFAULT_VLAN"
ip address 10.1.1.1 255.255.255.0
exit
vlan 10
name "VLAN10"
ip address 10.1.10.1 255.255.255.0
Rev. 8.41 A – 19

exit
vlan 20
name "VLAN20"
ip address 10.1.20.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 30
name "VLAN30"
ip address 10.1.30.1 255.255.255.0
tagged Trk1-Trk2
exit
logging 10.1.1.10
spanning-tree
spanning-tree config-name "procurve"
spanning-tree config-revision 1
spanning-tree instance 1 vlan 10
spanning-tree instance 2 vlan 20 30
no autorun
password manager
password operator
Lab 4.3: Edge_1

hostname "Edge_1"
time timezone -300
interface 12
name "Edge_2"
exit
A – 20 Rev. 8.41
Appendix A

timesync sntp
sntp unicast
sntp 30
vlan 1
name "DEFAULT_VLAN"
ip address 10.1.1.2 255.255.255.0
no untagged 15
exit
vlan 10
name "VLAN10"
untagged 15
tagged 7,9,Trk1
no ip address
exit
vlan 30
name "VLAN30"
tagged 7,9,Trk1
no ip address
exit
vlan 20
name "VLAN20"
tagged 7,9,Trk1
no ip address
exit
logging 10.1.1.10
spanning-tree
Rev. 8.41 A – 21

spanning-tree instance 1 priority 1
no autorun
password manager
password operator
Lab 4.3: Edge_2

hostname "Edge_2"
time timezone -300
interface 12
name "Edge_1"
exit
timesync sntp
sntp unicast
sntp 30
vlan 1
name "DEFAULT_VLAN"
ip address 10.1.1.3 255.255.255.0
no untagged 15
exit
vlan 20
name "VLAN20"
untagged 15
tagged 9,Trk2-Trk3
no ip address
exit
A – 22 Rev. 8.41
Appendix A

vlan 30
name "VLAN30"
tagged 9,Trk2-Trk3
no ip address
exit
vlan 10
name "VLAN10"
tagged 9,Trk2-Trk3
no ip address
exit
logging 10.1.1.10
spanning-tree
no autorun
password manager
password operator
Lab 4.3: Edge_3

hostname "Edge_3"
time timezone -300
interface 1
name "WinClient"
exit
interface 8
no lacp
Rev. 8.41 A – 23

exit
interface 9
name "Edge_2"
no lacp
exit
trunk 8-9 Trk3 LACP
timesync sntp
sntp unicast
logging 10.1.1.10
vlan 1
name "DEFAULT_VLAN"
untagged 2-7,Trk3
ip address 10.1.1.4 255.255.255.0
no untagged 1
exit
vlan 30
name "VLAN30"
untagged 1
tagged 7,Trk3
exit
vlan 10
name "VLAN10"
tagged 7,Trk3
exit
vlan 20
name "VLAN20"
tagged 7,Trk3
exit
spanning-tree
spanning-tree protocol-version MSTP
A – 24 Rev. 8.41
Appendix A

password manager
password operator
Lab 5: Core
hostname "Core"
time timezone -300
interface A12
name "Edge_1"
exit
interface A23
name "Edge_2"
exit
ip routing
timesync sntp
sntp unicast
vlan 1
name "DEFAULT_VLAN"
ip address 10.1.1.1 255.255.255.0
exit
vlan 10
name "VLAN10"
ip address 10.1.10.1 255.255.255.0
exit
Rev. 8.41 A – 25
Lab 5: Core (cont.)

vlan 20
name "VLAN20"
ip address 10.1.20.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 30
name "VLAN30"
ip address 10.1.30.1 255.255.255.0
tagged Trk1-Trk2
exit
logging 10.1.1.10
ip route 10.100.1.0 255.255.255.0 10.1.1.5
ip route 0.0.0.0 255.255.255.0 10.1.1.5
spanning-tree
no autorun
password manager
password operator
Lab 5: Edge_1
<<No changes>>
Lab 5: Edge_2
<<No changes>>
Lab 5: Edge_3
<<No changes>>
A – 26 Rev. 8.41
Appendix A
Lab 5: Router
!
!
hostname "RouterGroup2"
enable password md5 encrypted
5f4dcc3b5aa765d61d8327deb882cf99
!
clock timezone +2-Helsinki
!
ip subnet-zero
ip classless
ip routing
!
event-history on
no logging forwarding
no logging email
logging email priority-level info
!
no service password-encryption
!
!
no ip firewall alg h323
!
!
!
!
!
no autosynch-mode
no safe-mode
!
!
!
!
!
!
!
Rev. 8.41 A – 27
Lab 5: Router (cont.)

!
interface eth 0/1
ip address 10.2.1.5 255.255.255.0
no shutdown
!
!
interface eth 0/2
no ip address
shutdown
!
!
!
!
interface t1 1/1
tdm-group 1 timeslots 1-24 speed 64
no shutdown
!
interface ppp 1
ip address 192.168.2.1 255.255.255.248
no shutdown
bind 1 t1 1/1 1 ppp 1
!
!
!
!
!
!
!
!
!
ip route 10.0.0.0 255.0.0.0 192.168.2.2
ip route 10.2.30.0 255.255.255.0 10.2.1.1
ip route 10.100.1.0 255.255.255.0 192.168.2.2
!
no ip tftp server
A – 28 Rev. 8.41
Appendix A

no ip http server
no ip http secure-server
no ip snmp agent
no ip ftp agent
!
!
!
!
!
!
!
ip sip
ip sip proxy
!
line con 0
login
password md5 encrypted
!
line telnet 0 4
login
no shutdown
line ssh 0 4
login local-userlist
no shutdown
!
!
end
Lab 6: Core
hostname "Core"
time timezone -300
Rev. 8.41 A – 29
Lab 6: Core (cont.)

interface A12
name "Edge_1"
exit
interface A23
name "Edge_2"
exit
ip routing
timesync sntp
sntp unicast
vlan 1
name "DEFAULT_VLAN"
ip address 10.1.1.1 255.255.255.0
exit
vlan 10
name "VLAN10"
ip address 10.1.10.1 255.255.255.0
exit
vlan 20
name "VLAN20"
ip address 10.1.20.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 30
name "VLAN30"
ip address 10.1.30.1 255.255.255.0
tagged Trk1-Trk2
exit
A – 30 Rev. 8.41
Appendix A
Lab 6: Core (cont.)

vlan 11
name "VLAN11"
ip address 10.1.11.1 255.255.255.0
tagged A2
exit
logging 10.1.1.10
router rip
exit
spanning-tree
vlan 1
ip rip 10.1.1.1
exit
vlan 11
ip rip 10.1.11.1
exit
no autorun
password manager
password operator
Lab 6: Edge_1
<<No changes>>
Lab 6: Edge_2
<<No changes>>
Lab 6: Edge_3
<<No changes>>
Rev. 8.41 A – 31
Lab 6: Router
!
!
hostname "Router"
enable password md5 encrypted
!
!
ip subnet-zero
ip classless
ip routing
!
event-history on
no logging forwarding
no logging email
logging email priority-level info
!
no service password-encryption
!
username "procurve" password "password"
!
!
no ip firewall alg h323
ip firewall alg sip udp 5060
!
!
!
!
!
no autosynch-mode
no safe-mode
!
!
!
!
!
A – 32 Rev. 8.41
Appendix A

!
!
!
interface eth 0/1
ip address 10.1.1.5 255.255.255.0
no shutdown
!
interface eth 0/2
no ip address
shutdown
!
!
!
interface t1 1/1
tdm-group 1 timeslots 1-24 speed 64
no shutdown
!
interface t1 1/2
line-length 0
shutdown
!
interface ppp 1
ip address 192.168.1.1 255.255.255.248
no shutdown
bind 1 t1 1/1 1 ppp 1
!
!
!
!
router rip
version 2
redistribute static
network 10.1.1.0 255.255.255.0
default-metric 2
!
Rev. 8.41 A – 33

!
!
!
!
!
!
ip route 0.0.0.0 0.0.0.0 192.168.1.2
!
no ip tftp server
ip http server
no ip http secure-server
ip snmp agent
no ip ftp agent
!
!
!
!
snmp-server community public RW
snmp-server host 10.1.1.10 traps version 1 public
!
!
!
ip sip
ip sip proxy
!
line con 0
login
line-timeout 0
!
line telnet 0 4
login
A – 34 Rev. 8.41
Appendix A

no shutdown
line ssh 0 4
login local-userlist
no shutdown
!
!
End
Lab 7: Core
hostname "Core"
time timezone -300
interface A3
speed-duplex 10-full
exit
interface A12
name "Edge_1"
exit
interface A23
name "Edge_2"
exit
ip routing
timesync sntp
sntp unicast
vlan 1
name "DEFAULT_VLAN"
ip address 10.1.1.1 255.255.255.0
exit
vlan 10
name "VLAN10"
Rev. 8.41 A – 35
Lab 7: Core (cont.)

ip address 10.1.10.1 255.255.255.0
exit
vlan 20
name "VLAN20"
ip address 10.1.20.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 30
name "VLAN30"
ip address 10.1.30.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 11
name "VLAN11"
ip address 10.1.11.1 255.255.255.0
tagged A2
exit
vlan 40
name "voice"
ip address 10.1.40.1 255.255.255.0
tagged A3
exit
logging 10.1.1.10
router rip
exit
spanning-tree
A – 36 Rev. 8.41
Appendix A
Lab 7: Core (cont.)

vlan 1
ip rip 10.1.1.1
exit
vlan 11
ip rip 10.1.11.1
exit
no autorun
password manager
password operator
Lab 7: Edge_1
hostname "Edge_1"
time timezone -300
interface 3
exit
interface 12
name "Edge_2"
exit
timesync sntp
sntp unicast
sntp 30
vlan 1
name "DEFAULT_VLAN"
ip address 10.1.1.2 255.255.255.0
Rev. 8.41 A – 37

no untagged 15,24
exit
vlan 10
name "VLAN10"
untagged 15
tagged 7,9,Trk1
no ip address
exit
vlan 30
name "VLAN30"
tagged 7,9,Trk1
no ip address
exit
vlan 20
name "VLAN20"
tagged 7,9,Trk1
no ip address
exit
vlan 40
name "voice"
untagged 24
qos priority 7
tagged 3
no ip address
exit
logging 10.1.1.10
spanning-tree
A – 38 Rev. 8.41
Appendix A

no autorun
password manager
password operator
Lab 7: Edge_2
<<No changes>>
Lab 7: Edge_3
<<No changes>>
Lab 8.1: Core
<<No changes>>
Lab 8.1: Edge_1
<<No changes>>
Lab 8.1: Edge_2
<<No changes>>
Lab 8.1: Edge_3
<<No changes>>
Lab 8.1: Router
<<No changes>>
Lab 8.1: Access Point 530
<<Configuration not included in this appendix>>
Lab 8.2: Core
hostname "Core"
time timezone -300
interface A3
exit
interface A12
name "Edge_1"
exit
interface A23
name "Edge_2"
Rev. 8.41 A – 39

exit
ip routing
timesync sntp
sntp unicast
vlan 1
name "DEFAULT_VLAN"
untagged A1-A3,A5-A10,A12,A15-A22,Trk1-Trk2
ip address 10.1.1.1 255.255.255.0
no untagged A4,A11
exit
vlan 10
name "VLAN10"
ip address 10.1.10.1 255.255.255.0
exit
vlan 20
name "VLAN20"
untagged A4
ip address 10.1.20.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 30
name "VLAN30"
ip address 10.1.30.1 255.255.255.0
tagged Trk1-Trk2
exit
A – 40 Rev. 8.41
Appendix A

vlan 11
name "VLAN11"
ip address 10.1.11.1 255.255.255.0
tagged A2
exit
vlan 40
name "voice"
ip address 10.1.40.1 255.255.255.0
tagged A3
exit
lldp auto-provision radio-ports auto-vlan 2101
vlan 2101
name "VLAN2101"
tagged A2
no ip address
exit
vlan 21
name "vlan21"
untagged A11
ip address 10.1.21.1 255.255.255.0
tagged A2
exit
logging 10.1.1.10
router rip
exit
spanning-tree
Rev. 8.41 A – 41

vlan 1
ip rip 10.1.1.1
exit
vlan 11
ip rip 10.1.11.1
exit
no autorun
password manager
password operator
Lab 8.2: Edge_1

<<No changes>>
Lab 8.2: Edge_2
<<No changes>>
Lab 8.2: Edge_3
<<No changes>>
Lab 8.2: Router
<<No changes>>
Lab 8.2: WESMzl_Group1
username manager password 1
7cf5ddcd54d4926deca3230083a01a31a8825e73
username manager privilege superuser
username operator password 1
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
username operator privilege monitor sysadmin
!
!
!
country-code us
snmp-server sysname Wireless Services
snmp-server manager v2
A – 42 Rev. 8.41
Appendix A
Lab 8.2: WESMzl_Group1 (cont.)

snmp-server manager v3
snmp-server user manager v3 encrypted auth md5
0x0e3f0ca5de97bb14edb6be0d7de4d282
snmp-server user operator v3 encrypted auth md5
0x49c451c7c6893ffcede0491bbd0a12c4
snmp-server user snmptrap v3 encrypted auth md5
0xe798bd6a7b8505ea71549c2586bd82f0
fallback enable
ip web-management
ip http secure-trustpoint default-trustpoint
ip secure-web-management
!
wireless
advanced-config enable
wlan 1 enable
wlan 1 ssid Group1
wlan 1 vlan 21
wlan 2 enable
wlan 2 ssid Group2
wlan 2 vlan 22
wlan 2 encryption-type tkip
no wlan 2 radius dynamic-vlan-assignment enable
wlan 2 dot11i phrase 0 group2wpa
wlan 12 enable
wlan 12 ssid Group22
wlan 12 vlan 22
wlan 12 encryption-type tkip
wlan 12 dot11i phrase 0 group22wpa
radio add 1 00-17-A4-9B-F3-3F 11bg
radio 1 description Group2 Radio
radio 1 bss 1 2
radio add 2 00-17-A4-9B-F3-3F 11a
radio add 3 00-17-A4-9B-F7-1E 11bg
radio 3 description Group22
radio 3 channel-power indoor random 8
radio default-11bg channel-power indoor random 8
Rev. 8.41 A – 43
Lab 8.2: WESMzl_Group1 (cont.)

!
radius-server local
!
interface vlan1
ip address 10.100.1.11/24
!
interface dnlink
!
interface uplink
!
ip route 0.0.0.0/0 10.100.1.1
!
!
aaa authentication login default local none
end
A – 44 Rev. 8.41
Answers to Lab Questions
Appendix B
Rev. 8.41 B–1

B–2 Rev. 8.41

Appendix B
Lab 1.1
Task 1
a. Which privilege level have you entered? Manager
b. Now which privilege level have you entered? Operator
Task 2
a. What has the prompt changed to? switch-name(config)
b. What has the prompt changed to? switch-name(vlan-1)
c. What has the prompt changed to? switch-name(<int-name>-<port-id>),
the interface context level for the specified port.
d. What did you receive as output? hostname and help
command? ho
Task 4
retained? No
Task 5
command would you have to enter before redefining the IP address? no
ip address <ip-address/mask>
Task 9
a. Were you allowed to establish a Telnet session? No
b. What was the response? Invalid password
c. What was the response? Access authorization level is set to ‘Operator’
only
Rev. 8.41 B–3

Lab 1.2
Task 1
copy flash flash secondary
Task 3
No, the password configuration is not deleted.
Task 4
a. What is the “workingConfig” operating as? It is the Active, Primary
and Secondary configuration.
b. What is the active configuration file? secondaryconfig
c. Which boot image are you running? secondary software image
Task 7
commands?
a. Command: show interface? port counters
b. Command: show interface brief? port status
c. Command: show interface config? port settings
Task 8
a. What is the default AdminStatus of the ports? transmit and receive lldp
packets
B–4 Rev. 8.41

Appendix B
Lab 2
Task 3

Port
21 10 T C1 10 T C1 20 30 T 49 30 T
#1
Port
22 20 30 T A1 1 U C2 30 T 1 1 U
#2
Note: The port identifiers indicated above may differ depending on your switch
model and configuration and your particular port selections.
Task 5
a. Should the port be tagged or untagged and why?
Untagged because the Windows computer does not support 802.1Q
packets.
b. Were you successful? No
c. If no, what additional configuration step must be completed?
Routing needs to be enabled on the Core switch.
Task 6
a. Were you successful?
The answer should be “No” unless you previously configured a default
gateway on the switches and Windows computers.
Gateway information needs to be configured on the systems.
Task 8
a. On which switch or switches should this task be done?
Only the Core switch.
Rev. 8.41 B–5

Lab 4.1
Task 3
a. Why was the connection lost? By looking at the running configuration,
it can be seen that the ports assigned to the trunk have been removed
from VLAN 10.
b. Why was this connection maintained? The Windows server computer is
in VLAN 1 and can ping the 10.x.10.1 IP address because its default
gateway is 10.x.1.1 – the IP address of the Core switch in VLAN 1.
Lab 4.2
Task 3
Root Bridge of the spanning tree? The Core switch since it has the
lowest bridge priority.
Task 5
a. Do all switches appear as neighbors? Yes
b. Why or why not? The spanning tree protocol ensures no loops exist, but
LLDP packets are allowed to be sent and received on ports in the
Blocked State.
Lab 4.3
Task 3
All VLANs defined on the switch.
b. Which switch is the Root of the CST? Core,.
configuration caused this switch to become the CST Root? Spanning-
tree priority 1
Task 6
a. Do all switches appear as neighbors? Yes
b. Why or why not? The spanning tree protocol ensures no loops exist, but
LLDP packets are allowed to be sent and received on ports in the
Blocked State.
B–6 Rev. 8.41

Appendix B
Lab 5
Task 2
a. Are you able to read your configured password? No, because MD5 was
specified in the password command to encrypt the password.
b. Are you asked to provide a password? No
c. What is needed in the configuration to prompt for a password for an out-
of-band management session? The configuration for console 0 needs to
be changed from “no login” to “login”.
Task 6
a. Are you allowed to access the privilege mode? Why? No, a password
has not been set for privilege mode access using the “enable” command.
Task 8
a. By default, what is the state of a newly created PPP interface? The PPP
interface is down, i.e., it is set to “no shutdown”.
Task 10
a. Were you successful? No
b. Were you successful this time? Yes
c. What do you think may be configured on the instructor’s router that tells
it where to respond to your ping request? The instructor’s router is
preconfigured with static routes that specify the path to use to reach the
networks of each student group.
d. Were you successful from the Windows computers? Why? No. The
default gateway for the Windows computers is the Core switch, but the
Core switch does not have a routing table entry that specifies how to
reach the instructor’s network.
e. Why was the ping from the Windows client computer unsuccessful?
The windows client has a DHCP-assigned IP address corresponding to
one of the user VLANs, e.g., 10.x.30.50, and has a default gateway
identifying the user VLAN IP address on the Core switch, 10.x.30.1. So
the ping request is actually routed to the instructor’s inside network and
back to Edge_4, but there is no routing table entry on Edge_4 to return
the ping response to the network of your user VLAN.
f. Where do you need to add a route so that you can ping a device in the
Hint: Examine the routing tables of Core and Edge_4.
A route for the network of each user VLAN would need to be added to
Edge_4.
Rev. 8.41 B–7

Lab 5 (continued)
Task 11
opposed to adding individual routes? A summarized route could
include subnets that are actually reachable through some other router
and therefore packets could be forwarded through the wrong gateway.
b. What does the command above do? This route specifies that the Core
switch will send all packets to Edge_4 for which the destination IP
address does not match any of its local networks.
B–8 Rev. 8.41

Appendix B
Lab 6
Task 4
a. What command would you use to change the RIP version used on Core?
vlan 1 ip rip v2-only
Task 9
0.0.0.0/0 10.1.1x.2 1x 2
10.x.1.0/24 10.1.1x.2 1x 3
10.x.10.0/24 10.1.1x.2 1x 3
10.x.1x.0/24 10.1.1x.2 1x 2
10.x.20.0/24 10.1.1x.2 1x 3
10.x.30.0/24 10.1.1x.2 1x 3
10.1.100.0/24 10.1.1x.2 1x 2
10.1.101.0/24 10.1.1x.2 1x 2
Table 1: Routing Table Differences on Core with Instructor Links Connected
10.x.1.0/24 10.1.1.1 3
10.x.10.0/24 10.1.1.1 3
10.x.1x.0/24 10.1.1.1 2
10.x.20.0/24 10.1.1.1 3
10.x.30.0/24 10.1.1.1 3
10.1.100.0/24 10.1.1.1 2
10.1.101.0/24 10.1.1.1 2
Table 2: Routing Table Differences on Router with Instructor Links Connected
Rev. 8.41 B–9

Lab 6 (continued)
Task 10
a. When the link is disconnected, what happens?
On Core and Router, the routes to the other students’ networks are
removed from the respective routing tables. In addition, on Core the
default route via the preferred LAN link is also removed. After the
settling period, the default route via the WAN link is reinserted into the
routing table on Core.
b. Then, when you reconnect, what happens?
On Core and Router, the routes to the other students’ networks are
reinserted into the respective routing tables. In addition, on Core the
default route is modified so that it uses the preferred LAN link once
again.
B – 10 Rev. 8.41
Appendix B
Lab 8.1
Task 2
a. What information is displayed? An explanation of the partial and full
help syntax.
b. What commands are displayed? bootfile, configure, copy, delete, dir,
exit, help, ping, reset and show.
c. What are your options? board, to operationally reset the access point,
and configuration, to reset access point’s configuration to the factory
default settings.
d. What files are stored in the flash memory? Two software image files
(hp530-xxxx.bin, the current running version of software, and dflt-
img.bin, a default version that cannot be deleted), and two configuration
files (syscfg, the current running configuration, and syscfg.bak, a
backup copy.
e. Which command is used to boot using a different software image?
bootfile
f. Which command identifies the software version?
show version
g. Which command displays system up time and IP settings?
show system
h. Which command is used to access the global configuration mode?
configure
i. What differences are there when you are in the global configuration
mode? You can execute basic configuration commands, such as prompt
and system name, and you can access other context levels such as the
management, Ethernet and wireless g interface levels.
j. What is the difference between the end and exit commands? “exit” will
return you to the Exec privilege mode, regardless of the current
configuration context level and “end” will return you to the prior
configuration context level.
Task 4
show interface Ethernet
Task 5
a. On the home page, what color is the status indicator and what is
indicated about the radio status? Status indicator is red and the radio is
disabled.
Rev. 8.41 B – 11
Lab 8.1 (continued)
Task 6
a. How many stations are currently connected? There should be only one
unless a student from another group has connected to your access point.
easily determined who the other clients are? No, the MAC addresses
listed would need to be used for comparison to the output from a
command like ipconfig /all on a client.
B – 12 Rev. 8.41
Step-by-Step Lab Guide
Appendix C
Rev. 8.41
Rev. 8.41
Module 1 Lab 1
Objectives
Use the CLI to develop familiarity with the syntax of switch commands and
the different context levels.
Assign switch identities and passwords for the different privilege levels.
Assign an IP address to the switches to enable remote management.
Use the menu interface to configure switch features.
Explore the switch Setup screen and web management interface.
Note
Please note that the network topologies and approaches presented in this Lab
Activity Guide are developed to expedite learning of specific products and
solutions. Consequently, some of the approaches used here would not be
suitable for a production network and should not be considered best practices.
Students should not assume that all material presented here is appropriate for
implementation in their work environments. For instance, the instructions
suggest insecure passwords in many cases, as they are easier to remember and
use than more complex passwords. Similarly, this topology uses VLAN 1, the
Default VLAN, for device management, which may not be suitable for all
environments.
Rev. 8.41 L1.1 – 1

Overview
ProCurve University is in the process of upgrading their enterprise network and
has acquired several ProCurve switches that will be deployed in the main
administration building. Initially, the switches will support a small LAN
environment consisting of three LAN segments. To begin the deployment, you
will first need to develop familiarity with the command line, menu and web
interfaces supported by the switches for management and configuration tasks.
Initially, you will access the switch using the command line interface (CLI)
through a serial port (out-of-band) connection from a Windows computer.
Since these are new ProCurve switches they come with a minimal, factory default
configuration. As part of the process of developing familiarity with the switch
CLI, you perform a number of initial configuration tasks that are commonly done
by network engineers. One of the first configuration tasks to be done involves
implementing basic security for the switches. This will include assigning a
password to each of the privilege levels, operator and manager, and limiting in-
band management access from a particular IP address.
Another initial configuration task involves assigning an IP address to the switch’s
default VLAN, VLAN 1, which will serve as the management VLAN. After the
IP address has been assigned, you will be able access the switch over an in-band
connection using a Telnet client program on the Windows computer.
Note
Be sure to read the following instructions and background information before
starting the lab exercise.
L1.1 – 2 Rev. 8.41

Getting started
Equipment set
In this lab, you will work on your own or in a team of two students to configure
and physically connect the switches and workstations.
Your lab equipment includes two Windows computers, four ProCurve switches,
one ProCurve Access Point 530 and one ProCurve Secure WAN router. Initially,
the two Windows computers will be used for out-of-band (serial port connection)
access to two of the switches for the purpose of performing initial configuration
tasks. These tasks include assigning passwords to the operator and manager
privilege levels and an IP address to the management VLAN.
Later during this lab, the Windows computers will be used for in-band (Telnet)
access to the switches. For in-band management, the Windows computers should
have the Tera Term Pro or Microsoft HyperTerminal terminal emulator program
installed.
Terminal emulator setup

To connect a console to the switch, configure the terminal emulator as a VT-100
terminal with the following settings:
Parameter Setting
Baud rate 9600
Data bits 8
Parity none
Stop bits 1
Flow control none
Note
For Microsoft HyperTerminal, ensure the “Function, arrow, and ctrl keys act
as Windows keys” parameter is disabled.
Windows logon accounts

Unless otherwise specified by the instructor, the logon accounts for the Windows
computers are the following:
Computer User Name Password
Windows Server administrator procurve
Windows XP Client procurve <none>
Rev. 8.41 L1.1 – 3

Addressing scheme
The classroom contains six groups of equipment, similar to that shown in the
diagram in the next section. Your instructor will assign a number to your student
group that will be used for substitution in various references to IP address and
hostnames in the lab exercises. For example, for the IP address 10.x.1.0/24, the
“x” in the second octet is used to represent your group number. If you are
assigned to group 1, then this IP address would be 10.1.1.0/24.
In addition, the third octet in each IP address is used to identify the VLAN to
which a device belongs. For example, the third octet in the IP address 10.1.1.0/24
implies it is associated with VLAN 1.
Network diagram
L1.1 – 4 Rev. 8.41

Task 1. Explore the different CLI privilege levels

1. Connect the console cables to the Windows computers and ProCurve
switches as follows:
Windows Server Switch labeled Edge_1
Windows XP Client Switch labeled Edge_2
Note
switches labeled Edge_1 or Edge_2 and perform the activities of this
task independently.
2. On your desktop, double-click the Tera Term Pro icon or equivalent to run
the terminal emulation program. Press <Enter> several times to display the
prompt from the switch. It should appear similar to the following.
ProCurve Switch <switch-model>#

a. Which privilege level have you entered? _______________________
3. Type “exit” to leave this privilege level.
ProCurve Switch 5406zl# exit
ProCurve Switch 5406zl>
b. Now which privilege level have you entered? ___________________
4. Using the “?” key, list the commands available at this level.
ProCurve Switch 5406zl> ?
5. Return to the manager privilege level and view the commands available at
that level.
Note
If the output listing exceeds the screen size you will see the following
instructions.
-- MORE --, next page: Space, next line: Enter, quit:
Control-C
You can also type the letter “q” to return to the prompt.
ProCurve Switch 5406zl> enable

ProCurve Switch 5406zl# ?
Rev. 8.41 L1.1 – 5

Task 2. Explore the CLI command syntax

1. Type “configure” to access the global configuration level. Then check the
available commands at this level.
ProCurve Switch 5406zl# configure
ProCurve Switch 5406zl(config)# ?
a. What has the prompt changed to? _____________________________
2. Type “vlan 1” to enter the VLAN 1 context level. View the available
commands at this level.
ProCurve Switch 5406zl(config)# vlan 1
ProCurve Switch 5406zl(vlan-1)# ?
b. What has the prompt changed to? _____________________________
3. To enter an interface context level, type “int <port-id>”. Substitute a port
identifier of one of your switch’s modules for <port-id>.
ProCurve Switch 5406zl(vlan-1)# interface A1
c. What has the prompt changed to? _____________________________
4. View the available commands at the interface context level.
ProCurve Switch 5406zl(eth-A1)# ?
5. Return to the global configuration context level. Then type the letter “p”
followed by a “?”to list available commands that start with that letter.
ProCurve Switch 5406zl(eth-A1)# exit
ProCurve Switch 5406zl(config)# P?
6. Find the commands that start with “h” using a“?”.
ProCurve Switch 5406zl(config)# H?
7. Type “h” and then use the tab key for completion.
ProCurve Switch 5406zl(config)# H<tab>
d. What did you receive as output? ______________________________
command? ___________
ProCurve Switch 5406zl(config)# ho<tab>
8. Use tab completion to display the complete command associated with “show
system” and then press Enter. The show system command displays general
information about the switch.
ProCurve Switch 5406zl(config)# sh<tab> sy<tab>
9. You can also use the up arrow key to recall previous commands. Recall the
“show system” command.
ProCurve Switch 5406zl(config)# <up arrow>
L1.1 – 6 Rev. 8.41

10. Some commands have multiple choices that are needed to complete the
command. To view these choices you would type the top level command and
the “?” key with a space between to list the choices. For example, typing
“password ?” will list the available choices for that command.
ProCurve Switch 5406zl(config)# password ?
11. ProCurve switches also support command shortcuts by entering just enough
characters needed to make the command unique. Below is a table of some
commands with their meanings to practice with.
Shortcut Full Command Explanation
wr t write terminal Display the running configuration of

the switch on the terminal
sh ru show running-config Show the switch running
configuration
sh conf show config Show the switch startup configuration
sh cons show console Show serial link/console settings
sh sy show System Show globally configured and
operational system parameters
Note
You will receive an “Ambiguous input error” message if you do not
enter enough characters to make the command unique from others that
have the same initial sequence of characters.
12. Type “show history” to view a numbered list of previously executed

commands.
ProCurve Switch 5406zl(config)# show history
13. Type “repeat” with the “?” key to list the available choices. The “repeat”
command will allow you to execute a command of choice by using the listed
number along with an optional count value. This is useful to view and reuse
commands that are character intensive.
ProCurve Switch 5406zl(config)# repeat ?
14. Use the “repeat” command with the count value to exit to the operator level.
Note that you may log yourself out by using too large of a count value. If
this happens, simply reestablish an out-of-band management session with the
switch.
ProCurve Switch 5406zl(config)# repeat count 2 <CMDLIST>
Rev. 8.41 L1.1 – 7

Task 3: Define host names for the switches

1. Continuing with your out-of-band management session, access the global
configuration level.
ProCurve Switch 5406zl> enable
ProCurve Switch 5406zl# configure
2. Configure the host names for the switches according to the following table.
Host Name Switch
If you are connected to Edge_1, specify:

ProCurve Switch 5406zl(config)# hostname Edge_1
Edge_1(config)#
If you are connected to Edge_2, specify:
ProCurve Switch 5406zl(config)# hostname Edge_2
3. Edge_2(config)# Display the running configuration and the startup
configuration and note any differences that you can see.
Edge_1(config)# show running-config
Repeat this command on Edge_2
4. Type “show running-config status” and then “show config status” and note
the status information displayed.
Edge_1(config)# show running-config status
Edge_1(config)# show config status
5. Type “write memory” to save the running-configuration into the startup-
configuration.
Edge_1(config)# write memory
6. Once again, view the status of either the running or the startup configuration.
Edge_1(config)# show running-config status
Edge_1(config)# show config status
L1.1 – 8 Rev. 8.41

Task 4. Define usernames and passwords for the privilege levels

1. From the global configuration level, use the “password ?”command to
determine how to configure both a username and password for each of the
Operator and Manager privilege levels. Specify the usernames and
Note
If you do NOT explicitly define a username for the Operator or Manager
privilege level, then the switch does not prompt you for a username
when accessing the respective privilege level. As you have seen, up to
this point the switch also has NOT prompted you for a password since
the factory default configuration is a null password.
Edge_1(config)# password manager user-name manager

New password for manager: ********
Please retype new password for manager: ********
Edge_1(config)# password operator user-name operator
New password for operator: ********
Please retype new password for operator: ********
Edge_1(config)# write mem
Repeat these steps on Edge_2

2. Log out from the switch.
Edge_1(config)# logout
Do you want to log out [y/n]? y
Hit <return> several times
Press any key to continue
Username: manager
Password: <Type password you configure>
Edge_1#

3. Return to the manager level and view the running configuration.
retained? __________________
Edge_1(config)# show running-config
Rev. 8.41 L1.1 – 9

Task 5. Define an IP address and mask for in-band management

By default, all switch ports are assigned to VLAN 1. It is for this VLAN that you
define the IP address of the switch in this task. In your lab environment, VLAN 1
will serve as the management VLAN—a VLAN that can be used to reach and
manage all switches in your group.
Note
Although it is not necessary to define a default gateway for the switches
and Windows computers for traffic to flow correctly in this particular
lab, a default gateway will be required in later labs. More background
on VLANs and default gateways will be provided in later modules.
1. On the Edge_1 and Edge_2 switches you are managing, enter the VLAN 1
context level.
Edge_1# configure
Edge_1(config)# vlan 1
2. Assign the IP addresses from the following table. Also, verify and/or
reconfigure the Windows computers to match the IP addresses listed in the
table below.
Device IP Address
Edge_1 10.x.1.2/24
Edge_2 10.x.1.3/24
Windows Server 10.x.1.10/24
Windows XP Client 10.x.1.20/24
Note
Edge_1(vlan-1)# ip address 10.x.1.2/24

L1.1 – 10 Rev. 8.41

3. After the IP addresses are assigned, verify your switch’s running

configuration corresponds to the table above. When verified, save your
switch configurations.
command would you have to enter before redefining the IP address?
_________________________
Edge_1(vlan-1)# show running-config
Edge_1(vlan-1)# write mem
4. Connect the switches and workstations together using the Ethernet cables
provided.
Edge_1 port 12 Edge_2 port 12
Windows Server Edge_1 port 1
Windows XP Client Edge_2 port 1
Note
The port identifiers specified in the table are examples. Substitute a port
using.

computers.
Edge_1(vlan-1)# ping 10.x.1.2
Edge_1(vlan-1)# show 10.x.1.20
6. Close your out-of-band management session by logging out.
Edge_1(config)# logout
Do you want to log out [y/n]? y
Rev. 8.41 L1.1 – 11

Task 6. Establish an in-band management session

1. Using a Command Prompt, Telnet to the IP address of the switch you are
managing and log in using the manager username.
To connect to Edge_1 from the Windows Server computer:
C:> telnet 10.x.1.2
Username: manager
Password: <type password>
To connect to Edge_2 from the Windows XP computer:
C:> telnet 10.x.1.3
Username: manager
2. View the management sessions by using “show telnet”.
Edge_1# show telnet
Repeat the command above on Edge_2
3. Not only can the switch operate as a Telnet server, but it can also operate as a
Telnet client as well. From the switch CLI, Telnet to your partner’s switch
and log in using the operator username. Then view the Telnet connections.
To connect to Edge_2 as operator from Edge_1:
Edge_1# telnet 10.x.1.3
Username: operator
Edge_2> show telnet
To connect to Edge_1 as operator from Edge_2:
Edge_2# telnet 10.x.1.2
Username: operator
Edge_1> show telnet
4. The switch supports up to four concurrent management sessions. You can use
“show telnet” to list the currently active management sessions and “kill” to
terminate a currently active console or remote session.
If you are using the switch’s serial port for a console session and want to
terminate some other currently active Telnet session, you could do either of
the following to explore the use of the “kill” command:
• Terminate your partner’s active session to the switch you are managing.
or
• Open multiple command prompt windows and Telnet to your local
switch until you consume all four management sessions. Then you can
proceed to kill those active sessions and view the sessions disconnecting
in the command prompt windows.
Edge_1# show telnet
Edge_1# kill <number of partner’s operator session>
L1.1 – 12 Rev. 8.41
Task 7. Explore the Switch Setup screen

The quickest and easiest way to minimally configure the switch for management
and password protection in your network is to access the Switch Setup screen using
a console connection to the switch. The setup screen can be accessed directly from
the switch CLI and also through the switch menu interface.
1. From the CLI Manager privilege level, type “setup”.
Edge_1# menu
Edge_2# menu
Notice that from the Switch Setup screen you can configure:
• System Name (hostname), contact name, and SNMP community name
• Manager password
• Logon Default (CLI or menu)
• Time settings including the time synchronization method (TIMEP or
SNTP), TIMEP or SNTP mode, and the time zone
• IP address configuration method (manual or DHCP) and default
gateway
• Spanning tree protocol (enabled or disabled)
Note
At the bottom of some Switch Setup screens are navigation or edit
instructions, depending on whether you are navigating through the menu
items or within a configuration screen.
2. Move the cursor to the “Logon Default” field and press the space bar to
toggle through the choices.
3. Move the cursor to the “Time Sync Method” field and press the space bar to
toggle through the choices. Select ‘SNTP’.
4. Move the cursor to the “SNTP Mode” field. Notice this field name changed
based on the ‘Time Sync Method’ field value.
5. Press the space bar to toggle through the choices.
6. Press <Enter> to position the cursor in the Actions field. Select “Cancel” so
that any changes you may have made are not saved. Press <Enter> to exit the
Switch Setup screen and return to the CLI.
For more on using the Switch Setup screen, see the Installation and Getting
Started Guide for the associated switch.
Rev. 8.41 L1.1 – 13

Task 8. Use the Menu interface to configure IP authorized

managers
In this task, you explore the switch menu interface and use it to configure
authorized IP managers. While complete switch management can be accomplished
using the CLI, the switch also supports a slightly reduced feature set through an
intuitive menu interface.
1. Establish a management session with your switch and then type “menu”.
You may be asked to save your configuration. If so, answer “y” at the
prompt.
Edge_1# menu
Edge_2# menu
The menu interface, like the Switch Setup screen, also has navigation or edit
instructions at the bottom of some screens depending on whether you are
navigating through the menu items or within a configuration screen.
Note
A good time saver when navigating through the menu interface is to try
and remember the numbering scheme to move through the menus to
arrive at your destination menu item more quickly.
For instance from the main menu, the number sequence “2 → 7 →3”
will take you to the VLAN Port Assignment screen and the number
sequence “2 → 6” will take you the IP Authorized Managers screen.
2. Select the “Switch Configuration” menu item and explore the menu listing
displayed which provides access to a variety of helpful switch information.
Menu interface: Type 2 to select “2. Switch Configuration”.
3. Navigate to the IP Authorized Managers screen. Add the IP address of your
Windows computer and select “Manager” for the Access Level. Then save
the configuration.
Note
To add a single station, the mask must be specified as 255.255.255.255.
Menu interface: Type 6 to select “6. IP Authorized Managers”.

Menu interface: Select the Add “Action”.
Menu interface: Type 10.x.1.10, if you are using the Windows Server computer, or 10.x.1.20,
if you are using the Windows Server computer, in the “Authorized Manager IP” field.
Menu interface: Press <Enter> and Select the Save “Action”.
Menu interface: Select the Back “Action”.
Menu interface: Type 0 to select “0. Return to Main Menu…”.
Menu interface: Type 5 to select “5. Command Line (CLI)” and return to the switch CLI
interface.
L1.1 – 14 Rev. 8.41

The Authorized IP Managers feature uses IP addresses and masks to

determine which computers can access the switch through the network. This
covers access using the following methods:
• Telnet and other terminal emulation applications
• Web interface of the switch
• SNMP (with a correct community name)
You can configure up to 10 authorized manager IP addresses, where each
address applies to either a single management station or a group of stations,
depending on the mask you specify. You can also configure Manager or
Operator access privileges for Telnet, SNMPv1, and SNMPv2 access.
Rev. 8.41 L1.1 – 15

Task 9. Verify the IP authorized managers configuration

1. Open a Command Prompt on your Windows computer and telnet to the
switch you are managing to establish a second in-band management session.
Log in to the manager level.
Note
During the remaining steps of this task, you will need to coordinate with
your partner so that you synchronize the activities performed.
To connect to Edge_1 from the Windows Server computer:

C:> telnet 10.x.1.2
Username: manager
Password: <Type password>
To connect to Edge_2 from the Windows XP computer:

C:> telnet 10.x.1.3
Username: manager
2. Open a second Command Prompt and telnet to your partner’s switch.

To connect to Edge_1 from the Windows XP computer managing Edge_2:
C:> telnet 10.x.1.2
Connecting to 10.x.1.2...Could not open connection to the
host, on port 23: Connect failed
To connect to Edge_2 from the Windows Server computer managing

Edge_1:
C:> telnet 10.x.1.3
Connecting to 10.x.1.3...Could not open connection to the
host, on port 23: Connect failed
a. Were you allowed to establish a Telnet session? __________________
3. Return to the IP Authorized Manager’s menu screen and add the IP address
of your partner’s Windows computer and select “Operator” for the Access
Level. Then save the configuration.
Edge_1# menu
Menu interface: Type 2 to select “2. Switch Configuration”.
Menu interface: Type 6 to select “6. IP Authorized Managers”.
Menu interface: Select the Add “Action”.
Menu interface: Type 10.x.1.10, if you are using the Windows Server computer, or 10.x.1.20,
if you are using the Windows Server computer, in the “Authorized Manager IP” field.
Menu interface: Press <Enter> and Select the Save “Action”.
Menu interface: Select the Back “Action”.
interface.
L1.1 – 16 Rev. 8.41
4. Open a Command Prompt and once again try to telnet to your partner’s
switch and attempt to log in using the manager level username and password.
To connect to Edge_1 from the Windows XP computer managing Edge_2:
C:> telnet 10.x.1.2
Username: manager
Invalid password
Username:

Edge_1:
C:> telnet 10.x.1.3
Username: manager
Invalid password
Username:
b. What was the response? __________________
5. Log in using the Operator level username and password. Then try to access
the Manager level.
C:> telnet 10.x.1.2
Username: operator
Edge_1> enable
Access authorization level is set to ‘Operator’ only

Edge_1:
C:> telnet 10.x.1.3
Username: operator
Edge_2> enable
Access authorization level is set to ‘Operator’ only
c. What was the response? __________________
6. From the switch menu interface, return to the CLI.
Menu interface: On the “Switch Configuration – IP Managers” screen, select the Back
“Action” and press <Enter>.
interface.
7. At the CLI from where you have manager access, view the IP Authorized
Managers.
Edge_1(config)# show ip authorized-managers
Edge_2(config)# show ip authorized-managers
8. Remove each of the IP authorized manager entries using the following
command.
Edge_1(config)# no ip authorized-managers 10.x.1.10
Edge_2(config)# no ip authorized-managers 10.x.1.20
Rev. 8.41 L1.1 – 17
If the IP authorized manager entries were to remain, the configuration would

adversely affect subsequent lab exercises. In addition, since the Windows XP
computer will be changing subnets, the IP authorized managers settings
would prevent it from managing the switches using in-band management.
9. Save your configuration changes on Edge_1 and Edge_2.
L1.1 – 18 Rev. 8.41

Task 10. Explore the Web interface

1. Open a browser session on your Windows computer. Enter the IP address of
your switch as the URL.
To connect to Edge_1:
http://10.x.1.2
http://10.x.1.3
If you are prompted for authentication credentials, enter the manager

username and password. Depending on the Java console that you are using
you may be asked to enter the manager password again.
2. The initial display shows the Status window. The Overview tab on this
window shows a row of ports near the middle of the screen. Click anywhere
on the “Port Counters” area and use the <Right arrow> to see the status of
any ports that are not visible. Move the mouse pointer over any active port to
see its utilization.
3. Select the “Identity” tab to see the IP address and system information.
4. To see a graphical depiction of the front panel of the switch, select the
“Configuration” tab. Explore some of the other options available from this
tab. However, do not change the IP address or your web management session
may be terminated.
5. The Diagnostics tab allows you to perform ping of link tests from the web
interface. You can also reset the switch and view the running configuration
from this tab.
Rev. 8.41 L1.1 – 19

L1.1 – 20 Rev. 8.41

Command Reference
needed.
Command Description
show history Displays a list of previous commands
show running-config Displays current in-memory configuration file
show running-config status Displays status of in-memory configuration file
Displays current status of running and startup

show config status
configuration files
show telnet Displays currently active management sessions
enable Accesses manager privilege level
logout Logs off current user from switch
? Displays commands available in current context
Displays commands beginning with specified

<character-string>?
string consisting of 1 or more characters
Displays a completed command if partial

<character-string><Tab>
character string is unique
<Up Arrow> Recalls a previous command
Displays command options for password

password ?
command
repeat ? Displays command options for repeat command

to a VLAN
telnet <ip-address> Invokes Telnet session with specified IP address
kill <session-number> Terminates specified Telnet session
setup Displays the Switch Setup screen
menu Displays the Switch Menu screen
no ip authorized-managers <ip-address> Deletes authorized manager IP address entry
Rev. 8.41 L1.1 – 21

L1.1 – 22 Rev. 8.41

Software and File Management
Module 1 Lab 2
Objectives
View the current and stored software revisions on a switch and upgrade
switch software.
Manage switch configuration files and use the multiple configurations
feature.
Enable SNTP services.
View event logs and implement a Syslog service.
View interfaces and define friendly port names.
View LLDP information.
Overview
As the network manager for ProCurve University, you realize it is important to
understand how to manage the switch system software and configuration files.
ProCurve University, like many IT organizations, has standard procedures that
must be followed for maintaining systems in the network. These procedures
include backing up configuration files on a scheduled basis, evaluating and
updating system images as a vendor releases them, and implementing syslog
facilities. Therefore, you will need to develop familiarity with the management of
configuration and system software files on the ProCurve switches.
In addition, you plan on continuing with several other initial configuration tasks.
These include configuring the switch to use a time server and syslog server and
modifying the port names to use a more user friendly scheme.
Rev. 8.41 L1.2 – 1

Network diagram
L1.2 – 2 Rev. 8.41

Task 1. Upgrade the switch software

ProCurve periodically provides switch software updates through the ProCurve
website. In this task you will upgrade the switch software.
1. Establish an in-band session to the switch you are managing using Telnet or
an out-of-band session using the console port. Determine the software
version your switch is using by performing “show version”.
Edge_1# show version
Repeat the command above on Edge_2.

Write the version here: __________________
2. On your desktop, double-click the shortcut for the TFTP application installed
on your Windows computer. It should be called “TFTPd32” or a similar
name.
Note
While there are other TFTP programs available, TFTPd32 is used in
these lab exercises. This is a free TFTP program and can be
downloaded from the website at http://tftpd32.jounin.net.
3. Browse to the directory where the switch software is stored to establish that
directory as the TFTP root directory.
Note
Your instructor will provide a copy of the latest firmware for the
switches and their location on the Windows computers.
Rev. 8.41 L1.2 – 3

4. Using the CLI “copy” command, transfer the latest software image from the
TFTP server to the switch’s secondary flash location.
Edge_1# copy tftp flash 10.x.1.10 <remote file> secondary
Edge_2# copy tftp flash 10.x.1.20 <remote file> secondary
copy tftp flash <ip-address> <remote-file> secondary

5. After the prompt reappears, use “show flash” to list the software image
versions stored on flash.
Edge_1# show flash
Repeat the command above on Edge_2Write the two versions below:

Primary: _____________________
Secondary: _____________________
Note
With the Primary/Secondary flash option you can test a new image in
your system without having to replace a previously existing image. You
can also use the image options for troubleshooting. For example, you
can copy a problem image into Secondary flash for later analysis and
place another, proven image in Primary flash to run your system. The
switch can use only one image at a time.
6. Use the “boot system flash secondary” command to reboot the switch with
the new software.
Edge_1# boot system flash secondary
Device will be rebooted, do you want to continue [y/n]? y

7. Use “show version” to verify the secondary software image is the one the
switch was booted with.
8. Use the “copy” command to copy the secondary flash contents to the primary
flash location. This is a local operation—you do not use the TFTP service to
do this.
__________________________________________________________
Edge_1# copy flash flash primary

9. After the prompt reappears, verify that the primary location has been updated.
Edge_1# show flash

L1.2 – 4 Rev. 8.41
Task 2. Create a back-up of the switch configuration file

In this task you will be saving your switch configurations to the TFTP server on
your Windows computer.
1. In the TFTP application window, browse to the following directory to
establish that directory as the TFTP root directory.
c:\kits\classconfigs
Create the directory using Windows Explorer if it does not exist.

2. Start an out-of-band management session with the switch you are managing
using the manager level username and password.
Alternatively, you can do the following activities using Telnet, but since you
will be erasing the configuration in a later step, you will eventually have to
go back to using the console port.
3. From the switch CLI, use the “copy” command to transfer the file named
startup-config to your Windows computer and specify a filename based on
the table below.
Switch Filename
copy startup-config tftp <tftp-ip-address> <file-name>

Edge_1# copy startup-config tftp 10.x.1.10 lab1.1_edge_1
Edge_2# copy startup-config tftp 10.x.1.20 lab1.1_edge_2
You can view the progress of the transfer on the TFTP application window.
4. After the CLI prompt reappears, verify that the configuration was copied to
your Windows computer by using Windows Explorer.
Rev. 8.41 L1.2 – 5

Task 3. Boot the switch with a factory default configuration file

In this task you will erase the switch’s startup configuration file and reboot the
switch to determine the effect it has on your password configuration.
1. Erase the startup configuration file. This will cause the switch to reboot.
Edge_1# erase startup-config
Configuration will be deleted and device rebooted, continue
[y/n]? y
Repeat the commands above on Edge_2.

2. After the switch reboots, establish an out-of-band management session and
view the configuration.
Username: manager
HP ProCurve Switch 5304xl# show running-config

_____________
3. Reassign the IP address to VLAN 1 so that you can access your TFTP server
on your Windows computer.
On Edge_1, type:
HP ProCurve Switch 5304xl# configure
HP ProCurve Switch 5304xl(config)# vlan 1 ip address
10.x.1.2/24
On Edge_2, type:
HP ProCurve Switch 5304xl# configure
HP ProCurve Switch 5304xl(config)# vlan 1 ip address
10.x.1.3/24
4. Copy the lab1.1 instance of your switch’s configuration file from the TFTP
server on your Windows computer to your switch.
On Edge_1, type:
HP ProCurve Switch 5304xl# copy tftp startup-config 10.x.1.10
lab1.1_edge_1
Device may be rebooted, do you want to continue [y/n]? y
On Edge_2, type:
HP ProCurve Switch 5304xl# copy tftp startup-config 10.x.1.20
lab1.1_edge_2
Device may be rebooted, do you want to continue [y/n]? y
L1.2 – 6 Rev. 8.41

5. After the switch reboots, view the configuration and verify that the
previously configured hostname has been restored.
Verify the hostname has been restored by establishing a console session and
examining the CLI prompt.
Username: manager
Edge_1#
Username: manager
Edge_2#
Rev. 8.41 L1.2 – 7

Task 4. Implement the multiple configuration files feature

1. Use “show config files” to view the three memory slot identifiers associated
with configuration files. You should see a listing similar to the following,
although your listing may be different depending on whether or not the flash
had been reset prior to this class.
Edge_1# show config files

---+-------------+------------------------------------------------
1 | * * * | config1
2 | |
3 | |
Note
If you see additional configuration files other than “oldConfig” or
“workingConfig” they may be from the previous class and will need to
be deleted so that a slot can be freed up.
You can delete a configuration file using the command below.
erase config <filename>
a. What is the “workingConfig” operating as?

__________________________________________________________
Note
At the first reboot with a software release supporting multiple
configurations, the switch does the following:
Assigns the filename oldConfig to the existing startup-config file
which is stored in memory slot 1.
Saves a copy of the existing startup-config file in memory slot 2
with the filename workingConfig.
Assigns the workingConfig file as the active and default
configuration for all subsequent reboots using either the primary
or secondary flash.
2. Go to the directory where you saved your startup-config and open it using a
text editor such as Notepad or WordPad. Add the text “Secondary” to the
hostname and then save the file as “secondaryconfig” in the same directory.
L1.2 – 8 Rev. 8.41

Note
When copying switch configuration files the filename must be exact.
This includes extensions if the file has one. Since you will have saved
this file using a new name, Notepad or WordPad will append the “.txt”
extension to the filename. Therefore, you will need to either rename the
file and remove the .txt extension or remember to specify the extension
when copying the file.
3. Copy the configuration file named “secondaryconfig” to the flash keeping

the destination filename the same as the source filename using the following
command syntax.
copy tftp config <dst-filename> <tftp-ip-address>
<src-filename>
On Edge_1, type:
Edge_1# copy tftp config secondaryconfig 10.x.1.10
secondaryconfig
On Edge_2, type:
Edge_2# copy tftp config secondaryconfig 10.x.1.20
secondaryconfig
4. List and then view the configuration files located on the flash.
Edge_1# show config workingConfig
Edge_1# show config secondaryconfig

5. Use the “startup-default” command to associate the secondary flash image
with the “secondaryconfig” configuration file.
Edge_1# startup-default secondary config secondaryconfig
Note
This will assign the configuration file “secondaryconfig” to boot with
the secondary software image.
6. Use “show config files” to verify the secondary configuration file is

associated with the secondary software image.

---+-------------+------------------------------------------------
1 | * | secondaryconfig
2 | * * | workingConfig
3 | |
Rev. 8.41 L1.2 – 9


7. Use the following command to reboot the switch so that the secondary
software image is loaded.
Edge_1# boot system flash secondary

8. After the switch boots, view the configuration file and the version of the
software image that the switch is currently running.
Edge_2_secondary# show flash

b. What is the active configuration file? __________________________
c. Which boot image are you running? ___________________________
9. Reconfigure the switch to use your original (unedited) configuration file as
the active, primary and secondary configuration. Then save your
configuration.
Edge_1_secondary# startup-default primary config workingConfig
Edge_1_secondary# boot system flash primary
Do you want to save current configuration [y/n]? n
L1.2 – 10 Rev. 8.41

Task 5. Implement the SNTP service

Using time synchronization ensures a uniform time among interoperating devices.
This helps you to manage and troubleshoot switch operation by attaching
meaningful time data to event and error messages. The TFTP server application
installed on your Windows computer includes an SNTP server that you will
configure your switch to use in this task.
1. Access the TFTP server control panel and look for the “SNTP server” tab. If
the tab is not visible, select the “Settings” button and enable the Global
Settings “SNTP server” check box. This action may require that you restart
the TFTP application.
Note
Only one of the Windows computers in your group will be running the
SNTP service. Use the Windows Server as the time server.
Rev. 8.41 L1.2 – 11

2. From the switch CLI, view the current time and SNTP settings on the switch.
Edge_1# show time
Edge_1# show sntp

3. From the global context level, use the “sntp” command to specify the time
server IP address and priority and the use of unicast mode.
Edge_1(config)# sntp unicast
Edge_1(config)# sntp server priority 1 10.x.1.10

4. Use the “timesync” command to set the mode to “SNTP”.
Edge_1(config)# timesync sntp

5. View the current time setting again. Depending on your local time zone, you
may notice that the time displayed at the switch CLI is not the same as the
time displayed on the SNTP server.
Edge_1(config)# show time

6. Use the “time” command to specify a GMT offset in minutes. For example,
if your time zone is five hours west of GMT, the offset is -300. View the
current time setting once completed.
Edge_1(config)# time timezone -<offset>
Edge_1(config)# show time

7. Change the time on the Windows computer running the SNTP service and
see how long it takes for the switch to reflect the updated time.
8. To view the results faster, use the “sntp” command to adjust the polling
interval for updates of the system clock. By default, the switch is set to poll
every 720 seconds (12 minutes).
Edge_1(config)# sntp 30

9. Use the “time” command to adjust the “daylight-time-rule” to reflect your
location.
Edge_1(config)# time daylight-time-rule <location>
L1.2 – 12 Rev. 8.41

Task 6. View the Event Log and implement Syslog services

The TFTP server application installed on your Windows computer includes a
Syslog server that you will configure your switch to use in this task.
The switch Event Log records operating events as single-line entries listed in
chronological order, and serves as a tool for isolating problems. Each Event Log
entry is composed of five fields:
Severity is one of the following codes:

I (information) indicates routine events.
W (warning) indicates that a service has behaved unexpectedly.
M (major) indicates that a severe switch error has occurred.
D (debug) reserved for HP internal diagnostic information.
1. From the switch CLI, type “show logging”. This command will display a list
of events that the switch has recognized since the last time it was rebooted.
Edge_1(config)# show logging

2. Perform an action that will generate an event, such as disconnecting a link. If
you are managing the switch using Telnet, ensure you do NOT disconnect the
cable used for that connection. View the log to see the result of
disconnecting and then reconnecting a cable.
Edge_1(config)# show logging

3. Access the TFTP server control panel and look for the “Syslog server” tab.
If the tab is not visible, select the “Settings” button and enable the Global
Settings “Syslog server” check box. This action may require that you restart
the TFTP server application.
Also, enable the Syslog file to be saved locally. You can accept the default
file name (syslog.txt) or have the TFTP server create a text file of your choice
in the folder defined as the Syslog default folder You may also change this
location to a directory of your choice.
Rev. 8.41 L1.2 – 13

4. From the global context level, enable events to be sent to a Syslog server by
using the “logging” command and specifying the Syslog server’s IP address.
On Edge_1, type:
Edge_1(config)# logging 10.x.1.10
On Edge_2, type:
5. Generate one or more events on the switch. You can do this, for example, by
disconnecting and then reconnecting the Ethernet cable between your two
switches.
Other ways to generate an event include starting a Telnet session and
changing the current time on the SNTP server computer.
6. You will be able to view the events as they happen in the “Syslog server” tab
of the TFTP application window. Also, view the text file you specified for the
Syslog server to use and verify that the events appear in that file.
7. From the CLI, type “reload” to reboot one of the switches. When the switch
becomes available, view the event log and verify that the events that occurred
before the reboot are no longer listed.
Edge_1(config)# reload
Do you want to save current configuration [y/n]? y

8. Here are some options for viewing the log at the CLI using the “show
logging” command.
List recorded log messages since last reboot.
show logging
List all recorded log messages, including those before the last reboot.
show logging -a
List log messages with “system” in the text or module name.

show logging system
Lists all log messages since the last reboot that have “system” in the text or
module name.
show logging -a system
Lists all log messages since the last reboot in reverse order.
show logging -r
L1.2 – 14 Rev. 8.41

Task 7. View interfaces and define friendly port names

A helpful tool in troubleshooting network issues is the ability to view port
configurations and statistics.
The friendly port naming feature enables you to assign alphanumeric port names to
augment the numeric port names that are automatically assigned. This means you
can configure meaningful port names to make it easier to identify the source of
information listed by some show commands. Note that this feature augments port
numbering, but does not replace it.
1. Display the current status of the switch’s interfaces using the following
commands.
Command
show interface
show interface brief
show interface config
Edge_1# show interfaces

Edge_1# show interfaces brief
Edge_1# show interfaces config

commands?
a. Command: show interface?
_________________________________________________________
b. Command: show interface brief?
_________________________________________________________
c. Command: show interface config?
_________________________________________________________
2. Display details for one of the ports for which the status is “Up” by using the
“show int” command with the port number.
Edge_1# show interfaces <port-id>
Rev. 8.41 L1.2 – 15

3. Define a friendly name for the port that connects the two switches together as
well as the port to which the Windows Computer is connected by using the
“interfaces <port-id> name <port-name >” command. Include the identity
of the switch on the other side of the link.
Note
The port identifiers specified in the CLI commands of this lab exercise
solution are examples. Substitute a port identifier of your choice that is
appropriate for the switch model you are using.
On Edge_1, type:
Edge_1(config)# interface 12 name Edge_2
On Edge_2, type:
Edge_2(config)# interface 12 name Edge_1
4. To see a list of ports, including their names, use the “show name” command.
You can also see friendly names per port when you view detailed port
counters.
Edge_1# show name
Edge_2# show name

Edge_1# write memory

6. Open a Web session with the switch. View port status, port counters, and
detailed port counters for one of the ports for which the status is “Up”. You
should be able to see the friendly name in the Details for Selected Port
window.
http://10.x.1.2
http://10.x.1.3
L1.2 – 16 Rev. 8.41

Task 8. View LLDP information

The Link Layer Discovery Protocol (LLDP) provides a standards-based method
for enabling the switches to advertise themselves to adjacent (neighbor) devices
and to learn about adjacent devices. An LLDP packet contains data about the
transmitting switch and port.
The switch advertises itself to adjacent devices by transmitting LLDP packets on
all ports for which outbound LLDP is enabled. The switch processes LLDP
packets received from adjacent devices over ports for which inbound LLDP is
enabled. LLDP is a one-way protocol and does not include any acknowledgement
mechanism. An LLDP-enabled port receiving LLDP packets inbound from
adjacent devices stores the information in a neighbor database of the MIB.
In the default switch configuration, LLDP is globally enabled on the switch.
1. From the switch CLI, use the appropriate “show lldp” command to view the
LLDP configuration.
Edge_1# show lldp config

a. What is the default AdminStatus of the ports? ____________________
2. View the LLDP information of the local switch that you are managing.
Edge_1# show lldp info local-device

3. View the LLDP information of devices that are remotely connected.
Edge_1# show lldp info remote-device

4. View the LLDP detailed information of a remote device that is connected to a
specific port.
Edge_1# show lldp info remote-device <port-id>
Note
As you progress through the subsequent labs and you start connecting more
switches, practice the “lldp” commands to view the information as your
network increases in size.
Rev. 8.41 L1.2 – 17


to the Windows client computer using TFTP. Notice that the client computer is
specified here. In subsequent lab exercises, you will also be backing up the
configuration files using TFTP to the Windows Client computer.
Edge_1# write memory

2. Use the “copy” command shown below and specify a filename for each
switch from the following table.
Switch Filename
copy running-config tftp <tftp-ip-address> <file-name>

Edge_1# copy running-config tftp 10.x.1.20 lab1.2_edge_1
Edge_2# copy running-config tftp 10.x.1.20 lab1.2_edge_2
L1.2 – 18 Rev. 8.41

Optional tasks
Optional Task 10. Use advanced options of the copy command

Now that you have experienced the process for exporting your configuration file to
a TFTP server, you can also use a similar process to copy other types of switch
data to a text file on the TFTP server.
1. Type “copy ?” to examine the command features.
Edge_1# copy ?

Some of the command options are:
• command-output: Copies the output of a CLI command to a file on the
destination device.
• event-log: Copies the switch Event Log to a file on the destination
device.
• crash-data: Copies software-specific data useful for determining the
reason for a system crash to a file on the destination device.
• crash-log: Copies processor-specific operating data useful for
determining the reason for a system crash to a file on the destination
device.
The copy command-output is a great tool and can be used to export
command output to a text file on a remote host. For example if you should
find yourself troubleshooting an issue with a third-party, you can send them
the output of a “show tech” command.
2. Use the “command-output” command to send the output of some show
commands as a text file to the TFTP server on your Windows computer. For
example, try it for the “show running-config” command
To copy command output to a destination device:
copy command-output ’cli-command’ tftp <tftp-ip-address>
<filename>
On Edge_1, type:
Edge_1# copy command-output 'show run' tftp 10.x.1.10
Edge_1_showrun.txt
On Edge_2, type:
Edge_2# copy command-output 'show run' tftp 10.x.1.20
Edge_2_showrun.txt
Rev. 8.41 L1.2 – 19

Note
The command you specify can be enclosed in single or double quotation
marks.
L1.2 – 20 Rev. 8.41

Optional Task 11. Use the show tech command

1. Type “show tech ?” to examine the command options.
Edge_1# show tech ?

The “show tech” command sends the output to the terminal as a streaming
listing. This information includes switch operation and running configuration
details from several internal switch sources, including:
• Image stamp (software version data)
• Running configuration
• Event Log listing
• Boot History
• Port settings
• Status and counters—port status
• IP routes
• Status and counters—VLAN information
• GVRP support
• Load balancing (trunk and LACP)
When you type “show tech” be prepared for a lot of information. Although
the “show tech” command does not include screen scroll controls, you can
type <Ctrl-c> to stop the streaming of output to the screen.
Edge_1# show tech ?
<Ctrl-c>
2. Use the “command-output” command to send the output of the “show tech”
command.
Edge_1# copy command-output 'show tech' tftp 10.x.1.10
Edge_1_showtech.txt
Edge_2# copy command-output 'show tech' tftp 10.x.1.20

Edge_2_showtech.txt
Rev. 8.41 L1.2 – 21

L1.2 – 22 Rev. 8.41

Command Reference
needed.
Command Description
Displays version of currently active software
show version
image
Displays versions of primary and secondary

show flash
software images stored on flash
Displays the names of the configuration files in

show config files
the active, primary and secondary flash slots
show config <filename> Displays contents of named configuration file
show time Displays current time settings
show sntp Displays configured SNTP settings

show logging
reboot

show logging -r
reboot in reverse order
Displays all log messages including those

show logging -a
recorded since last reboot
Displays log messages containing the string

show logging system
“system”
Displays all log messages containing the string

show logging –a system
“system”
show interfaces Displays port status information
Displays brief listing of the current status of all

show interfaces brief
ports
show interfaces config Displays configuration of all ports
show lldp config Displays configured LLDP settings
show lldp info local-device Displays LLDP information of the local system
Displays LLDP information of remote devices

show lldp info remote-device <port-id>
connected to specified port
show tech ? Displays options for show tech command
Displays variety of switch configuration and

show tech
status information
sntp server priority 1 <ip-address> Specifies the IP address of an SNTP server
sntp <seconds> Sets the SNTP polling interval
Rev. 8.41 L1.2 – 23

Command Description
interfaces <port-id> name <name> Defines a friendly port name for specified port
copy tftp flash <ip-address> <filename> Copies software image file from a TFTP server
secondary to secondary flash slot
Copies software image file in secondary slot to

copy flash flash primary
primary slot on flash
copy startup-config tftp <ip-address> Copies the startup configuration file on flash to
copy tftp startup-config <ip-address> Copies the named configuration file from a TFTP
<filename> server to startup-config on flash
copy ? Displays options for copy command
copy command-output <’cli-command’> tftp Copies the output of the specified command to
<ip-address> <filename> the named file on a TFTP server
erase startup-config Deletes the startup configuration file on flash
Sets the named configuration file as the startup

startup-default secondary config <filename>
default configuration file
Reboots the switch using software image in

secondary slot
reload Performs a warm reboot of the switch
L1.2 – 24 Rev. 8.41

Configuring VLANs
Module 2 Lab
Objectives
Add/Define VLANs
Enable IP routing on the core switch
Tag switch-to-switch links with the appropriate VLANs and verify
connectivity
Configure an IP helper address
Overview
At this point, as the network manager for ProCurve University you have developed
an overall familiarity with the essential tasks of locally and remotely managing a
ProCurve switch. You are now ready to take the next step and introduce an
additional ProCurve switch and deploy user VLANs. This additional switch will
be deployed as a core switch and will support routing between the user VLANs.
The addition of multiple VLANs into the network environment will allow for the
segmentation of traffic types. This segmentation will allow for easier management
as well as configuration of QoS policies in the future. For example, providing a
voice VLAN will provide a more solid foundation with higher call quality and
fewer dropped calls.
VLANs are utilized to create logical networks, maximizing physical connections;
grouping together users by application, geographical location or department
through port specifications. Alternatively, or in addition, protocol VLANs could
also be useful for similar purposes. For instance, one might wish to create a
VLAN to handle IPv4 traffic only, while creating an additional VLAN for IPv6
traffic. This would allow for easier administration, and where IPv6 may be a
phased rollout, this design would also allow for easier reporting, baselining and
capacity planning when adding new devices that will be configured for IPv6 only.
In this lab exercise you will deploy port-based VLANs.
In this hands-on activity you will perform basic configuration of four VLANs,
numbered 1, 10, 20 and 30. VLAN 1, the management VLAN, will be modified
on the Edge 1 and Edge 2 switches and initial configuration will be done on the
Core and Edge_3 switches. VLANs 10, 20 and 30 will serve as user VLANs and
will be added selectively to each of the switches.
Rev. 8.41 L2.1 – 1

Network diagram
In this lab exercise, you will use two additional switches labeled Core and Edge_3.
Note the following configuration changes:
Default gateway specification has been added to Edge_1, Edge_2, Edge_3,
and the Windows Server computer.
IP address assignment for Windows XP computer set to DHCP.
Ethernet cable between Edge_1 and Edge_2 has been removed. Windows
XP computer Ethernet cable connects to Edge_3.
L2.1 – 2 Rev. 8.41

Configuring VLANs
Task 1. Perform initial configuration of the Core and Edge_3

switches
During this task you will perform initial configuration activities on two additional
switches identified as Core and Edge_3.
Note
switches labeled Core or Edge_3 and perform the activities of this task
independently.
1. Connect a console cable from one of your Windows computers to the Core or
Edge_3 switch and establish a console session.
2. Since this is the first time you are accessing these switches, use the
“password” command to configure both a username and password for each
of the Operator and Manager privilege levels. Specify the usernames and
ProCurve Switch 5406zl# password manager user-name

manager
New password for manager: ********
Please retype new password for manager: ********
ProCurve Switch 5406zl# password operator user-name
operator
New password for operator: ********
Please retype new password for operator: ********
ProCurve Switch 5406zl# write mem

3. Configure a host name for each switch.
Host Name Switch
Core Labeled Core
HP ProCurve Switch 5400zl(config)#hostname Core
HP ProCurve Switch 2610(config)#hostname Edge_3
Rev. 8.41 L2.1 – 3

4. Assign an IP address to VLAN 1.
Device IP Address
Core 10.X.1.1/24
Edge_3 10.X.1.4/24
Core(config)# vlan 1
Core(vlan-1)# ip address 10.x.1.1/24
Core(vlan-1)# exit
Edge_3(vlan-1)# exit
5. Other configuration activities you should do are:

• Define friendly port names for the ports that will be used to connect to
Edge_1 and Edge_2.
• Define SNTP server and timezone settings.
• Define Syslog server settings.
Note
Core(config)# int A13

Core(eth-A13)# name Edge_1
Core(eth-A13)# int A23
Core(eth-A23)# name Edge_2
Core(eth-A23)# exit
Core(config)# timesync sntp
Core(config)# sntp server priority 1 10.x.1.10
Core(config)# sntp unicast
Core(config)# time timezone -<offset>
Core(config)# time daylight-time-rule <location>
Core(config)# logging 10.x.1.10
Edge_3(config)# int 9
Edge_3(eth-9)# name Edge_2
Edge_3(eth-9)# int 1
Edge_3(eth-1)# name WinClient
Edge_3(eth-1)# exit
Edge_3(config)# timesync sntp
Edge_3(config)# sntp server 10.x.1.10
Edge_3(config)# sntp unicast
Edge_3(config)# time timezone -<offset>
Edge_3(config)# time daylight-time-rule <location>
L2.1 – 4 Rev. 8.41

Configuring VLANs
6. Based on the network diagram, connect the switches and workstations

together using the Ethernet cables provided.
Disconnect Edge_1 port 12 from Edge_2 Port 12
Connect Edge_3 port 9 to Edge_2 Port 23
Connect Edge_2 port 24 to Core port A23
Connect Edge_1 port 14 to Core port A12
Move WinClient from Edge_2 port 1 to Edge_3 port 1

computers.
Core(config)# ping 10.x.1.1
Edge_3(config)# ping 10.x.1.1

C:\ ping 10.x.1.1

C:\ ping 10.x.1.2
C:\ ping 10.x.1.3
C:\ ping 10.x.1.4
Rev. 8.41 L2.1 – 5

Task 2. Add the necessary user VLANs to each switch

In order to create the environment as shown in the network diagram, it is necessary
to create three additional VLANs. VLAN 1 exists by default as a port-based
management VLAN. Using the CLI, VLANs 10, 20 and 30 will be created and
later made available to other users by tagging ports. Tagging allows the VLAN
traffic to cross appropriate switches.
Note
In the steps that follow, divide the switch management responsibilities
with your partner. Ensure you do not attempt to edit a switch’s
configuration at the same time.
When defining ports as untagged members of the user VLAN, be sure

that you do not interrupt your Telnet session used for switch
management.
1. From one of the Windows computers, open a Telnet session with the core
switch using Tera Term Pro. Remember only one person in your group will
do this.
C:> telnet 10.x.1.1
Username: manager
2. Access the global configuration level and define VLANs 10, 20, and 30 using
the “vlan <vlan-id>”command.
Core# configure
Core(config)# vlan 10
Core(vlan-10)# vlan 20
Core(vlan-20)# vlan 30
Core(vlan-30)# exit
3. Use “show vlans” to verify the VLANs have been created.

Core(config)# show vlans
L2.1 – 6 Rev. 8.41

Configuring VLANs
4. You should see a listing of the newly created VLANs on the Core switch
similar to the following.
Status and Counters - VLAN Information

Maximum VLANs to support : 8
Primary VLAN : DEFAULT_VLAN
Management VLAN :
802.1Q VLAN ID Name | Status Voice Jumbo

-------------- ------------ + ---------- ----- -----
1 DEFAULT_VLAN | Port-based No No
Note
Depending on the switch model you are using for the Core switch. The
column labeled Jumbo (indicating whether jumbo frame support is
enabled) may not be listed.

Edge_1# configure
Edge_1(config)# show vlans
6. Connect to Edge_2 and add VLANs 20 and 30.

Edge_2# configure
Edge_2(vlan-20)# vlan 30

Edge_3# configure
Rev. 8.41 L2.1 – 7

The following table summarizes which VLANs should be defined on each

switch.
VLAN 1 Yes Yes Yes Yes
VLAN 10 Yes Yes No No
VLAN 20 Yes No Yes No
VLAN 30 Yes No Yes Yes
Additional notes:
We have been using the CLI, which is capable of configuring and displaying
both port-based and protocol-based VLANs. The Menu interface can ONLY
be used to configure and display port-based VLANs whereas ProCurve
Manager Plus can be used to configure and display both port-based and
protocol-based VLANs.
For additional information, refer to the ProCurve documentation for the
3500yl, 5400zl, 6200yl, and 8212zl series switches — static VLAN section
of the Advanced Traffic Management Guide and the Management and
Configuration Guide. This can be found at www.procurve.com/manuals.
L2.1 – 8 Rev. 8.41

Configuring VLANs
Task 3. Tag switch-to-switch links with the appropriate VLANs

It is necessary to “tag” the ports connecting the switches that will be handling
routed traffic for the VLANs. For a source on a given VLAN to reach a
destination by way of the connected port, the port must be tagged. Since the
Windows computers are not supporting VLAN tagging in the packets they send
and receive, the switch ports connecting to those Windows computers will NOT be
tagged.
Note that in the network diagram for this lab, the core switch is aware of all four
VLANs, whereas the edge switches are only aware of a subset of the VLANs —
those that they will receive traffic from or send traffic to. VLAN 30 traffic sent
from the core switch is allowed to pass through Edge_2 and arrive at Edge_3, but
does not pass through Edge_1. Traffic for VLAN 1, the management VLAN, can
pass through any switch on the network.
Based on the network diagram, determine which ports need to be tagged on each
switch for the traffic to flow as intended in the network diagram. It is
recommended you use the Gigabit ports for the switch-to-switch connections and
the 10/100 Mps or 10/100/1000 Mbps ports for connection to the Windows
computers.
1. For each connected port on a switch, determine the port identifier and its
tagged status for each VLAN the switch will support.

Port
#1
Port
#2
Note
All remaining ports that are not explicitly referenced retain an
“untagged” status in VLAN 1.
2. Connect to the Core switch and use the “vlan <vid> tagged <port-list>”
command to tag the appropriate switch-to-switch ports.
Note
The port identifiers specified below are examples. Substitute a port
using.
Core(config)# vlan 10 tagged A12

Rev. 8.41 L2.1 – 9

3. Use “show vlan <vid>” to examine the status of each tagged port.
Core(config)# show vlans 10
4. Connect to each of the Edge_1, Edge_2, and Edge_3 switches and access the
global configuration context level. Tag the switch-to-switch ports as
necessary, based on the network diagram and the table above.
Edge_1(config)# vlan 10 tagged 14
Edge_1(config)# show vlans 10

Edge_2(config)# vlan 30 tagged 23,24

The table below summarizes some basic rules of port-based and protocol-based
VLANs in terms of untagged and tagged status. We have created port-based
VLANs in order to allow traffic to pass from one switch to another. A protocol-
based VLAN will generally require more planning due to the number of protocols
on the network and the variety of devices, applications, and end-users that may use
these protocols.
Port-based VLANs Protocol-based VLANs
A port can be a member of one A port can be an untagged member

untagged, port-based VLAN. All other of one protocol-based VLAN of each
port-based VLAN assignments for that protocol type. When assigning a
port must be tagged. port to multiple, protocol-based
VLANs sharing the same type, the
port can be an untagged member of
only one such VLAN.
A port can be a tagged member of A port can be a tagged member of
one or more port-based VLANs. one or more protocol-based VLANs.
L2.1 – 10 Rev. 8.41

Configuring VLANs
Task 4. Define IP addresses for the VLANs

The core switch will be responsible for forwarding traffic between hosts in
VLANs 1, 10, 20 and 30. It is necessary to define IP addresses that will act as
routing interfaces on the Core switch to enable the forwarding of traffic between
different subnets.
1. Use the “show ip” command to see the IP addresses currently defined on the
Core switch.
Core(config)# show ip
You should see one IP address is currently defined for VLAN 1, 10.x.1.1/24.
2. Define the additional IP addresses that are needed on the Core switch within
the appropriate VLAN context as indicated on the network diagram.
Core(config)# vlan 10 ip address 10.x.10.1/24
3. Do another “show ip” command to see the IP addresses that are NOW
defined on your Core switch.
Core(config)# show ip
Rev. 8.41 L2.1 – 11

Task 5. Test reachability of the IP addresses

1. Prepare the Edge_3 switch for a basic reachability test by configuring one of
the ports on Edge_3 to be in VLAN 30.
a. Should the port be tagged or untagged and why? __________________
Edge_3(config)# vlan 30 untagged 1
2. On the Windows XP computer, configure its IP address so that it matches the

VLAN 30 subnet. Pick any unused host number for the fourth octet.
For example, configure the IP address as 10.x.30.50.
3. Connect your Windows XP computer to the port you defined as a member of
VLAN 30 in the prior step.
4. Using “ping” from a Command Prompt, test reachability of the VLAN 30 IP
address you defined on the Core switch.
C:>ping 10.x.30.1
Note
If you were not successful, use the previous steps to verify your
configuration. Also verify the tagged/untagged state of your switch-to-
switch links.
5. From your Windows XP computer, use the “ping” command to test

connectivity to the other IP subnets configured on your switches.
b. Were you successful? ____________________________________
c. If no, what additional configuration step must be completed?
________________________________________________________
L2.1 – 12 Rev. 8.41

Configuring VLANs
Task 6. Enable IP routing on the core switch

It is necessary to enable routing on the Core switch for traffic to pass from one
subnet to another.
1. From the CLI of the Core switch, use the “ip routing” command to enable IP
routing.
Note
The edge switches will remain configured as layer 2 switches. Do not
enable routing on the edge switches.
Core(config)# ip routing
2. Verify that the Core switch has a local path to the four networks by viewing
the IP route table. Use the “show ip route” command. You should see
information similar to the following where “x” is replaced with your group
number.
IP Route Entries

------------------- --------------- ---- --------- ---------- ---------- -----
10.x.10.0/24 VLAN10 10 connected 0 0
10.x.20.0/24 VLAN20 20 connected 0 0
10.x.30.0/24 VLAN30 30 connected 0 0
127.0.0.0/8 reject static 0 250
127.0.0.1/32 lo0 connected 0 0
3. Using “ping”, test connectivity to the other subnets from your Windows
C:>ping 10.x.1.1
a. Were you successful? ______________

_______________________________________________________
Rev. 8.41 L2.1 – 13

Task 7. Configure default gateways

1. Configure a default gateway IP address on each of your three edge switches.
address as 10.x.1.1.
Edge_1(config)# ip default-gateway 10.x.1.1
2. Configure a default gateway IP address on each of your two Windows

computers.
address for the Windows server computer as 10.x.1.1.
Configure the default gateway IP address on the Windows XP computer as
10.x.30.1 since this Windows computer will be a member of VLAN 30.
3. Using “ping”, verify connectivity to the other subnets from your Windows
C:>ping 10.x.10.1
C:>ping 10.x.20.1
C:>ping 10.x.30.1
C:>ping 10.x.1.1
C:>ping 10.x.1.10
L2.1 – 14 Rev. 8.41

Configuring VLANs
Task 8. Configure an IP helper address

The function of the DHCP relay agent is to forward the DHCP messages to other
subnets so that the DHCP server does not have to be on the same subnet as the
DHCP clients. The DHCP relay agent transfers the DHCP messages from DHCP
clients, located on a subnet without a DHCP server, to one or more other subnets
where a DHCP server is located.
The DHCP relay agent on the Core switch forwards DHCP client packets to all
DHCP servers that are configured in a table associated with each VLAN. The
forwarding can be accomplished using either a unicast or a broadcast mode of
operation.
In this task you will be configuring Unicast Forwarding.
Minimum Requirements for DHCP Relay Operation

For the DHCP relay agent on the Core switch to operate properly, the following
conditions must be met:
DHCP Relay is enabled on the routing switch. This is the default setting.
A DHCP server is servicing the routing switch.
IP Routing is enabled on the routing switch.
There is a route from the DHCP server to the routing switch and back.
An IP Helper address is configured on the routing switch for the applicable
VLAN. The IP Helper address is set to the IP address of the DHCP server on
the VLAN that will provide service to the DHCP clients.
1. Verify the Windows Server includes a running DHCP service and verify that
the following three scopes are defined, one for each of user VLANs. If the
scopes have not yet been defined, then configure the DHCP server. The
following table summarizes the scope configuration.
Scope
Name
10.x.10.50 to /24 or
VLAN 10 10.x.10.1
10.x.10.150 255.255.255.0
10.X.20.50 to /24 or
VLAN 20 10.x.20.1
10.x.20.150 255.255.255.0
10.x.30.50 to /24 or
VLAN 30 10.x.30.1
10.x.30.150 255.255.255.0
Rev. 8.41 L2.1 – 15

2. Configure an IP helper address for VLAN 30. The IP helper address should
be that of the Windows Server running the DHCP service.
c. On which switch or switches should this task be done?
___________________
Use the command “ip helper-address 10.x.1.10”.
Core(config)# vlan 30 ip helper-address 10.x.1.10
3. Configure a port on Edge_3, the switch the Windows XP computer will be

connected to, so that the switch will support access to VLAN 30. This should
have been done in a previous step where a port was configured as untagged in
VLAN 30.
4. Change the network configuration on the Windows XP computer to request
an IP address using DHCP.
5. At a command prompt on the Windows XP computer, verify that you have
received an IP address. You may have to use the command “ipconfig
/release” followed by “ipconfig /renew”.
6. Using “ping” to verify connectivity to the other subnets.
C:>ping 10.x.10.1
C:>ping 10.x.20.1
C:>ping 10.x.30.1
C:>ping 10.x.1.1
C:>ping 10.x.1.10
L2.1 – 16 Rev. 8.41

Configuring VLANs
Task 9. Test the IP helper address on VLANs 10 and 20

Verify the IP helper address works for VLANs 10 and 20. You can do this using
the Edge_1, Edge_2, or Edge_3 switch as the connectivity point for the Windows
XP computer to access VLANs 10 and 20.
1. Determine which switch you will use as the connectivity point for the
Windows XP computer to access VLAN 10.
Edge_1 is selected as the connectivity point for VLAN 10.
2. If necessary, configure that switch so that it can transport VLAN 10 traffic.
No additional configuration needed on Edge_1, Edge_1 was configured
with VLAN 10 previously.
3.
Configure the upstream switch, if applicable, so that it can also transport
VLAN 10 traffic.
Note
You only need to configure switches to the extent that VLAN 10 traffic
from the Windows XP computer can reach the Core switch. The Core
switch will be sending the DHCP messages to the Windows Server that
is located in VLAN 1.
No additional configuration needed on Core, Core was configured with

VLAN 10 previously.
4. Configure the IP Helper address for VLAN 10 on the Core switch.
5. Configure a port on the switch the Windows XP computer will be connected

to so that the switch will support access to VLAN 10.
6. Verify the workstation acquires an IP address in VLAN 10.

C:\ ipconfig/all
7. Using “ping”, verify connectivity to the other subnets.

C:>ping 10.x.10.1
C:>ping 10.x.20.1
C:>ping 10.x.30.1
C:>ping 10.x.1.1
C:>ping 10.x.1.10
Rev. 8.41 L2.1 – 17

8. Repeat the steps above for VLAN 20.

Edge_2 is selected as the connectivity point for VLAN 20. The link
between Edge_2 and Core is configured to transport VLAN 20 traffic.
C:>ping 10.x.10.1
C:>ping 10.x.20.1
C:>ping 10.x.30.1
C:>ping 10.x.1.1
C:>ping 10.x.1.10
9. Move your Client back to a VLAN 30 connection on Edge_3.
L2.1 – 18 Rev. 8.41

Configuring VLANs

to the Windows client computer using TFTP.
Core(config)# write memory
Repeat the command above on Edge_1, Edge_2 and Edge_3.

2. Use the “copy” command and specify a filename for each switch from the
following table.
Switch Filename
Core lab2_core
Edge_1 lab2_edge_1
Edge_2 lab2_edge_2
Edge_3 lab2_edge_3
Core# copy running-config tftp 10.x.30.## lab2_core
Edge_1# copy running-config tftp 10.x.30.## lab2_edge_1
Rev. 8.41 L2.1 – 19

L2.1 – 20 Rev. 8.41

Configuring VLANs
Command Reference
needed.
Command Description
show ip Displays the IP addresses configured for VLANs
show ip route Displays the IP routing table
configure Access global configuration mode
exit Exit from a configuration level

to a VLAN

<ip-address>

VLAN
Within the interface context, defines a friendly

name <port-name>
port name
sntp server <ip-address> Specifies the IP address of an SNTP server
<filename> server
Rev. 8.41 L2.1 – 21

L2.1 – 22 Rev. 8.41

Module 3 Lab
Note
There is not a step-by-step version of the Using ProCurve Manager Plus
lab exercise. Refer to the main section of the Lab Guide for this lab
exercise.
Rev. 6.11 C–L3 – 1

C–L3 – 2 Rev. 6.11

Module 4 Lab 1
Objectives
Configure a port trunk between two switches
Verify operation of the port trunk
Overview
ProCurve University is expecting that the links connecting the core switch to the
edge switches will require additional bandwidth to support increasing use of
convergence technologies, data warehousing, and system backups. In this lab
exercise, you will implement three port trunks to increase the capacity of the links
between the switches. You will configure a port trunk between the Core switch
and Edge_1, one between the Core switch and Edge_2, and one between Edge_2
and Edge_3.
Link aggregation, which is also referred to as “trunking” or “load sharing”, is used
primarily to increase throughput between switches and maximize the efficiency of
available bandwidth. The connected ports forming a trunk can have differing
characteristics such as speed, flow control settings and media type. It is also very
important to remember that the links being added to form a port trunk are
disconnected or disabled while you are carrying out the configuration tasks to
avoid a broadcast storm on the network.
One common example of a trunk is to use multiple ports as a network backbone,
shuttling traffic to and from a building, for instance. Another example might be to
use a trunk to move large data files, such as graphics or video to/from a server
farm. This same scenario might apply to backups or data warehousing. In any case,
trunks provide increased bandwidth while allowing for increased efficiency
throughout the attached networks.
Rev. 8.41 L4.1 – 1

Network diagram
In this lab exercise, you will be implementing redundant uplinks between your
switches by configuring a port trunk using the switch CLI. You may select any
ports you prefer, but it is recommended that you use gigabit ports when available.
You will require three additional Ethernet cables for the redundant links.
L4.1 – 2 Rev. 8.41

Task 1. Prepare a Windows client connection

In this task, you configure Edge_1 by adding a port to VLAN 10 as an untagged
member so that the Windows client computer can be used for testing purposes in a
later task.
1. Using the CLI on Edge_1, configure an unused port as an untagged member
of VLAN 10.
Note
Depending on whether you performed the optional tasks in lab exercise
2, you may have previously configured a port on Edge_1 as an untagged
member of VLAN 10.
2. Connect the Windows client computer to the port you configured above.
3. Verify the Windows client computer is assigned an IP address in VLAN 10
using DHCP.
4. Verify you can ping the IP address of the Core switch in VLAN 10,
10.x.10.1, from the Windows client computer.
C:>ping 10.x.10.1
Rev. 8.41 L4.1 – 3

Task 2. Define two ports as members of a static LACP trunk

between Core and Edge_1
Note
Do not connect the ports representing the second link of a port trunk
with an Ethernet cable until the configuration is complete.
1. Using the CLI on the Core switch, define two ports as members of a static
LACP trunk that will connect to Edge_1. Use the “trunk” command to
create the static trunk. For example, use trk1 as the trunk name.
The network diagram illustrates the use of two gigabit ports as a trunk. If
you choose to aggregate 10/100 ports into a trunk, be sure to use ports that
are untagged members of VLAN 1 on both sides of the trunk and not
members of one of the user VLANs.
Use the CLI help or refer to the switch documentation provided on your
Windows computer for assistance with command syntax.
Core(config)# trunk a13-a14 trk1 lacp
2. Using the CLI on Edge_1, define two ports as members of a static LACP
trunk that will connect to the Core switch. For example, use trk1 as the
trunk name.
Edge_1(config)# trunk 13-14 trk1 lacp
L4.1 – 4 Rev. 8.41

Task 3. Examine connectivity

1. Use the “show lldp info remote” and “ping” commands on the Core and
Edge_1 switches to verify that all switches in your group are available.
Core(config)# show lldp info remote-device
Edge_1(config)# show lldp info remote-device


C:>ping 10.x.10.1
The ICMP echo request will not be successful because you lost your
connection with the switch after you issued the command to create the trunk.
a. Why was the connection lost? _________________________________
__________________________________________________________
C:>ping 10.x.10.1
This ICMP echo request should be successful

b. Why was this connection maintained? __________________________
__________________________________________________________
Rev. 8.41 L4.1 – 5

Task 4. Assign the trunk ports to the appropriate VLANs




connectivity for hosts in VLAN 10.
Core(config)# vlan 10 tagged trk1
Edge_1(config)# vlan 10 tagged trk1

C:> ping 10.x.10.1
L4.1 – 6 Rev. 8.41

Task 5. Implement a static LACP trunk between Core and Edge_2

20 using DHCP
• Verify you can ping the IP address of the Core switch in VLAN 20,
10.x.20.1.
C:> ping 10.x.20.1
2. On the Core switch, define two ports as members of a static LACP trunk that
will connect to Edge_2.
the user VLANs.
Note
previously. Otherwise, the ports will be added to the existing trunk. For
Core(config)# trunk 23-24 trk2 lacp
connect to the Core switch.
Edge_2(config)# trunk c1-c2 trk2 lacp
Rev. 8.41 L4.1 – 7






C:>ping 10.x.20.1
C:> ping 10.x.20.50
L4.1 – 8 Rev. 8.41

Task 6. Implement a static LACP trunk between Edge_2 and

Edge_3
30 using DHCP
• Verify you can “ping” the IP address of the Core switch in VLAN 30,
10.x.30.1.
C:> ping 10.x.30.1
connect to Edge_3.
the user VLANs.
Note
previously. Otherwise the ports will be added to the existing trunk. For
Edge_2(config)# trunk 21,23 trk3 lacp
connect to Edge_2.
Edge_3(config)# trunk 8-9 trk3 lacp
4. From the CLI on Edge_3, verify that Edge_2 is reachable.

Rev. 8.41 L4.1 – 9



8. Display a list of the VLANs defined on the Edge_2 and Edge_3 switches.

C:> ping 10.x.30.1
12. From a command prompt on the Windows server computer, ping the IP
C:> ping 10.x.30.50
L4.1 – 10 Rev. 8.41


Comment/
Switch
Filename
Core lab4.1_core
table above.
Rev. 8.41 L4.1 – 11

Optional task
Continue on with this optional task if you have completed the required section of
the lab exercise.
Optional Task 8. Verify load sharing

In this task, you introduce traffic over the trunk and observe the port counters to
see a demonstration of load sharing.
1. On your Windows client computer, start the TfGen program and configure
the following options:
• Destination: 10.x.1.3 (Edge_2) or 10.x.1.1 (Core) or 10.x.1.2 (Edge_1)
Note
For the IP address you need to specify an IP address of any device that
is on the other side of a trunk relative to the Windows client computer.
will be saturated.
Since the CLI does not refresh dynamically, you will need to repeat the
command to see the port counters increment. Traffic is shared by
“conversation”. Because you have started only one conversation, the traffic
is not balanced over the links in the trunk.
4. To view the port counters dynamically, access the web interface and choose
5. Without terminating the first instance of TfGen, start a second instance of
TfGen and specify a different IP address on the other side of the trunk as the
destination.
Because this is a second distinct conversation (source IP address/destination
IP address pair), it may be assigned to a different link in the trunk.
It is important to note that there is no guarantee the second conversation will
be assigned to a different link in the trunk compared to the first conversation.
However, conversations among a larger group of hosts are more likely to
result in evenly distributed traffic.
L4.1 – 12 Rev. 8.41

Command Reference
needed.
Command Description

VLAN
trunk <port-list> <trunk-name> lacp Defines a static LACP port trunk
<filename> server
Rev. 8.41 L4.1 – 13

L4.1 – 14 Rev. 8.41

Configuring RSTP
Module 4 Lab 2
Objectives
Configure RSTP
Verify operation of RSTP
View RSTP operational status and information
Overview
bandwidth concerns, ProCurve University would like to have redundant links in
place in the event a trunk fails between a pair of switches. To address this issue,
you will use redundant links and the Rapid Convergence Spanning Tree Protocol
(RSTP).
In this lab exercise, you enable RSTP on your core and edge switches. Additional
links will be implemented to provide the necessary link redundancy. You will
then examine spanning tree detail, record the active path through the network, and
make any necessary configuration changes to enable user VLAN traffic to be
transported in the modified topology.
Note
Rev. 8.41 L4.2 – 1

Network diagram
In this lab exercise, you will be implementing RSTP and additional links for
redundancy. You will need to modify the Ethernet cabling among three of your
switches as indicated in the network diagram. You will be using the CLI to
perform all of the configuration tasks.
L4.2 – 2 Rev. 8.41

Configuring RSTP
Task 1. Configure VLAN 30 support on your switches

In this task, you configure your four switches so that they can transport traffic for
VLAN 30. This is being done in support of the Windows client computer that you
will be using to verify network operation. The Windows client computer should be
connected to Edge_3 and assigned an IP address in VLAN 30.
1. On your four switches, where necessary, configure the trunks to transport
traffic for VLAN 30. Use the “show vlans 30” command to see which trunks
are configured.
2. Verify the Windows client computer connected to Edge_3 can “ping” each of
C:> ping 10.1.10.1
C:> ping 10.1.20.1
C:> ping 10.1.30.1
3. Verify the Windows client computer connected to Edge_3 and the Windows
server computer connected to Edge_1 can ping each other.
From the Window Server Computer
C:> ping 10.1.30.50
From the Windwos Client Computer
C:> ping 10.1.1.10
Do not proceed until you have resolved all connectivity issues.
Rev. 8.41 L4.2 – 3


Spanning Tree
Switch
Bridge Priority
Core 1
Edge_1 2
Edge_2 2
Edge_3 3
Core(config)# spanning-tree priority 1
Edge_1(config)# spanning-tree priority 2
2. On your four switches, force the version of spanning tree for RSTP operation.
Core(config)# spanning-tree force-version rstp-operation
L4.2 – 4 Rev. 8.41

Configuring RSTP
Task 3. View spanning tree details and enable RSTP

1. Use LLDP to determine which trunk ports connect to other switches and
define those trunk ports as non-edge ports, i.e., switch-to-switch links.
Core(config)# show trunk
Core(config)# no spanning-tree trk1 admin-edge-port
Core(config)# no spanning-tree trk2 admin-edge-port

Edge_1(config)# show trunk
Edge_1(config)# no spanning-tree trk1 admin-edge-port


2. Enable RSTP.
Core(config)# spanning-tree

Root Bridge of the spanning tree? _____________________________
ports to verify your answer.
Core(Config)# show spanning-tree trk1,trk2
Edge_1(Config)# show spanning-tree trk1
Edge_2(Config)# show spanning-tree trk2,trk3
Rev. 8.41 L4.2 – 5

Note
Edge_1(config)# no spanning-tree 9 admin-edge-port
L4.2 – 6 Rev. 8.41

Configuring RSTP
ports.
Core(Config)# show spanning-tree trk1,trk2
Edge_1(Config)# show spanning-tree trk1,9
Edge_2(Config)# show spanning-tree trk2,trk3,9
4. Record the state of each port on the previous network diagram using “F” to
Rev. 8.41 L4.2 – 7



b. Why or why not? __________________________________________
C:> ping 10.1.10.1
C:> ping 10.1.20.1
C:> ping 10.1.30.1


Edge_1(config)# vlan 30 tagged b1
Edge_2(config)# vlan 30 tagged b1
C:> ping 10.1.10.1
C:> ping 10.1.20.1
C:> ping 10.1.30.1
L4.2 – 8 Rev. 8.41

Configuring RSTP

• Disconnect both links comprising the trunk between the Core and
C:> ping 10.1.10.1
C:> ping 10.1.20.1
C:> ping 10.1.30.1

C:> ping 10.1.10.1
C:> ping 10.1.20.1
C:> ping 10.1.30.1

between the Core and Edge_2 switches.
Rev. 8.41 L4.2 – 9

port

ports.
Core(config)# show spanning-tree trk1,trk2
Edge_1(config)# show spanning-tree trk1,9,7
Edge_2(config)# show spanning-tree trk2,trk3,9
Edge_3(config)# show spanning-tree trk3,7
L4.2 – 10 Rev. 8.41

Configuring RSTP


C:> ping 10.1.10.1
C:> ping 10.1.20.1
C:> ping 10.1.30.1


C:> ping 10.1.10.1
C:> ping 10.1.20.1
C:> ping 10.1.30.1

• Disconnect both links comprising the trunk between the Edge_2 and
C:> ping 10.1.10.1
C:> ping 10.1.20.1
C:> ping 10.1.30.1


Rev. 8.41 L4.2 – 11
C:> ping 10.1.10.1
C:> ping 10.1.20.1
C:> ping 10.1.30.1

between the Edge_2 and Edge_3 switches.
L4.2 – 12 Rev. 8.41

Configuring RSTP
Task 8. Tag connected ports to carry all user VLANs

1. In preparation for subsequent lab exercises, verify all switch to switch links
are tagged for all user vlans. Make any configuration changes that may be
necessary.
Core(config)# show vlan 10
Edge_1(config)# vlan 10 tagged 7,9

Edge_1(config)# vlan 20 tagged trk1,7,9
Edge_1(config)# show vlan 10
Edge_2(config)# vlan 10 tagged trk2,trk3,9

Edge_2(config)# vlan 20 tagged trk3,9

Rev. 8.41 L4.2 – 13


Comment/
Switch
Filename
Core lab4.2_core
table above.
L4.2 – 14 Rev. 8.41

Configuring RSTP
Command Reference
needed.
Command Description
Displays spanning tree status information for a

list of ports
spanning-tree Enable spanning tree
spanning-tree force-version rstp-operation Sets RSTP as spanning tree protocol version
no spanning-tree <port-list> edge-port Defines port list as non-edge ports
<filename> server
Rev. 8.41 L4.2 – 15

L4.2 – 16 Rev. 8.41

Configuring MSTP
Module 4 Lab 3
Objectives
Configure MSTP
Verify operation of MSTP
View operational status and details of multiple MST instances
View operational status and details of the CST
Overview
bandwidth concerns, ProCurve University would like to address the need for
redundant links in the event a trunk fails between a pair of switches. To address
this issue, you will use redundant links and the Multiple Spanning Tree Protocol
(MSTP) to improve network availability for the ProCurve University environment.
In contrast to how RSTP operates, ProCurve University management would like to
investigate how MSTP could be used to help distribute user VLAN traffic more
efficiently across the network. Instead of having all user VLAN traffic traverse a
common spanning tree as it does when using RSTP, MSTP will be deployed with
multiple MST instances to distribute traffic load based on VLANs. The switches
will map two of the user VLANs to one MST instance and the remaining VLAN to
the other MST instance.
The tasks you perform include configuring parameters common to the MST
Region and parameters specific to each of two MST instances. After defining MST
parameters, you will examine MST operational status and other detailed
information using CLI commands.
Note
Rev. 8.41 L4.3 – 1

Network diagram
In this lab exercise, you will be implementing MSTP with two MST instances.
You will need to modify the Ethernet cabling among your four switches as
indicated in the network diagram. The Core switch will be configured as the Root
Bridge of MST instance 1 and Edge_2 will be configured as the Root Bridge of
MST instance 2. You will be using the CLI to perform all of the configuration
tasks.
L4.3 – 2 Rev. 8.41

Configuring MSTP
Task 1. Tag the currently connected ports to carry all user VLANs
1. Verify each of the user VLANs have all currently connected ports of the
trunks as tagged members. Make any configuration changes that may be
necessary.
Core(config)# show vlans ports trk1
Core(config)# show vlans ports trk2
Edge_1(config)# show vlans ports trk1


Edge_2(config)# vlan 10 tagged trk2,trk3

Rev. 8.41 L4.3 – 3


Spanning Tree
Switch
Bridge Priority
Core 1
Edge_1 2
Edge_2 2
Edge_3 3
2. On each of your four switches, configure spanning tree for MSTP operation.
Core(config)# spanning-tree force-version mstp-operator
Repeat the command above on Edge_1, and Edge_2.

Edge_3(config)# spanning-tree protocol-version mstp
3. Save your configuration and reboot each switch for MSTP to become active.
Core(config)# reload
Repeat the commands above on Edge_1, Edge_2 and Edge_3.
L4.3 – 4 Rev. 8.41

Configuring MSTP
Task 3. Enable spanning tree and view spanning tree information

for the CST
1. Use the “spanning-tree” command to enable spanning tree on each switch.
Core(config)# spanning-tree

2. Use the “show span” command on each switch to see the Common Spanning
Tree (CST) details.
Core(config)# show spanning-tree

____________
b. Which switch is the Root of the CST? ____________
3. Examine the running configuration on the switch that is the CST Root.
configuration caused this switch to become the CST Root?
_________________________________________________________
Rev. 8.41 L4.3 – 5

Task 4. Configure MST region and per-instance parameters

In this task, you complete the configuration of MSTP.
1. Define an MST Region identity on each of your switches using the following
settings:
Parameter Value
config-name procurve
config-revision 1
Note
All switches in your group will be members of the same MSTP Region and
therefore must have the same region configuration parameters.
Core(config)# spanning-tree config-name procurve

Core(config)# spanning-tree config-revision 1

2. Associate user VLANs with MST instances on each of your switches using
the following settings:
Instance VLANs
1 10
2 20 and 30
Core(config)# spanning-tree instance 1 vlan 10

L4.3 – 6 Rev. 8.41

Configuring MSTP
3. Configure Bridge Priorities for each MST instance on the switches that will
function as the Root Bridges using the following settings:
Switch Instance Priority
Edge_1 1 1
Edge_1 2 2
Edge_2 1 2
Edge_2 2 1
Edge_1(config)# spanning-tree instance 1 priority 1

4. View the MST configuration on each switch.

Core(config)# show spanning-tree mst-config

5. Verify the same VLANs are mapped for each MST instance on each switch.
All switches must have the same ‘config-name’ and ‘config-revision’
parameters. All switches must also have the same VLANs assigned to each
MST instance. If you have not configured the same MST parameters for all
switches, there may be multiple Root Bridges for MST instance 1 and/or
MST instance 2 within the MST Region.
Rev. 8.41 L4.3 – 7

Ethernet cable.
Note
For MSTP, the default setting of each port is “non-edge” port, i.e., the
port is assumed to be used for a switch-to-switch link. In contrast, for
RSTP, the default is “edge” port, i.e., the port is assumed to be used for
connectivity to an end station.
Therefore, you can use the default MSTP setting for the ports of the two
new switch-to-switch links you add in this lab exercise.
Core(config)# show spanning-tree instance 1
Edge_1(config)# show spanning-tree instance 1
3. Record the Regional Root MAC Address reported by each of the switches.
Switch Regional Root MAC Address
Core
Edge_1
Edge_2
Edge_3
instance 1.
L4.3 – 8 Rev. 8.41

Configuring MSTP
Rev. 8.41 L4.3 – 9

instance 2.
L4.3 – 10 Rev. 8.41

Configuring MSTP


b. Why or why not? _______________________________________
C:> ping 10.1.10.1
C:> ping 10.1.20.1
C:> ping 10.1.30.1
3. On Edge_1 and Edge_2, determine the tagged/untagged status of the ports
comprising the new switch-to-switch link.
Use the “show vlan ports <port-list>” command to determine which VLANs
the ports are members. Then use the “show vlans <vlan-id>” command to
determine the tagged/untagged status.
Edge_1(config)# show vlans ports 9
Edge_2(config)# show vlans ports 9

You should see that, by default, the new ports are not tagged members of any
VLAN, but they are untagged members of VLAN 1.
4. Configure the ports of the new switch-to-switch link on Edge_1 and Edge_2

Rev. 8.41 L4.3 – 11

port
Ethernet cable.
L4.3 – 12 Rev. 8.41

Configuring MSTP
Rev. 8.41 L4.3 – 13

Task 8. Verify connectivity and proper configuration for the second

link
C:> ping 10.1.10.1
C:> ping 10.1.20.1
C:> ping 10.1.30.1
2. On Edge_1 and Edge_3, configure the ports of the new switch-to-switch link

L4.3 – 14 Rev. 8.41

Configuring MSTP

Comment/
Switch
Filename
Core lab4.3_core
table above.
Rev. 8.41 L4.3 – 15

L4.3 – 16 Rev. 8.41

Configuring MSTP
Command Reference
needed.
Command Description
show spanning-tree Displays common spanning tree information
show spanning-tree mst-config Displays the MST configuration
spanning-tree Enables spanning tree
spanning-tree force-version mstp-operation Sets MSTP as spanning tree protocol version
spanning-tree protocol-version mstp Sets MSTP as spanning tree protocol version
spanning-tree config-name <name> Defines the name of the MST region
spanning-tree config-revision <number> Defines the revision number of the MST region
spanning-tree instance <instance-id> vlan

Assigns VLANs to an MST instance
<vlan-id>
<filename> server
Rev. 8.41 L4.3 – 17

L4.3 – 18 Rev. 8.41

Module 4 Lab 4
Objectives
Enable HP Switch Meshing
Verify operation of HP Switch Meshing
Overview
Up to this point you have investigated how network capacity between switches can
be improved using HP port trunking and multiple links. You have also deployed
either RSTP or MSTP with redundant paths to address network availability.
In this activity, you will examine an alternative approach to Layer 2 redundancy,
HP Switch Meshing, which can also support redundant paths in a network, but
with an important difference. With HP Switch Meshing, the alternative paths can
be used concurrently rather than be blocked by a spanning tree protocol. This
capability will enable ProCurve University to use the available bandwidth more
efficiently.
Before you actually move forward with implementing HP switch meshing, there
are various changes that you will need to make to the lab environment in terms of
the switch configurations and physical connections. These changes are necessary
for this lab scenario, because of two factors. The first factor is IP routing and HP
switch Meshing cannot be enabled concurrently on a ProCurve switch. The second
factor is the switch that you are using as Edge_3 (2610 series) does not support HP
Switch Meshing.
Rev. 8.41 L4.4 – 1

Network diagram
In this lab exercise, you will be implementing HP Switch Meshing on the Core,
Edge_1, and Edge_2 switches using the CLI. Edge_3, a 2610 series switch, does
not support HP Switch Meshing and so will not participate in the mesh. The IP
routing support will be “moved” from the Core switch to Edge_3 because IP
routing and HP switch Meshing cannot be enabled concurrently on a ProCurve
switch.
Edge_3 will forward IP traffic on behalf of users connected to VLANs 10, 20, and
30. RSTP (if lab 4.2 was completed) or MSTP (if lab 4.3 was completed) will
remain enabled since redundant paths exist between Edge_3 and the other two
edge switches.
L4.4 – 2 Rev. 8.41

Task 1. Modify the Core switch configuration

In this task, you remove IP address and IP helper address assignments from the
user VLANs and disable IP routing on the Core switch. You also modify the
spanning tree bridge priority and assign a default gateway IP address on the Core
switch.
Note
Due to the various IP addressing and Ethernet cabling changes you will
be making, it is recommended you access the CLI of each switch
directly using the console port instead of a Telnet connection.
1. Remove the IP address assigned to each user VLAN—VLANs 10, 20 and 30.
Core(config)# no vlan 10 ip address 10.x.10.1/24
2. Remove IP routing.
Core(config)# no ip routing
3. Specify a default gateway IP address identifying the Edge_3 switch, 10.x.1.4.

Core(config)# ip default-gateway 10.x.1.4

Rev. 8.41 L4.4 – 3

Task 2. Modify the Edge_3 switch configuration

In this task, you assign an IP address and IP helper address to the user VLANs and
enable IP routing on Edge_3. You also modify the spanning tree bridge priority
and remove the default gateway IP address on Edge_3.
1. Remove the default gateway IP address that identified the Core switch as the
default gateway.
Edge_3(config)# no ip default-gateway
2. Assign an IP address and IP helper address to each user VLAN—VLANs 10,

20 and 30.
VLAN IP Address IP Helper
10 10.X.10.1/24 10.X.1.10
20 10.X.20.1/24 10.X.1.10
30 10.X.30.1/24 10.X.1.10
Edge_3(config)# vlan 10 ip address 10.x.10.1/24

Edge_3(config)# vlan 10 ip helper-address 10.x.1.10

3. Enable IP routing.
Edge_3(config)# ip routing

L4.4 – 4 Rev. 8.41

Task 3. Modify the Edge_1 and Edge_2 switch configurations

In this task, you change the default gateway IP address on Edge_1 and Edge_2.
Make this configuration change to both Edge_1 and Edge_2.
Rev. 8.41 L4.4 – 5

Task 4. Modify the Windows server computer configuration

L4.4 – 6 Rev. 8.41

Task 5. Configure additional ports on Core, Edge_1 and Edge_2

In this task, you configure additional ports on each switch that will be used for the
new network connections. These additional ports will be tagged members of all
three user VLANs. You will need to define four additional ports on Core, Edge_1,
and Edge_2. No additional ports will be configured on Edge_3.
Note
Any ports configured in previous lab exercises can remain unchanged.
In most cases, you will be disconnecting the Ethernet cables from those
ports and using them to connect the additional ports you configure in
this task.
1. On the Core switch, configure four unused ports as tagged members of

VLANs 10, 20 and 30.
Note
Core(config)# vlan 10 tagged a1-a4


20 and 30.
Edge_1(config)# vlan 10 tagged 17-20

20 and 30.
4. Connect the additional ports you just configured for Core, Edge_1, and
Edge_2 by using the Ethernet cables currently used for the port trunks. Refer
to the network diagram for the general layout.
Note
The single link connecting Edge_1 to Edge_3 and the links of the port
trunk connecting Edge_2 to Edge_3 remain in place.
Rev. 8.41 L4.4 – 7

Task 6. Enable switch meshing on Core, Edge_1 and Edge_2

Since HP Switch Meshing and IP routing cannot be simultaneously enabled on a
switch, you will be enabling HP Switch Meshing only on the Core, Edge_1,
Edge_2 switches. Edge_3 will provide IP routing support.
1. Enable HP Switch Meshing for the additional ports you configured on Core,
Edge_1, and Edge_2.
Core(config)# mesh a1-a4
Edge_1(config)# mesh 17-20
Edge_2(config)# mesh 17-20
2. Save your configuration and reboot Core, Edge_1, and Edge_2.

Core(config)# reload
Repeat the commands above on Edge_1 and Edge_2.
L4.4 – 8 Rev. 8.41

Task 7. Verify proper spanning tree operation and network

connectivity
1. Verify that each switch-to-switch link is a tagged member of VLANs 10, 20,
and 30.
Note
If you show the list of ports in VLAN 1, you will see that the “Mesh”
entry is also tagged in this VLAN.
2. Verify the Windows server and client computers can successfully ping the IP
address of Core, Edge_1 and Edge_2, and the four IP addresses of Edge_3. If
any of the systems are unreachable, resolve the problem before proceeding.
C:> ping 10.1.10.1
C:> ping 10.1.20.1
C:> ping 10.1.30.1
C:> ping 10.1.1.1
C:> ping 10.1.1.2
C:> ping 10.1.1.3
C:> ping 10.1.1.4
3. Verify the Windows client computer can acquire a DHCP-assigned IP

address in each user VLAN.
4. If you have RSTP running, then display the spanning tree information for the
CST instance on all four switches for the currently connected links.
Otherwise, skip this step.
Core(config)# show spanning-tree mesh
Edge_1(config)# show spanning-tree mesh,7
Edge_2(config)# show spanning-tree mesh
Edge_3(config)# show spanning-tree 7,trk3
5. If you have MSTP running, then display the spanning tree information for
MST instance 1 on all four switches. Otherwise, skip this step.
Rev. 8.41 L4.4 – 9

6. Record the state of each port on the network diagram below using “F” to
L4.4 – 10 Rev. 8.41

Task 8. View the spanning tree details for MST instance 2

If you have MSTP running, then perform the steps of this task. Otherwise, skip all
steps of this task.
1. Display the spanning tree information for MST instance 2 on all four
switches.

2. Record the state of each port for MST instance 2 on the network diagram
below using “F” to indicate forwarding or “B” to indicate blocking.
Rev. 8.41 L4.4 – 11

Task 9. Verify switch meshing operation and network connectivity

1. Examine the status of all mesh ports. All mesh ports should show an
“Established” status.
Core# show mesh
Repeat the command above on Edge_1 and Edge_2.

2. From the Windows server or client computer, verify that you can reach the
other Windows computer and each of the switch IP addresses.
3. Use the TfGen application to generate traffic flows through the network. On
your Windows client computer, start the TfGen program and configure the
following options:
• Destination: 10.x.1.1 (Core), 10.x.1.2 (Edge_1) or 10.x.1.3 (Edge_2)
Note
For the IP address, specify an IP address of any device that is on the
other side of a mesh link relative to the Windows client computer.
will be saturated.
Core# show interface
Repeat the command above on Edge_1 and Edge_2.

To view the port counters dynamically, access the web interface and choose
L4.4 – 12 Rev. 8.41

Task 10. Restore your switch configuration files from lab 4.2 or lab
4.3
In preparation for the next lab exercise, you will need to restore the configuration
file you saved at the end of either lab 4.2 or lab 4.3 to each of your switches.
1. Using either the Deploy Configuration tool of ProCurve Manager or the
TFTP server on the Windows client, restore the respective configuration file
to Core, Edge_1, Edge_2, and Edge_3.
Note
To avoid disconnecting your Telnet connection(s), it is recommended
that you perform this step progressing from the farthest switch to the
nearest switch relative to the Windows computer you are using.
2. Reboot each of the switches.

3. On the Windows server computer, change the default gateway IP address to
the IP address of the Core switch, 10.x.1.1.
Rev. 8.41 L4.4 – 13

L4.4 – 14 Rev. 8.41

Command Reference
needed.
Command Description
Displays common spanning tree information for
a list of ports
show mesh Displays status of mesh ports

no vlan <vlan-id> ip-address
Deletes an IP address from a VLAN
<ip-address>
no ip routing Disables IP routing
no ip default-gateway Deletes a default gateway IP address
mesh <port-list> Defines port list as mesh ports
<filename> server
Rev. 8.41 L4.4 – 15

L4.4 – 16 Rev. 8.41

Module 5 Lab
Objectives
Perform the initial configuration of a Secure Router 7000dl
Configure passwords for serial console port, Telnet and privilege mode
access
Configure a WAN link that will use T1/E1 facilities and the Point-to-Point
protocol
Configure static routes to enable routing between your network and other
networks
Overview
ProCurve University is in the process of expanding geographically in the local
region by including a campus that has served as a separate community college in
the recent past. This expansion of the university will require deployment of a
Wide Area Network (WAN) link and two ProCurve Secure Router 7000dl series
systems. With the introduction of additional routers in the topology there is also
the need for the exchange of routing information. Initially, this will be
accomplished using static routes.
Deploying the Secure Router 7000dl will involve configuring one of its Ethernet
interfaces for local access and an E1/T1 interface that will support the Point-to-
Point (PPP) protocol for the WAN connection. A T1 connection is used primarily
in North America and Canada, whereas E1 is commonly used in locations. Since,
the ProCurve University main and remote campus locations comprise a routed
environment, either static routes will need to be defined or a dynamic routing
protocol such as Routing Information Protocol (RIP) or Open Shortest Path First
(OSPF) could be used. In this lab exercise, you will implement static routes. In a
later lab exercise you will implement dynamic routing.
Rev. 8.41 L5 – 1
Network diagram
In this lab exercise, you will configure a ProCurve Secure Router 7000dl labeled
Router. Router will connect to the instructor’s Secure Router 7000dl using a T1 (or
E1) crossover cable providing WAN connectivity between your network and the
instructor’s network.
L5 – 2 Rev. 8.41
Task 1. Connect to your Secure Router 7000dl

Since the Secure Router 7000dl is currently set to the factory default settings, you
will need to perform several initial configuration tasks. The initial tasks will
include assigning an IP address to an Ethernet interface so that you can access the
Secure Router 7000dl using Telnet over the management VLAN, 10.x.1.0.
The Secure Router 7000dl, like the other switches you have managed during this
course, supports an out-of-band connection (serial console port) for access to the
CLI. The default console port settings are the following:
Parameter Setting
Baud rate 9600
Data bits 8
Parity none
Stop bits 1
Flow control none
Note
Only one student will perform the configuration tasks on the Secure
Router 7000dl.
1. Using the console cable, connect your Windows computer to the Secure
Router 7000dl and start the Tera Term Pro or other terminal emulation
application you are using.
2. Press enter a few times and you should see a prompt similar to the following:
ProCurveSR7102dl>
Note
The CLI supports the use of command syntax shortcuts and
tab completion. To display a list of commands type “?”. To
see a list of options for a given command type a space and a
“?” after the command.
Rev. 8.41 L5 – 3
Task 2. Configure a console password using MD5

The console password is used to control out-of-band access to the Secure Router
7000dl CLI. By default, the console password is not set. In this task, you will
configure the console password.
To set the console password, you use the CLI “password” command. This
command supports a password encryption option that allows you to specify the
MD5 hash algorithm. Doing so, allows the password information to be encrypted
within the configuration file.
Note
In cryptography, MD5 (Message-Digest algorithm 5) is a widely-used
cryptographic hash function with a 128-bit hash value. MD5 is
commonly used with such facilities as the Challenge Handshake
Authentication Protocol (CHAP) and IPSec VPN tunnels. MD5 is
defined in RFC 1321.

ProCurveSR7102dl> enable
2. Access the global configuration context level.

ProCurveSR7102dl# configure terminal
3. Access the “console line” context level using the “line” command.
ProCurveSR7102dl(config-con0)#
4. Configure the console password using the “password md5” command.

Specify “password” for the password.
ProCurveSR7102dl(config-con0)# password md5 password
5. View the running configuration and verify that your console password has
been set.
ProCurveSR7102dl(config-con0)# show running-config
a. Are you able to read your configured password? __________

If you are able to read your password, then retrace your steps and verify your
configuration.
L5 – 4 Rev. 8.41
6. Exit from the CLI. Then reestablish your out-of-band connection.

ProCurveSR7102dl(config-con0)# exit
ProCurveSR7102dl(config)# exit
ProCurveSR7102dl# exit
a. Are you asked to provide a password? __________

b. What is needed in the configuration to prompt for a password for an out-
of-band management session? _____________________________
_________________________________________________________
7. Change the console configuration to require a password to log on.
ProCurveSR7102dl(config)# line console 0
ProCurveSR7102dl(config-con0)# login
8. Exit from the CLI. Then reestablish your out-of-band connection by

providing your configured password.
ProCurveSR7102dl(config-con0)# do logout
Password: ********
You should be prompted for your password.

9. Access the global configuration context level and use the “do write
memory” command to commit the configuration changes to memory.
The “do” command provides a way to execute commands in other
configuration modes without taking the time to exit the current configuration
mode and enter the desired one.
ProCurveSR7102dl(config)# do write memory
Note
For the 7000dl series, it is necessary to commit password changes to the
startup configuration file stored on the compact flash.
Rev. 8.41 L5 – 5
Task 3. Configure a hostname

1. Configure a hostname using the “hostname” command. Specify “Router”
for the hostname.
ProCurveSR7102dl(config)# hostname Router
The prompt should then look like the following:

Router(config)#
L5 – 6 Rev. 8.41
Task 4. Configure and enable an Ethernet interface

There are two Ethernet ports on your Secure Router 7000dl that are internally
identified as “eth 0/1” and “eth 0/2”. In this task, you will configure an IP address
for eth 0/1, the first Ethernet interface. After an IP address is assigned, you will be
able to use Telnet to access your Secure Router 7000dl and continue on with the
configuration tasks involved in setting up WAN connectivity.
Note
The Ethernet ports on the 7000dl series must be activated before the
configured IP addresses can be used.
1. Access the Ethernet interface context of the port 1 using the “interface”
command.
Router(config)# interface ethernet 0/1

Router(config-eth 0/1)#
2. Assign the IP address “10.x.1.5” to Ethernet interface 1 using the “ip

address” command.
Router(config-eth 0/1)# ip address 10.x.1.5 /24
Note
Like other ProCurve switches, you can use CIDR notation when
assigning an IP address. One difference is that for the Secure Router
7000dl series you must insert a space between the IP address and the “/”
that precedes the number of mask bits.
Example: ip address 10.1.1.5 /24
3. Examine the interface status using the “do show interfaces ethernet
0/1” command.
Router(config-eth 0/1)# do show interfaces ethernet 0/1
Notice that the interface is indicated as “administratively down”. The

Ethernet ports on the 7000dl series must be explicitly enabled before they can
be used.
Rev. 8.41 L5 – 7
4. Enable Ethernet interface 1 using the “no shutdown” command.

Router(config-eth 0/1)# no shutdown
5. Connect an Ethernet cable to the port labeled Eth 0/1 on the Secure Router
7000dl and the other end to an unused port on the Core switch that is an
untagged member of VLAN 1.
A message should be displayed in the console window indicating the
interface’s state has changed to up “INTERFACE_STATUS.eth 0/1
changed state to up”.
L5 – 8 Rev. 8.41
Task 5. Configure a password for Telnet sessions using MD5

Although an IP address has been assigned and the Ethernet interface is enabled and
physically connected, Telnet access can only be established by doing one of the
following:
Assigning a password to one or all of the Telnet sessions, or
Changing the Telnet configuration from “login” to “no login”. This
latter approach is not recommended due to the inherent lack of security.
When you assign a password, it is used for all incoming Telnet connections. Once
connected, you will be prompted for the user executive level password. To enter
the privilege level exec, a password will need to be configured.
1. Access the context for Telnet sessions 0-4 using the “line telnet 0 4”
command.
Note
You will be assigning a password for all the Telnet sessions (0 to 4), but
you can setup an distinct password for each session. By doing so, you
would need to know the association of a session number to its password.
Router(config)# line telnet 0 4

Router(config-telnet0-4)#
2. Assign an MD5 encrypted password for Telnet sessions. Specify

Router(config-telnet0-4)# password md5 password
3. Save your configuration and leave your console port session open for now.
Router(config-telnet0-4)# do write memory
Rev. 8.41 L5 – 9
Task 6. Start a Telnet session with your Secure Router 7000dl

1. Using a Command Prompt on your Windows server computer, Telnet to the
IP address you assigned to the Eth 0/1 interface on Router.
C:> telnet 10.x.1.5

Router> enable
No privileged mode password set.
a. Are you allowed to access the privilege mode? Why? _____________

__________________________________________________________
3. From your out-of-band console session, configure a password that will be
required for accessing privilege mode. At the global configuration context
level, use the “enable password md5” command. Specify “password”
for the password.
Router(config)# enable password md5 password
Note
At this point, you have configured three passwords. One password to
access the CLI through the console port, a second password to connect
through Telnet, and a third password for accessing the privilege mode
level. Privilege mode access is initiated using the enable command.
4. Save your configuration changes and close your out-of-band console session.
Router(config)# do write memory
Router(config)# do logout
5. Now, you should be able to return to a Telnet session, login, and use the
enable command to access the privilege mode level.
C:> telnet 10.x.1.5
Password: ********
Router> enable
Password: ********
Router#
L5 – 10 Rev. 8.41
Task 7. Configure a T1 interface

1. Access the T1 context level using the “interface t1 1/1” command.
Router(config)# interface t1 1/1

Router(config-t1 1/1)#
2. Assign the Time Division Multiplexing (TDM) group and timeslots using the
“tdm-group 1 timeslots 1-24” command.
Note
Router(config-t1 1/1)# tdm-group 1 timeslots 1-24
3. Connect a T1 crossover cable from your T1 interface to the instructor’s

Secure Router 7000dl. Ask the instructor which port on the instructor’s
Secure Router 7000dl you should use to connect the T1 crossover cable.
Typically, the port number you should use will correspond to your group
number—port 1 for group 1, port 2 for group 2, and so forth.
Rev. 8.41 L5 – 11
4. Examine the status of the T1 interface using the “do show interface t1
1/1” command.
Router(config-t1 1/1)# do show interface t1 1/1
You should see a listing similar to the following:
t1 1/1 is administratively down

Receiver has no alarms
T1 coding is B8ZS, framing is ESF
Clock source is line, FDL type is ANSI
Line build-out is 0dB
No remote loopbacks, No network loopbacks
Acceptance of remote loopback requests enabled
Tx Alarm Enable: rai
Last clearing of counters 02:58:30
loss of frame : 0
loss of signal : 0
AIS alarm : 0
Remote alarm : 0
DS0 Status: 123456789012345678901234

DDDDDDDDDDDDDDDDDDDDDDDD
Status Legend: '-' = DS0 is unallocated
'N' = DS0 is dedicated (nailed)
'D' = DS0 is allocated to DSX port
Line Status: -- No Alarms --
5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec
Current Performance Statistics:
0 Errored Seconds, 0 Bursty Errored Seconds
0 Severely Errored Seconds, 0 Severely Errored Frame Seconds
0 Unavailable Seconds, 0 Path Code Violations
0 Line Code Violations, 0 Controlled Slip Seconds
0 Line Errored Seconds, 0 Degraded Minutes
TDM group 1, line protocol is not set

Encapsulation is not set
L5 – 12 Rev. 8.41
5. Enable the T1 interface.

Router(config-t1 1/1)# no shutdown

T1.t1 1/1 Yellow

INTERFACE_STATUS.t1 1/1 changed state to administratively up
T1.t1 1/1 No Alarms
INTERFACE_STATUS.t1 1/1 changed state to up
6. Check the status of the T1 interface again to examine the “up” status
information in more detail.
Router(config-t1 1/1)# do show interface t1 1/1
Rev. 8.41 L5 – 13
Task 8. Configure PPP for the T1 interface

Next you will configure the Point-to-Point protocol (PPP) for the T1 interface.
The T1 interface configuration you did in the prior step corresponds to Layer 1
operation. Configuring PPP defines the Layer 2 protocol that will be used to
transport frames over the T1 link.
1. Access the PPP interface context level.
Router(config-t1 1/1)# interface ppp 1
Any number from 1 to 1024 can be used.

Router(config-ppp 1)#
Note
2. View the running configuration and note the PPP interface configuration.
Router(config-ppp 1)# do show run
a. By default, what is the state of a newly created PPP interface?

_________________________________________________________
3. Assign the IP address and mask from the network diagram to the PPP
interface. Note that the mask is 29 bits, 255.255.255.248.
Router(config-ppp 1)# ip address 192.168.x.1 /29
L5 – 14 Rev. 8.41
4. Bind the T1 interface to PPP using the “bind” command.

Router(config-ppp 1)# bind 1 t1 1/1 1 ppp 1


2005.08.08 00:32:13 PPP.NEGOTIATION t1 1/1: LCP down
2005.08.08 00:32:21 PPP.NEGOTIATION ppp 1: LLDPCP up
2005.08.08 00:32:21 PPP.NEGOTIATION ppp 1: IPCP up
2005.08.08 00:32:22 INTERFACE_STATUS.ppp 1 changed state to up
The bind command creates a bind group which, as it sounds, binds the T1
physical interface with the virtual PPP interface and then considers the two as
one unique group.
Command syntax: bind <bind number (1-1024)> <physical interface type (t1
or e1)> <slot number>/<port number> <tdm* group number> <virtual
interface type (ppp or frame relay) > <virtual interface number (1-1024)>
5. Examine the PPP interface status using the “show interfaces” command.
Router(config-ppp 1)# do show interfaces ppp 1

Rev. 8.41 L5 – 15
Task 9. Verify connectivity

1. Determine the peer IP address of the instructor’s Secure Router 7000dl by
examining the output from the “show interfaces ppp” command. Look
for the line entry “Peer address=<ip-address>”.
2. From Router, ping the PPP peer IP address to verify connectivity.
Router(config)# ping 192.168.x.2
L5 – 16 Rev. 8.41
Task 10. Configure static routes

Static routes will be configured to allow for connectivity outside of the local
network. You will begin by defining static routes that will allow for connections to
the instructor’s network. Then, you will add routes identifying routes to other
devices of other student groups.
1. From Router, try to ping a device located in the instructor’s inside network,
10.100.1.0/24.
Unless otherwise specified by the instructor, try 10.100.1.254 (instructor’s
Secure Router 7000dl) and 10.100.1.1 (instructor’s 5400zl switch).
Router(config)# ping 10.100.1.254
a. Were you successful? __________

2. View the routing table entries on Core, which is functioning as a router, and
Router, which has routing enabled by default, using the “show ip route”
command.
Notice that neither system has an entry for the 10.100.1.0 network.
Note
Use the show ip route command throughout the remaining steps to
verify routing table entries and to help you in troubleshooting. There are
additional options that you can specify with the show ip route
command that you may find useful such as ‘static’, ‘connected’,
‘rip’, ‘summary’ (7000dl) and ‘table’ (7000dl).
3. Add the following static route to Router.
10.100.1.0 255.255.255.0 192.168.x.2
The command will specify the instructor’s inside network as the destination
and the instructor’s PPP interface as the next hop.
Note
Remember, you must insert a space between the IP address and the “/”
that precedes the number of mask bits when using CIDR notation.
Router(config)# ip route 10.100.1.0 /24 192.168.x.2
Rev. 8.41 L5 – 17
4. Try again to ping a device in the instructor’s inside network from Router.
Router(config)# ping 10.100.1.254
a. Were you successful this time? _________

b. What do you think may be configured on the instructor’s router that tells
it where to respond to your ping request? ________________________
__________________________________________________________
5. Now, try to ping a device in the instructor’s network from a command
prompt on both your Windows server and client computers. The Windows
client computer should have an IP address assigned via DHCP.
C:> ping 10.100.1.254
a. Were you successful from the Windows computers? Why? ________

________________________________________________________
________________________________________________________
________________________________________________________
6. On your Core switch, add the following route:
10.100.1.0 255.255.255.0 10.x.1.5
Using this route, you are telling the Core switch that the path to the
10.100.1.0/24 network is reached through the Ethernet interface of Router,
10.x.1.5.
Core(config)# ip route 10.100.1.0/24 10.x.1.5
7. Try again to ping a device in the instructor’s inside network from your
Windows server and client computers.
C:> ping 10.100.1.254
The ping from the Windows server computer should be successful.

a. Why was the ping from the Windows client computer unsuccessful?
_______________________________________________________
_______________________________________________________
_______________________________________________________
_______________________________________________________
b. Where do you need to add a route so that you can ping a device in the
Hint: Examine the routing tables of Core and Router.
_______________________________________________________
_______________________________________________________
L5 – 18 Rev. 8.41
8. On Router, add one of the following routes based on the VLAN in which the
Windows client computer is located. Then, verify you can successfully ping
a device in the instructor’s inside network from your Windows client
computer?
10.x.10.0 255.255.255.0 10.x.1.1
10.x.20.0 255.255.255.0 10.x.1.1
10.x.30.0 255.255.255.0 10.x.1.1
Router(config)# ip route 10.x.30.0 /24 10.x.1.1
C:> ping 10.100.1.254
Rev. 8.41 L5 – 19
Task 11. Use summary and default routes to reach other networks
To reach each of the networks of other student groups (10.x.1.0, 10.x.10.0, and so
forth), you could add a route for each network that includes the student group
number in the second octet of the route’s destination network. Alternatively, you
could use a shortcut approach that involves defining a summarized route.
1. On Router, add the following summary route.
10.0.0.0 255.0.0.0 192.168.x.2
opposed to adding individual routes? ___________________________
__________________________________________________________
2. From Router, test connectivity by pinging devices in another student group’s
network.
In general, when the router receives a packet that it does not know how to forward,
it drops it. You can configure a default route, which allows the router to forward
all such packets toward a destination most likely to be able to route them.
To configure a default route, you define a route that has a destination IP address of
all zeros and a subnet mask of all zeros. The subnet of all zeros tells the router that
a packet’s IP address does not have to match any of the destination address bits of
the default route to be valid. Because the router attempts to match a packet’s
destination IP address to the most specific route, it will only use the default route
as the last choice.
Note
The addition of the default route on your router will be performed during the
“Configuring Dynamic Routing” lab. At that time, once all teams have
performed that task, you will be able to ping from your router to another
student group’s network.
3. On your Core switch, add a default route that specifies the IP address of
Router’s Ethernet interface as the gateway.
0.0.0.0 0.0.0.0 10.x.1.5
Core(config)# ip route 0.0.0.0/0 10.x.1.5
a. What does the command above do? ____________________________

__________________________________________________________
L5 – 20 Rev. 8.41
4. From your Windows server and client computers, test connectivity to the
other student group networks by pinging the IP address of the other student
group’s Core switch.
Write the group number below when you receive a successful ping response,
implying that student group has completed the equivalent configuration tasks
on their side of the network.
10._____.1.1
10._____.1.1
10._____.1.1
10._____.1.1
10._____.1.1
10._____.1.1
5. From your Windows server and client computers, try using the “tracert”
command to follow the path from your source network to any of the other
student group networks.
C:> tracert 10.x.1.1
Rev. 8.41 L5 – 21

2. Use the PCM configuration scan tool to back up the configuration file of your
Core switch to the PCM Management Server.
Note
To use PCM to back up your Secure Router’s configuration file, you
must first configure SNMP on the Secure Router 7000dl and then
discover the device using PCM. See the optional task at the end of this
lab for the steps on how to do that.
Comment/
Switch
Filename
Core lab5_core
Router lab5_router
4. Back up the configuration file of the Router from the CLI by transferring the
Note
The syntax of the “copy” command on the Secure Router 7000dl series
is different from that of the other ProCurve switches you have been
using during this course. Here is an example of the syntax for the
Secure Router 7000dl series:
Router(config)# copy startup-config tftp

Address of remote host? 10.1.30.50
Destination filename? lab5_router
Initiating TFTP transfer...
Sent 1438 bytes.
Transfer complete.
Router#
L5 – 22 Rev. 8.41
Optional Tasks
Optional Task 13. Using the Web interface of the Secure Router
7000dl
In this task you configure the Secure Router 7000dl to allow access to the built-in
web interface and then use a browser to access the web interface.
1. From global configuration context level, enable the HTTP server using the
“ip” command.
Router(config)# ip http server
2. Configure a username and password for the HTTP authentication realm using
the “username” command. Specify “procurve” for the username and
Router(config)# username procurve password password
3. Save the configuration changes.

4. On your Windows computer, open a web browser and specify the IP address
of Router for the URL.
http://10.x.1.5.
5. In the authentication realm dialog box, specify the username and password
you configured in the prior step.
Rev. 8.41 L5 – 23
6. After you acknowledge the registration window prompt, the ProCurve Secure
Router 7000dl main window appears.
7. Examine some of the options listed in the left pane of the main window. For
example, if you click “IP interfaces”, you should see the IP addresses you
defined for the Ethernet 0/1 and the PPP 1 interfaces.
L5 – 24 Rev. 8.41
8. If you click “Route Table”, you should see the directly connected routes and
the static routes you added.
9. Close your browser window when you are done examining the web interface.
Rev. 8.41 L5 – 25
Optional Task 14. Using PCM to manage the Secure Router 7000dl
In this task you configure the Secure Router 7000dl to allow SNMP access so it
can be discovered by ProCurve Manager.
1. From global configuration context level, enable the SNMP agent using the
“ip” command.
Router(config)# ip snmp agent
2. Configure the SNMP community name as “public” for read-write access

using the “snmp-server” command.
Router(config)# snmp-server community public rw
3. Start ProCurve Manager and click Tools > Manual Discovery Wizard.
4. In the “Welcome to the Device Discovery Wizard” window, click Next.
5. In the “SNMP Version Selection” window accept the default of “SNMP
V2” and click Next.
6. In the “Enter Device Information” window, specify “10.x.1.5” for the

Device IP address and “public” for the SNMP Read and Write Community
Names. Then click Next. ProCurve Manager will attempt to connect to the
device.
7. In the “Connection Status” window, click Next. The discovery process
starts.
8. In the “Discovery Status” window, click Next. Then click Finish.
9. In the “Devices List” window, Router should now be listed. At this point,
you can examine other PCM aspects as they pertain to the Secure Router
7000dl such as its placement on the Network Map, accessing the device CLI,
and so forth.
L5 – 26 Rev. 8.41
Command Reference
needed.
show interfaces ethernet <slot>/<port> Displays status of an Ethernet interface
show interfaces t1 <slot>/<port> Displays status of a T1 interface
show interfaces ppp <interface-id> Displays status of a virtual PPP interface
enable Accesses privilege mode level
logout Logs off current user from router
configure terminal Accesses global configuration mode
line console 0 Accesses console line context level
interface ethernet <slot>/<port> Accesses an Ethernet interface context level
interface t1 <slot>/<port> Accesses an T1 interface context level
interface ppp <interface-id> Accesses a virtual PPP interface context level

do <command>
Defines a console password that will be stored

password md5 <password>
encrypted
login Enables password for console login
hostname <name> Defines a hostname for the router
no shutdown Within an interface context, enables an interface
tdm-group <group-number> timeslots 1-24 Defines a TDM group consisting of 24 channels
bind <group-number> t1 <slot>/<port> ppp Creates a bind group consisting of a T1 interface

<interface-id> and a virtual PPP interface
Within an interface context, assigns an IP address

ip address <ip-address> /<mask-bits>
to an interface

ip route <network-address>/<mask-bits>
Defines a static route on a switch
ip http server Enables the HTTP server
ip snmp agent Enables the SNMP agent
Defines the SNMP community name and read/write

snmp-server community <name> rw
access rights
username <name> password <password> Defines a username ands password account
Rev. 8.41 L5 – 27
copy startup-config tftp Copies startup configuration file to a TFTP server
L5 – 28 Rev. 8.41
Module 6 Lab
Objectives
Configure routing switches to use RIP
Examine routing tables to determine the active path used to reach destinations
Implement alternate paths to a destination and examine how RIP selects the
preferred route
Modify RIP operation by adjusting the route metric
Overview
The next step for ProCurve University is to migrate from the initial use of static
routes for connectivity to the remote campus to the use of a RIP for their interior
network. RIP is not new technology and has been in fairly widespread use since
the early 1990’s. RIP allows for dynamic changes in network connectivity to occur
and for the network to recover and use alternate paths if they are available.
In this lab exercise, you will be deploying RIP so that your network can
dynamically adjust to topology changes such as a link-down condition where the
primary path to a destination is no longer available. RIP will automatically switch
to another available link, allowing the source and destination to reestablish
network connectivity.
As part of your task, you will be implementing an additional LAN link to the
instructor’s network. This additional link will serve as an alternative path to the
existing one that uses the WAN link to the instructor’s network and which was
implemented in the prior lab exercise.
Rev. 8.41 L6 – 1
Network diagram
In this lab exercise, you will be implementing RIP and examining the affects on
route selection when multiple paths exist to the same destination and how RIP
adjusts the route selection when a link in the primary path fails. RIP will be
enabled on the Core and Router routing switches. On Router, you will enable RIP
on the 10.x.1.0/24 network. On Core, you will enable RIP on VLANs 1 and 1x.
L6 – 2 Rev. 8.41
Task 1. Modify the static routes on Router

In the prior lab exercise, you added one or more static routes to your Secure
Router 7000dl. In this task, you remove the static routes and add a default route.
This is being done as part of the reconfiguration of your network topology in
preparation for the implementation of RIP.
1. On Router, examine the static routes that are currently configured by listing
the routing table. Use the option with the “show ip route” command that
allows you to display only static routes.
Router(config)# do show ip route ?
Router(config)# do show ip route static
2. Remove the static routes to the 10.0.0.0 network and the 10.100.1.0 subnet
using the “no ip route” command.
Router(config)# no ip route 10.0.0.0 /8 192.168.x.2
Router(config)# no ip route 10.100.1.0 /24 192.168.x.2
3. You may have also added one or more static routes in the prior lab that were
used to reach your Windows client computer in user networks on VLAN’s
10, 20 or 30. If you did, remove those static routes as well.
Router(config)# no ip route 10.x.10.0 /24 10.x.1.1
4. Add a default route that uses the WAN link to the instructor’s network.
5. At this point, the routing table on Router should look similar to the following
Router(config)# do show ip route table

0.0.0.0 0.0.0.0 192.168.x.2 ppp 1 Static
10.x.1.0 255.255.255.0 0.0.0.0 eth 0/1 Connected
192.168.x.0 255.255.255.248 0.0.0.0 ppp 1 Connected
192.168.x.2 255.255.255.255 0.0.0.0 ppp 1 Connected
Note
Be sure your routing table includes the default route highlighted in bold above.
If the default route is not added, you will not be able to ping across your router
to another student group’s network. As long as that student group has also
added the default route on their router.
Rev. 8.41 L6 – 3
Task 2. Enable RIP on Router

In this task, you configure RIP version 2 on your Secure Router 7000dl.
Router(config)# router rip
2. Configure RIP version 2. The version must be set to either 1 or 2. Since

version 2 has improvements over version 1 and is also the default for the
5400zl, which you will configure next, you will use version 2 in this lab.
Router(config-rip)# version 2
3. Configure RIP to redistribute static routes using the “redistribute”

command.
The “redistribute” command allows RIP to send designated routing
information to neighboring devices. Connected, static, and OSPF routes can
be redistributed into the RIP routing domain. Since redistribution of
connected routes is the default setting, you will need to change that setting to
include redistribution of static routes.
Router(config-rip)# redistribute static
4. Specify 10.x.1.0/24 as a network that RIP will be enabled on using the

“network” command.
Note
You must specify the mask using dotted-decimal quad notation, not a
prefix length format, because RIP does not support CIDR.
Router(config-rip)# network 10.x.1.0 255.255.255.0

the RIP configuration that looks similar to the following where “x” will be
replaced by your group number.
Router(config-rip)# do show running-config
!
router rip
version 2
redistribute static
network 10.x.1.0 255.255.255.0
!
L6 – 4 Rev. 8.41
Task 3. Remove the static routes on Core

Removing the static routes on Core will allow RIP to “learn” the best route. Static
routes, if allowed to remain on Core, would take precedence over routes
dynamically learned through RIP, once RIP is enabled.
Note
Unplugging a cable connected to a port used by a static route will only
temporarily disable that route. The route will be removed from the
routing table, however, when the port is reconnected, the route will be
inserted back into the routing table.
1. On Core, examine the static routes that are currently configured by listing the
routing table.
Core(config)# show ip route
2. Remove the static routes to the 10.100.1.0 subnet and the default route using
the “no ip route” command.
Core(config)# no ip route 10.100.1.0/24 10.x.1.5
Core(config)# no ip route 0.0.0.0/0 10.x.1.5
3. At this point the routing table on Core should look similar to the following
Core(config)# show ip route
IP Route Entries

---------------- --------------- ---- --------- --------- --------- -----
10.x.10.0/24 VLAN10 10 connected 0 0
10.x.20.0/24 VLAN20 20 connected 0 0
10.x.30.0/24 VLAN30 30 connected 0 0
127.0.0.0/8 reject static 0 250
127.0.0.1/32 lo0 connected 0 0
Rev. 8.41 L6 – 5
Task 4. Enable RIP on Core

Although you previously enabled IP routing on Core during lab exercise 2, no
dynamic routing update protocol such as RIP or OSPF was enabled. In this task
you will enable RIP version 2, making RIP available to the VLAN interfaces.
When you enable RIP, version 2 is used by default. If you require version 1, you
must use a command to explicitly enable version 1 use only. Alternatively, there is
a compatibility mode which allows for both versions 1 and version 2 within the
same VLAN. The associated commands can be found in the Advanced Traffic
Management guide.
Core(config)# router rip
2. Enable RIP on VLAN 1.

To actually use RIP, you must enable it at the VLAN level for each VLAN
that will need to send and/or receive RIP updates.
Note
You can enable RIP on VLAN 1 from within the RIP configuration
context (Core(rip)#) using a single command. Alternatively, you can
first access the VLAN configuration context (Core(vlan-1)#) and
then enable RIP.
Core(rip)# vlan 1 ip rip
Additional options, such as version, redistribute, metric, and split

horizon/poison reverse (loop prevention) can be configured for each
RIP-enabled VLAN as well. These options can be found in the Advanced
Traffic Management Guide
Q 1. What command would you use to change the RIP version used on Core?
__________________________________________________
the RIP configuration that looks similar to the following.
Core(rip)# show running-config
router rip
exit
vlan 1
ip rip 10.x.1.1
exit
L6 – 6 Rev. 8.41
Task 5. Observe updates to the routing tables

At this time, you should check to see that RIP is working properly.
1. On Core and Router, display the routing tables.
Core(rip)# show ip route
Router(config-rip)# do show ip route table
The routing table on Core should look similar to the following where “x” will
be replaced by your group number.
IP Route Entries

---------------- --------------- ---- --------- --------- --------- -----
0.0.0.0/0 10.1.1.5 1 rip 2 120
10.x.10.0/24 VLAN10 10 connected 0 0
10.x.20.0/24 VLAN20 20 connected 0 0
10.x.30.0/24 VLAN30 30 connected 0 0
127.0.0.0/8 reject static 0 250
127.0.0.1/32 lo0 connected 0 0
The routing table on Router should look similar to the following where “x”
will be replaced by your group number.

0.0.0.0 0.0.0.0 192.168.x.2 ppp 1 Static
10.x.1.0 255.255.255.0 0.0.0.0 eth 0/1 Connected
10.x.10.0 255.255.255.0 10.x.1.1 eth 0/1 RIP
10.x.20.0 255.255.255.0 10.x.1.1 eth 0/1 RIP
10.x.30.0 255.255.255.0 10.x.1.1 eth 0/1 RIP
192.168.x.0 255.255.255.248 0.0.0.0 ppp 1 Connected
192.168.x.2 255.255.255.255 0.0.0.0 ppp 1 Connected
Router (Secure Router 7000dl) should be redistributing the default route to

Core (5400zl). The type of route becomes labeled as a RIP route on Core as
opposed to a static route on Router. Notice the “gateway IP address”.
Router should be showing the VLAN networks distributed by Core. The
routing table should show the VLAN subnets and the corresponding gateway
IP address. Likewise, notice the gateway IP address.
Rev. 8.41 L6 – 7
2. Try using the “connected”, “static”, and “rip” options with the show ip route
command to filter the display of the routing table information.
Core(rip)# show ip route connected
Core(rip)# show ip route static
Core(rip)# show ip route rip
Router(config-rip)# do show ip route connected

Router(config-rip)# do show ip route static
Router(config-rip)# do show ip route rip
3. From your Windows client computer, test connectivity using ping. Check to
see that devices in the instructor’s network as well as other student networks
are reachable.
For example, you should be able to ping the instructor’s WAN link IP
address (192.168.x.2) corresponding to your group number and those of the
other student groups. You should also be able to ping the VLAN 1, 10, 20,
and 30 IP addresses of the Core, Edge_1, Edge_2, Edge_3, and Router
systems in the networks of other students.
C:> ping 192.168.x.2 (where x =1, 2, …, 6)
C:> ping 10.x.1.1 (where x =1, 2, …, 6)
C:> ping 10.x.10.1 (where x =1, 2, …, 6)
C:> ping 10.x.20.1 (where x =1, 2, …, 6)
C:> ping 10.x.30.1 (where x =1, 2, …, 6)
L6 – 8 Rev. 8.41
Task 6. Change the routing metric on Router

Changing metrics associated with routes can be used to control which routes are
used to reach destinations. You will use this capability in this lab exercise to see
the affect on the route selection process. It is not necessarily recommended that
you do so in a production network, since you may cause a route to become
“unusable”, i.e., the destinations to be considered unreachable through that route.
Note
By default, the Secure Router increases the cost of a RIP route that is
learned on an interface. The Secure Router increases the cost by adding
one to the route's metric before storing the route. You can change the
amount that an individual VLAN interface adds to the metric of RIP
routes learned on the interface.
RIP considers a route with a metric of 16 to be unreachable. Use this
metric only if you do not want the route to be used. In fact, you can
prevent the switch from using a specific interface for routes learned
though that interface by setting its metric to 16.
1. On Router, change the RIP default metric value to a value of “2”.

Router(config-rip)# default-metric 2
2. On Core, display the routing table. You should see that the metric for the
default route entry has increased by a value of 2. You may have to wait
several seconds for the updated entry to be sent by Router.
Rev. 8.41 L6 – 9
Task 7. Create a new VLAN on Core

This new VLAN will be used to demonstrate the affect of RIP on two networks
and show the functionality of how RIP dynamically updates the routing table and
chooses its default route.
1. On Core, create VLAN 1x with an IP address of 10.x.1x.1/24.
Note
Substitute your group number for “x” in the VLAN identifier and the IP
address.
Remember, you can create the VLAN and assign the IP address from
within the RIP configuration context using a single command.
Alternatively, you can first access the VLAN configuration context and
then assign the IP address.
Core(rip)# vlan 1x ip address 10.x.1x.1/24
2. Add an unused port as a tagged member of this VLAN.

Core(rip)# vlan 1x tagged A2
L6 – 10 Rev. 8.41
Task 8. Enable RIP on the new VLAN

On Core, RIP will be enabled for this new VLAN. You will be connecting a link
from your Core switch to the instructor’s 5400zl (or equivalent) switch.
1. Enable RIP on VLAN 1x.
Core(rip)# vlan 1x ip rip
Note
An additional VLAN is being added and RIP enabled on this VLAN to
expedite the time that RIP takes to send a triggered update when a
routing topology change occurs. The default route entry on Core,
learned via RIP, will be more quickly updated when the LAN link
associated with the new VLAN fails. In contrast, if you had assigned the
new LAN link to VLAN 1, then you would simply have to wait thirty
seconds or more for the switch to learn the new default path.
2. Connect an Ethernet cable from the port you assigned to VLAN 1x on Core
to the instructor’s switch. Ask the instructor which port on the instructor’s
switch you are to use to connect your Core switch.
Rev. 8.41 L6 – 11
Task 9. Observe updates to the routing tables with the new VLAN
rip” command on Core. Indicate below, the differences in the routing table
compared to how the routing table appeared prior to connecting the second
link to the instructor’s network.
Include the default route, routes to destinations in the instructor’s network,
and routes to destinations in the networks of other students. Summarize the
routes to the other students’ networks by substituting the “x” for the second
octet.
Core(rip)# show ip route rip
Note
The number of routes in the instructor’s network may vary depending
on how the instructor has configured the switches.
rip” command on Router and indicate the differences below.
Router(config-rip)# do show ip route rip
L6 – 12 Rev. 8.41
Task 10. Verify dynamic updates

In this last step, the goal is to examine dynamic routing changes to the network.
1. Disconnect the Ethernet cable you connected in the task above
2. Display the routing table on Core and Router. With RIP it may take a few
seconds for changes due to the disconnected link to be reflected in the routing
table.
Router(config-rip)# do show ip route
3. Reconnect the Ethernet cable and examine the routing table.

4. Again, disconnect the Ethernet cable and examine the routing table.
Router(config-rip)# do show ip route
5. Make note of the results below:

Q 1. When the link is disconnected, what happens?
__________________________________________________________
__________________________________________________________
__________________________________________________________
Q 2. Then, when you reconnect, what happens?
__________________________________________________________
__________________________________________________________
__________________________________________________________
Rev. 8.41 L6 – 13

2. Use the PCM configuration scan tool to back up the configuration file of
Core and Router to the PCM Management Server.
Comment/
Switch
Filename
Core lab6_core
Router lab6_router
table above.
L6 – 14 Rev. 8.41
Command Reference
needed.
show ip route ? Displays options for ip route command
show ip route Displays all routes
show ip route rip Displays RIP-learned routes
show ip route static Displays static routes
show ip route connected Displays directly connected routes
Displays all routes in a formatted tabular layout on

show ip route table
a secure router

do <command>

no ip route <network-address> /<mask-bits>
Deletes a static route
no ip route <network-address> <mask-bits>
Deletes a static route on a switch
router rip Accesses the RIP context level
version 2 Sets the RIP version to 2
redistribute static Enables redistribution of static routes
Enables RIP on the interface with the specified

network <network-address> <decimal-mask>
network address
vlan <vlan-id> ip rip Enables RIP on the specified VLAN of a switch
vlan <vlan-id> ip address Assigns an IP address to the specified VLAN of a

<ip-address>/<mask-bits> switch
Sets the value of the default metric added to

default-metric <value>
learned routes
Rev. 8.41 L6 – 15
L6 – 16 Rev. 8.41
Module 7 Lab
Objectives
Enable simple, non-redundant connectivity and generate delay-sensitive
traffic by playing a video over the network
Simulate network congestion by manually configuring the link speed and
mode to 10 Mbps between your core and edge switches and observe any
impact this action may have on the delay-sensitive traffic
Use a traffic generator to add load to the network and observe any impact this
action might have on the delay-sensitive traffic.
Define policies at the edge of the network that will assign high priority to the
delay-sensitive traffic and observe any impact
Overview
ProCurve University would like to investigate how traffic prioritization can be
implemented on ProCurve switches for its delay-sensitive video conferencing
traffic. In this lab exercise, you will investigate how to configure Quality of
Service prioritization on your switches to ensure video traffic is given high
priority.
Rev. 8.41 L7 – 1
Network diagram
In this lab exercise, you will be implementing prioritization for delay-sensitive

traffic. Playing of a video clip will be used to simulate delay-sensitive traffic. To
accomplish this task you will need to configure your switches that are traversed
when you play the video clip. You will play the video clip by mapping a network
drive to another student team’s Windows client computer from your Windows
client computer.
As part of the network reconfiguration that will be necessary for this lab exercise,
you will be disconnecting the trunk between Core and Edge_1 and replacing it
with a slower speed single link.
You will be using the CLI to perform all of the configuration tasks and the PCM+
client to back up your switch configuration files to the PCM+ Management Server.
L7 – 2 Rev. 8.41
Student group partners

In the steps that follow, you will need to work with a student group that is
designated as your partner group. Refer to the following diagram for your assigned
partner group.
Note
It is recommended that only one student group has the role of the video
playback source while the other student group only has the role of the
video playback destination. Once the lab steps that follow are
completed, the roles can be reversed.
Rev. 8.41 L7 – 3
Task 1. Modify the network connectivity

For this exercise, it is necessary to adjust your lab network connectivity so that we
can show the performance results when working with Quality of Service
parameters. The intention is to use a relatively slow speed link between Core and
Edge_1. This is done so that the performance improvement achieved using QoS
priority is more readily observable given the constraints of using two Windows
computers as the simulated sources of typical data and video traffic.
1. Disconnect the two links connecting Core and Edge_1 that are used for the
Trunk group.
redundant link.
redundant link.
Note
After disconnection your links, please keep in mind that the XP client will be
isolated from Core and Edge_1. Therefore, in order to configure either of those
switches it will be necessary to use the serial cable.
L7 – 4 Rev. 8.41
Task 2. Configure a port for 10 Mbps FDX operation and VLAN 40

1. On Core and Edge_1, configure an unused port to operate at 10 Mbps and
full-duplex mode.
Note
You will need to constrain the inter switch link in your lab environment
so that you can introduce a sufficient traffic load and create a queuing
build-up. Then you will be able to actually demonstrate how QoS can
improve the video application performance.
Core(config)# interface a3 speed-duplex 10-full
Edge_1(config)# interface 3 speed-duplex 10-full
2. On Core and Edge_1, add a new VLAN based on the information in the table
below.
IP Helper
Switch VLAN ID Name IP Address
Address
Core 40 Voice 10.x.40.1/24 10.x.1.10
Edge_1 40 Voice <none> <none>
Core(config)# vlan 40 name Voice

Edge_1(config)# vlan 40 name Voice
3. On Core and Edge_1, add the 10 Mbps FDX ports you configured above as
tagged members of VLAN 40.
Core(config)# vlan 40 tagged a3
4. Connect Core and Edge_1 through the 10 Mbps FDX ports you configured
above. Use one of the Ethernet cables that are currently disconnected.
Rev. 8.41 L7 – 5
Task 3. Configure VLAN 40 support for the Windows client

2. If necessary, on the Windows server computer, configure a DHCP scope for

VLAN 40 using the table below.
Scope
Name
10.x.40.50 to /24 or
VLAN 40 10.x.40.1
10.x.40.150 255.255.255.0
3. Connect the Windows client computer to the VLAN 40 port on Edge_1 you
configured above. Verify the Windows client computer is assigned an IP
address in network 10.x.40.0/24.
L7 – 6 Rev. 8.41
Task 4. Access the video file on your partner group’s Windows

computer
1. Test connectivity to your partner group’s Windows client computer using
ping. Ask your partner group for the IP address of their Windows client
computer in VLAN 40.
2. On your Windows client computer, map a network drive to your partner
group’s Windows client computer in VLAN 40. Ask your instructor for the
folder location to be used for the network drive.
3. Unless otherwise specified by the instructor, on your desktop, locate the icon
named “VLC media player” or similar.
Note
VLC is a free cross-platform media player available from
www.videolan.org. It also can be used as a server for unicast or
multicast streams in a high-bandwidth IPv4 or IPv6 network.
4. Double click this icon to run the media player application. The following
window appears.
5. In the menubar, click File > Open File….
Rev. 8.41 L7 – 7
6. Click the Browse button. Select the mapped network drive and the media
file.
7. Unless otherwise configured, the media stream will only play once. In the
menubar, click View > Playlist.
8. Click the Repeat One button to enable constant replay of video.
L7 – 8 Rev. 8.41
Task 5. Use TfGen to generate additional traffic

Work with you partner group and use the TfGen program on one side initially. Due
to the small number of computers that you have, you use the TfGen program to
introduce additional traffic to hinder network performance.
1. On the Windows server computer of the student group that is viewing the
video clip, start the TfGen program and configure the following options:
computer. Your partner group is the video playback source.
Note
Start TfGen on only one side initially.
3. Watch the video for a response. You should see the video playback
performance degrade.
Rev. 8.41 L7 – 9
Task 6. Configure QoS for the video traffic in VLAN 40

1. On Edge_1 of the student group that is viewing the video clip, configure QoS
VLAN QoS Priority
40 7
Edge_1(config)# vlan 40 qos priority 7
You should see the video playback performance improve.

2. Now, from the student group that is originating the video playback, use
TfGen to send traffic to the student group that is viewing the video.
On the Windows server computer, start the TfGen program and configure the
following options:
computer. Your partner group is the video playback destination.
3. In the TfGen window, click Start to start the traffic flow. The other student
group should see the video playback performance degrade.
4. On Edge_1 of the student group that is sending the video clip, configure QoS
VLAN QoS Priority
40 7
The other student group should see the video playback performance improve.
5. Working with your partner group, take turns disabling and then re-enabling
QoS on the VLAN designated for prioritized traffic and view the results.
Edge_1(config)# vlan 40 no qos
L7 – 10 Rev. 8.41
Task 7. Reconfigure your network

In this task, you reconfigure your network to the state it was at the beginning of the
lab.
1. Stop TfGen and close the program.
2. Reconnect the two links between Core and Edge_1 that are used for the
Trunk group.
redundant link.
redundant link.
Rev. 8.41 L7 – 11

2. Use the PCM configuration scan tool to back up the configuration file of the
Core and Edge_1 switches to the PCM Management Server.
Comment/
Switch
Filename
Core lab7_core
Edge_1 lab7_edge_1
table above.
L7 – 12 Rev. 8.41
Command Reference
needed.
Command Description
Sets the speed and duplex mode of the
interface <port-id> speed-duplex 10-full
specified port
vlan <vlan-id> name <name> Defines a name for a VLAN

Defines an IP address for a VLAN
<ip-address>
vlan <vlan-id> tagged <port-id> Defines a port as tagged member of a VLAN
vlan <vlan-id> untagged <port-id> Defines a port as untagged member of a VLAN
vlan <vlan-id> qos priority <value> Sets the QoS priority value for traffic of a VLAN
no vlan <vlan-id> qos Disables QoS for traffic of a VLAN
<filename> server
Rev. 8.41 L7 – 13
L7 – 14 Rev. 8.41
Configuring the Access Point 530
Module 8 Lab 1
Objectives
Access the ProCurve Access Point (AP) 530’s command line interface (CLI)
locally and remotely
Configure the IP address for the AP 530’s Ethernet interface
Secure access to management interfaces
Use the web interface to Configure your AP 530
Save an AP 530 configuration file to a Trivial File Transfer Protocol (TFTP)
server
Overview
ProCurve University is in the process of deploying wireless connectivity
throughout the main and remote campuses. You have been assigned the task of
developing familiarity with the installation and configuration of the ProCurve
Access Point 530.
In order to provide greater access to network resources for administrators, faculty,
and students, ProCurve University has decided to install a campus-wide wireless
network. To test the viability of providing wireless connectivity, they have decided
to set up a prototype wireless network in the student union. Since this network is
intended only for proof-of-concept purposes, the network will be left open to the
public and controlled with ACLs on VLAN 20. To implement this wireless
network you will need to do the following:
Connect the hardware components based on the network topology.
Verify your networks IP addressing and routing configuration and add the
access point to the appropriate VLAN
Set the country code, disable DHCP, assign an IP address, set the SSID,
adjust radio settings, and disable SNTP on the ProCurve Access Point 530
Configure the wireless client
Test wireless network connectivity.
Rev. 8.41 L 8.1 – 1

Network diagram
In this lab exercise, you will be installing and configuring a ProCurve Access
Point 530. Your Windows client computer will require a wireless 801.11b/g
interface. For the initial setup of the Access Point 530, you connect your Windows
computer to the Access Point 530 using a ProCurve switch console cable.
You will be using the Access Point 530’s CLI and web interface to perform the
configuration tasks.
L 8.1 – 2 Rev. 8.41

Task 1. Configure a port for VLAN 20 on Edge_2

In this task, you add an untagged port to VLAN 20 on Edge_2 and connect the
Access Point 530 to it.
You may have already configured a port for this purpose in a prior lab
exercise. If so, use that port.
2. With your Access Point 530 powered off, connect the access point to the
VLAN 20 port you configured above. Use the Ethernet cable currently
connecting your Windows client computer to one your switches.
Rev. 8.41 L 8.1 – 3

Task 2. Navigating the CLI of the Access Point 530

Similar to the ProCurve switches you have managed in this lab environment, the
Access Point 530 can be configured using the CLI and a web interface. Initially,
the CLI will be accessed through a direct console connection. After an IP address
has been assigned to the access point’s Ethernet interface, you can use Telnet to
access the CLI or a web browser to access the web interface.
Note
At the factory default settings, the Access Point 530 first tries to obtain
an IP address using DHCP. If the access point is unable to obtain an IP
address using DHCP, the device will use IP address 192.168.1.1.
In this lab, you will disable DHCP and manually assign an IP address.
1. Use a serial cable to connect the COM port on the Windows XP station to the
console port on the back of the AP 530.
2. On the Windows XP station, use Tera Term Pro to open a terminal session
with the AP, using the following settings:
a. Select Serial.
b. Choose COM1 for the port.
c. Click OK.
d. Press Enter.
3. When prompted for your username and password, enter admin for both.
These are the default settings for the AP 530. (If the default password does
not work try password and then ask your instructor for the configured
password.)
Login: admin
Password: admin
Note
The prompt is displayed as follows:
For simplicity, the labs will display the AP 530 prompt as:
ProCurve AP 530#
4. To ensure that the AP 530 is using the factory default settings, copy the
factory default file to the startup configuration.
ProCurve AP 530# copy factory-default startup-config
The CLI will notify you that the AP 530 is automatically rebooting.
L 8.1 – 4 Rev. 8.41

5. After the AP 530 reboots, re-enter the default username and password to
again access the CLI.
Login: admin
Password: admin
ProCurve AP 530#
6. You are now in the Exec privilege mode of the CLI. To get familiar with the
command structure, type “help”.
ProCurve AP 530# help
a. What information is displayed? _______________________________

__________________________________________________________
Note
The up and down arrow keys allow you to scroll through the history of
previously entered commands from which you can select one to repeat.
7. Type a question mark (?.)

ProCurve AP 530# ?
a. What commands are displayed? ________________________________

__________________________________________________________
8. Use the other commands and configuration context levels to help in
answering the following questions.
a. Which command is used to view device events?
__________________________________________________________
ProCurve AP 530# log
b. Which command identifies the software version?

__________________________________________________________
ProCurve AP 530# show system-information
c. Which command displays system up time and IP settings?

__________________________________________________________
ProCurve AP 530# show system-information
d. Which command is used to access the global configuration mode?

__________________________________________________________
e. What differences are there when you are in the global configuration
mode?
__________________________________________________________
__________________________________________________________
Rev. 8.41 L 8.1 – 5
f. What is the difference between the end and exit commands?

__________________________________________________________
__________________________________________________________
ProCurve AP 530# end (returns to manager level)
ProCurve AP 530# exit (returns to previous context level)
L 8.1 – 6 Rev. 8.41

Task 3. Change the Default Password

The PCU network administrators want to immediately change the AP 530’s
password to prevent unauthorized users from tampering with the configuration.
1. Move to the global configuration mode context.
2. Enter a new management password.
ProCurve AP 530(config)# password manager procurve
Rev. 8.41 L 8.1 – 7

Task 4. Assigning the country code

Setting the country code ensures that the AP 530 uses the channels and transmit
powers allowed by your country’s regulations. If you are using the AP 530 North
American model, the country code is set to US by default. You can skip to the
next task.
If you are using the Worldwide model, you must set the country code as explained
below.
1. Move to the global configuration mode and view the options for configuring
the country code.
ProCurve AP 530(config)# country ?
2. Enter your country code.
ProCurve AP 530(config)# country <code>
Replace <code> with the two-digit code for the country in which you are
operating the AP 530.
Note
If the “% Unrecognized Command” response is displayed, then the
country code has already been set or was preset at the time of shipment.
The country code is preset on the North American products and you will
not be able to modify this option on these units. For the worldwide
product, the country code is the first configuration task that must be
completed before any other tasks can be performed. Setting the country
code allows the radio to be enabled. Use the show system command
to verify the country code setting.
3. If necessary, configure the appropriate country code for your location.
L 8.1 – 8 Rev. 8.41

Task 5. Configuring the IP address of the Ethernet interface

By default, the Access Point 530 uses DHCP to acquire an IP address. If there is a
DHCP server on the network, the access point may have been assigned an IP
address. In this task, you will manually assign an IP address to the Ethernet
interface.
1. Determine the IP address currently assigned to the access point.
ProCurve AP 530# show ip

_________________________________________________________
Note
If the IP address of the Access Point 530 is 192.168.1.1, then the access
point was unable to obtain an IP address using DHCP. If DHCP is
working properly, you should see an IP address in VLAN20 such as
10.X.20.50, or something similar.
2. Access the global configuration context level and configure the System Name
as Groupx, where x is your group number, using the “Hostname”
command.
ProCurve AP 530(config)# hostname Group1
The ProCurve AP 530 takes its management address from the address configured
on its Ethernet interface. By default, this interface receives a DHCP address. To
ensure that the AP always has the same IP address, the PCU administrators want to
assign the Ethernet interface a static IP address. Use this table to assign your
AP530 a static address, subnet mask and gateway.
Parameter Value
IP Address 10.x.20.20
Subnet mask: 255.255.255.0
Default Gateway 10.x.20.1
3. Move to the Ethernet interface configuration mode context.

ProCurve AP 530(config)# interface ethernet
4. Assign the Ethernet interface the static IP address required for this lab:
ProCurve AP 530(ethernet)# ip address 10.x.20.20/24
ProCurve AP 530(ethernet)# ip default-gateway 10.x.20.1
Replace x with the number that your instructor assigned you and your
partner.
Rev. 8.41 L 8.1 – 9
5. Exit to the global configuration mode.

ProCurve AP 530(ethernet)# exit
6. Return to the Exec privilege mode.
ProCurve AP 530(config)# exit
7. Save your configuration.

ProCurve AP 530# write memory
8. Terminate your session.
ProCurve AP 530# logout
Groupx Login:
L 8.1 – 10 Rev. 8.41

Task 6. Using the web interface to configure the Access Point 530
interface of the Access Point 530, since the Windows client computer will be used
as a wireless client in this lab exercise. For the remainder of this lab, you will use
the Web browser interface to configure the AP 530.
1. Open a Web browser on the Windows Server 2003 and enter the IP address
that you assigned your AP 530 as the URL:
http://10.x.20.20
2. Enter the username (admin) and password (procurve) to access the Web
browser interface.
Rev. 8.41 L 8.1 – 11

Task 7. Configuring System Information

In this task, you will explore some of the general features of the Web browser
interface and enter global information about the AP 530.
1. The Web browser interface will open to the Device Information window,
which displays the AP’s IP address, MAC address, software version, country
code, and system uptime.
2. Record the MAC address on the AP 530’s Ethernet interface.

______________________________________________________________
3. What software version is the AP running?
______________________________________________________________
4. Enter the following information for the AP:
System Name: GroupX (where X is your group number)
Location: PCU Student Union
Contact: Your name
5. Click Update to save the settings.
Click the plus sign icon next to Device Information to expand the options
underneath this heading.
6. View the AP/LAN Statistics window. How many packets have been sent
over the Ethernet connection?
______________________________________________________________
L 8.1 – 12 Rev. 8.41

7. Click Event Log. What information is recorded in the event log?

______________________________________________________________
______________________________________________________________
______________________________________________________________
Rev. 8.41 L 8.1 – 13

Task 8. Configuring WLAN for your group at PCU

In this task, you will use your Windows server computer to access the webgui interface.
1. On the AP 530, you will create the WLAN listed in the table below. Replace
x with the group number your instructor assigned you and your partner.
AP 530 Index VLAN ID Open or Supported on

WLANs Number closed? Radio
Groupx 1 20 Open 1 and 2
2. Click Network Setup > WLANs.

a. By default, WLAN 1 is enabled on Radio 1 and Radio 2. Accept this
setting. In the SSID field, enter GroupX and replace X with the group
number that your instructor assigned to you and your partner. This will
give you WLAN a unique name so that you can log into the correct
WLAN.
L 8.1 – 14 Rev. 8.41

4. Configure the Groupx WLAN using the settings shown in the table at the
beginning of this section.
5. Click Update to save your changes.
Rev. 8.41 L 8.1 – 15

Task 9. Check Radio Status

1. By default, the AP 530’s radios are disabled. To protect your network, you
should not enable the radios until you configure security for the WLANs. To
verify that the radios are disabled, click Network Setup > Radio.
2. As shown above, the Network Setup > Radio window shows the settings for
one radio at a time. To view the status for the other radio, select it from the
Radio drop-down menu.
3. Turn the Radio status to On and click update. Do this for both Radio 1 and
Radio 2.
L 8.1 – 16 Rev. 8.41

Task 10. Save Configuration

Whenever you select Update, the AP 530 automatically saves your configurations
to the startup-config file from which it boots. You can also save a configuration in
a custom default file to be used as the baseline configuration for all APs in your
network. You can back up the startup-config or the custom default-config to a
remote server.
1. Open the Tftpd32 program on the Windows XP station.
2. In the Web browser interface for the AP 530, select Management > System
Maintenance.
3. Select the Configuration Files tab.
4. Under Save Running Configuration, click Save to save the running-config

to the custom default. A message is displayed, telling you the changes were
saved successfully. Click Return.
5. Start the Tftp32 server on the Windows Server 2003.
6. Under Transfer Configuration on the System Maintenance-Configuration
Files window, enter these settings to back up your configuration to the TFTP
server:
Server Type: TFTP
Direction: Upload (Save)
Config Type: Custom Default
Rev. 8.41 L 8.1 – 17

Server IP: 10.x.10.10

File Name: Lab8_AP530_custom
7. Select Update. A prompt should be displayed, telling you that the
configuration was saved successfully to the TFTP server. Click Return.
L 8.1 – 18 Rev. 8.41

Task 11. Configure the Windows client computer for wireless

connectivity
1. Disconnect the Ethernet cable from the Windows client computer, if one is
currently attached, so that it is no longer connected to any switch.
2. Verify that either an integrated or PCMCIA wireless adapter is installed on
your Windows client computer.
3. Open the Properties window of the wireless adapter.
4. Click the Wireless Networks tab and ensure Use Windows to configure my
wireless networks check box is enabled.
5. Click the View Wireless Networks button. You should see your group’s
access point and possibly others in the lab.
6. Select your group’s wireless network and click the Connect button. Once the
association process completes and you get connected, your Windows client
computer should be assigned an IP address in the VLAN 20 network.
7. Verify you have full connectivity to your network and other network groups
in the class.
8. From your wireless client, connect to the web interface of your group’s
access point and click on the status tab.
a. How many stations are currently connected? _____________________
determined easily who the other clients are? _____________________
_________________________________________________________
9. Turn the Radio status off and click update for both Radio 1 and Radio 2.
10. Unplug your AP530 from network.
Rev. 8.41 L 8.1 – 19

L 8.1 – 20 Rev. 8.41

Command Reference
needed.
help Displays help information
Displays a list of commands at the current privilege

?
or context level
show system Displays the country code setting
interface ethernet Accesses the Ethernet interface context level
no ip dhcp Disables DHCP client mode
ip address <ip-address> <decimal-mask> Defines the IP address of the Ethernet interface

copy factory-default-config startup-config Configures the AP 530 to
reboot from the factory
defaults
? Displays available commands
show ? Displays options available
to the show command
configure Accesses the global
configuration mode context
password manager <password> Assigns the password that
you must enter to access any
management interface on the
AP 530
interface Ethernet Accesses the AP 530’s
Ethernet interface
ip address <A.B.C.D>/<prefix length> Specifies the IP address on
the AP 530’s Ethernet
interface
ip default-gateway <A.B.C.D> Specifies the IP address of
the device to which the AP
530 should send traffic to
be routed to another
subnetwork
end Exits to manager EXEC mode
exit Exits one level—for example,
from an interface
configuration mode to global
configuration mode
write memory Copies the running-config to
the startup-config
• All these commands apply only to the access point 530.
Rev. 8.41 L 8.1 – 21

L 8.1 – 22 Rev. 8.41

Configuring the Wireless Edge Services zl
Module
Module 8 Lab 2
Objectives
After completing this lab, you should be able to:
Access the web browser interface for the ProCurve Wireless Edge Services zl
Module
Ensure that the ProCurve Radio Ports (RPs) are automatically adopted
Configure wireless LANs (WLANs) on the Wireless Module
Overview
The ProCurve University (PCU) network administrators are ready to deploy the
Wireless LAN System into there campus. In this lab, you will explore the Web
browser interface for the Wireless Edge Service zl Module. You will configure a
WLAN for your group:
GroupX—for students and faculty
Rev. 8.41 L 8.2 – 1

Network diagram
In this lab exercise, you will be

L 8.2 – 2 Rev. 8.41

Task 1. Access the Web browser interface for the Wireless Edge
Services Module
1. Launch Internet Explorer from either your Windows XP workstation or
Windows Server system.
2. In the Address bar enter http://10.100.1.11 and press enter.
3. For the login enter the username manager and password procurve.then click
login.
4. At this point take some time to become familiar with the available menu items
listed at the left of the window.
Rev. 8.41 L 8.2 – 3

Task 2. Configure Radio Settings

In this task, you will decrease the transmit power in the radio adoption default
settings, and verify radios are automatically adopted. These are configurations that
the Radio will receive when the Wireless Module adopts them.
1. Click Network Setup > Radio Adoption Defaults. You should be at the
Configuration tab.
2. Highlight 802.11bg and click the Edit button.
L 8.2 – 4 Rev. 8.41

3. Under Radio Settings, in the Desired Power field, use the drop-down menu
to select 8 dB. On the Wireless Module, you set the transmit power as an
absolute value, and available settings are determined by both the channel you
select and the country code (which, of course, makes the RPs comply with
regulations in your area).
4. Click OK. A warning is displayed. Click OK again.

5. Click Save in the upper right corner.
6. Click Yes to the save popup window then click OK.
7. Next click on the Radio option you should be in the configuration tab
8. Click on Global Settings in the lower right hand corner
Rev. 8.41 L 8.2 – 5

9. Verify and if needed check Adopt unconfigured radios automatically and

click OK.
10. Next click on WLAN Setup and verify you are in the Configuration tab.
L 8.2 – 6 Rev. 8.41

11. Click on Global Settings in the lower right hand corner and select or verify
that the Advanced Configuration option is checked, click OK.
Rev. 8.41 L 8.2 – 7

Task 3. Configure PoE Source switch for RP Connection
1. In this task we will configure our GroupX Core 5400zl switch for our RP:
When you install the Wireless Edge Services Module into the 5400zl Switch, the
switch, by default, automatically creates the Radio Port VLAN (2100). Likewise,
the switch automatically detects RPs when they are connected to the network and
makes each RP’s switch port an untagged member of the Radio Port VLAN.
Note
For each Group’s 5400zl Switch to provide power for the RPs, you must make
sure the port to which you connect the RP are untagged members of VLAN
210x (we will accomplish this by using the auto-provision function of lldp).
You must also make sure the uplink port to the instructor’s 5400 on your
groups 5400zl Switch is a tagged member of VLAN 210x and 2x.
2. Connect to your group’s Core 5400zl switch.

3. Set the auto-provision option to put your group’s radio into your group’s
wlan vlan and leave your console connection open.
Core(config)# lldp auto-provision radio-ports auto-vlan
210x
4. Next set the uplink port to be a tagged member of both 210x and 2x.
Core(config)# vlan 210x tagged a11
Core(config)# vlan 2x tagged a11
5. Configure Vlan 2x
Core(config)# vlan vlan2x
Core(vlan2x)# Name VLAN2x
Core(vlan2x)# ip helper-address 10.x.1.10
Core(vlan2x)# ip address 10.x.2x.1/24
6. Verify DHCP scope on your windows server for vlan 2x
L 8.2 – 8 Rev. 8.41

7. In the Web browser interface for the Wireless Module, click Network Setup
> Radio. The Configuration tab should be selected. This window displays
the RPs that the Wireless Module has adopted. If you are the first one to do
this step the window will be empty.
8. Connect the RP to an unused port on the 5400zl Switch.(In our example we

will use A11)
As the RPs power up, view their LEDs to monitor both the bootup process and
the adoption process.
LED Behavior in Sequence Bootup or Adoption Process
Green and amber LEDs illuminate RP performs a self-test.
Amber LED flashes three times per second; RP attempts to communicate

green LED is off. with a Wireless Module.
Both LEDs go off for a moment; then both If no error conditions have
illuminate for a few seconds. occurred, RP is communicating
with Wireless Module.
Green LED indicates the status of the 802.11bg Normal operation

radio; amber LED indicates status of the
802.11 a radio. (For an RP 210, only the green
LED flashes during normal operation.)
Without wireless traffic, LEDs flash once
every 5 seconds.
With wireless traffic, the LEDs flash more
frequently.
Green and Amber LEDs flash steadily once Error conditions

every second.
Rev. 8.41 L 8.2 – 9

If one of the RPs experiences an error condition, verify that you have set the
country code.
9. Refresh the Network Setup > Radio window in the Wireless Module’s Web
browser interface. The RPs’ radios should be listed.
10. From your 5400zl console connection review the port you plugged your RP
into
Core(config)# show vlans ports a11 detail
Status and Counters – VLAN Information – for ports A11
VLAN ID Name | Status Voice Jumbo Mode
-------- -------------- ---------- ----- ----- ----
210x VLAN210x Port-based No No Untagged
L 8.2 – 10 Rev. 8.41

Task 4. Configure the WLANs

In this task, you will begin to configure the following WLANs on the Wireless
Module:
Wireless Module’s Index Number VLAN ID Open or Closed?

WLANs (SSIDs)
Groupx 1 2x Open
1. Click Network Setup > WLAN Setup. You should be at the Configuration
tab.
Rev. 8.41 L 8.2 – 11


a. Select Index x (Where x is your group#) and click Edit. The Edit
b. In the SSID field, enter Groupx. Replace x with your group #.
c. In the VLAN ID field, enter 2x.
d. Next select the box under Encryption for WPA/WPA2-TKIP and then
click on Config…
L 8.2 – 12 Rev. 8.41

e. Under the Key Settings verify and select if needed the ASCII
Passphrase button and enter groupXwpa as the passphrase (where X is
your group number).
f. Click OK. You are returned to the Network Setup > WLAN Setup
window.
g. Click OK and you should be returned to the Network Setup > WLAN
Setup window.
By default, the WLANs are disabled. In a production environment, you should not
enable the WLANs until you have configured security for the WLANs.
Remember, however, that enabling a WLAN before you configure the security for
it is not a best practice.
3. Next you need to navigate to Network Setup > Radio and find the MAC
address for your RADIO1.
Rev. 8.41 L 8.2 – 13

4. Once you locate your RADIO# MAC address highlight the one with
802.11bg listed under the type filed and click Edit.
5. Under Radio Descr. Enter GroupX and click OK
6. Next click on the WLAN Assignments tab
7. Hightlight GroupX and click Edit.
L 8.2 – 14 Rev. 8.41

8. Select GroupX SSID and Click apply then close.
9. Next navigate to WLAN setup and Select the Groupx SSID and click Enable.
10. Click Save in the upper right corner to save your changes and click Yes and
OK to complete the save function.
Rev. 8.41 L 8.2 – 15

Task 5. Associate to the WLANs

In this task, you will associate to the WLANs to check the WLAN and DHCP
settings. (Remember that in a production network, you should always configure
WLAN security before enabling the WLAN.)
select Open Network Connections.
2. Next right click on Wireless Network Connection and select Properties.
3. Select the Wireless Networks tab.
4. Under the Preferred networks section select GroupX and click Properties.
5. If GroupX is not listed click on Add and enter GroupX into the Network
name (SSID) field.
6. Under Network Authentication drop down select WPA-PSK.
7. Under Data encryption select TKIP.
8. Under Network and Confirm Network Key enter groupXwpa where X is
your group number and click OK then click OK again.
select View Available Wireless Networks. The Choose a wireless network
10. Locate and select the GroupX WLAN that you configured on the Wireless
Module.
11. Click Connect Your station should associate to the GroupX WLAN, and
your station should receive an IP address on the 10.x.20.0/24 subnet.
12. Check the IP address on the Windows XP station.
a. Click Start > Run.
b. Enter cmd.
c. At the command prompt, enter ipconfig.
L 8.2 – 16 Rev. 8.41

Task 6. Save the Configuration File to your TFTP Server

The Wireless Module allows you to save configuration files to:
A TFTP or FTP server
The local disk on the Windows XP workstation
The Wireless Module
In this task, you will save the Wireless Module’s configuration to the Windows XP
station.
1. On the Windows XP station, open an Internet browser and enter the IP
address for the Wireless Module:
http://10.100.1.11
2. Click Management > System Maint.—Config Files. From this window you
can:
• View configuration files
• Delete configuration files (except the startup-config file) stored on the
Wireless Module
• Return the startup-config to factory default settings
• Transfer files to a server (FTP or TFTP), local disk, or Wireless Module
3. Select the startup-config file and click View. Although you can view the
settings included in the startup-config, you cannot edit them from here. Click
Close.
Rev. 8.41 L 8.2 – 17

4. Click Transfer Files.
5. Configure the source.

a. In the From box, select Wireless Services Module. The window
changes to display the options needed to transfer files from the Wireless
Module.
b. In the File box, select startup-config.

6. Configure the target.
a. In the To box, select Local Disk.
b. Use the Browse button to select the Tftp32 directory in which the AP
530 files are stored. For the filename, enter lab8.2_WESMzl_GroupX.
Click Open to return to the Transfer window; the filename, with the
correct path, is displayed in the File box.
c. Click Transfer. Ensure that the transfer is successful.
d. Click Close. You are returned to the Management > System Maint.—
Config Files window.
L 8.2 – 18 Rev. 8.41

Command Reference
The following commands are used in this lab. Refer to them as needed.
Command Description
Configure terminal Enters the global configuration mode
context
Ip address Set IP parameters for communication
within an IP network
Ip helper-address Add or remove a DHCP server IP address
for the VLAN.
Lldp auto-provision Configure various parameters related to
lldp automatic provisioning.
Show vlans Show status information for all VLANs
vlan <number> tagged <port #> Makes a port a tagged member of a VLAN
wireless-services <slot letter> Accesses the CLI for the Wireless Module
write memory Saves the changes to the startup-config
Rev. 8.41 L 8.2 – 19

L 8.2 – 20 Rev. 8.41

To find out more about ProCurve Networking products
and solutions, visit our web site at www.procurve.com
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is

subject to change without notice. The only warranties for HP products and services are set
forth in the express warranty statements accompanying such products and services. Nothing
herein should be construed as constituting an additional warranty. HP shall not be liable for
technical or editorial errors or omissions contained herein.
20081121

ProCurve Adaptive EDGE Fundamentals 8.41 - Lab Activity Guide - 20081121

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ProCurve Adaptive EDGE Fundamentals 8.41 - Lab Activity Guide - 20081121

Uploaded by

Copyright:

Available Formats

Adaptive EDGE Fundamentals

Module 2 Lab : Configuring VLANs

Command Reference .............................................................................................. 15

Quantity Component Notes

1 ProCurve 5400zl Switch Alternatively, a 5300xl series switch

2 ProCurve 3500yl Switch Alternatively, a 5400zl series switch

Alternatively, a 2650, 2800, 4100gl series or 6108

1 ProCurve Wireless AP 530

1 ProCurve Wireless RP 230 Alternatively, a 210 or 220 radio port

ProCurve Wireless Edge Services

1 Windows Server Windows 2000 Server or Windows Server 2003

1 Windows Client Windows XP Professional

1 Wireless NIC Internal or External 802.11b/g for Windows client

2 Null modem console cable

12 1-meter Cat 5e cable

1 5-meter Cat 5e cable Cable long enough to reach Instructor switch

1 T1/E1 crossover cable

Rev. 8.41 Overview 1 – 1

Overview 1 – 2 Rev. 8.41

Rev. 8.41 L1.1 – 1

L1.1 – 2 Rev. 8.41

Terminal emulator setup

Baud rate 9600

Flow control none

Windows logon accounts

Computer User Name Password

Windows Server administrator procurve

Windows XP Client procurve <none>

Rev. 8.41 L1.1 – 3

L1.1 – 4 Rev. 8.41

Task 1. Explore the different CLI privilege levels

Connect From Connect To

Windows Server Switch labeled Edge_1

Windows XP Client Switch labeled Edge_2

ProCurve Switch <switch-model>#

Rev. 8.41 L1.1 – 5

Task 2. Explore the CLI command syntax

L1.1 – 6 Rev. 8.41

Shortcut Full Command Explanation

wr t write terminal Display the running configuration of

12. Type “show history” to view a numbered list of previously executed

Rev. 8.41 L1.1 – 7

Task 3: Define host names for the switches

Host Name Switch

Edge_1 Labeled Edge_1

Edge_2 Labeled Edge_2

L1.1 – 8 Rev. 8.41

Task 4. Define usernames and passwords for the privilege levels

Privilege Level Username Password

Operator operator password

Manager manager password

2. Log out from the switch.

Rev. 8.41 L1.1 – 9

Task 5. Define an IP address and mask for in-band management

Windows Server 10.x.1.10/24

Windows XP Client 10.x.1.20/24

3. After the IP addresses are assigned, verify your switch’s running

L1.1 – 10 Rev. 8.41

Connect From Connect To

Edge_1 port 12 Edge_2 port 12

Windows Server Edge_1 port 1

Windows XP Client Edge_2 port 1

5. Verify connectivity to the assigned IP addresses by using the ping command