Release Notes:
ProCurve Manager
Version 1.6

These release notes include information on the following:

NOTE: These Release Notes are applicable at the date the ProCurve Manager Version 1.6 Release CD is created. Please check the ProCurve Support web site for more recent information.

New Features

Below is a summary of the new features that are available in ProCurve Manager (PCM) with this release. Please refer to the ProCurve Manager Network Administrator's Guide for a full description on the use of these features:

PCM Plus Features:

  • New Automatic Traffic Management Configuration feature. The Traffic Manager configuration wizard uses network topography information from the PCM discovery process to automatically configure the Traffic Monitor to track inter-switch communications.

  • New PCM version that works as a plug-in to HP Openview Network Node Manager (NNM), to provide additional support to NNM users in managing and configuring ProCurve devices  

  • Support for the new ProCurve Identity Driven Manager (IDM) module. an add-on module to the ProCurve Manager Plus (PCM+) application that extends the functionality of PCM+ to include authorization control features for edge devices in networks using RADIUS servers and Web-Authentication, MAC-Authentication, or 802.1x security protocols.

Installation Notes – PCM 1.6 Standalone version

Minimum System Requirements

  • 1 GHz Intel Pentium IV or equivalent
  • 1 GB RAM
  • 250 MB free hard disk space

Recommended System Requirements

  • 2 GHz Intel Pentium IV or equivalent
  • 2 GB RAM
  • 500 MB free hard disk space

Supported Operating Systems:

  • MS Windows 2000
  • MS Windows XP Professional (SP 1 or greater)
  • MS Windows 2000 Server, Advanced Server or Professional with SP 4 or better
  • MS Windows 2003 Server

Additional processing power and disk space may be required for larger networks and to support extensive traffic monitoring

 

Installation Notes – PCM-NNM Version

Minimum System Requirements

  • 1 GHz Intel Pentium IV or equivalent
  • 1 GB RAM
  • 250 MB free hard disk space

Recommended System Requirements

  • 2 GHz Intel Pentium IV or equivalent
  • 2 GB RAM
  • 500 MB free hard disk space

Supported Operating Systems:

  • MS Windows 2000
  • MS Windows XP Professional (SP 1 or greater)
  • MS Windows 2000 Server, Advanced Server or Professional with SP 4 or better
  • MS Windows 2003 Server

NNM Versions that should be installed prior to PCM 1.6 install

Additional processing power and disk space may be required for larger networks and to support extensive traffic monitoring

One Network Management Program per Computer

Because of resource conflict that will occur if you have multiple network management tools running on the same computer, for example during discovery of the network devices, make sure you uninstall any other network management programs from your computer before installing HP ProCurve Manager or HP ProCurve Manager Plus.

Note : The above is not applicable when PCM 1.6 is installed on systems running HP Openview NNM

Working With Multi-homed Systems:

A multi-homed system is a server or PC that has more than one IP address. Generally this is achieved by installing more than one network card in the system, but there are other ways that a system can be multi-homed. Here are a few of the situations that meet this definition:

  • A system with two or more network adaptors.
  • A system with a traditional ethernet network adaptor, plus a wireless adaptor.
  • A system with only one network adaptor, but that is running some network tunneling software such as a VPN client. Generally what happens in this situation, is that the system appears to have two network interfaces (each with its own IP address). But in reality the system only has one physical adaptor, and the VPN client software emulates a second adaptor (while using the original adaptor under the covers).

When ProCurve Manager (either client or server) starts up, it attaches itself to the primary network interface. All network traffic between the client and server will be directed to the selected network interface. For example, if the HP ProCurve Manager client application attaches itself to the 166.3.4.5 interface, and the HP ProCurve Manager server is running on the 15.255.120.* network, there is no way that the client will ever connect successfully to the server.

To resolve this problem PCM has a configuration file that you can change to correct this situation. To setup this file, follow these steps:

  1. Find the commIpAddr.txt file. This file exists in the config directory, so for example, for the client this file exists in: C:\Program Files\Hewlett-Packard\PNM\client\config . On the server this file exists in: C:\Program Files\Hewlett-Packard\PNM\server\config .
  2. Edit the file with a text-based editor (such as Notepad or Wordpad), and enter the IP address of the interface you want the application to attach to. For example for the network illustrated above, you would add the entry " 15.255.120.25 " (without the quotes) in the first line of the file.
  3. Save your changes.
  4. Restart the application. If this is the ProCurve Manager client, just restart the application. If this is the ProCurve Manager server, you must restart the service from the Services control panel.

This issue is also described in the HP ProCurve Manager Getting Started Guide that comes with the CD package.

 

Adding Remote Client Stations

When you install HP ProCurve Manager Plus, the server and client functions are installed on the computer. You can also install the client function on any number of other computers in your network that have network access to the server computer.

To install the client function on another computer, simply start a web browser, such as Microsoft Internet Explorer, and for the URL type in the IP address of the server computer followed by a colon and the port ID 8040. For example, if the IP address of the server computer is 10.15.20.25, then you would enter 10.15.20.25:8040 on the web browser address line. That will launch the client installation wizard and step you through the installation process.

If you have multiple HP ProCurve Manager servers in the network, when you install a remote client you will be prompted to select the server to which you want the client to attach. This server will be used each time the client program is launched. You can change the server that is being accessed by selecting the "ProCurve Manager Server Discovery" option that was included when you installed the client. From the Windows "Start" menu, select Programs ->HP ProCurve Manager ->HP ProCurve Manager Server Discovery

For PCM 1.6 (PCM-NNM version), the PCM Remote Client can only be installed on machines that have NNM Remote console installed. Once installed, the client will always connect to the server attached to the NNM remote console.

 

Configuring Client/Server Access Permissions

The ProCurve Manager server maintains a list of authorized clients that are permitted to log into the server. By default, when the ProCurve Manager server is installed, the only client allowed to log in is the client on the same system as the server--that is, no remote servers are allowed. This can be a problem for customers who are unaware of this security feature, because they will try to install remote clients using the browser, and will be unable to connect to the server after completing the client installation.

There are two files associated with HP ProCurve Manager client/server security that can easily be configured to allow access to any set of actual or potential clients. There are two ways that this file can be configured, depending on what you know about the clients that need to connect.

  • IP addresses

The access.txt file can be configured with a list of IP addresses specifying the clients that are authorized to log into the server. The file may contain as many addresses as needed, one IP address per line; or you may configure IP addresses with wildcards. DNS names are also allowed in the file, including DNS names with wildcards (this is useful for DHCP environments where a system's DNS name remains unchanged, although it's actual IP address may change from time to time). For example, below is an example of a valid access.txt file:

15.255.124.84

15.29.37.*

10.*.*.*

*.rose.hp.com

system1.hp.com

To add an entry, open the access.txt file, which can be found in the config directory ( C:\Program Files\Hewlett-Packard\PNM\server\config ). Be sure to edit the file using a text-based editor such as Notepad or Wordpad. Edit the file as necessary, one entry per line, then save it. It is NOT necessary to restart the server; the changes will take effect immediately.

  • Passwords

There are situations where it is not possible to know ahead of time what IP address a potential client will have. This is particularly the case in situations where the client comes in through some sort of VPN, where the IP address of the client is assigned externally. To solve this problem it is possible to add client passwords to the access.txt file that correspond to specially configured clients. Note that even though you will be modifying the same access.txt file as for method 1 (above), the two mechanisms can freely co-exist--that is, the access.txt file can contain a combination of IP addresses and passwords. To enable password access for a particular client, follow the following instructions:

  1. First you need to you must change an entry in the
    server\config\TyphoonServer.cfg file .
    This file is a text file and can be edited with Notepad or Wordpad. Look for the entry that reads " AUTHENTICATION=10 ", and change it to read " AUTHENTICATION=100 ". Save the file and restart the server (listed as "HP ProCurve Network Manager Server" in the services list).
  2. Edit the access.txt file as described above, but instead of entering an IP address, just enter the selected password (on a line by itself). Save the file. It is not necessary to restart the server. For example, if we set the password to "procurve":

procurve

*.rose.hp.com

system1.hp.com

  1. On the client (the client must already be installed), you must edit the riptide.cfg file. This file already has several entries in it. You must add a line similar to the following:

PASSWORD = your password

Do not change any of the other entries in the file, as they are necessary for the correct operation of the client.

A sample Riptide.cfg file, once edited with the password "procurve", would look like this:

LEASE_LENGTH = 40000
TRACING_PROPERTY_KEY = CoreServices.Main
MANUFACTURER = Hewlett-Packard
SERVICE_NAME = Typhoon
COMPONENT_DB = config/Components.prp
TRACING_DBFILE = config/Loggers.prp
NETWORK_DELAY = 25000
VERBOSE = true
PASSWORD = procurve

Once you have saved the riptide.cfg file, start the PCM Client and enter (select) the address of the PCM Server in the Direct address field of the "Search for Servers" dialog. The client should now connect successfully to the server.

Receiving Traps Using HP ProCurve Manager

A trap is an alert sent by a device via UDP protocol to notify one or more hosts that something has occurred. A device may send a trap when a link on a port comes up, when a device has received an excessive amount of errors, or when a device has detected an excessive amount of broadcasts. In order to receive traps from a particular device, the switch must be configured with the host's address. This accomplished in multiple ways, such as CLI SNMP, and ProCurve Manager.

When ProCurve Manager (server) starts up, it binds to port number 162. Port 162 is the port that all incoming traps arrive on. The problem arises when a previous process is already bound to that port, in which case ProCurve Manager will not be able to receive traps because the port is in use.

To resolve the problem, make sure no process is bound to port 162. Examples of applications that bind to port 162 are the Windows SNMP Trap Receiver Service*, TopTools, HP OpenView and MG-Soft MIB Browser Trap Ringer. In the event that a process was bound to port 162 when ProCurve Manager was started simply terminate the process and restart the ProCurve Manger (server). To restart the ProCurve Manager (server) in Windows 2k go to Control Panel->Administrative Tools-> Services. Double click on the HP ProCurve Network Manager Server, click the Stop button, and then click the Start button. In Windows XP/2003 go to Control Panel->Administrative Tools-> Services, double click on the HP ProCurve Network Manager Server, click the Stop button, and then click the Start button.

NOTE for PCM-NNM Version:

The above is not applicable for the PCM-NNM installation. PCM cannot bind to port 162 since it is already used by NNM.  All device traps and application events will be displayed on the NNM Alarm browser.

Using SSH instead of Telnet to remotely connect to a device

Telnet is a protocol used for connecting to remote devices or machines for administration. SSH is a protocol that allows the same functionality as Telnet but provides a secure connection to the remote device or machine.

PCM currently only allows the user to use the Telnet protocol to connect. Telnet sends all information between the client and the server in plain text. The situation may arise where a customer wants to connect to a device over a secure connection.

To resolve this problem:

  1. Open the file <Installation directory>\PCM\server\config\globalprops.prp with a text editor (Default installation directory is C:\Program Files\Hewlett-Packard) .
  2. Find the entry Global.DeviceAccess.Telnet.Command.
  3. Change the TelnetCommand value to the desired SSH program. Here are a few examples:

TelnetCommand=C:\ssh.exe

TelnetCommand=C:\Program Files\SSH\ssh.exe

TelnetCommand=C:\SSH\putty.exe -ssh

If the ssh program is run from a DOS prompt it may be necessary to precede the ssh command with the "start" command, for example:

TelnetCommand=start C:\ssh.exe

After the command has been changed save the file and close the text editor.

  1. PCM server needs to be restarted in order for the changes to take place.
  2. To restart the PCM server in Windows 2000 go to
    Control Panel->Administrative Tools-> Services .
    Double click on the ProCurve Manager Network Server, stop the service by pressing the Stop button, and then start the service by pressing the Start button.
  3. To restart the PCM server in Windows XP or 2003 go to
    Control Panel->Performance and Maintenance -> Administrative Tools-> Services .
    Double click on the PCM Manager Network Server, stop the service by pressing the Stop button, and then start the service by pressing the Start button.

NOTE

Before using SSH to connect to a device make sure that SSH is enabled on that device. Refer to the device manual on how to enable SSH support.

Changing the Telnet command is a global change, the command will be used to remotely connect to all devices.

 

Support for HP ProCurve Wireless Devices

For the HP ProCurve Wireless Access Point 420 devices, the PCM Switch Software Update utility will only work with switch software versions newer than 2.0.29

For the HP ProCurve Wireless Access Point 520wl devices, if you upgrade to version 2.4.5 of the switch software, the PCM Switch Software Upgrade utility will not allow your to "downgrade" to an earlier version of the switch software.

TACACS/TACACS+ Support for HP ProCurve Manager 1.6

New to HP ProCurve Manager Plus is the ability to use a TACACS+ user account when accessing HP ProCurve switches that support TACACS, through use of the CLI wizard.

Due to a limitation in the PCM 1.5 database, the TACACS+ user account MUST have the same password for login, as well as enable mode. A TACACS+ username and password allow access to the switch with user rights, and does not allow the user to view/modify the switch configuration; whereas, the enable password can provide manager access to the switch.

Other Known Issues

Installation

  • PCM/PCM+ and Terminal Services are not supported on same server
  • Un-installation of PCM 1.5 leaves the TLS_HPPNM process running.

Event Management

  • Series 93xx traps are not automatically received by the PCM Event Browser. The Agent IP address that is embedded in the SNMP PDU is not the IP address from which the device was discovered. To resolve the problem, run the following command from the CLI:

    snmp-server trap source ve 200
  • Traps will not be generated until modification of Thresholds in RMON Manager is done.
  • Syslog trims entries after 1000 events based on severity, so it trims the events with the lowest severity first.
  • Incomplete syslog message format for 2800 and 5300 series devices

VLAN Management

  • When deleting VLANs directly on the switch, a full discovery cycle must run before changes are displayed in the PCM user interface.
  • Creating VLANs in PCM may take several seconds to take effect on switch. To speed up the process, restart Discovery.
  • If you create a VLAN directly on the switch (not using PCM), PCM will discover the VLAN at the next discovery cycle. To speed up the process, restart Discovery.

Network Topology Maps

  • Links/Segments between network devices terminate in empty spaces on the map.

Traffic Monitor

  • Inability to view headers with Broadcasts/Multicast

PCM Management Server Services

  • PCM Management Server Services must be manually restarted if a network connection is lost.

Configuration Management

  • Configuration labels cannot be removed until the configuration is deleted.

 PCM-NNM synchronization component:

  • Devices deleted in PCM will not be deleted from NNM.
  • Changing subnets from Managed to Unmanaged on PCM will not be reflected in NNM.
  • If SNMP community names are changed on NNM, the change will be not be reflected in PCM until after the next SNMP synchronization cycle. To speed up this process use the manual SNMP synchronization process.

 

 

© Copyright 2003, 2004 Hewlett-Packard Development Company, L.P.
All Rights Reserved.

This document contains information which is protected by copyright. Reproduction, adaptation, or translation without prior permission is prohibited, except as allowed under the copyright laws.

Publication Number

November, 2004
Edition 1.0

Part #5990-8848

Trademark Credits

Microsoft, Windows, Windows 95, and Microsoft Windows NT are registered trademarks of Microsoft Corporation. Internet Explorer is a trademark of Microsoft Corporation.
Ethernet is a registered trademark of Xerox Corporation.
Netscape is a registered trademark of Netscape Corporation. Cisco® is a trademark of Cisco Systems, Inc.

Disclaimer

The information contained in this document is subject to change without notice.

HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.

Hewlett-Packard assumes no responsibility for the use or reliability of its software on equipment that is not furnished by Hewlett-Packard.

Warranty

See the Customer Support/Warranty booklet included with the product.

A copy of the specific warranty terms applicable to your Hewlett-Packard products and replacement parts can be obtained from your HP Sales and Service Office or authorized dealer.

Hewlett-Packard Company
8000 Foothills Blvd, m/s 5551
Roseville, CA 95747-5551
http://www.hp.com/go/hpprocurve