Procurve manual 2510

If you do not have physical access to the switch, you will need Manager-Level access: Enter the console at the Manager level. Removing password protection means to eliminate password security. This command prompts you to verify that you want to remove one or both passwords, then clears the indicated password s. This command also clears the username associated with a password you are removing. For example, to remove the Operator password and username, if assigned from the switch, you would do the following Reset Clear Figure Use of the Reset button alone, to simply reboot the switch, is not affected.

Page 38 Configuring Username and Password Security Front-Panel Security For example, show front-panel-security produces the following output when the switch is configured with the default front-panel security settings. Figure Shows password-clear enabled, with reset-on-clear disabled. When this feature is enabled, the switch allows management access through the password recovery process described below.

This provides a method for recovering from a lost manager username if configured and password. Once you gain access, you can configure a new, known password.

Page Client Options Web and MAC Authentication Overview password, and grants or denies network access in the same way that it does for clients capable of interactive logons. The process does not use either a client device configuration or a logon session. MAC authentication is well- suited for clients that are not capable of providing interactive logons, such as telephones, printers, and wireless access points.

Inbound traffic is processed by the switch alone, until authentication occurs. Progress Message During Authentication If the client is authenticated and the maximum number of clients allowed on the port client-limit has not been reached, the port is assigned to a static, untagged VLAN for network access. At the end of the session the port returns to its pre-authentication state.

The assigned port VLAN remains in place until the session ends. Clients may be forced to reauthenticate after a fixed period of time reauth-period or at any time during a session reauthenticate. Authenticator: In ProCurve switch applications, a device that requires a client or device to provide the proper credentials MAC address, or username and password before being allowed access to the network.

While this is not required for a Web- or MAC-based configuration, ProCurve recommends that you use a local user name and password pair, at least until your other security measures are in place, to protect the switch configuration from unauthorized access.

If a redirect URL is not specified, Web browser behavior following authentication may not be acceptable. Use the no form of the command to disable Web- based authentication on the specified ports.

This parameter is equivalent to the MAC age interval in a traditional switch sense. Page 65 Specifies the URL that a user is redirected to after a successful login. Use the no form of the command to remove a specified redirect URL. Page 71 Web and MAC Authentication Show Status and Configuration of Web-Based Authentication Syntax: show port-access [port-list] web-based [config [auth-server]] Shows Web Authentication settings for all ports or the specified ports, along with the RADIUS server specific settings for the timeout wait, the number of timeout failures before authentication fails, and the length of time between authentication requests.

Page 73 Web and MAC Authentication Show Status and Configuration of MAC-Based Authentication Syntax: show port-access [port-list] mac-based [config [auth-server]] Shows MAC Authentication settings for all ports or the specified ports, along with the Radius server specific settings for the timeout wait, the number of timeout failures before authentication fails, and the length of time between authentication requests.

Page Overview local access or Telnet remote access. You can assign local usernames and passwords through the CLI or Web browser inter- face. The following procedure outlines a general setup procedure. Page 81 Secondary using Local. You are placed directly into Operator or Manager mode, depending on your privilege level. This allows you to use the single login option. Optionally, it can also specify the unique, per-server encryption key to use when each assigned server has its own, unique key.

Page 96 To remove the In this case, the terminal is again prompted to enter a username and repeat steps 2 through 4. In the default configuration, the switch allows up to three attempts to authenticate a login session. In this case, all prompts for local authentication will request only a local password. However, if you use the CLI or the Web browser interface to configure usernames for local access, you will see a prompt for both a local username and a local password during local authentication.

Page Because this key is different than the one used for the two servers in the previous example, you will need to assign a server-specific key in the switch that applies only to the designated server: ProCurve config tacacs-server host For informa- tion on such messages, refer to the documentation you received with the application.

Page Overview For accounting, this can help you track network resource usage. Only one primary and one secondary access method is allowed for each access type. Consider both Operator login and Manager enable levels, as well as which secondary authentication methods to use local or none if the RADIUS authentication fails or does not respond. ProCurve recommends that you begin with the default five seconds. If you want to use this feature, select a dead-time period of 1 to minutes.

Default: 0—disabled; range: 1 - minutes. If your first-choice server was initially unavailable, but then becomes available before the dead-time expires, you can nullify the dead-time by resetting it to zero and then trying to log on again.

Default: 3; Range: 1 - Two of these servers use the same encryption key. In this case your plan is to configure the switch with the following global authentication parameters: Allow only two tries to correctly enter username and password.

Add the vendor Id number that you determined in step 4 in the example. Restart all Cisco services. This key overrides the global encryption key you can also configure on the switch, and must match the encryption key used on the specified RADIUS server. Because auth-port was not included in the command, the authentication UDP port is set to the default Both notices include the latest data the switch has collected for the requested accounting type Network, Exec, or System.

Optional Configure Session Blocking and Interim Updating Options These optional parameters give you additional control over accounting data. Does not include retransmissions. This does not include retransmissions. Also, when you add a new server IP address, it is placed in the highest empty position in the list.

Because the switch places a newly entered address in the highest-available position, this address becomes first in the list. Re-enter Because the only position open is the third position, this address becomes last in the list. Try pinging the server to determine whether it is accessible to the switch. Page Overview Enabling user authentication Disabled page The ProCurve switches covered in this guide use Secure Shell version 2 SSHv2 to provide remote access to management functions on the switches via encrypted paths between the switch and management station clients capable of SSH operation.

This option is a subset of the client public-key authentication show in figure Each pair includes a public key, that can be read by anyone and a private key, that is held internally in the switch or by a client. If you want client public-key authentication page , then the client program must have the capability to generate or import keys.

Table Switch Preparation Assign a login Operator and enable Manager password on the switch page Connect power to the switch page Once the switch is mounted,. Connect the network cables pa ge Using the appropriate. Connect a console to the switch optional - page Y ou may wish. Configuration changes. At this point, the switch is fully installed. See the rest of this chapter if you.

See the following table for cable typ es. Twisted- Pair Cables. Category 5 or better, ohm UTP or shielded. Note: The Switch G Series dev ices are. Note: For Mbps operati on, all four wire. See Figure. Multimode fiber-optic cables designed for. Gigabit Ethernet: Single-mode fiber -optic cables designed for. Type B 1 standards. The multimode cables s pecified for the Gigabit-.

The same single-mode fiber-optic cables as for. Gigabit-LH - The transmission distances are depende nt on the particular fiber loss and couplin g loss involved, among. For dista nces less than 20km, a 10dB attenuator must. For distances betw een 20km and 40km, a 5dB attenuator must be used.

Attenuators can be purchased from. Multimode fiber-optic cabl es fitted with LC. Half duplex operation is. The FX. SFP transceiver can operate at half duplex. When this manual was printed, the supported mini-GBIC s include the. Should you require additional. Sales and Service Offi ce or authorized dealer. Installing the mini- GBICs:. Remove the protective plastic cover and retain it for later use. Hold the mini-. GBIC by its sides and gently insert it into either of the slots on the switch unti l.

Avoid direct eye. Removing the mini -GBICs. To rem ove the mini-GBICs that have t he plastic tab or plastic collar , push the. To remove the mini-GBICs that have the wire bail, lower the bail until it is. Replace the protective pl astic cover. If you have any mini-GBICs i nstalled in the switch, the type of network.

For mini-GBICs ports, and in general for all t h e switch ports, when a network. If the port LED does not go on when the network. Verify the Switch Passes Self T est. Before mounting the switch in its ne twork location, you should first verif y it. Connect the power cord supplied with the switc h to the power connector. Connecting the pow er cord. Note The Switch G Series devices do not have a power switc h.

They are. For safety, the power outlet should be located near the switch instal-. The switch automatically adjusts to any voltage between volts an d. No voltage r ange settings are required. If your installation requires a diff erent power cord than the one supplied with. Th e mark. Check the L EDs on the switch a s described belo w. When the switch is powered on, it performs its diagnostic self test. Most of the LEDs go off.

The default view mode Link , the LEDs should be on and the. Mode LEDs will flicker if there is network activity. If the LED display is diffe rent than what is describe d above, especially if. Refer to chapter 4,. After the switch passe s self test, you are read y to mount the switch in a stab le. The Switch G Ser ies devices can be mounted in these ways:. Note that. Secure the r ack in accordance.

The screws supplied with the switch are the correct threading f or. If you are installing the switch in an. Complete step 1, and plan which four holes you will be using in the cabinet.

Then proceed to step 2. Use a 1 Phillips cross-hea d screwdriver and attach the mounting. Example of attac hing mounting brackets. Note The mounting brackets have multiple mounting holes and can be rotated. These inc lude mounting the. Hold the switch wit h attached bracket s up to the rack and move it. Example of mount ing in a rack. A ve rtical wall mount orientation is. The JA port switch ca n be wall mounted with either th e RJ ports. A vertical wall mount orientation.

Example of wall mounting the Switch G Place the switch on a table or other hor izontal surface. The switch comes with. Attach the rubber feet to the four corners on the bottom of the switch within. Use a sturdy surf ace in an uncluttered ar ea. Caution Make sure the air flow is not restricted around the sides and back of the swit ch. See Figure 2- 1 on page for the. Re-check the LEDs during self test. Push the RJ plug into the RJ jack.

If the Link LED does not go on when the. Connecting Network Cables. The switch has a full-feat ured, easy to use console int erface for performing. The console can be accessed through the se methods:. This metho d requires that. For more. The Switch can simultaneously support one out-of -band console session. Termi nal Configuration.

To conn ect a console to the switch, conf igure the PC terminal emulator a s a. If you want to operate the console using a differ ent configuration, make sure. Change the switch settin gs first, then save the terminal settings,. To conn ect a console to the.

Connect the PC or. If your. Turn on the terminal or. Press [Enter] two or three. Press a key, and you will then see. If you want to continue wi th console management of the swit ch at this time,. For more detailed information, refer to the Management and Configuration.

Guide, which is availabl e on the ProCurve W eb site www. Connecting the console cable. The console cable has an RJ m ale connector on one end and a DB-9 female.

Table describes the ma pping of the RJ to. RJ to DB-9 pinouts. Mapping of RJ to DB Sample Network To pologies. Sample Network T opologies. This section shows a few sample network topologie s in which the Switch is. For more topology informa tion, see the ProCurve networking. Basic desktop configuration. The Switch is designed to be used primarily as a deskto p switch to which end. Notice that the end node devic es are.

Segment network configuration. The Switch also works well as a segment switch. That is, with its high. The devices attached to the. They can. Category 3 or 4 cable can also b e used if the connection is 10 Mbps only. In all. The switch, in turn, can be connected to a netw ork backbone through fiber-. Now , all the devices on these network segme nts can access other. Networking to a gigabit ethernet backbone. ProCurve Switch G Fast Ethernet Swi tch. ProCurve Switch zl Gigabit link use fiber if over meters.

The simpler desktop and segment networks show n in the previous two. For example, you coul d use. All the devices in this network. With a Gigabit-SX Module, for example, in. Note In the Backbone Switch illustration, the Mbps fiber-optic connection.

The Switch G Series de vices can be connected togeth er, through stan dard. Up to Up to 15 other switches in the n etwork can then easily be configured as. Commander and to each Member switch through the Commander. For more information on s tacking Switches, please see the Management and. Configuration Guide , which is available on the ProCurve Web site.

Example of stacking switches. Gigabit link use fiber if over meters. ProCurve Switch G This chapter is a guide for u sing the console Switch Setup scree n to quickly.

Manager password, and, optionally, configure other basic features. For more information on using the switc h console and the other switch. Management and Configuration Guide, which is available on the ProCurve. Web si te www. In the factory default configuration , the switch has no IP Internet Protoc ol.

In this state, it can be managed. To manage the switch through in-. Also, you should configure. Other pa rameters in the Switch Setup scre en can be left at. Once an IP address has been con fig-. For a listing of switch features available with and without an IP.

Management and Configuration Guide. Note By default, the switch is con figured to acquire an IP address config uration. The quickest and easiest way to minimally configure the s witch for manage-. Using the method d escribed in the preceding sectio n, connect a terminal.

The CLI prompt appears displaying the switch model num ber,. At the prompt, enter the setup command to display t he Switch Setup.

The following illustration shows the S etup screen with the default. Use the [Tab] key to select the Manager P assword field and enter a ma nager. Manual option. Press [ Enter] , then [S] for S ave. Here is some information on the fiel ds in the Setup screen. For more inform a-. System Name blank Optional; up to 25 characters, i ncluding spaces. System Contact blank Optional; up to 48 characters , including spaces.

Manager Password blank Recommended; up to 16 characters no blank spaces. Time Zone 0 none Optional; to The number of minutes your location is to the West -. Community Name public Default setting recommended. Default Gateway blank Optional; Enter the IP address of the next-hop g ateway node if network traffic. The o ptions. IP Address xxx.

Note: The IP address and subnet mask assigne d for the switch must be compatible with the IP addressing us ed in. For more inf ormation on IP addressing, see the Management and Configuration Guide, which is available. Subnet Mask xxx. The above procedure configures your switch with a Manager password, IP.

As a result, with the proper net work connections,. Some basic information on managing your switch is inc luded in the next. For more information on the con sole, web browser, and SNMP. Switch G Series devices, please see the Manag ement and Configuration. Starting a T elnet Sess ion. To access th e switch through a T e lnet session, follow these steps:. Make sure the switch is config ured with an IP address and that the sw itch. Start the Telnet program on a PC t hat is on the same s ubnet as the switch.

Press a key , and you will then see the switc h console command. Enter help or? Entering any command f ollowed by help provides more detai led. Entering any comman d. Starting a W eb Browser Session. The Switch G Series devic es, can be managed through a graphic al inter-. No additional software installation is required to make this interface available;. A typical web browser interface screen is shown in the next illu stration. For more information on using the we b browser interface, please see the.

An extensive help system is also a vailable for the web browser interfa ce. This chapter describes how to trouble shoot the Switch G Series devices. This document describes troubleshooting mostly from a hardware. You can perform more in-depth troubleshooting on the Switch.

Basic Troubleshooting T ips. Most problems are caused by the follo wing situations. Check for these items. That is, when connecting t o. Basic Troubleshoo ting Tips. Because the Switch G Seri es devices behave in this way in. The resul t will be high error rates and very. Make sure all devices connec ted to the Switch G Series devices are. Look for loose or obviously faulty connections.

Interesting, I haven't played with the but and higher have SSH enabled by default. Beginning Nov 15, , the Networking Forum discussion boards moved to the Aruba Airheads community.

Click here to learn more. Resources Announcements Email us Feedback. Log In. New Discussion. ProCurve Switch G configure connection https and telnet. Hi, i've a switch HP, i want to change the browsing from http to https and open the connection instead of telnet the connection: SSH port 22 I tried to check the configuration but i think for change this parameter is need a command line, someone can help me Regards Santino Solved!

All forum topics Previous Topic Next Topic. Esteemed Contributor. By default, telnet, ssh, and http are enabled on the switch. Tags: certificate.