Switch HP Procurve
Testé sur Procurve 2650 et 2524 version H.10.119
- Connexion au Switch
- Commandes de base
- Mettre à jour le firmware
- Supprimer la configuration
- Supprimer le mot de passe admin
- Configuration des VLAN
- Configuration VLAN voix, LLDP et QOS
- Configuration de Telnet, SSH et WEB
- Configuration de l'agrégation de liens
- Configuration du NTP
- Configuration de Syslog
- Configuration des ports
- Configuration de Port-security
- Configuration du STP
- Configuration du DHCP
- Configuration de la bannière
- Configuration du 802.1X
- Configuration du SNMP
- Importer et Exporter la configuration via TFTP
- Gestion de la table ARP
Connexion au Switch
Pour vous connecter au switch en port console, il vous faut un câble série DB9 femelle - femelle :
- Bits : 9600
- Data bits : 8
- Parity : none
- Stop bits : 1
- Flow control : none
Commandes de base
Sauvegarder la configuration
Procurve switch 2650# write memoryAfficher la configuration
Procurve switch 2650# show running-configPasser en mode config
Procurve switch 2650# configure terminalRedémarrer
Procurve switch 2650# reloadRenommer le switch
Procurve switch 2650# hostname <name>Passerelle
Procurve switch 2650# ip default-gateway 192.168.1.1Mettre à jour le firmware
Etape 1 : Vérification de la version
Procurve switch 2650# show version
Image stamp: /sw/code/build/fish
Mar 31 2016 17:59:24
H.10.119
38
Boot Image: Primary
Procurve switch 2650#Etape 2 : Entrer dans le menu
Procurve switch 2650# menuProCurve Switch 2650 1-Jan-1990 0:16:54
==========================- CONSOLE - MANAGER MODE -============================
Main Menu
1. Status and Counters...
2. Switch Configuration...
3. Console Passwords...
4. Event Log
5. Command Line (CLI)
6. Reboot Switch
7. Download OS
8. Run Setup
9. Stacking...
0. Logout
Provides the menu to display configuration, status, and counters.
To select menu item, press item number, or highlight item and press <Enter>.Etape 3 : Configurer le mode TFTP
ProCurve Switch 2650 1-Jan-1990 0:18:18
==========================- CONSOLE - MANAGER MODE -============================
Download OS
Current Software revision : H.10.119
Method [TFTP] : TFTP
TFTP Server : 192.168.1.100
Remote File Name : H.10.119
Actions-> Cancel Edit eXecute Help
Edit the fields displayed above.
Use arrow keys to change action selection and <Enter> to execute action.Entrez l'adresse IP du serveur TFTP ainsi que le nom du ficher a uploader. Puis cliquez sur : eXecute
Une fois le processus terminer, redémarrez le switch.
Supprimer la configuration
Supprimer la configuration
Procurve Switch 2650# erase startup-configSupprimer la configuration avec le bouton RESET
Vous pouvez aussi supprimer la configuration en appuyant sur le bouton RESET sur la façade du switch
Supprimer le mot de passe admin
Pour supprimer le mot de passe admin du switch, il faut appuyer sur le bouton CLEAR situé sur la façade du switch. Celui-ci effacera uniquement le mot de passe admin.
Configuration des VLAN
Virtual Local Area Network
Augmenter le nombre max de vlan
Procurve switch 2650(config)# max-vlan 100
Command will take effect after saving configuration and rebootPar défaut, le nombre max de vlan est de 8
Création d'un VLAN
Procurve switch 2650(config)# vlan 100 name voix
Procurve switch 2650(config)# vlan 101 name data
Procurve switch 2650(config)# vlan 102 name wifiSuppression d'un VLAN
Procurve switch 2650(config)# no vlan 102Ajouter un port non taggué à un VLAN
Procurve switch 2650(config)# vlan 100
Procurve switch 2650(vlan-100)# untagged ethernet 1
Procurve switch 2650(vlan-100)# untagged ethernet 10-12Ajouter un port taggué à un VLAN
Procurve switch 2650(config)# vlan 101
Procurve switch 2650(vlan-101)# tagged ethernet 2
Procurve switch 2650(vlan-101)# tagged ethernet 20-22Assigner une adresse IP à un VLAN
Procurve switch 2650(config)# vlan 1
Procurve switch 2650(vlan-1)# ip address 192.168.1.100 255.255.255.0Configurer un port en mode mixte
Procurve switch 2650(config)# vlan 100
Procurve switch 2650(vlan-100)# tagged ethernet 30
Procurve switch 2650(vlan-100)# exit
Procurve switch 2650(config)# vlan 101
Procurve switch 2650(vlan-101)# untagged ethernet 30Configuration en mode Trunk
ProCurve Switch 2650(config)# vlan 100
ProCurve Switch 2650(vlan-100)# tagged ethernet 48
ProCurve Switch 2650(vlan-100)# exit
ProCurve Switch 2650(config)# vlan 101
ProCurve Switch 2650(vlan-101)# tagged ethernet 48
ProCurve Switch 2650(vlan-100)# exit
ProCurve Switch 2650(config)# vlan 102
ProCurve Switch 2650(vlan-101)# tagged ethernet 48
ProCurve Switch 2650(vlan-101)# exitTagger tous les VLAN sur le même port
Vérification
Procurve switch 2650# show vlan
Status and Counters - VLAN Information
Maximum VLANs to support : 100
Primary VLAN : DEFAULT_VLAN
Management VLAN :
802.1Q VLAN ID NAME Status Voice
-------------- ---------- ---------- ------
1 DEFAULT_VLAN Port_based No
100 voix Port_based No
101 data Port_based NoProCurve Switch 2650# show vlan ports Ethernet 48
Status and Counters - VLAN Information - for ports 48
802.1Q VLAN ID Name Status Voice
-------------- ------------ ------------ -----
1 DEFAULT_VLAN Port-based No
100 data Port-based No
101 voix Port-based NoConfiguration VLAN voix, LLDP et QOS
Configuration d'un VLAN voix
Procurve switch 2650(config)# vlan 100
Procurve switch 2650(vlan-100)# voiceProCurve Switch 2650# sh vlan
Status and Counters - VLAN Information
Maximum VLANs to support : 8
Primary VLAN : DEFAULT_VLAN
Management VLAN :
802.1Q VLAN ID Name Status Voice
-------------- ------------ ------------ -----
1 DEFAULT_VLAN Port-based No
100 voice Port-based Yes
101 data Port-based NoActivation du LLDP
Procurve switch 2650(config)# lldp runProCurve Switch 2650(config)# no lldp runConfiguration de la QOS
ProCurve Switch 2650(config)# qos type-of-service diff-servicesConfiguration de Telnet, SSH et WEB
Configuration de SSH
Secure Shell
Procurve switch 2650(config)# crypto key generate ssh
Installating new RSA key. If the key/entropy cache is depleted, this could take up to a minute.
Procurve switch 2650(config)# ip ssh
Procurve switch 2650(config)# ip ssh timeout 120
Procurve switch 2650(config)# ip ssh version 2
Procurve switch 2650(config)# ip ssh port 22Vérification
Procurve switch 2650(config)# show ip ssh
SSH Enabled : Yes
SSH Version : 2
TCP Port Number : 22
Timeout (sec) : 120
Server key Size (bits) : 512
Secure Copy Enabled : NoConfiguration de TELNET
Terminal Network
Procurve switch 2650(config)# telnet-serverVérification
Procurve switch 2650(config)# show telnet
Telnet Activity
Session Privilege From To
------- --------- --------- ----------
** 1 Manager ConnsoleConfiguration WEB
Procurve switch 2650(config)# web-managementen HTTPS :
Procurve switch 2650(config)# crypto key generate cert 512
Procurve switch 2650(config)# web-management sslPlugins JAVA obligatoire pour l'utilisation du WebGUI
Configuration de l'agrégation de liens
LACP
switch1(config)# trunk 42-43 trk1 lacpswitch2(config)# trunk 42-43 trk1 lacp activeStatique
Procurve switch 2650(config)# trunk 1-2 trk1 trunkConfiguration du NTP
NTP: Network Time Protocol
Introduction
Pour effectuer une synchronisation NTP, il faut tout d'abord que le switch puisse aller sur internet
Procurve switch 2650# configure terminal
Procurve switch 2650(config)# vlan 1
Procurve switch 2650(vlan-1)# ip address 192.168.1.100 255.255.255.0
Procurve switch 2650(vlan-1)# exit
Procurve switch 2650(config)# ip default-gateway 192.168.1.1
Procurve switch 2650(config)# Configuration du SNTP
Procurve switch 2650(config)# timesync sntp
Procurve switch 2650(config)# sntp server 194.2.0.28
Procurve switch 2650(config)# sntp unicastVérification
Procurve switch 2650# show sntp
SNTP Configuration
Time Sync Mode: sntp
SNTP Mode: unicast
Poll Interval (sec) [720] : 720
IP Address Protocol Version
------------- ----------------
194.2.0.28 3
Procurve switch 2650# show time
Sun Dec 12 10:29:05 2021Configuration du NTP
Procurve switch 2650(config)# ip timep manual 194.2.0.58
Procurve switch 2650(config)# timesync timepVérification
Procurve switch 2650# show timep
Timep Configuration
Time Sync Mode: Timep
TimeP Mode [Disabled] : Manual Server Address : 194.2.0.58
Poll Interval (min) [720] : 720
Procurve switch 2650# show time
Sun Dec 12 10:37:16 2021Configuration statique
ProCurve Switch 2650(config)# time 09:56
Mon Jan 1 09:56:36 1990
ProCurve Switch 2650(config)# time 05/14/2022
Sat May 14 09:56:50 2022Configuration de Syslog
Transmission de journaux
Configuration de Syslog
Procurve switch 2650(config)# logging facility syslog
Procurve switch 2650(config)# logging 192.168.1.200Vérification
Procurve switch 2650# show loggingConfiguration des ports
Introduction
Nous allons voir comment configurer les ports du switch
Vitesse
Procurve switch 2650(config)# interface ethernet 40
Procurve switch 2650(eth-40)# speed-duplex 100-full
Procurve switch 2650(eth-40)# speed-duplex 100-halfDescription
Procurve switch 2650(eth-40)# name "To switch"POE
Procurve switch 2650(eth-40)# power-overethernet
Procurve switch 2650(eht-40)# no power-overethernetActivation et désactivation
Procurve switch 2650(eth-1)# enable
Procurve switch 2650(eth-1)# disableConfiguration de Port-security
Configuration de port-security
ProCurve Switch 2650(config)# port-security ethernet 48 learn-mode
continuous Continuous MAC address learn mode.
static Static MAC address learn mode.
configured Static MAC address configured mode.
port-access Learn port-access authorized MAC address only.
limited-continuous Limited continuous MAC address learn mode.Limite d'adresse MAC
ProCurve Switch 2650(config)# port-security ethernet 48 address-limit <NB Adresses MAX>Alarme
ProCurve Switch 2650(config)# port-security ethernet 48 action
none
send-alarm
send-disableFixer une adresse MAC
ProCurve Switch 2650(config)# port-security ethernet 48 mac-address 00:00:00:00:00:01Expiration de l'adresse MAC avant nouvelle apprentissage
ProCurve Switch 2650(config)# mac-age-time 60 Vérification
ProCurve Switch 2650(config)# show port-security ethernet 48
Port Security
Port : 48
Learn Mode [Continuous] : Continuous
Action [None] : NoneConfiguration du STP
Activation
ProCurve Switch 2650(config)# spanning-tree
The best practice recommendation by HP Networking is
to enable MSTP or MSTP in forced RSTP operation.Mode RSTP
ProCurve Switch 2650(config)# spanning-tree force-version rstp-operationPour forcer le switch en Root Bridge
ProCurve Switch 2650(config)# spanning-tree priority 0Admin Edge
C'est l'équivalent du port-fast de Cisco
ProCurve Switch 2650(config)# spanning-tree ethernet 1 admin-edge-portVérification
ProCurve Switch 2650(config)# show spanning-tree
Rapid Spanning Tree (RSTP) Information
STP Enabled : Yes
Force Version : RSTP-operation
Switch Priority : 0 Hello Time : 2
Max Age : 20 Forward Delay : 15
Topology Change Count : 0
Time Since Last Change : 103 mins
Root MAC Address : 001560-190f00
Root Path Cost : 0
Root Port : This switch is root
Root Priority : 0Configuration du DHCP
DHCP Relay
ProCurve Switch 2650(config)# vlan 101
ProCurve Switch 2650(vlan-101)# ip helper-address 192.168.1.199Avec option 82
ProCurve Switch 2650(config)# dhcp-relay option 82
append Specifies that the option 82 field should be appended to
client DHCP packet.
drop Specifies that the DHCP packet will be dropped
unconditionally, if option 82 field(s) already exists in
the client DHCP packet.
keep Specifies that no option 82 field will be added or
replaced, if option 82 field(s) already exists in the
client DHCP packet.
replace Specifies that any existing option 82 fields will be
replaced with switch option 82 field for client DHCP
packet.
validate Specifies the validation for server response.DHCP Snooping
Activation
ProCurve Switch 2650(config)# dhcp-snoopingAutoriser un serveur DHCP
ProCurve Switch 2650(config)# dhcp-snooping authorized-server 192.168.1.200Activation sur un vlan
ProCurve Switch 2650(config)# dhcp-snooping vlan 200Vérification
ProCurve Switch 2650# show dhcp-snooping
ProCurve Switch 2650# show dhcp-snooping statsConfiguration de la bannière
Configuration
ProCurve Switch 2650(config)# banner motd #
Enter TEXT message. End with the character'#'
authorized only #
ProCurve Switch 2650(config)#Configuration du 802.1X
Configuration du RADIUS
ProCurve Switch 2650(config)# radius-server host 192.168.1.50
ProCurve Switch 2650(config)# aaa authentication port-access eap-radiusActivation sur des ports
ProCurve Switch 2650(config)# aaa port-access authenticator 15
LACP has been disabled on 802.1x port(s).Bascule de VLAN en cas d'échec d'authentification
ProCurve Switch 2650(config)# aaa port-access authenticator 15 unauth-vid 200
ProCurve Switch 2650(config)# aaa port-access authenticator 15 client-limit 5Activation
ProCurve Switch 2650(config)# aaa port-access authenticator activeVérification
ProCurve Switch 2650(config)# show port-access authenticator
Port Access Authenticator Status
Port-access authenticator activated [No] : Yes
Allow RADIUS-assigned dynamic (GVRP) VLANs [No] : No
Current Current Cntrl
Port Status VLAN ID Port COS Dir
---- ------ -------- ----------- -----
15 Closed 1 No-override bothConfiguration du SNMP
SNMP v1 et v2
Activation
ProCurve Switch 2650(config)# snmp-server enableProCurve Switch 2650(config)# no snmp-server enableConfiguration de la communauté
ProCurve Switch 2650(config)# snmp-server community publicInformations
ProCurve Switch 2650(config)# snmp-server location BAIE1
ProCurve Switch 2650(config)# snmp-server contact AdminAutorisation
ProCurve Switch 2650(config)# ip authorized-managers 192.168.1.1 255.255.255.0 access operatorServeur SNMP
ProCurve Switch 2650(config)# snmp-server host 192.168.1.200Vérification
ProCurve Switch 2650# show snmp-server
SNMP Communities
Community Name MIB View Write Access
---------------- -------- ------------
public Manager Unrestricted
test Operator Restricted
Trap Receivers
Link-Change Traps Enabled on Ports [All] : All
Send Authentication Traps [No] : No
Address Community Events Sent Notify Type Retry Timeout
--------------------- --------------- ----------- ----------- ----- -------
Excluded MIBs
Snmp Response Pdu Source-IP Information
Selection Policy : Default rfc1517
Trap Pdu Source-IP Information
Selection Policy : Default rfc1517SNMP v3
Activation
ProCurve Switch 2650(config)# snmpv3 enable
SNMPv3 Initialization process.
Creating user 'initial'
Authentication Protocol: MD5
Enter authentication password: ********
Privacy protocol is DES
Enter privacy password: ********
User 'initial' is created
Would you like to create a user that uses SHA? y
Enter user name: dunn
Authentication Protocol: SHA
Enter authentication password: ********
Privacy protocol is DES
Enter privacy password: ********
User creation is done. SNMPv3 is now functional.
Would you like to restrict SNMPv1 and SNMPv2c messages to have read only
access (you can set this later by the command 'snmp restrict-access'): y
ProCurve Switch 2650(config)#Configuration
ProCurve Switch 2650(config)# snmpv3 user <user> auth sha <MDP> priv aes <MDP>
ProCurve Switch 2650(config)# snmpv3 group <groupe> user <user> sec-model ver3Vérification
ProCurve Switch 2650# show snmpv3 enable
ProCurve Switch 2650# show snmpv3 user
ProCurve Switch 2650# show snmpv3 groupImporter et Exporter la configuration via TFTP
Exporter la configuration vers un serveur TFTP
ProCurve Switch 2650# copy startup-config tftp 192.168.1.200 config.txtImporter la configuration depuis un serveur TFTP
ProCurve Switch 2650# copy tftp startup-config 192.168.1.200 config.txt
Device may be rebooted, do you want to continue [y/n]? yGestion de la table ARP
Voir la table ARP
ProCurve Switch 2650# show arp
IP ARP table
IP Address MAC Address Type Port
--------------- ----------------- ------- ----
192.168.1.10 00:00:00:00:00:01 ARPA e1Vider la table ARP
ProCurve Switch 2650# clear arp