Quantcast
Channel: Web and Unmanaged topics
Viewing all 1308 articles
Browse latest View live

HP1500 (JG962A) - SSL Certificate ignored

September 6, 2019, 6:40 am
$
0
0

Dear all,

I've a new HP1500 (JG962A) Switch and want to install my own certificate from from our interal Company CA. Therefore I setup the PKI like the following:

PKI Entity:
- Entity: "switch05"
- Common Name: switch05.company.local

PKI-Domain:
- Domain name: "company-ca"
- PKI entity: "switch05"
- Extension for certificate: SSL Server, SSL Client

SSL Server Policy:
- Policy name: switch05
- PKI domain: "company-ca"
Ciphersuites: all checked
- Client verify: Disabled

I installed our root certificate and the certificate for "switch05.company.local" to the PKI Domain successfully. I activated the HTTPS Service, saved the config and reboot the switch.

Now the problem: I always got the self-signed certificate in the browser view. Everthing I do I always get the self signed certificate. Why? And how can I tell the switch to use my PKI domain "company-ca" for the HTTPS service.

I have other switches like HP6600 or HPE V1910-48G and no problems to install it. The HPE V1910 is very similar to the HP1500 (e.g. create PKI etc.) and it works very well.

Here my confiuration:

#
version 7.1.070, Release 3208P16
#
sysname switch05
#
clock timezone Brussels add 01:00:00
clock summer-time FDT 02:00:00 March last Sunday 03:00:00 October last Sunday 01:00:00
clock protocol ntp
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 1
#
dns server 10.0.x.x
dns server 10.0.x.x
#
transceiver phony-alarm-disable
password-recovery enable
#
vlan 1
#
interface NULL0
#
interface Vlan-interface1
ip address 10.0.x.x 255.255.x.x
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
#
interface GigabitEthernet1/0/12
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
#
interface GigabitEthernet1/0/16
#
interface GigabitEthernet1/0/17
#
interface GigabitEthernet1/0/18
#
interface GigabitEthernet1/0/19
#
interface GigabitEthernet1/0/20
#
interface GigabitEthernet1/0/21
#
interface GigabitEthernet1/0/22
#
interface GigabitEthernet1/0/23
#
interface GigabitEthernet1/0/24
#
interface Ten-GigabitEthernet1/0/25
#
interface Ten-GigabitEthernet1/0/26
#
interface Ten-GigabitEthernet1/0/27
#
interface Ten-GigabitEthernet1/0/28
#
scheduler logfile size 16
#
line class aux
authentication-mode scheme
user-role network-admin
#
line class vty
authentication-mode scheme
user-role network-operator
#
line aux 0
user-role network-admin
#
line vty 0 63
user-role network-operator
#
snmp-agent
snmp-agent local-engineid 8000000000001
snmp-agent community write private
snmp-agent community read public
snmp-agent sys-info contact
snmp-agent sys-info location
snmp-agent sys-info version all
#
ssh server enable
#
sntp enable
sntp unicast-server 10.0.x.x
sntp unicast-server 10.0.x.x
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash xxxxxxxxxxx
service-type ftp
service-type telnet http https pad ssh terminal
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
pki domain company-ca
certificate request entity switch05
public-key rsa general name switch05 length 2048
usage ssl-client
usage ssl-server
undo crl check enable
#
pki entity switch05
common-name switch05.company.local
#
ssl server-policy switch05
pki-domain company-ca
ciphersuite rsa_aes_128_cbc_sha rsa_des_cbc_sha rsa_rc4_128_md5 rsa_rc4_128_sha rsa_3des_ede_cbc_sha rsa_aes_256_cbc_sha exp_rsa_rc4_md5 exp_rsa_rc2_md5 exp_rsa_des_cbc_sha dhe_rsa_aes_128_cbc_sha dhe_rsa_aes_256_cbc_sha
#
ip http enable
ip https enable
web idle-timeout 60
#
return

 

 

Search

1920S 24G Access the IP management through another VLAN

September 11, 2019, 7:49 am
$
0
0

Hello all.

I'm starting to work with 1920S switchs and want to remote management the Switch through a different VLAN. 

Example: I have configured 2 VLAN in the Switch. VLAN 103 its for my hosts and VLAN 254 its for management. I create a VLAN inferface with de IP 10.32.255.45 to VLAN 254 and connect this switch to my core through SFP. When I used a host in VLAN 254 (ex: 10.35.255.60) I was able to access the management interface correctly, but with a host in the VLAN 103 (103..100.0.1) I cannot ping or access the Switch. this not happend with my 1950 that are already configured.

Its possible to access de management IP in another VLAN than the management VLAN configured?

Thanks in advance.

HP 1820 Static LACP Inqure

September 13, 2019, 12:24 pm
$
0
0

Hello, 

I want to confirm if this is possible as based on the reading I did, this should not be possible or I am understanding this incorrectly. 

I currently have one HP 1820 48G switch setup up and connecting to two core switches that are 1920S. 

Both of these cores switches are connected to one firewall. 

The HP 1820 48G I have configured port 47 and 48 LACP Static and connecting port 47 to one switch and port 48 to another switch (Just to test and see if this acually works) 

I am able to connect two seperate switches and have it load balance all traffic comming from the access switch to these two cores. 

 

Upon testing it does appear that this conifguration seems to work. I know LACP is suppose to be used between another switch, but it is standard practice to have it connected to 2 switches from on truck? 

 

I linked to the drawing for a better understanding on this. 

https://imgur.com/Nwc3Q4m

 

Thanks

 

 

V1910: Set management VLAN and IP from CLI

October 13, 2018, 2:14 pm
$
0
0

Hi,

Somebody here has messed up the web management setup for one of our V1910 (probably altered management VLAN to other than VID 1).  I have access to CLI and I need to know how to set the following from CLI:

Port 01 set to Untagged VID 1

Webinterface management VLAN set to VID 1

The CLI command ipsetup, does it set the webinterface management IP?

Thanks a LOT for help or comments on this

best regards Tor

HP Switch 1920s - ring setup.

October 14, 2018, 10:16 am
$
0
0

The company has a network of several switches (hp 1920s). All must connected by optics in the ring (sfs transceivers). If i close the ring - the network storm begins.
Please, tell me how to configure the ring in the web settings of the switch (setup a ring master or something like that).
I'm new.

Thanks.

HPe 1820 48G J9981A Management vlan problem

October 16, 2018, 5:45 am
$
0
0

Hello,

We are using two HPe 1820 switches.
There are multiple VLAN's configured on port 1 ( uplink ).
Also we have an managent vlan id ( 8 ), with no specific port connected.
Both switches have static IP's and we are able to use the webinterface to login.
After about a week or 2 none of both switches are reachable anymore on there static IP, but the rest is still working fine.

Does this happend to somebody else maybe?

Thanks in advance.

password HPE OFFICE CONNECT 1920S Series Swicht JL3851A

October 18, 2018, 8:13 pm
$
0
0

hello, I have a model swichte HPE OFFICE CONNECT 1920S Series Swicht JL3851A  I do not have the password, is there any way to recover it without resetting or factory defaults?

the swicht has vlans and I do not want to reset

can't configure Ethernet up-link from switch to switch

October 19, 2018, 11:12 pm
$
0
0

i have a new hpe 1920s switch, and i want the up-link to be from another hpe switch wich connected to my dhcp server, so i configured trunk on port 24 of my new switch and on port 48 of my old switch, and i configured the trunk port to be tagged for my all vlans which is 10, 100-108, 200, in both swirches.

and i configured the rest of the ports on my new switch on vlan 105, so the switch suppose to take the subnet 172.22.105.0. 

but it's not working, anyone can help me?

Search

HP 1920S 48G 4SFP ( JL382A) and 802.1X

October 21, 2018, 2:44 am
$
0
0

Hello,

I'm using the switch belong and I'm running PD.02.06 firmware, which is the newest. Here is my switch config:

!Current Configuration:
!
!System Description "HPE OfficeConnect Switch 1920S 48G 4SFP JL382A, PD.02.06, Linux 3.6.5-a07f8920, U-Boot 2012.10-00118-g3773021 (Oct 11 2016 - 15:39:54)"
!System Software Version "PD.02.06"
!System Up Time          "0 days 2 hrs 55 mins 11 secs"
!Additional Packages     HPE QOS,HPE IPv6 Management,HPE Routing
!Current SNTP Synchronized Time: Oct 17 13:20:38 2018 UTC
!
network protocol none
network parms 172.24.1.11 255.255.255.0 172.24.1.254
vlan database
vlan 2-5,42-43,126
vlan name 2 "VoIP"
vlan name 3 "Lab"
exit
ip http secure-server
ip http secure-protocol TLS1
ip ssh server enable
ip ssh protocol 2
configure
sntp client mode unicast
sntp server "192.168.100.254"
sntp server "192.168.100.38"
sntp server "192.168.100.39"
clock summer-time recurring EU offset 60
time-range Schedule-1
exit
time-range Schedule-2
exit
username "admin" password XXX level 15 encrypted
no username guest
dot1x system-auth-control monitor
aaa authentication dot1x default radius
authorization network radius
dot1x dynamic-vlan enable
voice vlan
radius accounting mode
radius server host auth "172.24.43.43" name "freeradius-virt"
radius server key auth "172.24.43.43" encrypted XXX
radius server primary "172.24.43.43"
radius server attribute 4 172.24.1.11
radius server host acct "172.24.43.43" name radius-virt
radius server key acct "172.24.43.43" encrypted XXX
radius server host acct "172.24.2.144" name freeradius-virt-2
radius server key acct "172.24.2.144" encrypted XXX
line console
exit
line telnet
exit
line ssh
exit
port-channel linktrap TRK 1
port-channel linktrap TRK 2
[…]
snmp-server sysname "here"
snmp-server location "Redroom"
snmp-server contact "me@mail.tld"
!
port-security
interface 1
mtu 9000
vlan participation exclude 3-4
vlan participation include 2,43
vlan tagging 2,43
exit
interface 2
voice vlan 2
dot1x pae supplicant
mtu 9000
vlan acceptframe admituntaggedonly
vlan participation include 2,43
vlan tagging 2,43
exit

According to the documentation I have to enable the Administrative Mode. 

First I tried it in the GUI: Enable it, clicking on save and then on apply. Each time, when I click on "apply" the ssh server and also the webserver get a timeout. The only way to restart the switch is to pull the power cable. After I'm online again and logged in, I notice, that the Administrative Mode is disabled. When I don't use "save config" and I just use "apply" it also freezes. That's the reason why I tried to configure the switch via SSH:

(HPE Routing) (Config)#show dot1x

Administrative Mode............... Disabled
VLAN Assignment Mode.............. Enabled
Dynamic VLAN Creation Mode........ Enabled
Monitor Mode...................... Enabled
EAPOL Flood Mode.................. Disabled

(HPE Routing) (Config)#dot1x ?

dynamic-vlan		 Configure dot1x dynamic vlan creation parameters.
eapolflood		 Enable/Disable EAPOL flood support on the switch.
port-control		 Set the authentication mode on the specified port.
system-auth-control	 Enable/Disable authentication support on the
switch.
user			 Add/Remove user from the list with access to the
			 specified port.

I'm missing a way to enable the Administrative Mode with dot1x. 

Can you give me an advise?

Thx

switch - startup-config deleted. How to insert into the machine

October 21, 2018, 11:34 pm
$
0
0

good afternoon
The configuration and backup files of my hp 1920-48G switch were deleted and the consequence of this action is that the device does not boot. I downloaded the files on the HP support website and they are saved to the pendrive. How do I copy them to the switch so that the device can boot normally 

HPE 1920-16G Switch : link status is UP and DOWN

October 23, 2018, 5:36 am
$
0
0

Hi,
since 2 days we're experiencing errors reported below:

Oct 23 14:28:27:925 2018 LLDP Information LLDP_CREATE_NEIGHBOR New neighbor created on Port GigabitEthernet1/0/9 (IfIndex 18907136), Chassis ID is 8c3b-ad22-acd0, Port ID is g13.
Oct 23 14:28:01:667 2018 MSTP Information MSTP_NOTIFIED_TC Instance 0's port GigabitEthernet1/0/9 was notified of a topology change.
Oct 23 14:28:01:652 2018 MSTP Information MSTP_DETECTED_TC Instance 0's port GigabitEthernet1/0/9 detected a topology change.
Oct 23 14:27:57:318 2018 MSTP Information MSTP_FORWARDING Instance 0's port GigabitEthernet1/0/9 has been set to forwarding state.
Oct 23 14:27:57:302 2018 IFNET Error LINK_UPDOWN GigabitEthernet1/0/9 link status is UP.
Oct 23 14:27:54:360 2018 IFNET Error LINK_UPDOWN GigabitEthernet1/0/9 link status is DOWN.
Oct 23 14:27:52:902 2018 LLDP Information LLDP_CREATE_NEIGHBOR New neighbor created on Port GigabitEthernet1/0/9 (IfIndex 18907136), Chassis ID is 8c3b-ad22-acd0, Port ID is g13.
Oct 23 14:27:52:881 2018 MSTP Information MSTP_NOTIFIED_TC Instance 0's port GigabitEthernet1/0/9 was notified of a topology change.
Oct 23 14:27:52:858 2018 MSTP Information MSTP_DETECTED_TC Instance 0's port GigabitEthernet1/0/9 detected a topology change.
Oct 23 14:27:52:462 2018 MSTP Information MSTP_FORWARDING Instance 0's port GigabitEthernet1/0/9 has been set to forwarding state.
Oct 23 14:27:52:445 2018 IFNET Error LINK_UPDOWN GigabitEthernet1/0/9 link status is UP.
Oct 23 14:27:49:576 2018 IFNET Error LINK_UPDOWN GigabitEthernet1/0/9 link status is DOWN.
Oct 23 14:27:00:911 2018 MSTP Information MSTP_NOTIFIED_TC Instance 0's port GigabitEthernet1/0/9 was notified of a topology change.
Oct 23 14:27:00:911 2018 MSTP Information MSTP_DETECTED_TC Instance 0's port GigabitEthernet1/0/9 detected a topology change.
Oct 23 14:26:57:435 2018 MSTP Information MSTP_FORWARDING Instance 0's port GigabitEthernet1/0/9 has been set to forwarding state.
Oct 23 14:26:57:418 2018 IFNET Error LINK_UPDOWN GigabitEthernet1/0/9 link status is UP.
Oct 23 14:26:54:610 2018 IFNET Error LINK_UPDOWN GigabitEthernet1/0/9 link status is DOWN.

 

This morning we updated firmware to latest version (JG923A-CMW520-R1120)  but problem persists.

Can somebody help me identifying what causes this issue?

Thanks in advance,

Andrea

hpe 1920s web management

October 27, 2018, 5:04 am
$
0
0

I have a new hpe 1920s switch  connected to my network by trunk uplink to another switch, i want to connect to the switch web management while i am connected at any other switch on my network, the managment port is port one, and the trunk connection is port 24, what should i do?

Problem change fan Adda AD0412UB-C52 to Noctua NF-A4x20 FLX in, HP V1910-24G-PoE (365w), JE007A.

November 4, 2018, 4:45 pm
$
0
0
I have a switch, HP V1910-24G-PoE (365w)  Switch  JE007A.
The switch has 6 fans.
Three in the internal power supply, AD0412UB-C52 making noice at high volume.
Three in the chassie Delta EFB0412HHD making noice at high volume
 
Tried to change all the "ADDA",  AD0412UB-C52 to Noctua NF-A4x20 FLX.
Tried to change all the "Delta" EFB0412HHD to Noctua NF-A4x20 FLX.
 
 
Problem:
When i power up the switch the problem starts.
All fans are running intermittent, on - off, on - off on - off, on - off on - off, on - off on - off, on - off
Two front light are flashing to show that something is wrong.
The log file is filled with "Fan error"
 
If I put back my original fan then all are back to normal. 
 
Please advice me on which fans to use in the switch, THAT ARE WORKING AND ARE QUIET ?
 
I allso need to know how to work around the error "Fan error" filling up my log.
 

HPE OfficeConnect Switch 1920S JL381A RADIUS Accounting Server Status

November 5, 2018, 7:38 am
$
0
0

Hello network, I need help to configure the access via Radius of the new Hp 1920s which do not have console port and can not be accessed via ssh so all configuration must be done via WEB.

Some manual or guide would appreciate it.

regards

deactivate PoE or disable ports on a schedule

November 12, 2018, 3:30 pm
$
0
0

Hi folks, I need to deactivate a select number of PoE cameras on a regular/repetative schedule, and I was hoping there was a job or schedule command I could leverage to either disable PoE or down select ports.  I have just installed five new HPE 1950-48G-2SFP+-2XGT-PoE+ (JG963A) switches and the devices are scattered across most of these switches.

Thanks

Elias

Search

show local ip adress JG961A

November 13, 2018, 2:55 am
$
0
0

Hello

The JG961A take ip from our dhcp server but we do not see which ip adress

how can i show the ip adress with serial connection ?

Office Connect app infrastructure hacked?

November 14, 2018, 8:18 am
$
0
0

I have an Office Connect OC20 Wireless Access Point ( JZ073A ) in my infrastructure, and the management app on my phone threw a notification this morning which makes me think that HPE's cloud infrastructure to manage the access points has been hacked. I received a notification from the app this morning that said "JB was here" and nothing else. I opened the notification, and it just took me into the app and everything appeared normal.

I would guess that I am not the only one, as when I tried to access the chat support for the product, the site wasn't working correctly: https://pg-receiver-pro.glb.itcs.hpe.com/WCLWeb/WCLEntry.aspx?pn=JZ073A

Static LAG config for V1910 - is this correct?

November 18, 2018, 9:27 am
$
0
0

Hi,

I have two VSphere hosts where each has a quad port NIC that should be connected to a V1910.

To achieve this at the switch side I have created BAGG1 for ports 17-20 and BAGG2 for ports 21-24.  Note: Prior to creating these LAGs, the same ports were assigned tagged VLAN IDs 120-129.

In VLAN / Modify ports I have changed port types for port 17-24 to Trunk.

I need to tag VLANs 120-129 for these two LAGs.  1. Should I delete the old VLAN tagging on ports 17-24 BEFORE opening the VLAN / Modify ports page again, select BAGG1 + BAGG2  and enter VLAN IDs 120-129 on this page ?

2. Or, do I need to do the above operation in two passes, one for BAGG1 and the second for BAGG2..?

Thanks a lot for comments on question 1 and 2.  This is a switch in low priority production but I don't want to cause unnecessary downtime and hope to do it right the first time :-)

best regards Tor

HP 1920s 48g

November 24, 2018, 7:32 am
$
0
0

Hi! I have 2 HP 1920s 48g and cant find them on dhcp server. Also i have HP 1920 48g and it works fine. I ligin to 192.168.1.1 without dhcp, updated them from official site, reset configuration. Why they dont work from the box?

HP ProCurve 1800-8G J9029A

December 5, 2018, 11:55 am
$
0
0

I have a problem with web interface and there is a place for the nomal passwork but there is no login button its not there .I have reset the switch many times and does not seem to help .

Viewing all 1308 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>