Quantcast
Channel: Web and Unmanaged topics
Viewing all 1308 articles
Browse latest View live

Can't have access to web interface on MSR 3012 AC JG409B

August 23, 2019, 6:02 am
$
0
0

Hi,

I have a problem with access on MSR 3012 AC router on web.

I have local user:

show local-user

Device management user admin:

State: Active

Service type: HTTPS

User group: system

Bind attributes:

Authorization attributes:

Work directory: cfa0:

User role list: admin, network-operator

And don't have web user:

[HPE]show web user
show web user

UserID Name Type Language JobCount LoginTime LastOperation

[HPE]

When I authirization on web interface (192.168.1.1), system say "Failed log in".

Can you help me with this problem? Thank you!

Search

Enabling SNMP on HPE OfficeConnect Switch 1920S 48G

August 28, 2019, 12:31 pm
$
0
0

Hey Folks,
Can anyone tell me how to activate SNMP on this switch?
I have already found the SNMP configuration tab and added the community and user.
However I cannot find where to actually activate the service.
Thanks a lot,

Andre.

Suggestion for SSL/TLS configuration on HPE 1920S OfficeConnect Series

August 31, 2019, 1:47 pm
$
0
0

Hi HPE community,

I have a few suggestions on the SSL/TLS configuration of the HPE 1920S OfficeConnect Switch Series which I would like to share with HPE. I know, this is a community forum, but maybe this post is read by someone in the development team of that switch series and he/she takes a look into the issue.

There are a few security problems with the SSL/TLS (HTTPS) configuration on this particular switch series:

  • Only Diffie-Hellman key exchange with 1024 bits is supported, this is considered very insecure. The switch should support at least 2048 bits for Diffie-Hellman key exchange or it should support ECDHE (e.g. P-256).
  • The switch supports ECC certificates (you can upload a certificate with P-256 as key type), but the cipher suite configured on the switch's webserver does not list any ECDSA cipher suite, so the handshake with a browser fails. In case you are adding ECDHE key exchange, please consider adding (at least some) ECDSA cipher suites as well (e.g. ECDHE-ECDSA-AES128-SHA256). This way, a user can upload and use ECC keys for HTTPS which would be nice to have.

I do not know which SSL/TLS library is used on the switch, in case OpenSSL is used, theese changes should not be too difficult to implement.

HPE 1920S JL381A Firmware

September 2, 2019, 4:59 am
$
0
0

Hello Comunity!

 

A few days ago I bought a used HPE 1920S/JL381a with 24 port. At the moment FW PD.01.05 is installed. Tried to reseach what FW is actual. I only can see FW PD0.2.xxx. May I update to the latest FW? And may I update directly to the newest FW without any steps in between?

 

I hope someone can help me here.

 

Kind regards

 

Lutz

HP1500 (JG962A) - SSL Certificate ignored

September 6, 2019, 6:40 am
$
0
0

Dear all,

I've a new HP1500 (JG962A) Switch and want to install my own certificate from from our interal Company CA. Therefore I setup the PKI like the following:

PKI Entity:
- Entity: "switch05"
- Common Name: switch05.company.local

PKI-Domain:
- Domain name: "company-ca"
- PKI entity: "switch05"
- Extension for certificate: SSL Server, SSL Client

SSL Server Policy:
- Policy name: switch05
- PKI domain: "company-ca"
Ciphersuites: all checked
- Client verify: Disabled

I installed our root certificate and the certificate for "switch05.company.local" to the PKI Domain successfully. I activated the HTTPS Service, saved the config and reboot the switch.

Now the problem: I always got the self-signed certificate in the browser view. Everthing I do I always get the self signed certificate. Why? And how can I tell the switch to use my PKI domain "company-ca" for the HTTPS service.

I have other switches like HP6600 or HPE V1910-48G and no problems to install it. The HPE V1910 is very similar to the HP1500 (e.g. create PKI etc.) and it works very well.

Here my confiuration:

#
version 7.1.070, Release 3208P16
#
sysname switch05
#
clock timezone Brussels add 01:00:00
clock summer-time FDT 02:00:00 March last Sunday 03:00:00 October last Sunday 01:00:00
clock protocol ntp
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 1
#
dns server 10.0.x.x
dns server 10.0.x.x
#
transceiver phony-alarm-disable
password-recovery enable
#
vlan 1
#
interface NULL0
#
interface Vlan-interface1
ip address 10.0.x.x 255.255.x.x
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
#
interface GigabitEthernet1/0/12
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
#
interface GigabitEthernet1/0/16
#
interface GigabitEthernet1/0/17
#
interface GigabitEthernet1/0/18
#
interface GigabitEthernet1/0/19
#
interface GigabitEthernet1/0/20
#
interface GigabitEthernet1/0/21
#
interface GigabitEthernet1/0/22
#
interface GigabitEthernet1/0/23
#
interface GigabitEthernet1/0/24
#
interface Ten-GigabitEthernet1/0/25
#
interface Ten-GigabitEthernet1/0/26
#
interface Ten-GigabitEthernet1/0/27
#
interface Ten-GigabitEthernet1/0/28
#
scheduler logfile size 16
#
line class aux
authentication-mode scheme
user-role network-admin
#
line class vty
authentication-mode scheme
user-role network-operator
#
line aux 0
user-role network-admin
#
line vty 0 63
user-role network-operator
#
snmp-agent
snmp-agent local-engineid 8000000000001
snmp-agent community write private
snmp-agent community read public
snmp-agent sys-info contact
snmp-agent sys-info location
snmp-agent sys-info version all
#
ssh server enable
#
sntp enable
sntp unicast-server 10.0.x.x
sntp unicast-server 10.0.x.x
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash xxxxxxxxxxx
service-type ftp
service-type telnet http https pad ssh terminal
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
pki domain company-ca
certificate request entity switch05
public-key rsa general name switch05 length 2048
usage ssl-client
usage ssl-server
undo crl check enable
#
pki entity switch05
common-name switch05.company.local
#
ssl server-policy switch05
pki-domain company-ca
ciphersuite rsa_aes_128_cbc_sha rsa_des_cbc_sha rsa_rc4_128_md5 rsa_rc4_128_sha rsa_3des_ede_cbc_sha rsa_aes_256_cbc_sha exp_rsa_rc4_md5 exp_rsa_rc2_md5 exp_rsa_des_cbc_sha dhe_rsa_aes_128_cbc_sha dhe_rsa_aes_256_cbc_sha
#
ip http enable
ip https enable
web idle-timeout 60
#
return

 

 

1920S 24G Access the IP management through another VLAN

September 11, 2019, 7:49 am
$
0
0

Hello all.

I'm starting to work with 1920S switchs and want to remote management the Switch through a different VLAN. 

Example: I have configured 2 VLAN in the Switch. VLAN 103 its for my hosts and VLAN 254 its for management. I create a VLAN inferface with de IP 10.32.255.45 to VLAN 254 and connect this switch to my core through SFP. When I used a host in VLAN 254 (ex: 10.35.255.60) I was able to access the management interface correctly, but with a host in the VLAN 103 (103..100.0.1) I cannot ping or access the Switch. this not happend with my 1950 that are already configured.

Its possible to access de management IP in another VLAN than the management VLAN configured?

Thanks in advance.

HP 1820 Static LACP Inqure

September 13, 2019, 12:24 pm
$
0
0

Hello, 

I want to confirm if this is possible as based on the reading I did, this should not be possible or I am understanding this incorrectly. 

I currently have one HP 1820 48G switch setup up and connecting to two core switches that are 1920S. 

Both of these cores switches are connected to one firewall. 

The HP 1820 48G I have configured port 47 and 48 LACP Static and connecting port 47 to one switch and port 48 to another switch (Just to test and see if this acually works) 

I am able to connect two seperate switches and have it load balance all traffic comming from the access switch to these two cores. 

 

Upon testing it does appear that this conifguration seems to work. I know LACP is suppose to be used between another switch, but it is standard practice to have it connected to 2 switches from on truck? 

 

I linked to the drawing for a better understanding on this. 

https://imgur.com/Nwc3Q4m

 

Thanks

 

 

HP 5950 switch level redundancy getting failed. Need support

September 22, 2019, 10:04 pm
$
0
0

We have HP 5950 Switch 1 and Switch 2 confiigured in Stack/IRF. They are connected to HP Synergy (virtual connector) at south bound interface.  Bridge-aggregation 1 is configured between them. Total 6 interfaces are part of BA 1 (3 from Switch 1 and 3 from switch 2). 

When we make hp 5950 sw-1 power off, everything works fine on hp 5950 sw-2 for around 12 - 13 minutes and then bridge-aagregations start to gets fluctuate due to below error.

%Sep 20 17:03:30:591 2019 LDPPPSW LAGG/6/LAGG_INACTIVE_PARTNER: Member port FGE1/2/3 of aggregation group BAGG1 changed to the inactive state, because the aggregation configuration of its peer port is incorrect.

and it all works fine if we reset (shut/unshut) Bridge-aggregation 1.

Can somebody put some light on this and help me out here. 

Thank you very much in advance !

Search

Switch 1620-48g JG914A VOIP priority

September 21, 2019, 7:02 am
$
0
0

Hi there

I have a switch 1620-48g JG914A and would like to know if is possible to add a VOIP prority, based on SIP protocol or another way, in order each port to detect when VOIP traffic cames to certain port, and then priorize VOIP traffic over other protocols or traffics.... Hope that I make myself clear enough... Thanks a lot

1950 switch in active-active irf

September 23, 2019, 10:38 pm
$
0
0

hallo,how i cam put my tow switch 1950 in IRf mode,but both must be active-active ,for loadbalacing 

Port mirroring on a HPE 1920-24G-PoE+ wont work

September 25, 2019, 1:25 am
$
0
0

Hi there,

due to a tricky wifi problem I have to dump the traffic out, which passed the core switch (HPE 1920-24G-PoE+) to the router. 

To do so, I added a "Mirroring Group ID" and added the uplink port to the router (GE1/0/24) as "Monitor Port" and set a  "Mirror Port" (GE1/0/23) too. You might have a look at the screenshot https://ibb.co/5vtb0Pr.

But if I attach my laptop to GE1/0/23 and start wireshark, I only see ARP and upnp broadcasts. No TCP or UDP traffic. Thats very weird.

Additional info:

Swtich is running software version 5.20.99 Release 1121

Any ideas are welcome!

HPE OficeConnect 1950 Series (JG960A): VLAN & Configuration Conflict

October 3, 2019, 12:54 am
$
0
0

I'm trying to create the following VLANs:

VLAN ID Network

1  192.168.2.0 / 24

10  192.168.10.0 / 24

11  192.168.11.0 / 24

12  192.168.12.0 / 24

13  192.168.13.0 / 24

14  192.168.14.0 / 24

20  192.168.20.0 / 24

21  192.168.21.0 / 24

22  192.168.22.0 / 24

23  192.168.23.0 / 24

24  192.168.24.0 / 24

32  192.168.32.0 / 24

33  192.168.33.0 / 24

34  192.168.34.0 / 24

101  192.168.1.0 / 24

 

I created successfully VLANs 10 to 20 like that:

#
vlan 10 
description xxx LAN

#
interface Vlan-interface10
ip address 192.168.10.1 255.255.255.0

But when I'm trying to create the IP addresses of VLANs 21  to 101 I'm getting the error:

Can't issue the configuration because of configuration conflict.

I can't see where's the conflict. Allo of the networks are class C. Am I missing something?

 

Thank you

 

The running config:


#
version 7.1.070, Release 3208P03
#
sysname SW-C1
#
clock timezone Athens add 02:00:00
clock summer-time FDT 16:59:47 March last Sunday 17:59:47 October last Sunday 01:00:00
clock protocol ntp
#
telnet server enable
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 1
#
dns domain company.local
dns server 10.10.10.251
#
transceiver phony-alarm-disable
password-recovery enable
#
vlan 1
#
vlan 2
description Office 1 LAN
#
vlan 10
description Servers
#
vlan 11
description Security Office
#
vlan 12
description CCTV
#
vlan 13
description Access Control
#
vlan 14
description Gate
#
vlan 20
description Administration
#
vlan 21
#
vlan 101
description External LAN 
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.2.10 255.255.255.0
#
interface Vlan-interface2
ip address 10.10.10.102 255.255.255.0
#
interface Vlan-interface10
ip address 192.168.10.1 255.255.255.0
#
interface Vlan-interface11
ip address 192.168.11.1 255.255.255.0
#
interface Vlan-interface12
ip address 192.168.12.1 255.255.255.0
#
interface Vlan-interface13
ip address 192.168.13.1 255.255.255.0
#
interface Vlan-interface14
ip address 192.168.14.1 255.255.255.0
#
interface Vlan-interface20
ip address 192.168.20.1 255.255.255.0
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
#
interface GigabitEthernet1/0/12
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
#
interface GigabitEthernet1/0/16
#
interface GigabitEthernet1/0/17
#
interface GigabitEthernet1/0/18
#
interface GigabitEthernet1/0/19
#
interface GigabitEthernet1/0/20
#
interface GigabitEthernet1/0/21
#
interface GigabitEthernet1/0/22
#
interface GigabitEthernet1/0/23
#
interface GigabitEthernet1/0/24
port access vlan 2
#
interface Ten-GigabitEthernet1/0/25
#
interface Ten-GigabitEthernet1/0/26
#
interface Ten-GigabitEthernet1/0/27
#
interface Ten-GigabitEthernet1/0/28
#
scheduler logfile size 16
#
line class aux
authentication-mode scheme
user-role network-admin
#
line class vty
authentication-mode scheme
user-role network-operator
#
line aux 0
user-role network-admin
#
line vty 0 63
user-role network-operator
#
snmp-agent
snmp-agent local-engineid 800063A280943FC2575A1600000001
snmp-agent community write private
snmp-agent community read public
snmp-agent sys-info contact Tech. Support
snmp-agent sys-info version all 
#
ntp-service enable
ntp-service source Vlan-interface2
ntp-service unicast-peer 10.10.10.18
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash xxxxxx...xxxx==
service-type telnet http https ssh terminal
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
ip http enable
ip https enable
#
return
 

 

HPE Officeconnect 1950 48G SFP+ Port is down

October 14, 2019, 5:20 am
$
0
0

Hello all together,

i bought 2 HPE 1950 48G Officeconnect Switches to Connect 2 Buildings via 10G SFP+.
On the first of both, the link is up. On the second the link is down. On both Switches, the Switch detect the sfp+ -Adapter. I try to enable the Interface but its seconds later off again.

Has anybody any suggestions for a managed switch newbie?

Thanks

HPE 1950 NOT ABLE TO ACCESS CLI

October 16, 2019, 11:44 pm
$
0
0

Hi Anyone can help,

my HPE 1950 poe switch not able to access CLI after power up. it always show boot menu as below. what should i do to access CLI?

EXTENDED BOOT MENU

1. Download image to flash
2. Select image to boot
3. Display all files in flash
4. Delete file from flash
5. Restore to factory default configuration
6. Enter BootRom upgrade menu
7. Skip current system configuration
8. Set switch startup mode
0. Reboot
Ctrl+Z: Access EXTENDED ASSISTANT MENU
Ctrl+F: Format file system
Ctrl+P: Change authentication for console login
Ctrl+R: Download image to SDRAM and run
Ctrl+C: Display Copyright

 

HPE-1920S dot1x and mab configruation

October 18, 2019, 6:17 am
$
0
0

Hi All,

Really i need a solution for the below issues i facing when i'm trying to configure dot1x and mab authentication  with authourized VLAN automatically (for ex. IP-Phone and User Machine) on the same port using HPE1920S model with Cisco ACS-RADIUS.

- First issue when i apply mab authentication on any port i can't see any log on my ACS-RADIUS sent by the Switch, i tried many option as per the configuration manual but the problem still exist, so please i need a clear coniguration scenario for this implementation with or without appling don1x on the same port beside mab authentication.

-Second issue for dot1x configuration, i configure it and it works good when every user login on one machine, but when user trying to login on another machine by the same user in use it is seems to get the correct athorized VLAN and also get IP address from the right pool but the switch port goes to flapping mode.

Thankd,

Mahmoud Kamal

Search

How to perform a reset to factory default for HPE OfficeConnect 1950

October 20, 2019, 4:08 pm
$
0
0

Specifically for the JG960A... 

It is not documented in HPE OfficeConnect 1950 Switch Series Getting Started Guide.  

Thanks

HPE 1920s-24g MAC address change

October 24, 2019, 4:21 am
$
0
0

How to change the MAC address on the switch? Need clone old switch MAC address.
Model: HPE 1920s-24g JL381A
Firmware PD.02.11

Cant Make Changes on Switch after Firmware Upgrade

November 7, 2019, 4:19 am
$
0
0

Hi everyone.

Ive just updated firmware on my V1910-24G Switch to version 1910-CMW520-R1519P06.

1. The Power LED is now not stable, its just blinking none stop.

2. When I access the Web Console, I can see all the Menus on the left. When I click on any of them, I get the Submenus. But when I try to open any of the Sub Menus, I get logged out and have to log back in. And this is happening with all the Sub Menus. So basically, I cant make any changes now on the Switch now.

I kept logging back in untill it said "Too many user curreently logged in" and wouldnt allow me in. Had to switch it Off and On again. The switch is otherwise working fine, in a sense that traffic is flowing thru it fine.

Please Help. Thank You.

VLAN/Trunk HPE 1950 2530

November 7, 2019, 7:40 am
$
0
0

Hello !

We have a HPE 1950 with 2 VLANs:
VLAN ID = 1, for LAN
VLAN ID = 20, for VoIP

Port 34 is a Trunk:
Link type = Trunk
PVID = 1
Permit VLAN List = 1,20

----

On the other side is a HP Aruba 2530:
VLAN ID = 1, for LAN
VLAN ID = 20, for VoIP

Port 1 is a Trunk (connected to port 34 HPE 1950)
Group = Trk1
Typ = Trunk

Port 2-10 are a VoIP Devices, VLAN Port Assignment:
VLAN 0010 = no
VLAN 0020 = Untagged

These devices are working fine.

Problem:
Port 11-15 should be LAN Devices (VLAN 1), , VLAN Port Assignment:
VLAN 0010 = Untagged
VLAN 0020 = no

I got no connection to the lan. Sometimes for a few seconds.

Is the PVID=1 and VLAN-ID=1 a problem?
Thank you !

Tom

Unable to access web interface for HP 1820-8G (J9979A)

November 9, 2019, 4:22 am
$
0
0

I am unable to access the web interface to configure my 1820-8G switch. I tried to access it by going to 192.168.1.1 with only my pc connected to it.
I then tried reseting it, were unable to access it. Tried to access it with my iPad using a USB to ethernet adapter same result.
Connected the swtich to an other switch and i noticed it gets assigned 192.168.1.2, tried to access that page that did not work. I can however brows the internet with my pc connected to the switch.
PC => 1820-8G => other switch => router => ISP

I have power cycled the switch. And i am out of ideas on how i can access the network interface to make configurations.

Viewing all 1308 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>