Linux Setup Notes

name and address
created jul 14, 2009

Configuring an HP ProCurve Network Switch

Summary

HP 2510G-48 switch

The HP ProCurve 2524 and the newer 2510G-48 are cost-effective managed network switches. It's important to configure them for security purposes before connecting them to your network. Otherwise, people on the outside might be able to access your switch and read all your internal network traffic.

Configuration

  1. Connect the console port of the switch to the serial port of a PC using the black ProCurve cable. This cable has an RJ45 on one end and a DB9 on the other. Don't confuse it with the similar-looking cable that comes with some UPSs. Open a terminal emulator program and set the serial port to 9600-8N1.
  2. Hit Enter several times. It will say, "ProCurve Switch 2510G-48#."
  3. Defaults
    • Default username = (none).
    • Default password = procurve
  4. Change the following parameters:
    • Community name public
    • Set manager username and password.
    • Set default gateway for your network.
    • IP Configuration - set to manual and assign a static IP and netmask.

      IMPORTANT: The Procurve must have an IP or it will broadcast for a lease.

Once the ProCurve is configured over its serial port, you can connect by a browser or via telnet. The browser interface requires Java JRE. It will sometimes hang the browser if you use Firefox. It also hangs Opera if you click on the port counters.

  1. Browser interface - good for a quick overview but causes your browser to hang.
  2. Telnet interface - more powerful and has additional features.
    After logging in, enter the following two commands:
    • enable
    • menu

These parameters, available from the text menus, are the most useful:

  1. IP authorized managers - enter the IP address of the computer that is allowed to telnet to the switch.
  2. Network monitoring - This allows you to set up one of the ports on the switch to monitor any combination of other ports. All packets on the ports being monitored are copied to the monitoring port. This is useful for security monitoring. To enable monitoring, set the following using the command-line interface:
    • Monitoring enabled: yes
    • Monitoring port: 15 (for example)
    • Monitor ports: 1-14 and 16-24 (for a 24-port switch). Press space bar to activate monitoring for each port except the monitoring port (15 in this example). This port must be left blank.
    Then connect port 15 to a secure computer that is inaccessible from the Internet and protected from physical access. You can use this computer to monitor all your traffic for potential problems.
Infinite HP 2510G-48 switches

Problems

An unconfigured ProCurve will broadcast for a lease continuously until it finds a DHCP server. If your DHCP server requires the MAC address of the client before it will issue a lease, your logs will fill up with messages like the following, repeated every ten seconds:
dhcpd: DHCPDISCOVER from 00:21:f7:9e:82:40 via eth1
dhcpd: DHCPOFFER on 192.168.40.248 to 00:21:f7:9e:82:40 via eth1
dhcpd: DHCPREQUEST for 192.168.40.248 (192.168.40.1) from 00:21:f7:9e:82:40 via eth1
dhcpd: DHCPACK on 192.168.40.248 to 00:21:f7:9e:82:40 via eth1

If you don't have a record of the switch's MAC address, these messages can seem quite mysterious.

A similar problem can also occur if you have bridging activated on a server. If the file /etc/sysconfig/network/ifcfg-eth0 contains the following two lines:
BRIDGE='yes'
BRIDGE_PORTS='eth0 eth1'
it means bridging is activated, and eth0 will ask for an IP on eth1 even if it already has one. This can be tricky to track down. Believe it or not, there are people who have bridging turned on and don't know it. The following lines show up in your log:
dhcpd: DHCPREQUEST for 192.168.40.248 (192.168.40.1) from 00:b0:d0:19:5a:d3 via eth1: unknown lease 192.168.40.248.


Back