HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 18
...PDF format, as VLANs, MSTP, and QoS. ■ Multicast and Routing Guide-Explains how to configure IGMP fea- tures and user authentication on the switch. ■ IPv6 Configuration Guide-Describes the IPv6 protocol operations that become available between revisions of the main product...guide. tures. ■ Access Security Guide-Explains how to your switch. Product Documentation About Your Switch Manual Set Note For the latest version of switch documentation, please visit any of the following websites: www.procurve.com/manuals www.hp.com/go/bladesystem/documentation h18004.www1.hp...
...PDF format, as VLANs, MSTP, and QoS. ■ Multicast and Routing Guide-Explains how to configure IGMP fea- tures and user authentication on the switch. ■ IPv6 Configuration Guide-Describes the IPv6 protocol operations that become available between revisions of the main product...guide. tures. ■ Access Security Guide-Explains how to your switch. Product Documentation About Your Switch Manual Set Note For the latest version of switch documentation, please visit any of the following websites: www.procurve.com/manuals www.hp.com/go/bladesystem/documentation h18004.www1.hp...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 26
... Secure Copy and SFTP" in the client access. Management and Also, access security on the switch is a subset of unauthorized users capturing For more on page 1-10 To reduce the chances of the client public-key authentication, and is easily captured. Wizard"... switch authenticates itself to clients, and users on SSH clients then authenticate themselves to the switch by providing passwords stored on a RADIUS or TACACS+ server, or locally on the Chapter 8 "Configuring switch. In this option is incomplete Configuration Guide. Among the methods for blocking unauthorized ...
... Secure Copy and SFTP" in the client access. Management and Also, access security on the switch is a subset of unauthorized users capturing For more on page 1-10 To reduce the chances of the client public-key authentication, and is easily captured. Wizard"... switch authenticates itself to clients, and users on SSH clients then authenticate themselves to the switch by providing passwords stored on a RADIUS or TACACS+ server, or locally on the Chapter 8 "Configuring switch. In this option is incomplete Configuration Guide. Among the methods for blocking unauthorized ...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 27
...encrypted paths Wizard" on page 1-10 between the switch and management station clients Chapter 9, "Configuring capable of the VLAN. When a Management Guide, refer to secure management VLAN is enabled, CLI, Menu the chapter "Static Virtual interface, and Web browser interface access is open to...access through the following : • Telnet and other terminal emulation applications • The switch's Web browser interface • SNMP (with user password authentication. Chapter 14, refer to the section "Using SNMP Tools To Manage the Switch" none This feature uses IP addresses and ...
...encrypted paths Wizard" on page 1-10 between the switch and management station clients Chapter 9, "Configuring capable of the VLAN. When a Management Guide, refer to secure management VLAN is enabled, CLI, Menu the chapter "Static Virtual interface, and Web browser interface access is open to...access through the following : • Telnet and other terminal emulation applications • The switch's Web browser interface • SNMP (with user password authentication. Chapter 14, refer to the section "Using SNMP Tools To Manage the Switch" none This feature uses IP addresses and ...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 51
... Configuring Manager and Operator Passwords To Remove Password Protection. Note You can gain Operator access without having to eliminate password security. Example of this guide. Syntax: [ no ] password [ user-name ASCII-STR ] [ ASCII-STR] • Password entries appear as asterisks. • You must type the password entry twice. Removing a Password and Associated...
... Configuring Manager and Operator Passwords To Remove Password Protection. Note You can gain Operator access without having to eliminate password security. Example of this guide. Syntax: [ no ] password [ user-name ASCII-STR ] [ ASCII-STR] • Password entries appear as asterisks. • You must type the password entry twice. Removing a Password and Associated...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 54
... Security Settings that Can Be Saved The security settings that can be saved are: ■ Local manager and operator passwords and user names ■ SNMP security credentials, including SNMPv1 community names and SNMPv3 usernames, authentication, and privacy settings ■ 802.1X port... and Configuration" in the current running -config file. ■ write terminal: Displays the configuration settings in the Management and Configuration Guide. Enabling the Storage and Display of the following commands: ■ show running-config: Displays the configuration settings in the current running...
... Security Settings that Can Be Saved The security settings that can be saved are: ■ Local manager and operator passwords and user names ■ SNMP security credentials, including SNMPv1 community names and SNMPv3 usernames, authentication, and privacy settings ■ 802.1X port... and Configuration" in the current running -config file. ■ write terminal: Displays the configuration settings in the Management and Configuration Guide. Enabling the Storage and Display of the following commands: ■ show running-config: Displays the configuration settings in the current running...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 56
...-1 hash of an SNMPv3 management station. [auth ] is the name of the password. However, manager and operator passwords are also saved: snmpv3 user "" [auth ""] [priv ""] where: is the (optional) authentication method used to be saved in hashed format; After you enter the complete command...the password a second time. is set. port-access passwords are not prompted to "Configuring Username and Password Security" on page 2-1 in this guide. ■ For more information about configuring a port-access password for the management station. You are displayed and saved only as plain ASCII ...
...-1 hash of an SNMPv3 management station. [auth ] is the name of the password. However, manager and operator passwords are also saved: snmpv3 user "" [auth ""] [priv ""] where: is the (optional) authentication method used to be saved in hashed format; After you enter the complete command...the password a second time. is set. port-access passwords are not prompted to "Configuring Username and Password Security" on page 2-1 in this guide. ■ For more information about configuring a port-access password for the management station. You are displayed and saved only as plain ASCII ...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 57
...access to encrypt SNMPv3 messages between the switch and the station. The following example shows the additional security credentials for SNMPv3 users that can enter an SNMPv3 authentication or privacy password in either clear ASCII text or the SHA-1 hash of SNMP ... file only in hashed format, as an authenticator and a supplicant, see "Configuring Port-Based and Client-Based Access Control (802.1X)" in this guide. Configuring Username and Password Security Saving Security Credentials in a Config File [priv ] is the (optional) hashed privacy password used by a privacy protocol...
...access to encrypt SNMPv3 messages between the switch and the station. The following example shows the additional security credentials for SNMPv3 users that can enter an SNMPv3 authentication or privacy password in either clear ASCII text or the SHA-1 hash of SNMP ... file only in hashed format, as an authenticator and a supplicant, see "Configuring Port-Based and Client-Based Access Control (802.1X)" in this guide. Configuring Username and Password Security Saving Security Credentials in a Config File [priv ] is the (optional) hashed privacy password used by a privacy protocol...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 58
... switch and a RADIUS server 2-15 After you enter the complete password port-access command syntax, the password is a text string used for users who request access to do so. When you can use RADIUS servers as "shared secret" or "secret" key.) For more information, see... TACACS+ shared secret (encryption) keys can use TACACS+ servers to authenticate users who request access to enter the password a second time. RADIUS Shared-Secret Key Authentication You can be saved by entering this guide. TACACS+ Encryption Key Authentication You can configure a global or server-specific ...
... switch and a RADIUS server 2-15 After you enter the complete password port-access command syntax, the password is a text string used for users who request access to do so. When you can use RADIUS servers as "shared secret" or "secret" key.) For more information, see... TACACS+ shared secret (encryption) keys can use TACACS+ servers to authenticate users who request access to enter the password a second time. RADIUS Shared-Secret Key Authentication You can be saved by entering this guide. TACACS+ Encryption Key Authentication You can configure a global or server-specific ...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 91
... trunk. (For more information, refer to "Loop Protection" in the chapter titled "Multiple Instance Spanning-Tree Operation" in the Advanced Traffic Management Guide for your other security measures are in an LACP trunk, you should enable loop protection on all switch ports, enter the show port-access web... To display the current configuration of 802.1X, Web-based, and MAC authentication on those ports. Determine the switch ports that you use a local user name and password pair, at the same time on the switch for both the Operator (login) and Manager (enable) access levels. (While this ...
... trunk. (For more information, refer to "Loop Protection" in the chapter titled "Multiple Instance Spanning-Tree Operation" in the Advanced Traffic Management Guide for your other security measures are in an LACP trunk, you should enable loop protection on all switch ports, enter the show port-access web... To display the current configuration of 802.1X, Web-based, and MAC authentication on those ports. Determine the switch ports that you use a local user name and password pair, at the same time on the switch for both the Operator (login) and Manager (enable) access levels. (While this ...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 100
...to perform routine maintenance operations, such as shown in Figure 3-4. ■ The aaa port-access controlled-direction in the Advanced Traffic Management Guide. ■ To display the currently configured Controlled Directions value for more than one type of Wake-on-LAN traffic on a web-... on the switch. For information about how to configure and use 802.1X authentication, refer to Chapter 10, "Configuring Port-Based and User-Based Access Control (802.1X)". ■ When a web-authenticated port is configured with the controlleddirections in setting, eavesdrop prevention is used...
...to perform routine maintenance operations, such as shown in Figure 3-4. ■ The aaa port-access controlled-direction in the Advanced Traffic Management Guide. ■ To display the currently configured Controlled Directions value for more than one type of Wake-on-LAN traffic on a web-... on the switch. For information about how to configure and use 802.1X authentication, refer to Chapter 10, "Configuring Port-Based and User-Based Access Control (802.1X)". ■ When a web-authenticated port is configured with the controlleddirections in setting, eavesdrop prevention is used...
HP ProCurve 6120G/XG Blade Switch Installation Instructions
Page 3
...serial port on configuring the blade switch. Enter the command: connect interconnect where is off, see the HP BladeSystem Onboard Administrator Command Line Interface User Guide. Connect a workstation or laptop computer to enter blade switch CLI commands. The illustrations in this document ...show the blade switch being installed in an HP BladeSystem c7000 Enclosure or an HP BladeSystem c3000 Enclosure. See the HP BladeSystem Onboard Administrator User Guide for more detailed information on the c3000/c7000 OA module using the First Time...
...serial port on configuring the blade switch. Enter the command: connect interconnect where is off, see the HP BladeSystem Onboard Administrator Command Line Interface User Guide. Connect a workstation or laptop computer to enter blade switch CLI commands. The illustrations in this document ...show the blade switch being installed in an HP BladeSystem c7000 Enclosure or an HP BladeSystem c3000 Enclosure. See the HP BladeSystem Onboard Administrator User Guide for more detailed information on the c3000/c7000 OA module using the First Time...
HP ProCurve 6120XG Blade Switch Installation Instructions
Page 3
... 6120 Blade Switches for more If the Module Status LED is amber or is off, see the HP BladeSystem Onboard Administrator Command Line Interface User Guide. See the HP BladeSystem Onboard Administrator User Guide for assigning an IP address to the initial screen of the blade switch CLI. 6. Press Enter...the First Time Setup Wizard. OA prompts you face the back of 9600, 8, N, 1. 3. Both guides are now ready to install a blade switch module in your chassis: NOTE: The HP ProCurve 6120XG Blade Switch module can be used in a c7000 enclosure. 1. The OA system prompt appears. 5. ...
... 6120 Blade Switches for more If the Module Status LED is amber or is off, see the HP BladeSystem Onboard Administrator Command Line Interface User Guide. See the HP BladeSystem Onboard Administrator User Guide for assigning an IP address to the initial screen of the blade switch CLI. 6. Press Enter...the First Time Setup Wizard. OA prompts you face the back of 9600, 8, N, 1. 3. Both guides are now ready to install a blade switch module in your chassis: NOTE: The HP ProCurve 6120XG Blade Switch module can be used in a c7000 enclosure. 1. The OA system prompt appears. 5. ...
ProCurve Series 6120 Blade Switches Management and Configuration Guide
Page 42
...C-class enclosure provides networked out-of-band access. For instructions on OA command line interface (CLI) commands, see the HP BladeSystem Onboard Administrator Command Line Interface User Guide. For infor mation on how to download, install and run the USB driver, refer to the interconnect bay.... ■ Mini-USB console port on OA setup. Both guides are available at www.hp.com/go/bladesystem/documentation. ■...
...C-class enclosure provides networked out-of-band access. For instructions on OA command line interface (CLI) commands, see the HP BladeSystem Onboard Administrator Command Line Interface User Guide. For infor mation on how to download, install and run the USB driver, refer to the interconnect bay.... ■ Mini-USB console port on OA setup. Both guides are available at www.hp.com/go/bladesystem/documentation. ■...
HP ProCurve Series 6120 Blade Switches Installation and Getting Started Guide
Page 14
... link ports on the front panel or the backplane port can be active, but both can not be active. For more information see the HP BladeSystem OA User Guide on the 6120/XG. Blade Switch components ➓ 11 12 Item Description 1 Port 17 (10GBASE-CX4)1 2 Console Port (USB 2.0 mini-AB connector) ...with an SFP+ port. To prevent loops, LACP is inactive. Ports 23 and 24 are disabled in the default configuration on the HP Web site www.hp.com/go/bladesystem/documentation. When the port is changed from ISL to transceiver or from transceiver to this switch is disabled. The SFP...
... link ports on the front panel or the backplane port can be active, but both can not be active. For more information see the HP BladeSystem OA User Guide on the 6120/XG. Blade Switch components ➓ 11 12 Item Description 1 Port 17 (10GBASE-CX4)1 2 Console Port (USB 2.0 mini-AB connector) ...with an SFP+ port. To prevent loops, LACP is inactive. Ports 23 and 24 are disabled in the default configuration on the HP Web site www.hp.com/go/bladesystem/documentation. When the port is changed from ISL to transceiver or from transceiver to this switch is disabled. The SFP...
HP ProCurve Series 6120 Blade Switches Installation and Getting Started Guide
Page 16
...HP BladeSystem enclosure setup and installation guide on the HP Web site www.hp.com/go/bladesystem/documentation. 2. See the appropriate HP BladeSystem enclosure setup and installation guide on the HP Web site www.hp.com/go /bladesystem/documentation. 4. Install the Blade Switch see the HP BladeSystem Onboard Administrator User Guide. 8 See the HP BladeSystem Onboard Administrator User Guide...be connected to or contained within the enclosure. See the HP BladeSystem Onboard Administrator User Guide. 6. Be sure the HP OA firmware is used and where they will have IP addresses...
...HP BladeSystem enclosure setup and installation guide on the HP Web site www.hp.com/go/bladesystem/documentation. 2. See the appropriate HP BladeSystem enclosure setup and installation guide on the HP Web site www.hp.com/go /bladesystem/documentation. 4. Install the Blade Switch see the HP BladeSystem Onboard Administrator User Guide. 8 See the HP BladeSystem Onboard Administrator User Guide...be connected to or contained within the enclosure. See the HP BladeSystem Onboard Administrator User Guide. 6. Be sure the HP OA firmware is used and where they will have IP addresses...
HP ProCurve Series 6120 Blade Switches Installation and Getting Started Guide
Page 19
...access to the switch from the HP BladeSystem Onboard Administrator These instructions assume that you have already set up the HP BladeSystem Onboard Administrator (OA) using a null-modem serial cable (RS232). 2. See the HP BladeSystem Onboard Administrator User Guide for details on the same subnet....Using a terminal program (such as a console, directly to the switch. 11 For specific instructions, see the HP BladeSystem Onboard Administrator Command Line Interface User Guide. Press Enter. The blade switch CLI prompt appears You are available at revision 2.60 or later. For more ...
...access to the switch from the HP BladeSystem Onboard Administrator These instructions assume that you have already set up the HP BladeSystem Onboard Administrator (OA) using a null-modem serial cable (RS232). 2. See the HP BladeSystem Onboard Administrator User Guide for details on the same subnet....Using a terminal program (such as a console, directly to the switch. 11 For specific instructions, see the HP BladeSystem Onboard Administrator Command Line Interface User Guide. Press Enter. The blade switch CLI prompt appears You are available at revision 2.60 or later. For more ...
HP ProCurve Series 6120 Blade Switches Installation and Getting Started Guide
Page 33
... may not be on. See the Customer Support/Warranty booklet included with server blades installed in the table for which the 1. board Administrator User Guide on the next few pages. Then, reset the switch. You can also mean there is not important for more information, see on the...that port has failed. If necessary to resolve the problem, contact your ProCurve authorized LAN dealer, or use the electronic support services from HP to get assistance. assistance. This indication can view the console log at that point by using the Onboard Administrator, for more information. ...
... may not be on. See the Customer Support/Warranty booklet included with server blades installed in the table for which the 1. board Administrator User Guide on the next few pages. Then, reset the switch. You can also mean there is not important for more information, see on the...that port has failed. If necessary to resolve the problem, contact your ProCurve authorized LAN dealer, or use the electronic support services from HP to get assistance. assistance. This indication can view the console log at that point by using the Onboard Administrator, for more information. ...
HP ProCurve Series 6120 Blade Switches Installation and Getting Started Guide
Page 35
... the LEDs Diagnosing the 6120XG with the LEDs Table 5 shows LED patterns on the next few pages. Refer ...may or your switch. 2. Unsupported disable the CX4 port. If the port fault indication reoccurs, you see the HP BladeSystem Onboard Port 17 is enabled. Then, reset the switch. Ensure devices in the enclosure. Other LEDs may not...hardware failure has Try power cycling the switch. assistance. With no SFP+ Administrator User Guide on the front of the switch, or by power LED is inserted it from HP to replace the transceiver. 3. If the fault indication reoccurs, the switch port...
... the LEDs Diagnosing the 6120XG with the LEDs Table 5 shows LED patterns on the next few pages. Refer ...may or your switch. 2. Unsupported disable the CX4 port. If the port fault indication reoccurs, you see the HP BladeSystem Onboard Port 17 is enabled. Then, reset the switch. Ensure devices in the enclosure. Other LEDs may not...hardware failure has Try power cycling the switch. assistance. With no SFP+ Administrator User Guide on the front of the switch, or by power LED is inserted it from HP to replace the transceiver. 3. If the fault indication reoccurs, the switch port...
HP ProCurve Series 6120 Blade Switches Installation and Getting Started Guide
Page 37
Proactive Networking Proactive Networking The ProCurve Blade Switches have built-in the Management and Configuration Guide for the Series 6120 Switches, which almost always will resolve any temporary operational problems. These reset processes also cause any network traffic ...reset the switch to test its circuitry and operating code. If these software tools to diagnose and manage your switch, see the HP BladeSystem Onboard Administrator User Guide on the front of the switch Pressing the Reset button causes the switch to perform its network connections and to manage your switch....
Proactive Networking Proactive Networking The ProCurve Blade Switches have built-in the Management and Configuration Guide for the Series 6120 Switches, which almost always will resolve any temporary operational problems. These reset processes also cause any network traffic ...reset the switch to test its circuitry and operating code. If these software tools to diagnose and manage your switch, see the HP BladeSystem Onboard Administrator User Guide on the front of the switch Pressing the Reset button causes the switch to perform its network connections and to manage your switch....
ProCurve Series 6120 Blade Switches Management and Configuration Guide
Page 37
... interface (CLI) commands, see the HP BladeSystem Onboard Administrator Command Line Interface User Guide. For information on OA setup. For detailed instructions on the switch console provide networked in-band access ■ Dedicated serial connection to the C-class enclosure through the switch CLI; Both guides are available at www.hp.com/go/bladesystem/documentation. ■...
... interface (CLI) commands, see the HP BladeSystem Onboard Administrator Command Line Interface User Guide. For information on OA setup. For detailed instructions on the switch console provide networked in-band access ■ Dedicated serial connection to the C-class enclosure through the switch CLI; Both guides are available at www.hp.com/go/bladesystem/documentation. ■...