How to program/deploy a new HP 26XX switch

Lead:

Chris Leopold

Overview:

HP ProCurve Manager Plus (PCM+) management software allows for the simple configuration of switches without having to know a great number of the fine details (that is, to avoid perusing the Management and Configuration Guide for the ProCurve Switch 2600 Series). Much of the power of PCM+ comes from the creation of "Custom Groups" to which switches may be added via a GUI. Such groups may be associated with configuration templates and management policies to facilitate setup. This allows an expert to pre-set configurations that those less knowledgable may apply confidently.

The first step in using PCM+ is to contact Chris Leopold so he can configure access for you. You should install the PCM+ Remote Client program on a management station that is set to a fixed IP address (via DHCP reservation) so that Chris can allow management access from that machine. You will also be given a username/password for use with the system. The PCM+ Remote Client program may be installed from http://if-srv-pcman.ad.ufl.edu:8040/client/install.htm.

Switches may be added to the PCM+ management system via an SMTP discovery process that uses the IP# and the SMNP community names for which the switch is configured. With an unconfigured switch (set to use DHCP and with community names set to "public"), this is extremely simple for those with access to the Building 120 ITSA AD Test Network (VLan 141 IFAS-B120-AD) because the group used for initial switch configuration is set to auto-add devices found on that subnet. For those on other subnets, there is a "Device Discovery Wizard" that asks for the IP# and community names, locates the switch, and adds it to a group based on model. From there, one may add the new switch to the necessary groups in order to apply the templates and security settings as described below.

This all means that folks outside the ITSA group will first have to determine the IP number of the switch, and that means connecting to the switch via a serial cable and using a PC with a terminal emulator to access the console program. We will begin our detailed instructions with that procedure.

Determining the switch IP number:

As mentioned, unconfigured switches are set to DHCP and will get an IP# assigned once they are powered up. You may connect to the switch via a serial cable and use the built-in "HyperTerminal" program to access the switch console and determine the IP#. Here are instructions for configuring HyperTerminal:

1. Power-up the switch and connect it to a computer via a serial cable.

2. Click the Start button and run the HyperTerminal program located at Programs > Accessories > Communications.

3. You will be presented with a dialog for creating a new connection:

   

4. Enter "SwitchSetup" or whatever name you wish to call it and click the "OK" button.

5. You then see a dialog where you set the COM port being used:

   

6. Set the COM port to COM1 or whichever port you are using on that computer, and click the "OK" button.

7. The next dialog should be configured as you see below, though the connection speed may be varied if desired:

   

8. Click the "OK" button to connect and then immediately hang-up via the "Call > Disconnect" menu item.

9. Save your configuration to the desktop for easy use next time via the "File > Save" menu.

10. Once this is done, you may close HyperTerminal and then run it again from the desktop icon you saved previously.

Once reconnected, press Enter a couple of times to get a console prompt. From there, enter the command "show IP", and you will see the IP number to which the switch has been assigned. With that information, you are now ready to add the switch into the PCM+ management system.

Adding the switch into PCM+:

1. Run PCM+ and login. You will need to use the credentials supplied by Chris Leopold:

   

2. Use the "Tools" menu to run the "Manual Discovery Wizard":

   

3. Click Next on the resultant dialog box:

   

4. Select “SNMP V2” and click next:

   

5. Enter the IP number of the switch and "public" for each of the community names and then click next:

   

6. Check the make sure that the connection status was successful:

   

   If there are any failures at this point, click the back button to try again. If successful click next.

7. Wait a few moments while the wizard collects the device information and adds it to the appropriate PCM+ HP grouping. Once it is added click next:

   

8. You have successfully added the HP switch into the PCM+ management system. Click "Finish”:

   

You should now be able to locate the new switch within the appropriate PCM+ group. In the case of these instructions, which were written for the 26xx switches, you should find the new switch beneath Network Management Home > Interconnect Devices > 2600:

Adding the switch into the "B120-Config-Switch" custom group:

The "B120-Config-Switch" custom group, located in PCM+ within Interconnect Devices\Custom Groups is linked to a couple of configuration templates for the HP2626 and HP2650 model switches. Applying those templates configures a switch with the recommended IFAS intial configuration. First we have to add the switch to that group:

1. Right-click on the switch and select "Add to group" from the resultant menu:

   

2. Select the “B120-Config-Switch” group and click OK:

   

3. The switch will now be in the "B120-Config-Switch" custom group:

   

Deploying the initial configuration template:

1. Right click on the switch and select “Config Manager > Deploy Template”:

   

2. Click next on the resultant wizard screen:

   

3. Select the appropriate template to deploy and click next:

   

4. Select “Deploy now” and click next:

   

5. Verify that you have selected the correct switch and click next:

   

6. Confirm by clicking next:

   

7. Verify that the template was successfully deployed. Don't proceed until the progress bar reaches 100% as shown below, then click close:

   

Adding the switch into the "B120-Need Fixing" custom group:

The "B120-Need Fixing" custom group, located in PCM+ within Interconnect Devices\Custom Groups is linked to several management policies that, when applied, perform most of the rest of the basic switch configuration. To enforce the appropriate policies, you must first add the switch to that group:

1. Right-click on the switch and select "Add to group" from the resultant menu:

   

2. Select the “B120-Need Fixing” group (not quite as shown below) and click OK:

   

3. The switch will now be in the "B120-Need Fixing" custom group (again, not quite as shown below):

   

Enforce policies:

The "B120-Need Fixing" custom group has two policies that should be applied to better secure the switch. These should be applied in order via the following steps:

1. Click “Network Management Home” and select the “Policies” tab:

   

2. Select the "26xx change Telnet/SSHv2 Password" policy and click “Enforce the selected policy” button at the top right:

   

3. While policy is running, the status of enforcing column will read “true”:

   

   ...and will return to false false when complete

4. Repeat above step for the “Initial-Config-Cleanup” policy

Configuring PCM+ to use the new communication parameters:

Now that these policies have been applied, the switch is configured to connect only via SSH and uses a special community name. For PCM+ to communicate, it must be reconfigured:

1. Click on “Interconnect Device/Custom Groups/B120-Config-Switch”Group, right click the device and select “Device Access/Communication Parameters in PCM”:

   

2. Check the “SNMP Settings” box and click next:

   

3. Make sure that the “Use PCM defaults” is selected and click next:

   

4. Make sure that the “Use PCM defaults” is selected and click next:

   

5. Check the “Use PCM defaults” box and click finish:

   

Site specific configuration:

The switch is now ready to have the site specific information applied. This will include such things as the Hostname, IP Address, VLAN and SNMP-Server Location. Once that is all accomplished, the switch can be deployed.

VLAN configuration will vary with your site. While PCM+ can be used to configure those, it does not permit naming them via the GUI. That can be circumvented, by using the "CLI" command-line interface that PCM+ provides. You may access that by locating your switch, right-clicking on it, and choosing "Config Manager > CLI". You may paste in console command here to reconfigure the switch. As an example, below are the commands used to configure our VLANs (without any actual assignment) at Entomology:

config
vlan 436 
   name "Entomology" 
   no ip address 
   exit 
vlan 453 
   name "EXT-DEV-Mgmt" 
   no ip address 
   exit 
vlan 454 
   name "AuthVLAN" 
   exit
write memory