HP GbE2c HP GbE2c Ethernet Blade Switch for c-Class BladeSystem User Guide - Page 17

Installing the switch 17

•

SNMP settings

•

User name and password settings

•

Default access to various management interfaces

•

NTP settings

IMPORTANT:

See "Runtime switching software default settings (on page

28

)" for a complete list of default

configuration settings.

Switch security

When planning the switch configuration, secure access to the management interface by:

•

Creating users with various access levels

•

Enabling or disabling access to various management interfaces to fit the security policy

•

Changing default SNMP community strings for read-only and read-write access

User, operator, and administrator access rights

To enable better switch management and user accountability, three levels or classes of user access have

been implemented on the switch. Levels of access to CLI, Web management functions, and screens

increase as needed to perform various switch management tasks. Conceptually, access classes are

defined as:

•

User interaction with the switch is completely passive. Nothing can be changed on the switch. Users

can display information that has no security or privacy implications, such as switch statistics and

current operational state information.

•

Operators can only effect temporary changes on the switch. These changes will be lost when the

switch is rebooted/reset. Operators have access to the switch management features used for daily

switch operations. Because any changes an operator makes are undone by a reset of the switch,

operators cannot severely impact switch operation.

•

Administrators are the only ones that can make permanent changes to the switch configuration,

changes that are persistent across a reboot/reset of the switch. Administrators can access switch

functions to configure and troubleshoot problems on the switch. Because administrators can also

make temporary (operator-level) changes as well, they must be aware of the interactions between

temporary and permanent changes.

Access to switch functions is controlled through the use of unique surnames and passwords. Once

connected to the switch via the local console, Telnet, or SSH, a password prompt appears.

NOTE:

It is recommended to change the default switch passwords after initial configuration and as

regularly as required under the network security policies. For more information, see the

HP GbE2c Ethernet

Blade Switch for c-Class BladeSystem Command Reference Guide

.

The default user name and password for each access level are:

User account

Description and tasks performed

Password

User

The user has no direct responsibility for switch management. He or she

can view all switch status information and statistics, but cannot make

any configuration changes to the switch.

user

Section	Page
HP GbE2c Ethernet Blade Switch for c-Class BladeSystem User Guide	1
Notice	2
Contents	3
Introduction	6
Overview	6
Additional references	6
Features	6
Enterprise class performance	6
Switch redundancy	8
Configuration and management	8
Diagnostic tools	9
Switch architecture	9
Port Mapping	9
Dual switches	9
Redundant crosslinks	9
Redundant paths to server bays	10
Supported technologies	10
Layer 2 switching	10
IEEE 802.1 Q-based VLAN	10
Spanning Tree Protocol	10
SNMP	11
Port mirroring	11
Port trunking and load balancing	11
TFTP support	11
Store and forward switching scheme	11
BOOTP	11
NTP	12
RADIUS	12
TACACS+	12
SSH and SCP	13
XModem	13
IGMP Snooping	13
Jumbo frames	13
Auto-MDI/MDIX	13
Auto-negotiation of duplex mode and speed	13
Redundant images in firmware	14
External components	14
Rear panel	14
Connectors	15
Installing the switch	16
Planning the switch configuration	16
Default settings	16
Switch security	17
User, operator, and administrator access rights	17
Manually configuring a switch	18
Configuring multiple switches	18
Using scripted CLI commands through Telnet	18
Using a configuration file	18
Installing the switch	18
Preparing for installation	18
Installing the switch	19
Accessing the switch	19
Logging on and configuring the switch	20
Cabling the switch	21
Supporting software and special considerations	21
Replacing and upgrading the switch	22
Replacing an existing switch	22
Regulatory compliance notices	24
Class A equipment	24
Modifications	24
Cables	24
Canadian notice	24
European Union regulatory notice	25
BSMI notice	25
Japanese class A notice	25
Korean class A notice	26
Laser compliance	26
Technical specifications	27
General specifications	27
Runtime switching software default settings	28
General default settings	28
Port names, VLANs, STP, trunking default settings	34
Physical and environmental specifications	35
Performance specifications	35
Performing a serial download	37
Introduction	37
Serial upgrade of boot code firmware image procedure	37
Serial upgrade of operating system firmware procedure	39
SNMP MIBs support	42
MIB overview	42
SNMP Manager software	42
Supported MIBs	43
Supported traps	43
Electrostatic discharge	45
Preventing electrostatic discharge	45
Grounding methods to prevent electrostatic discharge	45
RJ-45 pin specification	46
Standard RJ-45 receptacle/connector	46
Troubleshooting	47
Forgotten administrator user name and password that was configured on the switch	47
Health LED on the switch is not on	47
Health LED on the switch stays amber for more than 30 seconds and switch does not boot	48
No link LED appears, even after plugging the Category 5 cable in the RJ-45 connector of the external port	48
Cannot access the switch serial console interface using null modem connection from a PC Terminal Emulation Program	48
Error message that the switch failed to complete the system self-testing appears on the serial console screen	48
The switch fails to get its IP settings from the BOOTP server, even though by default it is configured for BOOTP	49
The keyboard locks up when using HyperTerminal to log on to the switch through the console interface	49
Cannot connect to the switch console interface remotely using Telnet	49
Password is not accepted by the switch using the remote console interface immediately after a reboot	49
Cannot connect to the switch console interface remotely using SSH	49
Cannot connect to the switch SNMP interface	50
The port activity LEDs continuously indicate activity after connecting more than one port to another switch or destination device	50
Cannot connect to the switch remotely using the Web interface	50
Cannot enable a port in multiple VLANs while configuring VLANs	51
The switch does not let the user enable two adjacent ports into two different VLANs while assigning the ports to VLANs	51
While using TFTP to download firmware, the switch fails to connect to the TFTP server, or after connection the download fails	51
The switch fails to connect to the TFTP server while using TFTP to download or upload a configuration file, or after connection the download or upload fails	51
The console screen displays a message to change the baud for the terminal emulation session for XModem transfer after forcing the switch into the download mode, and does not display CCCC...	52
The download fails after starting to download the firmware file	52
The switch configuration is corrupt	52
Acronyms and abbreviations	53

HP GbE2c HP GbE2c Ethernet Blade Switch for c-Class BladeSystem User Guide - Page 17

Switch security - password reset

Page 17 highlights