HP GbE2c HP GbE2c Layer 2/3 Ethernet Blade Switch for c-Class BladeSystem User - Page 13

Introduction 13

•

Identification of the administrator using name/password

•

Authorization of remote administrators

•

Determination of the permitted actions and customizing service for individual administrators

TACACS+

The switch supports the TACACS+ method to authenticate, authorize, and account for remote

administrators managing the switch. This method is based on a client/server model. The switch is a client

to the back-end TACACS+ AAA server. A remote user (the remote administrator) interacts only with the

client, and not with the back end AAA server.

The TACACS+ AAA method consists of:

•

A protocol with a frame format that utilizes TCP over IP

•

A centralized AAA server that stores all the user authentication, authorization, and accounting (of

usage) information

•

A NAS or client (in this case, the switch)

The switch, acting as the TACACS+ client or NAS, communicates to the TACACS+ server to authenticate,

authorize, and account for user access. Transactions between the client and the TACACS+ server are

authenticated using a shared key that is not sent over the network. In addition, the remote administrator

passwords are sent encrypted between the TACACS+ client (the switch) and the back-end TACACS+

server.

The switch supports:

•

Only standard ASCII inbound login authentication. PAP, CHAP, or ARAP login methods are not

supported. One-time password authentication is also not supported.

•

Authorization privilege levels of only 0, 3, and 6. These map to management levels of user, oper,

and admin, respectively.

•

The accounting attributes of protocol, start_time, stop_time, and elapsed_time. For BBI users,

accounting stop records are only sent if the user presses the QUIT button.

SSH and SCP

SSH and SCP use secure tunnels to encrypt and secure messages between a remote administrator and the

switch. Telnet does not provide this level of security. The Telnet method of managing a switch does not

provide a secure connection.

SSH is a protocol that enables remote administrators to log securely into the switch over a network to

execute management commands.

SCP is used to copy files securely from one machine to another. SCP uses SSH for encryption of data on

the network. On a switch, SCP is used to download and upload the switch configuration via secure

channels.

XModem

The switch supports XModem for transferring files during direct dial-up communications. XModem sends

blocks of data in 128-byte blocks, and includes an error-detection system called a checksum. When the

data is received, the error detection system ensures that the entire message reached its destination. If not,

the receiving computer sends a request for retransmission of the data.

Section	Page
HP GbE2c Layer 2/3 Ethernet Blade Switch for c-Class BladeSystem User Guide	1
Notice	2
Contents	3
Introduction	6
Overview	6
Additional references	6
Features	6
Enterprise class performance	6
Switch redundancy	8
Configuration and management	8
Diagnostic tools	9
Switch architecture	9
Port Mapping	9
Dual switches	9
Redundant crosslinks	9
Redundant paths to server bays	10
Supported technologies	10
Layer 2 switching	10
Layer 3 switching	10
IEEE 802.1 Q-based VLAN	10
Spanning Tree Protocol	11
SNMP	11
Port mirroring	11
Port trunking and load balancing	11
TFTP support	12
Store and forward switching scheme	12
BOOTP	12
NTP	12
RADIUS	12
TACACS+	13
SSH and SCP	13
XModem	13
IGMP Snooping	14
Jumbo frames	14
Auto-MDI/MDIX	14
Auto-negotiation of duplex mode and speed	14
Redundant images in firmware	14
Component identification	15
GbE2c Layer 2/3 front panel	15
Installing the switch	16
Planning the switch configuration	16
Default settings	16
Switch security	17
User, operator, and administrator access rights	17
Manually configuring a switch	18
Configuring multiple switches	18
Using scripted CLI commands through Telnet	18
Using a configuration file	19
Installing the switch	19
Preparing for installation	19
Installing the switch	19
Accessing the switch	20
Logging on and configuring the switch	21
Installing SFP transceivers	21
Supporting software and special considerations	22
Replacing a switch	23
Replacing an existing switch	23
Regulatory compliance notices	25
Class A equipment	25
Modifications	25
Cables	25
Canadian notice	25
European Union regulatory notice	25
BSMI notice	26
Japanese class A notice	26
Korean class A notice	26
Laser compliance	27
Technical specifications	28
General specifications	28
Runtime switching software default settings	29
General default settings	29
Port names, VLANs, STP, trunking default settings	35
Physical and environmental specifications	36
Performance specifications	36
Performing a serial download	38
Introduction	38
Serial upgrade of boot code firmware image procedure	38
Serial upgrade of operating system firmware procedure	40
SNMP MIBs support	43
MIB overview	43
SNMP Manager software	43
Supported MIBs	44
Supported traps	44
Electrostatic discharge	46
Preventing electrostatic discharge	46
Grounding methods to prevent electrostatic discharge	46
RJ-45 pin specification	47
Standard RJ-45 receptacle/connector	47
Troubleshooting	48
Forgotten administrator user name and password that was configured on the switch	48
Health LED on the switch is not on	48
Health LED on the switch stays amber for more than 30 seconds and switch does not boot	49
No link LED appears, even after plugging the Category 5 cable in the RJ-45 connector of the external port	49
Cannot access the switch serial console interface using null modem connection from a PC Terminal Emulation Program	49
Error message that the switch failed to complete the system self-testing appears on the serial console screen	50
The switch fails to get its IP settings from the BOOTP server, even though by default it is configured for BOOTP	50
The keyboard locks up when using HyperTerminal to log on to the switch through the console interface	50
Cannot connect to the switch console interface remotely using Telnet	50
Password is not accepted by the switch using the remote console interface immediately after a reboot	51
Cannot connect to the switch console interface remotely using SSH	51
Cannot connect to the switch SNMP interface	51
The port activity LEDs continuously indicate activity after connection more than one port to another switch or destination device	51
Cannot connect to the switch remotely using the Web interface	52
Cannot enable a port in multiple VLANs while configuring VLANS	52
The switch does not let the user enable two adjacent ports into two different VLANs while assigning the ports to VLANs	52
While using TFTP to download firmware, the switch fails to connect to the TFTP server, or after connection the download fails	53
The switch fails to connect to the TFTP server while using TFTP to download or upload a configuration file, or after connection the download or upload files	53
The console screen displays a message to change the baud rate for the terminal emulation session for XModem transfer after forcing the switch into the download mode, and does not display CCCC...	54
The download fails after starting to download the firmware file	54
The switch configuration is corrupt	54

HP GbE2c HP GbE2c Layer 2/3 Ethernet Blade Switch for c-Class BladeSystem User - Page 13

TACACS, SSH and SCP, XModem - management login

Page 13 highlights