Configuration Example, Switching
ProCurve – Secure Management
Managing networking components is possible via a web interface or via a command-line interface. It doesn’t matter which method you prefer, but it does matter that the connection should be secure. If you use telnet (cli) or http (web interface) the management traffic is send clear-text across the network.
I still notice that a lot of people use insecure communiction methods. It is preferred to use ssh (cli) or https (web interface) to manage your components. The commands below can be used with HP ProCurve components to enable ssh and https and disable telnet and http management protocols.(The key size depends on the type of component and firmware version used)
CLI
switch01(config)# crypto key generate ssh rsa bits 2048
switch01(config)# ip ssh
switch01(config)# no telnet-server
Web Interface
switch01(config)# crypto key generate cert rsa <1024|2048>
switch01(config)# crypto host-cert generate self-signed
Validity start date [02/16/2015]:
Validity end date [02/16/2016]: 09/23/2320
Common name [10.10.1.99]: switch01.booches.local
Organizational unit [Dept Name]: ICT
Organization [Company Name]: Booches
City or location [City]: Bocholtz
State name [State]: Limburg
Country code [US]: NL
switch01(config)# web-management ssl
switch01(config)# no web-management plaintext
Next to using secure protocols, it is preferred to create unique credentials for every administrator. One way to create unique credentials is by configuring RADIUS / TACACS authentication. A common way is you configure RADIUS between the switch and the Active Directory. The following commands can be used to configure RADIUS on HP ProCurve switches.
switch01(config)# radius-server host 10.10.100.1 key <shared key>
switch01(config)# radius-server host 10.10.100.2 key <shared key>
switch01(config)# aaa authentication web login radius local
switch01(config)# aaa authentication web enable radius local
switch01(config)# aaa authentication ssh login radius local
switch01(config)# aaa authentication ssh enable radius local
switch01(config)# aaa authentication login privilege-mode
René Jorissen
Latest posts by René Jorissen (see all)
- MacOS Big Sur and SSLKEYFILELOG - November 23, 2021
- ClearPass, Azure AD, SSO and Object ID - August 12, 2021
- ClearPass – custom MPSK - July 20, 2021