From 020dc37904cb84b04e0251bd760e0f52c1dd2581 Mon Sep 17 00:00:00 2001 From: restitux Date: Wed, 25 Jan 2023 03:25:25 +0000 Subject: [PATCH] Updated Aruba S2500.md (markdown) --- networking/Aruba S2500.md | 257 +++++++++++++++++++++++++++++++------- 1 file changed, 214 insertions(+), 43 deletions(-) diff --git a/networking/Aruba S2500.md b/networking/Aruba S2500.md index c26fb1f..5289832 100644 --- a/networking/Aruba S2500.md +++ b/networking/Aruba S2500.md @@ -1,4 +1,4 @@ -## Reset the Switch to Factory Defaults +## Resetting the Switch to Factory Defaults The switch can be reset through the on screen display's menu. This can be controlled using the two available buttons, ``menu`` and ``enter``. @@ -11,6 +11,29 @@ To factory reset the switch, do the following: 4. Press the ``menu`` button until ``Factory Default`` is selected. 5. Press the ``enter`` button once to select, and a second time to confirm. +## Connecting to the Switch + +### Console +The Aruba S2500 has a micro USB port on the back which exposes a serial +interface that can be used to manage the switch. + +To connec to the serial interface you will need a computer, a micro USB cable, +and a serial application (here we are using `screen`). + +1. Connect the USB serial port on the back of the switch to your computer +2. Connect to the serial port with screen + - `sudo screen /dev/ttyUSB0 9600` (replace `ttyUSB0` with the device node + your system assigns to the switch) +3. Login with the default username and password + - username: `password` + - password: `forgetme!` + +You should now be dropped to a shell that looks like the below + +``` +(ArubaS2500-48P-US) > +``` + ## Setting the Switch's Account Passwords Relevant forum thread [here](https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=9356). @@ -70,6 +93,11 @@ as of Jan 24, 2023 is as follows. `ArubaOS_MAS_7.4.1.9_62608`: `613abae502736c7c7ac2a0548edf506280d2afb8d2762db784ffa68f5cd6c52c` +### Copy the Firmware to a USB Drive +You will need to format a USB drive as FAT32. You can put the firmware binary +anywhere on the filesystem. I would suggest putting it at the root as this is +easiest to type into the switch's console. + ### Install the Firmware From the switch's console, login and escalate your privledges. ``` @@ -93,49 +121,7 @@ Do you really want to restart the system(y/n): y System will now restart! ``` -### Connecting to the Switch -#### Console -The Aruba S2500 has a micro USB port on the back which exposes a serial -interface that can be used to manage the switch. - -To connec to the serial interface you will need a computer, a micro USB cable, -and a serial application (here we are using `screen`). - -1. Connect the USB serial port on the back of the switch to your computer -2. Connect to the serial port with screen - - `sudo screen /dev/ttyUSB0 9600` (replace `ttyUSB0` with the device node - your system assigns to the switch) -3. Login with the default username and password - - username: `password` - - password: `forgetme!` - -You should now be dropped to a shell that looks like the below - -``` -(ArubaS2500-48P-US) > -``` - - -### Ethernet (broken) - -The Aruba S2500 provides a Web UI that can be used to configure the switch. - -The WebUI forces HTTPS by default and the ciphers supported are not permitted by -most modern browsers. You can enabled outdated ciphers in your browser which -will enable you to sucessfully connect, but the WebUI may still fail to display. - -To connect to the WebUI -1. TODO: enable the Quick Setup WebUI via the front panel menu -2. Connect an ethernet cable between your device and one of the 1GbE port on - the front of the switch -3. On your machine, assign the interface a static IP with the follow configuration - - IP: `172.16.0.2` - - Subnet Mask: `255.255.255.0` or `/24` - - Gateway: `172.16.0.1` -4. Connect to `http://172.16.0.254` in your browser. - -You should now have access to the WebUI. ## Running through Quick Setup @@ -155,3 +141,188 @@ Autoconfiguration of system will be stopped, if Quick-setup is launched by user Invoke Quick-setup (y|n)??? [y]:y ``` + +## Tips for Navigating the Console +### Hotkeys +In the switch's console interface, there are some hotkeys that you should be +aware of. + +`?`: Pressing the question mark key at any time displays all the possible +options you could complete your command with. This takes into account the +characters you already have types. You can use it both to list commands +and their subcommands or parameters. You can also use the question mark to +list the set of valid configuration parameters you can set in the current +configuration context. + +`TAB`: Pressing the tab key will auto complete the current command if it is not +ambiguous. If it is, nothing will happen. + +`!`: You can enter an exclamation mark character to back out of the current +configuration block. This is quicker than typing `exit`. + +### Shell Prompt +The shell prompt can provide you some helpful information on what context you +are currently working in. + +In the following command line, each field is as follows. +``` +(hostname) (config_context) (#/>) +``` +- `hostname` is your device's hostname. +- `config` context is the current configuration context you are in (this will + be absent if you are not in the configuration utility.) +- `#/>` denotes whether you are in `enable` mode or not. A `#` signafies + `enable` mode + +### Saving Your Changes +Remember to save your changes when you are done. This can be done by running +the `write memory` command. +## Configuring VLANs +To configure a VLAN, two steps must be done. + +### 1. Creating the VLAN +To create a VLAN, use the `vlan` command. It is helpful to give your VLAN's a +description you can reference later. + +``` +ArubaS2500-48P) (config) #vlan 60 +(ArubaS2500-48P) (VLAN "60") #? +aaa-profile VLAN AAA profile +clone Copy data from another VLAN +description VLAN description +dhcp-snooping-database Add Static Snoop mac entry +dhcp-snooping-profile dhcp snooping profile name +igmp-snooping-profile igmp snooping profile name +mac-address-table Configure the MAC address table +mac-aging-time Mac Aging Time in Minutes +mld-snooping-profile mld snooping profile name +no Delete Command +pvst-profile per vlan rapid spanning tree profile name + +(ArubaS2500-48P) (VLAN "60") #description "office" +(ArubaS2500-48P) (VLAN "60") #! +``` + +### 2. Creating a Port Profile +Next, you will have to create a port profile that makes uses of your configured +VLAN. This configuration differs if you want the port to have tagged traffic. + +#### 2a. Port With Untagged Traffic +In this example, we will create a port profile configured to route traffic for +VLAN 60 untagged. +``` +interface-profile switching-profile "general" + access-vlan 60 + native-vlan 60 + trunk allowed vlan 60 +! +``` + +#### 2b. Port with Tagged and Untagged Traffic +In this example, we will create a port with VLANs 10 and 20 configured for +tagged traffic and VLAN 60 configured for untagged traffic. +``` +interface-profile switching-profile "uplink" + switchport-mode trunk + access-vlan 60 + native-vlan 60 + trunk allowed vlan 10,20,60 +! +``` +Remember to set the `switchport-mode trunk` param on any profile that needs to +route untagged traffic. + +### 3. Apply Port Profile to Port +Finally, we need to apply this profile to a port. In this example, I will be +applying the profile `office` to the Gigabit Ethernet port `0/0/0` which is +the lowest numbered Gigabit port on the switch (port 0). + +``` +(ArubaS2500-48P) (config) #interface gigabitethernet 0/0/0 +(ArubaS2500-48P) (gigabitethernet "0/0/0") #switching-profile "office" +(ArubaS2500-48P) (gigabitethernet "0/0/0") #! +``` + +## Exposing the Configuration Interfaces to Your Network + +## Configuring the Managment Interface +The switch's managmement functions needs to be configured to listen on a +specific interface. In this example, we will be configuring it to listen on +VLAN 60. + +### Configure the Connection on the Desired Interface + +``` +(ArubaS2500-48P) (ip-profile) #interface vlan 60 +(ArubaS2500-48P) (VLAN "10") #description "office" +(ArubaS2500-48P) (VLAN "10") #! +``` + +For a static IP: +``` +(ArubaS2500-48P) (vlan "60") #ip address 10.0.0.10 255.255.255.0 +``` + +For DHCP: +``` +(ArubaS2500-48P) (vlan "60") #ip address dhcp-client +``` + +### Configure the Controller to Listen on This Interface +First, open the `ip-profile` settings. +``` +(ArubaS2500-48P) (config) #ip-profile +(ArubaS2500-48P) (ip-profile) #? +controller-ip Configure controller IP +default-gateway Specify default gateway +no Delete Command +prefix-list Configure prefix list +route Configure static route A.B.C.D +``` +Next, configure the `controller-ip`. +``` +(ArubaS2500-48P) (ip-profile) #controller-ip vlan 60 +Since controller IP address will change, connectivity to this controller might be affected. Do you want to proceed with this action [y/n]: y +``` +Finally, configure the `default-gateway`. This value will be different if you +are using a static IP or DHCP on your desired interface. + +For a static IP: +``` +(ArubaS2500-48P) (ip-profile) #default-gateway 10.0.0.1 +``` +For DHCP: +``` +(ArubaS2500-48P) (ip-profile) #default-gateway import dhcp +``` + +### Enable the WebUI +To enable the WebUI, we need to enable the `mgmt-ui-ports` option on the +`web-server` configuration param. +``` +(ArubaS2500-48P) (config) #web-server +(ArubaS2500-48P) (Web Server Configuration) #? +captive-portal-cert Certificate name configured under certificate + manager +captive-portal-ports Enable or Disable Captive Portal Ports 8080/8081 +ciphers Configure cipher suite strength. Default is high +mgmt-auth Configure management user's WebUI access method, + either username/password authentication or + certificate authentication or both. Default is + username/password authentication +mgmt-ui-ports Enable or Disable Webserver +no Delete Command +session-timeout Configure user's WebUI session timeout <30-3600> + (seconds) +ssl-protocol SSL/TLS Protocol Config +switch-cert Certificate name configured under certificate + manager +web-max-clients Configure web servers' maximum supported concurrent + clients <25-400> + +(ArubaS2500-48P) (Web Server Configuration) #mgmt-ui-ports +(ArubaS2500-48P) (Web Server Configuration) #! +``` + + +