11 KiB
Resetting the Switch to Factory Defaults
The switch can be reset through the on screen display's menu. This can be
controlled using the two available buttons, menu and enter.
To factory reset the switch, do the following:
- Press the
menubutton to bring up the on screen menu. You may have to press the button twice, once to activate the screen and once to open the menu. - Press the
menubutton until you see thatMaintenanceis selected. - Press the
enterbutton. - Press the
menubutton untilFactory Defaultis selected. - Press the
enterbutton once to select, and a second time to confirm.
Connecting to the Switch
Console
The Aruba S2500 has a micro USB port on the back which exposes a serial interface that can be used to manage the switch.
To connec to the serial interface you will need a computer, a micro USB cable,
and a serial application (here we are using screen).
- Connect the USB serial port on the back of the switch to your computer
- Connect to the serial port with screen
sudo screen /dev/ttyUSB0 9600(replacettyUSB0with the device node your system assigns to the switch)
- Login with the default username and password
- username:
password - password:
forgetme!
- username:
You should now be dropped to a shell that looks like the below
(ArubaS2500-48P-US) >
Setting the Switch's Account Passwords
Relevant forum thread here.
First, login with the default credentials
User: password
Password: forgetme!
Next, go into enable mode.
(aruba) >enable
Password: enable
Set the admin user's password.
(aruba) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(aruba) (config) #mgmt-user admin root
Password: yourpassword
Retype password: yourpassword
Logout and log back in. Then go into enable mode.
(aruba) (config) #exit
(aruba) #exit
(aruba) >exit
User: admin
Password: yourpassword
(aruba) >enable
Password: enable
Configure the enable mode password.
(aruba) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(aruba) (config) #enable secret
Password: yourenablepassword
Re-Type password: yourenablepassword
(aruba) (config) #write memory
Update the Switch's Firmware
Based on the guide available here.
To update the switch's firmware, you will need to copy the upgrade file to a USB drive and connect it to the USB port on the rear of the switch.
Download the Firmware
Firmware upgrades are available for download from Aruba without a licence key.
An account is required. Aruba does not allow users to make accounts with public
email providers (gmail, hotmail, etc.), so you will either have to use a different
email provider for your account or try to find the file elsewhere on the
internet. For posterity, the sha256sum of the latest firmware upgrade avilable
as of Jan 24, 2023 is as follows.
ArubaOS_MAS_7.4.1.9_62608: 613abae502736c7c7ac2a0548edf506280d2afb8d2762db784ffa68f5cd6c52c
Copy the Firmware to a USB Drive
You will need to format a USB drive as FAT32. You can put the firmware binary anywhere on the filesystem. I would suggest putting it at the root as this is easiest to type into the switch's console.
Install the Firmware
From the switch's console, login and escalate your privileges.
(ArubaS2500-48P-US)
User: admin
Password: ******
(ArubaS2500-48P-US) >enable
Password:******
Then, install the firmware using the copy command.
(ArubaS2500-48P-US) #copy usb ArubaOS_MAS_7.4.1.9_62608 system: partition 0
................................................File ArubaOS_MAS_7.4.1.9_62608 copied to partition 0 successfully.
Reboot the switch
(ArubaS2500-48P-US) #reload
Do you really want to restart the system(y/n): y
System will now restart!
Running through Quick Setup
Console
After logging into the switch's console, you need to launch the switch's
Quick-setup program.
This can be done by running the enable command and providing the password
enable as seen below. You will then need to press y berfore the Quick-setup
prompt times out.
ArubaS2500-48P-US) >enable
Password:enable
Quick-setup helps in setting the basic configuration of the system
Autoconfiguration of system will be stopped, if Quick-setup is launched by user
Invoke Quick-setup (y|n)??? [y]:y
Tips for Navigating the Console
Hotkeys
In the switch's console interface, there are some hotkeys that you should be aware of.
?: Pressing the question mark key at any time displays all the possible
options you could complete your command with. This takes into account the
characters you already have types. You can use it both to list commands
and their subcommands or parameters. You can also use the question mark to
list the set of valid configuration parameters you can set in the current
configuration context.
TAB: Pressing the tab key will auto complete the current command if it is not
ambiguous. If it is, nothing will happen.
!: You can enter an exclamation mark character to back out of the current
configuration block. This is quicker than typing exit.
Shell Prompt
The shell prompt can provide you some helpful information on what context you are currently working in.
In the following command line, each field is as follows.
(hostname) (config_context) (#/>)
hostnameis your device's hostname.configcontext is the current configuration context you are in (this will be absent if you are not in the configuration utility.)#/>denotes whether you are inenablemode or not. A#signafiesenablemode
Saving Your Changes
Remember to save your changes when you are done. This can be done by running
the write memory command.
Configuring VLANs
To configure a VLAN, two steps must be done.
1. Creating the VLAN
To create a VLAN, use the vlan command. It is helpful to give your VLAN's a
description you can reference later.
ArubaS2500-48P) (config) #vlan 60
(ArubaS2500-48P) (VLAN "60") #?
aaa-profile VLAN AAA profile
clone Copy data from another VLAN
description VLAN description
dhcp-snooping-database Add Static Snoop mac entry
dhcp-snooping-profile dhcp snooping profile name
igmp-snooping-profile igmp snooping profile name
mac-address-table Configure the MAC address table
mac-aging-time Mac Aging Time in Minutes
mld-snooping-profile mld snooping profile name
no Delete Command
pvst-profile per vlan rapid spanning tree profile name
(ArubaS2500-48P) (VLAN "60") #description "office"
(ArubaS2500-48P) (VLAN "60") #!
2. Creating a Port Profile
Next, you will have to create a port profile that makes uses of your configured VLAN. This configuration differs if you want the port to have tagged traffic.
2a. Port With Untagged Traffic
In this example, we will create a port profile configured to route traffic for VLAN 60 untagged.
interface-profile switching-profile "general"
access-vlan 60
native-vlan 60
trunk allowed vlan 60
!
2b. Port with Tagged and Untagged Traffic
In this example, we will create a port with VLANs 10 and 20 configured for tagged traffic and VLAN 60 configured for untagged traffic.
interface-profile switching-profile "uplink"
switchport-mode trunk
access-vlan 60
native-vlan 60
trunk allowed vlan 10,20,60
!
Remember to set the switchport-mode trunk param on any profile that needs to
route untagged traffic.
3. Apply Port Profile to Port
Finally, we need to apply this profile to a port. In this example, I will be
applying the profile office to the Gigabit Ethernet port 0/0/0 which is
the lowest numbered Gigabit port on the switch (port 0).
(ArubaS2500-48P) (config) #interface gigabitethernet 0/0/0
(ArubaS2500-48P) (gigabitethernet "0/0/0") #switching-profile "office"
(ArubaS2500-48P) (gigabitethernet "0/0/0") #!
Exposing the Configuration Interfaces to Your Network
Configuring the Managment Interface
The switch's managmement functions needs to be configured to listen on a specific interface. In this example, we will be configuring it to listen on VLAN 60.
Configure the Connection on the Desired Interface
(ArubaS2500-48P) (ip-profile) #interface vlan 60
(ArubaS2500-48P) (VLAN "10") #description "office"
(ArubaS2500-48P) (VLAN "10") #!
For a static IP:
(ArubaS2500-48P) (vlan "60") #ip address 10.0.0.10 255.255.255.0
For DHCP:
(ArubaS2500-48P) (vlan "60") #ip address dhcp-client
Configure the Controller to Listen on This Interface
First, open the ip-profile settings.
(ArubaS2500-48P) (config) #ip-profile
(ArubaS2500-48P) (ip-profile) #?
controller-ip Configure controller IP
default-gateway Specify default gateway
no Delete Command
prefix-list Configure prefix list
route Configure static route A.B.C.D
Next, configure the controller-ip.
(ArubaS2500-48P) (ip-profile) #controller-ip vlan 60
Since controller IP address will change, connectivity to this controller might be affected. Do you want to proceed with this action [y/n]: y
Finally, configure the default-gateway. This value will be different if you
are using a static IP or DHCP on your desired interface.
For a static IP:
(ArubaS2500-48P) (ip-profile) #default-gateway 10.0.0.1
For DHCP:
(ArubaS2500-48P) (ip-profile) #default-gateway import dhcp
Enable the WebUI
To enable the WebUI, we need to enable the mgmt-ui-ports option on the
web-server configuration param.
(ArubaS2500-48P) (config) #web-server
(ArubaS2500-48P) (Web Server Configuration) #?
captive-portal-cert Certificate name configured under certificate
manager
captive-portal-ports Enable or Disable Captive Portal Ports 8080/8081
ciphers Configure cipher suite strength. Default is high
mgmt-auth Configure management user's WebUI access method,
either username/password authentication or
certificate authentication or both. Default is
username/password authentication
mgmt-ui-ports Enable or Disable Webserver
no Delete Command
session-timeout Configure user's WebUI session timeout <30-3600>
(seconds)
ssl-protocol SSL/TLS Protocol Config
switch-cert Certificate name configured under certificate
manager
web-max-clients Configure web servers' maximum supported concurrent
clients <25-400>
(ArubaS2500-48P) (Web Server Configuration) #mgmt-ui-ports
(ArubaS2500-48P) (Web Server Configuration) #!