wiki.ohea.xyz/wiki
11
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
682cc434707124d7daaf5d7a07ceb04362b39072
wiki/networking/Aruba S2500.md
T

329 lines
11 KiB
Markdown
Raw Blame History

## Resetting the Switch to Factory Defaults
The switch can be reset through the on screen display's menu. This can be
controlled using the two available buttons, ``menu`` and ``enter``.
To factory reset the switch, do the following:
1. Press the ``menu`` button to bring up the on screen menu. You may have to press
the button twice, once to activate the screen and once to open the menu.
2. Press the ``menu`` button until you see that ``Maintenance`` is selected.
3. Press the ``enter`` button.
4. Press the ``menu`` button until ``Factory Default`` is selected.
5. Press the ``enter`` button once to select, and a second time to confirm.
## Connecting to the Switch
### Console
The Aruba S2500 has a micro USB port on the back which exposes a serial
interface that can be used to manage the switch.
To connec to the serial interface you will need a computer, a micro USB cable,
and a serial application (here we are using `screen`).
1. Connect the USB serial port on the back of the switch to your computer
2. Connect to the serial port with screen
- `sudo screen /dev/ttyUSB0 9600` (replace `ttyUSB0` with the device node
your system assigns to the switch)
3. Login with the default username and password
- username: `password`
- password: `forgetme!`
You should now be dropped to a shell that looks like the below
```
(ArubaS2500-48P-US) >
```
## Setting the Switch's Account Passwords
Relevant forum thread [here](https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=9356).
First, login with the default credentials
```
User: password
Password: forgetme!
```
Next, go into `enable` mode.
```
(aruba) >enable
Password: enable
```
Set the admin user's password.
```
(aruba) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(aruba) (config) #mgmt-user admin root
Password: yourpassword
Retype password: yourpassword
```
Logout and log back in. Then go into `enable` mode.
```
(aruba) (config) #exit
(aruba) #exit
(aruba) >exit
User: admin
Password: yourpassword
(aruba) >enable
Password: enable
```
Configure the `enable` mode password.
```
(aruba) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(aruba) (config) #enable secret
Password: yourenablepassword
Re-Type password: yourenablepassword
(aruba) (config) #write memory
```
## Update the Switch's Firmware
Based on the guide available [here](https://community.arubanetworks.com/community-home/librarydocuments/viewdocument?DocumentKey=92ce82d5-13a7-47cf-8613-73416fa579d3&CommunityKey=2fd943a6-8898-4dbe-915f-4f09e4d3c317&tab=librarydocuments).
To update the switch's firmware, you will need to copy the upgrade file to a USB
drive and connect it to the USB port on the rear of the switch.
### Download the Firmware
Firmware upgrades are available for download from Aruba without a licence key.
An account is required. Aruba does not allow users to make accounts with public
email providers (gmail, hotmail, etc.), so you will either have to use a different
email provider for your account or try to find the file elsewhere on the
internet. For posterity, the `sha256sum` of the latest firmware upgrade avilable
as of Jan 24, 2023 is as follows.
`ArubaOS_MAS_7.4.1.9_62608`: `613abae502736c7c7ac2a0548edf506280d2afb8d2762db784ffa68f5cd6c52c`
### Copy the Firmware to a USB Drive
You will need to format a USB drive as FAT32. You can put the firmware binary
anywhere on the filesystem. I would suggest putting it at the root as this is
easiest to type into the switch's console.
### Install the Firmware
From the switch's console, login and escalate your privileges.
```
(ArubaS2500-48P-US)
User: admin
Password: ******
(ArubaS2500-48P-US) >enable
Password:******
```
Then, install the firmware using the `copy` command.
```
(ArubaS2500-48P-US) #copy usb ArubaOS_MAS_7.4.1.9_62608 system: partition 0
................................................File ArubaOS_MAS_7.4.1.9_62608 copied to partition 0 successfully.
```
Reboot the switch
```
(ArubaS2500-48P-US) #reload
Do you really want to restart the system(y/n): y
System will now restart!
```
## Running through Quick Setup
### Console
After logging into the switch's console, you need to launch the switch's
`Quick-setup` program.
This can be done by running the `enable` command and providing the password
`enable` as seen below. You will then need to press `y` berfore the `Quick-setup`
prompt times out.
```
ArubaS2500-48P-US) >enable
Password:enable
Quick-setup helps in setting the basic configuration of the system
Autoconfiguration of system will be stopped, if Quick-setup is launched by user
Invoke Quick-setup (y|n)??? [y]:y
```
## Tips for Navigating the Console
### Hotkeys
In the switch's console interface, there are some hotkeys that you should be
aware of.
`?`: Pressing the question mark key at any time displays all the possible
options you could complete your command with. This takes into account the
characters you already have types. You can use it both to list commands
and their subcommands or parameters. You can also use the question mark to
list the set of valid configuration parameters you can set in the current
configuration context.
`TAB`: Pressing the tab key will auto complete the current command if it is not
ambiguous. If it is, nothing will happen.
`!`: You can enter an exclamation mark character to back out of the current
configuration block. This is quicker than typing `exit`.
### Shell Prompt
The shell prompt can provide you some helpful information on what context you
are currently working in.
In the following command line, each field is as follows.
```
(hostname) (config_context) (#/>)
```
- `hostname` is your device's hostname.
- `config` context is the current configuration context you are in (this will
be absent if you are not in the configuration utility.)
- `#/>` denotes whether you are in `enable` mode or not. A `#` signafies
`enable` mode
### Saving Your Changes
Remember to save your changes when you are done. This can be done by running
the `write memory` command.
## Configuring VLANs
To configure a VLAN, two steps must be done.
### 1. Creating the VLAN
To create a VLAN, use the `vlan` command. It is helpful to give your VLAN's a
description you can reference later.
```
ArubaS2500-48P) (config) #vlan 60
(ArubaS2500-48P) (VLAN "60") #?
aaa-profile VLAN AAA profile
clone Copy data from another VLAN
description VLAN description
dhcp-snooping-database Add Static Snoop mac entry
dhcp-snooping-profile dhcp snooping profile name
igmp-snooping-profile igmp snooping profile name
mac-address-table Configure the MAC address table
mac-aging-time Mac Aging Time in Minutes
mld-snooping-profile mld snooping profile name
no Delete Command
pvst-profile per vlan rapid spanning tree profile name
(ArubaS2500-48P) (VLAN "60") #description "office"
(ArubaS2500-48P) (VLAN "60") #!
```
### 2. Creating a Port Profile
Next, you will have to create a port profile that makes uses of your configured
VLAN. This configuration differs if you want the port to have tagged traffic.
#### 2a. Port With Untagged Traffic
In this example, we will create a port profile configured to route traffic for
VLAN 60 untagged.
```
interface-profile switching-profile "general"
access-vlan 60
native-vlan 60
trunk allowed vlan 60
!
```
#### 2b. Port with Tagged and Untagged Traffic
In this example, we will create a port with VLANs 10 and 20 configured for
tagged traffic and VLAN 60 configured for untagged traffic.
```
interface-profile switching-profile "uplink"
switchport-mode trunk
access-vlan 60
native-vlan 60
trunk allowed vlan 10,20,60
!
```
Remember to set the `switchport-mode trunk` param on any profile that needs to
route untagged traffic.
### 3. Apply Port Profile to Port
Finally, we need to apply this profile to a port. In this example, I will be
applying the profile `office` to the Gigabit Ethernet port `0/0/0` which is
the lowest numbered Gigabit port on the switch (port 0).
```
(ArubaS2500-48P) (config) #interface gigabitethernet 0/0/0
(ArubaS2500-48P) (gigabitethernet "0/0/0") #switching-profile "office"
(ArubaS2500-48P) (gigabitethernet "0/0/0") #!
```
## Exposing the Configuration Interfaces to Your Network
## Configuring the Managment Interface
The switch's managmement functions needs to be configured to listen on a
specific interface. In this example, we will be configuring it to listen on
VLAN 60.
### Configure the Connection on the Desired Interface
```
(ArubaS2500-48P) (ip-profile) #interface vlan 60
(ArubaS2500-48P) (VLAN "10") #description "office"
(ArubaS2500-48P) (VLAN "10") #!
```
For a static IP:
```
(ArubaS2500-48P) (vlan "60") #ip address 10.0.0.10 255.255.255.0
```
For DHCP:
```
(ArubaS2500-48P) (vlan "60") #ip address dhcp-client
```
### Configure the Controller to Listen on This Interface
First, open the `ip-profile` settings.
```
(ArubaS2500-48P) (config) #ip-profile
(ArubaS2500-48P) (ip-profile) #?
controller-ip Configure controller IP
default-gateway Specify default gateway
no Delete Command
prefix-list Configure prefix list
route Configure static route A.B.C.D
```
Next, configure the `controller-ip`.
```
(ArubaS2500-48P) (ip-profile) #controller-ip vlan 60
Since controller IP address will change, connectivity to this controller might be affected. Do you want to proceed with this action [y/n]: y
```
Finally, configure the `default-gateway`. This value will be different if you
are using a static IP or DHCP on your desired interface.
For a static IP:
```
(ArubaS2500-48P) (ip-profile) #default-gateway 10.0.0.1
```
For DHCP:
```
(ArubaS2500-48P) (ip-profile) #default-gateway import dhcp
```
### Enable the WebUI
To enable the WebUI, we need to enable the `mgmt-ui-ports` option on the
`web-server` configuration param.
```
(ArubaS2500-48P) (config) #web-server
(ArubaS2500-48P) (Web Server Configuration) #?
captive-portal-cert Certificate name configured under certificate
manager
captive-portal-ports Enable or Disable Captive Portal Ports 8080/8081
ciphers Configure cipher suite strength. Default is high
mgmt-auth Configure management user's WebUI access method,
either username/password authentication or
certificate authentication or both. Default is
username/password authentication
mgmt-ui-ports Enable or Disable Webserver
no Delete Command
session-timeout Configure user's WebUI session timeout <30-3600>
(seconds)
ssl-protocol SSL/TLS Protocol Config
switch-cert Certificate name configured under certificate
manager
web-max-clients Configure web servers' maximum supported concurrent
clients <25-400>
(ArubaS2500-48P) (Web Server Configuration) #mgmt-ui-ports
(ArubaS2500-48P) (Web Server Configuration) #!
```
Reference in New Issue View Git Blame Copy Permalink