Procurve cli
De Linuxmemo.
(Différences entre les versions)
(→Configuration ssh pfor publickey) |
(→Configuration ssh for publickey) |
||
| Ligne 137 : | Ligne 137 : | ||
aaa authentication ssh login public-key none | aaa authentication ssh login public-key none | ||
aaa authentication ssh enable tacacs local | aaa authentication ssh enable tacacs local | ||
| + | #aaa authentication ssh enable tacacs authorized #enable sans mot de passe | ||
show authentication | show authentication | ||
Version du 23 novembre 2018 à 14:42
Sommaire |
Plus utile
- informations systeme
show system-information
- voir la config
show runnig-config (en ram) show config (au start-up)
- Compare les 2 configuration (start-up et running)
show config status
- sauvegarder la runnig-config dans la start-up config
write memory
- voir la configuration ip
show ip
- configuration ip différente sur chaque vlan
vlan 1 ip address 192.168.0.1/24 show ip
- gérer les sessions sur le switch
show ip ssh kill numero-de-sesion
- gestion des interfaces
show interfaces brief show interfaces config show interfaces port-utilization configure [no] interface < port-list > [< disable | enable >] interface c1-c3,c6 speed-duplex 100-full interface A1 name le port machin show name
- Trunks
show trunks show lacp
- LLDP
show lldp config
- transfert de data
ip ssh version 2 ip ssh filetransfer no tftp-enable copy event-log sftp username@192.168.0.152 log Copying a Configuration from a Remote Host: copy sftp < startup-config | running-config > < ip-address > < remote-file > [ pc | unix ] Copying a Configuration File to a Remote Host: copy < startup-config | running-config > tftp < ip-addr > < remote-file > [ pc | unix ]
Copying Command Output to a Destination Device: copy command-output < “cli-command” > sftp < ip-address > < filepath filename >
- gestion des modules
show modules
- gestion des tables mac
show mac-address [ vlan < vlan-id >] [< port-list >] [< mac-addr >]
Creating and assigning VLANS
HP-Switch(Config)#Vlan 10 (Creates VLAN 10) HP-Switch(vlan-10)#untagged a1 (Puts interface a1 into vlan 10 as untagged, meaning any packets that are untagged are on vlan 10) HP-Switch(Config)#Vlan 20 (Creates VLAN 20) HP-Switch(vlan-20)#tagged a1 (Makes interface a2 an 802.1q trunked port. Tagging this port with vlan 20 means that interface a2 accepts vlan 20 tagged packets) HP-Switch(Config)#show vlan (Shows vlan ID, Name, Status, Voice and Jumbo support) HP-Switch(Config)#show vlan ports a1 (Shows the vlans belonging to a1) HP-Switch(Config)#show vlan 1 (Shows ports that are assigned to vlan 1)
Additional VLAN commands
HP-Switch(vlan-10)#ip helper-address 192.168.1.1 (Sends DHCP or BOOTP packets to the following IP address) HP-Switch(vlan-10)#jumbo (Enables Jumbo Frames on this vlan)
Trunking
Trunking in HP terms is bundling 2 or more ports together to create a larger bandwidth port. In Cisco terms it is referred to as Etherchannel. The connecting switch must also be configured for trunking.
HP-Switch(Config)#trunk a4-a7 trk1 trunk (Creates a 4 port bundled trunk port with interface a4-a7) HP-Switch(Config)#trunk a4-a7 trk1 lacp (Creates a 4 port bundles trunk port with interface a4-a7 using the lacp protocol) HP-Switch(Config)#show trunk (Shows Port name, connection speeds, trunk group and type trunk | LACP) HP-Switch(Config)#show trunk a4 (Shows trunk information for the interface a4 member) HP-Switch(Config)#show lacp (Displays information about lacp status on port members)
IP Routing
HP-Switch(Config)#ip routing (Turns on IP routing for the switch. Out of the box the switch support static routes and RIP. With a Premium license you will get OSPF) HP-Switch(Config)#ip route 192.168.2.0/24 192.168.1.1 (Routes the subnet 192.168.2.0/24 to 192.168.1.1)
Multicast and Multicast Routing
HP-Switch(vlan-10)#ip igmp (Enables Internet Group Management Protocol controls. IGMP allows the ports to detect IGMP queries and report packets and manage IP multicast traffic through the switch. By default multicast traffic is flooded through all ports except the port it was received on) HP-Switch(Config)#ip multicast-routing (Enables Multicast Routing across subnets, you must have a license to enable this feature an you must have ip routing enabled also) HP-Switch(Config)#router pim (Enables Pim Dense Mode Multicast Routing) HP-Switch(vlan-1)#ip pim 192.168.1.1 (Assigns the routers pim source address statically)
Spanning Tree
HP-Switch(Config)#spanning-tree (Turns on Spanning Tree) HP-Switch(Config)#spanning-tree priority 0 (Makes this switch the root switch with a priority of 4096) HP-Switch(Config)#spanning-tree force-version rstp-operation (Operates spanning tree in Rapid Spanning Tree mode) HP-Switch(Config)#spanning-tree a1 bpdu-filter (Stops the port from transmitting or receiving bpdu’s. The port will continuously forward traffic. Useful for bridging devices) HP-Switch(Config)#spanning-tree a1 bpdu-protection (Disables the port if it receives bpdu’s) HP-Switch(Config)#spanning-tree a1 admin-edge-port (Makes a1 an admin edge port. Used for connected to end devices) HP-Switch(Config)#no spanning-tree a1 admin-edge-port (Makes a1 a non-admin edge port. Used for connections to switches) HP-Switch(Config)#show spanning-tree (Shows spanning tree information for vlans and ports) HP-Switch(Config)#show spanning-tree bpdu-protection (Shows which ports are configured with bpdu protection) HP-Switch(Config)#show spanning-tree detail (Shows extended information on vlans and ports)
Access Lists
HP-Switch(Config)#ip access-list extended “100″ (Creates an extended access list 100) HP-Switch(config-ext-nacl)#10 deny tcp 0.0.0.0 255.255.255.255 192.168.1.2 0.0.0.0 eq 25 (Denies everyone access to port 25 on 192.168.1.2) HP-Switch(config-ext-nacl)#20 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 (Permit any to any for any IP service) HP-Switch(vlan10)#ip access-group “100″ in (Applies the access list 100 in an inbound direction for vlan 10) HP-Switch(Config)#show access-list (Displays configured access-lists)
DHCP Snooping
DHCP Snooping prevents unauthorized DHCP servers from being used and providing invalid configuration data to clients on the network
HP-Switch(Config)#dhcp-snooping (Turns on DHCP Snooping) HP-Switch(Config)#dhcp-snooping vlan 1 (Turns on DHCP Snooping for vlan 1) HP-Switch(eth-a1)#dhcp-snooping trust (Makes interface a1 a trusted DHCP snooping interface i.e. an uplink to known DHCP Server) HP-Switch(Config)#dhcp-snooping authorized-server 192.168.1.2 (Authorized DHCP Server address, the DHCP Server packet must also be received on a trusted port) HP-Switch(Config)#show dhcp-snooping stats (Shows packet type action and reason. i.e. Server, Client, forward, drop, Reason and count)
Flow Control
You can turn on Flow Control between switch uplinks. Flow Control will not allow packets to drop if the link is being saturated.
HP-Switch(Config)#interface a4 (First step is to go into the interface) HP-Switch(eth-A4)#flow-control (Second Step is to turn on Flow-Control on the interface)
Management Modules (For 8000 series switches)
HP Procurve Advanced CLI Commands Reference
HP-Switch(Config)#redundancy management-module nonstop-switching (Turns on nonstop-switching for redundant management modules. This allows a management module to fail without dropping packets. This is Active/Active) HP-Switch(Config)#redundancy management-module (Turns on normal management module redundancy where the passive module reboots once the primary fails. This is Active/Passive) HP-Switch(Config)#redundancy active-management management-module2 (Will make management module 2 active on next boot) HP-Switch(Config)#redundancy switchover (Make the standby management module active immediately) HP-Switch(Config)#show redundancy (Brief details on the redundant management and fabric modules) HP-Switch(Config)#show redundancy details (Displays the following)
Configuration ssh for publickey
no ip ssh filetransfer tftp client copy tftp pub-key-file @IP key.pub show crypto client-public-key ip ssh filetransfer aaa authentication ssh login public-key none aaa authentication ssh enable tacacs local #aaa authentication ssh enable tacacs authorized #enable sans mot de passe show authentication
