HP Aruba 2530 Network Switch VLAN Configuration


What is VLAN?

A virtual Local Area Network can be described as any broadcast domain that is partitioned and isolated at the data link layer (OSI layer 2) of a computer network. Virtual in the context refers to physical network objects altered or recreated using additional programming logic.

VLAN works by applying tags to network packets and managing the handling of these tags in the network, creating the appearance and functionality of network traffic split between separate networks on the same physical switch.

Advantages of using this technology includes simplicity of networks without the need for multiple cable runs, traffic management, security and cheaper to implement without buying multiple switches.

Precautions are required to prevent an exploit called VLAN hopping, where traffic can “escape” a given VLAN.

More sophisticated switches can mark data frames through VLAN tagging, enabling a single interconnect (Trunk) to transport data to multiple VLANs. Since VLANs share common bandwidth, a VLAN trunk utilizes link aggregation, Quality-of-Service (QoS) prioritization or both to route data efficiently.

VLANs is useful for partitioning a local network into several distinctive segments, for instance;

·         Voice over IP
·         Network management
·         Storage area network (SAN)
·         Guest Internet access network
·         Demilitarized zone (DMZ)
·         Client separation (ISP in a datacentre or large facility)

This document demonstrates the processes required for layer 2 switching using and HP 48 port smart switch which are truncated for failover load balancing.

An over view of the steps as follows;

·         Initial Set Up – Naming the switch, creating secure password, adding an IP address and upgrading the firmware.
·         Creating VLANs
·         Port Set Up – Tagging and untagging ports.
·         Uplinking Switches – Connecting the switches to the live network and patching any ports.   

Establishing Connection to HP Aruba 2530 Smart Switch                             

For this task, we’ll be using HP Aruba 2530 smart switch pictured above with 48 ports and a console management port.

1. If you know the IP address of the switch, you can access it using the address in a browser. If however you do not know the IP, you can connect using a serial to USB cable connected to the console port and running an SSH session using PuTTY CLI on port number 22.

You can download PuTTY here: https://www.ssh.com/ssh/putty/download

                                 

2. Once your computer is connected to the switch via PuTTY, you will see the interface below, pressing Enter twice with load up the initial configuration screen, displaying the device information.


3. You can check the current configuration by typing the command; Show running-config or sh run


Notice the result of your command as shown above, the Hostname, VLAN details which includes the “DEFAULT_VLAN”, number of untagged ports, IP address type (Usually acquired via DHCP-BOOTP) are displayed on your PuTTY screen.

4. To make any changes such as create VLANs, name, password and trunks, you’ll need to access the configuration mode of the switch by typing in the command: Conf t  Notice the (config)# line to confirm.


5. Next, you’ll have to enable SSH for access using the following commands; crypto key generate ssh making sure you are in config mode for this to work. Type the next command ip ssh and press Enter.  



Upgrading the Firmware on the HP Smart Switch
Part of the set-up process involves checking the firmware is up to date and upgrading if required.
Some pre-requisites are required before an upgrade can be carried out;

·         Installation of a TFTP server (SolarWinds).
·         Download the firmware from HPE website using a registered account.
·         Put the firmware file in the root folder of the TFTP software as seen in software options.

6.Once all the steps are complete, run the command:Copy tftp flash xxx.xxx.xxx.xxx FILENAME.SWI


Once the command is successful, validation and writing system software to flash will begin.


7. Still in Config mode, check the firmware status of the switch with command: sh flash You’ll see the primary image, secondary image, date and version of the firmware installed with the current boot image.


8. The next step involves copying the primary image to the secondary: Copy flash flash secondary and notice the secondary match the primary in date and version.



Naming and Creating Password for the HP Smart Switch
If you work in an environment such a datacentre with multiple switches managing multiple hosts, it’s a good idea to name the switches installed for easy identification and management.

To do this still in config mode, type in the command; Hostname “NAME OF SWITCH” not forgetting to put your chosen name in quotation marks and Enter. You’ll notice the Name of Switch(config) # appear on the next command line window.

We are now ready to create a password for management of the switch using the following command; Password Operator user-name Operator. You will get a prompt on the next line to enter and confirm your chosen password. Bear in mind that the Operator is a read only user.

The ability to read/write changes requires creating a Manager password with the following command; Password Manager user-name Manager. Enter your password and confirm to complete the process. 


                Creating VLANs on the HP Smart Switch
By default, the switch comes with VLAN1, all ports untagged and no IP address. If you type the sh run command and have already set up your operator and manager passwords, details will be displayed. 


9. To edit the VLAN, type vlan 1 and press Enter to drill down into vlan-1. You can name it with command; Name “VLAN Name or Number” and give it an IP address with command; ip address / subnet mask


Execute the sh run command again to see the new configuration interface and check your settings.


10. We can now create other VLANs using the same steps as above. Press Ctrl+Z to go back into config mode or type the command conf t as we did at the beginning. You can call it VLAN2, Name it, assign IP address and subnet mask and check the configuration.

NOTE: A very important command to remember is WR MEM which saves all your configurations. It’s a good idea to get into the habit of running this command anytime you make any changes.



                  Switch Port Configuration Descriptions
Switches come with varying number of ports from small 8-port, 12-port, 24-port to large 48-port. These ports all come untagged by default and tagging can be configured depending use case scenario.

Untagged: This is a physical member of a VLAN and ports can only be untagged in one VLAN.

Tagged: This a port that will carry traffic to for multiple VLANs to other networking devices. Ports can be tagged into many VLANs. 


11.The next section will explore the process of untagging the new VLAN2 we created in the steps above;

Conf t

Vlan 2

Untagged “Port Numbers” eg. Port 14


The example above for a 24-port switch after running our commands and sh run displays the 2 vlans available with port 14 untagged in vlan2 while ports 1-13, 15-24 are untagged in vlan1.

12. Using VLAN2 as our example, we can tag ports using the following command;

Conf t
Vlan2
Tagged “Port number” eg. Port 15


Notice this time, vlan2 has port 15 tagged and port 14 untagged from our previous command.

REMBER: Always run the command WR MEM each time you make any changes as all configurations will be lost of the switch is rebooted.


                      HP Switch Useful CLI Commands
There are some commands that come in handy as a network administrator when managing switches. Typing Help as usual will bring down a list of possible commands you can execute. 

If however you know part of a command, type a few characters and press the Tab key to autocomplete the rest. Explore the following command list below;

#Hostname <hostname>-- Set switch hostname
#Ping <IP Address>-- Ping IP addresses
#Chassislocate  -- Turn on/off switch locator LED or blink it (30 minutes)
#ChasisLocate Blink Blink switch locator LED set time in minutes
#NTP1 <Time Server Name>-- Add time server to NTP server list
#Timesync ntp -- Enable NTP synchronization with servers
#Password operator -- Set operator password (Normal user / Read only)
#Password manager -- Set manager password (Admin user / read-write)
#Password all -- Set password for operator and manager
#Enable -- Switch to manager level from operator level
#Exit -- Exit current level
#Logout -- Logout of the switch
#Wr mem -- Saves configuration to flash
#Conf t – Enter configuration mode
#Untagged <Port Numbers> -- Untags a port from a VLAN
#Tagged <Port Numbers> -- Tags a port to a VLAN
#int <Port Number>disable/enable – Disables or enables a port 



                                              Final Thoughts
We hope you found this article useful as a guide to basic VLAN configuration on a HP smart switch. Other advanced configurations are available such as configuring VLAN trunks for connecting two switches in failover scenarios. 

Do leave some comments on other ways to perform this task to help other students learn more.

Thank you for investing your time with us.


Written By: www.codexploitcybersecurity.com   Twitter: @ixploitsecurity  Facebook: https://www.facebook.com/icybersecure



       Credits to all organisations and development teams at HP Enterprise Solutions 

























0 Comments:

Post a Comment