Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

2530 switches will not allow ssh or https

This thread has been viewed 0 times

  • 1.  2530 switches will not allow ssh or https

    Posted Mar 31, 2016 04:16 PM

    Right where to start, I can not for love nor money get 26 2530s switches to allow ssh or https access. The switches will accept the config and an example of one is provided.

    ; J9854A Configuration Editor; Created on release #YA.15.16.0006
    ; Ver #06:04.9c.63.ff.37.27:12
    hostname "castle-comms"
    timesync sntp
    sntp unicast
    sntp server priority 1 x.x.x.x
    no telnet-server
    no web-management
    web-management ssl
    ip route 0.0.0.0 0.0.0.0 x.x.x.x
    interface 21
       name "link-to-castle-comms-2nd-switch"
       exit
    interface 23
       name "link-to-castle-prefab"
       exit
    interface 24
       name "ground-castle-nurse"
       exit
    vlan 1
       name "DEFAULT_VLAN"
       no untagged 1-24
       untagged 25-26
       no ip address
       exit
    vlan 2
       name "wired"
       untagged 1-12,24
       tagged 21,23
       no ip address
       exit
    vlan 3
       name "private-wifi"
       untagged 13-20,22
       tagged 21,23-24
       no ip address
       exit
    vlan 4
       name "public-wifi"
       tagged 21,23-24
       no ip address
       exit
    vlan 5
       name "community"
       tagged 21,23-24
       no ip address
       exit
    vlan 6
       name "servers"
       tagged 21,23-24
       ip address x.x.x.x x.x.x.x
       exit
    no tftp server
    no dhcp config-file-update
    no dhcp image-file-update
    no dhcp tr69-acs-url
    password manager
    password operator

    I can see the certs after I create them but I cant not access the switches via ssh or https. To add confusion to the matter, I can not ping the switches either once they are on the network.

    The core switch is a netgear (i know, but this is being replaced with a 5500 once I resolve these issues), yet the core is working without issue.

    And lastly, I can not at this time upgrade the firmware as the tftp steps is providing an error. Cant recall at this time what it is.

    The rest of the network is made up of 1920s switches which are working fine, ssh, https all good.

    Steps taken, rebuild the switches, deleted crypto keys for ssh and pki. Reconfig those but still no joy. Also rebuild the switches offline and provided myself with a static IP and still no joy.

    Apart from launch these switches into the sea, I am questioning either fireware or hardware failure.

    Has anyone seen this before or any tips on next steps.

    Thanks....


    #ping
    #ssh
    #2530
    #https


  • 2.  RE: 2530 switches will not allow ssh or https

    EMPLOYEE
    Posted Mar 31, 2016 05:28 PM

    I have a different 2530, a J9774a, and on mine an all other recent provision based switches, SSH is enabled by default. I am running YA.16.01 software.

    I am concerned that you can't even ping your switch. That makes me think that your VLAN configuration isn't quite right. I assume that ports 23 and 24 connect to the rest of your network and that you want to manage the switch in vlan 6. But ports 23 and 24 are configured slightly differently. Port 23 doesn't carry any untagged traffic and port 24 carries VLAN 2 untagged. Is that intentional?

    I think there are two options to figure this out.

    1. Can you share the config of the port that this switch connects to on the netgear? And let us know which port on the 2530 it is connecting to.

    2. Or you can reset to factory defaults and connect the switch to a port on the netgear that is untagged with DHCP. The 2530 will get a DHCP address and then you can validate connectivity and update the software before reconfiguring for your network.



  • 3.  RE: 2530 switches will not allow ssh or https

    Posted Apr 01, 2016 04:18 AM

     So this switch is connected to two other 2530's on ports 21 and 23. Port 24 was to an additional netgear switch that only required vlan 2, so that was untagged. The tagged vlans on 24 can be ignored, so I must remove those.

    So this switch is not directly connected to the core, so kind of bad example. But one that is which is in the same position, has on its uplink at the core, untagged vl 2, tagged vl 3-6.

    vlan 1
       name "DEFAULT_VLAN"
       no untagged 1-48
       untagged 49-52
       no ip address
       exit
    vlan 2
       name "wired"
       untagged 1-48
       no ip address
       exit
    vlan 3
       name "private-wifi"
       tagged 48
       no ip address
       exit
    vlan 4
       name "public-wifi"
       tagged 48
       no ip address
       exit
    vlan 5
       name "community"
       tagged 48
       no ip address
       exit
    vlan 6
       name "servers"
       tagged 48
       ip address x.x.x.x
       exit



  • 4.  RE: 2530 switches will not allow ssh or https

    Posted Apr 01, 2016 04:49 AM

    Also forgot to say that the switches are bleeding their config, which I see was a fix in one of the firmware updates.



  • 5.  RE: 2530 switches will not allow ssh or https

    Posted Apr 01, 2016 01:27 PM

    divide and conquer strategy:
    just  to make a switch port untagged in vlan6 , hook up a PC and test from there.  No need to bother about certificates private key stuff if you can't even ping