HP 스위치 명령어

▶ 현재 설정 상태 확인

1) 방법
raonyn> display current-configuration
#
version 7.1.070, Release 6635
#
..................

▶ config 모드로 진입 하기
raonyn> system-view

▶ telnet 또는 ssh 활성화
1) 방법
raonyn> system-view
raonyn] telnet server enable or ssh server enable
raonyn] user-interface vty 0 4
raonyn-line-vty0-4] authentication-mode schem
raonyn] local-user admin
raonyn-luser-manage-admin] service-type terminal ( or telnet or ssh)
=> mode none 을 하면 계정 및 패스워드를 안묻고 로그인 가능
=> mode schem 을 해줘야 계정으로 로그인 가능
=> local-user 계정에서 service-type에 telnet이나 ssh를 설정해야 로그인 가능

▶ 계정 생성
1) 방법
raonyn> system-view
- 계정 생성
raonyn] local-user raonyn
- 패스워드 생성
raonyn-luser-manage-raonyn] password simple password
Updating user information. Please wait... …
- 계정에 접근 서비스 결정
raonyn-luser-manage-raonyn] service-type terminal ( or telnet or ssh)
- 계정 롤 설정 (예: network-admin)
raonyn-luser-manage-raonyn] authorization-attribute user-role network-admin

▶ NTP 서버 연동
1) 방법
raonyn> system-view
- ntp service enable
raonyn] ntp-service enable
- ntp service 동기화 서버 지정
raonyn] ntp-service unicast-server 1.1.1.1
raonyn]display ntp-service status
Clock status: synchronized <== 동기화 상태
Clock stratum: 4
System peer: 1.1.1.1 <== 동기화 대상 서버
Local mode: client
Reference clock ID: 1.1.1.1
Leap indicator: 00
Clock jitter: 0.000458 s
Stability: 0.000 pps
Clock precision: 2^-21
Root delay: 6.31714 ms
Root dispersion: 11.64246 ms
Reference time: e6e7a612.fa350119 Wed, Oct 5 2022 15:43:30.977
System poll interval: 64 s

▶ snmp 허용
1) 방법
raonyn> system-view
- snmp 버전 지정
raonyn] snmp-agent sys-info version v1 v2c
- snmp 정보 획득을 위한 커뮤니티 값 설정
raonyn] snmp-agent community read community
raonyn] display snmp-agent statistics
249175 messages delivered to the SNMP entity.
0 messages were for an unsupported version.
0 messages used an unknown SNMP community name.
2) ACL
snmp-agent community read public acl ...2001
=> acl은 명령어 마지막에 acl 2000~ 으로 해주면 됩니다. Acl number 2000 name SNMP
rule 1 permit source X.X.X.X 0 (허용해줄 IP), 나머지 차단


▶ ssh 기본 acl 생

[HPE]acl basic 2000
[HPE-acl-ipv4-basic-2000]rule 10 deny ip source 20.20.20.11 0 destination 20.20.20.1 0 counting
[HPE-acl-ipv4-basic-2000]rule 70 permit source 192.168.120.51 0


▶ password-recovery
1) 방법
- 부팅시 Ctrl+B 클릭
8. Skip Authentication for Console Login Clear Image Password Success!
- 샤시 장비와, 일반 스위치와 조금 다를 수 있으며, 샤시 장비는 MPU 모듈 하나를 제거 한 상태에서만 리커버리가 됨.


■ SNMPv1/SNMPv2c configuration example

Configuring the SNMP agent.

Configure the IP address of the agent and make sure that the agent and the NMS can reach each other.

Specify SNMPv1 and SNMPv2c, create a read-only community public , and a read and write community private.

system-view
[Agent] snmp-agent sys-info version v1 v2c
[Agent] snmp-agent community read public
[Agent] snmp-agent community write private
Configure contact and physical location information for the agent.

[Agent] snmp-agent sys-info contact Mr.Wang-Tel:3306
[Agent] snmp-agent sys-info location telephone-closet,3rd-floor
Enable SNMP traps, set the NMS at 1.1.1.2/24 as an SNMP trap destination, and use public as the community name. (To be sure that the NMS can receive traps, specify the same SNMP version in the snmp-agent target-host command as on the NMS.)

[Agent] snmp-agent trap enable
[Agent] snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname
public v1
[Agent] quit
Configure the SNMP NMS.

The SNMP settings on the agent and the NMS must match. Specify the read-only community, the read and write community, the timeout time, and the number of retries.

Verify the configuration.

Try to get the count of sent traps from the agent, and the attempt succeeds.

Send request to 1.1.1.1/161 ...
Protocol version: SNMPv1
Operation: Get
Request binding:
1: 1.3.6.1.2.1.11.29.0
Response binding:
1: Oid=snmpOutTraps.0 Syntax=CNTR32 Value=18
Get finished
Use a wrong community name to get the value of a MIB node from the agent, and see an authentication failure trap on the NMS.

1.1.1.1/2934 V1 Trap = authenticationFailure
SNMP Version = V1
Community = public
Command = Trap
Enterprise = 1.3.6.1.4.1.43.1.16.4.3.50
GenericID = 4
SpecificID = 0
Time Stamp = 8:35:25.68



HP 네트워크 점검 기본 명령

display current-configuration
display saved-configuration
display version
display brief interface
display ip routing-table
display ip interface
display interface
display memory
display clock
display ntp-service status
display device
display controller
display ip statistics
display users
_display memory
display exception 10 verbose from-device
display logbuffer
_display history all
display environment
display port-mapping
display snmp-agent community
display info-center
vlan
status

HP와 Cisco 명령어 비교

HP vs Cisco
display show
undo no
quit exit
save write
sysname hostname
delete erase
rip router rip
ospf router ospf
bgp router bgp
acl access-list
system view configure terminal
display current-config sh run
display interface brief show ip int b
display version show version
display ip routing-table show ip route
display info-center show logging
user-interface vty 0 63 line vty 0 4
port link-mode route no switchport
undo shutdown no shutdown
Cisco는 한번에 inbound/outbound 트래픽을 볼수 있으나
HP는 개별적으로 inbound/outbound 트래픽을 볼수 있다.

display counters inbound interface
display counters outbound interface
telnet 명령어
system view 모드에서는 telnet enable 설정만 가능
quit 명령으로 나와서 진행해야함

Softcar 기능 적용
기본적으로 Cisco에서 확장핑을 치면 DDoS 방지용 동작(Ping Loss 인것처럼 보임)

Link Aggregation
- HP(구.3Com 장비) : Link-aggregation (LACP / manual)
link-aggregation mode dynamic | none
- HP : Trunk (LACP / manual)
Dynamic active | passive , static lacp | trunk
- Cisco : Etherchannel (LACP / PAgP / manual)
channel-group 1 mode active | passive | auto | desire | on

display link-aggregation summary
display link-aggregation verbose
trunk 구성할때 인터페이스에 설정 하지 않는다.(Cisco는 physical 인터페이스에 설정함)

interface bridge-aggregation 1
port link-type trunk
port trunk permit vlan 100 200 or all



HP스위치는 user view / system view 모드로 나뉘어 짐 // CISCO와 유사함



Systme view 모드로 접속해야 스위치 설정이 가능함



User view 는 / system view 는 [host name] 으로 표기됨



HP L스위치 셋팅

1. Vlan 생성

System-view
[hostname] Vlan 10 ---> vlan 10 생성


2. Interface에 vlan 설정

[hostname] Vlan 10
[hostname -vlan 10] port Ethernet 1/0/5 to Ethernet 1/0/10 --> 1~10번까지 vlan 10 access로 할당


3. Vlan에 ip설정

system-view
[hostname] interface vlan 10 --> interface 모드 진입
[hostname-vlan-interface10] ip address 192.168.0.100 255.255.255.0
*삭제하는 방법* undo ip address 192.168.0.100 255.255.255.0
4. Gateway 설정

system-view
[hostname] ip route-static 0.0.0.0 0.0.0.0 192.168.0.1


5. Ip route 설정

system-view
[hostname] ip route-static 0.0.0.0 0.0.0.0 192.168.0.1
*삭제하는 방법* undo ip route 0.0.0.0 0.0.0.0 192.168.0.1


6. Hostname 설정

system-view
[hostname] system HP_Switch
[HP_Switch]


7.User 생성

system-view
[hostname] local-user 계정이름
[hostname-luser-manage-계정이름] password [hash / simple] 패스워드
[hostname-luser-manage-계정이름] service-type [ftp, http, https, pad, ssh, telnet, terminal]
예시 - service-type ssh telnet terminal


8. Line Vty 설정

system-view
[hostname] user-interface vty 0 4
[hostname-line-vty0-4] authentication-mode scheme --> cisco login local 과 똑같음
[hostname-line-vty0-4] quit
[hostname]
[hostname] telnet server enable --> telnet 활성화
===================================================================

1. 컨피그 저장

Save
2. Cisco sh run

[hostname] display current-configuration --> 현재 동작중인 컨피그 전체 확인
[hostname] display saved-configuration --> 현재 저장된 컨피그 전체 확인
3. 시간설정

[hostname] clock timezone GMT add 9 --> korea timezone 설정