HP Switch ACL Configuration(HP 스위치 ACL 설정)
▶ 현재 설정 상태 확인
1) 방법
raonyn> display current-configuration
#
version 7.1.070, Release 6635
#
………………
▶ config 모드로 진입 하기
raonyn> system-view
▶ telnet 또는 ssh 활성화
1) 방법
raonyn> system-view
raonyn] telnet server enable or ssh server enable
raonyn] user-interface vty 0 4
raonyn-line-vty0-4] authentication-mode schem
raonyn] local-user admin
raonyn-luser-manage-admin] service-type terminal ( or telnet or ssh)
=> mode none 을 하면 계정 및 패스워드를 안묻고 로그인 가능
=> mode schem 을 해줘야 계정으로 로그인 가능
=> local-user 계정에서 service-type에 telnet이나 ssh를 설정해야 로그인 가능
▶ 계정 생성
1) 방법
raonyn> system-view
– 계정 생성
raonyn] local-user raonyn
– 패스워드 생성
raonyn-luser-manage-raonyn] password simple password
Updating user information. Please wait… …
– 계정에 접근 서비스 결정
raonyn-luser-manage-raonyn] service-type terminal ( or telnet or ssh)
– 계정 롤 설정 (예: network-admin)
raonyn-luser-manage-raonyn] authorization-attribute user-role network-admin
▶ NTP 서버 연동
1) 방법
raonyn> system-view
– ntp service enable
raonyn] ntp-service enable
– ntp service 동기화 서버 지정
raonyn] ntp-service unicast-server 1.1.1.1
raonyn]display ntp-service status
Clock status: synchronized <== 동기화 상태
Clock stratum: 4
System peer: 1.1.1.1 <== 동기화 대상 서버
Local mode: client
Reference clock ID: 1.1.1.1
Leap indicator: 00
Clock jitter: 0.000458 s
Stability: 0.000 pps
Clock precision: 2^-21
Root delay: 6.31714 ms
Root dispersion: 11.64246 ms
Reference time: e6e7a612.fa350119 Wed, Oct 5 2022 15:43:30.977
System poll interval: 64 s
▶ snmp 허용
1) 방법
raonyn> system-view
– snmp 버전 지정
raonyn] snmp-agent sys-info version v1 v2c
– snmp 정보 획득을 위한 커뮤니티 값 설정
raonyn] snmp-agent community read community
raonyn] display snmp-agent statistics
249175 messages delivered to the SNMP entity.
0 messages were for an unsupported version.
0 messages used an unknown SNMP community name.
2) ACL
snmp-agent community read public acl …2001
=> acl은 명령어 마지막에 acl 2000~ 으로 해주면 됩니다. Acl number 2000 name SNMP
rule 1 permit source X.X.X.X 0 (허용해줄 IP), 나머지 차단
▶ ssh 기본 acl 생
[HPE]acl basic 2000
[HPE-acl-ipv4-basic-2000]rule 10 deny ip source 20.20.20.11 0 destination 20.20.20.1 0 counting
[HPE-acl-ipv4-basic-2000]rule 70 permit source 192.168.120.51 0
▶ password-recovery
1) 방법
– 부팅시 Ctrl+B 클릭
8. Skip Authentication for Console Login Clear Image Password Success!
– 샤시 장비와, 일반 스위치와 조금 다를 수 있으며, 샤시 장비는 MPU 모듈 하나를 제거 한 상태에서만 리커버리가 됨.
■ SNMPv1/SNMPv2c configuration example
Configuring the SNMP agent.
Configure the IP address of the agent and make sure that the agent and the NMS can reach each other.
Specify SNMPv1 and SNMPv2c, create a read-only community public , and a read and write community private.
<Agent> system-view
[Agent] snmp-agent sys-info version v1 v2c
[Agent] snmp-agent community read public
[Agent] snmp-agent community write private
Configure contact and physical location information for the agent.
[Agent] snmp-agent sys-info contact Mr.Wang-Tel:3306
[Agent] snmp-agent sys-info location telephone-closet,3rd-floor
Enable SNMP traps, set the NMS at 1.1.1.2/24 as an SNMP trap destination, and use public as the community name. (To be sure that the NMS can receive traps, specify the same SNMP version in the snmp-agent target-host command as on the NMS.)
[Agent] snmp-agent trap enable
[Agent] snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname
public v1
[Agent] quit
Configure the SNMP NMS.
The SNMP settings on the agent and the NMS must match. Specify the read-only community, the read and write community, the timeout time, and the number of retries.
Verify the configuration.
Try to get the count of sent traps from the agent, and the attempt succeeds.
Send request to 1.1.1.1/161 …
Protocol version: SNMPv1
Operation: Get
Request binding:
1: 1.3.6.1.2.1.11.29.0
Response binding:
1: Oid=snmpOutTraps.0 Syntax=CNTR32 Value=18
Get finished
Use a wrong community name to get the value of a MIB node from the agent, and see an authentication failure trap on the NMS.
1.1.1.1/2934 V1 Trap = authenticationFailure
SNMP Version = V1
Community = public
Command = Trap
Enterprise = 1.3.6.1.4.1.43.1.16.4.3.50
GenericID = 4
SpecificID = 0
Time Stamp = 8:35:25.68