- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Re: 2530 switches will not allow ssh or https
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-31-2016 01:15 PM
тАО03-31-2016 01:15 PM
2530 switches will not allow ssh or https
Right where to start, I can not for love nor money get 26 2530s switches to allow ssh or https access. The switches will accept the config and an example of one is provided.
; J9854A Configuration Editor; Created on release #YA.15.16.0006
; Ver #06:04.9c.63.ff.37.27:12
hostname "castle-comms"
timesync sntp
sntp unicast
sntp server priority 1 x.x.x.x
no telnet-server
no web-management
web-management ssl
ip route 0.0.0.0 0.0.0.0 x.x.x.x
interface 21
name "link-to-castle-comms-2nd-switch"
exit
interface 23
name "link-to-castle-prefab"
exit
interface 24
name "ground-castle-nurse"
exit
vlan 1
name "DEFAULT_VLAN"
no untagged 1-24
untagged 25-26
no ip address
exit
vlan 2
name "wired"
untagged 1-12,24
tagged 21,23
no ip address
exit
vlan 3
name "private-wifi"
untagged 13-20,22
tagged 21,23-24
no ip address
exit
vlan 4
name "public-wifi"
tagged 21,23-24
no ip address
exit
vlan 5
name "community"
tagged 21,23-24
no ip address
exit
vlan 6
name "servers"
tagged 21,23-24
ip address x.x.x.x x.x.x.x
exit
no tftp server
no dhcp config-file-update
no dhcp image-file-update
no dhcp tr69-acs-url
password manager
password operator
I can see the certs after I create them but I cant not access the switches via ssh or https. To add confusion to the matter, I can not ping the switches either once they are on the network.
The core switch is a netgear (i know, but this is being replaced with a 5500 once I resolve these issues), yet the core is working without issue.
And lastly, I can not at this time upgrade the firmware as the tftp steps is providing an error. Cant recall at this time what it is.
The rest of the network is made up of 1920s switches which are working fine, ssh, https all good.
Steps taken, rebuild the switches, deleted crypto keys for ssh and pki. Reconfig those but still no joy. Also rebuild the switches offline and provided myself with a static IP and still no joy.
Apart from launch these switches into the sea, I am questioning either fireware or hardware failure.
Has anyone seen this before or any tips on next steps.
Thanks....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-31-2016 02:27 PM
тАО03-31-2016 02:27 PM
Re: 2530 switches will not allow ssh or https
I have a different 2530, a J9774a, and on mine an all other recent provision based switches, SSH is enabled by default. I am running YA.16.01 software.
I am concerned that you can't even ping your switch. That makes me think that your VLAN configuration isn't quite right. I assume that ports 23 and 24 connect to the rest of your network and that you want to manage the switch in vlan 6. But ports 23 and 24 are configured slightly differently. Port 23 doesn't carry any untagged traffic and port 24 carries VLAN 2 untagged. Is that intentional?
I think there are two options to figure this out.
1. Can you share the config of the port that this switch connects to on the netgear? And let us know which port on the 2530 it is connecting to.
2. Or you can reset to factory defaults and connect the switch to a port on the netgear that is untagged with DHCP. The 2530 will get a DHCP address and then you can validate connectivity and update the software before reconfiguring for your network.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-01-2016 01:17 AM
тАО04-01-2016 01:17 AM
Re: 2530 switches will not allow ssh or https
So this switch is connected to two other 2530's on ports 21 and 23. Port 24 was to an additional netgear switch that only required vlan 2, so that was untagged. The tagged vlans on 24 can be ignored, so I must remove those.
So this switch is not directly connected to the core, so kind of bad example. But one that is which is in the same position, has on its uplink at the core, untagged vl 2, tagged vl 3-6.
vlan 1
name "DEFAULT_VLAN"
no untagged 1-48
untagged 49-52
no ip address
exit
vlan 2
name "wired"
untagged 1-48
no ip address
exit
vlan 3
name "private-wifi"
tagged 48
no ip address
exit
vlan 4
name "public-wifi"
tagged 48
no ip address
exit
vlan 5
name "community"
tagged 48
no ip address
exit
vlan 6
name "servers"
tagged 48
ip address x.x.x.x
exit
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-01-2016 01:49 AM
тАО04-01-2016 01:49 AM
Re: 2530 switches will not allow ssh or https
Also forgot to say that the switches are bleeding their config, which I see was a fix in one of the firmware updates.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-01-2016 10:26 AM
тАО04-01-2016 10:26 AM
Re: 2530 switches will not allow ssh or https
divide and conquer strategy:
just to make a switch port untagged in vlan6 , hook up a PC and test from there. No need to bother about certificates private key stuff if you can't even ping