Correct Syntax for ProCurve Switch 2524 (J4813A) ??

I'm trying to secure our Procurve 2524 Switches by following 'Hardening ProCurve Switches' (http://www.hp.com/rnd/pdfs/Hardening_ProCurve_Switches_White_Paper.pdf)

I am trying to disable Telnet,SNMP,HTTP plaintext & TFTP.

At my first step (Disabling Telnet in trade for SSH) I used the command

ProCurve Switch(config)# crypto key generate ssh
This returned...'Invalid Input SSH'

So..I ran the command again removing ssh at the end and it said it was generating a new RSA host key, so I then disabled telnet and went in via SSH and that part when fine although sytax a little different.

I can't however seem to find the correct syntax for disabling/securing the other protocols.

I've tried all sorts of 'Likely' combinations (Referring to the product manual for syntax also).

For the stage where you create a certificate so you can turn on SSL and disable HTTP...

ProCurve Switch(config)# crypto key generate cert 1024
This returned... 'Invalid Input Cert'
so I didn't bother running the next stage...
ProCurve Switch(config)# web-management ssl
(I did but expected that one not to work if it couldn't generate a key)

no web-management plaintext gave me invalid input plain text.

I am however able to disable web altogether using no web-management but would like it if we could still have a HTTPSs connection to the switch.

It's the same with the other commands, I have syntax issues of some sort....

ProCurve Switch(config)# snmpv3 enable
returns 'Invalid Input: snmpv3

ProCurve Switch(config)# no snmp-server enable
returns 'Incomplete Input: enable

I was hoping that a 'syntax savvy' person from the community could help my out a little or offer some guidance.

Thanks in advance!

Re: Correct Syntax for ProCurve Switch 2524 (J4813A) ??

If you're unfamiliar with the syntax for a command, try using the ? after each option.

So in your example, it didn't like the cert command in that position, so back up one command and use the ? to see your options: crypto key generate ?


Working on our 3800s, I noticed that the crypto commands changed between firmware versions. Using the ? I managed to figure out the new syntax :-)


Also, have a look for updated documentation for the fimware version you are running.

I don't wanna disappoint you but a 2524 switch cant handle web-ssl or securecopy or snmpv3. You used an unspecific manual, try this: