Switches, Hubs, and Modems
1745883 Members
4141 Online
108723 Solutions
New Discussion юеВ

Firmware H8.98 (2600 series)

 
Preston Gallwas
Valued Contributor

Firmware H8.98 (2600 series)

The release notes now says it disables all the ports (tftp/stacking/telnet) by default until you enable them. If I push this update out, will I need to manually re-enable these or does the update 'detect' that we're already using stacking?

I would be pushing this out using PCM+ 2.1
4 REPLIES 4
Terry Kirk
Advisor

Re: Firmware H8.98 (2600 series)

I've been running this version for a while and haven't had to do anything with telnet. I disable stacking, so I don't know if it's affected, but telnet doesn't seem to be.

Terry
Terry
Mohieddin Kharnoub
Honored Contributor

Re: Firmware H8.98 (2600 series)

Hi

Well, there is no such thing, if you just go to the realse notes :
ftp://ftp.hp.com/pub/networking/software/2600-RelNotes-h0898-59906003.pdf

You won;t see such thing, anyway i have updated 3 2600 switches to this new version without having any problem.

Don't forget to assign points.

Good Luck
Science for Everyone
Matt Hobbs
Honored Contributor

Re: Firmware H8.98 (2600 series)

As a matter of fact, there is such a thing mentioned in the release notes. It says that as of H.08.97 - The ports for TFTP, SNMP and Stacking will remain closed until the associated services are enabled on the switch.

I've been running H.08.98 for a while now too and everything still seems to work, so I was assuming that it was honoring the previous configuration and keeping those services open.

I then thought maybe this disabling only occurs after an erase startup-config, so I tried that and to my surprise, all those services remained enabled by default.

Okay after some more testing I think I can see what's happening here. Prior to H.08.97 if you performed a port scan on a switch (nmap) it would report almost every port as open:filtered (1486 ports). With the latest firmware all ports are closed unless that specific service is enabled. The confusing thing with the release notes is that it indicates that those services are disabled by default which does not appear to be true.

Thanks for opening this thread, very interesting.

By the way, if you use 802.1x port-access with PEAP or TLS I would recommend you do not update to the latest firmware releases for most switch platforms as it appears to have been broken.
Matt Hobbs
Honored Contributor

Re: Firmware H8.98 (2600 series)

Just some more. With my previous port scan all I proved was that the fix from H.08.95 was working:

ICMP (PR_1000235905) ├в Switch does not send a 'destination unreachable' response
message when trying to access an invalid UDP port.

This new enhancement in H.08.97 for the TCP/UDP ports, is that previously some ports were always enabled and you did not have an option to disable them.

i.e, prior to H.08.97 you could not issue the command 'no tftp server'. If you issued 'no stack' it would stop the stacking feature yet the port would remain open.

In my testing it looks like the release notes where it states (Default: disabled) need to be corrected where appropriate. Stacking, TFTP and SNMP are still enabled by default.