Re: HP 1920S, Mangement Interface, Certifcate, FW Update - Trouble, trouble, trouble ...

AndreasWWW · ‎05-29-2018

Hi,

the switches are really beta or not proved in praxis.

We have defined management interface in a non-standard-routed vlan, and firmware updates will not load without error message. You need a Server in the same subnet as the mangement interface, and its work ...

So it works with our test switch after 2 hours of testing ...

But with our switch in the real net its horrible. This switch has a own internal signed cetificat, and http management is out, only https.

AFTER upgrading from 1.07 to 1.08 the Switch restart, and it works as switch well, incl. sNMP.

But now the web server of the 1920S doesn´t work - port 443 (and 80) are down!!!

Because ohf HPE politic to reduce mangement port and don´t give telnet/ssh, the only connectiopn is dead.

You are so good, HPE .. and now?

Restarting the Switch doesn´t help, and i cannot press factory defaults because it´s a configured active switch.

where are your backdoors?

Your politic to give a complete new beta-switch technique the unique typ-Name "1920" as the proved old serie, is more as naughty

HP-Browniee · ‎05-29-2018

Hello

Well there is a backdoor to use the CLI.

Check this Link.

Kind regards

AndreasWWW · ‎05-29-2018

Hello HP-Browniee,

if you are reading correct, you can see that I differ between 1920 and 1920S.

I know the CLI feature for the 19x0-Serie, but I am speaking of the new S-Modell, 19x0S

AndreasWWW · ‎05-30-2018

good news and bad news ...

the web server is still working :-)

I can use the defined management port on switch for directly access via web,.

So I can see that the gui-configurationis and the configuration file exactly the same as before with old firmware.

After 2 hours of testing I cannot solve the problem, so I boot wth old backup-firmware 1.07 - and management over vlan/net works very well ...

the included Webserver on HP1920S is lighttpd

AndreasWWW · ‎05-30-2018

Trying/testing with a new 1920S, I found the bug

It´s a desaster of HPE ...

The Problem is the using of a managemnt Port in V01.08. If you define one, you can only manage the Switch over THIS Port, (not any longer over other ports in the correct management VLAN.). And this management port will be automatically an untagged VLAN-Port.

So, if you manage the Switch over an Uplink-Port or an Uplink-Trunk with some tagged VLANs, Management is dead by Firmware 01..08 ...

Fiemware 01.08 is buggy, and no one should use it.

How long needs HPE to correct this elementary bug?

HPE, I#am waiting to Firmware 01.09 ...

AndreasWWW · ‎05-30-2018

FW 01.08 has the same bug as 01..07 - you can load Firmware only out of the same subnet as management is defined, no routing out of other subnets ...

I got in 2 days 3 "Badges" of HPE, but no support ... thank you for your preferences, HPE!

Congratulations AndreasWWW,

You just earned a new badge!

10 Messages Read

Vince-Whirlwind · ‎05-30-2018

The behaviour you call a "bug" is precisely how the manual says it will work.

It sounds to me like you have configured a management port, thus disabling management from any other port.

You should configure your Management VLAN and set Management Port to "None", as described in the manual.

AndreasWWW · ‎05-30-2018

Hello Vince,

you are not correct.

Why does it work in 1.05 and 1.07?

And what shall a management port/management vlan if you cannot manage any longer your switch over network?!?

Do you think we take a separate Port with a separate uplink to manage the switch over network?

And you don´t understand the concept of this manageent port, and you don´t understand the manual.

It´s a big bug

Management PortWhen specified, access to the administrative web interface will always be guaranteed on the selected switch port. The selected management port is auto-configured to be an untagged member of the management VLAN and is excluded from any previous untagged VLAN. It is strongly advised that the user configures a management port to ensure management connectivity in case of an accidental change in VLAN membership of the port used to configure the switch.

Note: The default Management Port selection is set to 'None'. This means that any port on the Management VLAN can be used as a management port.

Vince-Whirlwind · ‎05-31-2018

I think the bits you haven't understood are these:

Only ports that are members of the management VLAN allow access to the management software
If a management port is configured, access to the switch is restricted to that port.

Here is that section of the manual in full:

Management VLAN

Management VLAN ID

Access to the management software is controlled by the assignment of a management VLAN ID. Only ports that are members of the management VLAN allow access to the management software. By default, the management VLAN ID is 1. The management VLAN can be any value between 1 and 4093. All ports are members of VLAN 1 by default; the administrator may want to create a different VLAN to assign as the management VLAN and associate it with a management port (see the next field). A VLAN that does not have any member ports (either tagged or untagged) cannot be configured as the management VLAN. When the network protocol is configured to be DHCP, any change in the configured management VLAN ID may cause disruption in connectivity because the switch acquires a new IP address when the management subnet is changed. To reconnect to the switch, the user must determine the new IP address by viewing the log on the DHCP server.

Management Port

Access to the management software can also be controlled by the selection of a management port. The selected management port is auto-configured to be an untagged member of the management VLAN and is excluded from any other untagged VLANs. When the switch boots with the default configuration, any port can be used as management port and this field is configured as None. You can configure a management port to ensure that a port always remains an untagged member of the configured management VLAN; this helps to ensure management connectivity in case of an accidental change in VLAN membership. If no management port is specified, then all ports that are members of the management VLAN provide access to the switch management interface. If a management port is configured, access to the switch is restricted to that port. For example, if VLAN 1 is the management VLAN and port 10 is the management port, other ports that are members of VLAN 1 will not provide access to the switch management interface. The features that utilize the management port include the following:  DHCP  SNMP  SNTP  TFTP

AndreasWWW · ‎05-31-2018

Vince,

I think you are a newbie to switch administration, you don´t understand it, and I think you never configured a management vlan.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: HP 1920S, Mangement Interface, Certifcate, FW Update - Trouble, trouble, trouble ...

HP 1920S, Mangement Interface, Certifcate, FW Update - Trouble, trouble, trouble ...