HPE Community
Comware Based
1819824 Members
3227 Online
109607 Solutions
New Discussion юеВ

HPE 5510 24G 4SFP+ HI 1-slot Switch JH145A-1111P01

 
MatrixQN
Senior Member

тАО09-13-2016 09:20 PM

тАО09-13-2016 09:20 PM

HPE 5510 24G 4SFP+ HI 1-slot Switch JH145A-1111P01

Dear all,

I have 2 problems with HPE 5510 HI Switch, the first one is the routing of the MGMT port. I have a MGMT VLAN on another switch and secure by a Hardware Firewall, when I connected the MGMT port to MGMT VLAN, the traffic go directly from switch to that VLAN. How to config for the traffic go to Firewall throught MGMT port to MGMT VLAN?

Secondly, after configuration the https, the ssl show error:

This site canтАЩt provide a secure connection

192.168.6.50 uses an unsupported protocol.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH
HIDE DETAILS
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite. This is likely to be caused when the server needs RC4, which is no longer considered secure.
 

Then, I undo https enable, i enable http

But, the login always show failed on http login.

Please help me!

Regards,

MatrixQN

 

0 Kudos
5 REPLIES 5
Ian Vaughan
Honored Contributor

тАО09-14-2016 02:11 PM

тАО09-14-2016 02:11 PM

Re: HPE 5510 24G 4SFP+ HI 1-slot Switch JH145A-1111P01

Howdy,

Regarding the "out of band" management port -

If you find that it is very much "in band" on your device, the best course of action is to spin up a vpn-instance or VRF called "mgmt" and put the interface into that segregated network. I do this for all of them now so it doesn't matter if Mgmt0 interface initialy turns up in the global routing table as it gets cut over into the mgmt VPN as part of the build.

The odd behavior of the https access -

You can define an SSL server policy so that only certain ciphers etc are offered to clients

You could also run through the "fips mode enable" dialogue and lock down all of the insecure services as well as disabling the less secure ciphers

These are all covered in the security configuration guide

I hope that gives you a few clues

Thanks

Ian

Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
0 Kudos
MatrixQN
Senior Member

тАО09-14-2016 06:16 PM

тАО09-14-2016 06:16 PM

Re: HPE 5510 24G 4SFP+ HI 1-slot Switch JH145A-1111P01

Thank Mr. Ian,

I have updated to the lastest firmware, the https is ok now. I will test with your sugestion about the MGMT.

Regards,

MatrixQN

0 Kudos
MatrixQN
Senior Member

тАО09-14-2016 09:37 PM

тАО09-14-2016 09:37 PM

Re: HPE 5510 24G 4SFP+ HI 1-slot Switch JH145A-1111P01

Hi Ian,

Could you provide me step by step about how to config the MGMT port?

Regards,

 

0 Kudos
MatrixQN
Senior Member

тАО09-15-2016 02:48 AM

тАО09-15-2016 02:48 AM

Re: HPE 5510 24G 4SFP+ HI 1-slot Switch JH145A-1111P01

Hi all,

I'm crazy now, i Config HTTP login as follow:

#system-view

#ip http enable

#local-user admin

#password simple admin

#authorization-attribute user-role level-3 (test with network-admin and network-operator)

#service-type http https

#quit

When I login to webbased, I always get the error: Failed to log in.

Please help!

0 Kudos
Ian Vaughan
Honored Contributor

тАО09-19-2016 02:24 PM

тАО09-19-2016 02:24 PM

Re: HPE 5510 24G 4SFP+ HI 1-slot Switch JH145A-1111P01

Howdy,

To put an interface into a vpn instance it goes something like:

[sw] ip vpn-instance mgmt

[sw-vpn-instance-mgmt] route-distinguisher 111:1

[sw-vpn-instance-mgmt] vpn-target 111:1

[sw-vpn-instance-mgmt] quit

[sw] interface M-Gigabit 0/0/0

[sw-M-Gig0/0/0] ip binding vpn-instance mgmt

# Ip address will be removed from the interface as it is bound into the VPN

[sw-M-Gig0/0/0] ip address x.x.x.x /nn

There's a decent guide to vpn-instances or VRF's as well as route leaking here

HTH

Kudos and Solved buttons help others find useful posts - don't be shy about clicking!

Thanks

Ian

Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.