HPE Community
HPE Aruba Networking & ProVision-based
1829883 Members
11764 Online
109993 Solutions
New Discussion

Correct Syntax for ProCurve Switch 2524 (J4813A) ??

 
anthonyrsc
New Member

‎06-21-2012 05:31 AM - edited ‎06-21-2012 05:32 AM

‎06-21-2012 05:31 AM - edited ‎06-21-2012 05:32 AM

Correct Syntax for ProCurve Switch 2524 (J4813A) ??

Hello,
I'm trying to secure our Procurve 2524 Switches by following 'Hardening ProCurve Switches' (http://www.hp.com/rnd/pdfs/Hardening_ProCurve_Switches_White_Paper.pdf)
 

I am trying to disable Telnet,SNMP,HTTP plaintext & TFTP.
 

At my first step (Disabling Telnet in trade for SSH) I used the command

ProCurve Switch(config)# crypto key generate ssh
This returned...'Invalid Input SSH'
 

So..I ran the command again removing ssh at the end and it said it was generating a new RSA host key, so I then disabled telnet and went in via SSH and that part when fine although sytax a little different.


I can't however seem to find the correct syntax for disabling/securing the other protocols.

I've tried all sorts of 'Likely' combinations (Referring to the product manual for syntax also).


For the stage where you create a certificate so you can turn on SSL and disable HTTP...

ProCurve Switch(config)# crypto key generate cert 1024
This returned... 'Invalid Input Cert'
so I didn't bother running the next stage...
ProCurve Switch(config)# web-management ssl
(I did but expected that one not to work if it couldn't generate a key)

no web-management plaintext gave me invalid input plain text.

I am however able to disable web altogether using no web-management but would like it if we could still have a HTTPSs connection to the switch.

It's the same with the other commands, I have syntax issues of some sort....


ProCurve Switch(config)# snmpv3 enable
returns 'Invalid Input: snmpv3

ProCurve Switch(config)# no snmp-server enable
returns 'Incomplete Input: enable


I was hoping that a 'syntax savvy' person from the community could help my out a little or offer some guidance.

Thanks in advance!
anthonyrsc

0 Kudos
2 REPLIES 2
Amtiskaw
Occasional Advisor

‎06-25-2012 03:16 PM

‎06-25-2012 03:16 PM

Re: Correct Syntax for ProCurve Switch 2524 (J4813A) ??

If you're unfamiliar with the syntax for a command, try using the ? after each option.

So in your example, it didn't like the cert command in that position, so back up one command and use the ? to see your options: crypto key generate ?

 

Working on our 3800s, I noticed that the crypto commands changed between firmware versions. Using the ? I managed to figure out the new syntax :-)

 

Also, have a look for updated documentation for the fimware version you are running.

0 Kudos
Pourl
Frequent Advisor

‎06-26-2012 06:34 AM

‎06-26-2012 06:34 AM

Re: Correct Syntax for ProCurve Switch 2524 (J4813A) ??

Hi,

 

I don't wanna disappoint you but a 2524 switch cant handle web-ssl or securecopy or snmpv3. You used an unspecific manual, try this:

 

http://ftp.hp.com/pub/networking/software/2500-MgmtConfig-Oct2005-59692354.pdf

 

Pourl

 

 

 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.