HPE Community
Switching and Routing
1821188 Members
3423 Online
109631 Solutions
New Discussion юеВ

Unable to setup web client on new msm720

 
rc1970
Visitor

тАО12-11-2020 07:49 AM

тАО12-11-2020 07:49 AM

Unable to setup web client on new msm720

Hello,

I have been unable to access the web client on a new MSM720 to configure it. I am able to access it through the console port and have reset it many times trying to get the web page to work. Network card is in the same subnet, I am unable to ping 192.168.1.1 from the pc. I am able to ping it from the controller. Looking for any help to get this working, I will post the config loaded currently.

 

 

CLI> enable

CLI# conf

CLI(config)# show conf

# What: MSM720/5.7.0.2-01-10750

# Who:  admin@local

# When: Thu Jan  5 06:57:00 2012

 

enable

    config

            speed auto

            duplex auto

        vlan "Internet network"

            ip address mode none

            no ip default-gateway

            no ip nat

            untagged 5-6

            end

            speed auto

            duplex auto

        vlan "Access network"

            ip address mode none

            no ip default-gateway

            no ip nat

            untagged 1-4

            end

        admin local authentication

        no admin radius authentication

        ip http port 80

        ip https port 443

        web admin kickout

        snmp-server trap web-login

        snmp-server trap web-fail

        snmp-server trap web-logout

        snmp-server trap certificate-expires-soon

        snmp-server trap certificate-expired

        console authentication like-web

        clock timezone -5:00

        ntp server

        ntp protocol sntp

        clock auto adjust dst

        no clock use custom dst rules

        clock custom dst begins sun 1 may 7200

        clock custom dst begins format following-date

        clock custom dst ends sun 1 may 7200

        clock custom dst ends format following-date

        no ntp server failure trap

        no config-update automatic

        config-update operation backup

        config-update weekday everyday

        config-update time 00:00

        no config-update uri

        snmp-server trap config-update

        snmp-server trap config-change

        snmp-server trap syslog-severity

        snmp-server

        snmp-server port 161

        snmp-server version 1

        snmp-server version 2c

        no snmp-server version 3

        snmp-server readonly public

        snmp-server readwrite private

        no snmp-server location

        no snmp-server contact

        snmp-server chassis-id %serial_number%

        no snmp-server trap community

        no snmp-server trap

        snmp-server trap snmp-authentication

        no snmp-server trap heartbeat

        snmp-server heartbeat period 60

        snmp-server trap link-state

        snmp-server trap syslog-matches

        snmp-server trap syslog-severity level warning

        no snmp-server trap network-trace

        no firmware-update automatic

        firmware-update weekday everyday

        firmware-update time 00:00

        no firmware-update uri

        snmp-server trap firmware-update

        no ip name-server cache

        ip name-server dynamic

        no ip name-server switch-on-servfail

        ip name-server interception

        no ip name-server switch-over

        no transaction log

        config-version "not configured"

        no sflow

        persistent user information

        persistent user information period 60

        no bandwidth control

        bandwidth control max-rate 1000 1000

        bandwidth control very-high 10 10 100 100

        bandwidth control high 10 10 100 100

        bandwidth control normal 70 70 100 100

        bandwidth control low 10 10 100 100

        soap-server access lan

        no soap-server access vpn

        no dhcp relay extend internet network

        no dhcp relay access access network

        dhcp relay access centralized clients

        dhcp server access lan

        dhcp server access centralized clients

        no dhcp server logout html user

        no dhcp server controller discovery

        no igmp proxy

connect(): Connection refused

connect(): Connection refused

        igmp proxy upstream interface "Internet network"

        igmp proxy downstream interface Bridge

        radius-server local eap-tls

        radius-server local eap-ttls

        radius-server local eap-peap

        radius-server local pap

        no radius-server ssid detection nas-id

        radius-server client

        radius-server accounting session 2000

        use default shared secret

        no active-directory device name

        no active-directory domain netbios name

        no active-directory domain

        no active-directory check user access

        active-directory check attribute MsNPAllowDialin

        firewall mode high

        soap-server

        soap-server port 448

        soap-server ssl

        soap-server ssl with client certificate

        no soap-server http authentication

        soap-server http authentication username

        soap-server http authentication password

        no dhcp relay circuit id

        no dhcp relay remote id

        # missing configuration token for  world-mode dot11 country code CODE (Argument 0)

        enable console password reset

        no service controller ap authentication enable

        no service controller ap authentication source file

        no service controller ap authentication source radius

        no service controller ap authentication source local

        service controller ap authentication refresh-rate  43200

        no service controller ap authentication credentials

        no service controller discovery

        no service controller primary

        service controller priority 1

        no service controller provisioning

        client data tunnel security key

        dhcp mode none

        dhcp server default lease period 3600

        dhcp server default permanent lease period 86400

        dhcp server default domain name hp.lan

        no snmp-server trap vpn-connection

        no access controller shared secret

        lldp run

        no lldp dynamic-name

        lldp dynamic-name refresh-time 30

        lldp dynamic-name user-string %RN-%RP-%SN

        lldp refresh-interval 30

        lldp holdtime-multiplier 5

        lldp fast-start-count 4

        no discovery protocol

        no discovery protocol device-id

        no dynamic key

        dynamic key interval 12h

        no dot1x reauth

        dot1x reauth period 1h

        no dot1x reauth terminate

        dot1x supplicant timeout 30

        dot1x radius accounting start delay 0

        no dhcp public ip subnet

        dhcp public ip default lease period 3600

        no rf-id aeroscout

        web access vpn

        no snmp-server access vpn

        snmp-server trap new-satellite-detected

        snmp-server trap satellite-unreachable

        no snmp-server trap device-state-change

        snmp-server trap device-authorization-failure

        snmp-server trap device-security-failure

        snmp-server trap device-firmware-failure

        snmp-server trap device-configuration-failure

        snmp-server trap service-controller-state

        no user tracking

        user tracking port 514

        no web allow all

        no web access interface all

        no ntp server all

        ntp server 1 0.colubris.pool.ntp.org

        ntp server 2 1.colubris.pool.ntp.org

        no snmp-server allow all

        no snmp-server access interface all

        no snmp-server trap destination all

        no soap-server allow all

        no soap-server access interface all

        no service controller discovery interface internet-port

        service controller discovery interface lan-port

        no mac lockout entry all

        access controller

            paypal user-id paypaluserid

            paypal password paypalpassword

            paypal signature paypalsignature

            authorize_net payment url https://test.authorize.net/gateway/transact.dll

            worldpay payment url https://select-test.worldpay.com/wcc/purchase

            no remember html users

            remember delay 43200

            no ads presentation

            ads presentation interval 1800

            no station free access

            no station http proxy support

            no station http proxy html authentication only support

            station idle detection 60 2

            no system accounting

            ads presentation with frameset

            local welcome-page

            no noc authentication

            no noc access internet

            no noc access vpn

            authentication http 8080

            authentication https 8090

            no secure login

            no sslv2 authentication

            no user-agent filtering

            no ipass name

            no ipass id

            no wispr logoff url

            no wispr login url

            no wispr abort login url

            use access-list factory

            no use access-list unauth

            no http proxy upstream

            no https ssl certificate

            no config file

            no login page

            no login url

            no transport page

            no session page

            no fail page

            no logo

            no messages

            no welcome url

            no goodbye url

            no login error url

            no noc ssl certificate

            no noc ssl ca-certificate

            no ipass login url

            no notify user location changes

            paypal api_url default

            no noc allow all

            no noc access interface all

            no access-list all

            access-list 1 factory,ACCEPT,all,*procurve.com,all

            access-list 2 factory,ACCEPT,all,*hp-ww.com,all

            access-list 3 factory,ACCEPT,all,*windowsupdate.com,all

            no mac-address all

            end

        session profile default

            no public ip subnet

            accounting interim update 0

            maximum input packets 0

            maximum output packets 0

            maximum total packets 0

            maximum input octets 0

            maximum output octets 0

            maximum total octets 0

            idle timeout 0

            session timeout 0

            no nat one-to-one

            no smtp redirection setup

            no smtp redirection

            end

        remote configuration radius

            no active

            no radius server profile

            no credentials

            interval 43200

            end

        vlan "Internet network"

            no pppoe client user

            ip address dhcp client-id CN24F2D3BC

            pppoe mtu 1492

            pppoe mru 1492

            pppoe auto-reconnect

            no pppoe unnumbered

            ip nat

            ip address mode dhcp

            # missing configuration token for  ip rip authentication mode (md5|text) (Argument 0)

            # missing configuration token for  no ip rip authentication mode (Argument 0)

            # missing configuration token for  ip rip authentication string SECRET (Argument 0)

            # missing configuration token for  no ip rip authentication string (Argument 0)

            # missing configuration token for  ip rip authentication key-chain NAME (Argument 0)

            # missing configuration token for  no ip rip authentication key-chain (Argument 0)

            no nat limit port range

            nat limit port range size 50

            end

        vlan "Access network"

            ip address 192.168.1.1/24

            ip address management 192.168.1.1/24

            end

        virtual ap "HP"

            ssid name HP

            guest-mode

            max-association 100

            encryption key format ascii

            no encryption key 1

            no encryption key 2

            no encryption key 3

            no encryption key 4

            transmit key 1

            dot1x authentication local

            no authentication server

            no wpa-psk

            no authentication server accounting

            no authentication server accounting radius profile

            no mac-filters local

            mac-filters mode block

            public forwarding any

            beacon dtim count 1

            active

            no beacon transmit power

            no broadcast filter

            no band steering

            qos diffsrv

            upstream diffserv tagging

            wmm advertising

            no location-aware group

            no layer3 mobility

            layer3 mobility hns method vlan

            layer3 mobility hns fallback method block

            no fast authentication

            mac authentication local

            no mac authentication remote

            no mac authentication radius profile

            no mac authentication request cui

            no force centralize data

            no identify stations by ip only

            no radius authentication realms

            no radius accounting realms

            no mac authentication accounting

            no mac authentication accounting radius profile

            no mac authentication

            no wireless filters

            wireless filters type gateway

            wireless filters mac 00:00:00:00:00:00

            no wireless filters mac 00:00:00:00:00:00

            bandwidth normal

            no bandwidth default rates

            bandwidth default rates maximum 1000 1000

            egress unauthenticated default

            egress authenticated default

            egress intercepted default

            no authentication server request cui

            dot1x session page

            no wpa terminate controller

            html authentication

            html authentication local

            no html authentication active-directory

            no html authentication radius

            no html authentication radius profile

            no html authentication accounting

            no html authentication accounting radius profile

            html authentication timeout 40

            no html authentication request radius cui

            # missing configuration token for  access lan stations (Argument 0)

            # missing configuration token for  no access lan stations (Argument 0)

            no html redirection

            no use local nas id

            location-aware called-station-id content mac

            no dhcp relay

            no dhcp relay circuit id

            no dhcp relay remote id

            no dhcp relay active

            no dhcp server gateway

            no dhcp server dns

            no dhcp server subnet

            no dhcp server

            no radius-framed-protocol-attribute

            no ingress interface all vlan

            no mac-filters all

            security none

            end

        dhcp server lan

            range 192.168.1.2 192.168.1.254

            gateway 192.168.1.1

            active

            end

        interface pptp client-default

            pptp client auto route discovery

            no pptp client lcp echo

            ip nat

            end

        logging destination "local"

            no message

            no process

            level higher warning

            level

            matches all filters

            end

        active-directory group "Default AC Active Directory group"

            no active

            no use access-controlled profile

            no use access-controlled virtual ap

            no use regular profile

            no use regular virtual ap

            egress vlan 0

            no use egress vlan

            end

        active-directory group "Default non AC Active Directory group"

            no active

            no use access-controlled profile

            no use access-controlled virtual ap

            no use regular profile

            no use regular virtual ap

            egress vlan 0

            no use egress vlan

            end

        snmp-server user "readonly"

            password ****

            security md5-des

            access level 0

            end

        snmp-server user "readwrite"

            password ****

            security md5-des

            access level 1

            end

        network profile "Internet network"

            name "Internet network"

            no vlan

            vlan 10

            end

        network profile "Access network"

            name "Access network"

            no vlan

            vlan 1

            default

            end

        LLDP config "sw00"

            basic-tlv-enable

            basic-tlv-enable port_desc

            basic-tlv-enable system_name

            basic-tlv-enable system_descr

            basic-tlv-enable system_cap

            no dot3-tlv-enable

            no medtlv-enable capabilities

            no medtlv-enable network-policy

            no medtlv-enable location-id

            no medtlv-enable poe

            med-application-type 0

            admin-status tx_rx

            end

        LLDP config "sw01"

            basic-tlv-enable

            basic-tlv-enable port_desc

            basic-tlv-enable system_name

            basic-tlv-enable system_descr

            basic-tlv-enable system_cap

            no dot3-tlv-enable

            no medtlv-enable capabilities

            no medtlv-enable network-policy

            no medtlv-enable location-id

            no medtlv-enable poe

            med-application-type 0

            admin-status tx_rx

            end

        LLDP config "sw02"

            basic-tlv-enable

            basic-tlv-enable port_desc

            basic-tlv-enable system_name

            basic-tlv-enable system_descr

            basic-tlv-enable system_cap

            no dot3-tlv-enable

            no medtlv-enable capabilities

            no medtlv-enable network-policy

            no medtlv-enable location-id

            no medtlv-enable poe

            med-application-type 0

            admin-status tx_rx

            end

        LLDP config "sw03"

            basic-tlv-enable

            basic-tlv-enable port_desc

            basic-tlv-enable system_name

            basic-tlv-enable system_descr

            basic-tlv-enable system_cap

            no dot3-tlv-enable

            no medtlv-enable capabilities

            no medtlv-enable network-policy

            no medtlv-enable location-id

            no medtlv-enable poe

            med-application-type 0

            admin-status tx_rx

            end

        LLDP config "sw04"

            basic-tlv-enable

            basic-tlv-enable port_desc

            basic-tlv-enable system_name

            basic-tlv-enable system_descr

            basic-tlv-enable system_cap

            no dot3-tlv-enable

            no medtlv-enable capabilities

            no medtlv-enable network-policy

            no medtlv-enable location-id

            no medtlv-enable poe

            med-application-type 0

            admin-status tx_rx

            end

        LLDP config "sw05"

            basic-tlv-enable

            basic-tlv-enable port_desc

            basic-tlv-enable system_name

            basic-tlv-enable system_descr

            basic-tlv-enable system_cap

            no dot3-tlv-enable

            no medtlv-enable capabilities

            no medtlv-enable network-policy

            no medtlv-enable location-id

            no medtlv-enable poe

            med-application-type 0

            admin-status tx_rx

            end

        end

quit

CLI(config)#

127.0.0.1 login:

0 Kudos
6 REPLIES 6
Emil_G
HPE Pro

тАО12-11-2020 09:07 AM

тАО12-11-2020 09:07 AM

Re: Unable to setup web client on new msm720

Hello

Please note that the default IP address 192.168.1.1 will only be accessible if you connect to any of the first 4 ports. Ports 5 and 6 are in another VLAN which is configured as DHCP client and doesnt have a static IP.

What exactly is possible to ping? You cannot ping the controller from the PC. Are you able to ping the PC from the controller? Or you can ping IP 192.168.1.1 from the controller? I am assuming that the PC has a static IP in the same subnet 192.168.1.0/24. Is your PC connected to the console port and an Ethernet port at the same time?

If you doing the reset with the reset button make sure that you are using the correct procedure. Here it is:

On the MSM720, use the end of a paper clip to press the reset button, then press and hold the
clear button for a few seconds until the front status lights blink three times.

The CLI command is "factory settigs" in config context.

If you cannot ping or connect via the default IP 192.168.1.1 on ports 1-4, you can try to connect port 5 or 6 to a network with a DHCP server (or install a small DHCP server application on your laptop), Then observ if the controller will obtain an IP and try to access it via this IP.

If you are able to establish ping to an IP interface of the controller but you cannot open the GUI and the browsers displays errors related to SSL/TLS please note that with this firmware version the controller probably still supports SSLv3 which is depracated and most of the current browser versions will not allow you to connect. You need to try to find an older browser version which supports SSLv3 and try with it.

 

I am an HPE employee

Accept or Kudo


0 Kudos
rc1970
Visitor

тАО12-11-2020 02:15 PM

тАО12-11-2020 02:15 PM

Re: Unable to setup web client on new msm720

Hello,

I am only able to ping 192.168.1.1 from the cli on the controller, it has never been able to ping the pc or the pc to the controller. I have tried all 4 ports I will look into the trunk ports next.

0 Kudos
rc1970
Visitor

тАО12-11-2020 06:34 PM

тАО12-11-2020 06:34 PM

Re: Unable to setup web client on new msm720

Hello,

Trunk ports will not get a dhcp address, not sure what direction to go now. Is it possible to load a new image from the command line?

0 Kudos
Emil_G
HPE Pro

тАО12-12-2020 12:01 AM

тАО12-12-2020 12:01 AM

Re: Unable to setup web client on new msm720

Hello

You can load a new image putting the controller in TFTP mode and using TFTP. But this also requires IP connectivity. Anfdif you have CLI access via console this means that your image is actually working properly.

You can find here a good description of the procedure on how to install a new startup image via TFTP here. Please pay attention about the specifics for MSM720. The startup file is not available on the public web page and you need to contact the support and ask for it if you are entitled to support.

https://community.hpe.com/t5/M-and-MSM-Series/Installing-firmware-msm460/td-p/7093295#.X9R10thKjcs

 I think you should first determine why you dont have IP connectivity. Please first try a ping from your PC when you are connected to one of the ports 1 to 4. Make sure that you have a static IP on the NIC in the IP subnet 192.168.1.0/24  except the first one 192.168.1.1, for example take 192.168.1.2/24 and configure 192.168.1.1 as default gateway and DNS server. Check if the LEDs of the port go on. The Link LED should be solid green and the Mode LED should blink if there is activity. If the LEDs dont go on, try a different cable, check if your NIC is enabled. Try some of the other ports. If nothing helps try a different PC.

Send several pings and if it is failing note what message exactly you see, is it a request time out, network unreachable , host unreachable or something else. Check with arp -a if your PC was able to resolve the IP to a MAC address. Delete the arp cache with arp -d and try again. If your PC has multiple active NICs ping by specifying a source IP. Disable all other NICs except the one connected to the controller.

 

I am an HPE employee

Accept or Kudo


0 Kudos
rc1970
Visitor

тАО12-12-2020 07:15 AM

тАО12-12-2020 07:15 AM

Re: Unable to setup web client on new msm720

Here is what a ping to the controller reply is from 2 different pc's:

Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.50: Destination host unreachable.
Reply from 192.168.1.50: Destination host unreachable.
Reply from 192.168.1.50: Destination host unreachable.
Reply from 192.168.1.50: Destination host unreachable.

 

Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.140: Destination host unreachable.
Reply from 192.168.1.140: Destination host unreachable.
Reply from 192.168.1.140: Destination host unreachable.
Reply from 192.168.1.140: Destination host unreachable.

 

 

0 Kudos
Emil_G
HPE Pro

тАО12-14-2020 12:33 AM

тАО12-14-2020 12:33 AM

Re: Unable to setup web client on new msm720

Hello

Thanks for your responses!

Destination host unreachable means that the controller doesnt answer ARP requests. If you are resetting the controller to factory defaults as explained above, you should have communication with the default IP 192.168.1.1.  I think you should contact your local support, request the cim.startup image for MSM720 and perform the TFTP image upload that I mentioned in my previous post.

I am an HPE employee

Accept or Kudo


0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.