Overview
I’m setting up 2 data centers with 2 HP 1920 24 port switches. These switches need to server more than one LAN (1) which makes VLAN-configuration necessary. Having one Switch in each DC brings the need to have some switch-interconnect to spread the VLANs over both switches as single broadcast domains. As i do not find the web interface very straight forward i’m more and more switching to the cmd-line.
Approach
Network connect and primary web login
Both switches are linked to my private (non lab) home switch. This private home switch has no VLAN. DHCP is enabled. The MAC-addresses of the two HP-switches are reserved on the DHCP-server so they do not change anymore.
Note:
There is a drawback with my wiring approach: Having both switches being connected to the private home switch makes the lab switches connected with each other as well. When setting up the switch interconnect this builds a loop. This loop needs to be interrupted to grant network functionality. This is done by some means i did not look into and this prevents the interconnect from working.
I’m sure you can set this up so that everything works as expected, but i rather leave that for later. For today i just unplugged one connection towards the private home switch.
I logged in through the web interface with
Username: admin Password: none
First thing to do is to switch the password: Device->Users->Modify
click on the “admin” entry, check “Password Modify” and enter a password in both fields, click “Apply”.
Connect via console cable
As mentioned in the note above, i could not connect both switches via ethernet to my private home switch. To administer the switch somehow i connected it to the serial port of my management host “jump”. To connect i call:
[root@jump ~]# screen /dev/ttyS0 38400,cs8,-parenb,-cstopb,-hupcl
This only gives a text console, which is not meant for administration (officially).
To get out of the screen session i keep Ctrl pressed and then press a d
<ctrl>a<ctrl>d
This detaches your terminal from screen. You can reattach or kill afterwards:
screen -ls
screen -r 5207 -X kill
Enable ssh configuration
I started managing everything through the web interface, which seems the recommended way. This somehow does not scale and is difficult to document. I prefer a CLI.
In: Network-Service
check “Enable SSH service”, “Enable SFTP service”, “Enable HTTPS service”
click “Apply”
In: Authentication->Users
click the “modify” symbol on the right hand side of the “admin” line entry.
check service type “SSH” – leave the rest unchanged and press “Apply”
This should allow you to login to the switch via ssh:
mschreie@mschreie ~]$ ssh admin@192.168.188.137 admin@192.168.188.137's password: X11 forwarding request failed on channel 0 ****************************************************************************** * Copyright (c) 2010-2015 Hewlett-Packard Development Company, L.P. * * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * ****************************************************************************** <HP 1920G Switch left>? User view commands: initialize Delete the startup configuration file and reboot system ipsetup Assign an IP address to VLAN-interface 1 password Specify password of local user ping Ping function quit Exit from current command view reboot Reboot system/board/card summary Display summary information of the device. telnet Establish one TELNET connection upgrade Upgrade the system boot file or the Boot ROM program <HP 1920G Switch left>
As you can see only very view commands are available on the command line. You need to switch on the command line mode with “_cmdline-mode on”. This needs a password. I think the password is “512900” for HP 1910 switches. For my HP 1920 switch “Jinhua1920unauthorized” worked fine. I found that information on [1].
<HP 1920G Switch left>_cmdline-mode on All commands can be displayed and executed. Continue? [Y/N]y Please input password:********************** Warning: Now you enter an all-command mode for developer's testing, some commands may affect operation by wrong use, please carefully use it with our engineer's direction. <HP 1920G Switch left>? User view commands: archive Specify archive settings backup Backup next startup-configuration file to TFTP server boot-loader Set boot loader bootrom Update/read/backup/restore bootrom cd Change current directory clock Specify the system clock cluster Run cluster command copy Copy from one file to another crypto-digest Compute the hash digest for a specified file debugging Enable system debugging functions delete Delete a file dir List files on a file system display Display current system information fixdisk Recover lost chains in storage device format Format the device free Clear user terminal interface ftp Open FTP connection initialize Delete the startup configuration file and reboot system ipc Interprocess communication ipsetup Assign an IP address to VLAN-interface 1 ---- More ----
To change some configuration you need to switch in super-user/manager mode and further turn to system-view.
<HP 1920G Switch left>super User privilege level is 3, and only those commands can be used whose level is equal or less than this. Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE <HP 1920G Switch left>system-view System View: return to User View with Ctrl+Z. [HP 1920G Switch left]
For ease of cut&paste i put what i need to get configuration access here:
mschreie@mschreie ~]$ ssh admin@192.168.188.137 <admin-password> _cmdline-mode on y Jinhua1920unauthorized super system-view
Final configuration
The configuration of my switches changes (and hopefully improves) over time, so this might not be the really last config. But it gives some idea:
<HP 1920G Switch left>display current-configuration # version 5.20.99, Release 1110 # sysname HP 1920G Switch left # clock timezone Amsterdam add 01:00:00 # domain default enable system # ipv6 # telnet server enable # password-recovery enable # vlan 1 # vlan 10 description mgt # vlan 20 description storage # domain system access-limit disable state active idle-cut disable self-service-url disable # user-group system group-attribute allow-guest # local-user admin password cipher $c$3$6Ojdfi3Txy+22NDqDTpeoeVIKX5CWpNsQuuVew== authorization-attribute level 3 service-type ssh telnet terminal service-type web # stp mode rstp stp enable # interface Bridge-Aggregation1 port link-type hybrid port hybrid vlan 10 20 tagged port hybrid vlan 1 untagged link-aggregation mode dynamic # interface NULL0 # interface Vlan-interface1 ip address dhcp-alloc # interface GigabitEthernet1/0/1 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/2 port link-type hybrid port hybrid vlan 10 20 tagged port hybrid vlan 1 untagged port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/3 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/4 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/5 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/6 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/7 port link-type hybrid port hybrid vlan 10 20 tagged port hybrid vlan 1 untagged port auto-power-down stp edged-port enable port link-aggregation group 1 # interface GigabitEthernet1/0/8 port link-type hybrid port hybrid vlan 10 20 tagged port hybrid vlan 1 untagged port auto-power-down stp edged-port enable port link-aggregation group 1 # interface GigabitEthernet1/0/9 port access vlan 10 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/10 port access vlan 20 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/11 port access vlan 10 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/12 port access vlan 20 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/13 port access vlan 10 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/14 port access vlan 20 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/15 port access vlan 10 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/16 port access vlan 20 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/17 port access vlan 10 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/18 port access vlan 20 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/19 port access vlan 10 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/20 port access vlan 20 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/21 port access vlan 10 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/22 port access vlan 20 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/23 port access vlan 10 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/24 port access vlan 20 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/25 stp edged-port enable # interface GigabitEthernet1/0/26 stp edged-port enable # interface GigabitEthernet1/0/27 stp edged-port enable # interface GigabitEthernet1/0/28 stp edged-port enable # undo info-center logfile enable # snmp-agent snmp-agent local-engineid 383030303633413236353133453846373234354433333832 snmp-agent sys-info version v3 # ntp-service source-interface Vlan-interface1 ntp-service unicast-server 104.156.99.226 ntp-service unicast-server 107.170.224.8 # ssh server enable sftp server enable # ip https enable # load xml-configuration # user-interface aux 0 authentication-mode scheme user-interface vty 0 15 authentication-mode scheme # return <HP 1920G Switch left>
and
<HP 1920G Switch right>display current-configuration # version 5.20.99, Release 1107 # sysname HP 1920G Switch right # clock timezone Amsterdam add 01:00:00 # super password level 3 cipher $c$3$KOGgTEZKGZOW0iXf+G4AkHDoUPTJq83sAIrHJA== # domain default enable system # ipv6 # telnet server enable # password-recovery enable # vlan 1 # vlan 10 description mgt # vlan 20 description storage # domain system access-limit disable state active idle-cut disable self-service-url disable # user-group system group-attribute allow-guest # local-user admin password cipher $c$3$0xna5RW+AwgSB5doUldDjbz4fSvZBVVXvqbqvA== authorization-attribute level 3 service-type ssh telnet terminal service-type web # stp mode rstp stp enable # interface Bridge-Aggregation1 port link-type hybrid port hybrid vlan 10 20 tagged port hybrid vlan 1 untagged link-aggregation mode dynamic # interface NULL0 # interface Vlan-interface1 ip address dhcp-alloc # interface GigabitEthernet1/0/1 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/2 port link-type hybrid port hybrid vlan 10 20 tagged port hybrid vlan 1 untagged port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/3 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/4 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/5 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/6 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/7 port link-type hybrid port hybrid vlan 10 20 tagged port hybrid vlan 1 untagged port auto-power-down stp edged-port enable port link-aggregation group 1 # interface GigabitEthernet1/0/8 port link-type hybrid port hybrid vlan 10 20 tagged port hybrid vlan 1 untagged port auto-power-down stp edged-port enable port link-aggregation group 1 # interface GigabitEthernet1/0/9 port access vlan 10 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/10 port access vlan 20 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/11 port access vlan 10 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/12 port access vlan 20 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/13 port access vlan 10 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/14 port access vlan 20 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/15 port access vlan 10 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/16 port access vlan 20 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/17 port access vlan 10 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/18 port access vlan 20 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/19 port access vlan 10 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/20 port access vlan 20 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/21 port access vlan 10 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/22 port access vlan 20 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/23 port access vlan 10 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/24 port access vlan 20 port auto-power-down stp edged-port enable # interface GigabitEthernet1/0/25 stp edged-port enable # interface GigabitEthernet1/0/26 stp edged-port enable # interface GigabitEthernet1/0/27 stp edged-port enable # interface GigabitEthernet1/0/28 stp edged-port enable # snmp-agent snmp-agent local-engineid 383030303633413236353133354338413338394545353732 snmp-agent sys-info version v3 # ntp-service source-interface Vlan-interface1 ntp-service unicast-server 104.156.99.226 ntp-service unicast-server 107.170.224.8 # ssh server enable sftp server enable # ip https enable # load xml-configuration # user-interface aux 0 authentication-mode scheme user-interface vty 0 15 authentication-mode scheme # return <HP 1920G Switch right>
Conclusion
HP tries to lock the owner of HP 1920 switches away from the CLI. I found a way to utilize the CLI anyway. If you do not build networking loops, the configuration of VLANs and/or LACP turns out to be straight forward and easy to achieve.
Note (1): These LANs would most probably be separated on different HW to assure bandwidth. For my test environment i’m happy to have them logically separated.
[1] https://www.reddit.com/r/networking/comments/2nl4g9/hp_1920_cmdlinemode_password/
Thank you very much sir
LikeLike
You are very welcome.
LikeLike
Sir, i have a same model hp 1920 24-ports, when i give password Jinhua1920unauthorized for _cmdline-mode, the password is invalid, even i try my gui interface password also. What can i do?
LikeLike
Dear pawandeepsingh,
i’m sorry to read the password does not work for you. Maybe your modell is somehow newer/older? Maybe you might try to follow the ideas outlined on the blog i got the password from (see link in the text)? There are some more codes to try – not sure how valid they are though. Maybe there are some newer posts to be found elsewhere by now?
I’m afraid this is not very concreate though. I hope you work that out. May i ask you to add your findings, here, when you did find how to. move forward?
I’m pressing thumbs,
Markus
LikeLike
Thanks for the information. I tried to configure a schedule reboot on weekends from ssh but I haven´t found the correct command, can you help me, please?
LikeLike
Hi Ocnogla,
in any case you can add a remote switchable power supply and just cut off power for a couple of seconds.
I’ve found the option to reboot in the Web-UI documentatio “Diagnostics > Reboot Switch”. Having found that, mybe we find similar in the cmd-line interface as well. Then the only other way is to search through cmd-line tooling, maybe via try out, maybe some inline documentation exists.
Please excuse, that this is not a “great” help.
BR
Markus
LikeLike
Hi,
Thanks for the idea. I will take a look.
LikeLike