Overview

I’m setting up 2 data centers with 2 HP 1920 24 port switches. These switches need to server more than one LAN (1) which makes VLAN-configuration necessary. Having one Switch in each DC brings the need to have some switch-interconnect to spread the VLANs over both switches as single broadcast domains. As i do not find the web interface very straight forward i’m more and more switching to the cmd-line.

Approach

Network connect and primary web login

Both switches are linked to my private (non lab) home switch. This private home switch has no VLAN. DHCP is enabled. The MAC-addresses of the two HP-switches are reserved on the DHCP-server so they do not change anymore.

Note:
There is a drawback with my wiring approach: Having both switches being connected to the private home switch makes the lab switches connected with each other as well. When setting up the switch interconnect this builds a loop. This loop needs to be interrupted to grant network functionality. This is done  by some means i did not look into and this prevents the interconnect from working.
I’m sure you can set this up so that everything works as expected, but i rather leave that for later. For today i just unplugged one connection towards the private home switch.

I logged in through the web interface with

Username: admin
Password: none

First thing to do is to switch the password: Device->Users->Modify

click on the “admin” entry, check “Password Modify” and enter a password in both fields, click “Apply”.

Connect via console cable

As mentioned in the note above, i could not connect both switches via ethernet to my private home switch. To administer the switch somehow i connected it to the serial port of my management host “jump”. To connect i call:

[root@jump ~]# screen /dev/ttyS0 38400,cs8,-parenb,-cstopb,-hupcl

This only gives a text console, which is not meant for administration (officially).

To get out of the screen session i keep Ctrl pressed and then press a d

<ctrl>a<ctrl>d

This detaches your terminal from screen. You can reattach or kill afterwards:

screen -ls
screen -r 5207 -X kill

Enable ssh configuration

I started managing everything through the web interface, which seems the recommended way. This somehow does not scale and is difficult to document. I prefer a CLI.

In: Network-Service

check “Enable SSH service”, “Enable SFTP service”, “Enable HTTPS service”

click “Apply”

In: Authentication->Users

click the “modify” symbol on the right hand side of the “admin” line entry.

check service type  “SSH” – leave the rest unchanged and press “Apply”

This should allow you to login to the switch via ssh:

mschreie@mschreie ~]$ ssh admin@192.168.188.137
 admin@192.168.188.137's password:
 X11 forwarding request failed on channel 0

******************************************************************************
 * Copyright (c) 2010-2015 Hewlett-Packard Development Company, L.P. *
 * Without the owner's prior written consent, *
 * no decompiling or reverse-engineering shall be allowed. *
 ******************************************************************************

<HP 1920G Switch left>?
 User view commands:
 initialize Delete the startup configuration file and reboot system
 ipsetup    Assign an IP address to VLAN-interface 1
 password   Specify password of local user
 ping       Ping function
 quit       Exit from current command view
 reboot     Reboot system/board/card
 summary    Display summary information of the device.
 telnet     Establish one TELNET connection
 upgrade    Upgrade the system boot file or the Boot ROM program
 <HP 1920G Switch left>

As you can see only very view commands are available on the command line. You need to switch on the command line mode with “_cmdline-mode on”. This needs a password. I think  the password is “512900” for HP 1910 switches. For my HP 1920 switch “Jinhua1920unauthorized” worked fine. I found that information on [1].

<HP 1920G Switch left>_cmdline-mode on
All commands can be displayed and executed. Continue? [Y/N]y
Please input password:**********************
Warning: Now you enter an all-command mode for developer's testing, some
commands may affect operation by wrong use, please carefully use it with
our engineer's direction.
<HP 1920G Switch left>?
User view commands:
 archive        Specify archive settings
 backup         Backup next startup-configuration file to TFTP server
 boot-loader    Set boot loader
 bootrom        Update/read/backup/restore bootrom
 cd             Change current directory 
 clock          Specify the system clock
 cluster        Run cluster command
 copy           Copy from one file to another 
 crypto-digest  Compute the hash digest for a specified file
 debugging      Enable system debugging functions
 delete         Delete a file 
 dir            List files on a file system 
 display        Display current system information
 fixdisk        Recover lost chains in storage device
 format         Format the device
 free           Clear user terminal interface
 ftp            Open FTP connection 
 initialize     Delete the startup configuration file and reboot system
 ipc            Interprocess communication
 ipsetup        Assign an IP address to VLAN-interface 1 
---- More ----

To change some configuration you need to switch in super-user/manager mode and further turn to system-view.

<HP 1920G Switch left>super
User privilege level is 3, and only those commands can be used 
whose level is equal or less than this.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE
<HP 1920G Switch left>system-view 


System View: return to User View with Ctrl+Z.
[HP 1920G Switch left]

For ease of cut&paste i put what i need to get configuration access here:

mschreie@mschreie ~]$ ssh admin@192.168.188.137
<admin-password>
_cmdline-mode on
y
Jinhua1920unauthorized
super
system-view

Final configuration

The configuration of my switches changes (and hopefully improves) over time, so this might not be the really last config. But it gives some idea:

<HP 1920G Switch left>display current-configuration
#
 version 5.20.99, Release 1110
#
 sysname HP 1920G Switch left
#
 clock timezone Amsterdam add 01:00:00
#
 domain default enable system
#
 ipv6
#
 telnet server enable
#
 password-recovery enable
#
vlan 1
#
vlan 10
 description mgt
#
vlan 20
 description storage
#
domain system 
 access-limit disable
 state active 
 idle-cut disable
 self-service-url disable
# 
user-group system
 group-attribute allow-guest
# 
local-user admin
 password cipher $c$3$6Ojdfi3Txy+22NDqDTpeoeVIKX5CWpNsQuuVew==
 authorization-attribute level 3
 service-type ssh telnet terminal
 service-type web
# 
 stp mode rstp 
 stp enable 
# 
interface Bridge-Aggregation1
 port link-type hybrid
 port hybrid vlan 10 20 tagged
 port hybrid vlan 1 untagged
 link-aggregation mode dynamic
#
interface NULL0
#
interface Vlan-interface1
 ip address dhcp-alloc
#
interface GigabitEthernet1/0/1
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/2
 port link-type hybrid
 port hybrid vlan 10 20 tagged
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/3
 port auto-power-down
 stp edged-port enable
# 
interface GigabitEthernet1/0/4
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/5
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/6
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/7
 port link-type hybrid
 port hybrid vlan 10 20 tagged
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
 port link-aggregation group 1
#
interface GigabitEthernet1/0/8
 port link-type hybrid
 port hybrid vlan 10 20 tagged
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
 port link-aggregation group 1
#
interface GigabitEthernet1/0/9
 port access vlan 10
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/10
 port access vlan 20
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/11
 port access vlan 10
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/12
 port access vlan 20
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/13
 port access vlan 10
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/14
 port access vlan 20
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/15
 port access vlan 10
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/16
 port access vlan 20
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/17
 port access vlan 10
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/18
 port access vlan 20
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/19
 port access vlan 10
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/20
 port access vlan 20
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/21
 port access vlan 10
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/22
 port access vlan 20
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/23
 port access vlan 10
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/24
 port access vlan 20
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/25
 stp edged-port enable
#
interface GigabitEthernet1/0/26
 stp edged-port enable
#
interface GigabitEthernet1/0/27
 stp edged-port enable
#
interface GigabitEthernet1/0/28
 stp edged-port enable
#
 undo info-center logfile enable
#
 snmp-agent
 snmp-agent local-engineid 383030303633413236353133453846373234354433333832
 snmp-agent sys-info version v3
#
 ntp-service source-interface Vlan-interface1
 ntp-service unicast-server 104.156.99.226
 ntp-service unicast-server 107.170.224.8
#
 ssh server enable
 sftp server enable
#
 ip https enable
#
 load xml-configuration
#
user-interface aux 0
 authentication-mode scheme
user-interface vty 0 15
 authentication-mode scheme
#
return
<HP 1920G Switch left>

and

<HP 1920G Switch right>display current-configuration
#
 version 5.20.99, Release 1107
#
 sysname HP 1920G Switch right
#
 clock timezone Amsterdam add 01:00:00
#
 super password level 3 cipher $c$3$KOGgTEZKGZOW0iXf+G4AkHDoUPTJq83sAIrHJA==
#
 domain default enable system
#
 ipv6
#
 telnet server enable
#
 password-recovery enable
#
vlan 1
#
vlan 10
 description mgt
#
vlan 20
 description storage
#
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
user-group system
 group-attribute allow-guest
#
local-user admin
 password cipher $c$3$0xna5RW+AwgSB5doUldDjbz4fSvZBVVXvqbqvA==
 authorization-attribute level 3
 service-type ssh telnet terminal
 service-type web
#
 stp mode rstp
 stp enable
#
interface Bridge-Aggregation1
 port link-type hybrid
 port hybrid vlan 10 20 tagged
 port hybrid vlan 1 untagged
 link-aggregation mode dynamic
#
interface NULL0
#
interface Vlan-interface1
 ip address dhcp-alloc
#
interface GigabitEthernet1/0/1
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/2
 port link-type hybrid
 port hybrid vlan 10 20 tagged
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/3
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/4
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/5
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/6
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/7
 port link-type hybrid
 port hybrid vlan 10 20 tagged
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
 port link-aggregation group 1
#
interface GigabitEthernet1/0/8
 port link-type hybrid
 port hybrid vlan 10 20 tagged
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
 port link-aggregation group 1
#
interface GigabitEthernet1/0/9
 port access vlan 10
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/10
 port access vlan 20
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/11
 port access vlan 10
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/12
 port access vlan 20
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/13
 port access vlan 10
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/14
 port access vlan 20
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/15
 port access vlan 10
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/16
 port access vlan 20
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/17
 port access vlan 10
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/18
 port access vlan 20
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/19
 port access vlan 10
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/20
 port access vlan 20
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/21
 port access vlan 10
 port auto-power-down
 stp edged-port enable
# 
interface GigabitEthernet1/0/22
 port access vlan 20
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/23
 port access vlan 10
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/24
 port access vlan 20
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/25
 stp edged-port enable
#
interface GigabitEthernet1/0/26
 stp edged-port enable
#
interface GigabitEthernet1/0/27
 stp edged-port enable
#
interface GigabitEthernet1/0/28
 stp edged-port enable
#
 snmp-agent
 snmp-agent local-engineid 383030303633413236353133354338413338394545353732
 snmp-agent sys-info version v3
#
 ntp-service source-interface Vlan-interface1
 ntp-service unicast-server 104.156.99.226
 ntp-service unicast-server 107.170.224.8
#
 ssh server enable
 sftp server enable
#
 ip https enable
#
 load xml-configuration
#
user-interface aux 0
 authentication-mode scheme
user-interface vty 0 15
 authentication-mode scheme
#
return
<HP 1920G Switch right>

 

Conclusion

HP tries to lock the owner of HP 1920 switches away from the CLI. I found a way to utilize the CLI anyway. If you do not build networking loops, the configuration of VLANs and/or LACP turns out to be straight forward and easy to achieve.

 

Note (1): These LANs would most probably be separated on different HW to assure bandwidth. For my test environment i’m happy to have them logically separated.

[1] https://www.reddit.com/r/networking/comments/2nl4g9/hp_1920_cmdlinemode_password/