Difference between revisions of "Aruba S3500 Ethernet switches"

From FnordWiki
Jump to navigation Jump to search
Line 133: Line 133:
   
 
=== Set the switch's name ===
  
=== Set the switch's name ===
(ArubaS3500-48P-US) #configure terminal
+
(ArubaS3500-48P-US) #'''configure terminal'''
 
Enter Configuration commands, one per line. End with CNTL/Z
  
Enter Configuration commands, one per line. End with CNTL/Z
 
 
(ArubaS3500-48P-US) (config) #hostname aruba-s3500-48p-0
 +
(ArubaS3500-48P-US) (config) #'''hostname aruba-s3500-48p-0'''
(aruba-s3500-48p-0) (config) #
 +
(aruba-s3500-48p-0) (config) #'''exit'''
(aruba-s3500-48p-0) #write memory
+
(aruba-s3500-48p-0) #'''write memory'''
 
Saving Configuration...
  
Saving Configuration...
 
 
Line 146: Line 146:
 
(aruba-s3500-48p-0) #
  
(aruba-s3500-48p-0) #
 
See the nifty change of prompt there?
  
See the nifty change of prompt there?
  +
== Profiles? Aren't those racist? ==
  +
The ArubaOS "profile" concept is used to configure nearly everything about the ports, VLANs, security, and a everything else the switch can do. It seems very useful -- encapsulate assorted settings in profiles and assign them where they are needed. We'll be using them extensively below.
  +
  +
== Basic switching things ==
  +
=== Port speed settings ===
  +
These are configured with profiles. I mentioned that would come up, I think. Best to just demonstrate instead of being an exhaustive reference manual. Physical port parameters are set with the <code>enet-link-profile</code>. If we wanted a 10baseT only switch port, we could do something like this:
  +
(aruba-s3500-48p-0) #'''configure terminal'''
  +
Enter Configuration commands, one per line. End with CNTL/Z
  +
  +
(aruba-s3500-48p-0) (config) #'''interface-profile enet-link-profile tenmbitsonly'''
  +
  +
(aruba-s3500-48p-0) (Ethernet Link "tenmbitsonly") #'''duplex half'''
  +
(aruba-s3500-48p-0) (Ethernet Link "tenmbitsonly") #'''speed 10'''
  +
(aruba-s3500-48p-0) (Ethernet Link "tenmbitsonly") #'''flowcontrol off'''
  +
(aruba-s3500-48p-0) (Ethernet Link "tenmbitsonly") #'''no autonegotiation'''
  +
(aruba-s3500-48p-0) (Ethernet Link "tenmbitsonly") #'''exit'''
  +
(aruba-s3500-48p-0) (config) #'''exit'''
  +
(aruba-s3500-48p-0) #'''show interface-profile enet-link-profile tenmbitsonly'''
  +
  +
Ethernet Link "tenmbitsonly" (N/A)
  +
----------------------------------
  +
Parameter Value
  +
--------- -----
  +
Speed 10
  +
Duplex half
  +
Autonegotiation Disabled
  +
Flowcontrol off
  +
  +
(aruba-s3500-48p-0) #
  +
to create the profile. This is a 10baseT only profile. No flow control. Half duplex. No negotiating with the other end.
  +
Apply it to interface 0/0/10 like so:
  +
(aruba-s3500-48p-0) #'''configure terminal '''
  +
(aruba-s3500-48p-0) (config) # '''interface gigabitethernet 0/0/10'''
  +
(aruba-s3500-48p-0) (gigabitethernet "0/0/10") #'''enet-link-profile tenmbitsonly'''
  +
(aruba-s3500-48p-0) (gigabitethernet "0/0/10") #'''exit'''
  +
(aruba-s3500-48p-0) (config) #'''exit'''
  +
(aruba-s3500-48p-0) #
  +
And we can see how it's being applied to port 0/0/10 like so:
  +
(aruba-s3500-48p-0) #'''show interface-config gigabitethernet 0/0/10'''
  +
  +
gigabitethernet "0/0/10"
  +
------------------------
  +
Parameter Value Config Derivation
  +
--------- ----- -----------------
  +
Interface MSTP Profile default default
  +
Interface Rapid PVST Profile default default
  +
Interface GVRP Profile N/A gigabitethernet0/0/10
  +
Interface Tunneled Node Profile N/A gigabitethernet0/0/10
  +
Interface VOIP Profile N/A gigabitethernet0/0/10
  +
Interface LLDP Profile lldp-factory-initial default
  +
Interface PoE Profile poe-factory-initial default
  +
'''Interface Ethernet Link Profile tenmbitsonly gigabitethernet0/0/10'''
  +
Interface OAM Profile N/A gigabitethernet0/0/10
  +
Interface LACP Profile N/A gigabitethernet0/0/10
  +
Interface QoS Profile N/A gigabitethernet0/0/10
  +
Interface Policer Profile N/A gigabitethernet0/0/10
  +
Interface AAA Profile N/A gigabitethernet0/0/10
  +
Interface Shutdown Disabled default
  +
Interface MTU 1514 default
  +
Interface Ingress ACL N/A gigabitethernet0/0/10
  +
Interface Egress ACL N/A gigabitethernet0/0/10
  +
Interface QoS Trust Mode aruba-device default
  +
Interface Description N/A default
  +
Interface Switching Profile default default
  +
Interface Security Profile N/A gigabitethernet0/0/10
  +
Ingress Port Mirroring Profile N/A gigabitethernet0/0/10
  +
Egress Port Mirroring Profile N/A gigabitethernet0/0/10
  +
Static IGMP Multicast Router port for the VLANs 0 default
  +
Static MLD Multicast Router port for the VLANs 0 default
  +
Interface Trusted Mode Enabled default
  +
HSL backup interface N/A gigabitethernet0/0/10
  +
HSL preemption mode Off default
  +
HSL preemption delay 100 default
  +
  +
(aruba-s3500-48p-0) #
  +
  +
== VLANs and spanning trees and things like that, oh my! ==

Revision as of 16:15, 24 June 2018

Aruba S3500 Mobility Access switches are cool:

  • Dual power supply
  • Decent free firmware access
  • Good POE support
  • Reasonably quiet
  • Stackable
  • 2x 10Gbits/sec SFP+ ports available after stacking
  • Generic fs.com DACs work splendidly
  • Nifty profile-based configuration
  • Takes Cisco pinout console cables
  • 48 1000baseT ports (no robbing the modular connector ports to make the SFP ports go)
  • Fully featured OS that doesn't require licensing of nifty features
  • Dedicated management network interface located at rear of chassis.

Less than perfect, but totally livable things about these switches:

  • It's not a whitebox switch. Must run factory firmware. (Maybe next time. Maybe...)
  • Stacking is not super amaze balls fast between switches at 2x 10Gbits/sec, full duplex. That should not be a problem as the idea is more that this extends the 10 and 40 Gbits/sec network core out to 1000baseT land. So hopefully not a huge issue.

I got a brand new switch. How do get access?

https://community.arubanetworks.com/t5/Wireless-Access/Aruba-S3500-password-recovery/td-p/31922 says to do this on the console: 

User:password
Password:forgetme!
(aruba) >enable
Password:enable
(aruba) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(aruba) (config) #mgmt-user admin root Password: TheNewAdminPassw0rd
Re-Type password:TheNewAdminPassw0rd
(aruba) (config) #exit
(aruba) #exit
(aruba) >exit

User:admin
Password:TheNewAdminPassw0rd
(aruba) >enable
Password:enable
(aruba) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(aruba) (config) #enable secret
Password:TheNewEnableSecr3t
Re-Type password:TheNewEnableSecr3t
(aruba) (config) #exit
(aruba) #write memory
(aruba) #

(It very correctly does not work over the network. Serial console port only. It's in the back.)

It is also possible to wipe the switch's config using the front panel menus.

Yay! I'm in. How do I wipe the config?

It's not hard, I promise. 

User: admin
Password: *******
(foo) >enable
Password:******
(foo) #write erasecmp: /mswitch/commands/corvina.cfg: No such file or directory

All the configuration will be deleted. Press 'y' to proceed :y
Write Erase successful

(foo) #

"Corvina" seems to be the internal product name for this model. Reboot the switch and it will mostly be cleared of any config that has been set. If that is not wiped enough, try 

(foo) #write erase all cmp: /mswitch/commands/corvina.cfg: No such file or directory

Switch configuration and databases will be erased. The stacking database will not be erased, use
'restore factory_default stacking' for full factory default. Press 'y' to proceed :y
Write Erase successful

(foo) #

And if there's stacking config that needs to be wiped, too, bring in the 8 inch gun: 

(foo) #restore factory_default stacking  

All configuration and stack settings will be restored to
factory default on this member after reload.
Press 'y' to proceed with reload: [y/n]: y
System will now restart

And wait for it to start again. Stacking and all other config will have been wiped when it starts up again.

Default credentials and stuffs

Default management user is admin with a password of admin123. The default enable secret is enable.

I'm completely defaulted, fresh and clean, and ready to start the day. What do we do next?

Let's get network manageable! Network manageable! Let's get into network manageable!

(Olivia Newton John song) The twisted pair copper Ethernet port on the back of the switch is know as "MGMT" in the switch OS. Configuration is not too surprising: 

(ArubaS3500-48P-US) #configure terminal 
Enter Configuration commands, one per line. End with CNTL/Z

(ArubaS3500-48P-US) (config) #interface mgmt 
(ArubaS3500-48P-US) (mgmt) #ip address 172.16.0.72 255.255.255.0
(ArubaS3500-48P-US) (mgmt) #exit
(ArubaS3500-48P-US) (config) #exit
(ArubaS3500-48P-US) #write memory
Saving Configuration...

Save failed: Admin password same as default password
Use "mgmt-user admin" command in configuration mode to change the admin password.

(ArubaS3500-48P-US) #

Denied! Admin user's password must be changed before config can be saved. So...

Changing admin user's password

(ArubaS3500-48P-US) (config) #mgmt-user admin root 
Password:********
Re-Type password:********
(ArubaS3500-48P-US) (config) #exit
(ArubaS3500-48P-US) #write memory 
Saving Configuration...


Configuration Saved.

(ArubaS3500-48P-US) #

Network managability. Take two.

The twisted pair copper Ethernet port on the back of the switch is known as "MGMT" in the switch OS. Configuration is not too surprising: 

(ArubaS3500-48P-US) #configure terminal 
Enter Configuration commands, one per line. End with CNTL/Z

(ArubaS3500-48P-US) (config) #interface mgmt 

(ArubaS3500-48P-US) (mgmt) #ip address 172.16.0.72 255.255.255.0 
(ArubaS3500-48P-US) (mgmt) #exit
(ArubaS3500-48P-US) (config) #exit
(ArubaS3500-48P-US) #write memory 
(ArubaS3500-48P-US) #

And now an SSH client can connect to 172.16.0.72 as user admin with the password set above. Note that there is no route to another IPv4 subnet. So, must be inside the same address space.

And there's a web UI, too

Point browser to MGMT's IP address and enjoy the loveli lakes, the wonderful telephone system, mani interesting furry animals, the majestic moose...

Sorry. Enjoy the better than average web interface.

Set the switch's name

(ArubaS3500-48P-US) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z

(ArubaS3500-48P-US) (config) #hostname aruba-s3500-48p-0
(aruba-s3500-48p-0) (config) #exit
(aruba-s3500-48p-0) #write memory
Saving Configuration...


Configuration Saved.

(aruba-s3500-48p-0) #

See the nifty change of prompt there?

Profiles? Aren't those racist?

The ArubaOS "profile" concept is used to configure nearly everything about the ports, VLANs, security, and a everything else the switch can do. It seems very useful -- encapsulate assorted settings in profiles and assign them where they are needed. We'll be using them extensively below.

Basic switching things

Port speed settings

These are configured with profiles. I mentioned that would come up, I think. Best to just demonstrate instead of being an exhaustive reference manual. Physical port parameters are set with the enet-link-profile. If we wanted a 10baseT only switch port, we could do something like this: 

(aruba-s3500-48p-0) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z

(aruba-s3500-48p-0) (config) #interface-profile enet-link-profile tenmbitsonly

(aruba-s3500-48p-0) (Ethernet Link "tenmbitsonly") #duplex half
(aruba-s3500-48p-0) (Ethernet Link "tenmbitsonly") #speed 10
(aruba-s3500-48p-0) (Ethernet Link "tenmbitsonly") #flowcontrol off
(aruba-s3500-48p-0) (Ethernet Link "tenmbitsonly") #no autonegotiation
(aruba-s3500-48p-0) (Ethernet Link "tenmbitsonly") #exit
(aruba-s3500-48p-0) (config) #exit
(aruba-s3500-48p-0) #show interface-profile enet-link-profile tenmbitsonly

Ethernet Link "tenmbitsonly" (N/A)
----------------------------------
Parameter        Value
---------        -----
Speed            10
Duplex           half
Autonegotiation  Disabled
Flowcontrol      off

(aruba-s3500-48p-0) #

to create the profile. This is a 10baseT only profile. No flow control. Half duplex. No negotiating with the other end. Apply it to interface 0/0/10 like so: 

(aruba-s3500-48p-0) #configure terminal 
(aruba-s3500-48p-0) (config) # interface gigabitethernet 0/0/10
(aruba-s3500-48p-0) (gigabitethernet "0/0/10") #enet-link-profile tenmbitsonly
(aruba-s3500-48p-0) (gigabitethernet "0/0/10") #exit
(aruba-s3500-48p-0) (config) #exit
(aruba-s3500-48p-0) #

And we can see how it's being applied to port 0/0/10 like so: 

(aruba-s3500-48p-0) #show interface-config gigabitethernet 0/0/10

gigabitethernet "0/0/10"
------------------------
Parameter                                        Value                 Config Derivation
---------                                        -----                 -----------------
Interface MSTP Profile                           default               default
Interface Rapid PVST Profile                     default               default
Interface GVRP Profile                           N/A                   gigabitethernet0/0/10
Interface Tunneled Node Profile                  N/A                   gigabitethernet0/0/10
Interface VOIP Profile                           N/A                   gigabitethernet0/0/10
Interface LLDP Profile                           lldp-factory-initial  default
Interface PoE Profile                            poe-factory-initial   default
Interface Ethernet Link Profile                  tenmbitsonly          gigabitethernet0/0/10
Interface OAM Profile                            N/A                   gigabitethernet0/0/10
Interface LACP Profile                           N/A                   gigabitethernet0/0/10
Interface QoS Profile                            N/A                   gigabitethernet0/0/10
Interface Policer Profile                        N/A                   gigabitethernet0/0/10
Interface AAA Profile                            N/A                   gigabitethernet0/0/10
Interface Shutdown                               Disabled              default
Interface MTU                                    1514                  default
Interface Ingress ACL                            N/A                   gigabitethernet0/0/10
Interface Egress ACL                             N/A                   gigabitethernet0/0/10
Interface QoS Trust Mode                         aruba-device          default
Interface Description                            N/A                   default
Interface Switching Profile                      default               default
Interface Security Profile                       N/A                   gigabitethernet0/0/10
Ingress Port Mirroring Profile                   N/A                   gigabitethernet0/0/10
Egress Port Mirroring Profile                    N/A                   gigabitethernet0/0/10
Static IGMP Multicast Router port for the VLANs  0                     default
Static MLD Multicast Router port for the VLANs   0                     default
Interface Trusted Mode                           Enabled               default
HSL backup interface                             N/A                   gigabitethernet0/0/10
HSL preemption mode                              Off                   default
HSL preemption delay                             100                   default

(aruba-s3500-48p-0) #

VLANs and spanning trees and things like that, oh my!

Retrieved from "https://wiki.fnord.greeley.co.us/mediawiki/index.php?title=Aruba_S3500_Ethernet_switches&oldid=990"