Hp Switch – Configuration

Hp switch’ler üzerinde genellikle yapılan standart ayarlar ;

Switch’e Hostname verin.

HP Procurve 2910al(config)# hostname Switch-1
Switch-1(config)#

Password’leri set edin.

Switch-1(config)# password all
New password for operator: *******
Please retype new password for operator: *******
New password for manager: *******
Please retype new password for manager: *******
Switch-1(config)#

Time zone’u ve time server’lari (192.168.1.200 gibi) set edin.

Switch-1(config)# time timezone 120
Switch-1(config)# time daylight-time-rule Western-Europe
Switch-1(config)#
Switch-1(config)# sntp server 192.168.1.200
Switch-1(config)# sntp server priority 1 192.168.1.200
Switch-1(config)# timesync sntp
Switch-1(config)# sntp unicast
Switch-1(config)# sntp 300
Switch-1(config)#

Default Gateway IP adresini set edin.

Switch-1(config)# ip default-gateway 192.168.1.1
Switch-1(config)#

Management için belli IP adreslerine izin verin.

Switch-1(config)# ip authorized-managers 192.168.1.200 255.255.255.255
Switch-1(config)#

veya

Switch-1(config)# ip authorized-managers 192.168.1.0 255.255.255.0
Switch-1(config)#

Ayrica radius server varsa veya uygulabiliyorsa, bu server’la authentication yapilabilir.

Switch-1(config)# radius-server host 192.168.1.200 key secret_key1
Switch-1(config)# radius-server timeout 1
Switch-1(config)# radius-server retransmit 1
Switch-1(config)# aaa authentication console login radius local
Switch-1(config)# aaa authentication console enable radius local
Switch-1(config)# aaa authentication telnet login radius loca
Switch-1(config)# aaa authentication telnet enable radius local
Switch-1(config)# aaa authentication web login radius local
Switch-1(config)# aaa authentication web enable radius local
Switch-1(config)# aaa authentication ssh login radius local
Switch-1(config)# aaa authentication ssh enable radius local
Switch-1(config)# aaa authentication login privilege-mode
Switch-1(config)#

Logging ayarlarini set (logging host olarak 192.168.1.200 gibi) edin.

Switch-1(config)# logging 192.168.1.200
Switch-1(config)# logging facility local0
Switch-1(config)#

Genel SNMP ayarlarini (snmp trap’lerini 192.168.1.200 IP adresine göndermek gibi) set edin.

Switch-1(config)# snmp-server host 192.168.1.200 “public”
Switch-1(config)# snmp-server community “public” manager restricted
Switch-1(config)#

Switch’e erisimi SSH ve HTTPS ile yapilacak sekilde set edin.

Switch-1(config)# crypto key generate ssh
Switch-1(config)# ip ssh
Switch-1(config)# crypto key generate cert 1024
Switch-1(config)# web-management ssl
Switch-1(config)# no web-management plaintext
Switch-1(config)# no telnet-server
Switch-1(config)#

Switch port’larinin hizlarini ve baglanti parameterlerini set edin. Dogal olarak baglanan aygita bagimli olarak
düzgün bir setting yapilmasi lazim.

Switch-1(config)# interface 1
Switch-1(eth-1)# name “Server Connection”
Switch-1(eth-1)# speed-duplex auto-1000
Switch-1(eth-1)# exit
Switch-1(config)#

Switch’ler arasi veya server’lara birden fazla port ile baglanti durumunda Port Trunk ayarlarini set edin.

Switch-1(config)# trunk 1-4 trk1 trunk
Switch-1(config)#

veya

Switch-1(config)# trunk 1-4 trk1 lacp
Switch-1(config)#

Switch port’larinda broadcast limitini (toplam port bant genisliginin %20’si gibi)set edin.

Switch-1(config)# interface 1
Switch-1(eth-1)# broadcast-limit 20
Switch-1(eth-1)# exit
Switch-1(config)#

Switch üzerinde Spanning Tree protokolünü aktif edin.

Switch-1(config)# spanning-tree
Switch-1(config)# spanning-tree force-version rstp-operation
Switch-1(config)#

Switch port’larinda BPDU (Bridge Protocol Data Units) filtrelemesi yapin.

Bu port’lara baska bir switch’in veya Spanning Tree protokolü ile iletisimde bulunan baska bir aygitin takili
olmadigina dikkat edin. Filtreleme yapinca ilgili port’tan bridge ile ilgili paketlerin gelmesi engellenmis
olacagindan bu port’ta Spanning Tree protokolü aktif olarak çalismayacaktir.

Switch-1(config)# spanning-tree 1-23 bpdu-filter
Switch-1(config)# spanning-tree 1-23 bpdu-protection
Switch-1(config)#

Switch port’larinda loop’u engellemek için gerekli ayari yapin (24 no’lu port diger switch’e baglanti için).

Switch-1(config)# loop-protect 1-23
Switch-1(config)#

Switch üzerinde DHCP (Dynamic Host Configuration Protocol) snooping ayarini set edin. Bu ayar sizin isteginiz
disinda agda DHCP servisi çalistiran bir host’un IP dagitmasini engeller (iki DHCP server var 192.168.1.200 ve
192.168.1.201 gibi). Client’larin bagli oldugu port’lar 2-20 gibi bunlarin güvenilir oldugunu belirtmek gerekli.

Switch-1(config)# dhcp-snooping
Switch-1(config)# dhcp-snooping vlan 1
Switch-1(config)# dhcp-snooping authorized-server 192.168.1.200
Switch-1(config)# dhcp-snooping authorized-server 192.168.1.201
Switch-1(config)#
Switch-1(config)# interface 1-23
Switch-1(eth-2-20)# dhcp-snooping trust
Switch-1(eth-2-20)# exit
Switch-1(config)#

Bunun yaninda IGMP (Internet Group Management Protocol) ve MLD (Multicast Discovery Protocol) snooping
ayarlarini da yapabilirsiniz.

Switch üzerinde ARP (Address Resolution Protocol) korumasini aktif edin. Öncelikle DHCP snooping’in set edilmesi
gerekiyor. Vlan 1 için arp protect set edildi ve diger switch’e veya router’a baglanti için kullanilan port 24 no’lu
port trust edildi (bu port üzerinde arp kontrolü yapilmasin).

Switch-1(config)# arp-protect vlan 1
Switch-1(config)# arp-protect trust 24
Switch-1(config)#

Switch üzerindeki Vlan’lara IP adresi verin ve IP routing özelligini aktif edin.

Switch-1(config)# vlan 1
Switch-1(vlan-1)# ip address 192.168.1.21 255.255.255.0
Switch-1(vlan-1)# exit
Switch-1(config)#
Switch-1(config)# ip routing
Switch-1(config)#

Switch üzerinde port’lar ve kablolama ile ilgili bazi hatalari algilamak için asagidaki ayarlari set edin.

Switch-1(config)# fault-finder bad-driver sensitivity high
Switch-1(config)# fault-finder bad-transceiver sensitivity high
Switch-1(config)# fault-finder bad-cable sensitivity high
Switch-1(config)# fault-finder too-long-cable sensitivity high
Switch-1(config)# fault-finder over-bandwidth sensitivity high
Switch-1(config)# fault-finder broadcast-storm sensitivity high
Switch-1(config)# fault-finder loss-of-link sensitivity high
Switch-1(config)# fault-finder duplex-mismatch-hdx sensitivity high
Switch-1(config)# fault-finder duplex-mismatch-fdx sensitivity high
Switch-1(config)#

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s