Kategorie: Netzwerk

HP / Aruba Procurve 2530/2500 Default Management IP, Username/Passwrods and Configurations

HP / Aruba Procurve 2530/2500 Default Management IP, Username/Passwrods and Configurations

Back-up of an existing config

If you are performing a backup a config from another switch, two ways of downloading the configuration is through GUI and CLI (via TFTP)

via GUI: (System -> Updates/Download -> Configuration File (Highlight config name and click Download)

2018-02-20 16_47_16-HP 2530-24G-PoEP Switch (J9773A).png

via CLI. (you need to set up a TFTP server on a machine)

switch# copy running-config tftp <IP Address of the TFTP Server> filename.pcc

==============
Default Settings and Configurations of an Aruba/HP Procurve switch

In the factory default configuration, the switch has no IP (Internet Protocol) address and subnet mask, and no passwords. In this state, it can be managed only through a direct CONSOLE connection (How to connect to Console? Click here). To manage the switch through inband (networked) access, you should configure the switch with an IP address and subnet mask compatible with your network. Also, you should configure a Manager password to control access privileges from the console and Web browser interface.

IP-Address

HP ProCurve Switch 2524# configure
HP ProCurve Switch 2524(config)# vlan 1
HP ProCurve Switch 2524(vlan-1)# ip address 10.0.0.1 255.255.255.0
HP ProCurve Switch 2524(vlan-1)# wr mem
HP ProCurve Switch 2524(vlan-1)# exit
HP ProCurve Switch 2524(config)# exit
HP ProCurve Switch 2524#

(Basically, from here you can now set your machine’s IP into the same network above and access the GUI from your browser, otherwise, you can proceed with the other commands below)

Also, by default, as mentioned there is no username/password for the switch and you have to configure that manually through GUi or CLI below.

Configure VLANs

HP ProCurve Switch 2524# configure
HP ProCurve Switch 2524(config)# vlan 1
HP ProCurve Switch 2524(vlan-1)# name „Default“
HP ProCurve Switch 2524(vlan-1)# untag 2-6
HP ProCurve Switch 2524(vlan-1)# vlan 10
HP ProCurve Switch 2524(vlan-10)# name „First“
HP ProCurve Switch 2524(vlan-10)# untag 7-12
HP ProCurve Switch 2524(vlan-10)# vlan 20
HP ProCurve Switch 2524(vlan-20)# name „Second“
HP ProCurve Switch 2524(vlan-20)# untag 13-18
HP ProCurve Switch 2524(vlan-20)# exit
HP ProCurve Switch 2524(config)# exit
HP ProCurve Switch 2524#

Set up trunk ports

HP ProCurve Switch 2524# config
HP ProCurve Switch 2524(config)# trunk 23-24 trk1
HP ProCurve Switch 2524(config)# vlan 10
HP ProCurve Switch 2524(vlan-10)# tagged trk1
HP ProCurve Switch 2524(vlan-10)# vlan 20
HP ProCurve Switch 2524(vlan-20)# tagged trk1
HP ProCurve Switch 2524(vlan-20)# wr mem
HP ProCurve Switch 2524(vlan-20)# exit
HP ProCurve Switch 2524(config)# exit
HP ProCurve Switch 2524#

Disable all (but trunk) ports

HP ProCurve Switch 2524# configure
HP ProCurve Switch 2524(config)# int 2-22 disable
HP ProCurve Switch 2524(config)# wr mem
HP ProCurve Switch 2524(config)# exit
HP ProCurve Switch 2524#

Enable only necessary ports

HP ProCurve Switch 2524# configure
HP ProCurve Switch 2524(config)# int 2-4 enable
HP ProCurve Switch 2524(config)# int 13-15 enable
HP ProCurve Switch 2524(config)# wr mem
HP ProCurve Switch 2524(config)# exit
HP ProCurve Switch 2524#

Set up speed etc.

HP ProCurve Switch 2524# configure
HP ProCurve Switch 2524(config)# int 2-4 speed-duplex 100-full
HP ProCurve Switch 2524(config)# int 13-15 speed-duplex auto
HP ProCurve Switch 2524(config)# wr mem
HP ProCurve Switch 2524(config)# exit
HP ProCurve Switch 2524#

Set time and date

Time and date on hh:mm and mm:dd:yyyy format

HP ProCurve Switch 2524# configure
HP ProCurve Switch 2524(config)# time 10:05
Mon Jan 1 10:05:28 1990
HP ProCurve Switch 2524(config)# time 08/24/2010
Tue Aug 24 10:05:41 2010
HP ProCurve Switch 2524(config)# wr mem
HP ProCurve Switch 2524(config)# exit
HP ProCurve Switch 2524#

Set hostname

HP ProCurve Switch 2524# configure
HP ProCurve Switch 2524(config)# hostname „ServerRoom1“
ServerRoom1(config)# wr mem
ServerRoom1(config)# exit
ServerRoom1#

Backup settings

After running “sh run” copy/paste all between line which start with “hostname” to “ServerRoom1#” example to notepad and save that file.

ServerRoom1# sh run
ServerRoom1#

Restore settings from backup

All you have to do is copy/paste all (except the first “Running configuration:” line) to notepad on “Backup settings” part to “HP ProCurve Switch 2524#”.
If you have set operator and/or manager passwords, don’t copy/paste the lines which start with password.

HP ProCurve Switch 2524# configure
HP ProCurve Switch 2524(config)#

Set manager and operator password

ServerRoom1# configure
ServerRoom1(config)# password all
New password for Operator: ********
Please retype new password for Operator: ********
New password for Manager: ********
Please retype new password for Manager: ********
ServerRoom1(config)#

Content retrieved from: https://marktugbo.com/2018/02/20/hp-aruba-procurve-2530-2500-default-configurations/.

Active Directory und gängige Ports

Hier eine Auflistung der gängigsten Active Directory Ports sowie gängiger Ports für Paketfilter in Firewalls.

tcp/53 DNS
tcp/88 Kerberos
tcp/135 RPC
tcp/445 sysvol share
tcp/389 LDAP
tcp/464 Kerberos password (Max/Unix clients)
tcp/636 LDAP SSL (if the domain controllers have/need/use certificates)
tcp/1688 KMS (if KMS is used. Not necessarily AD, but the SRV record is in AD and clients need to communicate with the KMS).
tcp/3268 LDAP GC
tcp/3269 LDAP GC SSL (if the domain controllers have/need/use certificates)
tcp/49152 through 65535 (Windows Vista/2008 and higher) aka “high ports”

udp/53 DNS
udp/88 Kerberos
udp/123 time
udp/135 RPC
udp/389 LDAP
udp/445 sysvol share

You can minimize the high-port range by configuring a static RPC port for Active Directory.

Restricting Active Directory RPC traffic to a specific port
https://support.microsoft.com/en-us/kb/224196

It’s usually a good idea to force Kerberos to use only tcp/ip, particularly if you have a large, complex network, or accounts are members of large number of groups/large token size.

How to force Kerberos to use TCP instead of UDP in Windows
https://support.microsoft.com/en-us/kb/244474

Active Directory Ports

DienstebeschreibungTCP/UDPPortnummern, Beschreibung
DNSTCP/UDP53
KerberosTCP/UDP88
LDAPTCP/UDP389 (LDAP, 389/TCP, LDAP Ping 389/UDP)
LDAP-SSLTCP686
Microsoft-DSTCP/UDP445
UPnPTCP/UDP1900, 2869 (UPnP Framwework für Netzwerkkommunikation unter Windows
WINSTCP/UDP1512
NetBIOSTCP/UDP137
NetBIOS DatagrammUDP138
NetBIOS Session ServiceTCP139
WINS ReplikationTCP/UDP42

Active Directory KommunikationNotwendiger Datenverkehr
Netzwerkanmeldung eines Benutzers über eine Firewall Microsoft-DS-Datenverkehr (445/TCP, 445/UDP)
Kerberos-Authentifizierungsprotokoll (88/TCP,88/UDP)
LDAP-Ping (389/UDP)
DNS (53/TCP, 53/UDP)
Computeranmeldung an einem Domänencontroller Microsoft-DS-Datenverkehr (445/TCP, 445/UDP)
Kerberos-Authentifizierungsprotokoll (88/TCP,88/UDP)
LDAP-Ping(389/UDP)
DNS (53/TCP, 53/UDP)
Herstellen einer Vertrauensstellung zwischen Domänencontrollern in verschiedenen Domänen Microsoft-DS-Datenverkehr (445/TCP, 445/UDP)
Kerberos-Authentifizierungsprotokoll (88/TCP,88/UDP)
LDAP-Ping (389/UDP)
DNS (53/TCP, 53/UDP)
LDAP (389/TCP; 686/TCP bei Verwendung von SSL)
Verifizierung einer Vertrauensstellung zwischen zwei Domänencontrollern Microsoft-DS-Datenverkehr (445/TCP, 445/UDP)
Kerberos-Authentifizierungsprotokoll (88/TCP,88/UDP)
LDAP-Ping (389/UDP)
DNS (53/TCP, 53/UDP)
LDAP (389/TCP; 686/TCP bei Verwendung von SSL)
Netlogon

Microsoft SQL Server Ports

DienstebeschreibungTCP/UDPPortnummern, Beschreibung
SQL AbfragenTCP1433
SQL MonitorTCP1434

Microsoft Exchange Server Ports

NetzwerkkommunikationNotwendiger Datenverkehr
Kommunikation mit Domänen-
controllern		 LDAP-Standardprotokoll (389/TCP; 636/TCP bei Verwendung von SSL)
LDAP-Kommunikation für Standortreplikationsdienst (379/TCP)
LDAP-Kommunikation für globalen Katalog (3368/TCP; 3269/TCP bei Verwendung von SSL)
Ausgehende DNS-Anforder-ungen an einen DNS Server DNS (53/TCP und 53/UDP)
Nachrichtenaustausch zwischen Servern SMTP Datenverkehr (25/TCP; 465/TCP bei Verwendung von TLS)
SMTP Verbindungsalgorithmus (691/TCP)
Clients, die E-Mail über POP3 herunterladen POP3 (110/TCP; 995/TCP bei Verwendung von SSL)
Clients, die E-Mail über IMAP4 herunterladen IMAP4 (143/TCP; 993/TCP bei Verwendung von SSL)
Client, der Newsreader einsetzt NNTP (119/TCP; 563/TCP bei verwendung von SSL)
Webbrowser, der E-Mail von OWA herunterlädt HTTP-Protokoll (80/TCP; 443/TCP bei Verwendung von SSL)
Clients, die Sofortnachrichten verwenden RVP (80/TCP sowie Anschlüsse über 1024/TCP)
Clients, die ein Chatprotokoll verwenden IRC/IRCX (6667/TCP; 994/TCP bei Verwendung von SSL

Internetauthentifizierungsdienst (RADIUS)

DienstebeschreibungTCP/UDPPortnummern, Beschreibung
Authentifizierungsdaten-verkehrUDP1645, 1812
KontoführungsdatenverkehrUDP1813, 1646
Benachrichtigungs- und Über-wachungsdatenverkehr der QuarantänesteuerungUDP7250

Diverse gängige Netzwerkports

DienstebeschreibungTCP/UDPPortnummern, Beschreibung
PPTP VPNTCP1723 (GRE, IP/47)
L2TP VPNTCP1701, sowie IKE Port 500/UDP
SSHTCP22
HTTPTCP80
HTTPSTCP443
RDPTCP3389, Microsoft Remote Desktop Protocol
iSCSITCP3260, 860
RPC LocatorTCP/UDP135, Remote Procedure Call
Microsoft Operations ManagerTCP/UDP1270
WINSTCP/UDP1512
Microsoft Message QueueTCP/UDP1801
Microosft Desktop Air Sync ProtocollTCP/UDP2175
Microsoft Active Sync Remote APITCP/UDP2176
Microsoft OLAP3TCP/UDP2382
Microsoft OLAP4TCP/UDP2383
Microsoft .NETsterTCP/UDP3126
Microsoft Business Rule Engine Update ServiceTCP/UDP3132
Microsoft Globaler KatalogTCP/UDP3268
Microsoft Globaler Katalog mit LDAP/SSLTCP/UDP3269
Microsoft Windows File System (WINFS)TCP/UDP5009
Microsoft Small BusinessTCP/UDP5356
Microsoft DFS ReplikationTCP/UDP5722
Microsoft maxTCP/UDP6074
NTPTCP/UDP123, Network Time Protocol
NetBIOSTCP/UDP137
NetBIOS DatagrammUDP138
NetBIOS Session ServiceTCP139
RPC Dynamic AssignmentTCP1024-65535
Server Message Block, SMB over IP (Microsoft-DS)TCP/UDP445
GRE, generic routing encapsulation (if using PPTP)IP47
IPSec ESPIP50, Encapsulated Security Payload
IPSec AHIP51, Authenticated Header
EmuleTCP4661, Ausgehend
EmuleTCP4662, Eingehend
EmuleUDP4665, Ausgehend
EmuleUDP4672, Eingehend
MSN MessengerÄltere Messenger Versionen:
IN TCP 6891 – 6900
IN TCP 1863
IN UDP 1863
IN UDP 5190
IN UDP 6901
IN TCP 6901 Neue Messenger Versionen:
UDP Ports: 135, 137, 138
TCP Ports: 135, 139, 445		Ältere MSN Messenger:
(Achtung!! Alte Messenger benötigen einen großen Portbereich!!)

Ports 6891-6900 erlauben Datei Sendungen
Port 6901 ist für Audio Kommunikation
Allows Voice, PC to Phone, Messages, and Full File transfer capabilities.
Thnx to Brad King & Bill Finch Jr.
Neue MSN Messenger:
UDP Ports: 135, 137, 138,
TCP Ports: 135, 139, 445

Die gesamten Well Known Ports und Registered Ports sind auf der Homepage der IANA auf: http://www.iana.org/assignments/port-numbers zu finden.

Betrieben von WordPress | Theme: Baskerville 2 von Anders Noren.

Nach oben ↑