Configure sFlow for HP switches

A-series

Execute the following commands on the desired interface

sflow flow collector 1
sflow sampling-rate 1000
sflow counter collector 1
sflow counter interval 60

E-series

sflow 1 destination ${collector}
sflow 1 polling ${interface} 60
sflow 1 sampling ${interface} 1000

Replace failed HP-3800 E-Series stack member

Recently we had to replace a few failed HP-3800 stack members. Luckily this is pretty easy. Execute the following command on the switch stack once the  failed switch has been removed and before the replacement switch has been connected to the stack.

Proceedure

  1. Power down and remove the failed switch
  2. Update the switch stack for the new switch
    1. Locate the system mac address from the back of the switch
    2. switch-stack-01(config)#Stacking member <member ID> type <type ID> mac-address <mac address ID>
  3. Power on the new switch
  4. A message indicating incompatible OS may be displayed when the switch is first powered on. This will go away after a couple reboots. The new member will receive it’s OS from the commander



Reference
http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c03724590/c03724590.pdf

Configure SNMPv3 read write access for HP and Cisco switches, routers, etc.

HP switches

tested on the following gear

  • E-series 3800


snmpv3 enable
(complete the wizard)
snmpv3 group managerpriv user <user-name> sec-model ver3
snmpv3 user <user-name> auth md5 <password> priv des <password>

 

Cisco switches and routers

tested on the following gear

  • switch: 3750
  • router: 3845


snmp-server group v3ReadWrite v3 priv read v1default write v1default
snmp-server user <user-name> v3 auth md5 <password> priv des <password>

note:If your software version doesn’t support encryption, then you will not be able to have authentication encrypted. You may verify you software version with the ‘show version’ command

HP A-Series to Cisco LACP switchport link-aggregation

Left side: HP 5820

Create the bridge-aggregate interface

int br50
link-aggregation mode dynamic
quit

Join the member ports to the bridge-aggregate

int gi1/0/48
port link-aggregation group 50
quit

Configure the bridge-aggregate

int br50
port link-type trunk
port trunk permit vlan ${vlan-list}
quit

Add member ports to bridge-aggregate
int gi2/0/48
port link-aggregation group 50
quit

YOUR DONE…..on this side

 

 

Right side: Cisco 3020 blade switch

 Create port-channel by adding first member


int gi0/21
channel-group 1 mode active

configure the port-channel

int po1
switchport nonegotiate
switchport mode trunk
switchport trunk allowed vlan ${vlan-list}
end

Add members to port-channel

int gi0/22
channel-group 1 mode active
end

Done on this side…. don’t forget to verify!

 

Useful commands

description / HP / Cisco
determine member port state / dis link summary / show ether summary
determine which ports are members / dis link verbose br50 / show ether summary
debug lacp / debug link-aggregation all / debug lacp

 

Other notes

  • ensure that your VLAN list is identical on both sides. If they are not, it will cause the member ports to not become selected.

 

RADIUS authentication w/ HP A-series and E-series equipment

It’s very useful to use RADIUS for authentication. This post is aimed at providing the quick and dirty details to make it happen on the HP A-series and E-series equipment.

Important note: Be sure to set a local manager account on all switches before enabling RADIUS. If you do not set a local manager account and RADIUS is not reachable, then you will not be able to manager your gear.

A-Series

Tested on: 5920 & 5820

5920

Capture

Manager rights: cisco-AV-Pair shell:roles=network-admin
Ready-Only: cisco-AV-Pair shell:roles=level-1

5820

The important thing to note here is that there are no attributes currently available that will grant you a specific level of rights. Use RADIUS to controll access, then use the super command to control the access level.

example radius scheme configuration

radius scheme radius-auth
primary authentication <server>
primary accounting <server>
key authentication <key>
key accounting <key>
user-name-format without-domain
quit
super password level 1 simple <password>
super password level 2 simple <password>
super password level 3 simple <password>

E-Series

Tested on: 3800

RADIUS attributes

Enabled mode: RADIUS Attributes > Standard: Service-Type:Administrative
Monitor mode: RADIUS Attributes > Standard: Service-Type:NAS Prompt

Example configuration

radius-server host <server> key <key>
aaa authentication ssh login radius local
aaa authentication ssh enable radius local
aaa authentication login privilege-mode