We help IT Professionals succeed at work.

Step by step configuration - HP H3C A5120

netcmh
netcmh used Ask the Experts™
on
Hello,

We're a HP Procurve switch shop with Cisco routers.

We're moving into the H3Cs now. They are very different from the way Cisco and Procurves are configured.

Other than pointing me to config manuals (which I'm reading), can anyone please help me configure this switch so that I can seamlessly bring it inline into my network?

The saga so far:
1. No login prompt when plugging into it's console port using a console cable on a XP PC with hyperterminal.
2. system-view is the config terminal equiv.
3. display current is the show run equiv.
4. sysname helps set the system name
5. In order to configure most of the stuff visually,
enable the web server on the switch by
    ip http enable
setup a local admin account by
    local-user admin
      password simple admin123
      authorization-attribute level 3
      service-type lan-access
      service-type telnet
      quit
Configure the switch's IP address:
    interface Vlan-interface1
        ip address 172.16.0.1 255.255.255.0
        quit
Configure your PC's IP address as 172.16.0.2 255.255.255.0
Browse to http://172.16.0.1
6. You can configure the SNMP contact and other info on the GUI
7. You can configure the NTP info on the GUI

This was all with the PC connected to the switch via ethernet.

I tried but I couldn't get the switch on the network. I assigned it an IP address, but I couldn't get it to ping any device.

I also need to know how to properly configure - in the procurve parlance - tagged and untagged ports.

I tried this:

interface Bridge-Aggregation1
 description Link to SwitchMain
 port link-type trunk
 port trunk permit vlan all
 link-aggregation mode dynamic
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk permit vlan 1
 port link-aggregation group 1

But it didn't work.

I need to know how to
get RADIUS to work with this,
turn on Netflow/sflow
turn on routing

Thank you all for your help, in advance.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Ok, just to get started, where are you connecting on that port?

When you configure it as a link-aggregation or Cisco speak Etherchannel, you have the whole negotiation of 802.3ad to worry about. So start out with just one cable connected configured, undo the link-aggregation assignment on your port.

On that port, you want to do "port access vlan 1" so that the untagged vlan is 1.

This guide is really helpful for those familiar with Cisco configs.
http://h17007.www1.hp.com/docs/interoperability/Cisco/HP-Networking-and-Cisco-CLI-Reference-Guide_June_10_WW_Eng_ltr.pdf

Commented:
Turn on Routing: when you create VLAN interfaces (interface vlan 1, interface vlan X, etc.) it will start routing between the directly connected ones automatically. Then you can add a routing protocol to further spread this. I recommend OPSF.

on system-view:
ospf 1
 import-route direct
 import-route static
 area 0.0.0.0
  network X.X.X.X Y.Y.Y.Y

where Y.Y.Y.Y is a reverse mask

Commented:
turn on sflow:
more complicated. you need to configure receiver as well as the ports where you want this running

x.x.x.x is your IP, Y.y.y.y is the server/collector IP, zzzz is a random description. You can have more than one collector/server configured.

system-view:

 sflow agent ip X.X.X.X
 sflow collector 1 ip Y.Y.Y.Y description ZZZZZ

on the interface (VLAN or gigabit)

 sflow sampling-rate 1000
 sflow flow collector 1
 sflow counter interval 30
 sflow counter collector 1

Commented:
Just a fix on the routing part - the 5120 does not support dynamic routing. So in order to do routing, you have your vlan interfaces and you can use static routes.

static route commands:

ip route-static X.X.X.X Y.Y.Y.Y Z.Z.Z.Z

where X.X.X.X is your network, Y.Y.Y.Y is your mask, and Z.Z.Z.Z is your next-hop

you will also need a default route:

ip route-static 0.0.0.0 0.0.0.0 Z.Z.Z.Z
Commented:
For Radius Configuration, this is what the manual has, it is pretty self-explanatory, let me know if you have any specific doubts...

# Configure RADIUS scheme 2000 and enter its view.
<Device> system-view
[Device] radius scheme 2000
# Specify primary and secondary authentication and accounting servers. Set the shared key to abc for
authentication and accounting packets.
[Device-radius-2000] primary authentication 10.11.1.1 1812
[Device-radius-2000] primary accounting 10.11.1.1 1813
[Device-radius-2000] key authentication abc
[Device-radius-2000] key accounting abc
# Exclude the ISP domain name from the username sent to the RADIUS server.
[Device-radius-2000] user-name-format without-domain
[Device-radius-2000] quit
5. Configure an ISP domain.
# Create ISP domain bbb and enter its view.
[Device] domaim bbb
# Apply RADIUS scheme 2000 to the ISP domain for authentication, authorization, and accounting.
[Device-isp-bbb] authentication lan-access radius-scheme 2000
[Device-isp-bbb] authorization lan-access radius-scheme 2000
[Device-isp-bbb] accounting lan-access radius-scheme 2000
[Device-isp-system] quit
6. Configure 802.1X.
# Enable 802.1X globally.
[Device] dot1x
# Enable 802.1X for port GigabitEthernet 1/0/2.
[Device] interface gigabitethernet 1/0/2
[Device-GigabitEthernet1/0/2] dot1x
# Implement port-based access control on the port.
[Device-GigabitEthernet1/0/2] dot1x port-method portbased
# Set the port authorization mode to auto.
[Device-GigabitEthernet1/0/2] dot1x port-control auto
[Device-GigabitEthernet1/0/2] quit

Commented:
I think this covers your questions. If you need to add more tagged VLANs on your trunk port, just run the " port trunk permit vlan X" on the port config.

One command i find really useful on H3C is "display this". It will display the configuration lines for whatever prompt you are on - like port, vlan interface, etc.

If you want a specific config, send over a network design, including next hop router, sflow server IP, and authentication server IP. That would make it easier to do a whole sample config.

Best of luck,
RK
I'm still getting request timed outs when I try to ping any device on my network from a laptop connected to this switch. This switch is connected to the main switch via interface#1.

Commented:
Can you send the config on the attached switched and this one, pointing out the connected interfaces? Can u ping vlan 1 ip?

Commented:
Make sure your pc ip address is on the same network as the rest of ur network, sice u r not routing yet
Yes, vlan 1 IP is pingable.

Yes, it's on the same network.

Commented:
Did you configure routing? Can you send your configuration to check?
Thank you