SurlyJake » Networking

Securing and configuring HP switches

jacob — Tue, 27 Jan 2009 19:20:28 +0000

We got some Procurve 2810 Gigabit switches. they play some critical roles, so I wanted to keep others from playing with them. The exact code below would enable https for web management, enable ssh for console management, change the port ssh runs on, and disable telnet and unencrypted web management.


config
crypto key generate ssh
show crypto host-public-key
crypto key generate cert 512
crypto host-cert generate self-signed 01/01/2009 01/01/2020 [ip address] [department] [company] Chicago IL us
ip ssh
no telnet-server
no web-management plaintext
ip ssh port [port num]
web management ssl
write memory

Debian 4.0r4 NIC bonding

jacob — Wed, 17 Sep 2008 18:26:21 +0000

Install package ifenslave-2.6.

apt-get install ifenslave

make sure the real NICs kernel modules are loaded automatically

modprobe --list | grep -i bonding

edit /etc/network/interfaces to look like this:

auto bond0
iface bond0 inet static
address 192.168.1.59
netmask 255.255.255.0
gateway 192.168.1.1
up /sbin/ifenslave bond0 eth0 eth1
down /sbin/ifenslave -d bond0 eth0 eth1
broadcast 192.168.1.255

make sure to remove ALL of the lines refering to old eth0 or eth1 settings.

add the following lines to your /etc/modprobe.d/arch/i386:

alias bond0 bonding
options bonding mode=1 miimon=100 downdelay=200 updelay=200