= Configure HP Procurve 2824 (J4903A) = We have a [http://www.hp.com/rnd/support/manuals/2800.htm HP Procurve 2824 switch] at both Telehouse and XO. We have the [/attachment/ticket/4278/hp2824-manual.pdf installation manual] and [attachment:2600-2800-4100-6108-MgmtConfig-Oct2005-59906023.pdf management manual available]. == Reset to factory defaults and set serial console == Do that by poking a staple in both the reset and clear buttons and then releasing the reset button and keeping the clear button pressed. That may leave the switch in a state with all lights on. If so try unplugging and plugging it back in. Next, try to access it via the serial console at 2400 baud. * Set the system contact, password, and IP configuration * Type: setup * Set system contact to: {{{info@mayfirst.org}}} * Enter Manager password - cannot be more than 16 characters! * Set the serial console {{{ # configure # console baud-rate 115200 Command will take effect after saving configuration and reboot. # write mem # boot }}} After it restarts, you should re-connect via the new serial console settings == Upgrade Firmware == * Check the [http://h17007.www1.hp.com/us/en/support/converter/index.aspx?productNum=J4903A HP page for the latest firmware]. Check the running firmware with: {{{ show version }}} As for 2012-11-3, the latest firmware on the site is i.10.77 built on 26-Aug-2009, posted on 26-Oct-2009. * To update the firmware: * Downloading the latest version to a machine connected to the switch * Install and start tftpd-hpa on the machine * On the server, type: {{{menu}}} * Selected Download OS from the menu * Entered the IP address of the server and the remote file name (/srv/tftp/I_10_77.swi) and hit eXecute. * Set the hostname {{{ hostname cafiero }}} == Harden the switch == * Disable the telnet and web interface: {{{ configure no telnet-server no web-management }}} * Fix the SNMP configuration (by default it allows public write access, we want public read-only access) {{{ configure snmpv3 enable snmpv3 only }}} When you run snmpv3 enable you are prompted to create a user. Just take the defaults and hit "n" when you are asked to create a new sha user. Now, delete the user you just created: {{{ no snmpv3 user initial }}} Create a new user: {{{ snmpv3 user cacti auth sha AUTHPASS priv aes PRIVPASS }}} Replace AUTHPASS and PRIVPASS with random passwords you generate and store in [wiki:keyringer]. Lastly, give this user access: {{{ snmpv3 group operatorauth user cacti sec-model ver3 }}} Now, you should be able to configure cacti to user it. When configuring cacti, be sure to leave "context" blank. [[TicketQuery(keywords=~hp-procurve,format=table,col=resolution|summary)]]