Securely configuring a HP Procurve Switch

1. Connect to the Procurve switch using the provided console cable and login to the switch using the putty. Once you’re in the console type menu and press enter. Go to Switch Configuration and then IP Configuration to configure the switch with the management IP, subnet mask and gateway information. From the main menu, go to Console passwords to set the switch passwords. NOTE: Once the password is set, when you login again next time, you will need to login as user manger or operator depending on which level of switch you want to use.

2. Disable Telnet and only allow SSH access. Telnet sends all traffic as clear text, so you all the information you type will can be seen if you use the sniffing program. SSH uses secure encryption session. Follow these steps to enable SSH and disable telnet.

ProCurve Switch(config)# crypto key generate ssh 
ProCurve Switch(config)# ip ssh 
ProCurve Switch(config)# no telnet-server

3. Procurve switches can be configured via web interface for ease of use. HTTP, just like telnet, sends data in a clear text format. Switch to HTTPS for more secure transmission of data while you are configuring the switch.

ProCurve Switch(config)# crypto key generate cert <key_size>
ProCurve Switch(config)# web-management ssl
ProCurve Switch(config)# no web-management plaintext

4. Physical security: Procurve switch has two reset buttons on the front of the switch, reset and clear. They are used to set the switch to factory default and to clear passwords. You can disable the button so user cannot reset the switch. Use the command below. (Be very careful about using this command. If you lose or forget the password, you will not be able to reset the password).

In the switch’s default mode, a malicious user can utilize the front-panel clear button to reset a 
console password stored locally on the switch. To disable this feature, issue the command: 
ProCurve Switch(config)# no front-panel-security password-clear 

The other capability built into ProCurve switches is the ability to reset the switch configuration 
to the factory default mode: 
ProCurve Switch(config)# [no] front-panel-security factory-reset

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s