Support Store Sign In
Overview
System
Network
Services
Identities
Policies
Billing
Archives
Instruments
Installation
Lab Manual
Portal Customization
RESTful API
Miscellaneous
View as one page

HP Switches

HP (Hewlett Packard Enterprise / Aruba) switches provide enterprise-class switching solutions for campus and data center deployments. The rXg integrates with HP ProCurve and HPE switches via SSH for configuration synchronization, 802.1X/MAB authentication, and VLAN management.

Supported Models

Model/Series Notes
ProCurve 2500 Series Legacy managed switches
ProCurve 2600 Series Enhanced Layer 2 switches
ProCurve 2800 Series Advanced managed switches
ProCurve 2900 Series Stackable managed switches
ProCurve 3500 Series Layer 3 switches
ProCurve 5400 Series Modular switches
ProCurve 6600 Series High-performance switches
HPE OfficeConnect SMB switches
HPE 1920/1950 Smart managed switches
Aruba 2530/2540 Access layer switches
Aruba 2930 Layer 3 access switches

Features Supported

Feature Supported Description
Config Sync Yes Automatic configuration synchronization from rXg
Auto Bootstrap Yes Zero-touch onboarding capability
SNMP Monitoring Yes CPU, memory, and port statistics collection
LLDP Neighbor Discovery Yes Automatic detection of connected devices
Switch Port Import Yes Automatic import and management of switch ports
802.1X Authentication Yes Port-based network access control
MAC Authentication Bypass Yes MAC-based authentication for non-802.1X devices
Dynamic VLAN Assignment Yes RADIUS-assigned VLAN based on authentication
DHCP Snooping Yes Protection against rogue DHCP servers
Firmware Management No Manual firmware upgrades required
SPB-m Fabric No Not supported

Prerequisites

Firmware Requirements

Platform Minimum Version Notes
ProCurve K.15.x+ SSH and RADIUS support
HPE 1920/1950 Latest Web and CLI management
Aruba 2530/2930 WC.16.x+ Modern CLI with enhanced security

Network Requirements

  • Management IP connectivity to rXg
  • SSH access (TCP port 22)
  • SNMP access (UDP port 161)
  • RADIUS connectivity (UDP ports 1812, 1813) for 802.1X/MAB

Onboarding Process

Auto Bootstrap

HP switches support automatic bootstrap configuration from rXg. The bootstrap process configures:

  1. Hostname
  2. Maximum VLAN count (requires reboot)
  3. Management VLAN and IP
  4. SSH service
  5. User credentials
  6. SNMP community
  7. NTP server
  8. RADIUS server
  9. 802.1X/MAB settings

Bootstrap Configuration

Note: Changing the maximum VLAN count requires a switch reboot. The bootstrap process handles this automatically.

! System configuration
hostname "<system_name>"

! Increase max VLANs (requires reboot)
max-vlans 256

! Management VLAN configuration
vlan <mgmt_vlan>
   name "Management"
   ip address <ip>/<mask>
   exit

! Default gateway
ip default-gateway <gateway>

! SSH configuration
crypto key generate ssh rsa bits 2048
ip ssh

! Disable telnet (security)
no telnet-server

! Manager password
password manager user-name <username> plaintext <password>

! SNMP configuration
snmp-server community <community> unrestricted

! NTP configuration
timesync ntp
ntp server <rxg_ip>

! RADIUS configuration
radius-server host <rxg_ip> key <shared_secret>
radius-server host <rxg_ip> auth-port 1812
radius-server host <rxg_ip> acct-port 1813

! AAA configuration
aaa authentication port-access eap-radius
aaa authentication mac-based chap-radius
aaa port-access authenticator active

write memory

Manual Onboarding

For manual configuration before adding to rXg:

  1. Configure management VLAN and IP
  2. Generate SSH keys and enable SSH
  3. Configure manager password
  4. Configure SNMP community
  5. Add device to rXg Infrastructure Devices

Minimal manual configuration:

! Enter configuration mode (no enable required on some models)
config

! Management VLAN
vlan 1
   name "Default"
   ip address <ip>/<mask>
   exit

ip default-gateway <gateway>

! SSH setup
crypto key generate ssh rsa bits 2048
ip ssh

! Manager credentials
password manager user-name <username> plaintext <password>

! SNMP
snmp-server community <community> unrestricted

write memory

Configuration

Connection Settings

The rXg connects via SSH using RubyExpect for CLI automation. Legacy SSH algorithms are enabled for compatibility with older ProCurve firmware.

SSH connection options: -o KexAlgorithms=+diffie-hellman-group1-sha1,diffie-hellman-group14-sha1 -o HostKeyAlgorithms=+ssh-rsa -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null

CLI prompts recognized: - Banner/Press any key prompt: Press any key to continue - Password prompt: Password: - Enabled prompt: # - Disabled prompt: > - Logout prompt: log out - Maximum sessions: maximum number of sessions

Initial connection handling: - The rXg handles "Press any key" prompts automatically - Terminal paging is disabled with no page command - Session timeouts are handled gracefully

VLAN Configuration

Creating VLANs

vlan <vlan_id>
   name "<description>"
   exit

Port VLAN Assignment

Untagged (access) port: vlan <vlan_id> untagged <port_list> exit

Tagged (trunk) port: vlan <vlan_id> tagged <port_list> exit

Port list format: Single ports 1, ranges 1-4, or comma-separated 1,3,5-8

Primary VLAN

The primary VLAN is used for switch management. Setting a VLAN as primary moves the management IP to that VLAN:

vlan <vlan_id>
   ip address <ip>/<mask>
   exit

802.1X / MAB Configuration

Global Authentication Enable

aaa port-access authenticator active

RADIUS Server Configuration

radius-server host <rxg_ip> key <shared_secret>
radius-server host <rxg_ip> auth-port 1812
radius-server host <rxg_ip> acct-port 1813

802.1X Configuration

Global 802.1X: aaa authentication port-access eap-radius

Per-port 802.1X: aaa port-access authenticator <port_list> aaa port-access authenticator <port_list> client-limit 32

MAC Authentication Bypass (MAB)

Global MAB: aaa authentication mac-based chap-radius

Per-port MAB: aaa port-access mac-based <port_list> aaa port-access mac-based <port_list> addr-limit 32

Combined 802.1X and MAB

For ports supporting both 802.1X clients and non-802.1X devices:

aaa port-access authenticator <port_list>
aaa port-access mac-based <port_list>

Authentication Modes

Port control modes: aaa port-access authenticator <port> control auto

  • auto - Require authentication before access
  • force-authorized - Always allow access (bypass authentication)
  • force-unauthorized - Always deny access

SNMP Configuration

snmp-server community <community> unrestricted
snmp-server contact "<contact>"
snmp-server location "<location>"

Restricted access (operator vs manager): snmp-server community <community> operator ! Read-only snmp-server community <community> manager ! Read-write snmp-server community <community> unrestricted ! Full access

DHCP Snooping

dhcp-snooping
dhcp-snooping vlan <vlan_list>

! Trust uplink ports
dhcp-snooping trust <port_list>

Spanning Tree Configuration

spanning-tree
spanning-tree <port_list> admin-edge-port
spanning-tree <port_list> bpdu-protection

Monitoring Capabilities

Metric Collection Method Notes
CPU Usage SNMP System health monitoring
Memory Usage SNMP System health monitoring
Port Statistics SNMP Packets in/out, errors, discards
Port Status SNMP Up/down, speed, duplex
LLDP Neighbors CLI/SNMP Connected device discovery
802.1X Status CLI Authentication session status
Temperature SNMP Chassis temperature sensors

Data Gathered

The config sync process collects: - Interface list and status - VLAN configurations - Port VLAN memberships (tagged/untagged) - 802.1X/MAB port configurations - LLDP neighbor information - System identification

Troubleshooting

Common Issues

SSH Connection Failures

Symptom: Unable to establish SSH connection Resolution: - Verify SSH is enabled: show ip ssh - Check SSH keys are generated: show crypto host-public-key - Verify firewall allows TCP port 22 - For older firmware, legacy SSH algorithms are required - Check manager password is set

Check SSH status: show ip ssh show crypto host-public-key

"Press Any Key" Loop

Symptom: Connection hangs at banner prompt Resolution: - The rXg handles this automatically - If manual connection, press Enter or any key - Check for session limit issues

Maximum Sessions Reached

Symptom: Connection refused with "maximum number of sessions" message Resolution: - Disconnect unused sessions - Check for stuck sessions: show access-list sessions - Increase session limit if available

802.1X Authentication Failures

Symptom: Clients failing to authenticate Resolution: - Verify authenticator is active: show port-access authenticator - Check RADIUS server status: show radius - Verify RADIUS shared secret matches rXg - Check port has authenticator enabled - Review rXg RADIUS logs

Debug authentication: show port-access authenticator <port> clients show port-access mac-based <port> clients

VLAN Configuration Not Applied

Symptom: Traffic not passing on expected VLANs Resolution: - Verify VLAN exists: show vlan - Check port VLAN membership: show vlan <vlan_id> - Verify port is not disabled - Check for port security blocking

Diagnostic Commands

System information: show system show version show running-config show config

Interface status: show interface brief show interface <port> show interface <port> status

VLAN information: show vlan show vlan <vlan_id> show vlan ports <port> detail

802.1X status: show port-access authenticator show port-access authenticator <port> show port-access authenticator <port> clients show port-access mac-based <port> clients

RADIUS status: show radius show radius authentication show radius host <rxg_ip>

LLDP neighbors: show lldp info remote-device show lldp info remote-device <port>

MAC address table: show mac-address show mac-address ethernet <port>

Spanning tree: show spanning-tree show spanning-tree <port>

DHCP snooping: show dhcp-snooping show dhcp-snooping binding

Known Limitations

  • No SPB-m Fabric: HP switches do not support SPB-m fabric mode
  • Firmware Upgrades: Manual firmware upgrades required; not managed by rXg
  • Max VLANs Reboot: Increasing max-vlans requires switch reboot
  • Legacy SSH: Older ProCurve firmware requires legacy SSH algorithms
  • Session Limits: Some models have limited concurrent management sessions

Operational Caveats

  • Configuration Mode: HP switches enter config mode directly without explicit configure terminal on some models
  • No Page Command: Issue no page after login to disable output paging for automated sessions
  • Write Memory: Changes must be saved with write memory to persist across reboots
  • Primary VLAN: Management IP is tied to the primary VLAN; changing primary VLAN moves the IP
  • Max VLANs: Default max-vlans may be low (8-16); increase before creating many VLANs
  • Port Numbering: Port numbers are typically simple integers (1, 2, 3) not slot/port format
  • Menu Mode: Some older models boot to a menu interface; CLI access may need explicit selection
  • Manager vs Operator: ProCurve has two privilege levels: operator (read-only) and manager (read-write)
  • SSH Key Generation: RSA key generation can take 30+ seconds on older hardware
  • Authentication Order: When both 802.1X and MAB are enabled, 802.1X is attempted first, then MAB fallback

External References

About

RG Nets is the premium provider of gateways and centralized-authentication appliances designed to manage, provision, and protect revenue-generating networks. Our mission is to create tools that are so good, we would use our own money to buy them.

Company Links

Contact

316 California Ave.
Suite 331
Reno, NV 89509
+1 (408) 441 0100
[email protected]
Copyright 2026 RG Nets, Inc.
v2026.01-66-gc969c
Cookies help us deliver our services. By using our services, you agree to our use of cookies.