Basic set-up of a 3com 4500 managed network switch

I’m a PHP developer by trade with a strong Linux background. One thing that has been lacking from my skill set is how networking really works.

In an effort to rectify this, I bought myself a 2nd hand managed network switch from ebay. A 26 port (24 x 10/100mb + 2 x 1gb) “3com SuperStack 3 Switch 4500”.

Flashing lights and noisy fans, I feel like I’m headed in the right direction.

First things first – can I plug it into my router (with DHCP), have it get an IP address and log into the web interface?

No ūüôĀ

Using nmap to sweep the subnet, that the router manages, returned no results for the known MAC address of the switch.

Even checking the router for connected devices didn’t list the known MAC address of the switch.

If I wasn’t getting into the system via the network, I would have to use the console port instead.

As I didn’t have a null modem cable to hand, and I don’t have an active machine with a d9 serial port, I grabbed something from Amazon:¬†http://www.amazon.co.uk/gp/product/B00HUZ6OMQ¬†(NB: does not work with this switch, keep reading)

As I’m a Linux user, I would be playing with /dev/ttyUSB0. And to use that, my user has to be in the dialout group:

sudo usermod -a -G dialout iain

Connecting to the serial console should be easy with:

byobu-screen /dev/ttyUSB0 19200

Hooked up the cable, ran the command to bring up the serial interface and switched on the switch.

This, annoyingly vertical, video shows that something happens (watch the green block skit around in the black window) but no text appears: https://www.youtube.com/watch?v=sXVYtClNDYU

Every different program I tried (screen, minicom, putty) to connect to the device all resulted in the same output.

Thanks to fellow 3com switch owner Intrbiz, I have been able to borrow a known working cable.

Hooked up between the PC and switch, ran the byobu-screen command and turned on the switch – It lives!

Now that I have a way of talking to the switch, I can configure it in a way so that I don’t need the console cable (as much).

 

Factory reset (this requires the console cable):

We need to factory reset for the following reasons:

  • remove any unknown users
  • restore the admin password to the factory default
  • remove any network configuration set-up by the previous owners
  • set-up our own network configuration

Start a console session and power on or reboot the switch.

  • Hit ctrl+b when prompted. Be quick, you don’t get long.
  • Now in the boot menu, tell the switch to ignore the saved configuration for the next reboot (option 7).
  • Reboot the switch (option 0).

Let it boot normally and wait until something like this appears:

User interface aux0 is available.
Please press ENTER.
  • Hitting enter will log you in as the admin user.
<4500>
%Jun 6 13:41:38:126 2015 4500 SHELL/5/LOGIN:- 1 - Console(aux0) in unit1 login
  • Hit enter again to put your cursor on a new line, not at the end of the debug output line.¬†Enter “save” to save the default configuration over the configuration that was written by the previous owner.
<4500>save
The configuration will be written to the device.
Are you sure?[Y/N]y
Please input the file name(*.cfg)(To leave the existing filename 
 unchanged press the enter key):
Now saving current configuration to the device.
Saving configuration. Please wait...
......
 Unit1 save configuration flash:/ccc.cfg successfully
<4500>
%Jun 6 13:43:04:746 2015 4500 CFM/3/CFM_LOG:- 1 -Unit1 saved configuration successfully.
<4500>

It’s now safe to reboot or power cycle the switch as much as you like and it’ll have the factory default settings.

 

Assign a static IP address to the network switch (this requires the console cable):

  • Ensure that the switch has booted and then connect to the console
byobu-screen /dev/ttyUSB0 19200
[- press enter if the screen is just blank -]
<4500>
  • Enter the system view
<4500>system-view
System View: return to User View with Ctrl+Z.
[4500]
  • Switch to vlan 1
[4500]interface vlan 1
[4500-Vlan-interface1]
  • Set an IP address followed by netmask
[4500-Vlan-interface1]ip address 192.168.1.13 255.255.255.0
[4500-Vlan-interface1]
  • Set the default route for the switch
[4500-Vlan-interface1]ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
[4500]
  • Return to the user view
[4500]quit
<4500>
  • Save the configuration
<4500>save
The configuration will be written to the device.
Are you sure?[Y/N]y
Please input the file name(*.cfg)(To leave the existing filename 
 unchanged press the enter key):
Now saving current configuration to the device.
Saving configuration. Please wait...
......
 Unit1 save configuration flash:/ccc.cfg successfully
<4500>

 

Enable SSH login (this requires the console cable):

  • Ensure that the switch has booted and then connect to the console
byobu-screen /dev/ttyUSB0 19200
[- press enter if the screen is just blank -]
<4500>
  • Enter the system view
<4500>system-view
System View: return to User View with Ctrl+Z.
[4500]
  • Create the public SSH key
[4500]public-key local create rsa
The range of public key size is (512 ~ 2048). 
NOTES: If the key modulus is greater than 512, 
 It will take a few minutes.
Input the bits in the modulus[default = 1024]:
Generating keys...
...............................................................................++++++
.....................................................++++++
......
[4500]
  • Configure the authentication mode
[4500]user-interface vty 0 4
[4500-ui-vty0-4]authentication-mode scheme
[4500-ui-vty0-4]
  • Enable the SSH protocol for inbound connections
[4500-ui-vty0-4]protocol inbound ssh
[4500-ui-vty0-4]
  • Exit the interface configuration and return to the system-view
[4500-ui-vty0-4]quit
[4500]
  • Create a new user for our SSH connections
[4500]local-user client001
New local user added.
[4500-luser-client001]
  • Set the user’s password
[4500-luser-client001]password simple abc4567890
Updating user password, please wait..........
[4500-luser-client001]
  • Give the user SSH access
[4500-luser-client001]service-type ssh level 3
[4500-luser-client001]
  • Exit back to the system view
[4500-luser-client001]quit
[4500]
  • Allow the user to login via SSH using their password
[4500]ssh user client001 authentication-type password
[4500]
  • Exit back to the user view
[4500]quit
<4500>
  • Save the configuration
<4500>save
The configuration will be written to the device.
Are you sure?[Y/N]y
Please input the file name(*.cfg)(To leave the existing filename 
 unchanged press the enter key):
Now saving current configuration to the device.
Saving configuration. Please wait...
......
 Unit1 save configuration flash:/ccc.cfg successfully
<4500>
  • Check that the SSH login works
snafu2 ~ $ ssh client0011@192.168.1.13
The authenticity of host '192.168.1.13 (192.168.1.13)' can't be established.
RSA key fingerprint is 6c:46:57:da:74:f3:9d:e0:80:4e:46:c1:a8:9a:d3:83.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.13' (RSA) to the list of known hosts.
client001@192.168.1.13's password:
********************************************************************************
* Copyright(c) 2004-2012 3Com Corp. and its licensors. All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
********************************************************************************
<4500>
%Apr 1 23:58:56:199 2000 4500 SHELL/5/LOGIN:- 1 - client001(192.168.1.4) in unit1 login
<4500>

 

Enable Web login (this can be done with the console cable or an SSH session to the switch):

  • Connect to the switch via the console
  • Change to the system view
<4500>system-view
System View: return to User View with Ctrl+Z.
[4500]
  • Switch to the admin user
[4500]local-user admin
[4500-luser-admin]
  • Configuration stuff
[4500-luser-admin]attribute access-limit 1
[4500-luser-admin]level 3
[4500-luser-admin]service-type telnet level 3
[4500-luser-admin]service-type lan-access
[4500-luser-admin]
  • Return to the user view
[4500-luser-admin]quit
[4500]quit
<4500>
  • Save the config changes
<4500>save
The configuration will be written to the device. 
Are you sure?[Y/N]y
Please input the file name(*.cfg)(To leave the existing filename 
 unchanged press the enter key):
Now saving current configuration to the device. 
Saving configuration. Please wait...
......
 Unit1 save configuration flash:/ccc.cfg successfully
<4500>

 

Reference

Firmware: https://h10145.www1.hp.com/downloads/SoftwareReleases.aspx?ProductNumber=JE045A

Enabling SSH logins: http://h30499.www3.hp.com/t5/Comware-Wireless-Unified-Series/How-To-Enable-SSH-In-3com-4500-Switch/td-p/2318357#.VXLVtd9jPRY

Fixing the web login: http://brittadams.com/blog/2014/08/25/unable-to-log-into-web-interface-3com-4500-switch/