Mikko Kortelainen

Mikko Kortelainen

Enabling security on an HP ProCurve 4200 series switch

Sat 03-11-2007 15:34 by Mikko Kortelainen tags: Networking ProCurve 3 minute read

I had a chance to configure an HP ProCurve 4208vl switch the other day. The first impression was that the command line interface is heavily influenced by, if not directly copied from, the Cisco IOS command line interface. So if you have experience with IOS, you will probably feel almost at home on an HP switch. There are some differences, though.

The first thing I wanted to do was to enable ssh access and authentication, and disable telnet. Here's a quick howto.


Connect to the switch using the console cable or telnet.

First thing to do is to enter the configuration mode and generate a key for ssh. Only after the key has been generated is it possible to enable ssh:

ProCurve Switch 4208vl# configure
ProCurve Switch 4208vl(config)# crypto key generate ssh
depleted, this could take up to a minute.
ProCurve Switch 4208vl(config)# ip ssh
ProCurve Switch 4208vl(config)# ip ssh filetransfer
ProCurve Switch 4208vl(config)# end

That is not enough, however. You must set the operator and manager passwords to actually authenticate to the switch.

ProCurve Switch 4208vl# configure
ProCurve Switch 4208vl(config)# password manager
New password for Manager:
Please retype new password for Manager:
ProCurve Switch 4208vl(config)# password operator
New password for Operator:
Please retype new password for Operator:
ProCurve Switch 4208vl(config)# end

After the above changes, the web interface will also require a password. For some reason, you must leave the username field empty and input either the manager or the operator password in the password field.

To disable the telnet server:

ProCurve Switch 4208vl# configure
ProCurve Switch 4208vl(config)# no telnet-server
ProCurve Switch 4208vl(config)# end

To create a key and a self-signed certificate for SSL web access:

ProCurve Switch 4208vl(config)# crypto key generate cert 1024
Installing new RSA key.  If the key/entropy cache is
depleted, this could take up to a minute.
ProCurve Switch 4208vl(config)# crypto host-cert generate self-signed 11/01/2007 11/01/2017 sw1.koo.fi _ Techelp Helsinki _ fi
ProCurve Switch 4208vl(config)# web-management ssl
ProCurve Switch 4208vl(config)# aaa authentication web login local
ProCurve Switch 4208vl(config)# end

Write your configuration changes:

ProCurve Switch 4208vl# write memory