Adding Custom Device Fingerprints to the HPN BYOD Solution

So I was working on the new HP BYOD Solution in my lab and I just didn’t have enough wireless devices to really make it interesting.  So I decided to look for other devices in my house which I could connect to the HPN BYOD Controlled  MSM controller-based wireless networks.

I did find a Nintendo Wii, but we don’t have fingerprints in IMC to properly identify the Nintendo Wii.  I guess Nintendo didn’t make the cut.   ( They don’t even support WPA2 Enterprise!!! )

 

Anyways, the great thing about HP’s new BYOD solution, based on IMC and UAM, is the ability for operators to extend the default fingerprints to devices beyond what was shipped with the product. Although the process does require some knowledge of wireshark, it’s nothing that a little google-technician skills can’t get you through.  The adding of fingerprints was super easy. 

Creating the foundation

So before we actually get to creating the fingerprints, we need to create the custom vendor, endpoint type, and OS type that we’re going to assign to the DHCP and HTTP fingerprints we are going to create. If you’re doing this for a new smart phone, like the blackberry 10, you’ll probably be able to skip this step as RIM is already listed as a vendor. As you can imagine, Nintendo wasn’t 

So let’s look at what the process looks like. 

Add Vendor

As you can imagine, there’s no default vendor category for Nintendo, so I’m going to go into the Service>>User Access Manager>> Endpoint Identification Management>>Vendor screen and add a new vendor

NewImage

 

Add Endpoint Type

 

IMC ships with a bunch of endpoint types by default to cover all the normal devices you would see in a business environment. I don’t see that many Wii’s in offices these days though, so we’ll have to create this one too.

 

NewImage

 

Add OS type

Again, No love for Nintendo in the OS department.  Let’s add that too.

 

NewImage

 

 

 

Creating the fingerprints 

For those of you who don’t know, IMC uses digital fingerprints to be able to identify devices accessing the network. We use a combination of characteristics that are mostly unique to one specific type of device to be able to make an educated decision on the model, operating system, and type of the endpoint accessing the network. The three types of fingerprints we can use are

DHCP Fingerprint – In this option IMC uses the options requested in the DHCP client option 55 field to identify the device requesting an address. The specific sequence and number of options are considered to be unique to that specific operating system.  ie. All Nintendo Wii machines should request the same values in the same order in the option 55 field of the DHCP request packet. This is considered to be the most reliable of the fingerprinting techniques.

HTTP User-Agent – In this option IMC uses the User-agent portion of the HTTP request headers sent to the BYOD web server to be able to identify the device requesting the webpage. As most browsers will identify themselves through the use of HTTP User-Agent, this is a still a good method for making an educated decision.

 

MAC Address – In this option IMC uses the MAC address, obtained through the RADIUS server, to identify the vendor based on the MAC address OUI.  This is considered to be the weakest form of fingerprinting, but necessary as some devices do not use a unique DHCP signature, nor a web browser. An example of this might be an IP Telephone or Printer. 

 

So let’s get started here and setup our first fingerprint.

Capture the DHCP fingerprint

This is where the nerdiness starts. I have a Windows Active Directory Server that is serving up addresses for the network that my Wii connects to. So I just installed wireshark on the domain controller and start capturing packets. 

note:  I use the filter bootp.option.type == 53 which will get allow me to see just the DHCP traffic. Cuts down on the packets I need to look through. 

I turn on my Nintendo Wii and wait a few seconds for it to try and connect to the network

 

NewImage

Now that I’ve got the packet, I need to look a little closer for the Option 55 information.  INSERT SOME INFO ON OPTION 55 FROM WIKI

You can see in the packet capture above that the option 55 parameters list has a length of 6, and the values are 1,3,6,15,28, and 33.

 

Creating the DHCP Fingerprint

 

So now we go back to the IMC console and navigate to Service>>User Access Manager>> Endpoint Identification Management>> DHCP Character Identification Configuration

click the add button and input the values above

 

NewImage

 

Now that we’ve got the DHCP Fingerprint, let’s go after the HTTP Fingerprint.

 

Capturing the HTTP User-Agent Fingerprint

This time, I”m  running a packet trace from wireshark loaded on my IMC machine ( this is handy for a whole bunch of reasons)  I use the Internet Channel on my Wii and attempt to login to the IMC server. Now I check Wireshark again, this time using HTTP as the filter. I could also add the filter for the specific host 10.101.0.116, but in this case it’s just as easy to resort by the source server and get to the right packet.

NewImage

There it is… “Nintendo Wii”.

 

Now that I’ve got the HTTP User Agent Signature, I can now go back to IMC and add that in as well.

 

 

Creating the HTTP User-Agent Fingerprint

NewImage

 

Putting it all together

So, we created the DHCP Character Identification as well as the HTTP User Agent Feature Identification. Now we’re going to connect the wii to the BYOD-enabled wireless network and see what the  test this out and see what our work has gotten us. 

NewImage

 

Fingerprinting Successful.  As you can see, the Nintendo Wii was identified by the DHCP client identifier and has been successfully registered in the endpoint MAC address management list in UAM.

 

 

The one step other step which I did skip here was adding a MAC address finger print to identify devices which would allow you to identify the device by it’s MAC address. To be honest, that doesn’t require a packet trace, so I skipped that step. What fun is something that doesn’t require a packet trace?

 

@netmanchris

Advertisements

Cisco Phones on HP Comware Switches

I ran into this again last week and I thought it might be a good idea to put this in writing for people who have made the choice to move to HP switches and still want to use the Cisco UC&C platform.  This is the HP Comware platforms configuration, I hope to hit the lab and write up a ProVision configuration as well in the near future. This is ONE way of doing this. For anyone considering implementing this, or any other technology, please read the documentation and try and understand what you’re typing in. There are a couple of different ways to get this to work, this is just the one I prefer as it’s easy for legacy Cisco folk to understand what’s been done in the configuration.

 

Debunking the Myths

Cisco Phones need Cisco PoE

It’s true that Cisco was the first vendor to release Power Over Ethernet Switches. Inline power ( as it was called in those days ) was first released on the Cisco 3500XL switches back in the day. This was different and proprietary version of the 802.3af standard that we all know and love today. Fortunately for Cisco, and unfortunately for many customers, the second generation of Cisco Phones, the 7940/7960 era was only powered by Cisco’s Inline Power standard. They just wouldn’t come up with standards-based 802.3af power.

This means that many customers had no choice but to buy the Cisco switches to support the Cisco phones. You always had the option of buying a power brick per phone at a cost of about 60$ a piece. Management nightmare. I only saw one customer ever do that. ( twitch twitch… twitch twitch… ok. I’m ok now )

There are a LOT of customers who still have those device in their environments, So the question becomes:

Can I still use HP switches if I have old Cisco phones? Cisco told me that my Cisco phones don’t work on HP switches.

The answer is: Yes. They will absolutely work!   HP has done the work to get older phones to work on both the Comware and ProVision devices. This blog is Comware focused, but I’ll try to get back with a ProVision configuration soon!

Configuring your HP Comware Switch to deliver PoE to Cisco Phones

On a Comware based switch, the commands you’ll need to use to get this working are the following at the global level

[HP_E5500EI]poe legacy enable pse 4

At the port level, you may also have to enable PoE on the port

[HP_E5500EI-GigabitEthernet1/0/1]poe enable 


Cisco Phones need CDP to work

Once upon a time, CDP was the only neighbour discovery protocol in town. Cisco needed a way to push the voice vlan to their pre-standard phones, and CDP became the easiest way for them to do this. Most other vendors at this time were using specific DHCP options in a standards based environment. Then along came LLDP and LLDP-MED.  Other than the isolated cases where the customer still has the original second generation Cisco Phones in place, there is virtually no reason to be using CDP for the voice vlan today. LLDP works great and is supported by all the leading telephony vendors, including Cisco phones since around 2007. (You might need newer firmware on your phones.)

So the question is:

How do I setup my HP switch to send the right voice vlan to my cisco phone using LLDP? And what about my older phones? Are you telling me I have to buy all new phones to move to HP?

The answer: Yes, we can use lldp, and No, you don’t have to buy new phones. 

Especially in an era of Microsoft Lync, I’m starting to see more and more customers with a mobile work force who are starting to abandon the traditional handset mentality. Or in some cases, it’s even better for the business because employees are actually bringing in their own mobile devices and installing the Microsoft Lync client. Who would have thought we would ever be happy having to buy our own phones for work? 🙂

So on to the configuration, I’m going to do two configurations here and it will quickly become clear why.  For older Cisco CDP phones, HP Comware switches use the MAC Address  OUI (object unique identifier ) which is basically the first half of the MAC address that is assigned to a specific vendor.  What this means is that for some Cisco environments who have been buying phones over a few years, you could end up having to manage a TON of MAC addresses OUIs in your switch configurations. The first example will be the quick way, although arguably slightly less insecure, to assign Voice VLANs to legacy Cisco Phones.  Although arguably, if you’re concerned about security in your environment, I would recommend that you replace all your legacy Cisco phones anyways considering the ( Legacy Cisco Phones allowed a packet capture on the PC port to capture Voice VLAN traffic as well.  ) 

For those who really want to do this the “right way”, you’ll still need to run the undo commands and replace the single voice clan mac-address statement in this configuration snippet with the 128 lines included at the end of this blog. ( Anyone know why Cisco burned through so many? Seriously? That’s a LOT of OUIs! I’m SURE they could have handled this with a lot less!). 

 VLAN leaking issues.

The Environment

 

Screen Shot 2012 10 31 at 12 16 02 AM

As you can see this is a pretty simple environment. CCM in VLAN10 connected to a HP 5500EI switch. The phone is directly connected to the switch on interface gigabit 1/0/5 and the PC is plugged into the phone.  The Phone should be sending all Voice traffic tagged on VLAN 20 and the PC should be sending all traffic untagged on VLAN 30.

Any questions?

 

Configuring your HP Comware Switch to deliver the Voice VLAN to Cisco Phones

The following commands are all performed at the global level.

  • #The following commands are used to disable the factory mac-address OUIs.
  • undo voice vlan mac-address 0001-e300-0000
  • undo voice vlan mac-address 0003-6b00-0000
  • undo voice vlan mac-address 0004-0d00-0000
  • undo voice vlan mac-address 0060-b900-0000
  • undo voice vlan mac-address 00d0-1e00-0000
  • undo voice vlan mac-address 00e0-7500-0000
  • undo voice vlan mac-address 00e0-bb00-0000
  • #These command creates a couple of  mac-oui’s which will respond to any LLDP-MED or CDP capable phone plugs into the network. 
  • voice vlan mac-address 0000-0000-0000 mask ff00-0000-0000
  • voice vlan mac-address 8000-0000-0000 mask ff00-0000-0000
  • undo voice vlan security enable

 

note: We need the large “any oui” wildcards to support the number of non-contiguous and broad range of Cisco Prefixes. 

  • # You must Globally enable LLDP
  • lldp enable
  • # You must enable LLDP for CDP Compliance mode
  • lldp compliance cdp

 

As you can see above, instead of having hundreds of voice vlan mac-address… with all of the Cisco OUI  ( scroll to the bottom for a list of the different Cisco specific mac-address OUIs that my peers and I have collected over the years ),  you can instead put in a single statement that will allow you to send out the voice VLAN when any Cisco phone plugs into the network.

Now for the interface specific commands

 

  • interface GigabitEthernet1/0/5
  • port link-mode bridge    <–  Switchport, Could be a routed port, but that won’t work here.
  • port link-type trunk    <–  Turns the port into a dot1q trunk. You need this to carry a tagged VLAN across the wire
  • port trunk pvid vlan 30    <–  Tells the port that it’s untagged VLAN is 30.
  • undo port trunk permit vlan 1    <– Removes VLAN 1  from the trunk port. Not necessary for this to work.
  • port trunk permit vlan 20 30    <– Allows the trunk to carry traffic from both the designated Voice and the Data VLANs.  
  • undo voice vlan mode auto   <– Turns off voice clan auto mode. 
  • voice vlan 20 enable       <– Tells the switch to advertise dot1q VLAN 20 as the Voice VLAN via LLDP-MED and CDP on this port.
  • broadcast-suppression pps 3000
  • undo jumboframe enable
  • apply poe-profile index 1   <– This calls to a centrally defined PoE profile.
  • stp edged-port enable   <– similar to port fast in Cisco terms.
  • lldp compliance admin-status cdp txrx    <– Allows read/write of CDPv2 packets on this port.

 

 

The Right Way vs. Reality

 

As most of you already know, the real world is messy. There are very often tradeoffs in the world, mostly in the way of time. The method I showed above does indeed work, and it removes the operation burden of having to keep track of Cisco’s unique mac-address OUIs. Is it the most secure method in the world? Probably not, but security is always a tradeoff between how difficult it is to implement and operate and how important it is to secure the information asset in question. 

 

Most phone calls just aren’t that important to be honest. 

 

But… for those of you who really insist on doing this the “right way”, I’ve included this non exhaustive list of the unique mac-address OUIs that Cisco has put on their phone models over the years. This is something that my peers and I have put together over the years and hopefully it might help someone out there.  If anyone does have additional Cisco Phone OUIs that are not included in this list. Please post them in the comments and I would be happy to update them here! 

 

Hopefully someone will find this helpful. If you do notice that something has changed and this configuration doesn’t work for you; Please feel free to drop me a line and let me know. I’ll be happy to update my blog. I’d rather be wrong and someone tell me than just thinking I’m right. : )

 

@netmanchris

 

List of Cisco Phone Mac-address OUIs

  • voice vlan mac-address 0002-B900-0000
  • voice vlan mac-address 0003-6B00-0000
  • voice vlan mac-address 0003-E300-0000
  • voice vlan mac-address 0005-3200-0000
  • voice vlan mac-address 0005-9A00-0000
  • voice vlan mac-address 0005-9B00-0000
  • voice vlan mac-address 0006-D700-0000
  • voice vlan mac-address 0007-0E00-0000
  • voice vlan mac-address 0007-5000-0000
  • voice vlan mac-address 0008-2100-0000
  • voice vlan mac-address 000B-5F00-0000
  • voice vlan mac-address 000B-BE00-0000
  • voice vlan mac-address 000B-BF00-0000
  • voice vlan mac-address 000c-ce00-0000
  • voice vlan mac-address 000D-2900-0000
  • voice vlan mac-address 000D-6500-0000
  • voice vlan mac-address 000D-BC00-0000
  • voice vlan mac-address 000D-ED00-0000
  • voice vlan mac-address 000E-3800-0000
  • voice vlan mac-address 000E-8400-0000
  • voice vlan mac-address 000E-D700-0000
  • voice vlan mac-address 000F-2300-0000
  • voice vlan mac-address 000F-3400-0000
  • voice vlan mac-address 000F-8F00-0000
  • voice vlan mac-address 0011-2000-0000
  • voice vlan mac-address 0011-2100-0000
  • voice vlan mac-address 0011-5C00-0000
  • voice vlan mac-address 0011-9300-0000
  • voice vlan mac-address 0011-BB00-0000
  • voice vlan mac-address 0012-0000-0000
  • voice vlan mac-address 0012-7F00-0000
  • voice vlan mac-address 0013-1900-0000
  • voice vlan mac-address 0013-1A00-0000
  • voice vlan mac-address 0013-7F00-0000
  • voice vlan mac-address 0013-8000-0000
  • voice vlan mac-address 0013-C300-0000
  • voice vlan mac-address 0013-C400-0000
  • voice vlan mac-address 0014-1C00-0000
  • voice vlan mac-address 0014-6900-0000
  • voice vlan mac-address 0014-6A00-0000
  • voice vlan mac-address 0014-A900-0000
  • voice vlan mac-address 0014-F200-0000
  • voice vlan mac-address 0015-6200-0000
  • voice vlan mac-address 0015-2B00-0000
  • voice vlan mac-address 0015-F900-0000
  • voice vlan mac-address 0015-FA00-0000
  • voice vlan mac-address 0016-4600-0000
  • voice vlan mac-address 0016-4700-0000
  • voice vlan mac-address 0016-C800-0000
  • voice vlan mac-address 0017-0E00-0000
  • voice vlan mac-address 0017-5900-0000
  • voice vlan mac-address 0017-5A00-0000
  • voice vlan mac-address 0017-9400-0000
  • voice vlan mac-address 0017-9500-0000
  • voice vlan mac-address 0017-E000-0000
  • voice vlan mac-address 0018-1800-0000
  • voice vlan mac-address 0018-1900-0000
  • voice vlan mac-address 0018-1D00-0000
  • voice vlan mac-address 0018-7300-0000
  • voice vlan mac-address 0018-B900-0000
  • voice vlan mac-address 0018-BA00-0000
  • voice vlan mac-address 0019-0600-0000
  • voice vlan mac-address 0019-2F00-0000
  • voice vlan mac-address 0019-3000-0000
  • voice vlan mac-address 0019-AA00-0000
  • voice vlan mac-address 0019-E700-0000
  • voice vlan mac-address 0019-E800-0000
  • voice vlan mac-address 001A-2F00-0000
  • voice vlan mac-address 001A-6D00-0000
  • voice vlan mac-address 001A-A100-0000
  • voice vlan mac-address 001A-A200-0000
  • voice vlan mac-address 001B-0C00-0000
  • voice vlan mac-address 001B-2A00-0000
  • voice vlan mac-address 001B-5300-0000
  • voice vlan mac-address 001B-5400-0000
  • voice vlan mac-address 001B-D400-0000
  • voice vlan mac-address 001B-D500-0000
  • voice vlan mac-address 001C-5800-0000
  • voice vlan mac-address 001D-4500-0000
  • voice vlan mac-address 001D-A200-0000
  • voice vlan mac-address 001E-1300-0000
  • voice vlan mac-address 001E-4A00-0000
  • voice vlan mac-address 001E-7A00-0000
  • voice vlan mac-address 001E-F700-0000
  • voice vlan mac-address 001F-6C00-0000
  • voice vlan mac-address 001F-9E00-0000
  • voice vlan mac-address 0021-1B00-0000
  • voice vlan mac-address 0021-5500-0000
  • voice vlan mac-address 0021-A000-0000
  • voice vlan mac-address 0022-5500-0000
  • voice vlan mac-address 0022-9000-0000
  • voice vlan mac-address 0023-0400-0000
  • voice vlan mac-address 0023-5E00-0000
  • voice vlan mac-address 0023-EB00-0000
  • voice vlan mac-address 0024-9700-0000
  • voice vlan mac-address 0025-8400-0000
  • voice vlan mac-address 0026-0B00-0000
  • voice vlan mac-address 0026-9900-0000
  • voice vlan mac-address 0026-CB00-0000
  • voice vlan mac-address 0030-9400-0000
  • voice vlan mac-address 04C5-A400-0000
  • voice vlan mac-address 04FE-7F00-0000
  • voice vlan mac-address 0817-3500-0000
  • voice vlan mac-address 081F-F300-0000
  • voice vlan mac-address 108C-CF00-0000
  • voice vlan mac-address 18EF-6300-0000
  • voice vlan mac-address 1C17-D300-0000
  • voice vlan mac-address 2893-FE00-0000
  • voice vlan mac-address 3037-A600-0000
  • voice vlan mac-address 5475-D000-0000
  • voice vlan mac-address 58BC-2700-0000
  • voice vlan mac-address 6416-8D00-0000
  • voice vlan mac-address 68BD-AB00-0000
  • voice vlan mac-address 68EF-BD00-0000
  • voice vlan mac-address 6C50-4D00-0000
  • voice vlan mac-address 9CAF-CA00-0000
  • voice vlan mac-address A40C-C300-0000
  • voice vlan mac-address A8B1-D400-0000
  • voice vlan mac-address B414-8900-0000
  • voice vlan mac-address B4A4-E300-0000
  • voice vlan mac-address B8BE-BF00-0000
  • voice vlan mac-address D057-4C00-0000
  • voice vlan mac-address DC7B-9400-0000
  • voice vlan mac-address E804-6200-0000
  • voice vlan mac-address EC44-7600-0000
  • voice vlan mac-address ECC8-8200-0000
  • voice vlan mac-address F025-7200-0000
  • voice vlan mac-address FCFB-FB00-0000





 

From Cisco to HP – Quick Start

It’s not uncommon that I have customer who are making the jump to HP networking gear from a Cisco  background.

This post is just a way for me to put together some resources for them to quickly get up to speed and to help make their lives easier.

Resources

CLI Reference Guide

If you’ve got a reasonable background in Cisco networking, the first thing you’ll want to check out is the HP Networking and Cisco CLI reference guide. Someone ( thankfully not me!) went through and created 292 pages of goodness in basically what is a small rosetta stone for a dual-vendor network.

If you know the command on a cisco IOS device. Do a quick search and you’ll find the HPN equivalent.

Interoperability Cook book

It’s VERY rare that I ever get involved in a greenfield environment. Most customers have a legacy network around, and many of those were built on Cisco equipment.  HP has taken this into consideration and put together the HP/Cisco Switching and Routing Interoperability Cookbook  which gives some clear guidelines on setting up both sides of the connections.

HP Press

A lot of people still haven’t caught on that HP Press was launched last year. There are already books out covering the major HP networking certifications, not to mention other HP product lines as well.  These are great resources to have on a shelf for those times when you just have to look something up.

Tips and Tricks

Spanning-tree is turned off by default

Whether or not you agree with this decision, HP has made it and you should be aware of it. If you’d like your new switch to participate in a (r/s/pv/TP ) environment. You’ll need to turn it on.

Command Aliases

I’ll admit it. After spending years in a Cisco world, the word ” show ” jumps out of my fingers faster and onto a keyboard faster than just about anything else except perhaps ” wr”   (  write mem for those of you who grew up in a copy running-configuration startup-configuration” era.  )

Even after years working with the comware products, ( which use the word display in place of show ) I still hit situations where the reflex just kicks in.

Luckily, HP has included a nice alias function which allows you to map new keywords to existing commands.
Included here is my list of commands which I keep on all my comware lab equipment. To say this outloud, there’s no excuse to not learn the new CLI. You will be a better engineer for it. But… it’s also nice to have a safety net for those moments when you’re fingers think faster than your brain.

HP Comware Cisco Alias command List

command-alias enable

command-alias mapping undo no

command-alias mapping reboot reload

command-alias mapping header banner

command-alias mapping reset clear

command-alias mapping acl access-list

command-alias mapping port switchport

command-alias mapping stp spanning-tree

command-alias mapping snmp-agent snmp-server

command-alias mapping user-interface line

command-alias mapping display show

command-alias mapping return end

command-alias mapping quit exit

command-alias mapping sysname hostname

command-alias mapping acl access-list

command-alias mapping save write

command-alias mapping delete erase

command-alias mapping info-center logging

 

note: If anyone has any I’ve missed here, please feel free to post in the comments and I’ll try and update the post.

Hotkeys

One of the other nice touches that HP has done with Comware is to include system hotkeys. This allows you a VERY quick way to input commands without typing the whole thing out. Wonderful for those situations where you can’t see where you are typing. Turned on too many debugs? CTRL_O will perform an “undebugging all” command for you and you get your terminal session back.

There are some default system ( unchangeable ) as well as some user-definable hotkeys which are listed here.

            =Defined hotkeys=

Hotkeys Command

CTRL_G  display current-configuration

CTRL_L  display ip routing-table

CTRL_O  undo debugging all

 

           =Undefined hotkeys=

Hotkeys Command

CTRL_T  NULL

CTRL_U  NULL

 

            =System hotkeys=

Hotkeys Function

CTRL_A  Move the cursor to the beginning of the current line.

CTRL_B  Move the cursor one character left.

CTRL_C  Stop current command function.

CTRL_D  Erase current character.

CTRL_E  Move the cursor to the end of the current line.

CTRL_F  Move the cursor one character right.

CTRL_H  Erase the character left of the cursor.

CTRL_K  Kill outgoing connection.

CTRL_N  Display the next command from the history buffer.

CTRL_P  Display the previous command from the history buffer.

CTRL_R  Redisplay the current line.

CTRL_V  Paste text from the clipboard.

CTRL_W  Delete the word left of the cursor.

CTRL_X  Delete all characters up to the cursor.

CTRL_Y  Delete all characters after the cursor.

CTRL_Z  Return to the User View.

CTRL_]  Kill incoming connection or redirect connection.

ESC_B   Move the cursor one word back.

ESC_D   Delete remainder of word.

ESC_F   Move the cursor forward one word.

ESC_N   Move the cursor down a line.

ESC_P   Move the cursor up a line.

ESC_<   Specify the beginning of clipboard.

ESC_>   Specify the end of clipboard.

Display this

Wow. I can’t say enough about how much I love this command. In a nutshell, display this ( or show this if you have the alias function turned on ) is a context sensitive command that will show you the configuration elements applicable to exactly where you are in the operating system hierarchy.

You want to see what configurations is applied to a specific port? No more  ” do show run inter gig 1/5″.  You just type in “display this” and you get the output.  What about when you’re in the RADIUS configuration mode?  Yup. Display this. Configuring OSPF or BGP on a switch? Display this.

It may seem like a very minor thing, but trust me, you will appreciate the consistency and the simplicity in a very short time.

This post is not intended to make you an expert on HP’s Comware OS, but hopefully, if you’re already a reasonably good networking professional, this will give you a leg up in getting up to speed quickly.

Misc

As with most modern Network OS’s, I would also remind everyone that

  • piping is supported

ex.  display running-configuration | include SNMP

  • the TAB key does auto-complete.
  • The question mark (?) is your friend. When it doubt use it and you will probably see what you’re looking for.

 

Did I miss any other getting started tips? Please feel free to post in the comments!

@netmanchris