Friday Sep 22

Posts Tagged ‘how-to’

Jun
20/08
Successful 802.1X Every Time
Last Updated on Saturday, 28 January 2012 06:56
Written by JJ
Friday, June 20th, 2008
Share

It’s not rocket science, but any time we mingle and intertwine four or five different pieces of technology, there’s always the potential for a mess… or at least a misconfiguration or two along the way. Don’t know what 802.1X is? Check out the recent 802.1X technology primer.

If you’re planning to, or are implementing wired 802.1X, wireless security and/or NAC, the contents of this blog may save you hours of time and trouble. (more…)

Tags: , , , , ,   |  Posted under NAC & 802.1X  |  Comments  2 Comments
Jan
30/08
ProCurve PCM+ Quick Start Tips
Last Updated on Tuesday, 12 August 2008 03:35
Written by JJ
Wednesday, January 30th, 2008
Share

Tips & Tricks: HP ProCurve PCM+ (ProCurve Manager Plus)

Occasionally I like to throw something useful out there- so here goes! Included are some tips and tricks for getting started with ProCurve’s PCM+. PCM is the management software for ProCurve Networking devices, switches, wireless and security. I’ll give you a brief overview of the available options and plug-ins at the end.

What to Install. When you install PCM+, other plug-ins are included in the install package, so you’ll be prompted to select which components to install. My advice- start with PCM+ only. Once you layer in the other plug-ins, the menus, options and views become intertwined and it’s hard to tell what’s a native PCM+ option, or something included in IDM, NIM or PMM (see end for plug in details). If you’ve already purchased licenses for one or more of the others, go ahead and install them. Otherwise, load PCM+, get used to it, then add a plug in. It’s the only way you’ll know if you want/need the additional features from the plug in.

Selecting a Start From Device. When you first install PCM or PCM+, it will ask for a ‘start from’ device, which is exactly what it sounds like- it’s a starting or seed device from which the network sweep will start. Generally, you want something close to the ‘root’ of the network tree- something in the center. Most likely, you have a mixed environment, with other equipment in the WAN or core area of the network. In these cases, we suggest you use a start from device that’s the ProCurve device closest to the core/WAN area, even if it’s a hop or two out from what you consider your core. If the management server you’re loading PCM on is directly attached to a ProCurve switch, that’s another good place to start. You can change this setting later under Preferences if your first choice isn’t working well for you.

Connecting PCM to MyProCurve.com. You may have a reason you don’t want to do this, but barring that, I recommend customers select the option to link PCM+ to their MyProCurve account. MyProCurve provides some asset management and is how you download software and generate license keys for purchased software. If it’s linked to your PCM, it makes the transfer one step easier, keeps a correct inventory of your network devices and lets you set alerts when new software updates are available for your switch types.

Structure. Understanding the general structure will give you a good feel for where to find things. There are a variety of menus, each available in a variety of contexts. You can view information for a) the entire network, b) a group of switch series, c) a custom defined group, d) a specific switch and even e) a specific port (where applicable). If you’re looking for specific information, be sure you’re where you want to be in the left navigation pane- on the overview, on the group, or on a single switch.

Initial Configuration Scan. PCM will give you nice dashboard views of your switches at a glance, from the main dashboard, or a series of sub-boards. The information used for these tallies is incomplete until the device has undergone an initial Configuration Scan. Your pie charts may display unscanned switches as ‘other’. The Scan Device option is available from drop-down menus when you right click on device(s) and in the main tool menu (look for the wrench). You can set an optional comment for the scan- not required and not necessary for initial scans, but may be helpful when scanning after config changes. The Scan Device tool will pull down the current software version and all the configuration details. You can then see if all switches are up to current (or your preferred) firmware version and see a side by side comparison of the most recent configurations. You can perform a manual scan, or schedule scans for a single device or group of devices.

Network Map View. Click Network Map in the left navigation pane for an overall Network Map View. This view is a good ‘default view’ for checking out your network. Switches appear with green backgrounds when all is good. If you see yellow or red- you’ve got problems. When you’re in the Network Map view, you see the default option to the immediate left to view health based on Ping Status. If you have NIM loaded, you’ll see other security-related options in the drop down. In that same area, you can also select to view the switch connections based on other parameters, such as VLANs and link traffic. Other check boxes let you select to display labels for Port Numbers, Link Speed and Discovery Protocol (usually LLDP). Another nice option is the ‘save layout’ checkbox at the top of the screen. Use this to preserve your arrangement of switches in the view. (Note, each view will have its own saved version).

Checking Out the Switches. The best screens to start familiarizing yourself with PCM and the switch views would be under the device Dashboard tab. Dashboards are available in several contexts, your PCM main dashboard displays a variety of network information (and security details if NIM is installed). To view details for a particular switch, click on the switch (IP/name) from the left navigation pane and view the Dashboard tab. The main screen here will give you basic switch info, the friendly name you assigned it, it’s IP, serial number, firmware, etc. At the bottom of the Dashboard, you’ll see a generic photo of the switch model. You can click on this photo to connect directly to the switch’s Web GUI interface in a browser window. In that photo area in the PCM Dashboard is also a ‘Live View’ tab. Click this tab for a current look at active ports and an overview of which are drawing PoE. You can click on ports to view the assigned port name and properties. Note, the Live View requires Java, so if the image doesn’t display that’s the first thing to check.

VLAN Views. It’s easy to miss an uplink tag here or there along the way. A great way to check your VLANs at a glance is to use the Network Map > VLANs view. You can select an individual VLAN and look for any inter-switch links missing. There’s also a tab available at the top for Port Properties- which will show you all the tagged and untagged ports in that VLAN. A great troubleshooting tool if you have multiple VLANs and several switches.

Using Find Neighbors Of. I love the Find Neighbors tool- look for the binoculars icon. This lets you enter an IP or MAC address and find directly connected devices- whether they’re other switches, servers, desktops or other devices (APs, Phones, etc). It’s an easy way to view the connected devices, or map edge ports, such as servers, on a switch. The results will give you (among other things), port number, IP and DNS name (if applicable).

Traffic Views. Use the traffic views, either for the entire network under the main dashboards, or for a specific switch or group, to track down Ports Behaving Badly (maybe Ports Gone Wild?) anyway- it’s a great troubleshooting tool for finding traffic problems, oversubscribed links and even chatty NICs. You can drill down to specific ports and get some very detailed information on Tx, Rx and types of traffic- broadcast, multicast, protocol and such.

Managing from Your Desktop. PCM+ comes with a desktop agent that can be installed to operate PCM+ from your desktop (vs the server it’s installed on). Many customers choose to RDP into the server, but that’s not always the most reasonable solution, especially if multiple users are accessing PCM. Installing the desktop agent is easy- you simply download it by browsing to the secure web GUI. There is a trick though- you need to add your desktop to the list of allowed management PCs in PCM+. This is done in a basic text file (.txt) located in the PCM+ directory. Think of it as an allowed managers IP list on a switch. 

Troubleshooting. Software is never perfect. If you get pages hanging, you might try to just close and restart PCM+. If you start PCM+ and it “can’t find the PCM Server”, stop and restart the PCM-related services in Windows. If it appears new devices aren’t appearing or updating, go to Preferences > Discovery and stop, then start each of the discovery methods. If your switches aren’t connected in the Network Map, there are probably non-ProCurve devices between them that are hindering the discovery protocol(s) (ie ICMP may be turned off).

 

Plug-ins for PCM+. There are some pretty nifty options available for PCM+. All the software add-ins from ProCurve run as plug-ins to PCM+, offering a ‘single pane of glass’ view for network management. I’m giving you the 20-second drive-by version of each- feel free to find more at ProCurve’s site.

I’ll start with my favourite- Network Immunity Manager (NIM), which is a security add-in that collects and uses sFlow data for a network-wide analysis of traffic to identify anomalous behaviour actually take action at the port level. NIM can also interact with 3rd party security devices (firewalls) for more in-depth analysis. Next, check out ProCurve Mobility Manager (PMM) if you’re running ProCurve wireless solutions- including their light (WESM/Radio Port) or heavy AP (420/530) solutions. If you were using PMM 1.X, you’ll be delighted at several new features in the new 2.0 release. Last, but definitely not least is Identity Driven Manager (IDM), which installs and latches an agent to your RADIUS to offer a truly unique and full-featured user management solution. Set specific ACLs and QoS per user and enforce them throughout the network, instead of at a central point. You can get a free 30-day trial of any or all of these from ProCurve’s site. \

# # #

More Content

Find more of my content at
- Low Tech Hacking book
- Dark Reading
- Network Computing
- IANS
- SearchSecurity
- TechTarget

Get Social

RSSFacebookLinkedinYoutube

Subscribe

Enter your email address:

Delivered by FeedBurner

NetworkedBlogs