rss logo

Essential HP Switch CLI Commands

HP logo

Configuration

  • HP 5130-24G-4SFP+ EI (JG932A)
  • HP 5130-24G-SFP-4SFP+ EI (JG933A)

Basic CLI Commands

  • Enter system-view / global configuration mode (equivalent to conf t in Cisco):
<Switch> system-view
  • Use the undo command to disable features:
[Switch] undo stp enable
  • Set a custom hostname for the switch:
[Switch] sysname Switch
  • Save the current configuration with the save command:
[Switch] save
[Switch] save force
  • Set the switch IP address:
[Switch] interface vlan-interface 1
ip address 192.168.20.10 255.255.255.0
  • Set default gateway (e.g., ip route-static 0.0.0.0 0.0.0.0 [GATEWAY]):
[Switch] ip route-static 0.0.0.0 0.0.0.0 192.168.1.254
  • Reboot the switch using the reboot command:
<Switch> reboot
  • Set the legal and motd banners for the CLI:
[Switch] header legal "Configures the banner to be displayed before a user inputs the username and password to access the CLI"
[Switch] header motd "Configures the greeting banner to be displayed before the legal banner appears"

Display System Information

  • Use the display boot-loader command to check firmware details and boot order:
<Switch> display boot-loader
  • Display serial number:
<Switch> display device manuinfo slot 1
  • Display device information:
<Switch> display device
<Switch> display system stable state
<Switch> display version
  • Display mac address learned:
<Switch> display mac-address

User Account Configuration

The commands below show how to create administrative user accounts for HP switches running Comware 5 and 7.

Old (Comware 5)

  • Create and configure the admin user account:
[Switch] local-user admin
[Switch-luser-manage-admin] password simple password
[Switch-luser-manage-admin] authorization-attribute level 3

New (Comware 7)

  • Create and configure the admin user account:
[Switch] local-user admin
[Switch-luser-manage-admin] password
p@ssw0rd:p
p@ssw0rd:p
[Switch-luser-manage-admin] authorization-attribute user-role network-admin

Enable and Secure SSH Access

  • Generate the RSA key pair for SSH:
[Switch] public-key local create rsa
  • Enable the SSH service:
[Switch] ssh server enable
  • Disable support for SSH version 1:
[Switch] undo ssh server compatible-ssh1x
  • Enable scheme authentication for SSH users on the user line:
[Switch] local-user admin
[Switch-luser-manage-admin] service-type ssh

Spanning Tree Protocol (STP)

  • Enable STP (Spanning Tree Protocol):
[Switch] stp enable
  • Set RSTP (Rapid Spanning Tree Protocol) mode:
[Switch] stp mode rtsp
  • Set the bridge priority to make this switch the STP root:
[Switch] stp root primary
  • Display STP information:
<Switch> display stp

Access and Authentication Security

  • Set a password for console access:
[Switch] line aux 0
[Switch-line-aux0] authentication-mode password
[Switch-line-aux0] set authentication password simple "password"
  • Configure automatic logoff after inactivity:
[Switch] line aux 0
[Switch-line-aux0] idle-timeout "minutes" "seconds"
  • Set a timeout after 3 failed login attempts:
[Switch] password-control login-attempt 3 exceed lock-time 120
  • Disable the telnet service to enforce SSH-only access:
[Switch] no telnet server enable
  • Prevent using the username (or its reverse) as the password:
[Switch] password-control complexity user-name check
  • Specify the minimum number of password composition types (letters, numbers, symbols):
[Switch] password-control composition type-number "type number"

NTP Configuration (Time Synchronization)

  • Specify the NTP server address:
[Switch] ntp-service unicast-server 192.168.1.100
  • Specify the VLAN interface for the NTP server (optional):
[Switch] ntp-service source vlan-interface 10
  • Enable the NTP service:
[Switch] ntp-service enable
  • Display the switch's current time:
[Switch] show clock

VLAN and Trunk Configuration

Create and Assign VLANs

  • Create a VLAN and assign a name:
[Switch] vlan 10
[Switch-vlan10] name ADMIN
  • Assign the VLAN to an access port:
[Switch] interface GigabitEthernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type access
[Switch-GigabitEthernet1/0/1] port access vlan 10

Configure Trunk Interfaces

  • Set an interface to trunk mode and allow VLANs:
[Switch] interface GigabitEthernet 1/0/24
[Switch-GigabitEthernet1/0/24] port link-type trunk
[Switch-GigabitEthernet1/0/24] port trunk permit vlan 1 10

Updating HP Switch Firmware

You can find new firmware files on the official HPE downloads page.

  • Upload new firmware from a TFTP server to the switch:
<Switch> tftp TFTP_SERVER get FIRMWARE.ipe
  • Set the switch to boot from the new firmware version:
<Switch> boot-loader file flash:/FIRMWARE.ipe slot 1 main
  • Verify the boot order:
<Switch> display boot-loader
  • Reboot the switch to apply the new firmware:
<Switch> reboot