Disable Aruba Call Home Defaults

If you run current versions of Aruba OS on the according switch families, meaning the ProCurve legacy switches by Aruba aka Hewlett-Packard Enterprise, you may notice some strange behavior on you firewall. Although I can not state “since when” that is the case, our next generation firewall noticed exactly that.

Annoyingly this feature is enabled by default and as always with defaults with Aruba OS this activated silently some time ago with an update and is not shown in the running configuration. I presume this is there since the ProCurve based systems had been integrated into Aruba’s zero touch provisioning universe.

Continue reading

Silence Aruba Switches

Hat man in seinem Home-Lab schöne, geschmeidig laufende Switches stehen, kann einem die damit zumeist verbundene Geräuschkulisse gehörig auf den Zeiger gehen.

Jetzt kann man genervt zu Baumarktware greifen und hoffen, dass die passiven – Geräusch befreiten Gerätschaften ihren Job machen oder aber man bleibt sich selbst treu und nimmt einfach Netzwerkhardware, die den Namen verdient – und wird kreativ.

Open Switch with Original Fan Setup

In meinem Fall sind das Aruba 2930F 48G bzw 2540 48G am Ende noch mit PoE. Alles in allem eine Konfiguration, die sich durchaus bemerkbar macht. Irgendwann hatte ich also die Faxen dicke und erinnerte mich an einen 2524 der gute 12 Jahre mit ganz stillgelegtem Continue reading

How To: Firmware Upgrade on an VSF-Stack

Having created a VSF stack of Aruba 2930Fs, the immediate need of firmware maintenance is obviously raising the question of how!. Dealing with that, luckily a new software had been released and I was able to test.

Daring the result … it was shocking simple and runs as every other Aruba / Procurve firmware upgrade and you just have to cover the second vsf stack member.


vsf member 1
copy tftp flash 192.168.2.5 WC_16_07_0002.swi primary
vsf member 2
copy tftp flash 192.168.2.5 WC_16_07_0002.swi primary

Verify the upload with a show flash the firmware image something like, even you may Continue reading

How To: High Availability with Aruba 2930F – VSF

Considering recent posts on IRF, there was a need to get some availability with the more cost effective switches from the Aruba / ProCurve world. I did some research on that and luckily there are more than one option today with this platform – at least the 5400s (…) and in my case 2930s support this by default.

Considering redundancy you basically consider two types of high availability and these cover Layer 2 availability, traditionally suited with link aggregation which conventionally does not span several chassis, and Layer 3 availability for a redundant default gateway service.

In a traditional design, then with a couple of switches (at least four), you configure VRRP for L3 redundant default gateway service, LACP – link aggregation groups for L2 Continue reading

How To: IRF Caveats on FF5700 Flex Fabric

Some time ago, I posted on the configuration of an IRF independent resilient fabric with the HPE Flex Fabric FF5700 datacenter switches. During the operation some things arose to my attention which either have been corrected or perhaps not necessarily clear from the first place.

1.) Activate MAD

There needs to be a mechanism to detect multiple actives. This could be considered something like a quorum for the switch-cluster, intended to prohibit split brains. In my case I preferred to do so with LACP. This brings MAD (Multiple Active Detection) to the layer two and is rather simple. It should be configured on an appropriate Bridge Aggregation Group – resulting in an configuration like:

interface Bridge-Aggregation1
description DOWNLINK_SOMESTRANGESWITCH_WITH_MAD_ENABLED_ON_THE_SAME_LAG
port link-type trunk
port trunk permit vlan all
link-aggregation mode dynamic
mad enable

so specifically pay attention to the last command: Continue reading

HowTo: Enable Traceroute on HPE FF5700

On HPEs Comware based FlexFabric switches by default answering to traceroute is disabled. To enable traceroute on a FF5700 families switch you need to activate:


ip unreachable enable
ip ttl-expires enable

As of then, the switch should show up in traceroutes with something different than timeouts.

Kyp. F.