recommendations for switches

[NETWizz]

HP ProCurve 100%



NOT the 1800ish series though. Those suck! The cheapest I would get are the ProCurve 2530 series. They ARE Enterprise Quality Layer-2 switches. :
http://h17007.www1.hp.com/us/en/net...hes/HP_2530_Switch_Series/index.aspx#tab=TAB2




Procurves are 95% as good as Cisco. In every conceivable way they ARE as good at 1/4 to a 1/3 the cost.

The Bad:
They have slightly different programming interface
No CDP, EIGRP, HSRP (or other proprietary Cisco Protocols though they have equivalents LLDP, OSPF, VRRP...)

(This plays in when you meet with a customer who already has a 100% Cisco shop using proprietary protocols and cannot get the Cisco and HP equipment to play nicely together without re-configuring the Cisco equipment when you install the HP equipment).

*********************

The good:

HP ProCurve Support is awesome. You usually get someone from California who is knowledgeable and speaks flawless English.

Firmware IS available without having to pay for a support contract like SmartNET.

Their reliability matches Cisco when you buy their enterprise stuff. I have seen hundreds and hundreds of HP switches (including modular and Layer-3 Core stuff). The ONLY hardware faults have been two fixed configuration switches and 1 power supply for a modular switch. There has been less than a 2% failure rate since 2005 with all my customers.

In my experience, their warranty is no joke! 1) It is Next Day 2) It is Advanced Exchange no Credit Card Needed and 3) It is a NEW not a Refurbished product and 4) It is Lifetime 5) Unlike Brocade and others ProCurve Lifetime = as long as you own it! Others Lifetime = Until the End of Support Date. (i.e. Brocade will send you a replacement only so long as they still manufacturer & support that product).

Case and Point I have had an old broken ProCurve 2626 on my desk for about 2 years now and finally called HP about it. They sent a new ProCurve 2620-24 (still a 26 port switch when you count its +2 uplinks)... I am holding onto this one as a loaner/temporary switch... Not too concerned if someone forgets to return it.

**********************

I just upgraded a Customer's Firmware for ALL their ProCurves I setup three (3) years ago.

Here is a 2510G's Uptime:


Redacted-For-Customer-Privacy# sh flash
Image Size(Bytes) Date Version
----- ---------- -------- -------
Primary Image : 3448389 01/12/10 U.11.17
Secondary Image : 3434560 12/19/08 U.11.11
Boot Rom Version: R.10.06
Current Boot : Primary


Redacted-For-Customer-Privacy# sh uptime
1322:05:43:53.35

Redacted-For-Customer-Privacy# sh time
Wed Oct 30 21:08:26 2013

 

[YeOldeStonecat]

HP ProCurve 100%



NOT the 1800ish series though. Those suck! The cheapest I would get are the ProCurve 2530 series. They ARE Enterprise Quality Layer-2 switches. :
http://h17007.www1.hp.com/us/en/net...hes/HP_2530_Switch_Series/index.aspx#tab=TAB2

What makes you say the 1800 series sucks? They're a great entry level Procurve switch, allows a small business (don't forget we're talking SMALL business for 99% of the jobs people do on these forums here) to afford a decent switch for less than 400 bucks. Otherwise they'd turn to some nutgear or other soho grade switch.

Not every small business can afford a switch that has a comma in the price tag (meaning over 1,000 bucks). I have a few 2500 series switches out there at larger clients of mine...but I've also deployed dozens of 1800 series all over the place and not had one_single_problem with any of them.

http://h17007.www1.hp.com/us/en/networking/products/switches/index.aspx#tab=TAB2

 

[codegreen]

What makes you say the 1800 series sucks? They're a great entry level Procurve switch, allows a small business (don't forget we're talking SMALL business for 99% of the jobs people do on these forums here) to afford a decent switch for less than 400 bucks. Otherwise they'd turn to some nutgear or other soho grade switch.

Not every small business can afford a switch that has a comma in the price tag (meaning over 1,000 bucks). I have a few 2500 series switches out there at larger clients of mine...but I've also deployed dozens of 1800 series all over the place and not had one_single_problem with any of them.

http://h17007.www1.hp.com/us/en/networking/products/switches/index.aspx#tab=TAB2

I'm on the same page with YeOldeStoneCat, here. My most common network-troubleshooting involved rebooting wonky switches... except for a couple of my clients that have Procurve 1800 series switches installed. They've never had an issue. I planning to migrate some of the worst switches to Procurve 1800s. I've never had to use the famed next-day air replacement guarantee, but I'm happy to hear that folks here have had good experiences with it.

Can you provide more details about why you think they suck, NETWizz? Have you had any problems with them?

 

[NETWizz]

There are no reported reliability issues with the 1800 Series ProCurve.



They "suck" in a sense they are NOT Enterprise Ready switches. They do NOT have enough management capability for any project I have done in many years. Though admittedly if you have a small client, with few computers, and not a lot of sites, then monitoring and management isn't important and they are totally fine.

Deficiencies of the 1800 ProCurve:

1. They do not report enough information via SNMP to utilities like Network Flow Analizer or Ops Manager, so they are hard to monitor in a larger network.

2. They do NOT do Virtual Stacking to make it easy to manage a whole group of them as if they are one modular switch each one serving as a module.

3. They do not do adequate logging.

4. They do NOT have CLI

5. Does not support multiple configuration files (i.e. revisions of config)

6. Does not support Power Over Ethernet in any of the switches in this line-up, so you won't be able to setup Enterprise Access Points like the Aruba (without Power Over Ethernet Injectors)

7. Does NOT support 802.1X or RADIUS (for this reason alone I wouldn't use it)

8. Does NOT support Access Lists, which I heavily use to limit from what sub-nets an Administrator can manage a switch. Try to start an SSH session from the wrong sub-net, and you cannot even get a logon prompt!

9. No IGMP, which my clients use for Multicast Imaging

10. No support for CoS (Class of Service), flow control, or Layer-4 service prioritization (i.e. UDP). Yes, the 1800 Series DO have QoS

11. No Voice VLAN (ability to automatically find VOIP phones via LLDP and configure them to the proper VLAN), so it would be a LOT more work manually tag each VOIP phone to the proper VLAN on an 1800 series.

12. No Link Aggregation/Trunking



*********************************

The 1800 Series is a Great Packet Pusher Blinkey light thing you can shove into a closet of a Small Business that doesn't do any dynamic VLANS, Dynamic VLAN Authentication, Move around their IP Phones, etc.

If you want something that is fast, cheap, and reliable, a ProCurve 1800 is a device you can throw into the wiring closet and "Set It & Forget It" for most small businesses.

If, however, the business exceeds one (1) site or 20 computers, I would strongly suggest at the very least a Procurve 2500 Series for their Layer-2 Switching Needs now and into the immediate future.

Everything is based on Need! A small Mom & Pop store would do well on a ProCurve 1800 Series, and they sure as heck beat a Netgear, Linksys, o D-Link. Heck they beat Cisco Small Business (really re-branded Linksys NOT Cisco)

 

[YeOldeStonecat]

But to be fair Netwiz...SMB's don't need all that stuff. You're talking about enterprise features...here in this forum it's about SMB.

The lack of CLI..that's just Cisco snobbery, we're SMB here...it's all about easy peasy web admin.

POE...I don't like it done by the primary switches, I get a dedicated POE switch like if I'm deploying HP MSM series wireless, or I use the POE injectors that come with the APs...and avoid the common compatibility issues. SMBs want quiet switches...not a noisy POE switch, they typically don't have dedicated server areas in SMBs.

 

[Nerm]

But to be fair Netwiz...SMB's don't need all that stuff. You're talking about enterprise features...here in this forum it's about SMB.

The lack of CLI..that's just Cisco snobbery, we're SMB here...it's all about easy peasy web admin.

POE...I don't like it done by the primary switches, I get a dedicated POE switch like if I'm deploying HP MSM series wireless, or I use the POE injectors that come with the APs...and avoid the common compatibility issues. SMBs want quiet switches...not a noisy POE switch, they typically don't have dedicated server areas in SMBs.

I actually agree with what Netwiz is saying as far as the 1800 series is good for small 50 or fewer user environments.

I disagree though that "lack of CLI" is Cisco snobbery. There are many advantages of CLI over web gui not just "because I can". For example ever configured a VPN on an ASA with the "gui" and then take a look at all the bloat code it creates?

As for saying we are SMB here you are right but keep in mind SMB covers a large range of environments. Technically an accounting firm with say 300 users would be considered SMB but you better believe I am putting in enterprise grade gear.

Personally I think you are both right on the 1800 and are just arguing two different sides of the same coin. Just my two cents.

 

[codegreen]

They "suck" in a sense they are NOT Enterprise Ready switches.

I was hoping that's what you meant. We're actually on the same page here. I just don't think it's fair to say they "suck". They're certainly not appropriate for large network deployments, but that's not what they're meant for. For small business networks, which make up 100% of the business networks I support, the 1800 series is an excellent choice.

 

[YeOldeStonecat]

As for saying we are SMB here you are right but keep in mind SMB covers a large range of environments. Technically an accounting firm with say 300 users would be considered SMB but you better believe I am putting in enterprise grade gear.

That's all fine and dandy, but lets remember the majority of members here in this forum, and the majority of clients that the few people of this forum that cater to SMB consulting actually provide services for. That size category is <100 users. Since I'm sure most of us here will agree that SMB's > 100 and especially >200 will have their own in-house IT staff so our kind is out of the picture.

I'm not saying the 2500 sucks and you should use the 1800 instead..hell no. As I've stated above, I've used the higher series before when warranted...heck we've worked with those mongo blade switches that are like 8U server size! And actually right now I'm working remotely at a client that has several Procurve switches..and the top one is a 2510G-48!

But for starter switches to get a little SMB up on a solid network, at a budget that is still the smaller size of SMB friendly (lets face it, a little 20 user biz that struggles to spend 8 grand for a server job ain't gonna be all happy about some 1600 dollar switch, they'd rather take the 350 dollar switch).

 

[SAG]

...ain't gonna be all happy about some 1600 dollar switch, they'd rather take the 350 dollar switch).

Or ask if you can just pick one up at Costco.
I worked with a small clinic once that needed their dead Windows 2000 DC replaced (this was just 2 years ago). I told the Doc we could get an inexpensive one from Dell that would do the job.
He asked me to stop at Costco and see what they had.

 

[Pants]

He asked me to stop at Costco and see what they had.

Lol



At any rate, I'm absorbing a lot of wisdom here. thx

 

[Nerm]

That's all fine and dandy, but lets remember the majority of members here in this forum, and the majority of clients that the few people of this forum that cater to SMB consulting actually provide services for. That size category is <100 users. Since I'm sure most of us here will agree that SMB's > 100 and especially >200 will have their own in-house IT staff so our kind is out of the picture.

I'm not saying the 2500 sucks and you should use the 1800 instead..hell no. As I've stated above, I've used the higher series before when warranted...heck we've worked with those mongo blade switches that are like 8U server size! And actually right now I'm working remotely at a client that has several Procurve switches..and the top one is a 2510G-48!

I agree that most clients that have 100+ users will usually have their own in-house IT staff, but I can't even count how many times I have been called in to consult on things over their in-house IT staff's head. Just recently I got called into a school with over 600 users and their own "in-house IT staff" and found the network running on soho netgear switches lol (sadly this wasn't even the worst thing I found in this environment, but that is a story for another day).

You are right though the majority of questions in this forum are going to be dealing with situations of clients that have much less than 100 users. My guess would be that probably 80% of the clients of businesses represented on this forum has less than 15-20 users. My point however is regardless of the size of your clients it is a good idea to learn and know the enterprise level equipment because you don't want to have to turn down that once in a while 100+ user client just because you feel uncomfortable or inadequate for the job.

 

[AndyM]

For unmanaged switches, I'm using (and recommend) the HP 1410 series. Rock solid performance. Far better than the Netgear/D-Link units that you often find.

Haven't touched the 1810's yet, but I'm in the middle of moving offices, and will probably need to look at the cabling.

Andy

 

[YeOldeStonecat]

Or ask if you can just pick one up at Costco.
I worked with a small clinic once that needed their dead Windows 2000 DC replaced (this was just 2 years ago). I told the Doc we could get an inexpensive one from Dell that would do the job.
He asked me to stop at Costco and see what they had.

LMAO...come back with some little TP Link or Rosewill 29 dollar junkaroo.

 

[YeOldeStonecat]

I agree that most clients that have 100+ users will usually have their own in-house IT staff, but I can't even count how many times I have been called in to consult on things over their in-house IT staff's head. Just recently I got called into a school with over 600 users and their own "in-house IT staff" and found the network running on soho netgear switches lol (sadly this wasn't even the worst thing I found in this environment, but that is a story for another day). job.

Yup occasionally some do..and for those that have the experience to saddle up to those jobs, it's great. We've done some many large setups like that too! But again I'm just getting back to the point of this 1800 doesn't quote SUCK unquote for what it is, a good switch for the typically small biz clients we have here.

tired of this dead horse, I'm out. turned into a pissing contest as to peoples minimum requirements for equipment.

 

[NETWizz]

And actually right now I'm working remotely at a client that has several Procurve switches..and the top one is a 2510G-48!

While you are in there remotely (probably via VPN,) upgrade the firmware.

Presumably, you already setup SSH setup, and you would NOT even consider logging in via Telnet.


Obviously, you have ip ssh. If not generate the crypto keys and set it up.


Take a look at your current, running Firmware & your stored Flash Images:

ProCurve Swtich# sh ver
Image stamp: /sw/code/build/cod(cod11)
Oct 4 2011 16:02:54
Y.11.35
7
Boot Image: Primary


ProCurve Switch# sh flash
Image Size(Bytes) Date Version
----- ---------- -------- -------
Primary Image : 3378518 10/04/11 Y.11.35
Secondary Image : 3376851 11/17/09 Y.11.16
Boot Rom Version: N.10.02
Current Boot : Primary

Make sure the TimeZone is set

time timezone -300
time daylight-time-rule Continental-US-and-Canada

^^^ This is eastern... -480 would be Pacific (you can figure it out)

Make certain you have the following for security:
no web-management
no telnet-server
no snmp-server enable
no tftp client
no tftp server



^^^ You probably already have SSH running and are using PuTT or SecureCRT


First backup the Primary Flash Image to secondary:

Also run a "show running-config" and make a copy of their config.



Copy the Primary Flash to Secondary to back it up:

ProCurve# copy flash flash secondary


ProCurve# sh flash
Image Size(Bytes) Date Version
----- ---------- -------- -------
Primary Image : 3378518 10/04/11 Y.11.35
Secondary Image : 3378518 10/04/11 Y.11.35
Boot Rom Version: N.10.02
Current Boot : Primary



Download something like PSFTP and put it in your Windows PATH statement. On a MAC or Linux, use SFTP.


Download the IOS image to your computer and extract it, so you have the .SWI fle the switch needs.

Switch to the Directory like this:


Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\netwizz>cd Desktop

C:\Users\netwizz\Desktop>cd Y.11.41_2510G-Software-Y1141

C:\Users\netwizz\Desktop\Y.11.41_2510G-Software-Y1141>



Before doing the actual upgrade, save the configuration you just changed:
write mem



Logon to your 2510g vis SFTP:

You may need to run ip ssh filetransfer from global configureation, first.


C:\Users\birkhojk\Desktop\Y.11.41_2510G-Software-Y1141>sftp netwizz@10.1.2.3
Using username "netwizz".
We'd like to keep you up to date about:
* Software feature updates
* New product announcements
* Special events

Please register your products now at: www.ProCurve.com

netwizz@10.1.2.3's password:
Remote working directory is /
psftp> cd os
Remote directory is now /os
psftp> ls
Listing directory /os
-rwxrw---- 1 J9280A J9280A 3378518 OCT 04 2011 primary
-rwxrw---- 1 J9280A J9280A 3378518 OCT 04 2011 secondary

PUT the new HP Firmware/IOS Image:

psftp> put Y_11_41.swi primary
local:Y_11_41.swi => remote:/os/primary
psftp> ls
Listing directory /os
-rwxrw---- 1 J9280A J9280A 3379637 SEP 11 2012 primary
-rwxrw---- 1 J9280A J9280A 3378518 OCT 04 2011 secondary
psftp>


ProCurve Switch# sh flash
Image Size(Bytes) Date Version
----- ---------- -------- -------
Primary Image : 3379637 09/11/12 Y.11.41
Secondary Image : 3378518 10/04/11 Y.11.35
Boot Rom Version: N.10.02
Current Boot : Primary


ProCurve Switch# reload

NO to Saving the Config (unless you want to save changes)



After the switch comes back up... IF you have it running SFTP, unload that service.
no ip ssh filetransfer
write mem


If disabling SNMP doesn't pass the scream test:
snmpv3 enable
snmpv3 only

If they won't let you use SNMPv3 ONLY then:
snmp-server community <community_name> restricted

DO NOT use PUBLIC and PRIVATE for the community names...

Unless stacked, shut off stacking:
no stack


Check the Running Firmware:
ProCurve Switch# sh ver
Image stamp: /sw/code/build/cod
Sep 11 2012 10:22:14
Y.11.41
926
Boot Image: Primary


You will also still have a backup of your old firmware:

ProCurve Switch# sh flash
Image Size(Bytes) Date Version
----- ---------- -------- -------
Primary Image : 3379637 09/11/12 Y.11.41
Secondary Image : 3378518 10/04/11 Y.11.35
Boot Rom Version: N.10.02
Current Boot : Primary

If you want to switch which one boots:
ProCurve Switch# boot system flash secondary



If you want to rollback:
copy flash flash primary
reload

***************************************

If your switch won't boot (or more likely goes into a boot loop):

1) Hold down Reset and Clear at the same time it will power cycle and keep holding until the test light blinks rapidly. Release reset while continuing to hold clear until the Test led goes out. Then release clear.

Plug in a Console Cable and connect to it:

=>jp 2

The switch will boot the backed up secondary image.