Why would you want to Telnet to it? SSH is far better.
I have strongly recommended NOT taking a consultants advice who recommends using HP Smart Switches in favour of fully managed ones - all our main ones already are. I have been overruled by the SLT. I was told they will take the rap it is does not work. These are my reasons why this is a bad idea:
So far I am told that HP Smart switches :
• Do not support QoS so I cannot apply this to the VOIP phones – which may not be an issue if I do not have any other devices on that VLAN but will be if I need it.
• Does not allow LDAP pass through – therefore the Script that we have written to allow teachers to change students passwords will fail because it uses LDAP.
• Cannot be telnetted to
• Cannot be fully seen in ProCurve Manager
In a Smart switch you do not see a table showing all the VLANs and ports in one screen so managing it is a pain and very time consukming. Also you cannot see or edit the config file.
Is there anyone out there who can tell me other reasons not to do this just to save money!
I am so frustrated by non techie bosses who thing that this guy knows better than me. I have had countless HO Gold Partners recommending NOT deploying these SMART switches.
Why would you want to Telnet to it? SSH is far better.
I have never used SSH.
Telnet is quick and easy. I use all three methods I know depending on what I want to do. With telnet you can flick between the switch config and command line very fast. I prefer Procurve Manager because it gives me an instant view of the entrie switch network and I can see at a glance when there is a problem.
SSH is pretty much identical to Telnet but the connection is encrypted. Telnet is not. You will be fine using SSH.
Last edited by FN-GM; 10th May 2013 at 05:09 PM. Reason: typo
Dantech (10th May 2013)
Encryption is not an issue since students have been locked done with group policy and I have unique usernames and paswords on my switches and they are in locked CABS around the school
They are designed for small business (not sure of the size of your school) and will not support 10gbit ethernet
I agree - we have around 36 Procurve managed switches (school size of 850 students and 100 staff on site with 9 or so buildings all linked via optic fibre and only 1Gb capable backbone at the moment but have fully VLAN'd the network.) Only two are Smart switches and these are only used in locations where I have not been given the money to put in extra cables and then only to seperate the Printer to be on the printer VLAN and the computers on the Wired VLAN (all staff and student PC's)
Just saying they are designed for small business will not persuade the powers that be to change their mind. I need hard facts
One thing that will eventually let the cheaper switches down is IPV6 support and anything that uses RAM up such as ACL's etc
Cheap switches have less resources, thus when time comes to do anything tricky they run out of ram and call it a day!
IPV6 is one that is waiting to bite you, ACL's and just about any data that needs to be stored in a switch uses RAM IP V6 has very long addresses, it is so bad on some budget switches they often have the habit of leaking memory to the point that they will no longer respond to a ping, GUI or just about any kind of management until rebooted.
Its not that there is anything wrong with them just that they are simply too small and under resourced for campus size networks.
Most of the other features you mentioned are taken care of in most cases automatically so QOS and prioritisation are built in so you wont win any arguments on that one.
L2 management is well worth the extra but your talking about switches that maybe two or 3 times the price of a "Smart" switch and that's hard to convince the purse string holder they need to spend the extra.
I have no doubt that what ever you are saving by buying the cheap switch will end up costing you the difference and some at a later date.
School networks are Enterprise level not Small Business and your consultant is just playing the tune his paymasters want to hear, "Save me money"... your not alone but sometimes you just have to take note and wait for that "I told you so" moment when it all comes crashing around their ears.
It really depends on the class of device you have already got on the network, and whether or not the features they offer are making a significant difference that you can attach a valid monetary value/ educational outcome to.
Also if you have been offered the v1910 type ones... I'm afraid they are pretty awesome VFM edge switches, but they do QoS, VLANs and 802.1x so perhaps this post is redundant.
How often do you really need to get to the switch command line? For us, it is only when loading in a config to a new switch. Perhaps maybe when changing a VLAN. However it is easier for an IT generalist (i.e. your typical NM/IT Tech) to use the web interface for this type of simple change than it is to dig out the relevant incantation to do it at a command prompt.
I've had an all singing all dancing procurve monster network, and I've now got one with these "smart swtches". The cheaper one works better, because it is less complex. The only time I have wanted to make a big change across all my switches, I editing a copy of the backup config files, and uploaded them to each switch in turn, pretty simple, and only slightly more time consuming than using a big expensive network manager package.
That said if you really really want to get the the command line, there is a secret incantation possible to get yourself the access you want.
"Not working with LDAP" Hmmm. Not quite sure what you mean. Password changes in AD via a script have nothing to do with the switches, no switch should be unable to allow LDAP traffic to traverse it. Perhaps they mean that it wont do 802.1x with an LDAP back-end, again the v1910 can do this, so perhaps I'm talking about the wrong device.
Not working with PCM.... It is worth noting that if they are the v1910s then they are of H3C descent (i.e. not Procurve). Some would say this is an advantage (certainly the best Cisco guy I know recons the H3C stuff to be better than Procurve), however if Procurve is your experience, then you need to ask about training on the new kit.
It is true they don't do 10GbE, but then do you need it now? If not, save your pounds, get these into the edge. When you need 10GbE stick a switch at the top of the rack and patch all your smart switches back to that (with 2 port LACP trunks).
M25Man arguing for big expensive switches on one side and cheap and chearful WAPs on the other. Reversing the arguement depending on his PoV. (please don't take umbrage , I'm just enjoying the irony. I'm sure you are basing your comments on greater networking experience/specialisation than I)
The only switches that need to be able to understand IPv6 are the ones doing the routing. Which in a LAN with big expensive switches and VRRP etc might be the aggregation switch at the top each rack. This design is great, but it is overly complex and costly to implement and support, when one considers how infrequently a switched lan develops a fault or hits performance limits.
Good routing and large ARP tables are really only needed at the core in a secondary school sized LAN. (yes multi-site/campus schools might be an exception)
What you may have to look out for (depending on the VLAN design) is the number of MAC addresses switches have to be able to remember. 8192 is a pretty common figure, and should be plenty for a school edge switch. However it is conceivable that you may one day need more. But you will likely have seen that day coming a long way off and been able to re-architect your VLANs to segregate traffic such that no edge switch needs come close to its limits.
Last edited by psydii; 10th May 2013 at 06:38 PM.
I've been pretty happy with the 1910s we've put in recently. We might have different networks with different needs though. I've yet to have a problem with one.
Playing devil's advocate, if you are struggling to find solid technical reasons for not using them, is there really a problem?
Using ssh instead of telnet shouldn't be a problem from a usage point of view. ssh is quite a bit more secure, and will help if a student manages to connect their own device to the network with wireshark on it.
The 1910's have a 'secret' command line mode that can be enabled, but most stuff can be configured via the web interface. I usually only use the serial port to find out the IP address, and then only as a last resort.
1910s support ipv6 with the latest firmware.
The interface is a tiny bit clunky to use, but how often do you use it? There is far, far worse on the market.
QOS is also supported on the 1910 range. As is a voip vlan.
Its listed in the procurve manager docs. How well supported it is I don't know, as I don't use it.
The only thing missing is 10Gb support. But we are using nowhere near 1Gb on our backbone, even with 20 cctv cameras on it.
I've just realised I've echoed an above post. But anyway - if your network is like ours, then you can't go far wrong with 1910s, I wouldn't go for anything less though.
May I ask what the driver is behind new switches if you already have managed ones? What are you hoping to gain? Is it just a speed difference from 1Gb ethernet to the desktop, or do you need a more advanced network?
Our network is made up of about 30 switches (with about 10 1910s so far). Three of these are in our server rack doing vmotion, iscsi storage and the main school network. We use an older netgear switch as our core which will be replaced with a higher-end hp switch soon. We have about 1500 students and 170 staff.
Last edited by Chris_Cook; 10th May 2013 at 07:08 PM.
How much is an average midrange PC and monitor? Why would you decide to run 40+ PCs off anything less?
Quite a simplistic arguement I know.
You could take a BOFH approach and say fine buy one and run all the senior management machines off it. Said switch could then maybe have a few issues over the course if a month and see if they then fancy investing in a few more?
Its all down to the economies of scale and if centralised management isn't needed why bother.
I would quite happily spend £400 on a classroom switch provided it delivered everything I needed, just as I wouldn't spend £400 on an AP that does things I would never need.
The 1810-48 only has 64MB of RAM compared to the 1910-48's 128MB and the differences albeit small will make a difference but they creep in at around £100 less and that kind of penny pinching is what costs later on.
A few years ago I would have agreed 8192 MAC addresses would be adequate but now I'm not so sure, I've got some shiny suited know it all who wants to let 10,000 mobile users on the internet for 90 minutes every other Saturday add to that the plethora of BMS control objects, IP Phones, HVAC, CCTV, Access Control systems, just about everything has an IP and a MAC address nowadays! everyone seems to own two mobiles and both need to be on the "WiFi" at the same time... suddenly 8192 seems remarkably small..
psydii (12th May 2013)
There are currently 1 users browsing this thread. (0 members and 1 guests)