If you’re anything like me, you like to get things up and running fast. And this means doing a bare minimum configuration of a new switch so you can get to testing connectivity as soon as possible.
So, what do you do? You boot the switch, give it a hostname and a some basic security settings, and then you configure the management VLAN and give it an IP address. After that you configure the trunk interface and try pinging the switch from another device. And everything fails. And you tear out your hair trying to figure out what’s wrong. And finally, after what feels like a lifetime (in reality about 2 minutes), you try pinging something else in the network from the new switch. And it works perfectly.
The first time this happens to you, this might come as a small shock for you. How did you manage to set up one-direction ping with less than 20 commands? And if you come from the HP world as I do, where switches come out of the box with the essential features enabled, this might not make much sense.
Let me drive this point home for the non-Cisco people in the crowd. On Cisco gear, ASSUME NOTHING WORKS OUT OF THE BOX.
Per default, Cisco switches need to be specifically told to a) allow ping, b) encrypt passwords so they don’t appear in plain text in the config, c) not interrupt your typing with non-essential log messages and d) make a port actually function. Additionally, you might also want to tell it to not wait an eternity to transition an interface to the up-state (here there’s some extra mojo happening behind the scenes, so read up on it before you disable anything).
Today, we will deal with A, how to get the pesky switch to respond to ping so we can test things. And before you shout at me, there are very good reasons for why you would want to disable ping, but being a HP guy I prefer disabling features after I don’t need them any more. And to be quite frank, if you, in your reasonably protected network, are going to get exploited by ICMP, you already did something much more daft than enabling ping.
Cisco actually doesn’t only disable ping out of the box, but also a host of other old school protocols that they refer to by the term small-servers. By enabling tcp-small-servers ping will start working. Do keep in mind that this also opens up your Cisco box to a host of other problems, so use caution when enabling this.
The command to enable tcp-small-servers is service tcp-small-servers
Hope this helps somebody, next time we’ll deal with one of the other issues that plagues Cisco devices, at least from an HP admin’s viewpoint.
This post is part of a new series called Network Friday, where I explain a new networking concept every Friday and tell you have to configure it on (mostly) HP hardware. The series will mostly focus on the configuration side, as I feel there are lots of resources out there that do a fine job of explaining complex concepts, but very few that show you how to do it on your specific hardware. This series aims to address this somewhat, at least on the HP side of the fence.
Grumpy Techie 
Leave a Reply