Adding new switch to current network

Before adding new switch to current network, need to make sure there are no configuration set that may override your current network.  Always connect the new switch to test or local computer and check the configuration or just do factory reset.  Then set the management IP, do all the firmware updates, set NTP server so you get correct date/time and VLAN’s if needed on your network.  Recommended to disable any ports that are not being used and also to disabled the local console port, so someone just don’t plug their device and make changes.

Connect your new switch to locally to your laptop via console port or newer switches have micro USB to USB, which is more common.  Then use terminal of your choice and check configuration/management IP
Commend: show ip

For HP switches you can find firmware from this link https://h10145.www1.hpe.com/support/SupportLookUp.aspx

Firmware screen may vary from model to model, here I am using the HP 2920 24G PoE, you can get to firmware under System>Updates/Downloads, then under Software Image, click Update

You should see Choose File option where you can browse to firmware file then click Save

You may get the message for confirmation to start the upload of a new firmware, click Yes

If everything went well you should see Primary Software Image one you uploaded, then click Reboot, so it can boot to a new firmware

After the upgrade you should see something like this:

Traditional GUI

If for some reason you need to access old Traditional GUI you can do by click on the User Icon top right hand.

Screenshot from HP website: Under Security>Device Passwords>Authorized Users

You can find all the options for this model switch from HP website

https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=1009060832&docLocale=en_US&docId=emr_na-a00042220en_us

You can click through each categories and get more details

These are basic user/password protection built in. Most likely if you working for a big company or have big network, you would be using a third-party tool to secure their network also for login logs records, etc.…

To change User Name:

from default manager to something else
SW1(config)# password manager user-name WhatEverUserNameYouWant

 OCTET-STR             Enter an octet string.

To change User Name: from default operator to something else

SW1(config)# password operator user-name WhatEverUserNameYouWant
 OCTET-STR             Enter an octet string.

To enable password storage in SHA-256 form

SW1(config)# password non-plaintext-sha256

To Set time zone:

SW1(config)# clock timezone us eastern

To enable daylight saving:

SW1(config)# clock summer-time

To set the correct daylight time rule:

SW1(config)# time daylight-time-rule continental-us-and-canada

To set SNTP to sync time:

SW1(config)# sntp server priority 1 IP_Address_of_your_SNTP_Server
SW1(config)# sntp unicast
SW1(config)# sntp 60
SW1(config)# timesync sntp

To see status of your SNTP:

SW1(config)# show sntp statistics
SNTP Statistics
Received Packets  : 1
Sent Packets      : 1
Dropped Packets   : 0
SNTP Server Address                                   Auth Failed Pkts
  —————————————             —————-
  IP_Address_of_your_SNTP_Server      0

Hope it helps someone out there, there are many options to secure your network, just make sure you have good document on what’s been set and where to access it, when need comes.  Otherwise, you will be locked out of your own secured network.