Saturday, September 8, 2012

Bringing a Compaq StorageWorks San Switch 8 back to life

I hope I don't promise to much with this heading...
Here is the situation: I got an old unused Compaq StorageWorks San Switch 8 without any information (IP, username, password cable etc). As usual I wanted to use it, so here is a short description of what I  did to bring the machine back to life. A default serial cable does not work, when the switch was released Compaq had is own pin layout. The only chance to communicate with the switch is via network. When you open the SAN switch you should see a couple of LED's near the ethernet connector like this:

When the LED D16 is on, then the ethernet connector was not disabled in the configuration. When it is off and you don't have any appropiate seriel cable then you might not bring back the SAN switch back to life and you can stop reading here. When D16 is on, then take a look at D11, D15, D12 and D13 (see the picture above). Especially at D13. D13 indicates if a cables is connected to the SAN switch and to another network switch:

D11: TX
D15: Collision detect
D12: RX
D13: Link detected
D16: Ethernet on/off (100MB)

I setup a very simple network, just a network switch, the SAN switch itself and a Linux based workstation. On the Linux workstation I run tcpdump and in the meanwhile I turned on the SAN switch. The SAN switch sends out one ARP request during boot with it's own IP. That is real helpful:

# ifconfig eth0 up
# tcpdump -i eth0 -vv
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
19:58:18.083026 ARP, Request who-has tell, length 46

At this point I knew the IP of the SAN switch. Then I gave my Linux workstation a new IP address:

# ifconfig eth0 netmask

Finally I could scan the entire SAN switch:

# nmap -sT
Starting Nmap 5.51 ( ) at 2012-09-08 20:02 CEST
Nmap scan report for
Host is up (0.0038s latency).
Not shown: 996 closed ports
23/tcp  open  telnet
80/tcp  open  http
111/tcp open  rpcbind
513/tcp open  login
MAC Address: 00:11:22:33:44:55 (Brocade Communications Systems)

Nmap done: 1 IP address (1 host up) scanned in 6.75 seconds

For administrative access I would need the username and the password and at this point I was really at luck: everything was set to default:

# telnet
Username: admin
Password: password