Omitir para ir al contenido principal
  • Hacer pedidos rápida y fácilmente
  • Ver pedidos y realizar seguimiento al estado del envío
  • Cree y acceda a una lista de sus productos

How to Set Up Management Access for Dell Networking N1500, N2000, N3000, and N4000 Series Switches

Resumen: This article explains how to set up different management options for the N series switches running OS6 and explains the recommended settings.

Este artículo se aplica a Este artículo no se aplica a Este artículo no está vinculado a ningún producto específico. No se identifican todas las versiones del producto en este artículo.

Instrucciones

Index

Setting a management IP address

A reachable IP address is necessary to manage the switch when not using a serial connection. To set an IP address, input the following commands. This example uses VLAN 1, the default VLAN, and the IP 192.168.0.250 /24.

console> enable
console# configure
console(config)# interface vlan 1
console(config-if)#ip address 192.168.0.250 255.255.255.0

Note: On the N2200, N3000, N3200, and N4000 switch there is an out of band (OOB) interface that can be used for managing the switch.

Here is the same example as above but using the OOB interface:
console(config)# interface out-of-band
console(config-if)# ip address 192.168.0.250 255.255.255.0

It is recommended to use the OOB interface to manage your switch when available. The OOB interface is separate from the switching silicon, and reaches the CPU directly. If the production network is experiencing issues, you can still reach the switch through the OOB interface.


Note: Plug the OOB interface into a separate management network, and do not plug it back into the inbound ports on the switch.


It is recommended when using a VLAN to manage your network, to make a separate VLAN exclusively for management. This separates management traffic from your data traffic. This not only helps with performance, but also slightly increases security. You can manage the switch through any reachable VLAN IP address.

If managing the switch from an external network, you must assign the switch a Default Gateway it can use to reach other networks. The following command uses 192.168.0.1 as the Default Gateway address.

console(config)# ip default-gateway 192.168.0.1


Setting login access on the switch

To manage the switch, a username and password are required. To manage the switch using telnet or SSH, it is best practice to have an enable password. Input the following commands to configure login access. This is an example with the username as Dell, and password as MYPASSWORD. The enable password example uses ENP@$$w0rd. These are just examples, and passwords should adhere to your organization's applicable security policy.

console> enable
console# configure
console(config)# username Dell password MYPASSWORD privilege 15
console(config)# enable password ENP@$$w0rd

Note: You may make multiple users on the switch with different levels of access. 0 is no access, 1 is read-only, and 15 is read and write.


Choosing Telnet, HTTP, SSH, or HTTPS for management

The default allowed protocols for management are Telnet and HTTP. Telnet and SSH provide command-line based management through a tool such as PuTTY. HTTP and HTTPS provide a UI-based management through a web browser. It is possible to run all four, or none of the protocols. With all the previous options disabled, there is still the option of serial console.

For security, it is recommended to disable Telnet and HTTP, and enable SSH and HTTPS. Telnet and HTTP transfer packets over plain text, meaning if a person is capturing traffic, they can read all commands of functions pushed through the switch when managing it. SSH and HTTPS encrypt the traffic, which strengthens the packet security.

To enable SSH and HTTPS, input the following commands. SSH and HTTPS require the generation of a DSA and an RSA key. HTTPS requires the creation of a certificate.

console(config)# crypto key generate dsa
console(config)# crypto key generate rsa
console(config)# ip ssh server
console(config)# crypto certificate 1 generate
console(config-crypto-cert)# key-generate
console(config-crypto-cert)# exit
console(config)# ip http secure-server

To disable Telnet and HTTP input the following commands:

console(config)# ip telnet server disable
console(config)# no ip http server

Warning: It is required to run these settings while already managing the switch through HTTPS, SSH, or serial connection as disabling these services disconnect any open sessions to the switch.


Saving configuration

When satisfied with the configuration, it must be saved so that if the switch reboots, and the configuration is persistent. Input the following command to save your configuration:

console# write memory

This operation may take a few minutes.
Management interfaces will not be available during this time.
Are you sure you want to save? (y/n) y

Note: For more details on configuring specific management options, see the User Configuration and CLI Reference Guides for your model and firmware version at Dell Support.

Productos afectados

N Series, PowerSwitch N1100-ON Series, PowerSwitch N1500 Series, PowerSwitch N2000 Series, PowerSwitch N2100 Series, PowerSwitch N2200-ON Series, PowerSwitch N3000 Series, Dell EMC PowerSwitch N3000E-ON Series, Dell EMC PowerSwitch N3100 Series , Dell EMC Networking N3200-ON ...

Productos

PowerSwitch N3000 Series
Propiedades del artículo
Número del artículo: 000120183
Tipo de artículo: How To
Última modificación: 13 mar 2024
Versión:  8
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.