User's Guide
Page 22
... checked for other stations by default. DHCP snooping can be configured to be enabled globally and on specific VLANs. DHCP servers must be source IP address or a source IP address source MAC address pair. Ports within the VLAN can be trusted or untrusted. Access Control List (ACL) Outbound Support This feature enables binding an ACL (IP, MAC, or IPv6) in L2 switched networks. Dynamic ARP Inspection Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. DHCP...
... checked for other stations by default. DHCP snooping can be configured to be enabled globally and on specific VLANs. DHCP servers must be source IP address or a source IP address source MAC address pair. Ports within the VLAN can be trusted or untrusted. Access Control List (ACL) Outbound Support This feature enables binding an ACL (IP, MAC, or IPv6) in L2 switched networks. Dynamic ARP Inspection Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. DHCP...
User's Guide
Page 23
... area network (VLAN). In IPv6, MLD snooping performs a similar function. This list is constructed by the switch. Based on all ports. This prevents the switch from 224.0.0.0 to a monitoring port. Storm control limits the amount of broadcast, unknown unicast, and multicast frames accepted and forwarded by snooping IPv6 multicast control packets. MLD Snooping In IPv4, Layer 2 switches can use IGMP Snooping to limit the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to all ports and...
... area network (VLAN). In IPv6, MLD snooping performs a similar function. This list is constructed by the switch. Based on all ports. This prevents the switch from 224.0.0.0 to a monitoring port. Storm control limits the amount of broadcast, unknown unicast, and multicast frames accepted and forwarded by snooping IPv6 multicast control packets. MLD Snooping In IPv4, Layer 2 switches can use IGMP Snooping to limit the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to all ports and...
User's Guide
Page 35
... individually. MACbased authentication allows multiple supplicants connected to the same port to provide traffic flow control, restrict contents of routing updates, decide which multicast addresses are of system users through the Remote Authentication Dial In User Service (RADIUS) server using the Extensible Authentication Protocol (EAP). This data threshold rate is used to send voice traffic through the port. Supplicants are authenticated through an external server. Security Features Access Control Lists (ACL) Access Control Lists (ACLs) ensure that make the decision...
... individually. MACbased authentication allows multiple supplicants connected to the same port to provide traffic flow control, restrict contents of routing updates, decide which multicast addresses are of system users through the Remote Authentication Dial In User Service (RADIUS) server using the Extensible Authentication Protocol (EAP). This data threshold rate is used to send voice traffic through the port. Supplicants are authenticated through an external server. Security Features Access Control Lists (ACL) Access Control Lists (ACLs) ensure that make the decision...
User's Guide
Page 59
Figure 5-1. Installation and Configuration Flow Chart Connect Switch and Console Power on Hardware Setup Yes Suspend Bootup Choose option 2 Boot menu (Special functions) Reboot No Loading program from flash to RAM Yes Enter Wizard No Initial Configuration: IP Address, Subnetmask, Users Basic Security configuration Wizard Configuration Process Standard Switch Installation Advanced Configuration: IP Address from DHCP, IP Address from bootp, Security management Advanced Switch Installation Configuring Dell™ PowerConnect™ 59
Figure 5-1. Installation and Configuration Flow Chart Connect Switch and Console Power on Hardware Setup Yes Suspend Bootup Choose option 2 Boot menu (Special functions) Reboot No Loading program from flash to RAM Yes Enter Wizard No Initial Configuration: IP Address, Subnetmask, Users Basic Security configuration Wizard Configuration Process Standard Switch Installation Advanced Configuration: IP Address from DHCP, IP Address from bootp, Security management Advanced Switch Installation Configuring Dell™ PowerConnect™ 59
User's Guide
Page 63
... May 26 14:12:20 2009 Uncompressing..... Delete backup image 9 - Activate Backup Image 12 - Start Boot Menu. Retrieve event log using XMODEM 5 - Update boot code 8 - To return to factory defaults (delete config files) 11 - Configuring Dell™ PowerConnect™ 63 Boot Menu 3.1.1.11 Select an option. Select (1, 2):2 Boot Menu Version: 3.1.1.11 Options available 1 - Restore configuration to operational code from the [Boot Menu] prompt, press 1. Password Recovery Procedure [Boot Menu] The boot process runs approximately 60 seconds. The following...
... May 26 14:12:20 2009 Uncompressing..... Delete backup image 9 - Activate Backup Image 12 - Start Boot Menu. Retrieve event log using XMODEM 5 - Update boot code 8 - To return to factory defaults (delete config files) 11 - Configuring Dell™ PowerConnect™ 63 Boot Menu 3.1.1.11 Select an option. Select (1, 2):2 Boot Menu Version: 3.1.1.11 Options available 1 - Restore configuration to operational code from the [Boot Menu] prompt, press 1. Password Recovery Procedure [Boot Menu] The boot process runs approximately 60 seconds. The following...
User's Guide
Page 67
... can be saved before rebooting. If the network is setup for autoconfig, manual configuration of the switch is designed to guide you in this section). • IP subnet mask for the network • Default gateway (next hop router) IP address for configuring the default route There are two types of configuration: • Initial configuration consists of a newly installed switch so that the initial administrator account be done through the Web, CLI, and the remote Dell Network Manager.
... can be saved before rebooting. If the network is setup for autoconfig, manual configuration of the switch is designed to guide you in this section). • IP subnet mask for the network • Default gateway (next hop router) IP address for configuring the default route There are two types of configuration: • Initial configuration consists of a newly installed switch so that the initial administrator account be done through the Web, CLI, and the remote Dell Network Manager.
User's Guide
Page 71
... particular management system uses to be used to login to access the CLI, Web interface, or SNMP interface for the switch. You can use to the CLI and Web interface. To add a management station: Please enter the SNMP community string to access the switch. For more information on setting up the initial SNMP version 2 account now. You may setup other management interfaces to change privilege levels later. Would you like to setup the SNMP management interface now? [Y/N] y To setup the SNMP management account you use Dell Network Manager...
... particular management system uses to be used to login to access the CLI, Web interface, or SNMP interface for the switch. You can use to the CLI and Web interface. To add a management station: Please enter the SNMP community string to access the switch. For more information on setting up the initial SNMP version 2 account now. You may setup other management interfaces to change privilege levels later. Would you like to setup the SNMP management interface now? [Y/N] y To setup the SNMP management account you use Dell Network Manager...
User's Guide
Page 79
... changing a switch mode to enable, enter pass1234. Configuring an Initial HTTP Password To configure an initial HTTP password, enter the following commands: console(config)#ip http authentication local console(config)#username admin password user1234 level 15 Configuring an Initial HTTPS Password To configure an initial HTTPS password, enter the following commands: console(config)#ip https authentication local NOTE: You should generate a new crypto certificate each time you upgrade (install a new version of) the control software application on the switch. Configuring Dell™ PowerConnect...
... changing a switch mode to enable, enter pass1234. Configuring an Initial HTTP Password To configure an initial HTTP password, enter the following commands: console(config)#ip http authentication local console(config)#username admin password user1234 level 15 Configuring an Initial HTTPS Password To configure an initial HTTPS password, enter the following commands: console(config)#ip https authentication local NOTE: You should generate a new crypto certificate each time you upgrade (install a new version of) the control software application on the switch. Configuring Dell™ PowerConnect...
User's Guide
Page 87
... flash memory. During that a boot code update has been requested, and pauses for user response. User action is no user response within 10 seconds. The following prompt displays: Do you wish to update Boot Code? (y/n) y Validating image2....OK Extracting boot code from the Boot menu: 1. Wrote 0x60000 bytes. Update Boot Code Use option 7 to reboot. On the Boot menu, select 7 and press . Wrote 0x40000 bytes. Configuring Dell™ PowerConnect™ 87 To download software...
... flash memory. During that a boot code update has been requested, and pauses for user response. User action is no user response within 10 seconds. The following prompt displays: Do you wish to update Boot Code? (y/n) y Validating image2....OK Extracting boot code from the Boot menu: 1. Wrote 0x60000 bytes. Update Boot Code Use option 7 to reboot. On the Boot menu, select 7 and press . Wrote 0x40000 bytes. Configuring Dell™ PowerConnect™ 87 To download software...
User's Guide
Page 97
... Device Default Settings To return to device default settings use delete startup-config command at the console to enter the Configuration mode as follows: console>enable console# 2. Enter the config command at the privileged mode prompt (#), and reboot the device. Once device reloads - console> console>enable console#delete startup-config Startup file was deleted console#reload Management switch has unsaved changes. Enabling Remote Management 1. Enable DHCP on the management interface or out-of the Ethernet ports, or through a network connected to the switch, using a CAT5 Cable.
... Device Default Settings To return to device default settings use delete startup-config command at the console to enter the Configuration mode as follows: console>enable console# 2. Enter the config command at the privileged mode prompt (#), and reboot the device. Once device reloads - console> console>enable console#delete startup-config Startup file was deleted console#reload Management switch has unsaved changes. Enabling Remote Management 1. Enable DHCP on the management interface or out-of the Ethernet ports, or through a network connected to the switch, using a CAT5 Cable.
User's Guide
Page 98
....1.1.2: icmp_seq=3. Use the following command to set the default gateway (management interface): console(config)#ip default-gateway 10.254.24.162 6. If this configuration has changed, follow these steps to be in STP forwarding mode before pinging the management station. time=0 ms 64 bytes from 50.1.1.2: icmp_seq=4. The configured IP address must belong to Privileged Exec mode: Assigning DHCP for the management interface: Assigning DHCP for the port to enable DHCP on the out-of the switch IP interfaces. Wait...
....1.1.2: icmp_seq=3. Use the following command to set the default gateway (management interface): console(config)#ip default-gateway 10.254.24.162 6. If this configuration has changed, follow these steps to be in STP forwarding mode before pinging the management station. time=0 ms 64 bytes from 50.1.1.2: icmp_seq=4. The configured IP address must belong to Privileged Exec mode: Assigning DHCP for the management interface: Assigning DHCP for the port to enable DHCP on the out-of the switch IP interfaces. Wait...
User's Guide
Page 163
.... Table 6-29. The TACACS+ server checks the user privileges. To display the TACACS+ Settings page, click System →Management Security →TACACS+ in the ***** format. Confirm the Enable password. 4. TACACS+ provides centralized security for the inband management port. Performed at login. Confirms the new Enable password. Defining Enable Passwords 1. Click Apply Changes. TACACS+ Settings The device provide Terminal Access Controller Access Control System (TACACS+) client support. The password appears in the tree view. Defining Enable Passwords Using CLI Commands For...
.... Table 6-29. The TACACS+ server checks the user privileges. To display the TACACS+ Settings page, click System →Management Security →TACACS+ in the ***** format. Confirm the Enable password. 4. TACACS+ provides centralized security for the inband management port. Performed at login. Confirms the new Enable password. Defining Enable Passwords 1. Click Apply Changes. TACACS+ Settings The device provide Terminal Access Controller Access Control System (TACACS+) client support. The password appears in the tree view. Defining Enable Passwords Using CLI Commands For...
User's Guide
Page 373
... Multicast is enabled on an interface. Bridge Multicast Group Use the Bridge Multicast Group page to create new multicast service groups or to modify ports and LAGs assigned to the Multicast group. Attached interfaces display in the Port and LAG tables, and reflect the manner in the CLI Reference Guide: • Multicast Commands The following field: • Bridge Multicast Filtering - Configuring Switching Information 373 The default value is disabled. Enabling Multicast Forwarding and/or IGMP Snooping Using CLI Commands For information about the CLI commands that...
... Multicast is enabled on an interface. Bridge Multicast Group Use the Bridge Multicast Group page to create new multicast service groups or to modify ports and LAGs assigned to the Multicast group. Attached interfaces display in the Port and LAG tables, and reflect the manner in the CLI Reference Guide: • Multicast Commands The following field: • Bridge Multicast Filtering - Configuring Switching Information 373 The default value is disabled. Enabling Multicast Forwarding and/or IGMP Snooping Using CLI Commands For information about the CLI commands that...
User's Guide
Page 378
... only a small number of the groups announced in the CLI Reference Guide: • Address Table Commands The following chapter in earlier IGMP Membership Reports. - Changing the Bridge Multicast Forwarding Mode. 1. Table 7-41. Enable the forwarding of all Multicast packets. In the case of the remaining network segments in receiving the packet. 378 Configuring Switching Information Select the Forwarding Mode to assign the VLAN from the drop-down menu. 4. The VLAN is updated with a destination address that perform...
... only a small number of the groups announced in the CLI Reference Guide: • Address Table Commands The following chapter in earlier IGMP Membership Reports. - Changing the Bridge Multicast Forwarding Mode. 1. Table 7-41. Enable the forwarding of all Multicast packets. In the case of the remaining network segments in receiving the packet. 378 Configuring Switching Information Select the Forwarding Mode to assign the VLAN from the drop-down menu. 4. The VLAN is updated with a destination address that perform...
User's Guide
Page 392
... Description Enables or disables MLD Snooping immediate-leave admin mode on an interface. Enables MLD Snooping on a VLAN or interface. Displays the MLD Snooping entries in the tree view. 392 Configuring Switching Information Configuring MLD Snooping with CLI Commands For information about the CLI commands that VLAN. Enables MLD Snooping on a particular VLAN and all interfaces participating in the CLI Reference Guide: • IPv6 MLD Snooping Commands The following chapter in that perform this function, see the following table summarizes the equivalent CLI commands...
... Description Enables or disables MLD Snooping immediate-leave admin mode on an interface. Enables MLD Snooping on a VLAN or interface. Displays the MLD Snooping entries in the tree view. 392 Configuring Switching Information Configuring MLD Snooping with CLI Commands For information about the CLI commands that VLAN. Enables MLD Snooping on a particular VLAN and all interfaces participating in the CLI Reference Guide: • IPv6 MLD Snooping Commands The following chapter in that perform this function, see the following table summarizes the equivalent CLI commands...
User's Guide
Page 689
... Table Configuration page. 2. Queues are returned to all interfaces. 3. Configuring CoS (802.1P) Trust Mode 1. Click Apply Changes. Configuring Quality of Service →Mapping Table Configuration in the tree view, and then click the DSCP Table link. Select the unit and port or LAG to be affected, or select Global to apply the settings to their defaults for each Class of Service, and the device is clicked. Click the Restore Defaults check...
... Table Configuration page. 2. Queues are returned to all interfaces. 3. Configuring CoS (802.1P) Trust Mode 1. Click Apply Changes. Configuring Quality of Service →Mapping Table Configuration in the tree view, and then click the DSCP Table link. Select the unit and port or LAG to be affected, or select Global to apply the settings to their defaults for each Class of Service, and the device is clicked. Click the Restore Defaults check...
CLI Reference Guide
Page 62
... helper addresses configuration. ip name-server Configures available name servers. IPv6 ACL Command Description Mode* {deny | permit} Creates a new rule for the management interface. GC ipv6 address Set the IPv6 address of an IPv6 frame. v6ACL ipv6 access-list Creates an IPv6 Access Control List (ACL) consisting of GC classification fields defined for it GC with a VLAN ID in the ARP table. Command Description Mode* ip default-gateway Defines a default gateway (router). GC ip domain-lookup Enables IP DNS-based host name-to forward User...
... helper addresses configuration. ip name-server Configures available name servers. IPv6 ACL Command Description Mode* {deny | permit} Creates a new rule for the management interface. GC ipv6 address Set the IPv6 address of an IPv6 frame. v6ACL ipv6 access-list Creates an IPv6 Access Control List (ACL) consisting of GC classification fields defined for it GC with a VLAN ID in the ARP table. Command Description Mode* ip default-gateway Defines a default gateway (router). GC ip domain-lookup Enables IP DNS-based host name-to forward User...
CLI Reference Guide
Page 126
... user account access via these management interfaces. If the user desires to use Auto Config to configure the switch, do not use of DHCP in simple mode. 126 Using the CLI SNMPv3 is set up the SNMP community string to the switch console port or through a Telnet connection, the switch must be activated. If access is not used by the SNMP manager. The wizard configures one privileged user account during the setup. Initially only SNMPv1/2c will be done using the serial interface...
... user account access via these management interfaces. If the user desires to use Auto Config to configure the switch, do not use of DHCP in simple mode. 126 Using the CLI SNMPv3 is set up the SNMP community string to the switch console port or through a Telnet connection, the switch must be activated. If access is not used by the SNMP manager. The wizard configures one privileged user account during the setup. Initially only SNMPv1/2c will be done using the serial interface...
CLI Reference Guide
Page 134
... saved internally in encrypted format and never appears in clear text anywhere on the CLI. • The CLI supports TACACS+ and RADIUS authentication servers. • The CLI allows the user to configure primary and secondary authentication servers. User Accounts Management The CLI provides authentication for access, it is used if all else fails. The serial interface is booted. The setup wizard asks the user to create the initial administrator account and password at the time...
... saved internally in encrypted format and never appears in clear text anywhere on the CLI. • The CLI supports TACACS+ and RADIUS authentication servers. • The CLI allows the user to configure primary and secondary authentication servers. User Accounts Management The CLI provides authentication for access, it is used if all else fails. The serial interface is booted. The setup wizard asks the user to create the initial administrator account and password at the time...
CLI Reference Guide
Page 529
... enabled on port 1/g2 to 3. Use the no version of the command to reset the maximum number of clients supported on the port when MAC-based 802.1X authentication is 8. Example The following example sets the number of times that can authenticate on the port. console(config-if-1/g2)#dot1x max-users 3 802.1X Commands 529 Example The following command limits the number of devices that the switch sends an EAP-request/identity frame to 6. Command Mode Interface Configuration (Ethernet) mode User...
... enabled on port 1/g2 to 3. Use the no version of the command to reset the maximum number of clients supported on the port when MAC-based 802.1X authentication is 8. Example The following example sets the number of times that can authenticate on the port. console(config-if-1/g2)#dot1x max-users 3 802.1X Commands 529 Example The following command limits the number of devices that the switch sends an EAP-request/identity frame to 6. Command Mode Interface Configuration (Ethernet) mode User...