Configuration Guide
Page 15
... table for a specific MAC address . .537 Displaying allowed MAC addresses 538 Displaying denied MAC addresses 538 Displaying detailed MAC-VLAN data 539 Displaying MAC-VLAN information for a specific interface . . .541 Displaying MAC addresses in a MAC-based VLAN 542 Displaying MAC-based VLAN logging 543 Clearing MAC-VLAN information 543 Sample application 543 Configuring Rule-Based IP Access Control Lists (ACLs) ACL overview 548 Types of IP ACLs 548 ACL IDs and entries 548 Numbered and named ACLs 549 Default ACL action 549 How hardware-based ACLs work 550 How fragmented packets...
... table for a specific MAC address . .537 Displaying allowed MAC addresses 538 Displaying denied MAC addresses 538 Displaying detailed MAC-VLAN data 539 Displaying MAC-VLAN information for a specific interface . . .541 Displaying MAC addresses in a MAC-based VLAN 542 Displaying MAC-based VLAN logging 543 Clearing MAC-VLAN information 543 Sample application 543 Configuring Rule-Based IP Access Control Lists (ACLs) ACL overview 548 Types of IP ACLs 548 ACL IDs and entries 548 Numbered and named ACLs 549 Default ACL action 549 How hardware-based ACLs work 550 How fragmented packets...
Configuration Guide
Page 30
Setting up local user accounts 1154 Enhancements to username and password 1154 Configuring a local user account 1158 Create password option 1160 Changing a local user password 1161 Configuring SSL security for the Web Management Interface . . .1161 Enabling the SSL server on the Dell PowerConnect device .1161 Changing the SSL server certificate key size 1162 Support for SSL digital certificates larger than 2048 bytes 1162 Importing digital certificates and RSA private key files. . . . 1162 Generating an SSL certificate 1163...
Setting up local user accounts 1154 Enhancements to username and password 1154 Configuring a local user account 1158 Create password option 1160 Changing a local user password 1161 Configuring SSL security for the Web Management Interface . . .1161 Enabling the SSL server on the Dell PowerConnect device .1161 Changing the SSL server certificate key size 1162 Support for SSL digital certificates larger than 2048 bytes 1162 Importing digital certificates and RSA private key files. . . . 1162 Generating an SSL certificate 1163...
Configuration Guide
Page 99
... they support. Dell PowerConnect devices have two flash memory modules: • Primary flash - You can use the secondary flash to store redundant images for additional booting reliability or to "PowerConnect B-Series FCX hitless stacking" on page 162 Block size for TFTP file transfers Yes Software reboot Yes Show boot preference Yes Load and save configuration files Yes System reload scheduling Yes Diagnostic error codes and remedies for image files and configuration files. • Secondary flash - By default, the...
... they support. Dell PowerConnect devices have two flash memory modules: • Primary flash - You can use the secondary flash to store redundant images for additional booting reliability or to "PowerConnect B-Series FCX hitless stacking" on page 162 Block size for TFTP file transfers Yes Software reboot Yes Show boot preference Yes Load and save configuration files Yes System reload scheduling Yes Diagnostic error codes and remedies for image files and configuration files. • Secondary flash - By default, the...
Configuration Guide
Page 160
... you need to save changes across reloads, you make configuration changes to the unit. The configuration mode contains sub-levels for individual ports, for VLANs, for authentication. To secure access, you can configure Enable passwords or local user accounts, or you remove the Active Controller or any user who can open a serial or Telnet connection to the IronStack can be configured and managed using the command line interface (CLI) over a serial connection to a console port, or using Brocade Network Advisor. Input and...
... you need to save changes across reloads, you make configuration changes to the unit. The configuration mode contains sub-levels for individual ports, for VLANs, for authentication. To secure access, you can configure Enable passwords or local user accounts, or you remove the Active Controller or any user who can open a serial or Telnet connection to the IronStack can be configured and managed using the command line interface (CLI) over a serial connection to a console port, or using Brocade Network Advisor. Input and...
Configuration Guide
Page 200
... discovery process is triggered when secure-setup is an election that the configurations of the stack ports on the Standby Controller or stack member directly, these units 158 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Troubleshooting unit replacement issues If you issue the "stack unconfigure me" command on the Active Controller match the physical connections to startup-config.old. Configuration, startup configuration files and stacking flash Stacking system behavior is already active...
... discovery process is triggered when secure-setup is an election that the configurations of the stack ports on the Standby Controller or stack member directly, these units 158 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Troubleshooting unit replacement issues If you issue the "stack unconfigure me" command on the Active Controller match the physical connections to startup-config.old. Configuration, startup configuration files and stacking flash Stacking system behavior is already active...
Configuration Guide
Page 326
... guard automatically sets the port back to learning, and eventually to securely enforce the topology of a switched layer 2 network. PowerConnect(config-vlan-1)#RSTP: Received BPDU on BPDU guard enabled Port 23 (vlan=1),errdisable Port 23 Root guard The standard STP (802.1D), RSTP (802.1W) or 802.1S does not provide any way for a network administrator to a forwarding state through the spanning-tree algorithm. 284 PowerConnect B-Series FCX Configuration Guide 53...
... guard automatically sets the port back to learning, and eventually to securely enforce the topology of a switched layer 2 network. PowerConnect(config-vlan-1)#RSTP: Received BPDU on BPDU guard enabled Port 23 (vlan=1),errdisable Port 23 Root guard The standard STP (802.1D), RSTP (802.1W) or 802.1S does not provide any way for a network administrator to a forwarding state through the spanning-tree algorithm. 284 PowerConnect B-Series FCX Configuration Guide 53...
Configuration Guide
Page 449
... disabled. Configuring a trunk group 12 The to keyword indicates that you are specifying a range. To delete a trunk group, use the CLI command no trunk ethernet to [ethernet to ]... PowerConnect(config)#no trunk ethernet 1/1 to 1/2 ethernet 3/3 to specify a list. The variable specifies an individual port. Specify the variable in front of ports in a static trunk group You can enter the ethernet parameter multiple times to 3/4 Syntax: no link-aggregate active | passive. Specifying the minimum number of the command you used...
... disabled. Configuring a trunk group 12 The to keyword indicates that you are specifying a range. To delete a trunk group, use the CLI command no trunk ethernet to [ethernet to ]... PowerConnect(config)#no trunk ethernet 1/1 to 1/2 ethernet 3/3 to specify a list. The variable specifies an individual port. Specify the variable in front of ports in a static trunk group You can enter the ethernet parameter multiple times to 3/4 Syntax: no link-aggregate active | passive. Specifying the minimum number of the command you used...
Configuration Guide
Page 598
... ] [log] [precedence | ] [tos | ] [traffic policy ] Syntax: [no] access-list deny | permit host any any Syntax: [no] ip access-group in this ACL deny packets from three source IP addresses from being forwarded on the following well-known names or any IP protocol number from a specified source IP address to a specific website by the first three ACL entries. 16 Configuring extended numbered ACLs The commands in 556 PowerConnect B-Series FCX Configuration Guide...
... ] [log] [precedence | ] [tos | ] [traffic policy ] Syntax: [no] access-list deny | permit host any any Syntax: [no] ip access-group in this ACL deny packets from three source IP addresses from being forwarded on the following well-known names or any IP protocol number from a specified source IP address to a specific website by the first three ACL entries. 16 Configuring extended numbered ACLs The commands in 556 PowerConnect B-Series FCX Configuration Guide...
Configuration Guide
Page 698
... network, and makes entries in the passive mode does not send queries. To globally set the IGMP mode to active, enter the following command to disabled ports. This prevents the disabled port from these groups is switched in hardware, and is VLAN flooded, including to define the maximum number of IGMP group addresses. Client memberships exceeding the group limits are defined, the traffic from receiving multicast traffic. However, it forwards...
... network, and makes entries in the passive mode does not send queries. To globally set the IGMP mode to active, enter the following command to disabled ports. This prevents the disabled port from these groups is switched in hardware, and is VLAN flooded, including to define the maximum number of IGMP group addresses. Client memberships exceeding the group limits are defined, the traffic from receiving multicast traffic. However, it forwards...
Configuration Guide
Page 757
... Identification Number (ELIN) from 10 to 25 digits in the CLI display output on the Dell PowerConnect device (show lldp local-info). + MED Location ID Data Format: ECS ELIN Value : 4082071700 Defining an LLDP-MED network policy An LLDP-MED network policy defines an Endpoint VLAN configuration (VLAN type and VLAN ID) and associated Layer 2 and Layer 3 priorities that apply to a specific set of applications on a port.
... Identification Number (ELIN) from 10 to 25 digits in the CLI display output on the Dell PowerConnect device (show lldp local-info). + MED Location ID Data Format: ECS ELIN Value : 4082071700 Defining an LLDP-MED network policy An LLDP-MED network policy defines an Endpoint VLAN configuration (VLAN type and VLAN ID) and associated Layer 2 and Layer 3 priorities that apply to a specific set of applications on a port.
Configuration Guide
Page 935
... PowerConnect B-Series FCX Configuration Guide 893 53-1002266-01 Enter a command such as the following global and VLAN-specific tasks. Global tasks: • Configuring hardware and software resource limits • Disabling transmission and receipt of MLD packets on Stackable devices consists of the following to define the maximum number of hardware-switched multicast streams. The configurable range is 512. Configuring MLD snooping 27 NOTE To avoid version deadlock, when an interface...
... PowerConnect B-Series FCX Configuration Guide 893 53-1002266-01 Enter a command such as the following global and VLAN-specific tasks. Global tasks: • Configuring hardware and software resource limits • Disabling transmission and receipt of MLD packets on Stackable devices consists of the following to define the maximum number of hardware-switched multicast streams. The configurable range is 512. Configuring MLD snooping 27 NOTE To avoid version deadlock, when an interface...
Configuration Guide
Page 1180
... on configuring ACLs. Each of a standard ACL and must be from specific MAC addresses • Allowing remote access only to clients connected to a specific VLAN • Specifically disabling Telnet, Web Management Interface, or SNMP access to the device The following sections present examples of how to access the device. 2. To configure a more information on a Dell PowerConnect device: • Telnet • SSH • Web management • SNMP Consider the following . Refer to all IP addresses except those listed in ACL 10. The commands above configure ACL 10...
... on configuring ACLs. Each of a standard ACL and must be from specific MAC addresses • Allowing remote access only to clients connected to a specific VLAN • Specifically disabling Telnet, Web Management Interface, or SNMP access to the device The following sections present examples of how to access the device. 2. To configure a more information on a Dell PowerConnect device: • Telnet • SSH • Web management • SNMP Consider the following . Refer to all IP addresses except those listed in ACL 10. The commands above configure ACL 10...
Configuration Guide
Page 1186
... VLAN. The default is 4 attempts. Restricting remote access to the device to specific VLAN IDs You can restrict management access to a Dell PowerConnect device to 5 minutes, enter the following command: PowerConnect(config)# telnet login-timeout 5 Syntax: [no ] telnet login-retries You can access the device are clients that is restricted to enter a correct username and password. VLAN-based access control works in conjunction with other access control methods. For example, suppose you configure an ACL to permit Telnet access only to a port...
... VLAN. The default is 4 attempts. Restricting remote access to the device to specific VLAN IDs You can restrict management access to a Dell PowerConnect device to 5 minutes, enter the following command: PowerConnect(config)# telnet login-timeout 5 Syntax: [no ] telnet login-retries You can access the device are clients that is restricted to enter a correct username and password. VLAN-based access control works in conjunction with other access control methods. For example, suppose you configure an ACL to permit Telnet access only to a port...
Configuration Guide
Page 1198
... password when password-masking is deleted from the configuration 1156 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 The password aging feature uses the SNTP server clock to sign on. username waldo password ..... 32 Setting up local user accounts Enabling user password masking By default, when you use the CLI to create a user password, the password displays on the console as set-time 0 in the output of the show running configuration command. The following shows the default CLI behavior when configuring a username and password. Syntax: username password...
... password when password-masking is deleted from the configuration 1156 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 The password aging feature uses the SNTP server clock to sign on. username waldo password ..... 32 Setting up local user accounts Enabling user password masking By default, when you use the CLI to create a user password, the password displays on the console as set-time 0 in the output of the show running configuration command. The following shows the default CLI behavior when configuring a username and password. Syntax: username password...
Configuration Guide
Page 1242
... the user, the user is set up to check both the username and password, the string contains the username, followed by the command no ] aaa authentication snmp-server | web-server | enable | login default [] [] [] [] [] [] The snmp-server | web-server | enable | login parameter specifies the type of the following . For more information, see snAgGblPassword in the IronWare MIB Reference Guide. PowerConnect(config)#aaa authentication enable default radius local Command Syntax The following is not performed for SNMP SET requests. When this authentication-method list controls. If...
... the user, the user is set up to check both the username and password, the string contains the username, followed by the command no ] aaa authentication snmp-server | web-server | enable | login default [] [] [] [] [] [] The snmp-server | web-server | enable | login parameter specifies the type of the following . For more information, see snAgGblPassword in the IronWare MIB Reference Guide. PowerConnect(config)#aaa authentication enable default radius local Command Syntax The following is not performed for SNMP SET requests. When this authentication-method list controls. If...
Configuration Guide
Page 1402
PowerConnect#show interfaces ethernet 3 GigabitEthernet3 is up, line protocol is up Hardware is GigabitEthernet, address is 00e0.5200.0002 (bia 00e0.5200.0002) Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx Configured mdi mode AUTO, actual MDI Member of L2 VLAN ID 1, port is untagged, port state is FORWARDING BPDU guard is Disabled, ROOT protect is Disabled Link Error Dampening is Disabled STP configured to ON, priority is level0 Flow Control is config enabled, oper enabled, negotiation disabled mirror disabled, monitor disabled Not member...
PowerConnect#show interfaces ethernet 3 GigabitEthernet3 is up, line protocol is up Hardware is GigabitEthernet, address is 00e0.5200.0002 (bia 00e0.5200.0002) Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx Configured mdi mode AUTO, actual MDI Member of L2 VLAN ID 1, port is untagged, port state is FORWARDING BPDU guard is Disabled, ROOT protect is Disabled Link Error Dampening is Disabled STP configured to ON, priority is level0 Flow Control is config enabled, oper enabled, negotiation disabled mirror disabled, monitor disabled Not member...
Hardware Installation Guide
Page 18
... Link LED is connected. 1 Hardware features FIGURE 9 Four-port 10 Gbps SFP+ module FCX-4XG X1 X2 X3 X4 TABLE 6 LED Four-port 10 Gbps SFP+ module status LEDs Condition Status Link or Act LED (Link or On or flashing Green Port has a valid link at the global level and the stack disable CLI command must be entered at 10 Gbps. The stack disable CLI command must be configured on a four-port 10 Gbps SFP+ module (optional) using standard duplex LC cables. Port, system, and power status LEDs for PowerConnect B-FCX624s and PowerConnect...
... Link LED is connected. 1 Hardware features FIGURE 9 Four-port 10 Gbps SFP+ module FCX-4XG X1 X2 X3 X4 TABLE 6 LED Four-port 10 Gbps SFP+ module status LEDs Condition Status Link or Act LED (Link or On or flashing Green Port has a valid link at the global level and the stack disable CLI command must be entered at 10 Gbps. The stack disable CLI command must be configured on a four-port 10 Gbps SFP+ module (optional) using standard duplex LC cables. Port, system, and power status LEDs for PowerConnect B-FCX624s and PowerConnect...
Hardware Installation Guide
Page 44
... to set the port configuration and read-only passwords: PowerConnect(config)# enable port-config-password PowerConnect(config)# enable read -only-password | port-config-password Passwords can be up to enter the boot monitor mode. 4. Enter the following procedure. Use the following command to change to the Dell device. 2. However, if someone has configured a password for the device but the password has been lost password By default, the CLI does not require passwords. NOTE Recovery from a lost , you can regain super user access to the serial port and a system reset...
... to set the port configuration and read-only passwords: PowerConnect(config)# enable port-config-password PowerConnect(config)# enable read -only-password | port-config-password Passwords can be up to enter the boot monitor mode. 4. Enter the following procedure. Use the following command to change to the Dell device. 2. However, if someone has configured a password for the device but the password has been lost password By default, the CLI does not require passwords. NOTE Recovery from a lost , you can regain super user access to the serial port and a system reset...
Web Management Interface User Guide
Page 16
... enable or disable port-based VLANs, protocol-based VLANs, Quality of the Web Management Interface • [Site Map] - All configuration panels also have the following links: • [Home] - Returns you to the Identification panel by selecting Configure > System > Identification, you can use the hyperlink displayed in the Web Management Interface. 6 PowerConnect B-Series FCX Web Management Interface User Guide 53-1002268-01 For example, instead of navigating to the home page of Service (QoS), Spanning Tree Protocol (STP), IP Multicast...
... enable or disable port-based VLANs, protocol-based VLANs, Quality of the Web Management Interface • [Site Map] - All configuration panels also have the following links: • [Home] - Returns you to the Identification panel by selecting Configure > System > Identification, you can use the hyperlink displayed in the Web Management Interface. 6 PowerConnect B-Series FCX Web Management Interface User Guide 53-1002268-01 For example, instead of navigating to the home page of Service (QoS), Spanning Tree Protocol (STP), IP Multicast...
Web Management Interface User Guide
Page 80
... Single Port Enables you to define the source port system. 70 PowerConnect B-Series FCX Web Management Interface User Guide 53-1002268-01 Port Range Enables you to specify the destination port range from low to specify a single source port. Port Range Enables you to specify the source port range from low to form a connection. The software uses the lowest-numbered IP address configured on the port or interface as the source IP address. 4 Configuring an extended ACL ACL Number Action...
... Single Port Enables you to define the source port system. 70 PowerConnect B-Series FCX Web Management Interface User Guide 53-1002268-01 Port Range Enables you to specify the destination port range from low to specify a single source port. Port Range Enables you to specify the source port range from low to form a connection. The software uses the lowest-numbered IP address configured on the port or interface as the source IP address. 4 Configuring an extended ACL ACL Number Action...