Databáza poznatkov

How to set up management access for the N2000, N3000, and N4000 series switches.


Table of Contents

  1. Setting a management IP address
  2. Setting Login access on the switch
  3. Choosing Telnet, HTTP, SSH, or HTTPS for management
  4. Saving configuration

Article description: This article explains how to set up different management options for the N series switches, and explains the recommended settings


Setting a management IP address

A reachable IP address is needed to manage the switch when not using a serial connection. To set an IP address, input the following commands.
This example uses VLAN 1, the default VLAN, and the IP 192.168.0.250 /24.

console>enable

console#configure

console(config)#interface vlan 1

console(config-if)#ip address 192.168.0.250 255.255.255.0

Note: On the N3000 and N4000 switches there is an out of band port that can be used for managing the switch.
Here is the same example but using the out-of-band (OOB) interface.

console(config)#interface out-of-band

console(config-if)#ip address 192.168.0.250 255.255.255.0

It is recommended to use the OOB interface to manage your switch when available. The OOB interface is separate from the switching silicon,
and reaches the CPU directly. If the production network is experiencing issues, you can still reach the switch through the OOB interface.

Note: Plug the OOB interface into a separate management network, and do not plug it back into the inbound ports on the switch.

It is recommended when using a VLAN to manage your network, to make a separate VLAN just for management.
This separates management traffic from your data traffic. This not only helps with performance, but also slightly increases security.
You can manage the switch through any reachable VLAN IP address.

If managing the switch from an external network, you must assign the switch a Default Gateway it can use to reach other networks.
The following command uses 192.168.0.1 as the Default Gateway address.

console(config)#ip default-gateway 192.168.0.1


Setting login access on the switch.

To manage the switch you will need a username and password. To manage the switch via telnet or SSH, it is best practice to have an enable password. Input the following commands to configure login access. This is an example with the username as Dell, and password as MYPASSWORD. The enable password example uses ENP@$$w0rd. These are just examples and you should use more complicated, hard to guess credentials to secure your switch.

console>enable

console#configure

console(config)#username Dell password MYPASSWORD privilege 15

console(config)#enable password ENP@$$w0rd

Note: You may make multiple users on the switch, as well as different levels/privilege level of access. 0 is no access, 1 in read only, and 15 is read and write.

Choosing Telnet, HTTP, SSH, or HTTPS for management

The default allowed protocols for management are Telnet and HTTP. Telnet and SSH provides command line based management through a tool such as Putty or Terraterm.
HTTP and HTTPS provides a GUI based management through a web browser. It is possible to run all four, or none of the protocols. If all are disabled the last management available is serial.

For security, it is recommended to turn off Telnet and HTTP, and enable SSH and/or HTTPS. Telnet and HTTP transfer packets over plain text,
meaning if a person is capturing traffic, he can read all commands of functions pushed through the switch when managing it. SSH and HTTPS encrypts the packets which strengthens the packet security.

To enable SSH and HTTPS input the following commands. SSH and HTTPS requires you to generate a DSA and RSA key. HTTPS requires you create a certificate.

console(config)#crypto key generate dsa

console(config)#crypto key generate rsa

console(config)#ip ssh server

console(config)#crypto certificate 1 generate

console(config-crypto-cert)#key-generate

console(config-crypto-cert)#exit

console(config)#ip http secure-server

To disable Telnet and HTTP input the following commands.

It is required to run these settings while already managing the switch through HTTPS, SSH, or serial connection as disabling the service will disconnect you from the switch.

console(config)#ip telnet server disable

console(config)#no ip http server


Saving configuration

When satisfied with the configuration, you must save it so that if the switch reboots, it keeps it’s configuration. Input the following command to save your configuration.

console#wr

This operation may take a few minutes.

Management interfaces will not be available during this time.

Are you sure you want to save? (y/n) y

Note: For more details on configuring specific management options, please refer to the User’s Configuration Guide and CLI Reference Guide.






Identifikátor článku: HOW10399

Dátum poslednej zmeny: 10/25/2017 04:32 PM


Ohodnotiť tento článok

Presné
Užitočné
Jednoducho pochopiteľné
Bol pre vás tento článok užitočný?
Áno Nie
Pošlite nám pripomienky.
Poznámky nemôžu obsahovať nasledujúce špeciálne znaky: <>()\
Ľutujeme, náš systém odosielania pripomienok je momentálne nefunkčný. Skúste znova neskôr.

Ďakujeme vám za pripomienky.