Vincent at 20:39, 3 September 2025

2025-09-03T20:39:51Z

← Older revision		Revision as of 13:39, 3 September 2025
Line 87:		Line 87:
	* login		* login
	* save configuration		* save configuration

			==== When overwriting certs and/or keys ====

			Generated Key+CSR with OpenSSL in RSA 2048Bit SHA-256.The naming of the key on the switch is sslt_key1.pem and the cert is sslt_cert1.pem. Copy these files to flash:// and they override the existing ones, reload the website and it's working.

Vincent: Created page with "== Dell PowerConnect 8132 == This is currently dfz2 === Prerequisites === * Physicial access to the switch * Ethernet cable * Serial to x cable * Computer with x port and ethernet port * Host entry in IPA for the switch with the exact hostname * Ask Max in advance to make time to create a signed certificate from a certificate signing request (last time took multiple hours) === Initial setup === Prefer to use another serial emulator..."

2025-09-03T16:05:46Z

Created page with "== Dell PowerConnect 8132 == This is currently dfz2 === Prerequisites === * Physicial access to the switch * Ethernet cable * Serial to x cable * Computer with x port and ethernet port * Host entry in IPA for the switch with the exact hostname * Ask Max in advance to make time to create a signed certificate from a certificate signing request (last time took multiple hours) === Initial setup === <START SERIAL CONNECTION TO SWITCH> Prefer to use another serial emulator..."

New page

== Dell PowerConnect 8132 ==
This is currently dfz2

=== Prerequisites ===
* Physicial access to the switch
* Ethernet cable
* Serial to x cable
* Computer with x port and ethernet port
* Host entry in IPA for the switch with the exact hostname
* Ask Max in advance to make time to create a signed certificate from a certificate signing request (last time took multiple hours)

=== Initial setup ===

<START SERIAL CONNECTION TO SWITCH>
Prefer to use another serial emulator (e.g. minicom) but this is what we know for now
* screen /dev/tty.usbserial-AB87E34V 9600 # /dev/<device> may be different on your machine, 9600 is the baud/data-rate and is default for the switch
* enable

SKIP NEXT STEP WHEN IN BROKEN STATE
* copy startup-config backup-config

* configure
* interface vlan 1
* ip address 192.168.0.10 255.255.0.0
* exit
* exit
* show ip interface vlan 1

<END SERIAL CONNECTION TO SWITCH>

<START WEBGUI CONFIGURE VLAN ADMIN ON PORT 1>
* connect ethernet cable to switch
* set your local ip address to e.g. 192.168.0.9/16
* navigate to (http://)192.168.0.10
* login
* Switching > VLAN > VLAN Membership
* Add (VLAN ID <ADMIN_VLAN_ID>; VLAN NAME "admin")
* Add (VLAN ID <DFZ_VLAN_ID>; VLAN NAME "dfz")
* Detail
* Show VLAN <DFZ_VLAN_ID>-dfz
* Select all ports which should be part of this VLAN
* Click "Apply"
* repeat for VLAN <ADMIN_VLAN_ID>-admin with port 1 (and possibly 2 or more) # Once you hit Apply you will lose connection to the webgui as there is no ip address set for interface vlan <ADMIN_VLAN_ID>

<END WEBGUI CONFIGURE VLAN ADMIN ON PORT 1>

<START SERIAL CONNECTION TO SWITCH>

* enable
* configure
* interface vlan <ADMIN_VLAN_ID>
* ipv6 address <IPV6_ADDRESS>
* ipv6 enable
* exit
* exit
* show ipv6 interface vlan <ADMIN_VLAN_ID>
* configure
* interface vlan 1
* no ip address
* exit
* exit
* show ip interface vlan 1

# PERSIST CONFIG
* copy running-config startup-config

=== SSL Certificate ===

* Connect your computer to ethernet port 1 (or any other port on the admin vlan).
* Navigate to switch webinterface.
* Navigate to System > Management Security > HTTPS (Unsure about exact menu headings)
* Here fill in hostname (SAME AS HOST CREATED IN IPA) for the switch as name, country: "NL", organization-name: "Delft Solutions", key length: 2048, duration: 365
* Click Generate certificate
* Navigate to System > File management > Upload files
* From this view, using the HTTP method, downloa the relevant certificate and key files
* In your terminal, generate a Certificate Signing Request (CSR) with <code>openssl x509 -in sslt_cert1.pem -signkey sslt_key1.pem -x509toreq -out domain.csr</code>
* Give Max the resulting CSR and ask him to create the signed certificate for the host
* When certificate has been generated successfully, download it from IPA
* Establish serial connection to switch
* <code>enable</code>
* <code>configure</code>
* <code>crypto certificate <CERT_NUMBER> import</code>
* paste signed certificate
* In webinterface, verify the newly signed certificate is now present
* In webinterface, enable HTTPS admin mode
* Navigate to https://<SWITCH_URL> in order to confirm HTTPS is enabled and the certificate is valid
* login
* save configuration

Dfz switch setup - Revision history

Vincent at 20:39, 3 September 2025