Dfz switch setup

From Delft Solutions
Revision as of 08:05, 3 September 2025 by Vincent (talk | contribs) (Created page with "== Dell PowerConnect 8132 == This is currently dfz2 === Prerequisites === * Physicial access to the switch * Ethernet cable * Serial to x cable * Computer with x port and ethernet port * Host entry in IPA for the switch with the exact hostname * Ask Max in advance to make time to create a signed certificate from a certificate signing request (last time took multiple hours) === Initial setup === <START SERIAL CONNECTION TO SWITCH> Prefer to use another serial emulator...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Dell PowerConnect 8132

This is currently dfz2

Prerequisites

  • Physicial access to the switch
  • Ethernet cable
  • Serial to x cable
  • Computer with x port and ethernet port
  • Host entry in IPA for the switch with the exact hostname
  • Ask Max in advance to make time to create a signed certificate from a certificate signing request (last time took multiple hours)

Initial setup

<START SERIAL CONNECTION TO SWITCH> Prefer to use another serial emulator (e.g. minicom) but this is what we know for now

  • screen /dev/tty.usbserial-AB87E34V 9600 # /dev/<device> may be different on your machine, 9600 is the baud/data-rate and is default for the switch
  • enable

SKIP NEXT STEP WHEN IN BROKEN STATE

  • copy startup-config backup-config
  • configure
  • interface vlan 1
  • ip address 192.168.0.10 255.255.0.0
  • exit
  • exit
  • show ip interface vlan 1

<END SERIAL CONNECTION TO SWITCH>

<START WEBGUI CONFIGURE VLAN ADMIN ON PORT 1>

  • connect ethernet cable to switch
  • set your local ip address to e.g. 192.168.0.9/16
  • navigate to (http://)192.168.0.10
  • login
  • Switching > VLAN > VLAN Membership
  • Add (VLAN ID <ADMIN_VLAN_ID>; VLAN NAME "admin")
  • Add (VLAN ID <DFZ_VLAN_ID>; VLAN NAME "dfz")
  • Detail
  • Show VLAN <DFZ_VLAN_ID>-dfz
  • Select all ports which should be part of this VLAN
  • Click "Apply"
  • repeat for VLAN <ADMIN_VLAN_ID>-admin with port 1 (and possibly 2 or more) # Once you hit Apply you will lose connection to the webgui as there is no ip address set for interface vlan <ADMIN_VLAN_ID>

<END WEBGUI CONFIGURE VLAN ADMIN ON PORT 1>

<START SERIAL CONNECTION TO SWITCH>

  • enable
  • configure
  • interface vlan <ADMIN_VLAN_ID>
  • ipv6 address <IPV6_ADDRESS>
  • ipv6 enable
  • exit
  • exit
  • show ipv6 interface vlan <ADMIN_VLAN_ID>
  • configure
  • interface vlan 1
  • no ip address
  • exit
  • exit
  • show ip interface vlan 1
  1. PERSIST CONFIG
  • copy running-config startup-config

SSL Certificate

  • Connect your computer to ethernet port 1 (or any other port on the admin vlan).
  • Navigate to switch webinterface.
  • Navigate to System > Management Security > HTTPS (Unsure about exact menu headings)
  • Here fill in hostname (SAME AS HOST CREATED IN IPA) for the switch as name, country: "NL", organization-name: "Delft Solutions", key length: 2048, duration: 365
  • Click Generate certificate
  • Navigate to System > File management > Upload files
  • From this view, using the HTTP method, downloa the relevant certificate and key files
  • In your terminal, generate a Certificate Signing Request (CSR) with openssl x509 -in sslt_cert1.pem -signkey sslt_key1.pem -x509toreq -out domain.csr
  • Give Max the resulting CSR and ask him to create the signed certificate for the host
  • When certificate has been generated successfully, download it from IPA
  • Establish serial connection to switch
  • enable
  • configure
  • crypto certificate <CERT_NUMBER> import
  • paste signed certificate
  • In webinterface, verify the newly signed certificate is now present
  • In webinterface, enable HTTPS admin mode
  • Navigate to https://<SWITCH_URL> in order to confirm HTTPS is enabled and the certificate is valid
  • login
  • save configuration
Retrieved from "https://docs.delftsolutions.nl/index.php?title=Dfz_switch_setup&oldid=633"