Differences

This shows you the differences between two versions of the page.

--- dell:switch:dell_emc_switch_n3048p [2024/06/22 11:22] – created aperez
+++ dell:switch:dell_emc_switch_n3048p [2025/09/09 19:12] (current) – aperez
@@ Line 1: / Line 1: @@
+====== Dell EMC Networking N-Series N1100-ON, N1500, N2000, N2100-ON, N3000, N3000-ON, N3100-ON, and N4000 Switches ======
+----
+----
+  * DELL-N3048P-S#**show interfaces status | include Up**
+----
+----
-====== Dell EMC Networking N-Series N1100-ON, N1500, N2000, N2100-ON, N3000, N3000-ON, N3100-ON, and N4000 Switches CLI Reference Guide ======
+CLI Reference Guide ======
 {{ :aruba_networks:switch:all-products_esuprt_ser_stor_net_esuprt_networking_esuprt_net_fxd_prt_swtchs_networking-n3000-series_user_s-guide11_en-us.pdf |}}
@@ Line 8: / Line 20: @@
 ----
 ----
+====== Setting a management IP address ======
+  console> enable
+  console# configure
+  console(config)# interface vlan 1
+  console(config-if)#ip address 192.168.0.250 255.255.255.0
+**Here is the same example as above but using the OOB interface:**
+  console(config)# interface out-of-band
+  console(config-if)# ip address 192.168.0.250 255.255.255.0
+**IP default-gateway**
+  console(config)# ip default-gateway 192.168.0.1
+----
+----
+====== Setting login access on the switch ======
+  console> enable
+  console# configure
+  console(config)# username Dell password MYPASSWORD privilege 15
+  console(config)# enable password ENP@$$w0rd
+----
+----
+====== Choosing Telnet, HTTP, SSH, or HTTPS for management ======
+The default allowed protocols for management are Telnet and HTTP. Telnet and SSH provide command-line based management through a tool such as PuTTY. HTTP and HTTPS provide a UI-based management through a web browser. It is possible to run all four, or none of the protocols. With all the previous options disabled, there is still the option of serial console.
+For security, it is recommended to disable Telnet and HTTP, and enable SSH and HTTPS. Telnet and HTTP transfer packets over plain text, meaning if a person is capturing traffic, they can read all commands of functions pushed through the switch when managing it. SSH and HTTPS encrypt the traffic, which strengthens the packet security.
+To enable SSH and HTTPS, input the following commands. SSH and HTTPS require the generation of a DSA and an RSA key. HTTPS requires the creation of a certificate.
+  console(config)# no ip ssh server
+  console(config)# crypto key generate dsa
+  console(config)# crypto key generate rsa
+  console(config)# ip ssh server
+  Note: Caution: Before disabling either telnet or HTTP access, verify SSH or HTTPS access.
+  console(config)# ip telnet server disable
+  console(config)# no ip http secure-server
+  console(config)# crypto certificate 1 generate
+  console(config-crypto-cert)# key-generate
+  console(config-crypto-cert)# exit
+  console(config)# ip http secure-certificate <1 - 2> Instance of the certificate to be activated.
+  console(config)# ip http secure-server
+  Note:This system can generate and store two certificates. To generate the second key, replace the number 1 with
+. To activate the second key, use:
+  console(config)# ip http secure-certificate 2
+  console(config)# no ip http server
+  console(config)#end
+  console# write
+  console# copy running-config startup-config
+**To enable SSH, input the following commands**
+  enable
+  configure
+  Generate both the RSA and DSA keys:
+  no ip ssh server
+  crypto key generate rsa
+  crypto key generate dsa
+  Now, you can enable the SSH server:
+  ip ssh server
+  Optionally: you can also change the default listen port:
+  ip ssh port 22
+  With more recent firmware versions, you are no longer able to change the SSH protocol version. It is now always
+. But if you are still running an older version, you could set the protocol version:
+  ip ssh protocol 2
+  Optionally: after enabling SSH, you can optionally disable Telnet:
+  ip telnet server disable
+  Go back to EXEC mode and write the changes to flash:
+  exit
+  copy running-config startup-config
+----
+----
+**To disable Telnet and HTTP input the following commands:**
+  console(config)# ip telnet server disable
+  console(config)# no ip http server
+----
+----
+====== Saving configuration ======
+When satisfied with the configuration, it must be saved so that if the switch reboots, and the configuration is persistent. Input the following command to save your configuration:
+  console# write memory
+  This operation may take a few minutes.
+  Management interfaces will not be available during this time.
+  Are you sure you want to save? (y/n) y
+----
+----
+====== How to Configure a Static or Dynamic Port-Channel on a Dell Networking N Series switch running OS6 (Dell EMC Networking Switch N3048P)======
+----
+''**Creating a dynamic port channel using Link Aggregation Control Protocol (LACP)**''
+Configure the respective interfaces to the appropriate port channel number, 1-128, using the interface range command. This example uses the interfaces tengigabitethernet 1/0/1 and tengigabitethernet 1/0/2:
+  N-Series> en
+  N-Series# conf
+  N-Series(config)# interface tengigabitethernet 1/0/1
+  N-Series(config-if)# channel-group 1 mode active
+  N-Series(config-if)# exit
+  N-Series(config)# interface tengigabitethernet 1/0/2
+  N-Series(config-if)# channel-group 1 mode active
+  Note: Avoid using all when configuring a port range for port channels. Specify the exact interfaces.
+**Configure the switchport mode and VLAN membership inside the port channel interface. The below command shows how to enter the port channel interface configuration:**
+  N-Series(config-if)# interface port-channel 1
+**Verify that the respective port channel is active with the command:**
+  N-Series# show interface port-channel 1
+**Copy the configuration changes to the startup configuration with the command:**
+  N-Series# copy running-config startup-config
+  This operation may take a few minutes. Management interfaces are not available during this time.
+**The prompt "Are you sure you want to save?" is seen. Answer (y or n)**
+  Configuration Saved!
+----
+''**Creating a Static port channel**''
+**This process differs in only the first step from above - the definition of the channel group mode (on vs active).**
+  N-Series> en
+  N-Series# conf
+  N-Series(config)# interface tengigabitethernet 1/0/1
+  N-Series(config-if)# channel-group 1 mode on
+  N-Series(config-if)# exit
+  N-Series(config)# interface tengigabitethernet 1/0/2
+  N-Series(config-if)# channel-group 1 mode on
+**The remaining steps are identical to the previous section "Creating a dynamic port channel using Link Aggregation Control Protocol (LACP)"**
+----
+----
+====== Example code ======
+----
   !Current Configuration:
@@ Line 30: / Line 218: @@
   name "ISP2"
   exit
   vlan 504
   name "ISP3"
   exit
@@ Line 53: / Line 241: @@
   vlan 511
   name "Students"
   exit
   vlan 512
   name "Accounting"
@@ Line 76: / Line 264: @@
   exit
   vlan 519
   name "IoT"
   exit
   vlan 520
@@ Line 96: / Line 284: @@
   name "VLAN525"
   exit
+  ip telnet server disable
   slot 1/0 5    ! Dell EMC Networking N3048P
   slot 1/1 6    ! Dell EMC N3000 SFP+ Card
   stack
   member 1 5    ! N3048P
   exit
+  interface out-of-band
+  ip address 192.168.100.21 255.255.254.0 0.0.0.0
+  exit
+  no ip http server
+  ip http secure-server
   interface vlan 1
-  ip address dhcp
+  ip address 172.16.28.33 255.255.254.0
   exit
+  ip default-gateway 172.16.28.1
   username "sd" password 657d6639dcbd9211a547501784b1a559 privilege 15 encrypted
+  username "manager" password 2eb1cf41afd5a5ea20a0bf6c86e81e50 privilege 15 encrypted
+  ip ssh server
   no spanning-tree
   application install SupportAssist auto-restart start-on-boot
@@ Line 113: / Line 310: @@
   storm-control broadcast action trap
   switchport mode general
   switchport general acceptable-frame-type tagged-only
   exit
   !
@@ Line 136: / Line 333: @@
   switchport general acceptable-frame-type tagged-only
   exit
   !
   interface Gi1/0/5
   storm-control broadcast level 10
@@ Line 159: / Line 356: @@
   exit
   !
   interface Gi1/0/8
   storm-control broadcast level 10
   storm-control broadcast action trap
@@ Line 182: / Line 379: @@
   switchport access vlan 500
   exit
   !
   interface Gi1/0/11
   storm-control broadcast level 10
@@ Line 205: / Line 402: @@
   switchport general acceptable-frame-type tagged-only
   switchport access vlan 501
   exit
   !
   interface Gi1/0/14
@@ Line 228: / Line 425: @@
   switchport mode general
   switchport general acceptable-frame-type tagged-only
   switchport access vlan 501
   exit
   !
@@ Line 251: / Line 448: @@
   storm-control broadcast action trap
   switchport mode general
   switchport general acceptable-frame-type tagged-only
   switchport access vlan 501
   exit
@@ Line 274: / Line 471: @@
   storm-control broadcast level 10
   storm-control broadcast action trap
   switchport mode general
   switchport general acceptable-frame-type tagged-only
   switchport access vlan 501
@@ Line 297: / Line 494: @@
   interface Gi1/0/25
   storm-control broadcast level 10
   storm-control broadcast action trap
   switchport mode general
   switchport general acceptable-frame-type tagged-only
@@ Line 309: / Line 506: @@
   switchport general acceptable-frame-type tagged-only
   switchport access vlan 503
-  switchport trunk native vlan 102
   exit
   !
@@ Line 321: / Line 517: @@
   !
   interface Gi1/0/28
   storm-control broadcast level 10
   storm-control broadcast action trap
   switchport mode general
@@ Line 344: / Line 540: @@
   exit
   !
   interface Gi1/0/31
   storm-control broadcast level 10
   storm-control broadcast action trap
@@ Line 367: / Line 563: @@
   switchport access vlan 503
   exit
   !
   interface Gi1/0/34
   storm-control broadcast level 10
@@ Line 390: / Line 586: @@
   switchport general acceptable-frame-type tagged-only
   switchport access vlan 503
   exit
   !
   interface Gi1/0/37
@@ Line 413: / Line 609: @@
   exit
   !
   interface Gi1/0/40
   storm-control broadcast level 10
   storm-control broadcast action trap
@@ Line 436: / Line 632: @@
   interface Gi1/0/43
   storm-control broadcast level 10
   storm-control broadcast action trap
   switchport mode general
   switchport general acceptable-frame-type tagged-only
@@ Line 459: / Line 655: @@
   storm-control broadcast action trap
   switchport mode general
   switchport general acceptable-frame-type tagged-only
   exit
   !
@@ Line 482: / Line 678: @@
   description "Core_Aruba_6400_switch_connection_IP:_172.16.28.1"
   switchport mode trunk
   exit
   !
   interface Te1/0/2
+  channel-group 1 mode active
   storm-control broadcast level 10
   storm-control broadcast action trap
+  description "Core_Aruba_6400_switch_connection_IP:_172.16.28.1"
+  switchport mode trunk
   exit
   !
   interface Te1/1/1
-  channel-group 1 mode active
   storm-control broadcast level 10
   storm-control broadcast action trap
-  description "Core_Aruba_6400_switch_connection_IP:_172.16.28.1"
-  switchport mode trunk
   exit
   !
@@ Line 505: / Line 701: @@
   description "Core_Aruba_6400_switch_connection_IP:_172.16.28.1"
   switchport mode trunk
   exit
   snmp-server engineid local 800002a203f8b1565751e4
+  enable password 2eb1cf41afd5a5ea20a0bf6c86e81e50 encrypted
   exit
 ----
 ----
+====== LLDP Enable ======
-====== How to Configure a Static or Dynamic Port-Channel on a Dell Networking N Series switch running OS6 (Dell EMC Networking Switch N3048P)======
+  console(config)#lldp med all
+  console(config)#lldp med confignotification all
+  console(config)#show lldp local-device all
+  LLDP Local Device Summary
+  Interface  Port ID               Port Description
+  ---------  --------------------  --------------------
+  Gi1/0/1    Gi1/0/1               SERVICE_TECHNOLO ...
+  Gi1/0/2    Gi1/0/2               SERVICE_TECHNOLO ...
+  Gi1/0/3    Gi1/0/3               SERVICE_TECHNOLO ...
+  Gi1/0/4    Gi1/0/4               SERVICE_TECHNOLO ...
+  Gi1/0/5    Gi1/0/5               SERVICE_TECHNOLO ...
+  Gi1/0/6    Gi1/0/6               LAN-UTM_test_port
+  Gi1/0/7    Gi1/0/7               LAN-UTM_test_port
+  Gi1/0/8    Gi1/0/8               ISP1_test_port
+  Gi1/0/9    Gi1/0/9               ISP1_test_port
+  Gi1/0/10   Gi1/0/10              ISP2_test_port
+  Gi1/0/11   Gi1/0/11              ISP2_test_port
+  Gi1/0/12   Gi1/0/12
+  Gi1/0/13   Gi1/0/13              UTM_LAN_IP_172.1 ...
+  Gi1/0/14   Gi1/0/14              MPLS_IP_192.168. ...
+  Gi1/0/15   Gi1/0/15              UTM_LAN_IP_172.1 ...
+  Gi1/0/16   Gi1/0/16              MPLS_IP_192.168. ...
+  Gi1/0/17   Gi1/0/17
+  Gi1/0/18   Gi1/0/18              MPLS_IP_192.168. ...
+  Gi1/0/19   Gi1/0/19
+  Gi1/0/20   Gi1/0/20              MPLS_IP_192.168. ...
+  Gi1/0/21   Gi1/0/21
+  Gi1/0/22   Gi1/0/22
+  Gi1/0/23   Gi1/0/23
+  Gi1/0/24   Gi1/0/24
+  Gi1/0/25   Gi1/0/25
+  Gi1/0/26   Gi1/0/26
+  Gi1/0/27   Gi1/0/27
+  Gi1/0/28   Gi1/0/28
+  Gi1/0/29   Gi1/0/29
+  Gi1/0/30   Gi1/0/30
+  Gi1/0/31   Gi1/0/31
+  Gi1/0/32   Gi1/0/32
+  Gi1/0/33   Gi1/0/33
+  Gi1/0/34   Gi1/0/34
+  Gi1/0/35   Gi1/0/35
+  Gi1/0/36   Gi1/0/36
+  Gi1/0/37   Gi1/0/37
+  Gi1/0/38   Gi1/0/38
+  Gi1/0/39   Gi1/0/39
+  Gi1/0/40   Gi1/0/40
+  Gi1/0/41   Gi1/0/41              ISP2_OPERATOR_LA ...
+  Gi1/0/42   Gi1/0/42              ISP2_OPERATOR_LA ...
+  Gi1/0/43   Gi1/0/43
+  Gi1/0/44   Gi1/0/44
+  Gi1/0/45   Gi1/0/45              VLAN500_VM_TEST_PORT
+  Gi1/0/46   Gi1/0/46              VLAN500_VM_TEST_PORT
+  Gi1/0/47   Gi1/0/47              UTM_OLD_PORT_WAN ...
+  Gi1/0/48   Gi1/0/48              UTM_OLD_PORT_WAN ...
+  Te1/0/1    Te1/0/1               Core_Aruba_6400_ ...
+  Te1/0/2    Te1/0/2               Core_Aruba_6400_ ...
+  Te1/1/1    Te1/1/1
+  Te1/1/2    Te1/1/2               ISP_PSLightWave_ ...
+  console(config)#
+  console(config)#show lldp remote-device all
+  LLDP Remote Device Summary
+  Local
+  Interface RemID   Chassis ID          Port ID           System Name
+  --------- ------- ------------------- ----------------- -----------------
+  Te1/0/1   16      EC:67:94:F5:69:00   1/3/33              CS-2P-MDFHA-A
+  Te1/0/2   15      EC:67:94:F5:89:00   1/3/33              CS-2P-MDFHA-B
+  Te1/1/2   25      50:C7:09:A6:65:FF   xe-0/1/3            JN2300_StFranc...
+  console(config)#
+----
 ----
-''**Creating a dynamic port channel using Link Aggregation Control Protocol (LACP)**''
+===== Configuración Port Mirroring (SPAN) en Dell N3048P =====
-Configure the respective interfaces to the appropriate port channel number, 1-128, using the interface range command. This example uses the interfaces tengigabitethernet 1/0/1 and tengigabitethernet 1/0/2:
+Versión de software: N3000AdvLite v6.5.3.6
+Modelo: Dell EMC Networking N3048P
-  N-Series> en
+----
-  N-Series# conf
-  N-Series(config)# interface tengigabitethernet 1/0/1
-  N-Series(config-if)# channel-group 1 mode active
-  N-Series(config-if)# exit
-  N-Series(config)# interface tengigabitethernet 1/0/2
-  N-Series(config-if)# channel-group 1 mode active
-  Note: Avoid using all when configuring a port range for port channels. Specify the exact interfaces.
+**Objetivo:**
+Espejar el tráfico del puerto Gi1/0/23 hacia el puerto Gi1/0/24 para análisis con Wireshark/sniffer.
-**Configure the switchport mode and VLAN membership inside the port channel interface. The below command shows how to enter the port channel interface configuration:**
+----
-  N-Series(config-if)# interface port-channel 1
+**Comandos de configuración:**
+<code>
-**Verify that the respective port channel is active with the command:**
+configure
+!
+monitor session 1 source interface gi1/0/23 rx
+monitor session 1 destination interface gi1/0/24
+monitor session 1 mode
+!
+end
+write memory
+</code>
-  N-Series# show interface port-channel 1
+----
-**Copy the configuration changes to the startup configuration with the command:**
+**Verificación:**
+<code>
+show monitor session 1
+</code>
-  N-Series# copy running-config startup-config
+**Salida esperada:**
-  This operation may take a few minutes. Management interfaces are not available during this time.
+<code>
+Session                : 1
-**The prompt "Are you sure you want to save?" is seen. Answer (y or n)**
+Admin mode             : Enabled
+Type                   : Local session
-  Configuration Saved!
+Source ports           :
+  Rx only              : Gi1/0/23
+Destination port       : Gi1/0/24
+Remove RSPAN Tag       : False
+</code>
 ----
-''**Creating a Static port channel**''
+**Notas:**
+  * Solo un puerto destino por sesión (no usar para producción/usuarios).
+  * Puedes añadir más interfaces de origen con `both`, `rx` o `tx`.
+  * Guardar siempre con `write memory` para persistencia.
+  * Para desactivar sin borrar:
+    <code>no monitor session 1 mode</code>
+  * Para eliminar la sesión:
+    <code>no monitor session 1</code>
-**This process differs in only the first step from above - the definition of the channel group mode (on vs active).**
-  N-Series> en
-  N-Series# conf
-  N-Series(config)# interface tengigabitethernet 1/0/1
-  N-Series(config-if)# channel-group 1 mode on
-  N-Series(config-if)# exit
-  N-Series(config)# interface tengigabitethernet 1/0/2
-  N-Series(config-if)# channel-group 1 mode on
-**The remaining steps are identical to the previous section "Creating a dynamic port channel using Link Aggregation Control Protocol (LACP)"**
 ----
 ----