The following switch settings are generic settings which a customer or services personnel may require during a switch configuration or deployment. Many of the commands are related to switch environment security. Use these commands and settings only if required for a given environment.
Users are advised to refer to Dell Networking Documentation for detailed explanation of each implementation.
Backup switch license
!!!
!!! REQUIRED - Backup license
!!!
! license is located in base OS /mnt/license
! copy license to management VM and provide to customer
! usb key mounts to base OS /mnt/usb
! alternatively one can use SCP or other protocols if the network is available
! below command assumes USB key is inserted
system "sudo -i"
cp /mnt/license/<SVCTAG>.lic /mnt/usb
exit
Disable support assist
!!!
!!! REQUIRED - EULA reject
!!!
eula-consent support-assist reject
! confirm EULA reject
FIPS compliance
crypto fips enable
! confirm fips enablement
Set daylight saving time
! by default this has been set to Pacific Time Zone US daylight savings time.
clock summer-time PDT 2 Sun Mar 02:00 1 Sun Nov 02:00 60
Customer banner MTOD
banner motd #
Insert your own customer banner here.
#
Password update
! enable password <NEW.PASSWORD>
! enable password <NEW.PASSWORD>
! username azsadmin-lmuvl password <NEW.PASSWORD> role network-admin
Password attributes and max auth tries
!
password-attributes character-restriction upper 1 lower 1 numeric 1 special-char 1 min-length 15 lockout-period 15 max-retry 3
!
ip ssh server max-auth-tries 3
Login statistics, session timeout and concurrent session limits
!
login-statistics enable
!
exec-timeout 600
!
login concurrent-session limit 3
SSH server settings
ip ssh server cipher aes256-ctr aes192-ctr aes128-ctr
ip ssh server mac hmac-sha1 hmac-sha2-256
ip ssh server enable
Configure RADIUS servers
! radius-server host <WDS Server IP> key 0 <secret> authentication accounting
! role name Prefix-BMCAdmin
! description Radius authenticated accounts
! rule 1 permit read-write
! aaa group server radius Prefix-BMCAdmin
! server <IP>
! source-interface mgmt0
! aaa authentication login default group <Group>
! aaa accounting default group <Group>
! aaa authentication login mschapv2 enable
TACACS
! feature tacacs+
! tacacs-server key <secret>
! ip tacacs source-interface mgmt0
! tacacs-server host <IP>
! aaa group server tacacs+ tacacs
! server <IP>
Configure syslog
! logging server 10.128.0.116 7 facility syslog use-vrf management
! no logging console
Configure syslog source interface
logging source-interface mgmt 1/1/1
Configure logging audit enable
logging audit enable
Configure logging to not display to non-authorized users
logging console disable
Configure unused ports to non-default VLAN
!
interface vlan 2
description "Unused port vlan"
shutdown
!
interface range ethernet 1/1/4-1/1/28,1/1/33-1/1/34
shutdown
switchport access vlan 2
!
Remove access to system command
system-cli disable
Remove default user admin
no username admin
Reset password of linux user linuxadmin
system-user linuxadmin password <password>