|
|
@@ -12,26 +12,106 @@ breadcrumbs:
|
|
|
|
|
|
## Initial Setup
|
|
|
|
|
|
-Tested with an EdgeSwitch 16 XG.
|
|
|
+Tested with an EdgeSwitch 16 XG, configured as a L2 core/distro switch (homelab).
|
|
|
|
|
|
1. Basics (use where appropriate):
|
|
|
- 1. Log in: Username `ubnt`, password `ubnt`.
|
|
|
- 1. Enter enable mode: `en`
|
|
|
- 1. Enter config mode: `conf`
|
|
|
- 1. Exit any mode: `exit`
|
|
|
- 1. Save config: `write mem`
|
|
|
-1. Setup enable-mode stuff:
|
|
|
- 1. Set hostname: `hostname <hostname>`
|
|
|
- 1. **TODO** Network stuff?
|
|
|
- 1. Setup VLANs:
|
|
|
- 1. Enter VLAN mode: `vlan database`
|
|
|
- 1. **TODO**
|
|
|
+ - Log in: Username `ubnt`, password `ubnt`.
|
|
|
+ - Enter enable mode (aka. privileged exec mode) from unprivileged mode: `en`
|
|
|
+ - Enter config mode from enable mode: `conf`
|
|
|
+ - Exit any mode: `exit`
|
|
|
+ - Save config: `write mem`
|
|
|
+ - Assume config commands are in config mode, unless stated otherwise.
|
|
|
+1. Add new user and remove the default:
|
|
|
+ 1. Add new user (config mode): `username <username> level 15 override-complexity-check password` (prompts for password)
|
|
|
+ 1. Relog as the new user.
|
|
|
+ 1. Delete the default user (config mode): `no username ubnt`
|
|
|
1. Setup basics:
|
|
|
+ 1. Set hostname (enable mode): `hostname <hostname>`
|
|
|
1. Set pre-login banner: `set clibanner "Hello"`
|
|
|
-1. Setup AAA:
|
|
|
+ 1. Set timezone (Norway example):
|
|
|
+ 1. `clock timezone +1`
|
|
|
+ 1. `clock summer-time recurring EU`
|
|
|
+ 1. **TODO**: Verify this.
|
|
|
+ 1. Set SNTP server: `sntp server <server>`
|
|
|
+1. Setup STP:
|
|
|
+ 1. Set mode: `spanning-tree mode rstp`
|
|
|
+ 1. Set priority: `spanning-tree mst priority 0 8192`
|
|
|
+ 1. Enable STP on all ports by default: `spanning-tree port mode all` (default)
|
|
|
+ 1. Enable BPDU guard on all edge ports: `spanning-tree bpduguard`
|
|
|
+1. Setup VLANs:
|
|
|
+ 1. Enter VLAN mode (enable mode): `vlan database`
|
|
|
+ 1. Create VLAN (VLAN mode):
|
|
|
+ 1. Define: `vlan <vid>`
|
|
|
+ 1. Name: `vlan name <vid> <name>`
|
|
|
+1. Setup management interface:
|
|
|
+ 1. Set management VLAN (enable mode): `network mgmt_vlan <vid>`
|
|
|
1. **TODO**
|
|
|
+1. Setup access ports (untagged edge):
|
|
|
+ 1. Enter interface config: `int <range>` (e.g. `int 0/8-0/12`)
|
|
|
+ 1. Description: `desc host:pve`
|
|
|
+ 1. Disable flow control: `no flowcontrol` (default)
|
|
|
+ 1. Configure LLDP:
|
|
|
+ 1. `lldp receive` (default)
|
|
|
+ 1. `lldp transmit` (default)
|
|
|
+ 1. `lldp transmit-tlv port-desc`
|
|
|
+ 1. `lldp transmit-tlv sys-name`
|
|
|
+ 1. `lldp transmit-tlv sys-desc`
|
|
|
+ 1. Configure VLAN (example: VLAN 10):
|
|
|
+ 1. **TODO**
|
|
|
+ 1. `switchport mode access`
|
|
|
+ 1. `switchport access vlan 10`
|
|
|
+ 1. `vlan acceptframe admituntaggedonly`
|
|
|
+ 1. `vlan participation include 10`
|
|
|
+ 1. `vlan pvid 10`
|
|
|
+ 1. Configure STP:
|
|
|
+ 1. Set as edge port: `spanning-tree edgeport`
|
|
|
+ 1. (Optional) Enable BPDU filter: `spanning-tree bpdufilter`
|
|
|
+ 1. Configure storm control:
|
|
|
+ 1. `storm-control unicast level 5`
|
|
|
+ 1. `storm-control broadcast level 5`
|
|
|
+ 1. `storm-control multicast level 75`
|
|
|
+1. Setup L2 link ports (trunk link):
|
|
|
+ 1. Repeat relevant access port config.
|
|
|
+ 1. Configure VLAN trunk (example: VLANs 10+50):
|
|
|
+ 1. **TODO**
|
|
|
+ 1. `switchport mode trunk`
|
|
|
+ 1. `switchport trunk allowed vlan all`
|
|
|
+ 1. `vlan acceptframe vlanonly`
|
|
|
+ 1. `vlan participation include 10,50`
|
|
|
+ 1. `vlan participation include 10,50`
|
|
|
+ 1. Configure STP:
|
|
|
+ 1. Enable root guard: `spanning-tree guard root`
|
|
|
+1. Setup AAA:
|
|
|
+ 1. Setup (better) local auth:
|
|
|
+ 1. Remove any custom AAA commands.
|
|
|
+ 1. Avoid enable password: `aaa authorization exec default local`
|
|
|
+ 1. Setup console:
|
|
|
+ 1. Enter line config: `line console`
|
|
|
+ 1. Set timeout: `serial timeout 60` (mintes)
|
|
|
+ 1. Setup SSH:
|
|
|
+ 1. **TODO**
|
|
|
+ 1. Set SSH timeout (enable mode): `sshcon timeout 60` (mintes)
|
|
|
+ 1. **TODO** Line enable/authn/authz
|
|
|
1. **TODO**:
|
|
|
+ 1. SNMP
|
|
|
+ 1. Syslog
|
|
|
1. IGMP/MLD snooping.
|
|
|
+ 1. MTU
|
|
|
+
|
|
|
+## Commands
|
|
|
+
|
|
|
+- System:
|
|
|
+ - Show hardware and versions: `show version`
|
|
|
+ - Show active and backup firmware: `show bootvar`
|
|
|
+- L2 interfaces:
|
|
|
+ - Notice the difference between the `show interface` and `show interfaces` commands.
|
|
|
+ - Show status: `show interfaces status all`
|
|
|
+ - Show traffic counters: `show interface counters`
|
|
|
+ - Show switchport config: `show interfaces switchport [port]`
|
|
|
+- L3 interfaces:
|
|
|
+ - Show brief: `show ip int brief`
|
|
|
+- STP:
|
|
|
+ - Show summary: `show spanning-tree`
|
|
|
|
|
|
## Tasks
|
|
|
|
|
|
@@ -42,6 +122,12 @@ Tested with an EdgeSwitch 16 XG.
|
|
|
|
|
|
### Upgrade Software
|
|
|
|
|
|
-**TODO**
|
|
|
+1. Consider whether to use the lite version (limited to 255 VLANS for lower memory utilization).
|
|
|
+1. Download the new version from the downloads page: `https://ui.com/download/edgemax`
|
|
|
+1. Download the firmware to the backup partition: `copy tftp://<ip-address>/<filename> backup` (example)
|
|
|
+1. Select the backup partition for the next boot: `boot system backup`
|
|
|
+1. Reboot: `reload`
|
|
|
+1. Verify that the new firmware is booted into: `show bootvar`
|
|
|
+1. Copy the backup firmware to the active partition: `copy backup active`
|
|
|
|
|
|
{% include footer.md %}
|
Håvard Ose Nordstrand