HON95-wiki/config/network/fs-fsos-switches.md

---

title: FS FSOS Switches breadcrumbs:

• title: Configuration
• title: Network --- {% include header.md %}

Using

{:.no_toc}

• FS S3700-24T4F

Info

• Default credentials: Username admin and password admin.
• Default mgmt. IP address: 192.168.1.1/24
• By default, SSH, Telnet and HTTP servers are accessible using the default mgmt. address and credentials.
• The default VLAN is VLAN1.

Initial Setup

1. Connect to the switch using serial.
   • Using RS-232 w/ RJ45, baud 115200, 8 data bits, no parity bits, 1 stop bit, no flow control.
   • Use Ctrl+H for backspace.
2. Login with username admin and password admin.
3. Enter exec mode: enable
4. (Optional) Show version: show version
   • See the note below on how to upgrade it.
5. Enable password services:
   1. Enable prompting for password after command: service password-hidden
   2. Enable automatic hashing of passwords (using some weak alg.): service password-encryption
6. Add user: username <username> password 0 <password>
7. Disable admin user: no username admin
8. (Optional) Setup authentication (defaults to local):
   1. Disable enable authn: aaa authentication enable default none
   2. Enable login authn using local users: aaa authentication login default local
9. Disable HTTP server:
   1. no ip http server
   2. no ip http language
10. Enable SSH and disable Telnet:
    1. Enable SSH server (enabled by default): ip sshd enable
    2. Set SSH version: ip sshd version 2
    3. Disable SSH RC4 cipher: ip sshd disable-rc4
    4. Save the current key pair to flash to avoid regenerating it: ip sshd save
    5. (Optional) Enable SFTP: ip sshd sftp
    6. Disable Telnet: no ip telnet enable
11. Disable unused interfaces:
    1. Enter physical interface range (e.g. int range g0/25-28).
    2. Disable them: shutdown
12. Setup physical interface (applies motsly to other interfaces too):
    1. Set description: description <description>
    2. Enable or disable: [no] shutdown
13. Setup LAGs:
    1. Enter port agg. interface: interface port-aggregator <n>
    2. Set load balancing/hashing method: aggregator-group load-balance both-ip
    3. Change LACP timeout to fast (1s) or slow (30s): agg-period <seconds>
    4. Enter a physical interface range.
    5. Set agg. group and mode: aggregator-group <n> mode lacp
    6. Show LACP status: show aggregator-group brief
14. Setup VLANs:
    1. Define VLAN: vlan <VID>
    2. Enter VLAN interface: interface VLAN<VID>
    3. TODO Member interfaces etc.
15. Setup L3 interface:
    1. Enter the interface (physical, VLAN, etc.).
    2. Set the IPv4 address: ip address <address> <subnet>
    3. Set the IPv6 address: ipv6 address <address>/<prefix-length>
    4. Explicitly enable IPv6: ipv6 enable
    5. Disable directed broadcasts: no ip directed-broadcast
    6. TODO Test IPv6.
16. Disable default VLAN:
    1. Enter VLAN: int VLAN1
    2. Disable it: shutdown
    3. TODO Needs testing.
17. Set hostname: TODO
18. Set mgmt. addresses: TODO
19. Set default and static routes: TODO
20. Set DNS servers: TODO
21. Set time and NTP servers: TODO
22. (Optional) Add MOTD: greeting <text-line> (for each line, no quotes required)
23. Enable LLDP: lldp run
24. Enable SNMP:
    1. Enable RO for public community: snmp-server community 0 public ro
    2. TODO Filter slow OIDs.
25. Setup STP (802.1W/RSTP): TODO
26. Enable flow control:
    1. Enter a physical interface range.
    2. Enable auto mode: flow-control auto
27. Enable storm control:
    1. Enter an interface range.
    2. Enable for broadcast: storm-control broadcast threashold <n> (units of 64kb/s)
    3. Enable for unknown-destination unicast: storm-control unicast threashold <n> (units of 64kb/s)
    4. (Optional) Enable for multicast: storm-control multicast threashold <n> (units of 64kb/s)
    5. TODO Test.
28. Enable port security:
    1. Enter an interface range.
    2. Enable dynamic mode: switchport port-security mode dynamic
    3. Enable maximum addresses: switchport port-security dynamic maximum <1>
    4. TODO Test timeout etc.
29. Setup IGMP and MLD snooping: TODO
30. Setup security mechanisms (DHCP snooping, IPSG, DAI, IPv6 stuff, etc.): TODO
31. (Optional) Setup RADIUS: TODO
32. (Optional) Setup TACACS+:
    1. Enable and set server: tacacs-server host <server> key 0 <key-or-prompt>
    2. Set login authn to use TACACS+ and fallback to local: aaa authentication login default group tacacs+ local
    3. TODO Set authz too?
    4. TODO Add accounting too?
    5. TODO Test.
33. Set terminal idle timer:
    1. Enter console line: line console 0
    2. Set timeout: exec-timeout <seconds>
    3. Enter VTY lines: line vty 0 31
    4. Set timeout (again).
34. Save the config: write all

Commands

• Configuration:
  • Show startup config: show configuration
  • Show running config: show running-config
  • Show interface config: show {conf | run} <interface>
  • Save configuration: write all
  • Format system: format (TODO: Does it keep the software image?)
• Interfaces:
  • Show L2 brief: show int brief
  • Show L3 brief: show ip int brief
• LACP:
  • Show semi-detailed overview: show aggregator-group [n] brief
  • Show member ports: show aggregator-group [n] summary
• Reboot: reboot

Configuration Mode

• Enter interface range: interface range <type><slot>/<port-range>[,<port-range>]* (e.g. interface range g0/1-3,5)

Tasks

Configure With ZTP

TODO

Upgrade Firmware

Via Web Panel

1. Log into the Web panel.
2. Go to "System Mgr.", "System Software".
3. Select the software image (FS-something.bin) and check automatic reboot.
4. Start the upgrade and do not leave the webpage until it tells you to.
5. Verify.

Via CLI

1. Put the image file on a TFTP server.
2. Download it to the switch: copy tftp:<file> flash:<file> <host>
   • Make sure it has a descriptive name like S3700-24T4F_V63289.bin.
3. Set to boot the new image (conf mode): boot system flash <file>
4. Reboot: reboot
5. Verify: show version

{% include footer.md %}