CCNP

N2048 Dell Switch Config Cheat Sheet

Written by Marc-Andre

I had to configure a few Dell N2048 and N2024. So I thought I’d share my config template with you. The Dell N2000 switches are user access switches. So used as layer 2 switches, their config isn’t to complex.

Password protect the console and SSH access

Then limit the access to the SSH server. In this example, only those in the network 10.99.0.0/24 will be able to connect to the switch management interface.

Only Telnet is enable by default. So make sure to enable the SSH server on the switch.

 

 Create the VLANs

In this example, vlan 10 is the user vlan. Vlan 40 and 41 are two WIFI vlans used by the access points. And vlan 999 is the native vlan used by each trunk. As a security measure, vlan 999 is not used anywhere else to prevent vlan hopping.

 

Set the IP and the default gateway

Set the management IP of the switch. Here the gateway is located on the uplink (either on the core or distribution layer). To be able to communicate with the switch from another vlan, you need to also set its default gateway.

 

Configure the Uplink

Both the N2048 and N2024 comes with two 10gig ports. I configured them as my uplink by placing them into a port-channel.

 

Configure the Downlink to users

Here’s the commands to enable the access ports with portfast and storm-control. Broadcast packets will be drop if it reaches higher than 15% of the bandwith. 15% might be high, but I want to avoid false positive as much as possible.

 

WIFI

Don’t forget the access points if you have any. Here in my case, vlan 40 is untagged, but your access point config might be different.

 

Time (SNTP)

Make sure to configure the time correctly. This make reading the logs at lot easier.

 

SNMP

Limit the SNMP access to a specific IP address in read only. Your SNMP management server should be the only one with SNMP access to the switch. And in most case in read only mode.

Deactivate unused services

Real network admin don’t use the web interface 😉 So don’t forget to deactivated the web server and the telnet server also.

Configure STP

Configure DHCP snooping

Enabling DHCP snooping on access switch is usually a good idea. Those commands will tell the switch to block all DHCP offers except those coming from the uplink. So no more rogue DHCP servers in your network.

About the expert

Marc-Andre

I'm currently certified as a Cisco Certified Network Professional (CCNP) with a background as a system administrator. If you're in Montreal, send me an email. I'll be happy be to chat with you in person. Else, you can always find me in the forum.

1 Comment

  • “storm-control broadcast level 15” might be a little to high for some network. I recommend also to add protection for unknown unicast and multicast storms with the following commands:
    storm-control unicast level 7
    storm-control multicast level 7

Leave a Comment