#Brocade san switch default password serial# #Brocade san switch default password password#
Show neighbors overview: show lldp neigh. Show transceivers: show media validation. Enable logging to SSH/Telnet: terminal monitor(in privileged exec mode). #Brocade san switch default password serial#
Enable logging to the serial console: logging console. Enable BPDU filter on a port: stp-protect. Enable BPDU guard on a port: stp-bpdu-guard. Enable root guard on a port: spanning-tree root-protect. Set a port as edge port (aka portfast): spanning-tree 802-1w admin-edge-port. Set priority: spanning-tree single 802-1w priority 0 (0 for root). Enable globally: spanning-tree single 802-1w. Disable sending IPv6 RAs: ipv6 nd suppress-ra. Add a default IPv6 route: ipv6 route ::/0. Add a default IPv4 route: ip route 0.0.0.0/0. Set IPv6 address for it: ipv6 address /length. Set IPv4 address for it: ip address /length. Add router interface to the VLAN: router-interface ve. Configure in-band management interface and disable out-of-band interface:. Enable IPv6 forwarding: ipv6 unicast-routing. Enable spanning tree (same type as global): spanning-tree. Set it for the current interface: dual-mode. Enter the physical interface configuration. (Optional) Set a dual mode VLAN (aka native VLAN):. Use frequent LACPDUs: lacp-timeout short. All other ports will inherit the config for the primary port. The “dynamic” can be omitted once created. VLAN configuration: See separate section. (SFP+ ports) Set the post speed and duplex: speed-duplex 10g-full. Configure physical interfaces ( int eth ):. Use local auth: aaa authentication web-server default local. Generate new SSL/TLS certificate: crypto-ssl certificate generate. Delete the old SSL/TLS certificate: crypto-ssl certificate zeroize. #Brocade san switch default password password#
Both password and key based authentication is enabled by default. SSH may crash if key-authentication is enabled but not configured. Set the idle timer: ip ssh idle-time (e.g. Remove old public keys: ip ssh pub-key-file remove. Generate new key: crypto key generate rsa modulus 2048. Delete the old key: crypto key zeroize. IPv6 DNS servers: ipv6 dns server-address. IPv4 DNS servers: ip dns server-address. Enable login log messages and traps: logging enable user-login. Enable priv exec mode login: aaa authentication enable default local.
Make remote login enter priv exec mode: aaa authentication login privilege-mode. Enable remote login: aaa authentication login default local. The default password hashing algorithm is MD5. Add user: user privilege 0 create-password. Enable password encryption (requires v8.0.40 or later): service password-encryption sha256. Set the superuser enable password: enable super-user-password. Select range of innterfaces: int e1/1/1 to 1/1/24 (example). Alternatively, shut down unused interfaces afterwards. Connect using serial: 9600bps baud, 8 data bits, no paroty, 1 stop bit, no flow control. Security features like port security, dynamic ARP inspection, DHCP snooping, IP source guard, DHCPv6 snooping, IPv6 NDP inspection and IPv6 RA guard will not be covered since I mainly use the switch as a core/dist. Brocade/Ruckus ICX 6610 (v08.0.30 router edition). Virtual Switch Redundancy Protocol (VSRP).
0 kommentar(er)
