Today I configured the next switch D-Link DES-3528.
I will lay out the configuration below and briefly describe it.
When typing commands, you can use the TAB key so that the switch offers options, and after any command through a space, you can write a question mark “?” and see possible subcommands.
To view the current switch configuration, use the command:
show config current_config
Let’s get started.
We connect to the switch with a console cable at the speed of 9600 or at the standard IP address 10.90.90.90 and add the administrator (initially the login without login and password):
create account admin admin
Enable password encryption so that it is not stored in the config file open:
enable password encryption
Add vlan for management and for users (I have 207 core for management, 226 for users, 25 use port as uplink):
create vlan core tag 207 config vlan core add tagged 25 create vlan local_smart tag 226 config vlan local_smart add untagged 1-28 config port_vlan 1-28 acceptable_frame admit_all pvid 226 config vlan default delete 1-28
Change the IP address of the switch and specify the gateway:
config ipif System ipaddress 192.168.0.50/24 vlan core create iproute default 192.168.0.1 1 primary
Let’s enable the restriction of broadcast traffic on client ports:
config traffic control 1-24,26-28 broadcast enable action drop broadcast_threshold 100 countdown 0 time_interval 5
Enable loop protection on client ports:
enable loopdetect config loopdetect recover_timer 300 interval 10 mode port-based config loopdetect log state enable config loopdetect ports 1-24,26-28 state enable config loopdetect trap loop_detected
Enable traffic segmentation so that clients do not see each other:
config traffic_segmentation 1-24,26-28 forward_list 25 config traffic_segmentation 25 forward_list 1-24,26-28
We will enable DHCP server locks on the client side so that they do not distribute IP:
config filter dhcp_server ports 1-24,26-28 state enable config filter dhcp_server illegal_server_log_suppress_duration 30min config filter dhcp_server trap_log enable
Let’s specify which IPs are allowed to log on to the switch (so that users do not see it):
create trusted_host network 192.168.0.2/32 snmp telnet ssh http https ping create trusted_host network 192.168.1.5/32 snmp telnet ssh http https ping
Set up SNMP if you need it:
enable snmp delete snmp community public delete snmp community private delete snmp user initial create snmp community NAME view CommunityView read_only
Turn on the protection against BPDU flood:
enable bpdu_protection config bpdu_protection recovery_timer 2400 config bpdu_protection log none config bpdu_protection ports 1-24,26-28 state enable config bpdu_protection ports 1-28 mode drop
Enable switch protection so that if the processor is fully loaded, you can go to it:
config safeguard_engine state enable utilization rising 100 falling 95 trap_log enable mode fuzzy
If necessary, configure the time synchronization with the NTP server:
enable sntp config time_zone operator + hour 2 min 0 config sntp primary 10.0.0.18 poll-interval 5000
This completes the basic configuration of the D-Link DES-3528 switch.