Stacking Dell PowerConnect 7000 Series Switches
Page 11
Mode........................................... FTP
FTP Server IP.................................. 10.27.64.141
FTP Path.......................................
FTP Filename................................... PC7000_4.0.0.6.stk
Data Type...................................... Code
Destination Filename........................... image
Creating a Separate VLAN for File Downloads When updating the firmware, it is helpful to keep the in-band ma nagement port in a different VLAN
and configure the port VLAN ID (PVID) appropriately to av oid the possibility of network congestion or
flooding issues impacting the file download.
The CLI commands in the following example show ho w to configure port gi1/0/17 as an in-band
management port for firmware downloads or management a ccess.
console#configure
console (config)#vlan database
console (vlan)#vlan 1000
console (vlan)#exit
console (config)#interface vlan 1000
console (config-if-vlan1000)#ip address 192.168.21.11 255.255.255.0
console (config-if-vlan1000)#exit
console (Config)#interface ethernet gi1/0/17
console (config-if-gi1/0/7)#switchport mode general
console (config-if-gi1/0/7)#switchport general pvid 1000
console (config-if-gi1/0/7)#switchport general allowed vlan add 1000
console (config-if-gi1/0/7)#switchport general allowed vlan remove 1
console (config-if-gi1/0/7)#exit
console (config-macal)#management access-list MGMT_VLAN
console (config-macal)#permit ip-source 192.168.21.0 mask /24 vlan 1000
console (config-macal)#service ssh
console (config-macal)#exit
console (config)#management access-class MGMT_VLAN
The switch now segregates traffic arriving on port gi1/0/17 onto VLAN 1000. All untagged packets that
enter the port are tagged with a VLAN ID of 1000. Additionally, only hosts with an IP address in the
192.168.21.XXX subnet are allowed access to the switch using SSH. The 192.168.XXX.XXX address block
is a private address space per RFC 1918. As an added security measure, network administrators can
configure their organization’s edge routers to drop ing ress and egress traffic destined to this address
block.