EXOS の基本的な設定
EXOS の基本的な設定をメモしておきます。
初期ログイン情報
ユーザ名は admin、パスワードは「無し」(そのまま Enter) でログイン出来ます。
初期設定ウィザード
初期設定ウィザードでは以下が質問されます。 この初期設定ウィザードはスキップ出来ないようです。
Would you like to disable MSTP? [y/N/q]:Would you like to disable Telnet? [y/N/q]:Would you like to enable SNMPv1/v2c? [y/N/q]:Would you like to enable SNMPv3? [y/N/q]:Would you like unconfigured ports to be turned off by default? [y/N/q]:Would you like to configure the failsafe username and password now? [y/N/q]:
実際の表示例は以下の通りです。
初期ウィザード例
login: admin
password:
ExtremeXOS
Copyright (C) 1996-2024 Extreme Networks, Inc. All rights reserved.
This product is protected by one or more US patents listed at https://www.extremenetworks.com/company/legal/patents/ along with their foreign counterparts.
==============================================================================
Press the <tab> or '?' key at any time for completions.
Remember to save your configuration changes.
There has been 1 successful login since last reboot and 0 failed logins since last successful login.
No prior logins by this user since last reboot.
This switch currently has some management methods enabled for convenience reasons.
Please answer these questions about the security settings you would like to use.
You may quit and accept the default settings by entering 'q' at any time.
Multiple Spanning Tree Protocol (MSTP) is enabled by default to prevent
broadcast storms
Would you like to disable MSTP? [y/N/q]:
The switch offers an enhanced security mode. Would you like to read more,
and have the choice to enable this enhanced security mode? [y/N/q]:
Telnet is enabled by default. Telnet is unencrypted and has been the target of
security exploits in the past.
Would you like to disable Telnet? [y/N/q]:
SNMP access is disabled by default. SNMPv1/v2c uses no encryption, SNMPv3 can be
configured to eliminate this problem.
Would you like to enable SNMPv1/v2c? [y/N/q]:
Would you like to enable SNMPv3? [y/N/q]:
All ports are enabled by default. In some secure applications, it may be more
desirable for the ports to be turned off.
Would you like unconfigured ports to be turned off by default? [y/N/q]:
No failsafe account username and password are in effect. If you choose to
configure them, please remember them because they cannot be recovered.
Would you like to configure the failsafe username and password now? [y/N/q]:
Since you have chosen less secure management methods, please remember to
increase the security of your network by taking the following actions:
* change your admin password
* EXOS-VM.1 #
ホスト名を設定する
| configure snmp sysName dev2
|
管理アドレス/ルーティングを設定する
Mgmt ポートに 10.0.0.1/24 というアドレスを設定し、管理用に NextHop が 10.0.0.254 というデフォルトルートを設定するには以下のように設定します。
| unconfigure vlan Mgmt ipaddress
configure vlan Mgmt ipaddress 10.99.0.1 255.255.255.0
configure iproute add default 10.99.0.254 vr VR-Mgmt
|
ユーザを作成する
| create account admin USERNAME PASSWORD
|
ユーザのパスワードを変更する
パスワードを変更するには configure account USERNAME を実行します。この設定方法の場合、対話的に「現在のパスワード」「新しいパスワード」「確認用に再度、新しいパスワード」を入力する必要があります。
| # configure account admin
Current user's password:
New password:
Reenter password:
|
SSH サーバ機能を有効化する
デフォルトでは Mgmt ポートに対して「TELNET サーバ機能は有効」「SSH サーバ機能は無効」になっていました。 SSH サーバ機能を有効化するには enable ssh2 を実行します。
このコマンドは y/N を対話的に入力する必要があります。
SSH サーバ機能有効化例
# enable ssh2
WARNING: Generating new server host key
This could take up to 1 minute and cannot be cancelled. Continue? (y/N) Yes
Key Generated.
TELNET サーバ機能を無効化する
VLAN 間ルーティングを有効化する
VLAN インターフェイスを作成し、物理ポートに割り当てる
| create vlan V123
configure vlan V123 tag 123
configure vlan V123 add port 1 untagged
|
VLAN に IP アドレスを割り当てる
| configure vlan V123 ipaddress 10.0.0.1 255.255.255.0
|
Static Route を設定する
| configure iproute add 10.0.123.0/24 10.0.0.254
|
Web インターフェイスを有効化する