In this security first world we live in we all know how important it is to patch, however we often just update our Servers, Desktops, Laptops and occasionally our software. In the always online and connected state we are in downtime must be kept to a minimum, so we often forget about patching our networking infrastructure. A major part of this is our switches and having recently found out about the countless vulnerabilities even a 12 month old firmware version can have, it was time to start upgrading and patching equipment.
I started with the companies Broadcom Fibre switches, which to cut a very long story short resulted in me purchasing two new 300 series switches, which let me onto configuring and setting these up, for reference and a bit of knowledge share i decided to detail the steps and issues that cropped up.
Inside the box you should see a Serial Cable with an RJ-45 connector, a power cable (US) along with some other useless bits and bobs, the switch physically has the following detailed in fig 2, the setup for the switch is relativity simple to do, you will need a computer with a COM port, the Serial Cable that came with the switch, and Putty which you can download here, the racking of the switch is pretty straight forward, with the rails just clipping into the place and the switch screwing into the rails.
Now we have all the basics out the way its time to move onto the actual configuration of the switch, the next step is the give the switch some juice, plug the power in and you should get a light aircraft taking flight noise, the switch has no on/off switch as such so the power on and off procedure is a simple tug of the power cable. Once the switch quietens and completes its POST procedure just verify you have lights on the front of the switch and everything seems to be normal.
The next steps is to connect up the serial cable, plugging the network end into the system console port (marked with IOIO) on the switch, and the RJ45 serial port converter into your computers COM port, once connected if you open device manager you should be able to see your COM port number under ports, if you not able to see this in device manager, check your hidden items under the view menu, or make sure your ports are enabled in your BIOS.
Armed with all the information you need its time to fire up Putty, you want to connect using “Serial” making sure you have the correct COM port used, you will also need to choose the serial option in the category list down the left, this will let you setup additional options of the bits per second (9600), data bits (8), parity (None), stop bits (1) and flow control (None).
With these options selected you should now be able to open a connection to your switch, you should be presented with a username prompt if all is good and well, the default login is admin and password, this will let you connect and then prompt you to change the password for both the admin and user accounts, once you have done this you will be required to log back in again. Once you are back up and running its time to change the IP address of your switch so we can get web GUI access, to do this run the command “ipaddrset” and answer the prompts, another good admin thing to do is to set the correct time, use the command tsTimeZone to do this again answering the relevant questions.
Now you have your IP address and time set you should be able to access the web GUI interface, be warned though this uses java and you need to
make sure you have the correct version installed and running, if you input your IP into a web browser it should close and pop up a username and password prompt, input this and you will be presented with web tools were you can edit your switch and create zones for connection. From here its really just a case of what it is you want to do with your switch, i have personally setup two for redundancy and used a connection to each, these switches run a 8GB and the latest firmware available at this time is v7.4.2c.