Support Store Sign In
Overview
System
Network
Services
Identities
Policies
Billing
Archives
Instruments
Installation
Lab Manual
Portal Customization
RESTful API
Miscellaneous
View as one page

Dell Switches

Dell enterprise switches provide robust Layer 2/3 switching capabilities for campus and data center deployments. The rXg integrates with Dell switches via SSH for configuration synchronization, 802.1X/MAB authentication, and VLAN management.

Supported Models

Model/Series Notes
S3100 Series 1GbE campus access switches
S3124F 24-port SFP switch
S3148 48-port access switch
S4048 10/40GbE ToR data center switch
N-Series Campus networking switches

Features Supported

Feature Supported Description
Config Sync Yes Automatic configuration synchronization from rXg
Auto Bootstrap Yes Zero-touch onboarding capability
SNMP Monitoring Yes CPU, memory, and port statistics collection
LLDP Neighbor Discovery Yes Automatic detection of connected devices
Switch Port Import Yes Automatic import and management of switch ports
802.1X Authentication Yes Port-based network access control
MAC Authentication Bypass Yes MAC-based authentication for non-802.1X devices
Dynamic VLAN Assignment Yes RADIUS-assigned VLAN based on authentication
DHCP Snooping Yes Protection against rogue DHCP servers
Firmware Management No Manual firmware upgrades required
SPB-m Fabric No Not supported

Prerequisites

Firmware Requirements

Version Support Status Notes
OS9 Supported Dell Networking OS9 (Force10 heritage)
OS10 Supported Dell OS10 Enterprise

Network Requirements

  • Management IP connectivity to rXg
  • SSH access (TCP port 22)
  • SNMP access (UDP port 161)
  • RADIUS connectivity (UDP ports 1812, 1813) for 802.1X/MAB

Onboarding Process

Auto Bootstrap

Dell switches support automatic bootstrap configuration from rXg. The bootstrap process configures:

  1. Hostname and system identification
  2. SSH service with RSA key generation
  3. User credentials
  4. SNMP community
  5. NTP server
  6. 802.1X authentication settings
  7. RADIUS server configuration

Bootstrap Configuration

The following configuration is applied during bootstrap:

! System configuration
hostname <system_name>

! Generate RSA key for SSH
crypto key generate rsa modulus 2048

! SSH configuration
ip ssh server enable
ip ssh server version 2

! User account configuration
username <username> password <password> privilege 15

! SNMP configuration
snmp-server community <community> ro

! NTP configuration
ntp server <rxg_ip>

! 802.1X global configuration
dot1x system-auth-control

! RADIUS server configuration
radius-server host <rxg_ip> key <shared_secret>
aaa authentication dot1x default radius
aaa authorization network default radius

! Interface configuration for management
interface vlan <mgmt_vlan>
ip address <ip>/<mask>
no shutdown
exit

ip route 0.0.0.0/0 <gateway>

Manual Onboarding

For manual configuration before adding to rXg:

  1. Configure management IP address
  2. Generate SSH RSA keys
  3. Enable SSH server
  4. Create user account with privilege 15
  5. Configure SNMP community
  6. Add device to rXg Infrastructure Devices

Minimal manual configuration:

enable
configure terminal

! Management interface
interface vlan 1
ip address <ip>/<mask>
no shutdown
exit
ip route 0.0.0.0/0 <gateway>

! SSH setup
crypto key generate rsa modulus 2048
ip ssh server enable

! User account
username <username> password <password> privilege 15

! SNMP
snmp-server community <community> ro

exit
write memory

Configuration

Connection Settings

The rXg connects via SSH using RubyExpect for CLI automation. Legacy SSH key exchange algorithms are enabled for compatibility with older firmware.

SSH connection options: -o KexAlgorithms=+diffie-hellman-group1-sha1 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null

CLI prompts recognized: - Password prompt: Password: - Enabled prompt: # - Disabled prompt: > - Configure prompt: (config)# - Interface prompt: (conf-if-

VLAN Configuration

Creating VLANs

interface vlan <vlan_id>
description <description>
tagged <port_list>
untagged <port_list>
no shutdown
exit

Port Mode Configuration

Dell switches use portmode hybrid for ports requiring both tagged and untagged VLANs:

interface ethernet <port>
portmode hybrid
switchport
no shutdown
exit

Port modes: - portmode access - Single untagged VLAN - portmode hybrid - Both tagged and untagged VLANs (used for trunks)

802.1X / MAB Configuration

Global 802.1X Enable

dot1x system-auth-control

RADIUS Server Configuration

radius-server host <rxg_ip> key <shared_secret>
radius-server host <rxg_ip> auth-port 1812
radius-server host <rxg_ip> acct-port 1813

aaa authentication dot1x default radius
aaa authorization network default radius

Per-Port Authentication

802.1X only: interface ethernet <port> dot1x authentication dot1x reauthentication dot1x port-control auto exit

MAB only: interface ethernet <port> dot1x mac-auth-bypass dot1x auth-type mab-only dot1x port-control auto exit

802.1X with MAB fallback: interface ethernet <port> dot1x authentication dot1x reauthentication dot1x mac-auth-bypass dot1x port-control auto exit

Authentication Mode

For multi-host environments:

interface ethernet <port>
dot1x host-mode multi-auth
exit

SNMP Configuration

snmp-server community <community> ro
snmp-server contact <contact>
snmp-server location <location>
snmp-server enable traps

To restrict SNMP access:

ip access-list standard SNMP-ACCESS
permit <rxg_ip>/32
exit
snmp-server community <community> ro SNMP-ACCESS

DHCP Snooping

ip dhcp snooping
ip dhcp snooping vlan <vlan_list>

! Trust uplink ports
interface ethernet <uplink_port>
ip dhcp snooping trust
exit

Monitoring Capabilities

Metric Collection Method Notes
CPU Usage SNMP System health monitoring
Memory Usage SNMP System health monitoring
Port Statistics SNMP Packets in/out, errors, discards
Port Status SNMP Up/down, speed, duplex
LLDP Neighbors CLI/SNMP Connected device discovery
802.1X Status CLI Authentication session status

Data Gathered

The config sync process collects: - Interface list and status - VLAN configurations - Port VLAN memberships (tagged/untagged) - 802.1X port configurations - LLDP neighbor information

Troubleshooting

Common Issues

SSH Connection Failures

Symptom: Unable to establish SSH connection Resolution: - Verify SSH is enabled: show ip ssh - Check RSA keys are generated: show crypto key mypubkey rsa - Verify firewall allows TCP port 22 - For older firmware, legacy SSH algorithms may be required - Check user has privilege 15

Firewall/ACL check: show ip access-lists

802.1X Authentication Failures

Symptom: Clients failing to authenticate Resolution: - Verify dot1x is enabled globally: show dot1x - Check RADIUS server configuration: show radius-server - Verify RADIUS shared secret matches rXg - Check port has dot1x enabled: show dot1x interface ethernet <port> - Review rXg RADIUS logs for authentication attempts

RADIUS server test: test aaa group radius <username> <password> legacy

VLAN Configuration Not Applied

Symptom: Traffic not passing on expected VLANs Resolution: - Verify VLAN exists: show vlan - Check port VLAN membership: show vlan id <vlan_id> - Verify port mode is correct (hybrid for trunks) - Check port is not shutdown

MAB Not Working

Symptom: MAC authentication bypass not functioning Resolution: - Verify MAB is enabled on port - Check auth-type is set correctly (mab-only vs fallback) - Verify MAC format in RADIUS matches expected format - Check RADIUS accepts MAB requests

Diagnostic Commands

System information: show version show running-config show system

Interface status: show interfaces status show interface ethernet <port> show interface ethernet <port> status

VLAN information: show vlan show vlan id <vlan_id> show interfaces switchport

802.1X status: show dot1x show dot1x interface ethernet <port> show dot1x interface ethernet <port> detail

RADIUS status: show radius-server show aaa authentication show aaa authorization

LLDP neighbors: show lldp neighbors show lldp neighbors interface ethernet <port>

MAC address table: show mac address-table show mac address-table interface ethernet <port>

Known Limitations

  • No SPB-m Fabric: Dell switches do not support SPB-m fabric mode
  • Firmware Upgrades: Manual firmware upgrades required; not managed by rXg
  • Port Range Syntax: Port ranges use different syntax than some other vendors
  • Legacy SSH: Older firmware may require legacy SSH algorithms

Operational Caveats

  • Configuration Save: Changes are applied immediately but must be saved with write memory to persist across reboots
  • Port Mode Changes: Changing port mode (access/hybrid) may require removing existing VLAN configurations first
  • RSA Key Generation: SSH requires RSA keys to be generated before enabling; this may take time on first boot
  • 802.1X System Auth: The dot1x system-auth-control command must be enabled globally before per-port configuration
  • RADIUS Key: RADIUS shared secret is case-sensitive and must match exactly
  • Port Naming: Interface names follow pattern ethernet 1/1/1 (unit/slot/port) or ethernet 1/1 depending on model
  • Hybrid Mode Required: For 802.1X with dynamic VLAN assignment, ports should be in hybrid mode to allow VLAN changes

External References

About

RG Nets is the premium provider of gateways and centralized-authentication appliances designed to manage, provision, and protect revenue-generating networks. Our mission is to create tools that are so good, we would use our own money to buy them.

Company Links

Contact

316 California Ave.
Suite 331
Reno, NV 89509
+1 (408) 441 0100
[email protected]
Copyright 2026 RG Nets, Inc.
v2026.01-65-geeeac
Cookies help us deliver our services. By using our services, you agree to our use of cookies.