Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Configuration of Dell Switches

            Modified on Fri, 1 May at 4:08 PM

            TABLE OF CONTENTS


            Overview

            Dell Switches can be integrated with ADR using sFlow forwarding, allowing centralized collection and monitoring of network traffic data. Once configured, flow logs are transferred from the switch to the ADR Collection and Control Engine (CCE), which then forwards them to the Analytics and Policy Engine (APE) for analysis.


            This integration provides comprehensive visibility into network activity and enables proactive threat detection within your environment.


            Prerequisites

            Before starting configuration, ensure the following:

            • Administrative access to the Dell Switch CLI.

            • Connectivity between the Dell Switch and the CCE server.

            • Port 6343/UDP is allowed through any firewalls.

            • CCE server IP address is known.


            Configuration Steps

            1. Enter Privileged Mode.

              console> enable

            2. Enter Configuration Mode.

              console# configure

            3. Set sFlow Destination

              console(config)# sflow 1 destination <CCE_IP> 6343

              - <CCE_IP> → Replace with the IP address of the ADR CCE server.

              - 6343 → Default UDP port for sFlow.

            4. Set Owner and Timeout

              console(config)# sflow 1 destination owner SFLOW_EXAMPLE timeout 10000

              - owner → Descriptive string (e.g., SFLOW_EXAMPLE).

              - timeout → Validity in seconds (0 disables receiver).

            5. Enable Polling on Interfaces

              console(config)# sflow 1 polling gi1/0/1-4 30

              - Polls every 30 seconds.

              - Replace gi1/0/1-4 with interface or range.

            6. Enable Sampling on Interfaces

              console(config)# sflow 1 sampling gi1/0/1-4 1024

              - Sampling rate: 1 out of 1024 packets.


            Sample Configuration

            console> enable
console# configure
console(config)# sflow 1 destination 192.168.2.1 6343
console(config)# sflow 1 destination owner SFLOW_EXAMPLE timeout 10000
console(config)# sflow 1 polling gi1/0/1-4 30
console(config)# sflow 1 sampling gi1/0/1-4 1024


            Verification (MSSP Only)

            From Switch CLI

            Check Destination Configuration

            console# show sflow 1 destination

            Expected output includes:

            • Receiver Index

            • Owner String

            • Timeout

            • Destination IP & Port (6343)

            • Datagram Version (5)


            Check Polling

            console# show sflow 1 polling


            Check Sampling

            console# show sflow 1 sampling

            From ADR UI

            1. Log in to the ADR UI.

            2. Navigate to: System > Logs and Flows Collection Status.


            3. Confirm that the Dell Switch Source Device IP is listed.

            From CCE Server

            Run tcpdump on the CCE server to confirm flow reception:

            sudo tcpdump -i any port 6343 and host <Switch_IP>

            • Replace <Switch_IP> with the Dell switch management IP.

            • If packets are visible, logs are successfully being forwarded.


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0