Transcription
CISCO SWITCH BEST PRACTICES GUIDETable of Contents (After Clicking Link Hit HOME to Return to TOC)1) Add Hostname . 22) Add Username and Password . 23) Create Secret Password . 24) Encrypt Password. 25) Add Local Login and SSH to Line and Console Ports . 26) Disable AUX Port . 37) Disable VTP . 38) Disable http/s Server . 39) Enable Keepalives for TCP . 310) IOS Configuration Lock. 311) Reserve Memory for Console Access. 312) Add VLANS . 313) Add DHCP Snooping . 4Add to VLANS . 4Add to Interfaces (Trunks and DHCP Server) . 4Remove Option 82 . 414) Default Interface Configuration . 415) Interface Range for Programming Multiple Identical Ports. 416) Configure Access/Edge Port . 417) Add QOS at Interface Level . 418) Configure Voice Port . 519) Configure Trunk Port with VLAN Pruning (802.1Q) . 520) Configure Etherchannel Trunk with LACP and VLAN Pruning (802.1Q) . 5Configure Ports on Both Switches for Etherchannel . 5Configure Etherchannel Trunk . 5Review . 521) Add L3 Interface to VLAN (IP and Subnet Mask) . 522) Enable InterVLAN Routing . 623) Add Default Gateway L2 Switch. 624) Add Default Route L3 Switch . 625) Add Banner . 6
26) Add DNS Servers . 627) Add SSH . 628) Add NTP servers . 729) Enable Logging . 730) Don't Log Console and Monitor . 731) Backup Config to TFTP . 732) Restore Config from TFTP . 733) Setting an Alias for Config Mode . 734) SFP Commands . 735) Troubleshooting Cisco PoE with built-in TDR features . 8-ALL Commands are from Global Configuration Mode Unless Otherwise Specified1) Add Hostnamehostname switch 2) Add Username and Passwordaaa new-modelusername username privilege 15 secret password aaa local authentication attempts max-fail 3aaa authentication login default local3) Create Secret Passwordenable secret password 4) Encrypt Passwordservice password-encryption5) Add Local Login and SSH to Line and Console Portsline vty 0 15exec-timeout 3transport input ssh
login authentication defaultline con 0exec-timeout 3login authentication default6) Disable AUX Portline aux 0transport input nonetransport output noneno execexec-timeout 0 1no password7) Disable VTPvtp mode transparent8) Disable http/s Serverno ip http serverno ip http secure-server9) Enable Keepalives for TCPservice tcp-keepalives-inservice tcp-keepalives-out10) IOS Configuration Lockconfiguration mode exclusive auto11) Reserve Memory for Console Accessmemory reserve console 409612) Add VLANS
vlan number name VLAN name 13) Add DHCP Snoopingip dhcp snoopingAdd to VLANSip dhcp snoop vlan VLAN’s comma separated Add to Interfaces (Trunks and DHCP Server)ip dhcp server trustRemove Option 82no ip dhcp snooping information option14) Default Interface Configurationdefault interface interface 15) Interface Range for Programming Multiple Identical Portsinterface range interface number-number ex. interface range gigabitEthernet 1/0/1-4816) Configure Access/Edge Portdescription VLAN name switchport mode accessswitchport access vlan number spanning-tree portfastspanning-tree guard rootstorm-control broadcast level 20storm-control multicast level 20storm-control action trap17) Add QOS at Interface Levelauto qos voip cisco-phone
18) Configure Voice Portdescription VLAN name switchport access untagged VLAN switchport mode accessswitchport voice vlan VOICE VLAN number auto qos trustspanning-tree portfast19) Configure Trunk Port with VLAN Pruning (802.1Q)description Trunk to define switch and port switchport mode trunkswitchport trunk allowed vlan VLAN’s comma separated)switchport nonegotiateip dhcp snooping trust20) Configure Etherchannel Trunk with LACP and VLAN Pruning (802.1Q)Configure Ports on Both Switches for Etherchannelinterface range interface number-number channel-group number mode activechannel-protocol lacpConfigure Etherchannel Trunkinterface port-channel number switchport mode trunkswitchport trunk allowed vlan VLAN’s comma separated)switchport nonegotiateip dhcp snooping trustReviewshow interfaces trunk21) Add L3 Interface to VLAN (IP and Subnet Mask)int vlan number ip address ip-address subnet mask no shut
22) Enable InterVLAN Routingip routing23) Add Default Gateway L2 Switchip default-gateway ip-address 24) Add Default Route L3 Switchip route 0.0.0.0 0.0.0.0 ip-address 25) Add Bannerbanner motd ***************************PROPERTY OF “COMPANY”Anytown, USAUSE OF THIS “COMPANY” SYSTEM, AUTHORIZED OR UNAUTHORIZED,CONSTITUTES CONSENT TO MONITORING OF THIS SYSTEM. UNAUTHORIZED USEMAY SUBJECT YOU TO CRIMINAL PROSECUTION. EVIDENCE OF UNAUTHORIZED USECOLLECTED DURING MONITORING MAY BE USED FOR ADMINISTRATIVE, CRIMINALOR OTHER ADVERSE ACTION. USE OF THIS SYSTEM CONSTITUTES CONSENT TOMONITORING FOR THESE *********************************#26) Add DNS Serversip name-server ip-address ip name-server ip-address 27) Add SSHip domain-name domain name crypto key generate rsa 1024ip ssh time-out 60ip ssh authentication-retries 2
28) Add NTP serversntp server ip-address ntp server ip-address 29) Enable Logginglogging buffered 16384 630) Don't Log Console and Monitorno logging consoleno logging monitor31) Backup Config to TFTPcopy running-config tftp:prompted for TFTP serverprompted for filename32) Restore Config from TFTPcopy tftp: running-configprompted for TFTP serverprompted for filenamedestination filename33) Setting an Alias for Config Modealias exec c configure terminal34) SFP Commandssh invsh interfacesh controllersh diagsh hard
35) Troubleshooting Cisco PoE with built-in TDR featuresFrom #test cable-diagnostics tdr interface gigabitEthernet 0/16sh cable-diagnostics tdr interface g0/16
CISCO SWITCH BEST PRACTICES GUIDE . Disable http/s Server no ip http server no ip http secure-server 9) Enable Keepalives for TCP service tcp-keepalives-in service tcp-keepalives-out 10) IOS Configuration Lock configuration mode exclusive auto 11) Reserve Memory for Console Access
