I would like to share Standard Cisco Switch Configuration in order to give readers understand best practices for Standard Cisco Switch Configuration. This concept like previos post "Standard Cisco Router Configuration"
Keep in mind again that the output you are about to see might not exactly match to the following. The output basically varies; it highly depends on your cisco switch models and features activated or used. However in general, it should look something like this.. let us see...
! Standard Cisco Switch Configuartion
!
!
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname <<Country_Code>>SL1
!
boot-start-marker
boot-end-marker
!
!
logging buffered 128000
!
!
no aaa new-model
clock timezone PST -8
clock summer-time PDT recurring
system mtu routing 1500
vtp domain <<Facility_Code_ALL_CAPS>>
vtp mode transparent
udld aggressive
!
ip subnet-zero
no ip source-route
ip routing
ip domain-name <<Country_Code>>.domain.net
ip name-server 172.26.20.24
ip name-server 172.27.26.36
ip dhcp relay information trust-all
ip multicast-routing distributed
!
!
! DHCP SNOOPING: Prevents rogue DHCP servers from affecting PCs on the VLAN
! IMPORTANT: You MUST put 'ip dhcp snooping trust' on all Layer 2 uplinks, if any,
! for DHCP Snooping to work!
!
! IMPORTANT: Add additional VLANs here if necessary:
ip dhcp snooping vlan <<Data_VLAN_Number>>,<<Voice_VLAN_Number>>
ip dhcp snooping
!
!
errdisable recovery cause udld
!
spanning-tree mode rapid-pvst
spanning-tree portfast default ! Enable PortFast on all ports by default
spanning-tree portfast bpduguard default
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree backbonefast
!
vlan internal allocation policy ascending
!
!
vlan <<Data_VLAN_Number>>
name <<Data_Subnet_CIDR_Notation>>_DATA
!
!
vlan <<Voice_VLAN_Number>>
name <<Voice_Subnet_CIDR_Notation>>_VOICE
!
! Add additional VLANs here if necessary
!
!
vlan 999
name Unused_Native_VLAN
!
!
ip tcp path-mtu-discovery
ip telnet source-interface Loopback0
ip ftp source-interface Loopback0
ip tftp source-interface Loopback0
!
!
interface Loopback0
ip address <<Loopback0_Address>> 255.255.255.255
no ip proxy-arp
!
! L3 uplink port configuration
interface GigabitEthernet1/0/1
description Uplink to ISR
no switchport
ip address <<Uplink_Interface_Address>> <<Uplink_Interface_Mask>>
no ip redirects
no ip proxy-arp
ip pim sparse-mode
ip cgmp
load-interval 30
!
!
!
interface range GigabitEthernet1/0/2-24
auto qos voip cisco-phone
!
!
interface range GigabitEthernet1/0/2-24
switchport access vlan <<Data_VLAN_Number>>
switchport mode access
switchport nonegotiate
switchport voice vlan <<Voice_VLAN_Number>>
no logging event link-status
load-interval 30
no snmp trap link-status
!
! Shutdown unused access ports
interface range GigabitEthernet1/0/25-28
shutdown
!
! Shutdown unused uplinks
interface range TenGigabitEthernet1/0/1-2
shutdown
!
! Shutdown VLAN 1
interface Vlan1
no ip address
no ip route-cache
no ip mroute-cache
shutdown
!
router eigrp 109
passive-interface default
no passive-interface GigabitEthernet1/0/1 ! Specify different port if needed
no auto-summary
network <<Loopback0_Address>>
network <<Uplink_Interface_Address>>
network <<Data_VLAN_Interface_Address>>
! Add any additional networks to EIGRP here
!
ip classless
no ip forward-protocol nd
no ip forward-protocol udp tftp
no ip forward-protocol udp nameserver
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
no ip http server
no ip http secure-server
ip pim rp-address 139.65.245.226 mcast-rp-sparse-wan override
ip pim spt-threshold 32
ip pim register-rate-limit 48
ip pim register-source Loopback0
ip tacacs source-interface Loopback0
banner login @
****************************************************
WARNING TO UNAUTHORIZED USERS:
This system is for use by authorized users only.
Any individual using this system, by such use,
acknowledges and consents to the right of the
company to monitor, access, use, and disclose any
information generated, received, or stored on the
systems, and waives any right of privacy or
expectation of privacy on the part of that
individual in connection with his or her use of
this system. Unauthorized and/or improper use of
this system, as delineated by corporate policies,
is not tolerated and the company may take formal
action against such individuals.
****************************************************
@
!
!
!
!
line con 0
timeout login response 15
access-class 20 in
password cisco
logging synchronous
login
transport preferred none
line vty 0 4
timeout login response 15
access-class 20 in
password cisco
logging synchronous
login
transport preferred none
line vty 5 15
timeout login response 15
access-class 20 in
password cisco
logging synchronous
login
transport preferred none
To download the Standard Cisco Switch Configuartion go here; Switch_Config.xlsx
Keep in mind again that the output you are about to see might not exactly match to the following. The output basically varies; it highly depends on your cisco switch models and features activated or used. However in general, it should look something like this.. let us see...
!
!
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname <<Country_Code>>SL1
!
boot-start-marker
boot-end-marker
!
!
logging buffered 128000
!
!
no aaa new-model
clock timezone PST -8
clock summer-time PDT recurring
system mtu routing 1500
vtp domain <<Facility_Code_ALL_CAPS>>
vtp mode transparent
udld aggressive
!
ip subnet-zero
no ip source-route
ip routing
ip domain-name <<Country_Code>>.domain.net
ip name-server 172.26.20.24
ip name-server 172.27.26.36
ip dhcp relay information trust-all
ip multicast-routing distributed
!
!
! DHCP SNOOPING: Prevents rogue DHCP servers from affecting PCs on the VLAN
! IMPORTANT: You MUST put 'ip dhcp snooping trust' on all Layer 2 uplinks, if any,
! for DHCP Snooping to work!
!
! IMPORTANT: Add additional VLANs here if necessary:
ip dhcp snooping vlan <<Data_VLAN_Number>>,<<Voice_VLAN_Number>>
ip dhcp snooping
!
!
errdisable recovery cause udld
!
spanning-tree mode rapid-pvst
spanning-tree portfast default ! Enable PortFast on all ports by default
spanning-tree portfast bpduguard default
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree backbonefast
!
vlan internal allocation policy ascending
!
!
vlan <<Data_VLAN_Number>>
name <<Data_Subnet_CIDR_Notation>>_DATA
!
!
vlan <<Voice_VLAN_Number>>
name <<Voice_Subnet_CIDR_Notation>>_VOICE
!
! Add additional VLANs here if necessary
!
!
vlan 999
name Unused_Native_VLAN
!
!
ip tcp path-mtu-discovery
ip telnet source-interface Loopback0
ip ftp source-interface Loopback0
ip tftp source-interface Loopback0
!
!
interface Loopback0
ip address <<Loopback0_Address>> 255.255.255.255
no ip proxy-arp
!
! L3 uplink port configuration
interface GigabitEthernet1/0/1
description Uplink to ISR
no switchport
ip address <<Uplink_Interface_Address>> <<Uplink_Interface_Mask>>
no ip redirects
no ip proxy-arp
ip pim sparse-mode
ip cgmp
load-interval 30
!
!
!
interface range GigabitEthernet1/0/2-24
auto qos voip cisco-phone
!
!
interface range GigabitEthernet1/0/2-24
switchport access vlan <<Data_VLAN_Number>>
switchport mode access
switchport nonegotiate
switchport voice vlan <<Voice_VLAN_Number>>
no logging event link-status
load-interval 30
no snmp trap link-status
!
! Shutdown unused access ports
interface range GigabitEthernet1/0/25-28
shutdown
!
! Shutdown unused uplinks
interface range TenGigabitEthernet1/0/1-2
shutdown
!
! Shutdown VLAN 1
interface Vlan1
no ip address
no ip route-cache
no ip mroute-cache
shutdown
!
router eigrp 109
passive-interface default
no passive-interface GigabitEthernet1/0/1 ! Specify different port if needed
no auto-summary
network <<Loopback0_Address>>
network <<Uplink_Interface_Address>>
network <<Data_VLAN_Interface_Address>>
! Add any additional networks to EIGRP here
!
ip classless
no ip forward-protocol nd
no ip forward-protocol udp tftp
no ip forward-protocol udp nameserver
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
no ip http server
no ip http secure-server
ip pim rp-address 139.65.245.226 mcast-rp-sparse-wan override
ip pim spt-threshold 32
ip pim register-rate-limit 48
ip pim register-source Loopback0
ip tacacs source-interface Loopback0
banner login @
****************************************************
WARNING TO UNAUTHORIZED USERS:
This system is for use by authorized users only.
Any individual using this system, by such use,
acknowledges and consents to the right of the
company to monitor, access, use, and disclose any
information generated, received, or stored on the
systems, and waives any right of privacy or
expectation of privacy on the part of that
individual in connection with his or her use of
this system. Unauthorized and/or improper use of
this system, as delineated by corporate policies,
is not tolerated and the company may take formal
action against such individuals.
****************************************************
@
!
!
!
!
line con 0
timeout login response 15
access-class 20 in
password cisco
logging synchronous
login
transport preferred none
line vty 0 4
timeout login response 15
access-class 20 in
password cisco
logging synchronous
login
transport preferred none
line vty 5 15
timeout login response 15
access-class 20 in
password cisco
logging synchronous
login
transport preferred none
I want to suggest for who don't has practice with Catalyst switch configuration the software IOS4ALL because after operating with GUI you can review all the configuration lines.
ReplyDelete(download link http://www.ios4all.net/download)
thank u for sharing this post
ReplyDeleteMeraki Switches
Switching Solutions companies