Tuesday, March 26, 2013

Standard Cisco Switch Configuration

I would like to share Standard Cisco Switch Configuration in order to give readers understand best practices for Standard Cisco Switch Configuration. This concept like previos post "Standard Cisco Router Configuration"

Keep in mind again that the output you are about to see might not exactly match to the following. The output basically varies; it highly depends on your cisco switch models and features activated or used. However in general, it should look something like this.. let us see...


! Standard Cisco Switch Configuartion
!
!
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname <<Country_Code>>SL1
!
boot-start-marker
boot-end-marker
!
!
logging buffered 128000
!
!
no aaa new-model
clock timezone PST -8
clock summer-time PDT recurring
system mtu routing 1500
vtp domain <<Facility_Code_ALL_CAPS>>
vtp mode transparent
udld aggressive 
!
ip subnet-zero
no ip source-route
ip routing
ip domain-name <<Country_Code>>.domain.net
ip name-server 172.26.20.24
ip name-server 172.27.26.36
ip dhcp relay information trust-all
ip multicast-routing distributed
!
!
! DHCP SNOOPING: Prevents rogue DHCP servers from affecting PCs on the VLAN
! IMPORTANT: You MUST put 'ip dhcp snooping trust' on all Layer 2 uplinks, if any,
! for DHCP Snooping to work!
!
! IMPORTANT: Add additional VLANs here if necessary:
ip dhcp snooping vlan <<Data_VLAN_Number>>,<<Voice_VLAN_Number>>
ip dhcp snooping
!
!
errdisable recovery cause udld
!
spanning-tree mode rapid-pvst 
spanning-tree portfast default ! Enable PortFast on all ports by default
spanning-tree portfast bpduguard default 
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree backbonefast
!
vlan internal allocation policy ascending
!
!
vlan <<Data_VLAN_Number>>
 name <<Data_Subnet_CIDR_Notation>>_DATA
!
!
vlan <<Voice_VLAN_Number>>
 name <<Voice_Subnet_CIDR_Notation>>_VOICE
!
! Add additional VLANs here if necessary
!
!
vlan 999
 name Unused_Native_VLAN
!
!
ip tcp path-mtu-discovery
ip telnet source-interface Loopback0
ip ftp source-interface Loopback0
ip tftp source-interface Loopback0
!
!
interface Loopback0
 ip address <<Loopback0_Address>> 255.255.255.255
 no ip proxy-arp
!
! L3 uplink port configuration 
interface GigabitEthernet1/0/1
 description Uplink to ISR
 no switchport
 ip address <<Uplink_Interface_Address>> <<Uplink_Interface_Mask>>
 no ip redirects
 no ip proxy-arp
 ip pim sparse-mode
 ip cgmp
 load-interval 30
!
!
!
interface range GigabitEthernet1/0/2-24
 auto qos voip cisco-phone
!
!
interface range GigabitEthernet1/0/2-24
 switchport access vlan <<Data_VLAN_Number>>
 switchport mode access
 switchport nonegotiate 
 switchport voice vlan <<Voice_VLAN_Number>>
 no logging event link-status 
 load-interval 30
 no snmp trap link-status 
!
! Shutdown unused access ports
interface range GigabitEthernet1/0/25-28
 shutdown
!
! Shutdown unused uplinks
interface range TenGigabitEthernet1/0/1-2
 shutdown
!
! Shutdown VLAN 1
interface Vlan1
 no ip address
 no ip route-cache
 no ip mroute-cache
 shutdown
!
router eigrp 109
 passive-interface default
 no passive-interface GigabitEthernet1/0/1 ! Specify different port if needed
 no auto-summary
 network <<Loopback0_Address>>
 network <<Uplink_Interface_Address>>
 network <<Data_VLAN_Interface_Address>>
! Add any additional networks to EIGRP here
!
ip classless
no ip forward-protocol nd
no ip forward-protocol udp tftp
no ip forward-protocol udp nameserver
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
no ip http server
no ip http secure-server
ip pim rp-address 139.65.245.226 mcast-rp-sparse-wan override
ip pim spt-threshold 32
ip pim register-rate-limit 48
ip pim register-source Loopback0
ip tacacs source-interface Loopback0
banner login @
****************************************************
WARNING TO UNAUTHORIZED USERS:
This system is for use by authorized users only.
Any individual using this system, by such use,
acknowledges and consents to the right of the
company to monitor, access, use, and disclose any
information generated, received, or stored on the
systems, and waives any right of privacy or
expectation of privacy on the part of that
individual in connection with his or her use of
this system. Unauthorized and/or improper use of
this system, as delineated by corporate policies,
is not tolerated and the company may take formal
action against such individuals.
****************************************************
@
!
!
!
!
line con 0
 timeout login response 15
 access-class 20 in
 password cisco
 logging synchronous
 login
 transport preferred none
line vty 0 4
 timeout login response 15
 access-class 20 in
 password cisco
 logging synchronous
 login
 transport preferred none
line vty 5 15
 timeout login response 15
 access-class 20 in
 password cisco
 logging synchronous
 login
 transport preferred none

No comments:

YouTube Channel