Switch installation procedure
Basic Cisco switch installation procedure for internal / external switches
1. Verify correct switch boot via console
2. Upgrade switch to latest recommended version
3. Reboot switch and verify correct boot from new IOS
4. For stack switches:
- Connect stack modules and cables
- switch 1 priority 10
5. Add management VLAN and management IP
6. Configure admin access. User: dude Pass: xxxx With privilege 15
7. Configure enable secret xxxx
8. Add host name
9. Configure SSH access to the switch
- ip domain-name xglobe.net - crypto key generate rsa - How many bits in the modulus [512]: 1024 - ip ssh version 2 - configure line vty 0 4 - login local - transport input ssh - session-timeout 15
11. line console 0
- logging synchronous
12. Global configurations:
- service password-encryption - ip default-gateway X.X.X.X - no ip domain lookup - no ip http server - no ip http secure-server - snmp-server community evolution ro (if this is external switch ACL should be added) - ntp server X.X.X.X - vtp mode transparent - clock timezone UTC +/-X - service timestamps debug datetime - service timestamps log datetime - logging buffered 8192 - spanning-tree mode rapid-pvst
13. For L3 switches
- mls qos - ip routing - ip route 0.0.0.0 0.0.0.0 X.X.X.X (instead of ip default route) - sdm prefer routing (to enable PBR on the switch 3750/3650) – reboot is needed
14. configure vlans
15. if switch should not be a STP root, configure all vlans with priority 32768 or higher
- spanning-tree vlan 1-4094 priority 32768
% Allowed values are:
0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440
16. Access list for external switches:
ip access-list standard dude_access permit 1.2.3.4 permit 4.5.6.7 permit 7.8.9.10
- Also add additional relevant internal networks if needed
17. Configure all VLANs or import vlan.dat file
18. Create all necessary interface VLANs
19. Access ports configuration
- Switchport mode access - Switchport access vlan XXX - Description GiX/X | blabla_giX/X - load-interval 30 - logging event link-status - spanning-tree portfast (for servers only)
20. Trunk port configuration
- Switchport mode trunk - switchport trunk allowed vlan x,xx,xxx - Description GiX/X | blabla_giX/X - load-interval 30 - logging event link-status - logging event trunk-status - logging event spanning-tree
21. For backup trunk port add:
- spanning-tree cost 2000000
22. Switch installation withaaa new-model
* aaa configuration:
- aaa new-model - aaa authentication login default local
* line vty 0 4 should be configured without login local
23. After switch installation at data center, add access list to line vty:
- access-class dude_access in
- verify connectivity and SNMP
- Save config
- If connection was lost reboot switch