Quick Contact

Switch installation procedure

Basic Cisco switch installation procedure for internal / external switches

1. Verify correct switch boot via console

2. Upgrade switch to latest recommended version

3. Reboot switch and verify correct boot from new IOS

4. For stack switches:

-          Connect stack modules and cables

-          switch 1 priority 10

5. Add management VLAN and management IP

6. Configure admin access. User: dude Pass: xxxx With privilege 15

7. Configure enable secret xxxx

8. Add host name

9. Configure SSH access to the switch

-	ip domain-name xglobe.net
-	crypto key generate rsa
-	How many bits in the modulus [512]: 1024
-	ip ssh version 2

-	configure line vty 0 4
-	login local
-	transport input ssh
-	session-timeout 15

 11. line console 0

-          logging synchronous

12. Global configurations:

-          service password-encryption

-          ip default-gateway X.X.X.X

-          no ip domain lookup

-          no ip http server

-          no ip http secure-server

-          snmp-server community evolution ro (if this is external switch ACL should be added)

-          ntp server X.X.X.X

-          vtp mode transparent

-          clock timezone UTC +/-X

-          service timestamps debug datetime

-          service timestamps log datetime

-          logging buffered 8192

-          spanning-tree mode rapid-pvst

13. For L3 switches

-          mls qos

-          ip routing

-          ip route 0.0.0.0 0.0.0.0 X.X.X.X (instead of ip default route)

-          sdm prefer routing (to enable PBR on the switch 3750/3650) – reboot is needed

14. configure vlans

15. if switch should not be a STP root, configure all vlans with priority 32768 or higher

-          spanning-tree vlan 1-4094 priority 32768

% Allowed values are:

 0     4096  8192  12288 16384 20480 24576 28672

  32768 36864 40960 45056 49152 53248 57344 61440

16. Access list for external switches:

ip access-list standard dude_access

permit 1.2.3.4

permit 4.5.6.7

permit 7.8.9.10

-          Also add additional relevant internal networks if needed

17. Configure all VLANs or import vlan.dat file

18. Create all necessary interface VLANs

19. Access ports configuration

-          Switchport mode access

-          Switchport access vlan XXX

-          Description GiX/X | blabla_giX/X

-          load-interval 30

-          logging event link-status

-          spanning-tree portfast (for servers only)

20. Trunk port configuration

-          Switchport mode trunk

-          switchport trunk allowed vlan x,xx,xxx

-          Description GiX/X | blabla_giX/X

-          load-interval 30

-          logging event link-status

-          logging event trunk-status

-          logging event spanning-tree

21. For backup trunk port add:

-          spanning-tree cost 2000000

 

22. Switch installation withaaa new-model

* aaa configuration:

-          aaa new-model

-          aaa authentication login default local

* line vty 0 4 should be configured without login local

 

23. After switch installation at data center, add access list to line vty:

-          access-class dude_access in

-          verify connectivity and SNMP

-          Save config

-          If connection was lost reboot switch

 

 

 

Additional Articles
X

Partners

© 2013 XGlobe Online Ltd.