jueves, 9 de enero de 2014

Plantilla de configuración Switch Cisco

1° Definir VTP:

vlan database
vtp transparent   <--- esto para reset de la revisión y evitar eliminación de vlan al introducir un equipo con revisión superior a la vigente.
exit

vlan database
vtp domain <Name-Domain>
vtp client
vtp password xxxxxxx
exit


2° Conf. Passwords, nombre y otros

conf t
enable secret xxxxxxx
line con 0
 logging synchronous
 exec-timeout 5 0
 password xxxxxxx
line vty 0 4
 logging synchronous
 exec-timeout 5 0
 timeout login response 300
 password xxxxxxxx
 login
line vty 5 15
 logging synchronous
 no login


hostname <xxxxxxx>
udld enable
no ip http server
no setup express
no service pad
no service finger
no ip bootp server
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip source-route
no ip domain-lookup

service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption

logging buffered 8000 debugging
logging xx.xx.xx.xx

spanning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
spanning-tree extend system-id

Para switch en stack agregar:
logging xx.xx.xx.xx

3° Conf. trunk y puertos:


Configuración puertas que utilizan SFP en modalidad trunk

interface GigabitEthernet [Número Interfaz]
description *** to  <lugar> (<Gi?/?> <nombre_equipo> <ip-address>) ***
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan [Listado de Vlans permitidas]
switchport trunk native vlan xxx
switchport mode trunk
switchport nonegotiate
no ip address
speed nonegotiate
no shut


Configuración de puertas RJ-45 en modalidad trunk

Interface GigabitEthernet [Número de Interfaz]
description *** to  <lugar> (<Gi?/?> <nombre_equipo> <ip-address>)]  ***
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan [Listado de Vlans permitidas]
switchport trunk native vlan xxx
switchport mode trunk
switchport nonegotiate
no ip address
speed [10/100/1000]
duplex [half/full]
no shut

Configuración de puertas RJ-45 en modalidad acceso Usuarios

interface GigabitEthernet [Número de Interfaz]
description [Descripción de la puerta]
switchport
switchport access vlan [vlan ID]
switchport voice vlan [vlan ID]
switchport mode access
storm-control broadcast level 1.00 0.50
storm-control action shutdown
storm-control action trap
spanning-tree guard root
spanning-tree portfast
switchport nonegotiate
no ip address
no shut





Configuración de puertas RJ-45 en modalidad acceso para Servidores

interface GigabitEthernet [Número de Interfaz]
description [Descripción de la puerta]
switchport
switchport access vlan [vlan ID]
switchport mode access
spanning-tree rootguard (spanning-tree guard root)
spanning-tree portfast
switchport nonegotiate
no ip address
speed [10/100/1000]
duplex [half/full]
no shut


Configuración de interfaces deshabilitadas

interface GigabitEthernet [Número de Interfaz]
description *** DISPONIBLE ***
switchport access vlan xxx
switchport mode access
storm-control broadcast level 1.00 0.50
storm-control action shutdown
storm-control action trap
spanning-tree guard root
spanning-tree portfast
switchport nonegotiate
no ip address
shutdown
speed nonegotiate


Configuración de interfaces Layer 3

interface GigabitEthernet [Número de Interfaz]
description *** [Nombre] ***
no switchport
ip address [Ip Add][mask]
no ip redirects
no ip unreachables
no ip proxy-arp
ip authentication mode eigrp xx md5
ip authentication key-chain eigrp 68 EIGRP_AUTHENTICATION
ip pim sparse-dense-mode
speed nonegotiate
no shutdown



Configuración de key Layer 3

key chain EIGRP_AUTHENTICATION
 key 1
  key-string xxxxxxxx

Alternativas para los comandos Store-control


 port storm-control broadcast action shutdown
 port storm-control broadcast trap
 port storm-control broadcast threshold rising 20 falling 5

O

 storm-control broadcast level 1.00 0.50
 storm-control action shutdown
 storm-control action trap
!

Configuración Interfaz vlan 1

interface VLAN1
shutdown

Configuración Interfaz vlan XXX

interface VLAN[XXX]
description *** [Name VLAN] ***
ip address [Ip Add][mask]
no ip redirects
no ip unreachables
no ip proxy-arp

Ipdefault Gateway

ip default-gateway

4° Conf clock.


service timestamps debug datetime localtime
service timestamps log datetime localtime
clock timezone scl -4
clock summer-time scl recurring 2 Sat Oct 23:59 2 Sat Mar 23:59
ntp server xx.xx.xx.xx

5° Conf Tacacs.


tacacs-server host xx.xx.xx.xx
tacacs-server key xxxxxx
aaa new-model
aaa authentication login default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated



 7° Conf SNMP.


Si el equipo ya esta OK para ser monitoreado (registrado en Toolnet) y conformidad de NSS activar monitoreo.

snmp-server community xxxxxxx RO
snmp-server community xxxxxx RW
snmp-server location <xxxxxxx>
snmp-server contact xxxxxx
snmp-server chassis-id
snmp-server enable traps chassis
snmp-server enable traps module
snmp-server enable traps config
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps envmon fan shutdown supply temperature status

snmp-server host xx.xx.xx.xx  version 2c xxxxxx


**************************************************************************************************************************


Sígueme también en: