Plantilla de configuración Switch Cisco

1° Definir VTP:

vlan database

vtp transparent   <--- esto para reset de la revisión y evitar eliminación de vlan al introducir un equipo con revisión superior a la vigente.

exit

vlan database

vtp domain <Name-Domain>

vtp client

vtp password xxxxxxx

exit

2° Conf. Passwords, nombre y otros

conf t

enable secret xxxxxxx

line con 0

 logging synchronous

 exec-timeout 5 0

 password xxxxxxx

line vty 0 4

 logging synchronous

 exec-timeout 5 0

 timeout login response 300

 password xxxxxxxx

 login

line vty 5 15

 logging synchronous

 no login

hostname <xxxxxxx>

udld enable

no ip http server

no setup express

no service pad

no service finger

no ip bootp server

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

no ip source-route

no ip domain-lookup

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime localtime

service timestamps log datetime localtime

service password-encryption

logging buffered 8000 debugging

logging xx.xx.xx.xx

spanning-tree mode rapid-pvst

spanning-tree portfast bpduguard default

spanning-tree extend system-id

Para switch en stack agregar:

logging xx.xx.xx.xx

3° Conf. trunk y puertos:

Configuración puertas que utilizan SFP en modalidad trunk

interface GigabitEthernet [Número Interfaz]

description *** to  <lugar> (<Gi?/?> <nombre_equipo> <ip-address>) ***

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan [Listado de Vlans permitidas]

switchport trunk native vlan xxx

switchport mode trunk

switchport nonegotiate

no ip address

speed nonegotiate

no shut

Configuración de puertas RJ-45 en modalidad trunk

Interface GigabitEthernet [Número de Interfaz]

description *** to  <lugar> (<Gi?/?> <nombre_equipo> <ip-address>)]  ***

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan [Listado de Vlans permitidas]

switchport trunk native vlan xxx

switchport mode trunk

switchport nonegotiate

no ip address

speed [10/100/1000]

duplex [half/full]

no shut

Configuración de puertas RJ-45 en modalidad acceso Usuarios

interface GigabitEthernet [Número de Interfaz]

description [Descripción de la puerta]

switchport

switchport access vlan [vlan ID]

switchport voice vlan [vlan ID]

switchport mode access

storm-control broadcast level 1.00 0.50

storm-control action shutdown

storm-control action trap

spanning-tree guard root

spanning-tree portfast

switchport nonegotiate

no ip address

no shut

Configuración de puertas RJ-45 en modalidad acceso para Servidores

interface GigabitEthernet [Número de Interfaz]

description [Descripción de la puerta]

switchport

switchport access vlan [vlan ID]

switchport mode access

spanning-tree rootguard (spanning-tree guard root)

spanning-tree portfast

switchport nonegotiate

no ip address

speed [10/100/1000]

duplex [half/full]

no shut

Configuración de interfaces deshabilitadas

interface GigabitEthernet [Número de Interfaz]

description *** DISPONIBLE ***

switchport access vlan xxx

switchport mode access

storm-control broadcast level 1.00 0.50

storm-control action shutdown

storm-control action trap

spanning-tree guard root

spanning-tree portfast

switchport nonegotiate

no ip address

shutdown

speed nonegotiate

Configuración de interfaces Layer 3

interface GigabitEthernet [Número de Interfaz]

description *** [Nombre] ***

no switchport

ip address [Ip Add][mask]

no ip redirects

no ip unreachables

no ip proxy-arp

ip authentication mode eigrp xx md5

ip authentication key-chain eigrp 68 EIGRP_AUTHENTICATION

ip pim sparse-dense-mode

speed nonegotiate

no shutdown

Configuración de key Layer 3

key chain EIGRP_AUTHENTICATION

 key 1

  key-string xxxxxxxx

Alternativas para los comandos Store-control

 port storm-control broadcast action shutdown

 port storm-control broadcast trap

 port storm-control broadcast threshold rising 20 falling 5

O

 storm-control broadcast level 1.00 0.50

 storm-control action shutdown

 storm-control action trap

!

Configuración Interfaz vlan 1

interface VLAN1

shutdown

Configuración Interfaz vlan XXX

interface VLAN[XXX]

description *** [Name VLAN] ***

ip address [Ip Add][mask]

no ip redirects

no ip unreachables

no ip proxy-arp

Ipdefault Gateway

ip default-gateway

4° Conf clock.

service timestamps debug datetime localtime

service timestamps log datetime localtime

clock timezone scl -4

clock summer-time scl recurring 2 Sat Oct 23:59 2 Sat Mar 23:59

ntp server xx.xx.xx.xx

5° Conf Tacacs.

tacacs-server host xx.xx.xx.xx

tacacs-server key xxxxxx

aaa new-model

aaa authentication login default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

 7° Conf SNMP.

Si el equipo ya esta OK para ser monitoreado (registrado en Toolnet) y conformidad de NSS activar monitoreo.

snmp-server community xxxxxxx RO

snmp-server community xxxxxx RW

snmp-server location <xxxxxxx>

snmp-server contact xxxxxx

snmp-server chassis-id

snmp-server enable traps chassis

snmp-server enable traps module

snmp-server enable traps config

snmp-server enable traps event-manager

snmp-server enable traps hsrp

snmp-server enable traps ipmulticast

snmp-server enable traps vtp

snmp-server enable traps vlancreate

snmp-server enable traps vlandelete

snmp-server enable traps envmon fan shutdown supply temperature status

snmp-server host xx.xx.xx.xx  version 2c xxxxxx

**************************************************************************************************************************

Sígueme también en:

Facebook | Twitter | Google +