Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
972
Views
0
Helpful
2
Replies

best practice for campus lan setup

carl_townshend
Spotlight
Spotlight

‎05-06-2009 03:19 AM - edited ‎03-06-2019 05:33 AM

Hi all

I would like to start a thread on best practice configs for the lan, VTP , stp, port setups, vrrp,hsrp etc etc.

Please share your thoughts on what these are

thanks

Carl

Labels:
0 Helpful
2 Replies 2

fsebera
Level 4
Level 4

‎05-07-2009 10:21 AM

Hey Carl,

I have taken the better safe than sorry road to these topics for my environment. My support guys are pre-CCNA types so I take NO chances.

VTP - ALWAYS Transparent, Version 1 unless there is a TRUE reason for version 2 or 3.

STP - locked down and documented. Again the basic version unless you have a TRUE reason for advanced services.

I use the advanced services in my test lab only to weed out issues. If the basic features can resolve the problem, go with what your folks know.

Here is my standard config for an access port, notice it is shutdown and assigned to an inactive vlan 1001. The op guys will no shut and assign the correct vlan -and there are done.

interface GigabitEthernet8/1

switchport

switchport access vlan 1001

switchport mode access

switchport port-security maximum 10

switchport port-security aging time 5

switchport port-security violation protect

switchport port-security aging type inactivity

load-interval 30

shutdown

snmp trap link-status permit duplicates

storm-control broadcast level 70.00

storm-control multicast level 70.00

no cdp enable

no mop enabled

no mop sysid

no lldp transmit

no lldp receive

spanning-tree portfast edge

spanning-tree bpdufilter disable

spanning-tree bpduguard enable

spanning-tree guard loop

Here is my standard config for a layer-2 uplink. Specify only what is needed - nothing more.

interface TenGigabitEthernet1/1

description switch4 T1/1

switchport

switchport trunk encapsulation dot1q

switchport trunk native vlan 100

switchport trunk allowed vlan 100-150

switchport mode trunk

switchport nonegotiate

dampening

udld port aggressive

snmp trap link-status permit duplicates

storm-control broadcast level 40.00

storm-control multicast level 40.00

no cdp enable

no mop enabled

no mop sysid

channel-group 1 mode on

Standard config for a layer-3 uplink

interface TenGigabitEthernet1/2

description switch2 T1/1

dampening

ip address 192.168.2.7 255.255.255.254

no ip redirects

no ip proxy-arp

ip authentication mode eigrp 90 md5

ip authentication key-chain eigrp 90 pw

ip summary-address eigrp 90 192.168.128.0 255.255.224.0 5

udld port aggressive

snmp trap link-status permit duplicates

storm-control broadcast level 40.00

storm-control multicast level 40.00

no cdp enable

no mop enabled

no mop sysid

HTH

BTW, PLEASE test and understand your setup in your lab before going production. Better safe than sorry.

Frank

0 Helpful

carl_townshend
Spotlight
Spotlight
In response to fsebera

‎05-08-2009 01:27 AM

hi there

can you tell me what the following commands do?

load-interval 30

snmp trap link-status permit duplicates

no mop enabled

no mop sysid

dampening

also i see you have

switchport mode trunk

switchport nonegotiate

as you have manually set it as a trunk, do you need to put nonegotiate?

thanks

Carl

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card