05-06-2009 03:19 AM - edited 03-06-2019 05:33 AM
Hi all
I would like to start a thread on best practice configs for the lan, VTP , stp, port setups, vrrp,hsrp etc etc.
Please share your thoughts on what these are
thanks
Carl
05-07-2009 10:21 AM
Hey Carl,
I have taken the better safe than sorry road to these topics for my environment. My support guys are pre-CCNA types so I take NO chances.
VTP - ALWAYS Transparent, Version 1 unless there is a TRUE reason for version 2 or 3.
STP - locked down and documented. Again the basic version unless you have a TRUE reason for advanced services.
I use the advanced services in my test lab only to weed out issues. If the basic features can resolve the problem, go with what your folks know.
Here is my standard config for an access port, notice it is shutdown and assigned to an inactive vlan 1001. The op guys will no shut and assign the correct vlan -and there are done.
interface GigabitEthernet8/1
switchport
switchport access vlan 1001
switchport mode access
switchport port-security maximum 10
switchport port-security aging time 5
switchport port-security violation protect
switchport port-security aging type inactivity
load-interval 30
shutdown
snmp trap link-status permit duplicates
storm-control broadcast level 70.00
storm-control multicast level 70.00
no cdp enable
no mop enabled
no mop sysid
no lldp transmit
no lldp receive
spanning-tree portfast edge
spanning-tree bpdufilter disable
spanning-tree bpduguard enable
spanning-tree guard loop
Here is my standard config for a layer-2 uplink. Specify only what is needed - nothing more.
interface TenGigabitEthernet1/1
description switch4 T1/1
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport trunk allowed vlan 100-150
switchport mode trunk
switchport nonegotiate
dampening
udld port aggressive
snmp trap link-status permit duplicates
storm-control broadcast level 40.00
storm-control multicast level 40.00
no cdp enable
no mop enabled
no mop sysid
channel-group 1 mode on
Standard config for a layer-3 uplink
interface TenGigabitEthernet1/2
description switch2 T1/1
dampening
ip address 192.168.2.7 255.255.255.254
no ip redirects
no ip proxy-arp
ip authentication mode eigrp 90 md5
ip authentication key-chain eigrp 90 pw
ip summary-address eigrp 90 192.168.128.0 255.255.224.0 5
udld port aggressive
snmp trap link-status permit duplicates
storm-control broadcast level 40.00
storm-control multicast level 40.00
no cdp enable
no mop enabled
no mop sysid
HTH
BTW, PLEASE test and understand your setup in your lab before going production. Better safe than sorry.
Frank
05-08-2009 01:27 AM
hi there
can you tell me what the following commands do?
load-interval 30
snmp trap link-status permit duplicates
no mop enabled
no mop sysid
dampening
also i see you have
switchport mode trunk
switchport nonegotiate
as you have manually set it as a trunk, do you need to put nonegotiate?
thanks
Carl
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide