Solved: Cat 3750 stack basic settings

avilt · ‎12-14-2011

Please refer the attached diagram and following is the basic configuration on L3 and L2 switch. Is this configuration sufficient for simple routing?

L3SWITCH:

switch 1 priority 15

switch 2 priority 10

stack-mac persistent timer 0

vtp transparent

no cdp run

ip routing

spanning-tree portfast bpduguard default

spanning-tree etherchannel guard misconfig

interface vlan10

ip address 10.10.0.1 255.255.0.0

interface vlan20

ip address 10.20.0.1 255.255.0.0

interface gig 1/0/1

switchport mode trunk

switchport trunk allowed vlan 10, 20

switchport nonegotiate

channel-group 5 mode active

interface gig 1/1/1

switchport mode trunk

switchport trunk allowed vlan 10, 20

switchport nonegotiate

channel-group 5 mode active

-----------------------------------------------

L2SWITCH:

vtp transparent

spanning-tree portfast bpduguard default

spanning-tree etherchannel guard misconfig

no cdp run

interface range gig 1/0/1 - 2

switchport mode trunk

switchport trunk allowed vlan 10, 20

switchport nonegotiate

channel-group 5 mode active

JohnTylerPearce · ‎12-17-2011

Everything looks good, I just have a few questions. Since the L2 switch is L2, do you have 'ip default-gateway x.x.x.x' configured and an IP address for managability? Other than than, basic network connectivity looks fine. I didn't see a default route either on the 3750 stack, but that's up to you. If they don't require internet access or only need to have traffic going between those two networks you should be fine. Also, depending on how you want to do ip address assignment via DHCP or static, for DHCP you will want to setup some dhcp pools and you might need some helper addresses depending on where yo uput it.

View solution in original post

Reza Sharifi · ‎12-18-2011

stack-mac persistent timer 0 command on the stack, do I need to define any special settings?>

No, the stack-mac persistent timer 0 command will reduce your OSPF convergence time significantly in case of master switch failure.

HTH

View solution in original post

JohnTylerPearce · ‎12-17-2011

Everything looks good, I just have a few questions. Since the L2 switch is L2, do you have 'ip default-gateway x.x.x.x' configured and an IP address for managability? Other than than, basic network connectivity looks fine. I didn't see a default route either on the 3750 stack, but that's up to you. If they don't require internet access or only need to have traffic going between those two networks you should be fine. Also, depending on how you want to do ip address assignment via DHCP or static, for DHCP you will want to setup some dhcp pools and you might need some helper addresses depending on where yo uput it.

avilt · ‎12-18-2011

I will take care of default gateway and management IP on L2 switch and DHCP on L3 switch.

On L3 switch the routes will be learnt by OSPF. Please refer the attached diagram, for OSPF other than defining stack-mac persistent timer 0 command on the stack, do I need to define any special settings?

Reza Sharifi · ‎12-18-2011

stack-mac persistent timer 0 command on the stack, do I need to define any special settings?>

No, the stack-mac persistent timer 0 command will reduce your OSPF convergence time significantly in case of master switch failure.

HTH

avilt · ‎02-02-2012

I have added the following commands on L2/L3 switches as part of hardening. Is it safe to add these commands? Also is there any specific application for auditing the Cisco switches, example for routers we can use Cisco Configurational Professional.

--------------------------------------------------------------------------------------------------------

spanning-tree etherchannel guard misconfig

spanning-tree portfast bpduguard default

spanning-tree UplinkFast

scheduler interval 500

no udld enable

ip tcp synwait-time 10

errdisable recovery cause bpduguard

errdisable recovery interval 400

Interface Level:

spanning-tree bpduguard enable

Leo Laohoo · ‎02-02-2012

errdisable recovery cause bpduguard

errdisable recovery interval 400

I really don't understand why people would enable BPDU guard and also have these lines.

If you want your switch to recover BPDU guard-caused error disable, wouldn't it just make sense to disable BPDU guard instead?

avilt · ‎02-20-2012

In the above scenario, I have connected both routers to Master switch (just for a test) and powered off the Member switch. Now I am seeing the following logs on both routers. I have defined stack-mac persistent timer 0
on the Stack. Why does this log appear?

RTR1:

000041: *Feb 14 15:34:46.716 JST: %OSPF-5-ADJCHG: Process 65182, Nbr 171.16.0.25

1 on GigabitEthernet0/0 from LOADING to FULL, Loading Done

RTR2:

000032: *Feb 14 15:26:31.391 JST: %OSPF-5-ADJCHG: Process 65182, Nbr 171.16.0.25

1 on GigabitEthernet0/0 from LOADING to FULL, Loading Done