Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
364
Views
0
Helpful
5
Replies

how it help to protect?

bishnbaajee
Level 1
Level 1

‎11-11-2008 01:30 AM - edited ‎03-06-2019 02:24 AM

I have gone through a 4500 swith config file. I'm not able to understand the meaning/feature of this configurations.

Can we run without this...anything on this

thanks in advance

baajee..

Labels:
Preview file
1 KB
0 Helpful
5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎11-11-2008 02:12 AM

Hello Baajee,

be aware that aaa commands specify how remote control is done

aaa new-model

aaa authentication login default local-case

!

aaa session-id common

this tells allow access using local case sensitive username/pwd pair(s)

this specifies SSH version 2:

ip ssh version 2

! keys for SSH

cry key generate rsa general-keys modulus 1024

! encrypts passwords

service password-encryption

! useful command for troubleshooting keep them

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

! the VTP commands say this switch receives

! the vlan database from outside

vtp mode client

vtp version 2

vtp domain mydomain

vtp password VTPpassword1

if you deploy it in standalone change in

vtp mode server

this is the only change I would do at the beginning

check the line vty config to see what protocols are allowed (telnet and SSH or only SSH ?)

You may want to enable telnet in a lab environment.

a free SSH client

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Hope to help

Giuseppe

0 Helpful

bishnbaajee
Level 1
Level 1
In response to Giuseppe Larosa

‎11-11-2008 02:35 AM

Thank you Giuseppe....one more thing, i have to config two core (4500) switches and six access swithces (2960)in High availabity mode, in this case which one would be VTP server.

-baajee

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to bishnbaajee

‎11-11-2008 03:21 AM

Baajee

I would make your 2 4500 switches the VTP servers and the 2960 switches the clients. It is good to have 2 switches as VTP server for redundancy. When you want to add/modify/delete vlans you will only need to make changes on one of the VTP server switches.

Jon

0 Helpful

bishnbaajee
Level 1
Level 1
In response to Jon Marshall

‎11-11-2008 03:32 AM

Thnak you Jon,

but I am planning to config both 4500 switches in active/active mode using GLBP. Will it work in that case..

-baajee

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to bishnbaajee

‎11-11-2008 03:37 AM

Baajee

Yes, the 2 are not linked at all. VTP is merely used to send vlan information to all switches. When you use VTP server/client setup it is a time saver in that you only have to create the vlan on one switch and that vlan is then available on all your switches. VTP works at L2 whereas GLBP is L3. The 2 can happily coexist on the same switches.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card