Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

how it help to protect?

I have gone through a 4500 swith config file. I'm not able to understand the meaning/feature of this configurations.

Can we run without this...anything on this

thanks in advance

baajee..

5 REPLIES
Hall of Fame Super Silver

Re: how it help to protect?

Hello Baajee,

be aware that aaa commands specify how remote control is done

aaa new-model

aaa authentication login default local-case

!

aaa session-id common

this tells allow access using local case sensitive username/pwd pair(s)

this specifies SSH version 2:

ip ssh version 2

! keys for SSH

cry key generate rsa general-keys modulus 1024

! encrypts passwords

service password-encryption

! useful command for troubleshooting keep them

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

! the VTP commands say this switch receives

! the vlan database from outside

vtp mode client

vtp version 2

vtp domain mydomain

vtp password VTPpassword1

if you deploy it in standalone change in

vtp mode server

this is the only change I would do at the beginning

check the line vty config to see what protocols are allowed (telnet and SSH or only SSH ?)

You may want to enable telnet in a lab environment.

a free SSH client

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Hope to help

Giuseppe

New Member

Re: how it help to protect?

Thank you Giuseppe....one more thing, i have to config two core (4500) switches and six access swithces (2960)in High availabity mode, in this case which one would be VTP server.

-baajee

Hall of Fame Super Blue

Re: how it help to protect?

Baajee

I would make your 2 4500 switches the VTP servers and the 2960 switches the clients. It is good to have 2 switches as VTP server for redundancy. When you want to add/modify/delete vlans you will only need to make changes on one of the VTP server switches.

Jon

New Member

Re: how it help to protect?

Thnak you Jon,

but I am planning to config both 4500 switches in active/active mode using GLBP. Will it work in that case..

-baajee

Hall of Fame Super Blue

Re: how it help to protect?

Baajee

Yes, the 2 are not linked at all. VTP is merely used to send vlan information to all switches. When you use VTP server/client setup it is a time saver in that you only have to create the vlan on one switch and that vlan is then available on all your switches. VTP works at L2 whereas GLBP is L3. The 2 can happily coexist on the same switches.

Jon

125
Views
0
Helpful
5
Replies