Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

how it help to protect?

I have gone through a 4500 swith config file. I'm not able to understand the meaning/feature of this configurations.

Can we run without this...anything on this

thanks in advance


Hall of Fame Super Silver

Re: how it help to protect?

Hello Baajee,

be aware that aaa commands specify how remote control is done

aaa new-model

aaa authentication login default local-case


aaa session-id common

this tells allow access using local case sensitive username/pwd pair(s)

this specifies SSH version 2:

ip ssh version 2

! keys for SSH

cry key generate rsa general-keys modulus 1024

! encrypts passwords

service password-encryption

! useful command for troubleshooting keep them

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

! the VTP commands say this switch receives

! the vlan database from outside

vtp mode client

vtp version 2

vtp domain mydomain

vtp password VTPpassword1

if you deploy it in standalone change in

vtp mode server

this is the only change I would do at the beginning

check the line vty config to see what protocols are allowed (telnet and SSH or only SSH ?)

You may want to enable telnet in a lab environment.

a free SSH client

Hope to help


New Member

Re: how it help to protect?

Thank you more thing, i have to config two core (4500) switches and six access swithces (2960)in High availabity mode, in this case which one would be VTP server.


Hall of Fame Super Blue

Re: how it help to protect?


I would make your 2 4500 switches the VTP servers and the 2960 switches the clients. It is good to have 2 switches as VTP server for redundancy. When you want to add/modify/delete vlans you will only need to make changes on one of the VTP server switches.


New Member

Re: how it help to protect?

Thnak you Jon,

but I am planning to config both 4500 switches in active/active mode using GLBP. Will it work in that case..


Hall of Fame Super Blue

Re: how it help to protect?


Yes, the 2 are not linked at all. VTP is merely used to send vlan information to all switches. When you use VTP server/client setup it is a time saver in that you only have to create the vlan on one switch and that vlan is then available on all your switches. VTP works at L2 whereas GLBP is L3. The 2 can happily coexist on the same switches.