Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

C3550 proper configuration

I added a C3550 to my network and configured it to route with the config below. The 10.20.0./16 is the main network and I have added the 10.22.0.0/16 and the 10.23.0.0/16 behind the Vlan10.

Could anyone see if this is a proper config or could it be improved somehow? Everything is routing ok from all the segments, but I wonder if the uplink port 24 on the switch shoud be set to something else?

Port f0/24 is connected directly to another C3550 switch in the 10.20.0.0/16 network.

***************************************************

Current configuration : 3272 bytes

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log datetime

no service password-encryption

service sequence-numbers

!

hostname Spare

!

enable secret 5 ************************/

!

clock timezone UTC 1

clock summer-time UTC recurring last Sun Mar 2:00 last Sun Oct 3:00

ip subnet-zero

ip routing

ip dhcp relay information option

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

!

interface FastEthernet0/1

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/2

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/3

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/4

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/5

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/6

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/7

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/8

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/9

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/10

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/11

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/12

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/13

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/14

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/15

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/16

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/17

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/18

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/19

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/20

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/21

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/22

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/23

switchport access vlan 10

switchport mode access

no ip address

!

interface FastEthernet0/24

no switchport

ip address 10.20.1.108 255.255.0.0

!

interface GigabitEthernet0/1

switchport mode dynamic desirable

no ip address

!

interface GigabitEthernet0/2

switchport mode dynamic desirable

no ip address

!

interface Vlan1

no ip address

!

interface Vlan10

ip address 10.22.1.1 255.255.0.0

ip helper-address 10.20.1.6

ip helper-address 10.20.1.1

!

no ip classless

ip route 0.0.0.0 0.0.0.0 10.20.0.1

ip route 10.23.0.0 255.255.0.0 10.22.1.230

ip http server

!

!

snmp-server community public@es10 RO

snmp-server community public RO

!

line con 0

line vty 0 4

password ******

login

line vty 5 15

password ******

login

!

end

Spare#

**********************************

1 REPLY

Re: C3550 proper configuration

A few of things spring to mind:

1. You aren't running a routing protocol so failover will be non-existent should any uplinks fail

2. Routed switch uplinks are wasting a lot of IP address space - i.e. a point-to-point ip subnet where there are only 2 hosts would be generally configured with a /30 subnet mask

3. Your access ports are not set for STP portfast so there will be a delay for hosts connected to these ports when they start up

4. The HTTP server is running; this is normally the first thing that gets hit by DOS attacks.

5. You don't have any restrictions on who can manage the switch (vty access-class and snmp community's with ACL's)

HTH

Andy

116
Views
0
Helpful
1
Replies
CreatePlease login to create content