This is the first in a small series of articles designed to help the common network engineer with some of the most basic configurations. As the series moves on, the complexity of the configurations will increase as I move into some of the finer details and advanced networking features.
Base Configurations
Base configurations include items such as SNMP, hostnames, NTP and possibly common Access Control Lists (ACLs). These configurations, if common to your network, can be placed in a template and pushed via your management system to save time and avoid any basic configuration mistakes. Below are some examples for the base configurations (Cisco specific):
Hostname
Router# configure terminal
Router(config)# hostname TechTarget
TechTarget(config)#
SNMP
Router(config)#snmp-server community string RO
Router(config)#snmp-server community string RW
Router(config)#snmp-server host 10.1.1.1 version community-string
Router(config)#snmp-server contact text
Router(config)#snmp-server location text
Router(config)#snmp-server chassis-id serial#
*Note – There are several options for configuring SNMP. For more information and examples go to: http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a008030c762.html (CCO Login Required)
NTP
Router(config)#ntp server 11.1.1.1 source interface key
Router(config)#ntp authenticate ***Enables Authentication***
Router(config)#ntp authentication-key number md5 value
Router(config)#ntp trusted-key key-number
Configuring the Edge
There are a number of possibilities when it comes to the edge device configuration. Let's assume at this point we are going to configure our edge device as if it was a common Layer 2 Ethernet switch.
Configuring User Access (Cisco 3750 or similar)
***I will assume a 24 port Ethernet Switch***
Hostname Configuration
switch#configure terminal
switch(config)#hostname Access-1
VTP Configuration
Access-1(config)#vtp mode client/server/transparent ***I suggest using transparent throughout your network***
Vlan Configuration
Access-1(config)#vlan 10 ***Note For versions of IOS > 12.1(11b)E***
Access-1(config-vlan)#name user-vlan
Access-1(config-vlan)#exit
User Port Configuration
Access-1(config)#interface range fe0/0 – 24 ***This will configure ALL ports on the switch***
Access-1(config-if)#switchport mode access
Access-1(config-if)#switchport access vlan 10
Access-1(config-if)#duplex full/half
Access-1(config-if)#speed 10/100
Access-1(config-if)#spanning-tree portfast
There are probably some questions out there concerning Spanning Tree configurations that might be used on an Access switch. The topic of Spanning Tree is well beyond the scope of this article. As this series moves into the more advanced configurations, you will find that Spanning Tree will be manipulated at the Distribution layer devices to improve management and troubleshooting. For this to work the access device must have the default spanning tree priority (or higher) on all VLANs. The current default is 32768. Setting the STP priority to a lower number could affect network operation once new devices come online in the future.
Simple Simple
I'm sure you'll notice that these configurations are considered very simple. Simplicity and uniformity will make not only the configurations easier but the management as well. Much of the complexity in topics like SNMP and NTP comes from configuring authentication and trap information. If there is one thing that should be configured, even if it sacrifices time and complexity – it's authentication.
This covers the basics in edge/access switch configuration. Keep in mind that this assumes Layer 2 – Layer 3 will be addressed in later articles. Next time I'll begin to pull some of this together with the Distribution device configurations and sample outputs from troubleshooting commands.
Doug Downer (CCIE #9848) is a Sr. Consultant with Callisma, INC, a wholly owned subsidiary of SBC Communications. Doug has over 7 years in the industry and currently provides high level business and technology consulting for various federal clients in the Washington D.C. area.
