This is the first in a small series of articles designed to help the common network engineer with some of the most basic configurations. As the series moves on, the complexity of the configurations will increase as I move into some of the finer details and advanced networking features.
Base configurations include items such as SNMP, hostnames, NTP and possibly common Access Control Lists (ACLs). These configurations, if common to your network, can be placed in a template and pushed via your management system to save time and avoid any basic configuration mistakes. Below are some examples for the base configurations (Cisco specific):
Hostname Router# configure terminal Router(config)# hostname TechTarget TechTarget(config)# SNMP Router(config)#snmp-server community string RO Router(config)#snmp-server community string RW Router(config)#snmp-server host 10.1.1.1 version community-string Router(config)#snmp-server contact text Router(config)#snmp-server location text Router(config)#snmp-server chassis-id serial#
*Note – There are several options for configuring SNMP. For more information and examples go to: http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a008030c762.html (CCO Login Required)
NTP Router(config)#ntp server 126.96.36.199 source interface key Router(config)#ntp authenticate ***Enables Authentication*** Router(config)#ntp authentication-key number md5 value Router(config)#ntp trusted-key key-number
Configuring the Edge
There are a number of possibilities when it comes to the edge device configuration. Let's assume at this point we are going to configure our edge device as if it was a common Layer 2 Ethernet switch.
Configuring User Access (Cisco 3750 or similar)
***I will assume a 24 port Ethernet Switch***
Hostname Configuration switch#configure terminal switch(config)#hostname Access-1 VTP Configuration Access-1(config)#vtp mode client/server/transparent ***I suggest using transparent throughout your network*** Vlan Configuration Access-1(config)#vlan 10 ***Note For versions of IOS > 12.1(11b)E*** Access-1(config-vlan)#name user-vlan Access-1(config-vlan)#exit User Port Configuration Access-1(config)#interface range fe0/0 – 24 ***This will configure ALL ports on the switch*** Access-1(config-if)#switchport mode access Access-1(config-if)#switchport access vlan 10 Access-1(config-if)#duplex full/half Access-1(config-if)#speed 10/100 Access-1(config-if)#spanning-tree portfast
There are probably some questions out there concerning Spanning Tree configurations that might be used on an Access switch. The topic of Spanning Tree is well beyond the scope of this article. As this series moves into the more advanced configurations, you will find that Spanning Tree will be manipulated at the Distribution layer devices to improve management and troubleshooting. For this to work the access device must have the default spanning tree priority (or higher) on all VLANs. The current default is 32768. Setting the STP priority to a lower number could affect network operation once new devices come online in the future.
I'm sure you'll notice that these configurations are considered very simple. Simplicity and uniformity will make not only the configurations easier but the management as well. Much of the complexity in topics like SNMP and NTP comes from configuring authentication and trap information. If there is one thing that should be configured, even if it sacrifices time and complexity – it's authentication.
This covers the basics in edge/access switch configuration. Keep in mind that this assumes Layer 2 – Layer 3 will be addressed in later articles. Next time I'll begin to pull some of this together with the Distribution device configurations and sample outputs from troubleshooting commands.
Doug Downer (CCIE #9848) is a Sr. Consultant with Callisma, INC, a wholly owned subsidiary of SBC Communications. Doug has over 7 years in the industry and currently provides high level business and technology consulting for various federal clients in the Washington D.C. area.