Setting up new router/switch
Get ready
Choose your hostname, IP addresses and make the DNS reflect these.
Log on
Connect your terminal to the console port. If brand new, you can just hit return when asked for a password. Otherwise, enter our password. Now prepare to configure the box by entering privileged mode:
enable
and give the password, again possibly just hitting return.
--------------------------------------------------------------------------------
Get a clean state
If the box is being recycled, make the config "out of the box" with:
clear config all
If you are changing the type of module in a slot, nuke the config for that slot with:
clear config 2
or
clear config 3
as appropriate. If you don't do this, the spanning tree parameters may be wrong.
--------------------------------------------------------------------------------
Give the box its identity
set password
set enablepass
set prompt
set banner motd @
The it-network@blogger.com
Authorized access only
#
set system name
set system location
set system contact
--------------------------------------------------------------------------------
SNMP
set snmp community read-only
set snmp community read-write
set snmp community read-write-all
set snmp trap 10.10.10.1
--------------------------------------------------------------------------------
IP host config
set int eth0 10.10.1.1 255.255.255.0
set ip route default 10.10.1.3
--------------------------------------------------------------------------------
DNS
set ip dns server 10.10.1.200
set ip dns domain
set ip dns enable
This step is not essential. The DNS feature can only be used by an administrator who is logged in to the switch. If there are network problems, DNS lookups will probably fail anyway. Bare IP addresses will always do, and are what is usually used in this context.
--------------------------------------------------------------------------------
Set the time
This is not vital, but you may be confused in an emergency if the box logs problems with wrong times on them. Set the time:
set ntp client enable
set ntp server 10.10.1.100
set ntp server 10.10.1.101
If the box is going somewhere really weird where it won't be able to reach those NTP servers, set the time instead with:
set time Monday 07/20/1999 10:00:00
set timezone
--------------------------------------------------------------------------------
Turn on CGMP
CGMP is used for multicasting. It should be turned on. It is off by default on CatOS.
set cgmp enable
--------------------------------------------------------------------------------
Turn off VTP
set vtp mode transparent
--------------------------------------------------------------------------------
Set up necessary VLANs
set vlan 13 name staff
set vlan 14 name student
--------------------------------------------------------------------------------
Turn off bad things
Cisco have some funny options turned on by default. This can muck up devices which boot fast.
Use the example below as a guide, adjusting the port numbers for the cards you have installed. Note that on older CatOS versions the "port channel" commands only seem to work if you do the ports one module at a time.
Be extremely careful if you are trying to do this "cleanup" on a box which is already configured. It is very easy to turn off important trunks by doing this. Do not copy these commands or port numbers!
For CatOS 6.1 and newer (most new boxes bought from now on):
set trunk all off
set port channel all mode off
or (an example for a full 4006) -- still CatOS 6.1 and newer:
set trunk 1/1-2,2/1-48,3/1-48,4/1-48,5/1-48,6/1-48 off
set port channel 1/1-2 mode off
set port channel 2/1-48 mode off
set port channel 3/1-48 mode off
set port channel 4/1-48 mode off
set port channel 5/1-48 mode off
set port channel 6/1-48 mode off
For CatOS prior to 6.1 (most of our 4003s in production that haven't been upgraded yet):
set trunk 2/1-34,3/1-48 off
set port channel 2/1-34 off
set port channel 3/1-48 off
If you are adding a card to a previously vacant slot, you will need to fix up these settings for that module.
--------------------------------------------------------------------------------
GBIC trunks
Make sure that VLANs to be carried on the trunk have all been set up. Prune off all other VLANs except VLAN 1 (from release 7.2, dot1q trunks support 4096 VLANs). Give the port a sensible name.
set vlan 1 2/1
set trunk 2/1 on
clear trunk 2/1 2-1005
clear trunk 2/1 1025-4094
set trunk 2/1 13-14
set port name 2/1 c4-h04-2
set spantree portfast 2/1 disable
Don't worry about autonegotiation or duplicity - these don't apply to gigabit.
--------------------------------------------------------------------------------
Slower trunks (over copper usually)
Set the speed and the duplicity explicitly.
set vlan 1 2/3
set trunk 2/3 on
clear trunk 2/3 2-1005
clear trunk 2/3 1025-4094
set trunk 2/3 13-14
set port name 2/3 c4-h04-3
set port speed 2/3 100
set port duplex 2/3 full
set spantree portfast 2/3 disable
Make sure the other end of the trunk matches exactly. Don't let trunks autonegotiate anything.
--------------------------------------------------------------------------------
Vanilla ports
Ports to be connected to a single host:
set vlan 14 2/3-34
set vlan 13 3/1-48
set spantree portfast 2/3-34,3/1-48 enable
portfast mode must never be set on links to other networking devices (hubs, switches, routers, bridges, concentrators). It will sabotage the spanning tree calculations.
To accommodate particular computers, you may need to set some of these on some ports, e.g.:
set port speed 3/1 100
set port duplex 3/1 full
The speed will usually autonegotiate, but this will sometimes fail, particularly with Sun computers. Any big important computer should have all of these parameters configured explicitly, both at the switch and on the computer.
--------------------------------------------------------------------------------
Dumb hubs
Set parameters explicitly to the appropriate values, e.g.:
set vlan 14 2/3
set spantree portfast 2/3 disable
set port speed 2/3 10
set port duplex 2/3 half
It is very important to turn off portfast mode. Trunks are kind enough to ignore it, but vanilla links to dumb devices won't. Although dumb hubs will not participate in spanning tree, a switch could be daisy-chained off the dumb hub later, causing problems.
--------------------------------------------------------------------------------
Undoing things
Examples:
set trunk 2/1 off
set port duplex 2/3
set port speed 2/3
set port name 2/3
set spantree portfast 2/3 disable
set vlan 1 2/3
clear config 3
--------------------------------------------------------------------------------
Making changes later
When making changes to a port, check that you have the right:
port name
port duplex
port speed
portfast mode
trunking or not
VLANs down a trunk - exactly those needed, at both ends of the trunk
--------------------------------------------------------------------------------
Choose your hostname, IP addresses and make the DNS reflect these.
Log on
Connect your terminal to the console port. If brand new, you can just hit return when asked for a password. Otherwise, enter our password. Now prepare to configure the box by entering privileged mode:
enable
and give the password, again possibly just hitting return.
--------------------------------------------------------------------------------
Get a clean state
If the box is being recycled, make the config "out of the box" with:
clear config all
If you are changing the type of module in a slot, nuke the config for that slot with:
clear config 2
or
clear config 3
as appropriate. If you don't do this, the spanning tree parameters may be wrong.
--------------------------------------------------------------------------------
Give the box its identity
set password
set enablepass
set prompt
set banner motd @
The it-network@blogger.com
Authorized access only
#
set system name
set system location
set system contact
--------------------------------------------------------------------------------
SNMP
set snmp community read-only
set snmp community read-write
set snmp community read-write-all
set snmp trap 10.10.10.1
--------------------------------------------------------------------------------
IP host config
set int eth0 10.10.1.1 255.255.255.0
set ip route default 10.10.1.3
--------------------------------------------------------------------------------
DNS
set ip dns server 10.10.1.200
set ip dns domain
set ip dns enable
This step is not essential. The DNS feature can only be used by an administrator who is logged in to the switch. If there are network problems, DNS lookups will probably fail anyway. Bare IP addresses will always do, and are what is usually used in this context.
--------------------------------------------------------------------------------
Set the time
This is not vital, but you may be confused in an emergency if the box logs problems with wrong times on them. Set the time:
set ntp client enable
set ntp server 10.10.1.100
set ntp server 10.10.1.101
If the box is going somewhere really weird where it won't be able to reach those NTP servers, set the time instead with:
set time Monday 07/20/1999 10:00:00
set timezone
--------------------------------------------------------------------------------
Turn on CGMP
CGMP is used for multicasting. It should be turned on. It is off by default on CatOS.
set cgmp enable
--------------------------------------------------------------------------------
Turn off VTP
set vtp mode transparent
--------------------------------------------------------------------------------
Set up necessary VLANs
set vlan 13 name staff
set vlan 14 name student
--------------------------------------------------------------------------------
Turn off bad things
Cisco have some funny options turned on by default. This can muck up devices which boot fast.
Use the example below as a guide, adjusting the port numbers for the cards you have installed. Note that on older CatOS versions the "port channel" commands only seem to work if you do the ports one module at a time.
Be extremely careful if you are trying to do this "cleanup" on a box which is already configured. It is very easy to turn off important trunks by doing this. Do not copy these commands or port numbers!
For CatOS 6.1 and newer (most new boxes bought from now on):
set trunk all off
set port channel all mode off
or (an example for a full 4006) -- still CatOS 6.1 and newer:
set trunk 1/1-2,2/1-48,3/1-48,4/1-48,5/1-48,6/1-48 off
set port channel 1/1-2 mode off
set port channel 2/1-48 mode off
set port channel 3/1-48 mode off
set port channel 4/1-48 mode off
set port channel 5/1-48 mode off
set port channel 6/1-48 mode off
For CatOS prior to 6.1 (most of our 4003s in production that haven't been upgraded yet):
set trunk 2/1-34,3/1-48 off
set port channel 2/1-34 off
set port channel 3/1-48 off
If you are adding a card to a previously vacant slot, you will need to fix up these settings for that module.
--------------------------------------------------------------------------------
GBIC trunks
Make sure that VLANs to be carried on the trunk have all been set up. Prune off all other VLANs except VLAN 1 (from release 7.2, dot1q trunks support 4096 VLANs). Give the port a sensible name.
set vlan 1 2/1
set trunk 2/1 on
clear trunk 2/1 2-1005
clear trunk 2/1 1025-4094
set trunk 2/1 13-14
set port name 2/1 c4-h04-2
set spantree portfast 2/1 disable
Don't worry about autonegotiation or duplicity - these don't apply to gigabit.
--------------------------------------------------------------------------------
Slower trunks (over copper usually)
Set the speed and the duplicity explicitly.
set vlan 1 2/3
set trunk 2/3 on
clear trunk 2/3 2-1005
clear trunk 2/3 1025-4094
set trunk 2/3 13-14
set port name 2/3 c4-h04-3
set port speed 2/3 100
set port duplex 2/3 full
set spantree portfast 2/3 disable
Make sure the other end of the trunk matches exactly. Don't let trunks autonegotiate anything.
--------------------------------------------------------------------------------
Vanilla ports
Ports to be connected to a single host:
set vlan 14 2/3-34
set vlan 13 3/1-48
set spantree portfast 2/3-34,3/1-48 enable
portfast mode must never be set on links to other networking devices (hubs, switches, routers, bridges, concentrators). It will sabotage the spanning tree calculations.
To accommodate particular computers, you may need to set some of these on some ports, e.g.:
set port speed 3/1 100
set port duplex 3/1 full
The speed will usually autonegotiate, but this will sometimes fail, particularly with Sun computers. Any big important computer should have all of these parameters configured explicitly, both at the switch and on the computer.
--------------------------------------------------------------------------------
Dumb hubs
Set parameters explicitly to the appropriate values, e.g.:
set vlan 14 2/3
set spantree portfast 2/3 disable
set port speed 2/3 10
set port duplex 2/3 half
It is very important to turn off portfast mode. Trunks are kind enough to ignore it, but vanilla links to dumb devices won't. Although dumb hubs will not participate in spanning tree, a switch could be daisy-chained off the dumb hub later, causing problems.
--------------------------------------------------------------------------------
Undoing things
Examples:
set trunk 2/1 off
set port duplex 2/3
set port speed 2/3
set port name 2/3
set spantree portfast 2/3 disable
set vlan 1 2/3
clear config 3
--------------------------------------------------------------------------------
Making changes later
When making changes to a port, check that you have the right:
port name
port duplex
port speed
portfast mode
trunking or not
VLANs down a trunk - exactly those needed, at both ends of the trunk
--------------------------------------------------------------------------------
posted by e247net at 11:44 PM
0 Comments:
Post a Comment
<< Home