-
Notifications
You must be signed in to change notification settings - Fork 0
/
Cisco-Layer2-Switch-General-Configuration-v1.config
141 lines (140 loc) · 4.24 KB
/
Cisco-Layer2-Switch-General-Configuration-v1.config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
! 4PEG Configuration Template
! http://4peg.com/D38wB80pNWLx
!-------------------------------------------------------
! Cisco Layer2 Switch General Configuration v1
!-------------------------------------------------------
!---General switch configuration
!
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
no ip http server
no ip http secure-server
vtp mode transparent
!
aaa new-model
aaa authentication login default local
aaa authorization exec default local
!
hostname [[HOSTNAME]]
ip domain-name [[DOMAIN NAME]]
!
username [[USER USERNAME]] privilege 15 secret [[USER PASSWORD]]
enable secret [[ENABLE PASSWORD]]
!
!---SSH key pair generation - will take a few seoncss
!
crypto key generate rsa general-keys modulus 2048
!
!---Best practice configuration
!
ip ssh version 2
!
spanning-tree portfast default
spanning-tree portfast bpduguard default
!
errdisable recovery cause storm-control
errdisable recovery cause bpduguard
errdisable recovery interval 300
!
udld aggressive
!
logging buffered 1024000
!
port-channel load-balance src-dst-ip
!---SNMP configuration
!
snmp-server community [[SNMP STRING]] RO
snmp ifmib ifindex persist
!
!---Spanning-tree configuration
!
spanning-tree mode rapid
spanning-tree vlan 1-4094 priority [[SPANNING TREE PRIORITY]]
!
!---Layer 2 configuration
!
vlan [[DATA VLAN NUMBER]]
name [[DATA VLAN NAME]]
vlan [[VOICE VLAN NUMBER]]
name [[VOICE VLAN NAME]]
!
!---Management access
!
vlan [[MANAGEMENT VLAN NUMBER]]
name MANAGEMENT
interface vlan [[MANAGEMENT VLAN NUMBER]]
description *** MANAGEMENT ***
ip address [[MANAGEMENT IP ADDR]] [[MANAGEMENT SUBNET MASK]]
no ip redirects
no ip unreachables
no ip proxy
no shut
!
ip default-gateway [[DEFAULT GATEWAY]]
!
!---Generic access/voice interface configuration
!
interface range [[INTERFACE RANGE (ie gi0/1-20)]]
description *** DATA & VOICE INTERFACE ***
switchport mode access
storm-control broadcast level 5
storm-control multicast level 20
storm-control action shutdown
no mdix auto
switchport access vlan [[DATA VLAN NUMBER]]
switchport voice vlan [[VOICE VLAN NUMBER]]
switchport nonegotiate
!
!----Auto QoS recommended best practice - ONLY APPLY TO VOICE PORTS---!!
!
auto qos trust dscp
!
!---Banner configuration
banner exec ^CCCCCCC
WARNING:
**** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORISED USERS ONLY! ****
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORISED USER.
THE SYSTEM ADMINISTRATOR OR OTHER REPRESENTATIVESOF THE SYSTEM OWNER MAY MONITOR
SYSTEM USE AT ANY TIME WITHOUT FURTHER NOTICE OR CONSENT.
UNAUTHORISED USE OF THIS SYSTEM AND ANY OTHER CRIMINAL CONDUCT REVEALED BY SUCH USE IS
SUBJECT TO DISCLOSURE TO LAW ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT
OF THE LAW. UNAUTHORISED ACCESS IS A VIOLATION OF CIVIL AND CRIMINAL LAWS.^C
banner login ^CCCCCCC
WARNING:
THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORISED USERS ONLY!^C
banner motd ^CCCCCCC
WARNING:
**** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORISED USERS ONLY! ****
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORISED USER.
THE SYSTEM ADMINISTRATOR OR OTHER REPRESENTATIVESOF THE SYSTEM OWNER MAY MONITOR
SYSTEM USE AT ANY TIME WITHOUT FURTHER NOTICE OR CONSENT.
UNAUTHORISED USE OF THIS SYSTEM AND ANY OTHER CRIMINAL CONDUCT REVEALED BY SUCH USE IS
SUBJECT TO DISCLOSURE TO LAW ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT
OF THE LAW. UNAUTHORISED ACCESS IS A VIOLATION OF CIVIL AND CRIMINAL LAWS.^C
!
no ip http server
no ip https server
!
!---Console and VTY line configuration
line vty 0 15
exec
exec-timeout 60 0
privilege level 15
transport input ssh
!
!---Time settings
clock timezone [[TIME-ZONE]]] [[UTC-HOURS-OFFSET]] [[UTC-MINUTES-OFFSET]]
!---Example below is a Day-Light Saving Time adjust configuration for UK/EU
clock summer-time [[DST-TIME-ZONE]]] recurring last Sun Mar 1:00 last Sun Oct 1:00
ntp server [[NTP-TIME-SOURCE]]
!