Cisco Switch Configuration: Security, VTP, STP, and Port Channels
Cisco Switch Configuration
Hostnames and Passwords
Hostname Configuration
Switch>enable
Switch#configure terminal
Switch(config)#hostname DLS1
DLS1(config)#
Enable Secret and Console Password
DLS1(config)#enable secret cisco
DLS1(config)#line console 0
DLS1(config-line)#login
Remote Access Configuration
Telnet Access
DLS1(config)#line vty 0 4
DLS1(config-line)#password cisco
DLS1(config-line)#login
SSH Access
DLS1(config)#ip domain-name prueba.com
DLS1(config)#crypto key generate rsa
DLS1(config)#line vty 0 4
DLS1(config-line)#password cisco
DLS1(config-line)#login
DLS1(config-line)#transport input ssh
VTP Version 3 Configuration
VTP Domain and Mode
DLS1(config)#vtp domain prueba
DLS1(config)#vtp version 3
DLS1(config)#vtp mode server
DLS1(config)#vtp password cisco
DLS1(config)#exit
DLS1#vtp primary
VTP Transparent Mode on DLS2
DLS2(config)#vtp mode transparent
VTP Pruning
DLS1(config)#vtp pruning
Spanning Tree Protocol (STP) Configuration
Disable DTP Negotiation
interface Port-channel2
description ### Uplink-Channel to switch B ###
switchport trunk allowed vlan 1,2,3
switchport mode trunk
switchport nonegotiate
Configure Rapid PVST+
DLS1(config)#spanning-tree mode rapid-pvst
Root Bridge Configuration
DLS1(config)#spanning-tree vlan 10,50,99 root primary
DLS2(config)#spanning-tree vlan 10,50,99 root secondary
DLS2(config)#spanning-tree vlan 20,30 root primary
DLS1(config)#spanning-tree vlan 20,30 root secondary
Verify Spanning Tree Configuration
DLS2#show spanning-tree vlan 20
Configure Trunk Allowed VLANs
DLS1(config)#interface [interface-id]
DLS1(config-if)#switchport trunk allowed vlan 1,2,3
Optimize STP Timers
DLS1(config)#spanning-tree vlan 20 hello-time 1
DLS1(config)#spanning-tree vlan 20 max-age 10
DLS1(config)#spanning-tree vlan 20 forward-time 7
Validate STP Timers
DLS1#show spanning-tree bridge
Port Channel Configuration (LACP)
Verify CDP Neighbors
DLS1#show cdp neighbors
DLS2#show cdp neighbors
Configure Port Channel on DLS1
DLS1(config)#interface range ethernet 0/0 - 1
DLS1(config-if-range)#channel-protocol lacp
DLS1(config-if-range)#channel-group 1 mode active
DLS1(config-if-range)#no shut
DLS1(config)#interface port-channel 1
DLS1(config-if)#switchport trunk encapsulation dot1q
DLS1(config-if)#switchport mode trunk
DLS1(config-if)#switchport trunk native vlan 99
DLS1(config-if)#switchport trunk allowed vlan 20,30
Configure Port Channel on DLS2
DLS2(config)#interface range ethernet 0/0 - 1
DLS2(config-if-range)#channel-protocol lacp
DLS2(config-if-range)#channel-group 1 mode passive
DLS2(config)#interface port-channel 1
DLS2(config-if)#switchport trunk encapsulation dot1q
DLS2(config-if)#switchport mode trunk
DLS2(config-if)#switchport trunk native vlan 99
DLS2(config-if)#switchport trunk allowed vlan 20,30
Validate Port Channel
show etherchannel summary
DHCP Server Configuration
Exclude IP Addresses
(config)#ip dhcp excluded-address 172.16.20.1 192.168.20.20
Create DHCP Pool
(config)#ip dhcp pool vlan20
Assign Network Address
(dhcp-config)#network 172.16.20.0 255.255.255.0
Assign Default Gateway
(dhcp-config)#default-router 172.16.20.1
Assign Domain Name
(dhcp-config)#domain-name prueba.com