Editing
Switch Control
(section)
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
= Configure 2960= * reload the config (dont paste) <pre>write erase delete flash:vlan.dat reload</pre> * enter basic setup * setup pub vlan <pre>conf t int vlan1 no ip address int vlan50 ip address 69.55.230.249 255.255.255.0 ip default-gateway 69.55.230.1 end</pre> * setup priv/mgmt vlan <pre>conf t int vlan300 no ip address #ip address 10.1.4.160 255.255.255.0 ip address 10.1.4.161 255.255.255.0 #(p1b) end</pre> * setup ports. into vlan, spanning-tree portfast, trunk <pre>conf t int range GigabitEthernet0/2 - 10 switchport access vlan 50 switchport mode access duplex full spanning-tree portfast int GigabitEthernet0/24 description Trunk to switch-p1a (vlan 300,50) switchport trunk allowed vlan 300,50 switchport mode trunk int GigabitEthernet0/1 description Trunk to ASA (vlan 50) switchport trunk allowed vlan 50 switchport mode trunk int GigabitEthernet0/23 description Private net (vlan 300) switchport access vlan 300 switchport mode access spanning-tree portfast int range GigabitEthernet0/11 - 20 switchport trunk allowed vlan 50,300 switchport mode trunk duplex full end</pre> * REFERENCE. to setup a port for trunk or access <pre>conf t interface FastEthernet0/32 switchport access vlan 210 switchport mode dynamic desirable duplex full end</pre> * setup rapid spanning tree <pre>conf t spanning-tree mode rapid-pvst end</pre> * setup root, on p1a: <pre>conf t spanning-tree vlan 50 root primary end</pre> * and on p1b: <pre>conf t spanning-tree vlan 50 root secondary end</pre> * config terminal. setup timeout, priv level <pre>conf t line con 0 exec-timeout 10 line vty 0 15 exec-timeout 10 privilege level 0 end</pre> * setup web user <pre>conf t service password-encryption username web privilege 15 password xxxxxxxx end</pre> * enable http passwd checking, disable http, <pre>conf t ip http authentication local no ip http server end</pre> * enable ssh (disable telnet) <pre>conf t line vty 0 15 transport input ssh login local logging synchronous transport preferred ssh transport input ssh transport output ssh end</pre> * setup acls to restrict access to ssh on priv net <pre>conf t access-list 101 remark Permit SSH access from administrators access-list 101 permit tcp host 10.1.4.1 any eq 22 log access-list 101 deny ip any any log line vty 0 15 access-class 101 in end</pre> * setup acls to restrict access to https on pub net <pre>conf t access-list 10 remark Permit HTTPS access from administrators access-list 10 permit 64.163.14.54 access-list 10 permit 69.55.233.195 access-list 10 permit 99.150.247.226 access-list 10 deny any log ip http access-class 10 end</pre> * setup SNMP <pre>conf t access-list 20 remark Permit SNMP access-list 20 permit 10.1.4.5 access-list 20 deny any log no snmp-server community private RW no snmp-server community public RO snmp-server community jc292401 RO 20 end</pre> wr mem
Summary:
Please note that all contributions to JCWiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
JCWiki:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Create account
Log in
Namespaces
Page
Discussion
English
Views
Read
Edit
View history
More
Search
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Tools
What links here
Related changes
Special pages
Page information