Editing
Switch Control
(section)
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
= Configure 2950 = * reset <pre>write erase reload</pre> * enter basic setup <pre>conf t int vlan300 ip address 10.1.2.52 255.255.255.0 ip default-gateway 10.1.2.1 int vlan300 no shutdown end</pre> * ## ONLY for p20 ## <pre>int GigabitEthernet0/1 description Connection from i2b int GigabitEthernet0/2 description BW mirror port monitor session 1 source interface gi0/1 monitor session 1 destination interface gi0/2 encapsulation dot1q end</pre> * setup mgmt ports <pre>conf t int range fa0/1 - 10 switchport access vlan 300 spanning-tree portfast int fa0/24 description Firewall ext spanning-tree portfast end</pre> * i2b link vlan <pre>conf t int range fa0/23 - 24 switchport access vlan 200 int gi0/1 switchport access vlan 200 end</pre> * setup trunk ports <pre>conf t int range fa0/19 - 20 switchport trunk allowed vlan 1,300 switchport mode trunk no spanning-tree portfast end</pre> * ## END p20 ## * ## normal switches ## * setup ports <pre>conf t int range fa0/1 - 24 spanning-tree portfast end</pre> * setup mgmt port <pre>conf t interface fa0/24 switchport access vlan 300 description ats-2 - priv end</pre> * setup trunk ports <pre>conf t int gi0/1 description Uplink to p20 switchport trunk allowed vlan 1,300 switchport mode trunk no spanning-tree portfast end</pre> * ## END normal switches ## * config terminal. setup timeout, priv level <pre>conf t line con 0 exec-timeout 10 line vty 0 15 exec-timeout 10 privilege level 0 end</pre> * enable ssh (disable telnet) <pre>conf t line vty 0 4 privilege level 0 logging synchronous transport preferred ssh login local transport input ssh transport output ssh line vty 5 15 privilege level 0 logging synchronous login local transport preferred none end</pre> * setup web user <pre>conf t service password-encryption username web privilege 15 password xxxxxxxx end</pre> * pass enc <pre>conf t service password-encryption end</pre> * enable http passwd checking, disable http, <pre>conf t ip http authentication local #no ip http server (only http avail on 2950) end</pre> * lock down ssh/web/telnet access <pre>conf t no access-list 100 access-list 100 permit ip host 69.55.233.196 any access-list 100 permit ip host 99.150.247.226 any access-list 100 permit ip host 10.1.2.1 any access-list 100 permit ip host 64.163.14.54 any access-list 100 deny tcp any any eq www access-list 100 deny tcp any any eq telnet int vlan 300 ip access-group 100 in ip access-group 100 out end</pre> * enable ssh <pre>conf t ip domain-name johncompanies.com crypto key generate rsa 1024 end</pre> * time <pre>conf t clock timezone PDT -7 clock summer-time PDT recurring 2 Sunday March 2:00 1 Sunday November 2:00 ntp server 10.1.2.1 service timestamps log datetime localtime show-timezone end</pre> * setup SNMP <pre>conf t access-list 20 remark Permit SNMP access-list 20 permit 10.1.2.1 access-list 20 deny any log no snmp-server community private RW no snmp-server community public RO snmp-server community jc292401 RO 20 end</pre> wr mem
Summary:
Please note that all contributions to JCWiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
JCWiki:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Create account
Log in
Namespaces
Page
Discussion
English
Views
Read
Edit
View history
More
Search
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Tools
What links here
Related changes
Special pages
Page information