Gigabit EtherSwitch EHWIC Basic Customer Configuration Example
From DocWiki
(Difference between revisions)
m (Gigabit EtherSwitch EHWIC Basic Customer Configuration moved to Gigabit EtherSwitch EHWIC Basic Customer Configuration Example) |
|
| (One intermediate revision not shown) | |
Latest revision as of 22:02, 30 July 2010
Contents |
Introduction
This is a basic customer configuration for the Cisco Gigabit EtherSwitch EHWIC. It includes the following elements:
- Trunk configuration
- Spanning tree priority & spanning tree port fast feature
- VTP configurtaion ( Server & Client)
- Control Broadcast traffic - Shutdown port if broadcast traffic is more than 50% from Host
- Port Security - to learn maximim one address on port connected to Host
- Configure DHCP Server to get IP address to HOST
Design
Configuration
1.Trunk Configuration - dot1q
ROUTER1(config)#inte g0/0/0 ROUTER1(config-if)#switchport trunk encapsulation dot1q ROUTER1(config-if)#switchport mode trunk ROUTER1(config)#inte g0/0/1 ROUTER1(config-if)#switchport trunk encapsulation dot1q ROUTER1(config-if)#switchport mode trunk ROUTER2(config)#inte g0/0/0 ROUTER2(config-if)#switchport trunk encapsulation dot1q ROUTER2(config-if)#switchport mode trunk ROUTER2(config)#inte g0/0/1 ROUTER2(config-if)#switchport trunk encapsulation dot1q ROUTER2(config-if)#switchport mode trunk
2.Spanning tree - Configuration
ROUTER1(config)#spanning-tree vlan 1 priority 0
Host-Enabled spanning tree port fast feature & bpduguard
ROUTER1(config)#interface g0/0/2 ROUTER1(config-if)#spanning-tree portfast Warning: portfast should only be enabled on ports connected to a single host Connecting hubs, concentrators, switches, bridges, etc.to this interface when portfast is enabled, can cause temporary spanning tree loops. Use with CAUTION Portfast has been configured on GigabitEthernet0/0/2 but will only have effect when the interface is in a non-trunking mode. ROUTER1(config)#spanning-tree portfast bpduguard
3.VTP configurtaion
ROUTER1(config)#vtp mode server Device mode already VTP SERVER. ROUTER1(config)#vtp domain CISCO Changing VTP domain name from CISCO to CISCO ROUTER1(config)#vtp password test Setting device VLAN database password to TEST ROUTER2(config)#vtp mode client ROUTER2(config)#vtp domain CISCO Changing VTP domain name from CISCO to CISCO ROUTER2(config)#vtp password test Setting device VLAN database password to TEST
4.Shutdown port if Broadcast traffic is more than 50%
ROUTER1(config)#inte g0/0/2 ROUTER1(config-if)#storm-control broadcast level 50 ROUTER1(config-if)#storm-control action shutdown </pre? 5.Port Security - allow to learn maximim one address on port g0/0/2 ----------------------------------------------------------------- <pre> ROUTER1(config)#mac-address-table secure maximum 1 gigabitEtherne0/0/2
6.DHCP Server to get IP address to HOST
ROUTER2(config)#inte vlan 1 ROUTER2(config-if)#ip address 10.0.0.1 255.255.255.0 ROUTER2(config)#ip dhcp pool TEST ROUTER2(dhcp-config)#network 10.0.0.0 255.255.255.0 ROUTER2(dhcp-config)#default-router 10.0.0.1 ROUTER2(config)#ip dhcp excluded-address 10.0.0.1
Show commands
1.Trunk Configuration - dot1q
ROUTER1#show interfaces trunk Port Mode Encapsulation Status Native vlan Gi0/0/0 on 802.1q trunking 1 Port Vlans allowed on trunk Gi0/0/0 1-4094 Port Vlans allowed and active in management domain Gi0/0/0 1-10,12-33 Port Vlans in spanning tree forwarding state and not pruned Gi0/0/0 none ROUTER1#
2.Spanning tree -
ROUTER1#show spanning-tree vlan 1 brie VLAN1 Spanning tree enabled protocol ieee Root ID Priority 0 Address 000f.f70b.3ea5 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 0 Address 000f.f70b.3ea5 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Designated Name Port ID Prio Cost Sts Cost Bridge ID Port ID GigabitEthernet0/0/0 128.1 128 4 FWD 0 0 000f.f70b.3ea5 128.1 GigabitEthernet0/0/1 128.2 128 4 FWD 0 0 000f.f70b.3ea5 128.2
3.VTP
ROUTER1#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 36 Number of existing VLANs : 36 VTP Operating Mode : Server VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xA1 0x13 0xD9 0x04 0x8D 0xD6 0xF8 0x9A Configuration last modified by 40.0.0.2 at 4-12-10 09:06:10 Local updater ID is 192.168.1.1 on interface Vl1 (lowest numbered VLAN interface found) ROUTER1#show vtp pas ROUTER1#show vtp password VTP Password: TEST ROUTER1# ROUTER2#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 20 Number of existing VLANs : 20 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xFC 0x06 0x7A 0xAA 0xC7 0xDB 0xE6 0xCD Configuration last modified by 0.0.0.0 at 6-1-10 05:04:50 ROUTER2#show vtp password VTP Password: TEST ROUTER2#
4.Shutdown port if Broadcast traffic is more than 50%
ROUTER1#show storm-control broadcast Interface Filter State Upper Lower Current Gi0/0/0 inactive 100.00% 100.00% N/A Gi0/0/1 inactive 100.00% 100.00% N/A Gi0/0/2 Forwarding 50.00% 50.00% 0.00% Gi0/0/3 inactive 100.00% 100.00% N/A ROUTER1#
5.Port Security - allow to learn maximim one address on port g0/0/2
ROUTER1#sh runn | incl mac mac-address-table secure maximum 1 GigabitEthernet0/0/2 ROUTER1#
6.DHCP Server
ROUTER1#sh runn | beg dhcp ip dhcp excluded-address 192.168.4.1 ip dhcp excluded-address 10.0.0.1 ip dhcp pool TEST network 10.0.0.0 255.255.255.0 default-router 10.0.0.1 ROUTER1#show ip dhcp pool Pool TEST : Utilization mark (high/low) : 100 / 0 Subnet size (first/next) : 0 / 0 Total addresses : 254 Leased addresses : 0 Pending event : none 1 subnet is currently in the pool : Current index IP address range Leased addresses 10.0.0.1 10.0.0.1 - 10.0.0.254 0 ROUTER2#
Show running-config
ROUTER1#show running-config Building configuration... Current configuration : 2809 bytes Last configuration change at 07:33:39 UTC Tue Jun 1 2010 version 15.1 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption hostname ROUTER1 boot-start-marker boot system flash0:c2900-universalk9-mz.SSA.1_20100412 boot-end-marker no aaa new-model ip dhcp excluded-address 10.0.0.1 ip dhcp pool TEST network 10.0.0.0 255.255.255.0 default-router 10.0.0.1 spanning-tree portfast bpduguard spanning-tree vlan 1 priority 0 interface GigabitEthernet0/0 ip address 9.43.16.40 255.255.0.0 duplex auto speed auto interface GigabitEthernet0/1 duplex auto speed auto interface GigabitEthernet0/2 duplex auto speed auto interface GigabitEthernet0/0/0 switchport mode trunk interface GigabitEthernet0/0/1 switchport mode trunk interface GigabitEthernet0/0/2 switchport access vlan 2 storm-control broadcast level 50.00 storm-control action shutdown spanning-tree portfast interface Vlan1 ip address 10.0.0.1 255.255.255.0 ip forward-protocol nd no ip http server no ip http secure-server mac-address-table secure maximum 1 GigabitEthernet0/0/2 line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 login transport input all exception data-corruption buffer truncate scheduler allocate 20000 1000 end ROUTER1#
