diff --git a/1 Switch/(2) Switch/Switch Configuration.md b/1 Switch/(2) Switch/Switch Configuration.md new file mode 100644 index 0000000..bf5d79f --- /dev/null +++ b/1 Switch/(2) Switch/Switch Configuration.md @@ -0,0 +1,315 @@ +Starting with a blank 48 port Cisco switch you need to connect with a serial connection using the Mini USB connecter on the front of the switch. From here you can open Moba Xterm and begin configuration. + + +```cisco +enable +``` + +```cisco +configure terminal +``` + +```cisco +hostname 2ndPlt +``` + +```cisco +ip routing +``` + +### VLAN Configuration +To configure the VLANs that will be used within your network. A good baseline to start with is: +- VLAN 3 + - Description: Domain + - ip address 10.2.1.1 255.255.255.0 +- VLAN 5 + - Description: VCSA Management + - ip address 10.2.5.1 255.255.255.0 +- VLAN 10 + - Description: ESXi Management + - ip address 10.2.10.1 255.255.255.0 +- VLAN 11 + - Description: ESXi vMotion + - ip address 10.2.11.1 255.255.255.0 +- VLAN 12 + - Description: ESXi Provisioning + - ip address 10.2.12.1 255.255.255.0 +- VLAN 20 + - Description: Tools DMZ + - ip address 10.2.20.1 255.255.255.0 +- VLAN 25 + - Description: Tool Web Interface + - ip address 10.2.25.1 255.255.255.0 +- VLAN 30 + - Description: Workstations + - ip address 10.2.30.1 255.255.255.0 +- VLAN 40 + - Description: Test VLAN + - ip address 10.2.40.1 255.255.255.0 +- VLAN 666 + - Description: Trunk + - ip address 10.2.100.1 255.255.255.0 +- Configuring the VLANs + ```cisco + enable + ``` + + ```cisco + conf t + ``` + + ```cisco + interface vlan (VLAN ID) + ``` + + ```cisco + ip address (ip address) (subnet mask) + ``` + + ```cisco + description ***(VLAN Description)*** + ``` + +- Complete for each VLAN + ```cisco + exit + ``` + + ```cisco + do show run + ``` + - check configuration + ```cisco + do write memory + ``` + +- Enabling the VLANs + - For each VLAN made you need to Enable them to start functioning. You will need to choose a random interface that is not in use. + + ```cisco + enable + ``` + + ```cisco + configure terminal + ``` + + ```cisco + do sh ip int brief + ``` + - this checks to see what VLANs are enabled + - ![[sh_ip_int_brief.png]] + - In the Status column, if it says down, then it needs to be enabled + ```cisco + interface + ``` + + ```cisco + switchport mode access + ``` + + ```cisco + switchport access vlan + ``` + + ```cisco + exit + ``` + ***Repeat for every down VLAN + + Once Completed you can Turn the interface used back off. + ```cisco + no switchport mode access + ``` + + ```cisco + no switchport access vlan + ``` + + ```cisco + exit + ``` + + ```cisco + do write memory + ``` + - Check VLANs are Enabled + ```cisco + do sh ip int brief + ``` + +### Interface Configuration +Your interfaces will be configured differently depending on what gear you are using i.e. CyberPac, MiniRax, different switches, or different firewalls. + +#### Server Interfaces +- These Interfaces will have access to all of the VLANs except one, the Tools VLAN. Trunk Ports allow this. +- This separation in the VLANs creates a logical separation in your network not allowing outside network traffic to your infrastructure containing VLANs. +Setup: +```cisco +enable +``` + +```cisco +configure terminal +``` + +```cisco +interface g1/0/1 +``` + +```cisco +switchport mode trunk +``` + +```cisco +switchport trunk allowed vlan 3,5,10,11,12,25,30,40 +``` + +```cisco +switchport trunk native vlan 666 +``` + +- Repeat for interface g1/0/2 +- This allows all network traffic that is coming through to be assigned to your trunking VLAN. + +```cisco +description +``` + +```cisco +exit +``` + +```cisco +do sh run +``` + +```cisco +do write memory +``` +***Do this twice for every server being used, one for management and one for your tools. + +### Tool Interfaces +- Your Tool Interfaces have a logical separation from the rest of your interfaces. This keeps internal infrastructure traffic separated from external traffic. +- Tool Interfaces require a separate switch port connected to a standalone port on the Server +- Setup: + ```cisco + enable + ``` + + ```cisco + configure terminal + ``` + + ```cisco + interface g1/0/13 + ``` + + ```cisco + switchport mode access + ``` + + ```cisco + switchport access vlan 20 + ``` + + ```cisco + exit + ``` + + ```cisco + do write memory + ``` + +### Workstation Interfaces +- Workstation Interfaces are the switch ports that the host machines (Laptops) are connected to. These will be configured to connect to the workstations VLAN. +Setup: +```cisco +enable +``` + +```cisco +configure terminal +``` + +```cisco +interface range g1/0/25 - 48 +``` + +```cisco +switchport mode access +``` + +```cisco +switchport access vlan 30 +``` + +```cisco +exit +``` + +```cisco +do sh run +``` + +```cisco +do write memory +``` + +After setting up your interfaces if wanted you can configure DHCP so your workstations will pull an IP automatically. +```cisco +enable +``` + +```cisco +configure terminal +``` + +```cisco +ip dhcp pool USERS +``` + +```cisco +network 10.2.30.1 255.255.255.0 +``` + +```cisco +default-router +``` + +```cisco +exit +``` + +```cisco +do write memory +``` + +## This is all that is needed for basic functionality of the switch +- More Configuration will be needed + + +### Post Domain Controller(s) Setup +- After your Domain controller(s) have been configured follow these steps to setup DNS. + + ```Cisco + enable + ``` + + ```cisco + configure terminal + ``` + + ```cisco + ip name-server + ip domain name + ``` + + ```cisco + exit + ``` + + ```cisco + write memory + ``` + diff --git a/1 Switch/(2) Switch/sh_ip_int_brief.png b/1 Switch/(2) Switch/sh_ip_int_brief.png new file mode 100644 index 0000000..94af7cf Binary files /dev/null and b/1 Switch/(2) Switch/sh_ip_int_brief.png differ