Starting with a blank 48 port Cisco switch you need to connect with a serial connection using the Mini USB connecter on the front of the switch. From here you can open Moba Xterm and begin configuration. ```cisco enable ``` ```cisco configure terminal ``` ```cisco hostname 2ndPlt ``` ```cisco ip routing ``` ### VLAN Configuration To configure the VLANs that will be used within your network. A good baseline to start with is: - VLAN 3 - Description: Domain - ip address 10.2.1.1 255.255.255.0 - VLAN 5 - Description: VCSA Management - ip address 10.2.5.1 255.255.255.0 - VLAN 10 - Description: ESXi Management - ip address 10.2.10.1 255.255.255.0 - VLAN 11 - Description: ESXi vMotion - ip address 10.2.11.1 255.255.255.0 - VLAN 12 - Description: ESXi Provisioning - ip address 10.2.12.1 255.255.255.0 - VLAN 20 - Description: Tools DMZ - ip address 10.2.20.1 255.255.255.0 - VLAN 25 - Description: Tool Web Interface - ip address 10.2.25.1 255.255.255.0 - VLAN 30 - Description: Workstations - ip address 10.2.30.1 255.255.255.0 - VLAN 40 - Description: Test VLAN - ip address 10.2.40.1 255.255.255.0 - VLAN 666 - Description: Trunk - ip address 10.2.100.1 255.255.255.0 - Configuring the VLANs ```cisco enable ``` ```cisco conf t ``` ```cisco interface vlan (VLAN ID) ``` ```cisco ip address (ip address) (subnet mask) ``` ```cisco description ***(VLAN Description)*** ``` - Complete for each VLAN ```cisco exit ``` ```cisco do show run ``` - check configuration ```cisco do write memory ``` - Enabling the VLANs - For each VLAN made you need to Enable them to start functioning. You will need to choose a random interface that is not in use. ```cisco enable ``` ```cisco configure terminal ``` ```cisco do sh ip int brief ``` - this checks to see what VLANs are enabled - ![[sh_ip_int_brief.png]] - In the Status column, if it says down, then it needs to be enabled ```cisco interface ``` ```cisco switchport mode access ``` ```cisco switchport access vlan ``` ```cisco exit ``` ***Repeat for every down VLAN Once Completed you can Turn the interface used back off. ```cisco no switchport mode access ``` ```cisco no switchport access vlan ``` ```cisco exit ``` ```cisco do write memory ``` - Check VLANs are Enabled ```cisco do sh ip int brief ``` ### Interface Configuration Your interfaces will be configured differently depending on what gear you are using i.e. CyberPac, MiniRax, different switches, or different firewalls. #### Server Interfaces - These Interfaces will have access to all of the VLANs except one, the Tools VLAN. Trunk Ports allow this. - This separation in the VLANs creates a logical separation in your network not allowing outside network traffic to your infrastructure containing VLANs. Setup: ```cisco enable ``` ```cisco configure terminal ``` ```cisco interface g1/0/1 ``` ```cisco switchport mode trunk ``` ```cisco switchport trunk allowed vlan 3,5,10,11,12,25,30,40 ``` ```cisco switchport trunk native vlan 666 ``` - Repeat for interface g1/0/2 - This allows all network traffic that is coming through to be assigned to your trunking VLAN. ```cisco description ``` ```cisco exit ``` ```cisco do sh run ``` ```cisco do write memory ``` ***Do this twice for every server being used, one for management and one for your tools. ### Tool Interfaces - Your Tool Interfaces have a logical separation from the rest of your interfaces. This keeps internal infrastructure traffic separated from external traffic. - Tool Interfaces require a separate switch port connected to a standalone port on the Server - Setup: ```cisco enable ``` ```cisco configure terminal ``` ```cisco interface g1/0/13 ``` ```cisco switchport mode access ``` ```cisco switchport access vlan 20 ``` ```cisco exit ``` ```cisco do write memory ``` ### Workstation Interfaces - Workstation Interfaces are the switch ports that the host machines (Laptops) are connected to. These will be configured to connect to the workstations VLAN. Setup: ```cisco enable ``` ```cisco configure terminal ``` ```cisco interface range g1/0/25 - 48 ``` ```cisco switchport mode access ``` ```cisco switchport access vlan 30 ``` ```cisco exit ``` ```cisco do sh run ``` ```cisco do write memory ``` After setting up your interfaces if wanted you can configure DHCP so your workstations will pull an IP automatically. ```cisco enable ``` ```cisco configure terminal ``` ```cisco ip dhcp pool USERS ``` ```cisco network 10.2.30.1 255.255.255.0 ``` ```cisco default-router ``` ```cisco exit ``` ```cisco do write memory ``` ## This is all that is needed for basic functionality of the switch - More Configuration will be needed ### Post Domain Controller(s) Setup - After your Domain controller(s) have been configured follow these steps to setup DNS. ```Cisco enable ``` ```cisco configure terminal ``` ```cisco ip name-server ip domain name ``` ```cisco exit ``` ```cisco write memory ```