matthew/DCO-SOGs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
DCO-SOGs/1 Switch/(2) Switch/Switch Configuration.md

5.2 KiB
Raw Permalink Blame History

Starting with a blank 48 port Cisco switch you need to connect with a serial connection using the Mini USB connecter on the front of the switch. From here you can open Moba Xterm and begin configuration.

enable

configure terminal

hostname 2ndPlt

ip routing

VLAN Configuration

To configure the VLANs that will be used within your network. A good baseline to start with is:

  • VLAN 3

    • Description: Domain
    • ip address 10.2.1.1 255.255.255.0

  • VLAN 5

    • Description: VCSA Management
    • ip address 10.2.5.1 255.255.255.0

  • VLAN 10

    • Description: ESXi Management
    • ip address 10.2.10.1 255.255.255.0

  • VLAN 11

    • Description: ESXi vMotion
    • ip address 10.2.11.1 255.255.255.0

  • VLAN 12

    • Description: ESXi Provisioning
    • ip address 10.2.12.1 255.255.255.0

  • VLAN 20

    • Description: Tools DMZ
    • ip address 10.2.20.1 255.255.255.0

  • VLAN 25

    • Description: Tool Web Interface
    • ip address 10.2.25.1 255.255.255.0

  • VLAN 30

    • Description: Workstations
    • ip address 10.2.30.1 255.255.255.0

  • VLAN 40

    • Description: Test VLAN
    • ip address 10.2.40.1 255.255.255.0

  • VLAN 666

    • Description: Trunk
    • ip address 10.2.100.1 255.255.255.0

  • Configuring the VLANs

    enable

    conf t

    interface vlan (VLAN ID)

    ip address (ip address) (subnet mask)

    description ***(VLAN Description)***

  • Complete for each VLAN

    exit

    do show run
    • check configuration
    do write memory

  • Enabling the VLANs

    • For each VLAN made you need to Enable them to start functioning. You will need to choose a random interface that is not in use.

      enable

      configure terminal

      do sh ip int brief
      • this checks to see what VLANs are enabled
      • !sh_ip_int_brief.png
        • In the Status column, if it says down, then it needs to be enabled
      interface <randomly chosen interface>

      switchport mode access

       switchport access vlan <VLAN to be enabled>

      exit

      ***Repeat for every down VLAN

      Once Completed you can Turn the interface used back off.

      no switchport mode access

      no switchport access vlan <last vlan to be enabled>

      exit

      do write memory
      • Check VLANs are Enabled
      do sh ip int brief

Interface Configuration

Your interfaces will be configured differently depending on what gear you are using i.e. CyberPac, MiniRax, different switches, or different firewalls.

Server Interfaces

  • These Interfaces will have access to all of the VLANs except one, the Tools VLAN. Trunk Ports allow this.
  • This separation in the VLANs creates a logical separation in your network not allowing outside network traffic to your infrastructure containing VLANs. Setup:
enable

configure terminal

interface g1/0/1

switchport mode trunk

switchport trunk allowed vlan 3,5,10,11,12,25,30,40

switchport trunk native vlan 666
  • Repeat for interface g1/0/2
  • This allows all network traffic that is coming through to be assigned to your trunking VLAN.
description <name of server that is being used to remain orgainized>

exit

do sh run

do write memory

***Do this twice for every server being used, one for management and one for your tools.

Tool Interfaces

  • Your Tool Interfaces have a logical separation from the rest of your interfaces. This keeps internal infrastructure traffic separated from external traffic.

  • Tool Interfaces require a separate switch port connected to a standalone port on the Server

  • Setup:

    enable	

    configure terminal

    interface g1/0/13

    switchport mode access

    switchport access vlan 20

    exit

    do write memory

Workstation Interfaces

  • Workstation Interfaces are the switch ports that the host machines (Laptops) are connected to. These will be configured to connect to the workstations VLAN. Setup:
enable

configure terminal

interface range g1/0/25 - 48

switchport mode access

switchport access vlan 30

exit

do sh run

do write memory

After setting up your interfaces if wanted you can configure DHCP so your workstations will pull an IP automatically.

enable

configure terminal

ip dhcp pool USERS

network 10.2.30.1 255.255.255.0

default-router <Workstation VLAN default gateway>

exit

do write memory

This is all that is needed for basic functionality of the switch

  • More Configuration will be needed

Post Domain Controller(s) Setup

  • After your Domain controller(s) have been configured follow these steps to setup DNS.

    enable

    configure terminal

    ip name-server <DC IP #1> <DC IP #2>
ip domain name <domain.name>

    exit

    write memory