matthew/DCO-SOGs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
DCO-SOGs/1 Switch/(2) Switch/Switch Configuration.md

316 lines
5.2 KiB
Markdown
Raw Permalink Blame History

Starting with a blank 48 port Cisco switch you need to connect with a serial connection using the Mini USB connecter on the front of the switch. From here you can open Moba Xterm and begin configuration.
```cisco
enable
```
```cisco
configure terminal
```
```cisco
hostname 2ndPlt
```
```cisco
ip routing
```
### VLAN Configuration
To configure the VLANs that will be used within your network. A good baseline to start with is:
- VLAN 3
- Description: Domain
- ip address 10.2.1.1 255.255.255.0
- VLAN 5
- Description: VCSA Management
- ip address 10.2.5.1 255.255.255.0
- VLAN 10
- Description: ESXi Management
- ip address 10.2.10.1 255.255.255.0
- VLAN 11
- Description: ESXi vMotion
- ip address 10.2.11.1 255.255.255.0
- VLAN 12
- Description: ESXi Provisioning
- ip address 10.2.12.1 255.255.255.0
- VLAN 20
- Description: Tools DMZ
- ip address 10.2.20.1 255.255.255.0
- VLAN 25
- Description: Tool Web Interface
- ip address 10.2.25.1 255.255.255.0
- VLAN 30
- Description: Workstations
- ip address 10.2.30.1 255.255.255.0
- VLAN 40
- Description: Test VLAN
- ip address 10.2.40.1 255.255.255.0
- VLAN 666
- Description: Trunk
- ip address 10.2.100.1 255.255.255.0
- Configuring the VLANs
```cisco
enable
```
```cisco
conf t
```
```cisco
interface vlan (VLAN ID)
```
```cisco
ip address (ip address) (subnet mask)
```
```cisco
description ***(VLAN Description)***
```
- Complete for each VLAN
```cisco
exit
```
```cisco
do show run
```
- check configuration
```cisco
do write memory
```
- Enabling the VLANs
- For each VLAN made you need to Enable them to start functioning. You will need to choose a random interface that is not in use.
```cisco
enable
```
```cisco
configure terminal
```
```cisco
do sh ip int brief
```
- this checks to see what VLANs are enabled
- ![[sh_ip_int_brief.png]]
- In the Status column, if it says down, then it needs to be enabled
```cisco
interface <randomly chosen interface>
```
```cisco
switchport mode access
```
```cisco
switchport access vlan <VLAN to be enabled>
```
```cisco
exit
```
***Repeat for every down VLAN
Once Completed you can Turn the interface used back off.
```cisco
no switchport mode access
```
```cisco
no switchport access vlan <last vlan to be enabled>
```
```cisco
exit
```
```cisco
do write memory
```
- Check VLANs are Enabled
```cisco
do sh ip int brief
```
### Interface Configuration
Your interfaces will be configured differently depending on what gear you are using i.e. CyberPac, MiniRax, different switches, or different firewalls.
#### Server Interfaces
- These Interfaces will have access to all of the VLANs except one, the Tools VLAN. Trunk Ports allow this.
- This separation in the VLANs creates a logical separation in your network not allowing outside network traffic to your infrastructure containing VLANs.
Setup:
```cisco
enable
```
```cisco
configure terminal
```
```cisco
interface g1/0/1
```
```cisco
switchport mode trunk
```
```cisco
switchport trunk allowed vlan 3,5,10,11,12,25,30,40
```
```cisco
switchport trunk native vlan 666
```
- Repeat for interface g1/0/2
- This allows all network traffic that is coming through to be assigned to your trunking VLAN.
```cisco
description <name of server that is being used to remain orgainized>
```
```cisco
exit
```
```cisco
do sh run
```
```cisco
do write memory
```
***Do this twice for every server being used, one for management and one for your tools.
### Tool Interfaces
- Your Tool Interfaces have a logical separation from the rest of your interfaces. This keeps internal infrastructure traffic separated from external traffic.
- Tool Interfaces require a separate switch port connected to a standalone port on the Server
- Setup:
```cisco
enable
```
```cisco
configure terminal
```
```cisco
interface g1/0/13
```
```cisco
switchport mode access
```
```cisco
switchport access vlan 20
```
```cisco
exit
```
```cisco
do write memory
```
### Workstation Interfaces
- Workstation Interfaces are the switch ports that the host machines (Laptops) are connected to. These will be configured to connect to the workstations VLAN.
Setup:
```cisco
enable
```
```cisco
configure terminal
```
```cisco
interface range g1/0/25 - 48
```
```cisco
switchport mode access
```
```cisco
switchport access vlan 30
```
```cisco
exit
```
```cisco
do sh run
```
```cisco
do write memory
```
After setting up your interfaces if wanted you can configure DHCP so your workstations will pull an IP automatically.
```cisco
enable
```
```cisco
configure terminal
```
```cisco
ip dhcp pool USERS
```
```cisco
network 10.2.30.1 255.255.255.0
```
```cisco
default-router <Workstation VLAN default gateway>
```
```cisco
exit
```
```cisco
do write memory
```
## This is all that is needed for basic functionality of the switch
- More Configuration will be needed
### Post Domain Controller(s) Setup
- After your Domain controller(s) have been configured follow these steps to setup DNS.
```Cisco
enable
```
```cisco
configure terminal
```
```cisco
ip name-server <DC IP #1> <DC IP #2>
ip domain name <domain.name>
```
```cisco
exit
```
```cisco
write memory
```
Reference in New Issue View Git Blame Copy Permalink