The following line is hostname Switch that tells us by default the name of the switch is Switch. This can be changed to just about anything, as long the name doesn’t contain spaces.
Following that is no aaa new-model. When configuring the switch for Radius or TACAS+ access and authentication, you will begin with the “aaa new-model” command. In its default configuration the switch is not configured for Radius or TACAS+ access.
Using the cables in the heavy pink plastic bags, the Catalyst 3750 can be ‘stacked’ together with up to 9 switches in the stack. The next line lists the switches currently configured in the stack. Since this is a stand-alone switch there is only one line: switch 1 provision ws-c3750-24ts. Had there been more, the list would look something like this:
switch 1 provision ws-c3750-24ts
switch 2 provision ws-c3750-24ts
switch 3 provision ws-c3750-24ts
switch 4 provision ws-c3750-24ts
switch 5 provision ws-c3750-24ts
switch 6 provision ws-c3750-24ts
switch 7 provision ws-c3750-24ts
switch 8 provision ws-c3750-24ts
switch 9 provision ws-c3750-24ts
As mentioned, up to 9 switches can be “stacked” together to form one cohesive switch manageable from one IP address. This is a very cool feature compared to the way the Catalyst 3500 series of switches ‘clustered’ together where each switch had to be accessed separately using the rcommand command to be configured.
The command ip subnet-zero allows the use of the first and last subnets in a given range. In pre CIDR (Classless Internet Domain Routing) days, if you had a large subnet the first and last subnets were reserved and not unusable. For example, if you had a class B block of IP addresses, 172.18.0.0/16, the first subnet, 172.18.0.0 and the last subnet 172.18.255.0 were not usable and IP addresses in those ranges could not be used. By using the ip subnet-zero command this limitation is over come.
The command file verify auto is not supported on the Cisco Catalyst 3750, hence the default no file verify auto command.
The next two commands, spanning-tree mode pvst and spanning-tree extend system-id, pertain to spanning tree. The spanning-tree mode pvst statement means that ‘per-vlan spanning tree (pvst)’ is enabled and that each vlan will have it’s own spanning tree instance running to calculate the layer 2 route back to the root device. system-id is an extension of the spanning tree protocol that adds the system-id to the priority portion of the bridge id when using PVST and Rapid PVST. We’ll cover more on spanning tree later in this document.
The Cisco Catalyst 3750 can support up to 4096 vlans ( numbered 0 - 4095) organized into several ranges. Vlan 1 is the default vlan with all ports on the switch being a member of vlan 1 unless configured otherwise. Vlans 2 – 1001 can be created and deleted as needed and are propagated via VTP. Vlans 1002 – 1005 are default vlans for fddi and token ring and cannot be deleted. Vlans 1006 – 4094 are local to the switch and allocated either ascending or descending. The default of ascending is evident by the vlan internal allocation policy ascending command in the default config. Vlans in the 1006 – 4094 are considered extended range vlans and are not stored in the vlan database and are not propagated via VTP. In fact, the switch must be in transparent mode (not part of a VTP domain) in order to use vlans 1006 and above.
After that are the individual physical interface settings. You will have FastEthernet1/0/1 through FastEthernet1/0/24 and GigabitEthernet1/0/1 and GigabitEthernet1/0/2 for a Catalyst 3750-24TS switch. Other models will have different/additional physical ports. Although not specifically listed in the default configuration, all ports auto negotiate speed and duplex.
Next comes the virtual interfaces, or vlans. By default you will have interface Vlan1 of which all physical interfaces belong to until configured otherwise.
Following vlans is the ip classless statement. IP classless allows for VLSM subnetting.
The next statement, ip http server, enables the web interface of the switch. In some instances you may want to disable this with the no ip http server command. But, if you plan to use Cisco’s free management utility, Cisco Network Assistant, you’ll need to leave it enabled.
After ip http server comes control-plane. The Control Plane Policing feature allows users to configure a quality of service (QoS) filter that manages the traffic flow of control plane packets to protect the control plane of Cisco IOS routers and switches against reconnaissance and denial-of-service (DoS) attacks. In this way, the control plane (CP) can help maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch. It is enabled by default and cannot be disabled.
Next is line con 0 which represents the serial console port on the switch. This is the port you plug the blue cable into configure the switch. It’s default settings are 9600, 8N1 and can be changed if you so choose to do so. You can also set a password and make other changes which we will cover later.
The same goes for line vty 0 4 and line vty 5 15, although these two statements represent settings for network connections via telnet or ssh (if supported on your release of the IOS). At a minimum, a password must be set and login enabled in addition to entering appropriate ip address information under vlan1 for network access to work. By default, login via network connections is disabled by the no login substatements.
The last statement, end, indicates the end of the configuration file.
No comments:
Post a Comment