topic RE: Basic Switch Configuration Best Practices in ExtremeSwitching (EOS)

Basic Switch Configuration Best Practices

Ben_Parker — Tue, 01 Apr 2014 19:15:00 GMT

What types of features/commands do people recommend when implementing basic Layer 2 switch configurations for replacements, or when building configuration templates what things do you make sure you hit?
So far my list looks like:

set IP
Set SNTP
Set Timezone
Set summertime
Set SNMP v3 credentials
set spanguard (and adminedge)
set uplinks to tagged (to reduce future downtime if changes are needed)
set port alias (as applicable)

What other types of recommendations or best practices do other people have?

Thanks,

RE: Basic Switch Configuration Best Practices

Paul_Russo — Tue, 01 Apr 2014 19:49:00 GMT

Hey Ben

It looks like you are using this in regards to EOS is that correct? If so then this is a good list. I would also add thinks like SNMP parameters, location contact etc. Also recommend using RADIUS for switch authentication versus local accounts.

If you are using XOS then there are other items like DoS Protect as well as IP security that are always good to have enabled. You can also have them set up as a default script that are automatically set every time the switch is factory defaulted. If you need any help there let us know.

Thanks
P

RE: Basic Switch Configuration Best Practices

dflouret — Tue, 01 Apr 2014 20:02:00 GMT

The first thing Extreme recommends is to remove all ports from vlan default and disable it (vlan default can't be deleted):
configure vlan default delete ports all
disable vlan default

Then you should create and configure specific vlans as needed.

Daniel

RE: Basic Switch Configuration Best Practices

Sathish_Arul — Tue, 01 Apr 2014 21:09:00 GMT

Radius/Tacacs configuration

SNMP server and community - for any monitoring server

NTP configuration

Switch administration credentials - Read Only & Read Write

STP or EAPS configuration - Loop prevention protocol

802.1x configuration - for end user authentication

Telnet/SSH configuration - for remote access

Access policies for Telnet/SSH access.

RE: Basic Switch Configuration Best Practices

Ben_Parker — Tue, 01 Apr 2014 22:22:00 GMT

Paul,
Thank you. These devices are all EOS legacy-Red. I did have the system contact information included.

I did not have radius included because that would require also setting up their radius. I do need to setup NAC for the customer as well though so that might be a good idea.

RE: Basic Switch Configuration Best Practices

aloeffle — Wed, 02 Apr 2014 12:58:00 GMT

Hi all.

I recommend to configure

set forcelinkdown enable
set gvrp disable
set line-editor delete backspace default

as well.

regards
Alex

RE: Basic Switch Configuration Best Practices

Langley__Michae — Wed, 02 Apr 2014 21:25:00 GMT

If configuring a EOS stackable product for use in a stack, I would suggest statically configuring the SNMPv3 Engine ID.

show snmp engineid
set snmp engineid

The reason for this is the Engine ID is based off the mac address of the current manager unit. If the manager were to change from one unit to another in the stack, SNMPv3 settings would need to be reset as the Engine ID would have changed. If the Engine ID is statically configured any subsequent manager would use what is in the stack configuration instead of their own default Engine ID.

RE: Basic Switch Configuration Best Practices

Piotr_Owczarek — Thu, 02 Jul 2015 11:08:00 GMT

Hello

As an addition to SNMP config I always clear default SNMP settings for public and ro access.
Regarding timezone, I also use:
set summertime recurring last Sunday March 02:00 last Sunday October 03:00 60 Piotr

RE: Basic Switch Configuration Best Practices

Straw__Glyn — Thu, 02 Jul 2015 14:39:00 GMT

This is a good idea for a knowledge article so when we have a few more posts i will create an article for general basic L2 switch best practises and post it on this thread.

Below are my recommendations:

- disable gvrp unless you have a specific requirement for it

- Spantree

enabled by default - leave it enabled unless you have a specific case that requires disabling (eg. router connection)
Admin edge - for all edge / user ports
Spanguard - which will operate on admin edge ports
Loop Protect - on all uplink ports to LPCapable switches
Lptrap enable
use MSTP, which is default version and configure 2 instances if there is a redundant path that would otherwise be blocked

- set movedaddrtrap enable - crucial for L2 networks to get notification of moving mac addresses in the event of a loop

- LACP

use dynamic lacp ( default )
manually configure aadminkey
set spantree portenable disable - disable bridging on lag physical member ports and restrict to logical lag port.
configure short timers where appropriate - The default timers for the lag are "long". The protocol transmits maintenance packets every 30 seconds.

- Set mac multicast

If user traffic consists of NLB this will be flooded on the network as unknown so will need to be scoped by manually configuring a multicast mac and static arp
https://gtacknowledge.extremenetworks.com/articles/How_To/EOS-How-to-configure-multicast-mac-to-stop...

- set forcelinkdown enable

- set port disable - on any unused ports for security
- set port alias - crucial to troubleshooting connectivity
- set port broadcast - prevent broadcast storms propagating

- set logging local console enable file enable sfile enable
- set logging server ( having syslog is crucial to troubleshooting )

- set system location
- set system name
- set system login

- set prompt

- set ssh enabled

RE: Basic Switch Configuration Best Practices

Straw__Glyn — Thu, 02 Jul 2015 16:52:00 GMT

I published the following article in case this helps others in future:

Browser View: https://gtacknowledge.extremenetworks.com/articles/How_To/EOS-Basic-Switch-Layer-2-Configuration-Best-Practices

Mobile View: https://gtacknowledge.extremenetworks.com/pkb_mobile#article/How_To/kA134000000LymfCAC/s

Please let us know if this article was helpful by submitting article feedback. Thanks!

RE: Basic Switch Configuration Best Practices

engelbert43 — Thu, 19 Sep 2019 17:51:00 GMT

basic command to backup the configuration of the switch to a notepad so that in time restore the command to a new switch