This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Basic Switch Configuration Best Practices

Basic Switch Configuration Best Practices

Ben_Parker
New Contributor II

‎04-01-2014 12:15 PM

What types of features/commands do people recommend when implementing basic Layer 2 switch configurations for replacements, or when building configuration templates what things do you make sure you hit?
So far my list looks like:

set IP
Set SNTP
Set Timezone
Set summertime
Set SNMP v3 credentials
set spanguard (and adminedge)
set uplinks to tagged (to reduce future downtime if changes are needed)
set port alias (as applicable)

What other types of recommendations or best practices do other people have?

Thanks,

0 Kudos
10 REPLIES 10

engelbert43
New Contributor

‎09-19-2019 10:51 AM

basic command to backup the configuration of the switch to a notepad so that in time restore the command to a new switch
0 Kudos

Straw__Glyn
Extreme Employee

‎07-02-2015 09:52 AM

I published the following article in case this helps others in future:

Browser View: https://gtacknowledge.extremenetworks.com/articles/How_To/EOS-Basic-Switch-Layer-2-Configuration-Bes...

Mobile View: https://gtacknowledge.extremenetworks.com/pkb_mobile#article/How_To/kA134000000LymfCAC/s

Please let us know if this article was helpful by submitting article feedback. Thanks!

0 Kudos

Straw__Glyn
Extreme Employee

‎07-02-2015 07:39 AM

This is a good idea for a knowledge article so when we have a few more posts i will create an article for general basic L2 switch best practises and post it on this thread.

Below are my recommendations:

- disable gvrp unless you have a specific requirement for it

- Spantree

enabled by default - leave it enabled unless you have a specific case that requires disabling (eg. router connection)
Admin edge - for all edge / user ports
Spanguard - which will operate on admin edge ports
Loop Protect - on all uplink ports to LPCapable switches
Lptrap enable
use MSTP, which is default version and configure 2 instances if there is a redundant path that would otherwise be blocked

- set movedaddrtrap enable - crucial for L2 networks to get notification of moving mac addresses in the event of a loop

- LACP

use dynamic lacp ( default )
manually configure aadminkey
set spantree portenable disable - disable bridging on lag physical member ports and restrict to logical lag port.
configure short timers where appropriate - The default timers for the lag are "long". The protocol transmits maintenance packets every 30 seconds.

- Set mac multicast

If user traffic consists of NLB this will be flooded on the network as unknown so will need to be scoped by manually configuring a multicast mac and static arp
https://gtacknowledge.extremenetworks.com/articles/How_To/EOS-How-to-configure-multicast-mac-to-stop...

- set forcelinkdown enable

- set port disable - on any unused ports for security
- set port alias - crucial to troubleshooting connectivity
- set port broadcast - prevent broadcast storms propagating

- set logging local console enable file enable sfile enable
- set logging server ( having syslog is crucial to troubleshooting )

- set system location
- set system name
- set system login

- set prompt

- set ssh enabled

0 Kudos

Piotr_Owczarek
New Contributor III

‎07-02-2015 04:08 AM

Hello

As an addition to SNMP config I always clear default SNMP settings for public and ro access.
Regarding timezone, I also use:
set summertime recurring last Sunday March 02:00 last Sunday October 03:00 60 Piotr
0 Kudos
GTM-P2G8KFN