Basic Switch Configuration Best Practices
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-01-2014 12:15 PM
What types of features/commands do people recommend when implementing basic Layer 2 switch configurations for replacements, or when building configuration templates what things do you make sure you hit?
So far my list looks like:
set IP
Set SNTP
Set Timezone
Set summertime
Set SNMP v3 credentials
set spanguard (and adminedge)
set uplinks to tagged (to reduce future downtime if changes are needed)
set port alias (as applicable)
What other types of recommendations or best practices do other people have?
Thanks,
So far my list looks like:
set IP
Set SNTP
Set Timezone
Set summertime
Set SNMP v3 credentials
set spanguard (and adminedge)
set uplinks to tagged (to reduce future downtime if changes are needed)
set port alias (as applicable)
What other types of recommendations or best practices do other people have?
Thanks,
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-02-2014 02:25 PM
If configuring a EOS stackable product for use in a stack, I would suggest statically configuring the SNMPv3 Engine ID.
show snmp engineid
set snmp engineid
The reason for this is the Engine ID is based off the mac address of the current manager unit. If the manager were to change from one unit to another in the stack, SNMPv3 settings would need to be reset as the Engine ID would have changed. If the Engine ID is statically configured any subsequent manager would use what is in the stack configuration instead of their own default Engine ID.
show snmp engineid
set snmp engineid
The reason for this is the Engine ID is based off the mac address of the current manager unit. If the manager were to change from one unit to another in the stack, SNMPv3 settings would need to be reset as the Engine ID would have changed. If the Engine ID is statically configured any subsequent manager would use what is in the stack configuration instead of their own default Engine ID.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-02-2014 05:58 AM
Hi all.
I recommend to configure
set forcelinkdown enable
set gvrp disable
set line-editor delete backspace default
as well.
regards
Alex
I recommend to configure
set forcelinkdown enable
set gvrp disable
set line-editor delete backspace default
as well.
regards
Alex
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-01-2014 03:22 PM
Paul,
Thank you. These devices are all EOS legacy-Red. I did have the system contact information included.
I did not have radius included because that would require also setting up their radius. I do need to setup NAC for the customer as well though so that might be a good idea.
Thank you. These devices are all EOS legacy-Red. I did have the system contact information included.
I did not have radius included because that would require also setting up their radius. I do need to setup NAC for the customer as well though so that might be a good idea.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-01-2014 02:09 PM
Radius/Tacacs configuration
SNMP server and community - for any monitoring server
NTP configuration
Switch administration credentials - Read Only & Read Write
STP or EAPS configuration - Loop prevention protocol
802.1x configuration - for end user authentication
Telnet/SSH configuration - for remote access
Access policies for Telnet/SSH access.
SNMP server and community - for any monitoring server
NTP configuration
Switch administration credentials - Read Only & Read Write
STP or EAPS configuration - Loop prevention protocol
802.1x configuration - for end user authentication
Telnet/SSH configuration - for remote access
Access policies for Telnet/SSH access.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-01-2014 01:02 PM
The first thing Extreme recommends is to remove all ports from vlan default and disable it (vlan default can't be deleted):
configure vlan default delete ports all
disable vlan default
Then you should create and configure specific vlans as needed.
Daniel
configure vlan default delete ports all
disable vlan default
Then you should create and configure specific vlans as needed.
Daniel
![](/skins/images/1A7FFF514DEA26DBB1E00C76441BCEE5/responsive_peak/images/icon_anonymous_message.png)