Configuration is then distributed to other devices. Manages vlan numbers and names centrally. Trunk : Port will be a trunk, regardless of settings at other side VLAN Trunking Protocol (VTP) Port will not actively attempt to become a trunk though – auto : port will become a trunk if other side is set to trunk or desirable. Link will become a trunk when other side is set to trunk, auto, or desirable – desirable : port will actively try to convert the link to a trunk. I recommend applying this to all non-trunk ports, for security. (Reminder : if you are using portfast for non-trunk/uplink ports, you’ll have to manually re-enable portfast for that interface again)Īccess : Port will never be a trunk, not even when other side is set to dynamic or trunk. Remove trunking from an interface and make sure the interface cannot be tricked into negotiation to become a trunk anyway : enable Remove vlan 200 and 300 from the trunk port : enable Keep in mind that your trunk will be broken now, unless you have specified the same trunk native vlan at the other side of the trunk.ĭefine which VLANs are allowed via the trunk on FastEthernet0/1: enable In this example, the native vlan for the trunk on FastEthernet0/1 is now set to vlan 20. You can change the native vlan for trunks using enable Without specifying specific vlans, the trunk will only work with the native vlan, which is set to 1 by default. The statement "switchport trunk encapsulation dot1q" may not work on all switches. Trunking & portfast : do not set a trunk port in portfast mode ! (see later), and never allow a switchport to autonegotiate trunk ! More info on trunking : Read Cisco requirements to implement trunking ISL = Cisco proprietary (encapsulates entire frame into new frame : ISL header – orig frame – checksum) : +30bytes ("giant")ĭTP : Dynamic Trunking Protocol (dynamic Trunk negotiation) CIsco supports 2 protocols :Ĩ02.1Q = IEEE standard (alters existing frames, adds VLAN tags) : +4bytes ("baby giant") Both sides of the trunk need to use the same protocol. Trunk = interface/link that can carry traffic from multiple VLANs. You can get a list of all interfaces (interface name, description, vlan id and port status) using the following command : enable It just may be easier to configure vlans using global commands instead of using the separate database.Ĭreate new VLAN 10 using global commands conf tĪssign a port to Vlan 10 (after vlan has been distributed using VTP) enable This also means that a "write erase" and "reload" will not clear the VLAN database. Note : the vlan database has its own configuration mode and commands. (The native vlan is not being tagged !)Ĭreate new VLAN 10 in VLAN database (older switches) enable If you also want to use ssh to connect from a switch to another switch, then do : transport output ssh Port speed and duplex modeĭefault (native) VLAN = vlan 1. Password protecting your switch - Passwords can be set on 5 places : If you are tired of the - more - prompt when generating an output, you can set lines to 0 Set passwords The f in f0 refers to FastEthernet (100Mbit), the g in g0 refers to Gigabit. Verify how the interfaces are called on your switch and use the corresponding interface names. Update : in this document, I’m referring to f0/x and G0/x interfaces, but sometimes these interfaces names can vary from switch type to switch type. (The characters at the beginning and the end of the banner string should not be part of the banner string itself ! When looking at the config, you’ll see that they will be replaced by ^C) The summertime setting displayed here applies to Belgium, so you may have to figure out your own settings.īanner motd # Unauthorized access is prohibited ! # Second command : “SummerTime” is just a string. Set timezone settings : clock timezone GMT+1 1Ĭlock summertime SummerTime recurring last Sun Mar 2:00 last Sun Oct 2:00įirst command : “GMT+1” is just a string. If you don’t have a NTP server, you can set the clock with the "clock" command as well : clock set 14:04 23 June 2008 a file config.text should be created again (check with dir flash:)Īctivate administrative vlan 1, set IP address, gateway, hostname, DNS and time, NTP, and then save config enable.now reset the password (you already have an enable prompt).copy the old config to running config :.If you wanted to reset the password, but keep the config :.save config with “wr mem” and reload (run “reload”) At switch> prompt, go in enable mode (no password needed).When asked to enter the initial configuration (which happens when no config.text file is found), reply “no”.rename flash:config.txt flash:config.old.press mode button (at the front), hold it, and put power cable back.connect console (9600/8/None/1, no flow control).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |