Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1503
Views
5
Helpful
5
Replies

Cisco 3750x configuration

Sureshkachwa
Level 1
Level 1

‎06-30-2021 08:24 PM

Got new AT&T connection and ISP cable will be directly plugged into switch port gig 1/0/1

I will not have any sort of physical connection to the switch all I need to do is share the configuration and ask someone to copy and paste it and should be able to take SSH over switch public ip.

Will the below configuration work?

#enable

#conf t

#hostname

#ip domain-name

#crypto key generate 

#ip routing

#ip default gateway <ISP_next_hop>

#int gig 1/0/1

#no shutdown

#ip address <isp_public_ip> <subnet_mask>

#exit

#line vty 0 15

#username xxxxx password xxxxxx

#transport input SSH

#login local

#exit

#wr mem

 

There is no vpn concept involved,all we need is to connect to the switch public ip over SSH and clients, Meraki APs will also be connected to the same switch.

ISP has DHCP and DNS enabled,I hope.

Please guide,Thanks!!

 

 

 

Labels:
0 Helpful
5 Replies 5

Sureshkachwa
Level 1
Level 1

‎06-30-2021 10:19 PM

I am thinking to leave all the interfaces part of vlan1, create a vlan interface 1, assign an IP for management ?

No firewall in place since we don't need it.

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni

‎07-01-2021 02:31 AM

Hi there,

I would suggest you also add an ACL the the vty lines to prevent SSH access from all but public IPs that you control:

!
access-list 10 permit <public_ip_of_hq> 0.0.0.0
access-list 10 deny any
!
line vty 0 15
  access-class 10 in
!

cheers,

Seb.

Sureshkachwa
Level 1
Level 1
In response to Seb Rupik

‎07-01-2021 11:24 PM

@Seb Rupik , is the above config good?

I think we will have only one public IP from ISP.

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to Sureshkachwa

‎07-02-2021 06:11 AM

Hi there,

Assuming you are not running a LAN base license you will be able to configure gi1/0/1 as a routed port as you have in your config. If not, then you will need to configure a SVI. You should include the access-class config to provide some additional security to your device.

 

You will also need to configure a DHCP scope for your wireless clients on VLAN 1.

As your wireless clients will be using private IPs you will need to NAT that subnet to use the gi1/0/1 IP as the global outside address.

 

The 3750x does not support NAT, so you will need to use a router or firewall to provide that function.

 

cheers,

Seb.

0 Helpful

Sureshkachwa
Level 1
Level 1

‎07-01-2021 10:28 AM

@Seb Rupik  , sure, can you please help me out with the entire configuration, I mean if my configuration is correct or not for SSH access over the internet to a switch public ip and clients,Meraki APs will also be connected to same switch

0 Helpful
Customers Also Viewed These Support Documents