cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5707
Views
0
Helpful
35
Replies

4506E Core and 2960S Access Switches IP Camera System

ruckessbx1
Level 1
Level 1

Hello All

I'm implementing my first Cisco network and needed a little guidance. Here's the scenario and how I would like for it to function:

  • 2960S access switches will have PoE IP cameras and POS stations connected to them with fiber uplinks to core.
  • 4506E core switch will have all access switches connected to Fiber SFP uplink ports. All fiber cables are Single Mode with LC connectors.
  • All PoE IP cameras and one NIC from camera server will be on network 172.16.0.0/16 and on default Vlan 1.
  • All end user computers and one NIC from camera server will be on network 192.168.1.0/16 and on Vlan 2. Vlan 2 is only needed on core switch.
  • All POS stations and standalone POS server will be on network 192.168.20.0/16 and on Vlan 3 on both access and core switch.

  • This will be a completely closed network, no internet access.
  • End user computers will access video unicast from server with raids.
  • All switches interconnect using fiber SFP 1GB transceivers.
  • Vlans do not have to communicate with eachother, just need Vlan 1 and 3 to be uplinked to core switch. This will involve setting ports as switchport mode trunk correct?
  • I gave all devices on networks static IP's, except for IP cameras which will obtain IP from DHCP.
  • When I plug in a PoE 15.4 watt camera, is the port set to auto detect by default so it powers up camera or do I manually enable PoE on port?

- I have to run DHCP on core switch, only on network 172.16.0.0/16 default Vlan 1 so my IP cameras can obtain an IP.


ip dhcp pool cameras

network 172.16.0.0 255.255.0.0

default-router 172.16.0.1

- On the PoE IP camera and POS station ports I'm thinking of configuring the following:

switchport mode access

spanning-tree portfast

Let me know what you guys think. I have a few weeks before these have to go to production. Any help and direction will be greatly appreciated!

I will be checking thread periodically and posting updates.


2 Accepted Solutions

Accepted Solutions

Oh I see!

So with each stack use the 'port-channel 1' for each of them.

e.g.

if we have one stack, it will only have only one etherchannel, therefore should only be port-channel 1 (the first of the 6). This could link to the 4500 on Portchannel 1

When we have the second stack, it will too have one etherchannel, which is port-channel 1 (the first of the 6).

This could link to the 4500 on Portchannel 2

and so on.... The port-channel number is locally significant only so you wont run in to loops if its configured the suggested way etc..

This way you can keep things simple and you will have ease of management this way.

No you do not need to connect physicals to configure

Hope this makes sense.

Please rate helpful posts, & mark any questions as answered thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

View solution in original post

Po stands for Port-Channel

Coming to the config you are confused about lets say we have 4500 and the 2960 switch on level 1

on the 4500 we could configure our port-channels and channel-groups like this:

Firstly, which ever physical interfaces you have chosen for your uplinks then the portchannel to the switch on level 1

Interface gi2/1

channel-group 1 mode active

!

interface gi2/2

channel-group 1 mode active

!

interface po1

description ## Etherchannel to 2960 1st Floor ## Connects to Po1 ##

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 1-4

Now we will configure the etherchannel for the 2nd switch on level 2

Interface gi2/3

channel-group 2 mode active

!

interface gi2/4

channel-group 2 mode active

!

interface po2

description ## Etherchannel to 2960 2nd Floor ## Connects to Po1 ##

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 1-4

Next, configure the etherchannel for the 3rd switch on level 3

Interface gi2/5

channel-group 3 mode active

!

interface gi2/6

channel-group 3 mode active

!

interface po3

description ## Etherchannel to 2960 3rd Floor ## Connects to Po1 ##

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 1-4

and so on and so forth.... All on the 4500.

All 2960's can be consistent i.e. all of them can have this configuration (apart from the description - which you can change):

2960 on level 1:

Interface gi1/0/1

channel-group 1 mode active

!

interface gi2/0/1

channel-group 1 mode active

!

interface po1

description ## Etherchannel to 4506 ## Connects to Po1 ##

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 1-4

2960 on level 2:

Interface gi1/0/1

channel-group 1 mode active

!

interface gi2/0/1

channel-group 1 mode active

!

interface po1

description ## Etherchannel to 4506 ## Connects to Po2 ##

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 1-4

2960 on level 3:

Interface gi1/0/1

channel-group 1 mode active

!

interface gi2/0/1

channel-group 1 mode active

!

interface po1

description ## Etherchannel to 4506 ## Connects to Po3 ##

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 1-4

etc.....

As I said before, every time you do the channel-group 1 mode active command, it will create the interface portchannel 1.

This is the same for any other number.

I hope this makes sense now?

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

View solution in original post

35 Replies 35

is the 4506e l3 or l2?

SUP6L-E so basic L3 from my lookup.

Bilal Nawaz
VIP Alumni
VIP Alumni

Hi,

Your 4506E will need to be the default gateway for all your devices I assume. So it will host all the SVI's for your vlans.

For example:
For vlan 1 since you have a 172.16.0.0/16, typically you would use the first address or the last address.

Interface vlan 1
IP address 172.16.0.1 255.255.0.0
Assuming you've created the vlans on the core, now you need to configure the uplink to a 2960.

Int gi4/1
Description ## Trunk to 2960 ## Gi0/1 ##
Switchport
Switchport trunk encapsulation dot1q
Switchport mode trunk

Your DHCP config seems fine, not too sure if camera system would use DNS?

All that needs to be done then is from your 2960 you need to create a trunk (your fiber uplinks)

E.g.
Int gi0/1
Description ## Trunk to 4506E ## Gi4/1 ##
Switchport
Switchport trunk encapsulation dot1q
Switchport mode trunk

(I am assuming you are using only one uplink and not more?)
This will trunk all local vlans on the switch, so you have to create the vlans if you are not using VTP. Be careful though, before connecting any switch device to your network, ensure that the switch is not the VTP server, should be transparent in most cases.

So in summary
Create vlans on 4506
Create SVIs for the vlans on 4506
Configure DHCP pool on 4506
Configure trunk uplink to 2960 on 4506

Then

Create vlans on 2960
Configure trunk to 4506
Configure your access ports

So lets say you have a camera in vlan 1
On the 2960 it would look like this:

Int fa 0/1
Switchport
Switchport mode access
Switchport access vlan 1
Spanning-tree portfast

You might want to have another vlan dedicated for managing your cisco devices remotely via telnet or ssh. Or not sure of that was the reason for vlan 3.

With powering your devices, you could use 'power inline consumption' command if the power is standardised and recognised by the 2960. I think it's 802.3af devices.
Please see FAQ RE to this

http://www.cisco.com/en/US/products/hw/phones/ps379/products_qanda_item09186a00808996f3.shtml

Hth

Sent from Cisco Technical Support iPhone App

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

For vlan 1 since you have a 172.16.0.0/16, typically you would use the first address or the last address.


Interface vlan 1

IP address 172.16.0.1 255.255.0.0

I'll use the last address 172.16.0.254 as gateway. Will that command above stay the same or is that just setting a static IP on vlan 1? How do you recommend setting the gateway?

Your DHCP config seems fine, not too sure if camera system would use DNS?

No DNS on camera system. Will I have to exclude my other networks / vlans from DHCP server? Only setting up on 172.16.0.0/16 network. Don't want any conflicts.

ip dhcp pool cameras

network 172.16.0.0 255.255.0.0

default-router 172.16.0.1

(I am assuming you are using only one uplink and not more?)

This will trunk all local vlans on the switch, so you have to create the vlans if you are not using VTP. Be careful though, before connecting any switch device to your network, ensure that the switch is not the VTP server, should be transparent in most cases.

I'm using two 1GB uplinks from each 2960S Stack, one from each switch. How do I make sure one of the 2960S switches isn't the VTP server?

Your 4506E will need to be the default gateway for all your devices I assume. So it will host all the SVI's for your vlans.

Create SVIs for the vlans on 4506

How do I create SVI's on 4506?

Thank you very much for your time in helping me out, much appreciated!







Okay so there's quite a few things we need to cover so I'll try my best to explain step by step.

So you need to create an SVI (switched virtual interface) which is an interface that resides on that particular vlan. So it belongs to a vlan, same as having a physical interface with an IP, it belongs to that port, but in our case the vlan.

The interface (SVI) that we will create for our VLANs will be the default gateway for the end point devices, I.e your pc's, cameras etc...

The address you suggested is 172.16.0.254 which then means its a /24 not a /16 (please google on subnetting if you don't know this) /24 has a subnet mask 255.255.255.0.

So lets begin with our first interface on vlan 1 which will be the gateway for all hosts on vlan 1.

The description on the interface can be anything, so you can change this to something more explanatory to you.

Conf t

Interface vlan 1

Description ## Vlan 1 ## Camera ##

IP address 172.16.0.254 255.255.255.0

No shut

So this is the gateway for vlan 1 that we have set up.

Now DHCP for devices on vlan 1. Since you stated the gateway will be 254 then we'll have to change DHCP.

Ip dhcp pool camera

Network 172.16.0.0 255.255.255.0

Default-router 172.16.0.254

This DHCP will not conflict with other DHCP scopes for other vlans. It will only be active in vlan 1. The Cisco devices know this because one of their interfaces are within the same network. Therefore is active only on that network.

So the clients send a DHCP discovery message on that vlan to the 255.255.255.255 which is a broadcast address, saying 'is there anyone out there who can help me get an IP address' then the router will reply saying yes (since it has a DHCP scope that resides in the same vlan)! It will the offer an address, for example 172.16.0.5, and then there's a closing acknowledgement, saying everything is OK to use this address.

During this process, key information is sent down to the host like the default gateway as we have configured. So then at least the camera knows where to go if the camera itself doesn't know the way. Hence the, default router command for DHCP telling the camera to go to the interface vlan 1 (SVI) so that it can be routed if needed.

Next up is the trunks and the 2960. So I hope I have clarified the potential configuration of the actual trunk itself??

To work out the VTP info, issue a 'show VTP status' command and you should be able to see if its either server, transparent or client. (You could output the info on here if you have any queries with regards to this)

I have already explained what SVI is, so it's an interface on the vlan which we plan to use as the default gateway for all the devices in their vlans respectively.

Hope this helps.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Understand SVI's now    thanks! Few more questions though bear with me.

I decided to go with this network range 172.16.16.0/20. I need max camera growth to be around 4,000 won't exceed that. Do I have to set a static IP on core switch or just SVI gateway on vlan?  Will I need to assign a static IP on 2960 switches?

Conf t

Interface vlan 1

Description Vlan 1 IP Cameras

IP address 172.16.31.254 255.255.240.0

No shut

Ip dhcp pool camera

Network 172.16.16.0 255.255.240.0

Default-router 172.16.31.254

Configure your access ports


So lets say you have a camera in vlan 1

On the 2960 it would look like this:


Int fa 0/1

Switchport

Switchport mode access

Switchport access vlan 1

Spanning-tree portfast

Once I create vlans on core all I have to do is configure access ports on 2960 and associate to vlan on core correct?

Int gi0/1

Description ## Trunk to 4506E ## Gi4/1 ##

Switchport

Switchport trunk encapsulation dot1q

Switchport mode trunk

I'm going to have two fiber uplinks to core one from each switch in stack. Will the commands above suffice or do you recommend a different scenario?

Conf t

Interface vlan 1

Description ## Vlan 1 ## Camera ##

IP address 172.16.0.254 255.255.255.0

No shut

Do I need to type in the above commands for vlan 2 and 3 also correct? Any other vlan configuration needed on core?

Thank you very much for your patience and time leading me in the right direction Bilal.


ruckessbx1 wrote:

Understand SVI's now    thanks! Few more questions though bear with me.

I decided to go with this network range 172.16.16.0/20. I need max camera growth to be around 4,000 won't exceed that. Do I have to set a static IP on core switch or just SVI gateway on vlan?  Will I need to assign a static IP on 2960 switches?

if by you mean static ip - you mean a way to reach them remotely - then yes. vlan 4 could work. and you would ave to create your own subnet and svi on the core for it as well.


so for the 2960's you can just do;


config t

int vlan 4

ip address

192.166.4.4 255.255.255.0

no shut

end

wr


or whatever ip/subnet you wanted to go with. then i would also add this command to all trunk ports between switches:


config t

int g0/1

switch trunk native vlan 4

end

wr


do that on the core side as well

Conf t

Interface vlan 1

Description Vlan 1 IP Cameras

IP address 172.16.31.254 255.255.240.0

No shut

Ip dhcp pool camera

Network 172.16.16.0 255.255.240.0

Default-router 172.16.31.254

Configure your access ports


So lets say you have a camera in vlan 1

On the 2960 it would look like this:


Int fa 0/1

Switchport

Switchport mode access

Switchport access vlan 1

Spanning-tree portfast

Once I create vlans on core all I have to do is configure access ports on 2960 and associate to vlan on core correct?

once you create the vlans on the core - enter this command in the core switch:


config t

vtp mode server


then - on all of your access switches - enter this command:


config t

vtp mode client

end

wr


this will make whatever vlans that were created on the core be transferred to the access switches. now when you connect something to an access port on the access switches, you would just need to put:


config t

in f0/2

switch access vlan 2

end

wr


or whatever vlan you are wanting them to have access to

Int gi0/1

Description ## Trunk to 4506E ## Gi4/1 ##

Switchport

Switchport trunk encapsulation dot1q

Switchport mode trunk

I'm going to have two fiber uplinks to core one from each switch in stack. Will the commands above suffice or do you recommend a different scenario?

no. this would create a loop on your network by creating a redundant link. i would set them up as portchannels if it were me. this way - you would have twice the bandwidth and a redundant link.here is an article o0 portchannels:


http://www.cisco.com/en/US/tech/tk389/tk213/technologies_configuration_example09186a0080094647.shtml

 


you will also have to enable spanning-tree on your network to help you from creating loops. to enable spanning-tree on the network - its a bit tricky. read up on this and come back with questions:


http://www.cisco.com/en/US/tech/tk389/tk621/technologies_configuration_example09186a008009467c.shtml


i will be back tomorrow with my personal sugestions for these configurations.


you can also circumvent all of this by just doing one uplink to each switch....just sayin'

Conf t

Interface vlan 1

Description ## Vlan 1 ## Camera ##

IP address 172.16.0.254 255.255.255.0

No shut

Do I need to type in the above commands for vlan 2 and 3 also correct? Any other vlan configuration needed on core?

you will have to create an svi for every vlan on the network. to create the vlans use the following command:


config t

vlan 1

des camera vlan

vlan 2

des client vlan

vlan 3

des seerver vlan

vlan 4

des switch mangement vlan

end

wr


i wish i could elborate more but i must go, i will be back tomorrow to answer anymore questions. im sure bilal will be here to help too

Thank you very much for your patience and time leading me in the right direction Bilal.

you can also circumvent all of this by just doing one uplink to each switch....just sayin'

I have 8 stacks of access switches with two 1GB uplinks each going to core. I already have all the GBIC's on hand and need the redundant links. I'll do some research on etherchannel.

I also would like to set a password on all switches to access through console and ssh.

Thanks Matthew!

Bilal did a very good job of outlining how to setup the etherchannels.

To setup the username and password, use the following command:

config t

username XXXXXXXX pasword XXXXXXXX privilege 15

line console 0 privilege 15

end

wr

With vlan 1, if you assign a SVI with an IP then you do not need another static address for this vlan. If you wanted to create another one for vlan 2 you would follow the same method.

Will you need to assign a static IP on 2960 switches?

Umm, no - not necessarily, however as Matthew mentioned briefly, you could assign a management vlan and SVI so you could manage your devices using SSH or telnet.

Once you configure the vlans and SVI's on the core, all you will have to create the vlans on the 2960 (no svi's needed on this device).... Did you manage to verify the VTP info?

I asked the question before about how many uplinks you will be using

Since you will be using more that one uplink Matthew suggested using etherchannel which I agree. If you didnt use this then spanning-tree will block one port and you will only be making use of x1 1gb link. There are two main protocols recommended to do this, cisco's PAGP or standardized LACP. What this will do is bundle together both uplinks in to one virtual link. This is called portchannel or etherchannel. Since LACP is a standard, I'll be suggesting the config for this below:

For example if one the 2960 we have gi0/1 and 0/2 using as uplinks to the 4500 on gi1/1 and 1/2 we will do this:

2960:

interface gi0/1

channel-group 1 mode active

interface gi0/2

channel-group 1 mode active

interface Port-channel1

description ## Portchannel to 4500 ## Po1 ##

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-4

switchport mode trunk

This creates a virtual interface called Po1 - Important! instead of configuring the physical ports, we configure the port-channel interface. If we do not do this and the physical interface is a different configuration then its likely to break and may cause a loop in your network.

You can specify allowed vlans on the trunk, so i have allowed vlans 1 - 4.

You do the same on the other side with the 4500.

when you are connecting to more that one stack of 2960's for example one on floor 1 will be channel-group 1 mode active which will be your port-channel 1 interface.

and the one on floor 2 could be channel-group 2 mode active subsequently it will create port-channel 2

and 3 channel-group 3 mode active and so on...

e.g.

4500:

interface gi1/1

channel-group 1 mode active

interface gi1/2

channel-group 1 mode active

interface Port-channel1

description ## Portchannel to 2960 ## Po1 ##

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-4

switchport mode trunk

please see

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_55_se/configuration/guide/swethchl.html for config guide and info with regards to this.

You need to create the same for vlans 2 and 3, SVI interfaces on the 4500 and it will be the gateway for your devices.

=============================================================================================

Example config below:

4500:

Enable ip routing on 4500:

conf t

!

ip routing

VTP mode to transparent:

vtp mode transparent

So create the vlans:

vlan 1

name ##CAMERA_VLAN##

!

vlan 2

name ##CLIENT_VLAN##

!

vlan 3

name ##SERVER_VLAN##

!

vlan 4

name ##MANAGEMENT_VLAN##

Now create the SVI's

interface vlan 1

description ## Vlan 1 ## Camera ##

ip address 172.16.31.254 255.255.240.0

no shut

!

interface vlan 2

description ## Vlan 2 ## Client ##

ip address 192.168.1.254 255.255.255.0 (you can change this to what you need)

no shut

!

interface vlan 3

description ## Vlan 3 ## Server ##

ip address 192.168.20.254 255.255.255.0 (you can change this to what you need)

no shut

!

interface vlan 4

description ## Vlan 4 ## MANAGEMENT ##

ip address 10.0.0.1 255.255.255.0 (this will be the address you can SSH or TELNET to for managing remotely)

no shut

Create the DHCP scope for vlan 1:

Ip dhcp pool ##CAMERA##

Network 172.16.16.0 255.255.240.0

Default-router 172.16.31.254

Then finally the trunk and uplinks:


interface gi1/1

channel-group 1 mode active

interface gi1/2

channel-group 1 mode active

interface Port-channel1

description ## Portchannel to 2960 ## Po1 ##

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-4

switchport mode trunk

Phew! so thats done, and now the 2960

=============================================================================================

2960:

conf t

VTP mode to transparent:

vtp mode transparent

Create the vlans:

vlan 1

name ##CAMERA_VLAN##

!

vlan 2

name ##CLIENT_VLAN##

!

vlan 3

name ##SERVER_VLAN##

!

vlan 4

name ##MANAGEMENT_VLAN##

Create the SVI for MANAGEMENT ONLY:

interface vlan 4

description ## Vlan 4 ## MANAGEMENT ##

ip address 10.0.0.2 255.255.255.0 (this will be the address you can SSH or TELNET to for managing remotely)

no shut

Then finally the trunk and uplinks:


interface gi0/1

channel-group 1 mode active

interface gi0/2

channel-group 1 mode active

interface Port-channel1

description ## Portchannel to 4500 ## Po1 ##

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-4

switchport mode trunk

Not to forget the access ports!!!:

int fa0/1

description ## CAMERA ACCESS ##

switchport

switchport mode access

switchport access vlan 1

int fa0/2

description ## SERVER ACCESS ##

switchport

switchport mode access

switchport access vlan 2

int fa0/3

description ## CLIENT ACCESS ##

switchport

switchport mode access

switchport access vlan 3

(Same can be done on the 4500 if you wanted to have an access port in there...

We need to remember to put a default route on the 2960 so you can manage this device:

ip route 0.0.0.0 0.0.0.0 10.0.0.1

=============================================================================================

That should be it, I think I have covered all the configuration that you will need for this.

From your PC you should then be able to configure your devices on

10.0.0.1 (4500)

10.0.0.2 (2960)

You need to set a username and password on them before doing this.

Let me know if you have any more Q's, happy to help

Please rate any helpful posts, thank you

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Did you manage to verify the VTP info?

Not yet. I'm configuring these from scratch. There are some configs on switches now but I'm going to do a write erase and start a new config. Will write erase give me a clean slate or am I missing another command? All switches are running IOS 12.2.

when you are connecting to more that one stack of 2960's for example one on floor 1 will be channel-group 1 mode active which will be your port-channel 1 interface.

and the one on floor 2 could be channel-group 2 mode active subsequently it will create port-channel 2

and 3 channel-group 3 mode active and so on...

I have 8 stacks of access switches with two 1GB uplinks each going to core. What's the max number of channel-groups, will it go up too 8?

VTP mode to transparent:

I did some research on VTP modes but still undecisive. Will continue to look into.

VTP ModeDescription
VTP Server

The default mode for all switches supporting VTP. You can create, modify, and delete VLANs and
specify other configuration parameters (such as VTP version)
for the entire VTP domain.

VTP servers advertise their VLAN configurations to other switches in the same VTP domain and synchronize their VLAN configurations with other switches based on advertisements received over trunk
links. VLAN configurations are saved in NVRAM.

VTP ClientBehaves like a VTP server, but you cannot create, change, or delete VLANs on a VTP client. VLAN configurations are saved in NVRAM.
VTP Transparent

Does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements. However, they will forward VTP advertisements as they are received from other switches.

You can create, modify, and delete VLANs on a switch in VTP transparent mode. VLAN configurations are saved in NVRAM, but they are not advertised to other switches.


We need to remember to put a default route on the 2960 so you can manage this device:

ip route 0.0.0.0 0.0.0.0 10.0.0.1

On 2960 I should set up ip route 0.0.0.0 0.0.0.0 10.0.0.2 correct?

and 4506 do I need to set up ip route for management vlan or will just creating the SVI for vlan 4 be good?

Int fa 0/1

Switchport

Switchport mode access

Switchport access vlan 1

Spanning-tree portfast

So with this configuration command you explained earlier in thread, I won't need spanning-tree portfast anymore and why?


Thanks again Bilal!



If you want to factory reset a switch device you can do a 'write erase' however, this wont necessarily remove the vlans back to factory settings.

For that, you will need to delete a file in flash: called 'vlan.dat' - if you do a 'show flash' you should be able to see this file. This file contains the vlans that have been created on the switch.

To delete it, use the command delete flash:vlan.dat

Please see http://www.cisco.com/en/US/products/hw/switches/ps607/products_tech_note09186a00800c4546.shtml for more details.

With the 4500 you can do up to 64 etherchannels I think - in my production environment i have around 16, so you should be safe! And with the 2960's you will only be using one etherchannel per stack, so you will be fine with more than enough room to expand.

The limit is the number on physical interfaces in one etherchannel, so thats 8 physical ports combined in one etherchannel.

So all in all on the 4500 you will have a total of 8 etherchannels as I understand.

Using the VTP protocol is very handy if you have many vlans and a whole estate of switches. But in this case since you only have a total of 9 (1x 4500 & 8x 2960) in my opinion it's not worth the thought and risk.

The risk is, if you were to attach a switch to the network and it so happens to be in server mode, it could erase all vlans in your entire estate, and I have seen this happen in a live environment. This is my opinion on it anyway. Not sure if others would agree?

No. On the 2960 (since its not a router) you need to tell it that your default gateway is the 4500 because it will be hosting all the SVI's and will allow your pc to ssh to that address being routed.

So the IP route command will be: ip route 0.0.0.0 0.0.0.0 10.0.0.1

Just creating the SVI and enable ip routing will be enough on the 4500

Lastly, it was down to human error that I had missed out the spanning-tree portfast command. I must have forgotten it.

Links below tell you how to enable passwords and vty ssh access.

For SSH you need to put your device in a domain i.e.

ip domain-name xxxxx

then you need to generate a key for SSH encryption.

crypto generate key rsa

Then it will ask you what length/bit you want the key to be. I normally go for 1024 bit key but as long as you have one it will be encrypted.

After this is done you should enable ip ssh version 2 with the command:

ip ssh version 2

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

http://www.cisco.com/en/US/products/sw/iosswrel/ps1818/products_configuration_example09186a0080204528.shtml

Hopefully I have covered all the configuration required in the attached...

Hope this helps!

Please rate any helpful posts, thank you

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

2960

interface gi0/1

channel-group 1 mode active

!

interface gi0/2

channel-group 1 mode active

I remember trying to set up etherchannel on 2960 a few weeks ago and when I got to 7th stack channel-group 7, it wouldn't take maxed out at 6?? Maybe I did something wrong.. I'll try again this week..

ip domain-name xxxxxxx

What name is recommended for ip domain-name xxxxxxxx is this similar to hostname?

Thanks for all your help I'll rate you top notch! Very useful information...

When you mean stack, I dont quite understand what you are saying here:

ruckessbx1 wrote:

I remember trying to set up etherchannel on 2960 a few weeks ago and when I got to 7th stack channel-group 7, it wouldn't take maxed out at 6?? Maybe I did something wrong.. I'll try again this week..

Was it the 4500 that had the limitation?

I know the stacking technology but I dont think there should have been anything stopping you from creating another etherchannel.

How did you have the physicals plugged in?

The ip domain-name xxxxxx is needed to enable SSH - can be anything really. I normally have the organisations domain. Its not the hostname.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
Review Cisco Networking for a $25 gift card