Re: Best Practices for Switches

tahirs001 · ‎12-06-2010

Hi,

I have been tasked with the following scenario and need some help and suggestion on how i would tackle this?

In my organisation we have over a hundred Cisco switches all placed over Europe, I need to create one build for all sites so that all switches have the same settings i.e. IOS version, Security settings, Vlans (one for voice & one for data)

Is there any best practices which i can follow? also how what is the best tool to control all of these switches?

Thanks

Tahir

Mathias Garcia · ‎12-06-2010

I would go to www.cisco.com/go/srnd

and have a look on their guides.

For example http://www.cisco.com/en/US/docs/solutions/Enterprise/Branch/Design.html or others depending on your need.

Some simple stuff to do. Sepparate management traffic from user traffic. Use ssh for remote access instead of telnet/http.

Secure vty lines and snmp communities with acl's. dhcp snooping. run autoqos voip (unless you have some other specific QoS needs).

Enable portfast on access ports. perhaps look into dot1x. service password-encryption. configure aaa (radius/tacacs).

Edit: forgot about logging. use ntp, a syslog server and configure service timestamps log] datetime msec.

glen.grant · ‎12-06-2010

http://www.cisco.com/en/US/products/hw/switches/ps700/products_white_paper09186a00801b49a4.shtml#cg1

This is a best practices doc for IOS switches. For other best practices just plug in "best practices" into the search line on the main cisco page. As far as managing you can get Ciscoworks though it can get pricey . Some people us tools from vendors like Solarwinds who makes good monitoring and troubleshooting tools .