Solved: Re: New 3750 Setup

adam.strobel · ‎12-01-2006

Hi, I need to install a new 3750 into my production environment but I'm not sure if I have configured the 3750 properly. I have attached the "show run" config, Just from the basic switch config setup can someone tell me if this is correct or not?

This switch is for a IDF closet that connects back to a 4006 switch.

thank you!!!

rdanevich · ‎12-01-2006

Generally it looks pretty good to me if two conditions are met:

1.) Your Data Vlan is using only Vlan 1 as all your access ports aren't configured to use any Vlan, therefore the access ports use the default of Vlan 1.

If you are in fact using multiple Vlans your access ports will need to be assigned to their respective Vlan.

(switchport access vlan x)

However; if you're using Dynamic Vlans then you need to do nothing. The VMP server will dynamically assign the swithport the appropriate Vlan based on the connected device's MAC address.

2.) The 4006 switch supports and is configured/using dot1q encapsulation. (I'm unfamiliar with the 4000 series switches) Make sure it's not using ISL trunking. If it is you'll have to change your encapsulation type to isl.

I suggest configuring ALL your Gig ports with the encapsulation type and trunk command. This way you or whomever can simply pick any Gig port and Plug-N-Play ;-) to your standard. An organized person will pick port 1. Don't assume everybody will pick port 1 cause they WON'T!! So just configure all the uplink/backbone links now, better safe then sorry.

Also, before plugging this switch into your network, configure the VTP Domain Name to the VTP domain this switch will join AND configure it as a VTP Client before plugging it into your network. Plugging it into your network with the same VTP domain name and as a SERVER, you can inadvertenly wipe out ALL your VLANS and bring down your entire network. Hard lesson to learn! So again, better safe then sorry.

View solution in original post

rdanevich · ‎12-01-2006

Good catch on that enable password or enable secret password.

What about terminal lines 0 thru 4, shouldn't he also put a password and login command in those lines? Or will vty lines 5 thru 15 suffice?

View solution in original post

glen.grant · ‎12-01-2006

If you are just useing it as a single subnet switch all in vlan 1 then it looks ok except you need to turn off ip routing otherwise you will have to use a default static route instead of the default gateway that you currently have configured . The default gateway should be pointed at the layer 3 routing interface for the subnet you are attached to whether it be a router or a l2/3 switch . The other question is everything you are using all in vlan 1 , is the 4006 all vlan 1 too ??? You also appearing to be missing an "enable secret " password , got to have that also otherwise it won't let you in to configure the switch .

rdanevich · ‎12-01-2006

Good catch on that enable password or enable secret password.

What about terminal lines 0 thru 4, shouldn't he also put a password and login command in those lines? Or will vty lines 5 thru 15 suffice?

glen.grant · ‎12-02-2006

nope he needs line vty 0 4 passwords also , if fact those are the ones he will hit first . Not sure why you need 15 vty line anyway but that is another discussion . :-)

rdanevich · ‎12-01-2006

Generally it looks pretty good to me if two conditions are met:

1.) Your Data Vlan is using only Vlan 1 as all your access ports aren't configured to use any Vlan, therefore the access ports use the default of Vlan 1.

If you are in fact using multiple Vlans your access ports will need to be assigned to their respective Vlan.

(switchport access vlan x)

However; if you're using Dynamic Vlans then you need to do nothing. The VMP server will dynamically assign the swithport the appropriate Vlan based on the connected device's MAC address.

2.) The 4006 switch supports and is configured/using dot1q encapsulation. (I'm unfamiliar with the 4000 series switches) Make sure it's not using ISL trunking. If it is you'll have to change your encapsulation type to isl.

I suggest configuring ALL your Gig ports with the encapsulation type and trunk command. This way you or whomever can simply pick any Gig port and Plug-N-Play ;-) to your standard. An organized person will pick port 1. Don't assume everybody will pick port 1 cause they WON'T!! So just configure all the uplink/backbone links now, better safe then sorry.

Also, before plugging this switch into your network, configure the VTP Domain Name to the VTP domain this switch will join AND configure it as a VTP Client before plugging it into your network. Plugging it into your network with the same VTP domain name and as a SERVER, you can inadvertenly wipe out ALL your VLANS and bring down your entire network. Hard lesson to learn! So again, better safe then sorry.