Scenario-1 Prepare a new switch for operation and remote administration

The Scene
  • Install a new User Access switch (UserAcc-2) into an existing small network topology consisting of a single Layer 3 Core Switch and one other Layer 2 User Access Switch.
  • The existing Collapsed Core and User Access Switch have already been setup.
  • 802.1Q trunks have been setup between the existing User Access and Core Switch.
  • Switch CORE-1 is configured as the Spanning Tree Root Bridge for all VLANS.

Scenario-1
The Goal
  • Configure the new User Access Switch so that it has all the necessary VLAN and Trunk configuration needed to support new hosts.
  • Additionally configure the new switch so that it can be accessed remotely via SSH from the MGMT-RTR.
 
Resources

 

The High Level Steps
  • Configure a Trunk port on switch Core-1 that will connect to UserAcc-2.
    • 802.1Q Trunk Encapsulation
    • Provide a meaningful description
  • Power on UserAcc-2.
  • Access the new switch via its console connection.
    • No password needed when accessing devices via their Console Port
  • Configure Hostname and Domain Name details.
    • UserAcc-2
    • myvirl.lab
  • Configure VTP settings
    • Set the switch to transparent.
    • set the vtp domain name myvirl.lab
  • Configure a Trunk Port on the new user access switch which is connected to Core-1.
    • 802.1Q Trunk Encapsulation
    • Provide a meaningful description
  • Configure Layer 2 VLANS (as per the diagram).
  • Configure a management IP address (in VLAN 10) and default gateway.
    • 10.10.10.100/24
    • 10.10.10.1
    • Provide a meaningful interface description.
  • Configure cryptographic keys and enable SSH.
  • Setup SSH only access with locally configured admin account.
    • Username netadmin
    • Password letmein
    • Enable Secret levelup
  • Open a Console connection to MGMT-RTR confirm IP connectivity with UserAcc-2 and connect to it using SSH.

 

The Solution

  • Access Core-1 via its console connection:
enable
levelup
!
conf terminal
!
interface gi0/2
  shutdown
  switchport trunk encapsulation dot1q
  switchport mode trunk
  description to UserAcc-2
!
  • Power on UserAcc-2 and access its console connection and set the switch hostname and domain name:

enable
!
conf t
!
hostname UserAcc-2
!
ip domain name myvirl.lab
!

  • Set the switches VTP setting:

vtp mode transparent
!
vtp domain myvirl.lab
!

  • Configure UserAcc-2 uplink trunk port:

int gi0/1
  switchport trunk encapsulation dot1q
  switchport mode trunk
  description to Core-1
!

  • Setup the VLANs used within the network topology on UserAcc-2:

vlan 10
  name MGMT-VLAN
!
vlan 100
  name User-Data-1
!
vlan 101
  name User-Data-2
!
vlan 200
  name User-Voice-1
!
vlan 201
  name User-Voice-2
!

  • Configure management VLAN IP adding on UserAcc-2:
interface vlan 10
 ip address 10.10.10.5 255.255.255.0
 description MGMT-VLAN
 no shutdown
!
ip default-gateway 10.10.10.1
!
  • Configure cryptographic keys and enable SSH:

crypto key generate rsa modulus 1024
!
ip ssh version 2

  • Setup a locally configured admin account, enable secret and limit remote access to just SSH:

username netadmin password letmein
!
enable secret levelup
!
line vty 0 4
  login local
  transport input ssh
!

  • Return to Core-1 and enable to trunk port connected to UserAcc-2

conf terminal
!
interface gi0/2
  no shutdown
!

  • Finally, connect to the Management Host MGMT-RTR and confirm that you can reach the Management IP address of UserAcc-2 and login to it via SSH:

ping 10.10.10.5
!
ssh – v2 -l netadmin 10.10.10.5
!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.