Cisco Catalyst 6500 IOS Configuration Template
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 | ! ***** Fill in the parameters within the angle brackets ***** ! ***** Catalyst 6500 Native configuration template ***** !**************************************************************** ! mls rate-limit unicast ip icmp unreachable acl-drop 10 mls rate-limit unicast ip icmp redirect 10 no service pad service timestamps debug datetime localtime service timestamps log datetime localtime logging buffered 11024 service password-encryption enable secret <password> no enable password ip multicast-routing clock timezone GST 0 ! hostname <hostname> ! ! ! *************************************************************** ! * Configure DNS parameters ! * Enable UDLD in aggressive mode ! * Enable full ip flow tracking for mls ! * Enable TCP path mtu discovery ! * Enable QOS and re-map COS to DSCP values ! * Rate limit ip redirect and unreachable to the Switch process at 10 PPS ! *************************************************************** ! ip subnet-zero ip domain lookup ip domain-list <domain that switch is in> ip name-server <www.xxx.yyy.zzz> udld aggressive udld message time 7 mls flow ip full ip tcp path-mtu-discovery age-timer 30 mls qos map cos-dscp 0 8 16 26 32 46 48 56 mls qos map ip-prec-dscp 0 8 16 26 32 46 48 56 mls qos mls aclmerge algorithm odm mls aclmerge odm optimizations ! ! ! *************************************************************** ! * Set the VTP domain to the name of the switch and the VTP mode to transparent ! *************************************************************** ! vtp domain <hostname> vtp mode transparent ! errdisable recovery cause all errdisable recovery interval 60 ! ! ! *************************************************************** ! * Configure Spanning Tree ! * Set the spanning tree root or secondary root for the vlan. If this is the HSRP ! * primary for this vlan, the priority should be set to 8192. If this is the HSRP ! * standby, the priority should be set to 16384. ! *************************************************************** ! spanning-tree mode rapid-pvst spanning-tree vlan <vlan list> priority <value 8192 for primary or 16384 for secondary> spanning-tree extend system-id spanning-tree portfast bpduguard default ! ! ! ******************** ! * Configure VLANs ! ******************** ! vlan <vlan number> name Data_Vlan vlan <voice vlan number> name Voice_Vlan ! ! ! ******************** ! * Standard Fastethernet interfaces (2q1p2t ports), configure as a range ! ******************** ! interface range FastEthernet <Start interface> - <End Interface Number> switchport switchport host switchport access vlan <vlan> switchport voice vlan <voice vlan number> no snmp trap link-status mls qos trust extend cos 0 mls qos trust cos priority-queue cos-map 1 5 power inline auto no shut ! ! ! *************************************************************** ! * Uplink Ports ! * Configure the uplink ports to trunk with 802.1q encapsulation ! * Only trunk vlans that are needed ! * Set port to trust DSCP values from the MDF ! *************************************************************** ! interface range GigabitEthernet <Start interface> - <End Interface Number> switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan <vlan list, NOT vlan 1> switchport mode trunk mls qos trust cos no shut ! ! ! ******************** ! * Always disable interface VLAN 1 ! ******************** ! interface Vlan1 no ip address shutdown ! ! ! *************************************************************** ! * Layer 3 Vlan Interfaces No HSRP ! * Enable PIM on the interface ! * Do Not enable PIM on VOICE vlans ! *************************************************************** ! interface vlan <vlan Number> ip address <IP Address> <Netmask> ip helper-address <helper address> no ip redirects no ip directed-broadcast ip pim sparse-dense-mode no shut ! ! ! *************************************************************** ! Use the configurations below for configuring HSRP ! *************************************************************** ! ! *************************************************************** ! * Layer 3 Interfaces (Primary HSRP) ! *************************************************************** ! * Enable PIM on the interface ! * Configure the standby HSRP IP address ! * Configure the HSRP timers 1 & 3 respectively ! * Configure the HSRP priority (115) & premept delay (15) ! * Configure interface tracking for HSRP ! * Do Not enable PIM on VOICE vlans ! *************************************************************** ! interface vlan <vlan Number> ip address <ip address> <netmask> ip helper-address <helper address> no ip redirects no ip directed-broadcast ip pim sparse-dense-mode standby <group number> ip <HSRP address> standby <group number> timers 1 3 standby <group number> priority 115 preempt delay 15 standby <group number> track <uplink interface> 20 no shut ! ! *************************************************************** ! * Layer 3 Interfaces (HSRP Standby) ! *************************************************************** ! * Enable PIM on the interface ! * Configure the standby HSRP IP address ! * Configure the HSRP timers 1 & 3 respectively ! * Configure the HSRP priority ! * Configure interface tracking for HSRP ! * Do Not enable PIM on VOICE vlans ! *************************************************************** ! interface vlan <vlan Number> ip address <ip address> <netmask> ip helper-address <helper address> no ip redirects no ip directed-broadcast ip pim sparse-dense-mode standby <group number> ip <HSRP address> standby <group number> timers 1 3 standby <group number> priority 100 preempt delay 15 standby <group number> track <uplink interface> 20 no shut ! ! ! *************************************************************** ! * Set the syslog server ! * Disable the HTTP server for web management ! *************************************************************** ! logging trap debugging no ip http server logging <logging server IP address> ! ! ! ******************** ! * Set SNMP system variables ! ******************** ! snmp-server community <Read-Only String> RO snmp-server location <site/building> snmp-server contact <contact-name> snmp-server enable traps snmp-server ifindex persist no snmp-server enable traps syslog no snmp-server chassis-id snmp-server trap-source vlan <management vlan> no snmp-server enable traps snmp authentication ! ! ! ******************** ! * Configure the tacacs+ servers ! ******************** ! tacacs-server host <Primary tacacs server IP> tacacs-server host <Secondary tacacs server IP> tacacs-server timeout 10 tacacs-server key <tacacs key> ! ! ! ******************** ! * Set the Banner exactly as shown below ! ******************** ! Banner motd ^ THIS IS A PRIVATE COMPUTER SYSTEM --- USAGE MAY BE MONITORED AND UNAUTHORIZED ACCESS OR USE MAY RESULT IN CRIMINAL OR CIVIL PROSECUTION ^ ! ! ! ******************** ! * Configure timeout timers and login passwords on all available ! * console and vty lines ! ******************** ! line con 0 exec-timeout 10 0 password <password> logg sync line vty 0 15 exec-timeout 20 0 password <password> transport input telnet logg sync ! ! ******************** ! * Configure SSH if correct code ! * Use version 2 of SSH if supported ! ******************** ! ip ssh version 2 line vty 0 15 transport input telnet ssh ! crypto key generate rsa ! ! ! ******************** ! * Set the NTP Server ! ******************** ! ntp server <local ntp server or pool.ntp.org> ! ! ! ******************** ! * Configure tacacs+ if using an ACS server, otherwise do not configure ! * Remove ACS auth from console in case of emergency ! ******************** aaa new-model aaa authentication login no_tacacs enable aaa authentication login default group tacacs+ enable aaa authentication enable default group tacacs+ enable aaa authorization commands 0 default group tacacs+ if-authenticated none aaa authorization commands 15 default group tacacs+ if-authenticated none aaa accounting update newinfo aaa accounting commands 15 default start-stop group tacacs+ line con 0 login authentication no_tacacs |