! *****   Fill in the parameters within the angle brackets  *****
! *****   Catalyst 6500 Native configuration template       *****
!****************************************************************
!
mls rate-limit unicast ip icmp unreachable acl-drop 10
mls rate-limit unicast ip icmp redirect 10
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
logging buffered 11024
service password-encryption
enable secret <password>
no enable password
ip multicast-routing
clock timezone GST 0
!
hostname <hostname>
!
!
! ***************************************************************
! * Configure DNS parameters
! * Enable UDLD in aggressive mode
! * Enable full ip flow tracking for mls
! * Enable TCP path mtu discovery
! * Enable QOS and re-map COS to DSCP values
! * Rate limit ip redirect and unreachable to the Switch process at 10 PPS
! ***************************************************************
! 
ip subnet-zero
ip domain lookup
ip domain-list <domain that switch is in>
ip name-server <www.xxx.yyy.zzz>
udld aggressive
udld message time 7
mls flow ip full
ip tcp path-mtu-discovery age-timer 30 
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos map ip-prec-dscp 0 8 16 26 32 46 48 56
mls qos
mls aclmerge algorithm odm
mls aclmerge odm optimizations 
!
!
! ***************************************************************
! * Set the VTP domain to the name of the switch and the VTP mode to transparent
! ***************************************************************
!
vtp domain <hostname> 
vtp mode transparent
!
errdisable recovery cause all
errdisable recovery interval 60
!
!
! ***************************************************************
! * Configure Spanning Tree 
! *  Set the spanning tree root or secondary root for the vlan. If this is the HSRP
! *  primary for this vlan, the priority should be set to 8192.  If this is the HSRP
! *  standby, the priority should be set to 16384.
! ***************************************************************
!
spanning-tree mode rapid-pvst
spanning-tree vlan <vlan list> priority <value 8192 for primary or 16384 for secondary>
spanning-tree extend system-id
spanning-tree portfast bpduguard default
!
!
! ********************
! * Configure VLANs
! ********************
!
vlan <vlan number>
 name Data_Vlan
vlan <voice vlan number>
 name Voice_Vlan
!
!
! ********************
! * Standard Fastethernet interfaces (2q1p2t ports), configure as a range
! ********************
!
interface range FastEthernet <Start interface> - <End Interface Number>
 switchport
 switchport host
 switchport access vlan <vlan>
 switchport voice vlan <voice vlan number>
 no snmp trap link-status
 mls qos trust extend cos 0
 mls qos trust cos
 priority-queue cos-map 1 5
 power inline auto
 no shut
!
!
! ***************************************************************
! * Uplink Ports
! * Configure the uplink ports to trunk with 802.1q encapsulation
! * Only trunk vlans that are needed
! * Set port to trust DSCP values from the MDF
! ***************************************************************
!
interface range GigabitEthernet <Start interface> - <End Interface Number>
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan <vlan list, NOT vlan 1>
 switchport mode trunk
 mls qos trust cos
 no shut
!
!
! ********************
! * Always disable interface VLAN 1
! ********************
!
interface Vlan1
 no ip address
 shutdown
!
!
! ***************************************************************
! * Layer 3 Vlan Interfaces No HSRP
! * Enable PIM on the interface
! * Do Not enable PIM on VOICE vlans
! ***************************************************************
!
interface vlan <vlan Number>
 ip address <IP Address> <Netmask>
 ip helper-address <helper address>
 no ip redirects
 no ip directed-broadcast
 ip pim sparse-dense-mode 
 no shut
!
!
! ***************************************************************
! Use the configurations below for configuring HSRP
! ***************************************************************
!
! ***************************************************************
! * Layer 3 Interfaces (Primary HSRP)
! ***************************************************************
! * Enable PIM on the interface
! * Configure the standby HSRP IP address
! * Configure the HSRP timers 1 & 3 respectively
! * Configure the HSRP priority (115) & premept delay (15)
! * Configure interface tracking for HSRP
! * Do Not enable PIM on VOICE vlans
! ***************************************************************
!
interface vlan <vlan Number>
 ip address <ip address> <netmask>
 ip helper-address <helper address>
 no ip redirects
 no ip directed-broadcast
 ip pim sparse-dense-mode
 standby <group number> ip <HSRP address>
 standby <group number> timers 1 3
 standby <group number> priority 115 preempt delay 15
 standby <group number> track <uplink interface> 20
 no shut
!
! ***************************************************************
! * Layer 3 Interfaces (HSRP Standby)
! ***************************************************************
! * Enable PIM on the interface
! * Configure the standby HSRP IP address
! * Configure the HSRP timers 1 & 3 respectively
! * Configure the HSRP priority
! * Configure interface tracking for HSRP
! * Do Not enable PIM on VOICE vlans
! ***************************************************************
!
interface vlan <vlan Number>
 ip address <ip address> <netmask>
 ip helper-address <helper address>
 no ip redirects
 no ip directed-broadcast
 ip pim sparse-dense-mode
 standby <group number> ip <HSRP address>
 standby <group number> timers 1 3
 standby <group number> priority 100 preempt delay 15
 standby <group number> track <uplink interface> 20
 no shut
!
!
! ***************************************************************
! * Set the syslog server
! * Disable the HTTP server for web management
! ***************************************************************
!
logging trap debugging
no ip http server
logging <logging server IP address>
!
!
! ********************
! * Set SNMP system variables
! ********************
!
snmp-server community <Read-Only String> RO
snmp-server location <site/building>
snmp-server contact <contact-name>
snmp-server enable traps
snmp-server ifindex persist
no snmp-server enable traps syslog
no snmp-server chassis-id 
snmp-server trap-source vlan <management vlan>
no snmp-server enable traps snmp authentication
!
!
! ********************
! * Configure the tacacs+ servers
! ********************
!
tacacs-server host <Primary tacacs server IP>
tacacs-server host <Secondary tacacs server IP>
tacacs-server timeout 10
tacacs-server key <tacacs key>
!
!
! ********************
! * Set the Banner exactly as shown below
! ********************
!
Banner motd ^

THIS IS A PRIVATE COMPUTER SYSTEM --- USAGE MAY BE
MONITORED AND UNAUTHORIZED ACCESS OR USE MAY RESULT
IN CRIMINAL OR CIVIL PROSECUTION

^
!
!
! ********************
! * Configure timeout timers and login passwords on all available
! * console and vty lines
! ********************
!
line con 0
 exec-timeout 10 0
 password <password>
 logg sync
line vty 0 15
 exec-timeout 20 0
 password <password>
 transport input telnet
 logg sync
!
! ********************
! * Configure SSH if correct code
! * Use version 2 of SSH if supported
! ********************
!
ip ssh version 2
line vty 0 15
  transport input telnet ssh
!
crypto key generate rsa
!
!
! ********************
! * Set the NTP Server
! ********************
!
ntp server <local ntp server or pool.ntp.org>
!
!
! ********************
! * Configure tacacs+ if using an ACS server, otherwise do not configure
! * Remove ACS auth from console in case of emergency
! ********************
aaa new-model
aaa authentication login no_tacacs enable
aaa authentication login default group tacacs+ enable
aaa authentication enable default group tacacs+ enable
aaa authorization commands 0 default group tacacs+ if-authenticated none
aaa authorization commands 15 default group tacacs+ if-authenticated none
aaa accounting update newinfo
aaa accounting commands 15 default start-stop group tacacs+
line con 0
login authentication no_tacacs

Here is a quick template to setup a Cisco Nexus 56128 or any other switch in the 5600 series. These are solid 40G switches that offer a ton of features. Fabricpath is used in this template for switch to switch communication. These are also setup as a “Leaf” switch in a spine/leaf two tier design. These are running Nexus 7.0.X code.

For reference here is the spine configuration: Spine template

The configuration can vary depending on the type of switch you are using, so this is for the Nexus 5600 series, tested on the 56128. Unified ports on this device are available on the modules you can install in the top two slots, they are 24 ports each unified. So you can have a total of 48 ports. The border is orange so you know they are different.

By default they are Ethernet 10 gig ports, so if that’s what you want then you don’t need to change anything. Say you want to use FCOE (fiber channel over Ethernet) then you keep them as is. You only need to change the mode if you want to use Native Fiber Channel.

VPC: Virtual Port Channel - this is a port channel that instead of connecting multiple ports only on one switch, you are spreading it over two physical switches. This give more redundancy in most cases.

it can be a bit tricky to setup, so here is a config that I have used which seem to work great. The keep alive is done with the management port, and the peer-link is a leaf to leaf (in a fabricpath network) or switch to switch direct link. The peer-link needs to be a port channel. The keep-alive should be put into its own VRF (virtual route and forwarding), which means it can’t share the routing table with anyone else. This will prevent false keep-alives being routed where they shouldn’t. The management port has one by default which makes it easy, and a side benefit of not needing a layer 3 license for vlan interfaces.

Here is a quick template to setup a Cisco Nexus 6004 or 6001 (recently renamed to the 5600 series, so now the 5696). These are solid 40G switches that offer a ton of features. Fabricpath is used in this template for switch to switch communication. These are also setup as a “Spine” switch in a spine/leaf two tier design.

This code was created on 7.0.x NX-OS.

!!!MGMT port config
interface mgmt0
  vrf member management
  ip address x.x.x.x/24
vrf context management
  ip route 0/0 x.x.x.x
!

install feature-set fabricpath
feature-set fabricpath
feature udld
feature privilege
feature tacacs+
!
errdisable recovery interval 30
errdisable recovery cause all
!
ntp server x.x.x.x prefer use-vrf management
ntp source-interface mgmt 0
!
!!ssh regenerate the key
hostname xxxxx
no feature ssh
  no ssh key rsa
ssh key rsa 1024
feature ssh
!
!!misc
no ip source-route
ip domain-lookup
udld aggressive
ip tcp path-mtu-discovery
!
!Change the balance algorithm to what fits your network
port-channel load-balance ethernet source-dest-port XXXX
!
!!enable jumobframes
system jumbomtu 9216
policy-map type network-qos fcoe-jumno
  class type network-qos class-fcoe
    pause no-drop
    mtu 2158
  class type network-qos class-default
    mtu 9216
system qos
service-policy type network-qos fcoe-jumbo
!
!!logging and snmp
no logging console
no logging monitor
snmp-server location XXXXX
snmp-server source-interface trap mgmt0
snmp-server source-interface inform mgmt0
!
!Enable the traps that you actually want to monitor
no snmp-server enable traps
snmp-server enable traps XXXX
!
snmp-server community CCCC group network-operator
snmp-server community CCCC use-acl AAAA
snmp-server host x.x.x.x version 2c CCCC
!
banner motd ^
**********************************************************************BANNER BANNER
**********************************************************************
^
!
!Enable fast fabric
fabric-mode 40g
!!Configure necessary vlans for fabricpath.
!They must exist on each switch in the fabric to be used. 
!Not recommended to pre-configure all of them, might cause errors. 
! 
vlan X-XXXX
mode fabricpath
!
!configure all interfaces as fabricpath
int ex/x-x
switchport mode fabricpath
!
!!!!!!!!!!UNIQUE CONFIG per switch
!Use a switch id scheme for your devices, something like xx for vpc, xxx for spines, xxxx for leafs. 
!Also have one spine be the root so there is no confusion. 
!
!Spine switch 1
fabricpath switch-id xx1
fabricpath domain default
root-priority 100
!
!Spine switch 2
fabricpath switch-id xx2
fabricpath domain default
root-priority 200
!
!
!!!SAVE THIS and RELOAD to switch to 40G fabric mode
copy run start
reload
!
!
!VALIDATION commands:
show fabricpath route 
show fabricpath isis hostname switch-id
show fabricpath isis interface br 
show fabricpath isis vlan-range
show int brief