Need help configuring Cisco 3650's for core switches

Just purchased two Cisco 3650's to use as my core switches (one on each floor).  All client devices will be connected to Linksys SRW2024's or SRW2048's which will by plugged into the Cisco 3650's.  The two 3650's are already in place and connected via fiber to each other.  Before I start plugging the client switches in, I had some questions...

1.) Do I need to do any configuration on the fiber ports or can I leave them as-is/default?
2.) How about all the ports on the Cisco 3650's, do I need to do any port settings because I will have other switches plugged in?  

The Cisco's will ONLY host other switches and the SonicWall Firewall, no devices will be plugged directly into the 3650's.
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

atlas_shudderedConnect With a Mentor Sr. Network EngineerCommented:
1 - Always place your trunks in a dedicated default vlan
2 - Always place all ports into a different vlan other than 1, even if it is not used.  In fact, unused ports should be placed in their own dedicated vlan which is placed into a shutdown, non-trunked vlan.
Both of these strategies are to limit the potential for a vlan hopping attack as well as many related sniffing attacks.
For further reference, have a look at the following links:;jsessionid=0972BFAA2DF04BDF533DA12983F6D40F.node0 
1&2. Most switches have a default VLAN 1 with all of the ports in it untagged. I don't know if that is the case with the Cisco 3650 but if it is then you would be able to use it right out of the box with everything in the default VLAN.
tenoverAuthor Commented:
So If each of my new Cisco switches will use only 6 of the 24 ports, I can leave 6 ports in the default VLAN1 and then just create VLAN2 and make all other ports members of VLAN2?

I'm assuming I'd also have to make port 26, which is the fiber module port connecting the two floors, VLAN 1 on both switches as well, correct?
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

tenoverAuthor Commented:
Ahhh...Just read that first article.  Looks like I should do the opposite of what I asked.  Make all used ports part of a new (non-default) VLAN, say 50, and leave all unused ports on the default VLAN1.
1- Setup one switch as a VTP Server
2- Setup second switch as a VTP Client
3- Configure all the VLAN's on the switch that is a VTP Server
4- Simply shut down all the ports that you will not be using
5- Create VLAN's for and assign the appropriate ports to those VLAN's.
6- On the fiber link make those ports trunk ports.
7- Use Ether-channel if you can.
Oh and of course setup routing.  3560's I believe support RIP2 and OSPF.  Go with OSPF
atlas_shudderedSr. Network EngineerCommented:
As far as routing goes, if you only need to run a couple of routes in your network , just use static routing, if you need routing at all.  The advantages of dynamic routing will be washed out by the extra resource utilization necessary to maintain the dBs.
That is true indeed however I'm assuming if he is connecting multiple other switches to this network and using two 3560's on two floors he might have multiple VLAN's and dynamic RP might help him.  But it is not necessary.  Good luck.  Let us know how did you do.
All Courses

From novice to tech pro — start learning today.