Need help configuring Cisco 3650's for core switches

Just purchased two Cisco 3650's to use as my core switches (one on each floor).  All client devices will be connected to Linksys SRW2024's or SRW2048's which will by plugged into the Cisco 3650's.  The two 3650's are already in place and connected via fiber to each other.  Before I start plugging the client switches in, I had some questions...

1.) Do I need to do any configuration on the fiber ports or can I leave them as-is/default?
2.) How about all the ports on the Cisco 3650's, do I need to do any port settings because I will have other switches plugged in?  

The Cisco's will ONLY host other switches and the SonicWall Firewall, no devices will be plugged directly into the 3650's.
tenoverAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rick_O_ShayCommented:
1&2. Most switches have a default VLAN 1 with all of the ports in it untagged. I don't know if that is the case with the Cisco 3650 but if it is then you would be able to use it right out of the box with everything in the default VLAN.
0
atlas_shudderedSr. Network EngineerCommented:
1 - Always place your trunks in a dedicated default vlan
2 - Always place all ports into a different vlan other than 1, even if it is not used.  In fact, unused ports should be placed in their own dedicated vlan which is placed into a shutdown, non-trunked vlan.
 
Both of these strategies are to limit the potential for a vlan hopping attack as well as many related sniffing attacks.
 
For further reference, have a look at the following links:
https://supportforums.cisco.com/message/3004935;jsessionid=0972BFAA2DF04BDF533DA12983F6D40F.node0
http://www.nsa.gov/ia/_files/switches/switch-guide-version1_01.pdf 
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tenoverAuthor Commented:
So If each of my new Cisco switches will use only 6 of the 24 ports, I can leave 6 ports in the default VLAN1 and then just create VLAN2 and make all other ports members of VLAN2?

I'm assuming I'd also have to make port 26, which is the fiber module port connecting the two floors, VLAN 1 on both switches as well, correct?
0
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

tenoverAuthor Commented:
Ahhh...Just read that first article.  Looks like I should do the opposite of what I asked.  Make all used ports part of a new (non-default) VLAN, say 50, and leave all unused ports on the default VLAN1.
0
technics1Commented:
1- Setup one switch as a VTP Server
2- Setup second switch as a VTP Client
3- Configure all the VLAN's on the switch that is a VTP Server
4- Simply shut down all the ports that you will not be using
5- Create VLAN's for and assign the appropriate ports to those VLAN's.
6- On the fiber link make those ports trunk ports.
7- Use Ether-channel if you can.
0
technics1Commented:
Oh and of course setup routing.  3560's I believe support RIP2 and OSPF.  Go with OSPF
0
atlas_shudderedSr. Network EngineerCommented:
As far as routing goes, if you only need to run a couple of routes in your network , just use static routing, if you need routing at all.  The advantages of dynamic routing will be washed out by the extra resource utilization necessary to maintain the dBs.
 
 
0
technics1Commented:
That is true indeed however I'm assuming if he is connecting multiple other switches to this network and using two 3560's on two floors he might have multiple VLAN's and dynamic RP might help him.  But it is not necessary.  Good luck.  Let us know how did you do.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.