• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 373
  • Last Modified:

What shoud we pay attention to do when a new switch is going to connecte with company network

Hi Expert,
Here is a question. Before we add a new switch to a network, we should configure VTP, especially make sure the VTP configuration version number is lower. In addition to this, are there anything else that we need to take care of it ? such as STP etc if we use STP or RSTP in the network ? Thank you.
2 Solutions
This link describes some of the best practices when adding a switch or router to an existing network.  Keep in mind it's only their "top 5" and they appear to be biased to Cisco.

In my switch templates that I use to configure new switches, there are a couple things in there that are fairly important to me. Those will be in bold. Some of this overlaps with the article piattnd posted.

no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
[aaa commands if needed]
lldp run
system mtu jumbo 9198 [or whatever the max is]
spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree portfast bpduguard default
spanning-tree portfast bpdufilter default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 40960
vtp mode client
vtp mode transparent
vtp domain #VTPDOMAIN#
vtp mode #VTPMODE#

errdisable recovery cause all

ntp server x.x.x.x

Important stuff. I can't think of a single non-lab, non-educational reason to ever not enable password encryption. Make sure the spanning tree mode matches the rest of the network or is at least compatible if there is a mix. Set the priority appropriately - my template is normally for access switches and as such I increase the priority beyond the default to ensure that it is less likely to take over as root for any vlan. I purposely set the vtp mode multiple times to set the revision to 0. I find errdisable recovery to be very useful, not only do the customers like it because when they accidentally cause a loop or plug a bad device in to the network, the port will eventually recover. Also, when you have someone else plug in a switch and a port goes in to error disable mode (perhaps because they used the wrong port as an uplink and bpduguard was set), it will still give you the opportunity to possibly change the other end to get the port back up and make config changes. And lastly, having the correct time is always a nice thing to have.

Less important. I have no use for the pad service, tcp keepalives stop dead telnet/ssh sessions from locking out users from managing the switch. I like to see sensible timestamps in the log, not random looking number or delta timestamps. Hostnames are always useful and required if doing ssh (along with a domain-name). I like portfast to be on by default for access ports.

The rest of my template settings are based on customer specifics such as snmp, banners, ACL's, logging, etc.
Don't forget that these are what I personally find important in most of my switch configurations. Some of these could very well fall under a documented best practices guide, and others are purely personal.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now