In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
switchport mode access
switchport access VLAN xx
spanning-tree portfast
spanning-tree bpduguard enable
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
From novice to tech pro — start learning today.
Switch(config-if)#?
arp Set arp type (arpa, probe, snap) or timeout
bandwidth Set bandwidth informational parameter
cdp Global CDP configuration subcommands
channel-group Etherchannel/port bundling configuration
channel-protocol Select the channel protocol (LACP, PAgP)
delay Specify interface throughput delay
description Interface specific description
duplex Configure duplex operation.
exit Exit from interface configuration mode
hold-queue Set hold queue depth
ip Interface Internet Protocol config commands
mdix Set Media Dependent Interface with Crossover
mls mls interface commands
no Negate a command or set its defaults
power Power configuration
service-policy Configure QoS Service Policy
shutdown Shutdown the selected interface
spanning-tree Spanning Tree Subsystem
speed Configure speed operation.
storm-control storm configuration
switchport Set switching mode characteristics
tx-ring-limit Configure PA level transmit ring limit
Be mindful also that the commands shown above have multiple sub commands
With that said, there are a few basic things you can set
- For ports that will always connect to a computer or device, you want to hard code them as access ports (switchport mode access)
- Your access port will need vlan and native vlan (if trunk) changed or left at default value - vlan 1
(switchport access vlan 10)
(switchport trunk native vlan 99)
- Access ports that are no in use should be shut down
- Descriptions are good for quick identification (description WEB-SERVER-1)
Those are just the fundamentals
The port-security option is good to prevent unauthorized device connections
- In your example, it may be good to add a couple of port=security parameters
eg switchport port-security mac-address xx-xx-xx (especially for servers) this allows only that device to connect on that port
You could use other options like "sticky" to automatically memorize the Mac-address of current devices connected.
You could also use the "maximum" options to allow multiple devices to connect if your devices move from location to location as Don had asked.
QoS is also a good one - allows prioritizing or reserving bandwidth or capping bandwidth etc. Note however that the service-port command shown for QoS under the switch is a final step in a MQC configuration (Access-list, Class-map, Policy-map then Service policy). The service policy assigns an already created policy to a switch port
In short, it is solely based on what you want your design to be
I hope this helps