====== Cisco 4948 Enterprise Switch ======
http://www.networkhardware.com/4948ReferenceMatrix
http://www.ifm.net.nz/cookbooks/loadingconfig.html
http://www.luckydragon.net/tech/cisco-switch-examples.html
http://www.techrepublic.com/blog/networking/five-things-you-should-know-about-configuring-a-cisco-ios-switch/428
:!: Note that this switch has four shared ports (the last four). They default to SFP mode.
The first 44 interfaces are simply configured as host ports with speed and duplex fixed or left to auto.
''GigabitEthernet1/45'' through ''GigabitEthernet1/48'' would typically be your SFP trunk uplinks to your aggregation or core layer using a single interface or bundled as port-channel.
===== Management Interface =====
https://supportforums.cisco.com/thread/2082896
http://www.gossamer-threads.com/lists/cisco/nsp/131266
==== Physical Management Port ====
:!: Some of 4948s might have IP routing enabled while others not, which causes some to work with the ''ip default-gateway'' command and others needing ''ip route 0.0.0.0''.
enable
show interfaces FastEthernet 1
configure terminal
interface FastEthernet1
ip vrf mgmtVrf
ip vrf forwarding mgmtVrf
ip address 10.0.4.11 255.255.255.0
speed auto
duplex auto
no shutdown
ip route vrf mgmtVrf 0.0.0.0 0.0.0.0 10.0.4.1
ip default-gateway 10.0.4.1
ip http server
ip ftp source-interface fa1
ip tftp source-interface fa1
line vty 0 4
access-class 10 in vrf-also
exec-timeout 0 0
transport input telnet
login authentication local_auth
show running-config
copy running-config startup-config
==== For Layer 2 Switches ====
- Create a separate management VLAN
- Do trunks between all switches
- Assign all switches' management interfaces to this VLAN
=== Optional ===
* You can configure the MGMT VLAN as the native VLAN on trunk interfaces
* For a remote branch, you can use other "vlan x"
* Try to have a specific vlan for management of all switches
Example MGMT addresses:
VLAN 10 - network 10.0.10.0/24
Switch 1: IP 10.0.10.2/24
Switch 2: IP 10.0.10.3/24
Switch 3: IP 10.0.10.4/24
...
==== For Layer 3 Switches ====
Use loopback addresses if you are routing traffic.
Use a routing protocol or set static routes.
===== Sample Configuration =====
Start in ''configure terminal'' mode:
enable
configure terminal
Check the running configuration:
show running-config
Don't forget to update the startup configuration when done:
copy running-config startup-config
Don't forget to adjust these bits for your needs:
* ''cat4500-ipbasek9-mz.122-54.SG1.bin'' (desired boot image filename)
* ''cisco-4948-1'' (hostname)
* ''yourdomain.tld'' (domain-name)
* ''admin'' (username)
* ''yourenablepassword''
* ''yoursshpassword''
* ''yourconsolepassword''
* ''timezone''
* offset (hours, -7 for Arizona)
* ''192.168.1.254 255.255.255.0'' (MGMT Vlan address)
* ''192.168.1.1'' (default-gateway (L2) and default route (L3))
!
!--- For Cisco Catalyst 4948 Switch
!
boot system flash bootflash:cat4500-ipbasek9-mz.122-54.SG1.bin
hostname cisco-4948-1
ip domain-name yourdomain.tld
enable password yourenablepassword
username admin password 0 yoursshpassword
aaa new-model
service password-encryption
!
ntp server 169.229.70.201
ntp server 128.255.70.89
ntp server 66.162.15.65
clock timezone ARIZONA -7
!
!--- Crypto commands require a K9 boot image.
!
!--- hostname, domain-name, username and password must be configured before SSH
!
crypto key generate rsa general-keys modulus 2048
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
!
line console 0
password yourconsolepassword
line vty 0 4
transport input ssh
line vty 5 15
transport input ssh
!
!--- Show SSH configuration.
!
!show cry key mypubkey rsa
!show ssh
!
!
!--- The default VLAN on all switches is VLAN 1. By default, all ports on the switch
!--- are VLAN 1. With all ports in VLAN 1, all ports can communicate. As soon as you
!--- change the VLAN assignment for a switch port to another VLAN, that switch port
!--- will not be able to communicate with the rest of the devices on other ports.
!
!--- Configure the management interface on VLAN 10:
!
vlan 10
name MGMT
!
!--- Configure other VLANs:
!
vlan 100
name Vlan100
!
!
!--- The first 44 ports are all RJ45 on the default VLAN 1
!
interface range GigabitEthernet 1/1-44
shutdown
speed auto
duplex auto
no switchport
no ip address
switchport
switchport mode access
switchport access vlan 1
no shutdown
!
!--- Configure individual ports like this:
!
!interface GigabitEthernet 1/1
! switchport access vlan ##
! speed 1000
! duplex full
! spanning-tree portfast
! spanning-tree bpduguard enable
!
!--- Cisco 4948 has no Auto-MDIX support
!
!--- Configure the last four ports as regular RJ-45 ports instead of SFP:
!
interface range GigabitEthernet 1/45-48
shutdown
media-type rj45
speed auto
duplex auto
! mdix auto
no switchport
no ip address
switchport
switchport mode access
switchport access vlan 1
no shutdown
!
!--- Configure the default VLAN 1 interface
!
interface Vlan 1
shutdown
no ip address
description DEFAULT
no shutdown
!
!--- Configure the management interface on VLAN 10:
!
interface Vlan 10
shutdown
ip address 192.168.1.254 255.255.255.0
description MGMT
no shutdown
!
!
!--- Assign an interface to the MGMT VLAN:
!
interface GigabitEthernet 1/1
switchport access vlan 10
no shutdown
!
!
!--- Set the default gateway (layer 2) and default route (layer 3):
!
ip default-gateway 192.168.1.1
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!--- Disable the web interface
!
no ip http server
no ip http secure-server
!
!
!--- Configure the last four ports as two SFP trunks:
!
!interface GigabitEthernet 1/45
! description Link to Core Switch A
! switchport trunk encapsulation dot1q
! switchport trunk native vlan 1
! switchport trunk allowed vlan 2-10
! switchport mode trunk
! media-type sfp
!channel-group 1 mode desirable non-silent
!
!interface GigabitEthernet 1/46
! description Link to Core Switch A
! switchport trunk encapsulation dot1q
! switchport trunk native vlan 1
! switchport trunk allowed vlan 2-10
! switchport mode trunk
! media-type sfp
!channel-group 1 mode desirable non-silent
!
!interface GigabitEthernet 1/47
! description Link to Core Switch B
! switchport trunk encapsulation dot1q
! switchport trunk native vlan 1
! switchport trunk allowed vlan 2-10
! switchport mode trunk
! media-type sfp
!channel-group 2 mode desirable non-silent
!
!interface GigabitEthernet 1/48
! description Link to Core Switch B
! switchport trunk encapsulation dot1q
! switchport trunk native vlan 1
! switchport trunk allowed vlan 2-10
! switchport mode trunk
! media-type sfp
!channel-group 2 mode desirable non-silent
!
===== General Troubleshooting =====
:!: Enable 'portfast' for PCs connected to access ports. This brings up the port much quicker for PXE booting and such.
show interfaces counters errors
show interfaces | include input err
show interfaces | include output err
show interfaces status | include connected
show run | b username
show standby brief
show etherchannel summary
==== Reset Interface to Default ====
Here we reset a single port 'gigabitEthernet 1/13' back to defaults and set it as an access port:
conf t
default interface gi1/13
interface gi1/13
switchport mode access
exit
exit
This is for a range of ports:
conf t
default int range gi1/13,gi1/15,gi1/17,gi1/19,gi1/21
int range gi1/13,gi1/15,gi1/17,gi1/19,gi1/21
switchport mode access
exit
exit
===== LACP Port Bonding =====
Configure the channel group (channel group 1 example shown here):
Router> enable
Router# configure terminal
Router(config)# interface port-channel 1
Router(config-if)#description your_bond
Router(config-if)#switchport
Router(config-if)#switchport mode access
Router(config-if)#exit
Configure the ports (gigabit ports 33 and 34 in this example):
Router(config)# interface range gi1/33-34
Router(config-if-range)#channel-protocol lacp
Router(config-if-range)#channel-group 1 mode active
Router(config-if-range)#exit
Router(config-if)# exit
Router# show lacp internal
===== VLANs =====
**VLAN = Broadcast Domain**
==== Define VLANs ====
conf t
vlan 3
name vl-office
interface range gigabitEthernet 1/47-48
switchport access vlan 3
exit
==== Trunk Ports ====
https://supportforums.cisco.com/docs/DOC-2218
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_0_1a/CLIConfigurationGuide/AccessTrunk.html
:!: Cisco calls bonded Ethernet links **EtherChannel**.
:!: **Access Ports** only pass traffic for one VLAN and all others are dropped.
:!: By default, Cisco **Trunk Ports** carry multiple VLANs and will accept all VLANs, until they are removed.
:!: Limit the VLANs a trunk will carry with ''switchport trunk allowed vlan 100,200''.
:!: With encapsulation set to ''dot1q'', all traffic is tagged and untagged frames are dropped.
conf t
interface range gi1/22, gi1/16, gi1/18, gi1/20
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
switchport mode trunk
exit
exit
show interfaces trunk
write
copy running-config startup-config
==== EtherChannel and VLAN Trunking ====
http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_0_1a/EtherChannel.html
* Bond up to eight Ethernet links into a single EtherChannel
* Increased bandwidth
* Increased redundancy
* Load balances traffic across physical interfaces
* Static EtherChannels or EtherChannels running Link Aggregation Control Protocol (LACP)
* Configuration of an EtherChannel configures all bonded interfaces
interface Port-channel10
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,5,10,16,17,21,22,101,130
switchport mode trunk
no snmp trap link-status
interface GigabitEthernet3/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,5,10,16,17,21,22,101,130
switchport mode trunk
no snmp trap link-status
channel-group 10 mode desirable
interface GigabitEthernet3/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,5,10,16,17,21,22,101,130
switchport mode trunk
no snmp trap link-status
channel-group 10 mode desirable
===== Backup and Restore =====
https://www.petenetlive.com/KB/Article/0000538