In this article, I have come up with a step-by-step approach to setting up a new network switch (either in a data center or campus). Think of it more like a concise checklist or a set of guidelines, which can come in handy and save time performing a repetitive task, for instance configuring a switch. The example that I have used is that of a simple layer-2 Arista switch. However, it could a switch from any vendor, as the concepts remain the same, despite a different CLI. I will write another blog post about accomplishing the same objective in an automated/templatized manner in the near future.
1. Rack and stack and ensure that the new switch has dual power connectivity to different PDUs and UPSes, coming from different power sources.
2. Configure hostname on the switch, based on a convention such as [location][data center/campus][top-or-rack/end-of-row][location code][rack number][cabinet number]
So, your switch would have a hostname like usdctor-20-1-1 or uscaeor-52-32-4. The idea here is that just by looking at the hostname, you can glean a ton of information about the switch.
|
1 |
Switch(config)#hostname usdctor-20-1-1 |
3. Connect the management port on the switch to an out-of-band management network and assign that to a management VRF. Configure and IP address/Mask and Gateway. Ping the IP address and ensure that it is reachable.
|
1 2 3 4 |
usdctor-20-1-1(config)#interface management0 usdctor-20-1-1(config-if)#vrf forwarding mgt usdctor-20-1-1(config-if)#ip address 10.60.2.1 255.255.255.0 usdctor-20-1-1(config)#ip route vrf mgt 0.0.0.0/0 10.60.2.254 |
4. Label the switch in the front and back immediately with the switch’s hostname and IP address.
5. Enable SSH on the switch.
|
1 2 |
usdctor-20-1-1(config)# ip domain-name cadence.com usdctor-20-1-1(config)# crypto key generate rsa 2048 |
6. Configure clock and NTP server information for time-sync.
|
1 2 |
usdctor-20-1-1(config)# clock timezone US/Pacific usdctor-20-1-1(config)# ntp server 10.43.33.2 |
7. Configure DNS servers.
|
1 2 3 |
usdctor-20-1-1(config)# ip name-server 10.23.32.2 usdctor-20-1-1(config)# ip name-server 172.18.1.1 usdctor-20-1-1(config)# ip domain-name acme.com |
8. Configure remote syslog servers.
|
1 2 3 4 |
usdctor-20-1-1(config)# logging console informational usdctor-20-1-1(config)# logging host 10.99.34.2 usdctor-20-1-1(config)# logging host 10.11.23.77 usdctor-20-1-1(config)# logging source-interface Vlan 10 |
9. Configure the required Vlans.
|
1 2 |
usdctor-20-1-1(config)#vlan 1000 usdctor-20-1-1(config-vlan-1000)#name Test |
10. Configure Edge(host facing) ports with the right vlan/tagging and or port-channel with proper description of the connected host. For faster speeds, enable portfast on the port.
|
1 2 3 4 5 |
usdctor-20-1-1(config)#interface et1 usdctor-20-1-1(config)#description db-server usdctor-20-1-1(config-if-Et1)#switchport access vlan 10 OR usdctor-20-1-1(config-if-Et1)#switchport mode trunk usdctor-20-1-1(config-if-Et1)# spanning-tree portfast |
11. Configure the uplinks(switch to switch) with the right vlans/port-channels with proper description.
|
1 2 |
Usdctor-20-1-1(config)#interface et52 usdctor-20-1-1(config)#description uplink_to_usdccore-a_40G_Po252 |
12. Configure TACACS information for authentication of administrators.
|
1 2 3 4 5 6 |
usdctor-20-1-1(config)# tacacs-server host 10.200.55.5 key 7 KEY usdctor-20-1-1(config)# tacacs-server host 10.300.33.3 key 7 KEY usdctor-20-1-1(config)# aaa authentication login default group tacacs+ local usdctor-20-1-1(config)# aaa authentication enable default group tacacs+ local usdctor-20-1-1(config)# aaa authorization exec default group tacacs+ usdctor-20-1-1(config)# aaa root secret 5 XYZ |
13. Configure SNMP on the switch.
|
1 2 |
usdctor-20-1-1(config)# snmp-server source-interface Vlan 10 usdctor-20-1-1(config)# snmp-server community public ro |
14. Configure default gateway.
|
1 |
usdctor-20-1-1(config)# ip route 0.0.0.0/0 10.1.1.1 |
15. Enable Spanning tree. You can configure either MST/Rapid-PVST. In most modern day deployments, I have seen Rapid-PVST.
|
1 2 |
usdctor-20-1-1(config)#spanning-tree mode rapid-pvst usdctor-20-1-1(config)#spanning-tree vlan 2-100 |
16. Backup Config to a TFTP/FTP/SCP server.
|
1 |
usdctor-20-1-1(config)# copy running-config tftp://10.20.3.2 |
17. Add the hostname to IP mapping entry on DNS servers for the newly configured switch.