#go to conf
system-view
System View: return to User View with Ctrl+Z.
#Set the hostname
sysname TT-SWCR-1
#Time settings
ntp-service unicast-server 192.168.1.8
ntp-service unicast-server 192.168.1.5
clock timezone EST minus 4:00:00
clock summer-time EDT repeating 02:00:00 2012 March second Sunday 02:00:00 2012 November first Sunday 02:00:00
#logging to Alienvault
info-center loghost 192.168.1.247
#snmp
snmp-agent community write your_snmp
snmp-agent sys-info contact “IT Infrastructure”
snmp-agent sys-info location “Server Rack 9th Floor”
#enable snmpv2
snmp-agent sys-info version v2c
#Set up some access
header motd %
#######################################################################
- Authorised Users Only
- Property of Yours Ltd. All unauthorized access will be prosecuted.
- If you are not authorized to access this device,
- please disconnect immediately. Your activities are
- monitored for security reasons.
########################################################################
%
#Create users and security
[TT-SWCR-1]local-user manager
[TT-SWCR-1-luser-manager]password simple epl$#hp1w
[TT-SWCR-1-luser-manager]service-type ssh
[TT-SWCR-1-luser-manager]authorization-attribute level 3
#Crypto
public-key local create rsa
ssh server enable
#no telnet
user-interface vty 0 4
authentication-mode scheme
protocol inbound ssh
#Do some verification
#[TT-SWCR-1]display ssh server status
- SSH server: Enable
- SSH version : 1.99
- SSH authentication-timeout : 60 second(s)
- SSH server key generating interval : 0 hour(s)
- SSH authentication retries : 3 time(s)
- SFTP server: Disable
- SFTP server Idle-Timeout: 10 minute(s)
user-interface aux 0
[TT-SWCR-1-ui-aux0]idle-timeout 10
#Enable Network features
stp enable
#dhcp-snoop if config well done. Otherwise can block dhcp relay
#create vlan and interface
[]vlan 99
[vlan 99]name 99-mgmt
[vlan 99]quit
[] interface vlan-interface 99
[interface vlan-interface 99]ip address 10.80.99.10 255.255.255.0
[]quit
#configure a port as trunk for all vlans
[]int ten 1/0/29
port link-mode bridge
port link-type trunk
port trunk permit vlan all
#OR do a LACP group – dynamic is important for inter-make connection such as comware/procurve
interface Bridge-Aggregation10
description LACP to old Core
link-aggregation mode dynamic
#then put the interface inside
interface GigabitEthernet1/0/10
port link-aggregation group 10
#only then configure the trunk type and so on
[TT-SWCR-1-Bridge-Aggregation10]port link-type trunk
[TT-SWCR-1-Bridge-Aggregation10]port trunk permit vlan all
Please wait……………………………………. Done.
Configuring GigabitEthernet1/0/10……………………………………. Done.
Configuring GigabitEthernet1/0/11……………………………………. Done.
Configuring GigabitEthernet2/0/10……………………………………. Done.
Configuring GigabitEthernet2/0/11……………………………………. Done.
#if all is ok the flag will be ACDEF on comware on partner’d on procurve
#Verify trunk and LACP
[TT-SWCR-1]display link-aggregation verbose
Loadsharing Type: Shar — Loadsharing, NonS — Non-Loadsharing
Port Status: S — Selected, U — Unselected
Flags: A — LACP_Activity, B — LACP_Timeout, C — Aggregation,
D — Synchronization, E — Collecting, F — Distributing,
G — Defaulted, H — Expired
Aggregation Interface: Bridge-Aggregation10
Aggregation Mode: Dynamic
Loadsharing Type: Shar
System ID: 0x8000, 7848-5952-8f88
Local:
Port Status Priority Oper-Key Flag
——————————————————————————–
GE1/0/10 S 32768 1 {ACDEF}
GE1/0/11 S 32768 1 {ACDEF}
GE2/0/10 S 32768 1 {ACDEF}
GE2/0/11 S 32768 1 {ACDEF}
Remote:
Actor Partner Priority Oper-Key SystemID Flag
——————————————————————————–
GE1/0/10 217 0 349 0xcf00, 0018-71ca-cf00 {ACDEF}
GE1/0/11 219 0 349 0xcf00, 0018-71ca-cf00 {ACDEF}
GE2/0/10 218 0 349 0xcf00, 0018-71ca-cf00 {ACDEF}
GE2/0/11 220 0 349 0xcf00, 0018-71ca-cf00 {ACDEF}
tor_sw1-5412zl(config)# show lacp
LACP
LACP Trunk Port LACP Admin Oper
Port Enabled Group Status Partner Status Key Key
—- ——- ——- ——- ——- ——- —— ——
A23 Active Trk5 Up Yes Success 0 294
A24 Active Trk5 Up Yes Success 0 294
J1 Active Trk60 Up Yes Success 0 349
J2 Active Trk60 Up Yes Success 0 349
J3 Active Trk60 Up Yes Success 0 349
J4 Active Trk60 Up Yes Success 0 349
#verify trunks
[TT-SWCR-1]dis port trunk
Interface PVID VLAN passing
BAGG10 1 1, 99-100,
XGE1/0/29 1 1, 99-100,
XGE1/0/30 1 1, 99-100,
XGE2/0/29 1 1, 99-100,
XGE2/0/30 1 1, 99-100,
#info on lacp
[TT-SWCR-1]dis interface Bridge-Aggregation
Bridge-Aggregation10 current state: DOWN
IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 7848-5952-8f88
Description: LACP to old Core
Unknown-speed mode, unknown-duplex mode
Link speed type is autonegotiation, link duplex type is autonegotiation
PVID: 1
Port link-type: trunk
VLAN passing : 1(default vlan), 99-100
VLAN permitted: 1(default vlan), 2-4094
Trunk port encapsulation: IEEE 802.1q
Last clearing of counters: Never
Last 300 seconds input: 0 packets/sec 0 bytes/sec -%
Last 300 seconds output: 0 packets/sec 0 bytes/sec -%
Input (total): 0 packets, 0 bytes
0 unicasts, 0 broadcasts, 0 multicasts
Input (normal): 0 packets, – bytes
0 unicasts, 0 broadcasts, 0 multicasts
Input: 0 input errors, 0 runts, 0 giants, 0 throttles
0 CRC, 0 frame, – overruns, 0 aborts
Output (total): 0 packets, 0 bytes
0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses
Output (normal): 0 packets, – bytes
0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses
Output: 0 output errors, – underruns, – buffer failures
0 aborts, 0 deferred, 0 collisions, 0 late collisions
0 lost carrier, – no carrier
#note for PVID 1
#As per 802.1q, the PVID cannot be tagged so I arbitrarily set the PVID of all port trunk to port trunk pvid vlan 77 so that there are tagged for vlan 1 (yet untagged for vlan 77)
#For instance on this trunk link
#
interface Ten-GigabitEthernet1/0/29
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 77
#
#so now it is tagged on VID1
[TT-SWCR-1]dis vlan 1
VLAN ID: 1
VLAN Type: static
Route Interface: not configured
Description: VLAN 0001
Name: leg-1-mgmt
Tagged Ports:
Bridge-Aggregation10
GigabitEthernet1/0/10 GigabitEthernet1/0/11 GigabitEthernet2/0/10
GigabitEthernet2/0/11
Ten-GigabitEthernet1/0/29
Ten-GigabitEthernet1/0/30
Ten-GigabitEthernet2/0/29
Ten-GigabitEthernet2/0/30
Untagged Ports:
GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3
GigabitEthernet1/0/4 GigabitEthernet1/0/5 GigabitEthernet1/0/6
GigabitEthernet1/0/7 GigabitEthernet1/0/8 GigabitEthernet1/0/9
GigabitEthernet1/0/12 GigabitEthernet1/0/13 GigabitEthernet1/0/14
GigabitEthernet1/0/15 GigabitEthernet1/0/16 GigabitEthernet1/0/17
GigabitEthernet1/0/18 GigabitEthernet1/0/19 GigabitEthernet1/0/20
GigabitEthernet1/0/21 GigabitEthernet1/0/22 GigabitEthernet1/0/23
GigabitEthernet1/0/24 GigabitEthernet1/0/25 GigabitEthernet1/0/26
GigabitEthernet1/0/27 GigabitEthernet1/0/28 GigabitEthernet2/0/1
GigabitEthernet2/0/2 GigabitEthernet2/0/3 GigabitEthernet2/0/4
GigabitEthernet2/0/5 GigabitEthernet2/0/6 GigabitEthernet2/0/7
GigabitEthernet2/0/8 GigabitEthernet2/0/9 GigabitEthernet2/0/12
GigabitEthernet2/0/13 GigabitEthernet2/0/14 GigabitEthernet2/0/15
GigabitEthernet2/0/16 GigabitEthernet2/0/17 GigabitEthernet2/0/18
GigabitEthernet2/0/19 GigabitEthernet2/0/20 GigabitEthernet2/0/21
GigabitEthernet2/0/22 GigabitEthernet2/0/23 GigabitEthernet2/0/24
GigabitEthernet2/0/25 GigabitEthernet2/0/26 GigabitEthernet2/0/27
GigabitEthernet2/0/28
#3com, #comware, #hp, #router, #switch