Well the new switch just arrived here are some pics. Looks quite nice, little bit bigger than your usual 8 port switch, but it runs nice and quiet 🙂
When it came to configuring individual ports, following website prooved very useful:
http://www.itsyourip.com/cisco/how-to-enable-spanning-tree-portfast-in-cisco-catalyst-switch-ios/
With gigabit connectivity you can enable jumbo ports in global config:
system mtu jumbo 9000
Then by issuing “show system mtu”
System MTU size is 1500 bytes
System Jumbo MTU size is 9000 bytes
Routing MTU size is 1500 bytes
Also note on Port GigabitEthernet 0/6 i decided not to use the portfast/bpduguard since the Cisco 877 is plugged into it, and that has a switch. Portfast is only recommended on single devices etc.
Current config I have running:
Current configuration : 3531 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 2960G
!
boot-start-marker
boot-end-marker
!
enable secret yourpasshere
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface GigabitEthernet0/1
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/2
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/3
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/4
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/5
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/6
switchport mode access
!
interface GigabitEthernet0/7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/8
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface Vlan1
ip address 10.108.1.9 255.255.255.224
no ip route-cache
control-plane
!
!
line con 0
login
line vty 0 4
access-class 102 in
login
line vty 5 15
no login
!
end
[ad#googleadd1]
Super cool man!
tell us more about it! btw how mush did you pay for it?
He alcatron, can you explain the added value such an expensive switch provide above a cheap non manageble switch? regards Don
Ok, I know its an expensive switch, but hey its cisco 🙂 The switch doesnt cost that much more compared to a 877, couple of hundred extra, depending where you get it from.
Now to the techincal details, the switch is blazingly fast transferring large files accross the network and handles it without any issues. The switch also has built in 64mb of DRAM, and 32mb of flash memory which gives it that elite speed required for a high performance network.
Not to mention, the switch also consists of a SFP port, where if you need to uplink it to another switch/router via fiber, you simply put a Cisco Fiber SFP module in, and off you go. SFP-based ports: LC fiber connectors (single/multimode fiber) 100BASE-LX, -BX, -FX: LC fiber connectors (single/multimode fiber).
Now since this is a managed switch it can support the following features over a cheap non-managed:
– VLANS
– Spanning Tree
– Bandwidth Optimization
– Advanced QoS
– Granular Rate Limiting
– Port-based ACLs for Layer 2 interfaces allow application of security policies on individual switch ports.
– Unicast MAC filtering prevents the forwarding of any type of packet with a matching MAC address.
– Unknown unicast and multicast port blocking allows tight control by filtering packets that the switch has not already learned how to forward.
– SSHv2 and SNMPv3 provide network security by encrypting administrator traffic during Telnet and SNMP sessions.
– Bidirectional data support on the Switched Port Analyzer (SPAN) port allows the CISCO Secure intrusion detection system (IDS) to take action when an intruder is detected.
– TACACS+ and RADIUS authentication enable centralized control of the switch and restrict unauthorized users from altering the configuration.
– MAC address notification allows administrators to be notified of users added to or removed from the network.
– DHCP snooping allows administrators to ensure consistent mapping of IP to MAC addresses. This can be used to prevent attacks that attempt to poison the DHCP binding database, and to rate-limit the amount of DHCP traffic that enters a switch port.
– Port security, which secures the access to an access or trunk port based on MAC address.
Now as I said previously, this is a high performance switch, probably the best on the market for a 8-port switch.
Hope this helps 🙂
Hi Alcatron,
Do you know if there is a feature to examine all active tcp/ip connection and the bandwidth they are consuming? preferably in real-time? I used to work with iftop (http://www.ex-parrot.com/~pdw/iftop/) on unix, however I cant find a similar tool on Cisco hardware.
regards Mike
@mike
do you mean netflow, you have to put in on a cisco router
-fan of Alcatron
Alcatron, tsk tsk, you need to put
service password-encryption
or the haxors on the internets will get your switch
Alcatron, I thought you would be running a RADIUS authentication server, with aaa new model on your switch.
-fan of Kregatron and Alcatron.
-TRONS UNITE!
Another problem is if someone breaks into your house and connects into your switch, they can use your internet. You SHOULD be using 802.1x TSK TSK
@Kregatron,
Whats your favorite Netflow management application? I can’t seem to find an one with real-time connection information. I found a nice tool called http://www.fireplotter.com/ but it unfortunately only works with PIX (not my favorite).
Mike
try netop it has a netflow plugin
sudo apt-get install netop
ntop rather