There are five configurations a network administrator should apply to a newly provisioned switch or router. Although application of these configurations may seem like common sense, 90% of devices I see are missing at least one of these settings, and about 75% are missing two or more.
Use this checklist as an action item to verify your existing devices have these settings, at minimum, and integrate these in to any templates or provisioning documents you use. You’ll appreciate the results of the consistency this adds to your network management and monitoring.
Define a default gateway or default route
A management IP and default gateway. Obviously, you can’t manage a device across the network unless it has, at bare minimum, a management IP address.
What happens when this configuration is missing? Those edge switches will hum along happily until one of three things happens:
- our management tool is installed or moved to a different subnet.
- You try to manage the switch from a different network or subnet.
- You begin adding other VLANs or subnets to the switch.
Without a default gateway or route off of the network the switch is using, traffic may reach the switch, but it won’t find its way back off that network. Use this command to enable default gateway.
# ip default-gateway
# ip route 0.0.0.0 0.0.0.0
Set the time
Correct time on a switch is vital when troubleshooting the device. A string of log entries dated 1/1/90 are useless to network administrators troubleshooting a problem.
The three most popular ways to set time on a device are manual time settings, TimeP or Network Time Protocol (NTP), and Simple NTP (SNTP).
# ntp server
# clock timezone
# show clock
# ip timep manual
# timesync timep
# clock timezone
# sntp server
# sntp unicast
# timsync sntp
# show time
Enable neighbor discovery
Neighbor discovery protocols are essential for network administrators and management tools to accurately construct a view of the network topology.
The two most widely used are LLDP (Link Layer Discovery Protocol), an IEEE standard, and CDP (Cisco Discovery Protocol). What you may see in some devices is LLDP supported for listening and talking, but only the only CDP support is for listening. Others may offer equal capabilities for both protocols.
Enabling all supported neighbor discovery methods is highly recommended. The information it provides lets you immediately locate neighboring switches and even media endpoints such as phones and access points that use LLDP-MED, an extension of LLDP. Not only can you see where these devices are connected, you can get details of the device type, its host name, IP address and even what port it’s connected to on the other end.
Cisco: CDP is enabled by default, Enable LLDP
# lldp run
# show lldp neighbors <+ optional details>
HP Networking: LLDP is enabled by default. Enable CDP receive only support
# show lldp info remote <+ optional details>
# show cdp neighbors <+ optional details>
Configure logging and traps
Notifications of events on the network are a critical component of monitoring, troubleshooting and real-time alerting. Most switches offer two primary means of sending this data to a central repository: logging events via syslog and trap events via SNMP ((Simple Network Management Protocol). Configuration of both is simple, usually varying minimally from switch to switch and even from brand to brand.
Most organizations have a syslog server or a management tool configured to receive SNMP traps.
Cisco & HP Networking:
# snmp-server host