Cisco Catalyst 6880-X Specifications download pdf (Page 99)

Core Layer April 2014

Step 5: Set EtherChannels to use the traffic source and destination IP address when calculating which link to

send the traffic across. This normalizes the method in which traffic is load-shared across the member links of the

EtherChannel. EtherChannels are used extensively in this design because of their resiliency capabilities.

port-channel load-balance src-dst-ip

Step 6: Configure DNS for host lookup.

At the command line of a Cisco IOS device, it is helpful to be able to type a domain name instead of the IP

address for a destination.

ip name-server 10.4.48.10

Step 7: Configure device management protocols.

Secure HTTP (HTTPS) and Secure Shell (SSH) are more secure replacements for the HTTP and Telnet protocols.

They use Secure Sockets Layer (SSL) and Transport Layer Security (TLS) to provide device authentication and

data encryption.

The SSH and HTTPS protocols enable secure management of the LAN device. Both protocols are encrypted for

privacy, and the unencrypted protocols, Telnet and HTTP, are turned off. Enabling HTTPS automatically generates

a cryptographic key to use the service. When SSH is configured after HTTPS, you do not have to explicitly

generate the cryptographic key that SSH requires, unless you wish to change the default key size.

Specify the transport preferred none on vty lines to prevent errant connection attempts from the CLI prompt.

Without this command, if the ip name server is unreachable, long timeout delays may occur for mistyped

commands.

no ip http server

ip http secure-server

ip domain-name cisco.local

ip ssh version 2

line vty 0 15

transport input ssh

transport preferred none

Step 8: Enable Simple Network Management Protocol (SNMP) in order to allow the network infrastructure

devices to be managed by a Network Management System (NMS), and then configure SNMPv2c both for a

read-only and a read-write community string.

snmp-server community [SNMP RO name] RO

snmp-server community [SNMP RW name] RW

Step 9: If your network operational support is centralized, you can increase network security by using an access

list to limit the networks that can access your device. In this example, only devices on the 10.4.48.0/24 network

will be able to access the device via SSH or SNMP.

access-list 55 permit 10.4.48.0 0.0.0.255

line vty 0 15

access-class 55 in

snmp-server community [SNMP RO name] RO 55

snmp-server community [SNMP RW name] RW 55

1 2 ... 94 95 96 97 98 99 100 101 102 103 104 ... 110 111

No comments

Cisco Catalyst 6880-X Specifications Page 99