Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentCatalyst 6880-X
21222324252627282930
Access Layer April 2014
25
Although this architecture is built without any Layer 2 loops, you should still enable spanning tree with the most
up-to-date network safeguards. By enabling spanning tree, you ensure that if any physical or logical loops are
accidentally configured, no actual layer 2 loops occur.
spanning-tree mode rapid-pvst
Step 4: Enable Unidirectional Link Detection (UDLD) as the default for fiber ports.
UDLD is a Layer 2 protocol that enables devices connected through fiber-optic or twisted-pair Ethernet cables to
monitor the physical configuration of the cables and detect when a unidirectional link exists. When UDLD detects
a unidirectional link, it disables the affected interface and alerts you. Unidirectional links can cause a variety
of problems, including spanning-tree loops, black holes, and non-deterministic forwarding. In addition, UDLD
enables faster link failure detection and quick reconvergence of interface trunks, especially with fiber, which can
be susceptible to unidirectional failures.
udld enable
Step 5: Set EtherChannels to use the traffic source and destination IP address when calculating which link to
send the traffic across. This normalizes the method in which traffic is load-shared across the member links of the
EtherChannel. EtherChannels are used extensively in this design because of their resiliency capabilities.
port-channel load-balance src-dst-ip
Step 6: Configure DNS for host lookup.
At the command line of a Cisco IOS device, it is helpful to be able to type a domain name instead of the IP
address for a destination.
ip name-server 10.4.48.10
Step 7: Configure device management protocols.
Secure HTTP (HTTPS) and Secure Shell (SSH) are more secure replacements for the HTTP and Telnet protocols.
They use Secure Sockets Layer (SSL) and Transport Layer Security (TLS) to provide device authentication and
data encryption.
The SSH and HTTPS protocols enable secure management of the LAN device. Both protocols are encrypted for
privacy, and the unencrypted protocols, Telnet and HTTP, are turned off. Enabling HTTPS automatically generates
a cryptographic key to use the service. When SSH is configured after HTTPS, you do not have to explicitly
generate the cryptographic key that SSH requires, unless you wish to change the default key size.
Specify the transport preferred none on vty lines in order to prevent errant connection attempts from the CLI
prompt. Without this command, if the ip name server is unreachable, long timeout delays may occur for mistyped
commands.
no ip http server
ip http secure-server
ip domain-name cisco.local
ip ssh version 2
!
line vty 0 15
transport input ssh
transport preferred none