Last active
May 4, 2024 15:49
-
-
Save thimslugga/6e37435d7a303c87f4a8b250a79bc505 to your computer and use it in GitHub Desktop.
Config Snippets for Cisco 2960-X Switches
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| parser config cache interface | |
| no service pad | |
| service tcp-keepalives-in | |
| service tcp-keepalives-out | |
| service timestamps debug datetime msec localtime show-timezone | |
| service timestamps log datetime msec localtime show-timezone | |
| service password-encryption | |
| service sequence-numbers | |
| no service dhcp | |
| boot-start-marker | |
| boot-end-marker | |
| no logging console | |
| no logging monitor | |
| no logging esm config | |
| no logging trap | |
| logging userinfo | |
| logging buffered 16000 informational | |
| logging rate-limit 10 except critical | |
| logging origin-id hostname | |
| logging source-interface Vlan1 | |
| enable secret 9 <secret> | |
| username cisco privilege 15 secret 9 <password> | |
| aaa new-model | |
| aaa authentication login default local-case | |
| aaa authentication enable default enable | |
| aaa authorization console | |
| aaa authorization exec default local if-authenticated | |
| aaa session-id common | |
| login delay 2 | |
| login on-failure log | |
| login on-success log | |
| password encryption aes | |
| configuration mode exclusive | |
| archive | |
| log config | |
| logging enable | |
| logging size 200 | |
| notify syslog contenttype plaintext | |
| hidekeys | |
| path ftp://<host>/netbackups/switch01/switch01 | |
| write-memory | |
| time-period 1440 | |
| file prompt quiet | |
| memory statistics history table 12 | |
| process cpu threshold type total rising 80 interval 5 falling 30 interval 5 | |
| switch 1 provision ws-c2960x-48fpd-l | |
| no ip source-route | |
| ip options drop | |
| ip dhcp bootp ignore | |
| no ip dhcp snooping information option | |
| ip dhcp snooping | |
| hostname switch01 | |
| ip domain-name example.com | |
| ip host switch01 192.168.1.2 | |
| ip host fw01 192.168.1.1 | |
| ip name-server 192.168.1.1 | |
| ip domain-lookup source-interface Vlan1 | |
| udld enable | |
| mls qos map cos-dscp 0 8 16 24 32 46 48 56 | |
| mls qos | |
| vlan internal allocation policy ascending | |
| vtp domain production | |
| vtp version 3 | |
| vtp mode off | |
| spanning-tree mode mst | |
| spanning-tree logging | |
| spanning-tree portfast edge default | |
| spanning-tree portfast edge bpduguard default | |
| spanning-tree extend system-id | |
| spanning-tree mst 0 priority 16384 | |
| spanning-tree mst configuration | |
| name production | |
| revision 10 | |
| vlan internal allocation policy ascending | |
| vlan 666 | |
| name BLACKHOLE | |
| port-channel load-balance src-dst-ip | |
| errdisable recovery cause bpduguard | |
| errdisable recovery cause inline-power | |
| errdisable recovery interval 30 | |
| lldp run | |
| interface Null0 | |
| no ip unreachables | |
| interface Loopback0 | |
| no ip address | |
| no ip redirects | |
| no ip unreachables | |
| no ip proxy-arp | |
| no ip route-cache | |
| downshift disable | |
| interface GigabitEthernet1/0/1 | |
| description "Example Trunk Interface e.g. AP" | |
| switchport mode trunk | |
| #switchport trunk allowed vlan 101,103 | |
| #switchport trunk allowed vlan add <vlan ids> | |
| #switchport trunk native vlan 1 | |
| switchport nonegotiate | |
| #switchport voice vlan dot1p | |
| load-interval 30 | |
| power inline port poe-ha | |
| mls qos trust dscp | |
| no lldp transmit | |
| no lldp receive | |
| spanning-tree portfast edge trunk | |
| spanning-tree bpduguard enable | |
| spanning-tree guard root | |
| no vtp | |
| no shutdown | |
| no power efficient-ethernet auto | |
| interface GigabitEthernet1/0/2 | |
| description "Example Access Interface e.g. Host" | |
| switchport mode access | |
| switchport access vlan 1 | |
| switchport nonegotiate | |
| #switchport voice vlan dot1p | |
| load-interval 30 | |
| power inline port poe-ha | |
| no cdp enable | |
| mls qos trust dscp | |
| no lldp transmit | |
| no lldp receive | |
| spanning-tree portfast edge | |
| spanning-tree bpduguard enable | |
| spanning-tree guard root | |
| no vtp | |
| no shutdown | |
| no power efficient-ethernet auto | |
| interface range GigabitEthernet1/0/23 - 24 | |
| description "Example Trunked Uplink" | |
| switchport mode trunk | |
| switchport nonegotiate | |
| cdp enable | |
| lldp transmit | |
| lldp receive | |
| priority-queue out | |
| mls qos trust dscp | |
| no vtp | |
| no shutdown | |
| interface Vlan1 | |
| ip address 192.168.1.2 255.255.255.0 | |
| no ip redirects | |
| no ip unreachables | |
| no ip proxy-arp | |
| no ip route-cache | |
| no shutdown | |
| interface Vlan666 | |
| no ip redirects | |
| no ip unreachables | |
| no ip proxy-arp | |
| no ip route-cache | |
| #no shutdown | |
| ip default-gateway 192.168.1.1 | |
| ip route 0.0.0.0 0.0.0.0 192.168.1.1 | |
| ntp logging | |
| ntp source Vlan1 | |
| ntp update-calendar | |
| ntp server time.cloudflare.com prefer | |
| ip ftp username <username> | |
| ip ftp password 7 <redacted> | |
| ip ftp source-interface Vlan1 | |
| ip tftp source-interface Vlan1 | |
| no ip http server | |
| no ip http secure-server | |
| ip http authentication local | |
| ip http tls-version TLSv1.2 | |
| ip http max-connections 30 | |
| ip http client source-interface Vlan1 | |
| line con 0 | |
| exec-timeout 30 0 | |
| privilege level 15 | |
| logging synchronous | |
| full-help | |
| transport preferred none | |
| escape-character 3 | |
| mac address-table notification change |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ip ssh version 2 | |
| ip ssh maxstartups 5 | |
| ip ssh time-out 60 | |
| ip ssh logging events | |
| ip scp server enable | |
| ip ssh rsa keypair-name SSH-KEYPAIR | |
| ip ssh dh min size 4096 | |
| ip ssh source-interface Vlan1 | |
| ip access-list standard ACL-SSH-IN | |
| permit 192.168.1.0 0.0.0.255 log | |
| deny any log | |
| line vty 0 4 | |
| access-class ACL-SSH-IN in | |
| exec-timeout 30 0 | |
| logging synchronous | |
| length 0 | |
| transport preferred none | |
| transport input ssh | |
| transport output ssh | |
| escape-character 3 | |
| line vty 5 15 | |
| access-class ACL-SSH-IN in | |
| exec-timeout 30 0 | |
| logging synchronous | |
| transport preferred none | |
| transport input ssh | |
| transport output ssh | |
| escape-character 3 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ip access-list standard ACL-SNMP-RO-IN | |
| permit 192.168.1.0 0.0.0.255 log | |
| deny any log | |
| ip access-list standard ACL-SNMP-RW-IN | |
| permit 192.168.1.0 0.0.0.255 log | |
| deny any log | |
| snmp ifmib ifindex persist | |
| snmp-server group AUTHGROUP v3 auth | |
| snmp-server group PRIVGROUP v3 priv | |
| snmp-server view V3ISO iso included | |
| snmp-server view VIEW-SYSTEM-ONLY system included | |
| snmp-server community <redacted> RO ACL-SNMP-RO-IN | |
| snmp-server location "<location>" | |
| snmp-server contact "<contact info>" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| show running-config | |
| show ip int brief | |
| config terminal | |
| conf t | |
| wr | |
| wr mem | |
| copy running-config startup-config |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment