This post is to list out the basic configuration on a Cisco Layer 3 Switch, if you are configuring a Layer 2 Switch, you can simply remove the additional SVIs except for the switch management VLAN.
Host Name and Enable Password Encryption
!
conf t
!
hostname ICTFell_SW
service password-encryption
!Enable 3rd Party SFP Module Support
!
service unsupported-transceiver
!
no errdisable detect cause gbic-invalid
errdisable recovery interval 60
!Domain and DNS Configuraiton
!
ip name-server 172.16.1.1 172.16.1.2
ip domain name ictfella.com
!Enable Link Layer Discovery Protocol (open standard as of Cisco CDP)
!
lldp run
!Add New VLAN
!
vlan 2
name VLAN2
!
vlan 3
name VLAN3
!Add Switch VLAN Interfaces (SVIs)
!
interface Vlan2
description VLAN2
ip address 172.16.2.1 255.255.255.0
interface Vlan3
description VLAN3
ip address 172.16.3.1 255.255.255.0
!
Static Route to Go Out of the Switch and enable Inter-VLAN routing
!
ip route 0.0.0.0 0.0.0.0 172.16.1.4
ip routing
!SNMP String Configuration
!
snmp-server community ICTFellaRO RO
snmp-server community ICTFellaRW RW
snmp-server trap-source Vlan2
snmp-server location IT Dept
snmp-server contact IT Dept
!Configure Banner
!
banner login ^CCC
+-+-+ +-+-+-+-+ +-+ +-+-+-+-+ +-+-+-+-+-+-+ +-+ +-+-+-+-+-+-+-+-+-+
|ICT| |Fella|
+-+-+ +-+-+-+-+ +-+ +-+-+-+-+ +-+-+-+-+-+-+ +-+ +-+-+-+-+-+-+-+-+-+
************************** W A R N I N G **************************
Property of ICT Fella
This is a restricted site and unauthorised access is prohibited!
For access contact ICT Fella before proceeding :
Email : [email protected]
^C
!Access Point Configuration (with Port Security)
!
interface range GigabitEthernet1/0/1-20
description ***VLAN2***
switchport access vlan 2
switchport mode access
switchport port-security maximum 3
switchport port-security aging time 2
switchport port-security aging type inactivity
switchport port-security
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!Trunk Ports Configuration
!
interface range Gi1/0/23-24
description **Access Point**
switchport trunk native vlan 2
switchport mode trunk
switchport trunk allowed vlan all
!
interface range te1/1/1-4
description **UpLink**
switchport trunk native vlan 2
switchport mode trunk
switchport trunk allowed vlan all
!LACP Link Aggregation (Port Channel) Configuration
!
int gi1/0/21
Des ***LACP1**
swi mode trunk
swi trunk allow vlan all
channel-group 1 mode act
int gi1/0/22
Des ***LACP1**
swi mode trunk
swi trunk allow vlan all
channel-group 1 mode act
int po1
Des ***LACP1**
swi mode trunk
swi trunk allow vlan all
!Authentication Configuration
!
enable secret ictfellacom
username admin privilege 15 secret ictfellacom
line vty 0 97
login local
transport input ssh
!IP DHCP Pool Configuration (Switch Acts as DHCP Server)
!
ip dhcp pool "VLAN2"
network 172.16.2.0 255.255.255.0
dns-server 172.16.1.1 172.16.1.2
default-router 172.16.2.1
domain-name ictfella.com
lease 0 2
!DHCP IP Helper (DHCP Forwarding to DHCP Server 172.16.1.1)
Note: Check up below to configure DHCP server on a Domain Controller
How to Migrate DHCP Service from Cisco Core Switch to Server 2022
!
int vlan3
ip helper-address 172.16.1.1
!
(Optional) when you are on the old IOS version, Generate RSA Keys for SSH
!
crypto key generate rsa
!
!make sure you are using 2048bit keys wherever possiableUseful Links
Layer-Three Switching and Forwarding – Cisco