How to Configure Cisco Layer 3 Switch

This post is to list out the basic configuration on a Cisco Layer 3 Switch, if you are configuring a Layer 2 Switch, you can simply remove the additional SVIs except for the switch management VLAN.

Host Name and Enable Password Encryption

!
conf t
!

hostname ICTFell_SW
service password-encryption
!

Enable 3rd Party SFP Module Support

!
service unsupported-transceiver

!
no errdisable detect cause gbic-invalid
errdisable recovery interval 60
!

Domain and DNS Configuraiton

!
ip name-server 172.16.1.1 172.16.1.2
ip domain name ictfella.com
!

Enable Link Layer Discovery Protocol (open standard as of Cisco CDP)

!
lldp run
!

Add New VLAN

!
vlan 2
 name VLAN2
!
vlan 3
name VLAN3
!

Add Switch VLAN Interfaces (SVIs)

!
interface Vlan2
 description VLAN2
 ip address 172.16.2.1 255.255.255.0

interface Vlan3
 description VLAN3
 ip address 172.16.3.1 255.255.255.0
!

Static Route to Go Out of the Switch and enable Inter-VLAN routing


!
ip route 0.0.0.0 0.0.0.0 172.16.1.4
ip routing
!

SNMP String Configuration

!
snmp-server community ICTFellaRO RO
snmp-server community ICTFellaRW RW
snmp-server trap-source Vlan2
snmp-server location IT Dept
snmp-server contact IT Dept
!

Configure Banner

!
banner login ^CCC
+-+-+ +-+-+-+-+ +-+ +-+-+-+-+ +-+-+-+-+-+-+ +-+ +-+-+-+-+-+-+-+-+-+
            |ICT| |Fella|
+-+-+ +-+-+-+-+ +-+ +-+-+-+-+ +-+-+-+-+-+-+ +-+ +-+-+-+-+-+-+-+-+-+

************************** W A R N I N G **************************
              Property of ICT Fella
 This is a restricted site and unauthorised access is prohibited!

      For access contact ICT Fella before proceeding :
      Email : [email protected]


^C
!

Access Point Configuration (with Port Security)

!
 interface range GigabitEthernet1/0/1-20
 description ***VLAN2***
 switchport access vlan 2
 switchport mode access
 switchport port-security maximum 3
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 switchport port-security
 spanning-tree portfast
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
!

Trunk Ports Configuration

!
interface range Gi1/0/23-24
 description **Access Point**
 switchport trunk native vlan 2
 switchport mode trunk
 switchport trunk allowed vlan all
!
interface range te1/1/1-4
 description **UpLink**
 switchport trunk native vlan 2
 switchport mode trunk
 switchport trunk allowed vlan all
!

LACP Link Aggregation (Port Channel) Configuration

!
int gi1/0/21
Des ***LACP1**
swi mode trunk
swi trunk allow vlan all
channel-group 1 mode act

int gi1/0/22
Des ***LACP1**
swi mode trunk
swi trunk allow vlan all
channel-group 1 mode act

int po1
Des ***LACP1**
swi mode trunk
swi trunk allow vlan all
!

Authentication Configuration

!
enable secret ictfellacom
username admin privilege 15 secret ictfellacom

line vty 0 97
login local
transport input ssh
!

IP DHCP Pool Configuration (Switch Acts as DHCP Server)

!
ip dhcp pool "VLAN2"
 network 172.16.2.0 255.255.255.0
 dns-server 172.16.1.1 172.16.1.2 
 default-router 172.16.2.1 
 domain-name ictfella.com
 lease 0 2
!

DHCP IP Helper (DHCP Forwarding to DHCP Server 172.16.1.1)

Note: Check up below to configure DHCP server on a Domain Controller

How to Migrate DHCP Service from Cisco Core Switch to Server 2022

!
int vlan3
ip helper-address 172.16.1.1
!

(Optional) when you are on the old IOS version, Generate RSA Keys for SSH

!
crypto key generate rsa
!
!make sure you are using 2048bit keys wherever possiable

Useful Links

Layer-Three Switching and Forwarding – Cisco

Leave a Comment

Your email address will not be published. Required fields are marked *