Basic vswitch: the initial vswitch settings cannot be ignored.

VswitchIt can work normally without going through the initial configuration and directly accessing the network. This is the development trend of switches. However, this is a relatively unprofessional approach. If the Initialization Configuration is not completed, it will be very unfavorable for troubleshooting and maintenance in the future. If you do not plan the name of a vswitch properly, it will be difficult to match the name of the vswitch with the position and function of the vswitch in the future, thus making maintenance difficult.

Therefore, in order to optimize switch management and simplify subsequent troubleshooting, you must configure relevant parameters during the initial installation of the switch. Specifically, it mainly involves the following four parameters.

1. Set the system name for the vswitch

To effectively manage a vswitch, it is best to set a meaningful system name for the vswitch. This is the most basic requirement. If you do not configure it, when you log on to the switch for a session using telnet or ssh, the default name of the network device, such as the switch, is displayed on the CLI interface. This default name is not easy to distinguish. Especially in complex enterprise networks, it is very useful to configure meaningful and unique system names for network devices such as switches.

If there is an office building, it is equipped with a switch on each floor. In this case, you can name the switch according to the floor name, such as SWF4. SW indicates that the device is a switch, while F4 indicates that the device is placed on the fourth floor. After seeing the name, the administrator can clearly know the location and purpose of the vswitch. If necessary, I believe that you can add the switch location information and usage to the name. Of course, for the sake of too long name, you can use shorthand or code to record. The purpose of this name is to know the location and role of the vswitch when the Administrator sees the name. If this can be achieved, the naming rules are successful.

In Cisco Series switches, you can use the hostname command or setsystemname to name the system. The difference between the two lies in the different systems used. The former is mainly used in IOS systems, while the latter is mainly used in CatOS.

Ii. Switch clock and NTP settings

In the process of enterprise network troubleshooting and monitoring, it is very important to maintain accurate clock settings and display the correct time and date, and it is also the most basic requirement. When a fault or attack occurs, the correct time information can often help the network administrator reduce the troubleshooting time. For example, when the network is congested, you can determine whether the network is performing some maintenance work based on the time information in the log; or check the firewall to see if there was any attack time at that time. Therefore, when the switch is initialized, you need to set the correct clock. Generally, a basic requirement is that the time of the vswitch must be synchronized with that of other network devices.

To synchronize the time of all network devices in an enterprise, NTP is used. To put it simply, the NTP technology enables the switch to synchronize based on the time of a certain device in the network. When each network device uses the time of one device as the synchronization object, the time of each device is synchronized. When configuring this parameter, I think the following issues are important.

First, when an unexpected event occurs, it is vital to know the exact time of the event in order to be able to control the enterprise network and ensure stable operation of the network. Network Maintenance protocols such as SNMPTRAP need to be used. Therefore, as a network administrator, you must recognize the importance of this time. The time for network devices such as vswitches is not accurate, but the key is whether the time of each network device is synchronized. Because it is often necessary to query the association between logs of different devices. This time is like a keyword between a database table and a table, which serves as a bridge between them. In other words, even if the time is not accurate, but as long as the device in the network time synchronization is OK. On the contrary, if the device time in the network is not synchronized, even if the time of some network devices is accurate, it will bring great difficulties to network maintenance. For this reason, we recommend that you use the NTP technology to synchronize the clock. In Cisco network devices, you can use the ntpserver command to synchronize the clock between a vswitch and an NTP server.

Second, pay attention to the impact of the Daylight Saving Time System. If enterprise users need to adjust their time every day (that is, the period of time in the previous Chinese Daylight Time system is different throughout the year), you need to configure the Daylight Time System to update the system clock from the east. Cisco vswitches basically support this Daylight Saving Time feature. However, it is basically canceled in China, so you don't need to worry about it. If you need to synchronize with a foreign network device, you need to pay attention to whether the other party has similar provisions such as the daylight saving time. In a Cisco switch, if you want to enable the daylight saving time function, you can run the clocksummer-timezonedate command.

Iii. vswitch Remote Management

In the subsequent maintenance process of a vswitch, it rarely runs in front of the vswitch and adopts the control terminal for maintenance. In most cases, telnet or ssh is used for remote maintenance. All Cisco vswitches support remote management of these two protocols. When the network administrator decides to use remote access management, pay attention to the following content.

First, pay attention to the differences between Telent and SSH protocols.

Simply put, their functions and operations on remote management are very similar. The most important difference is the security difference. In short, the user name, password, and other important information of the Telnet protocol during transmission are not encrypted. Therefore, it is easy to be intercepted, resulting in attacks. The SSH protocol is different. The user name, password, and other sensitive information during transmission are encrypted. Therefore, it is relatively safer in remote management. The author suggests that the network administrator should use SSH protocol to remotely manage network devices such as switches, rather than Telnet protocol with weak security mechanisms.

Second, you need to know the vulnerability of the SSH protocol.

Although the SSH protocol is much safer than the Telnet protocol, it is still quite fragile. Dos attacks or buffer overflow may occur. Invalid fields or IP frames may also be sent. For example, attackers can intercept a large number of data frames for key analysis. There is no absolutely secure protocol. In short, the network administrator needs to know that SSH has these security risks and then takes appropriate measures to prevent them. For example, you can change the SSH Login Password at regular or irregular intervals or set the password more complicated, making the attack method of "blocking data for key analysis" invalid.

Third, disable the Telnet protocol on the vswitch.

Generally, in Cisco Series switches, the Telnet protocol is disabled by default, and the switch can be managed remotely only through the SSH protocol. If the network administrator uses a switch of another brand, check whether the Telnet protocol is enabled. If this feature is enabled, we recommend that you disable it. Then, only the ssh protocol is enabled to ensure the security of the enterprise network.

Iv. Set SNMP for vswitch

SNMP is a useful tool for both large and small networks. In small networks, SNMP is suitable for network monitoring. In large networks, SNMP is also an effective network configuration tool. For example, you can use the SNMP tool to manage and configure configuration files. For example, you can use the SNMP protocol to perform interface statistics and performance measurements. For example, you can track the status of interface links.

For enterprises that use Cisco Series network devices, note that the SNMP protocol can be used in three versions: Version 1, version 2C, and version 3. However, most Cisco network devices currently use the second version of the SNMP Protocol, namely snmpv2c. It should be particularly emphasized that if there are other network devices using low-level SNMP protocols in the network, it is necessary to reduce the processing when necessary. That is to say, for the sake of compatibility, adopt a relatively low SNMP Protocol version to achieve unified management.

The SNMP tool must be configured when the vswitch is initialized for convenience of subsequent maintenance, so that it can help the administrator to maintain the complex and changing network environment of the enterprise, SNMP is a complex and powerful management tool.