The initial setting of the switch is important

Switch does not need to go through the initial configuration, direct access to the network can work properly, this is the development trend of the switch now. But this is a relatively unprofessional approach. Because if the relevant initialization configuration is not done, it is very unfavorable for the subsequent error and maintenance. If the name of the switch is not properly planned, then it will be difficult to switch the name of the switch with the location, function, so as to bring a certain degree of difficulty maintenance.

Therefore, in order to optimize the management of the switch and simplify the subsequent scheduling, the relevant parameters must be configured when the switch is initially installed. Specifically, the following four major parameters are involved.

First, the switch sets the system name

In order to be able to effectively manage the switch, it is best to set a meaningful system name for the switch. This is a basic requirement. If you do not configure, the CLI interface displays the default name of a network device such as a switch when using a Telnet or SSH protocol to log in to a switch for a session. This default name is not easy to differentiate. Especially in a more complex enterprise network, it is very useful to configure a meaningful and unique system name for network devices such as switches.

If there is an office building now, it is equipped with a switch on every floor. The name of the switch can be named after the floor, such as SWF4. SW says the device is a switch, and F4 says it is placed on the fourth floor. After seeing this name, the administrator will be able to know the location of the switch at a glance, the purpose and so on. If necessary, the author believes that the location of the switch can be information, use and so on are added to the name. Of course, in order to name too long, you can use the shorthand or code of the way to record. This name is only for one purpose, when an administrator sees the name and knows the location and function of the switch. If this is achieved, then the naming convention is successful.

In Cisco series switches, you can use the hostname command or Setsystemname to name the system. The difference between the two is mainly due to the different systems used. The former is mainly used in iOS systems, while the latter is mainly used in CatOS.

Second, switch set clock and NTP

Maintaining accurate clock settings and displaying the correct time and date are important and basic requirements in the process of enterprise network scheduling and monitoring. When a fault or attack occurs, the right time information can often help the network administrator reduce the time of the wrong scheduling. If the network is congested, you can judge whether the network is doing some maintenance work according to the time information in the log, or look at the firewall to see if there is an attack time. So when the switch is initialized, you need to set the correct clock. In general, a basic requirement is that the switch should be synchronized with the time of other network devices.

In order to realize the synchronization of all network equipment in enterprise, it is mainly realized through NTP. Simply put, the NTP technique is to synchronize a switch based on the time of a device in the network. When each network device takes the time of one device as the synchronization object, the time of each device is synchronized. In the configuration of this parameter, I think the main attention to the following aspects of the problem.

When the accident occurs, in order to be able to position the control of the enterprise network and the stable operation of the network, it is important to know the exact time of occurrence. such as snmptrap and other network maintenance protocols, need to use it. Therefore, as a network administrator, we must recognize the importance of this time. The time of network equipment such as its switch is not to be accurate, the key is whether the time of each network device is synchronized. Because it is often necessary to correlate queries between logs from different devices. This time is like a database table and the keyword between the table, in which play a matchmaking role. In other words, even if time is not allowed, but as long as the network within the time synchronization of devices can be. On the contrary, if the network equipment time is not synchronized, even if some network equipment time is accurate, it will also bring a lot of network maintenance. Therefore, the author suggests that it is best to use NTP technology to realize clock synchronization. In Cisco network devices, you can use the NtpServer command to make a switch to clock sync with an NTP server.

More Wonderful content: http://www.bianceng.cnhttp://www.bianceng.cn/Network/jhjs/

The second is to pay attention to the effect of daylight saving time. If the location of the enterprise user needs to be adjusted every day (that is, the domestic daylight saving time is different throughout the year), then you need to update the system clock from the east by configuring daylight saving time. Cisco's series of switches basically support this daylight saving time feature. But now basically the domestic has been canceled, so do not need special attention. Only if you need to synchronize with foreign network equipment, you need to pay attention to whether the other side of the summer system and other similar provisions. In Cisco switches, if you want to enable this daylight saving time feature, you can implement it by command clocksummer-timezonedate command.

Third, the way the switch sets up remote management

In the process of subsequent maintenance of the switch, rarely run to the switch in front of the control side of the way to maintain. In most cases, remote maintenance is performed using a telnet or SSH protocol. Remote management access for both protocols is supported in Cisco series switches. When your network administrator decides to use Remote administration access, you need to be aware of the following.

One is to pay attention to the difference between telent and SSH protocol.

Simply put, they are very similar in their remote management functions and operations, the most important one is the difference in security. Simply put, the Telnet protocol in the transmission process of the user name, password and other important information is not encrypted, so easy to intercept, resulting in attacks. and SSH protocol is different, its in the transmission process of user name, password and other sensitive information are encrypted processing. So comparatively, it is relatively safe in remote management. The author suggests that network administrators should use SSH protocol to remotely manage network devices such as switches, rather than using the Telnet protocol with weak security mechanism.

The second is to know the vulnerability of the SSH protocol.

Although the SSH protocol is much safer than the Telnet protocol, it still has a lot of vulnerabilities. If a Dos attack or buffer overflow can occur, an invalid field or an invalid IP frame will be sent, such as an attacker can intercept a large number of data frames for key analysis, and so on. There is no absolute security agreement. In short, network administrators need to know that SSH has these security risks, and then use the appropriate measures to prevent. If you can change the SSH login password or set the password more complicated, so that the attack means of "key analysis by intercepting data" is invalid and so on.

The third is to disable the Telnet protocol on the switch.

Typically in Cisco series switches, the Telnet protocol is not enabled by default and can only remotely manage the switch via the SSH protocol. If your network administrator is using a different brand of switch, then you need to make sure that the Telnet protocol is enabled. If enabled, then the author suggests that it be turned off. The SSH protocol is then enabled only to ensure the security of the corporate network.

Iv. Switch Setup SNMP tool

SNMP is a very useful tool for both large and small networks. In a small network, SNMP is more suitable for network monitoring, while in large networks, SNMP is an effective network configuration tool. If the SNMP tool can be used to manage and configure configuration files, such as the use of SNMP protocol for Interface statistics and performance metrics, such as the status of the interface link can be traced and so on.

For businesses using Cisco's series of networked devices, it is important to note that there are three versions of the SNMP protocol available, version 1, version 2C, With version 3. However, most Cisco network devices currently used are the second version of the SNMP protocol, that is, snmpv2c. It is important to emphasize that if there are other network devices in the network that use low-level SNMP protocols, then it is necessary to reduce the processing. That is, for the sake of compatibility, adopt lower SNMP protocol version to achieve unified management.

The SNMP tool must be configured when the switch is initialized, so that it can help the administrator to maintain the complex and changeable network environment of the enterprise, because SNMP is a more complex and powerful management tool.