Q. How Do I provision a new Cisco Switch
Provisioning a New Switch @ Scotch
The purpose of this document is to outline the steps required to provision a new switch at Scotch College. It will contain a reference point to obtain the base template configuration from the TFS server while also including some additional instructions on setting up the correct logging and reporting systems to ensure continued and logged operations of the device.
1: Base switch configuration. This can be found on the TFS server in the networking area. It will include the base configuration to be applied to the switch. Typically, the most efficient way to configure a switch includes the following:
A: Boot up the switch and ensure it is running the latest (best) version of Cisco’s IOS. Further information on this can be found on Ciscos portal, while the details to log into this are found in the password server.
B: Once the latest firmware is installed, configure a trunk port on the switch to your desk where the initial provisioning will take place. Log intop the switch after initial boot and select no to the auto run feature to manually configure the device. Set the VTP information to ensure the switch is in slave mode and make sure the relevant VTP domain and domain password is configured.
Show vtp status
Will show the current VTP status. Check to ensure the parameters are set and correct.
C: Configure a trunked interface on the new switch:
Sw mo trunk
Sw trunk encapsulation dot1q
Will set the basic trunk command to allow vlan propagation. The encapsulation command may not be required depending on the model of switch. Once you connect the Ethernet interface to this configured port, run the command:
This will output all the VLAN’s and ensure the vlan database has propagated successfully. Once this has occurred, disconnect the switch from the network and continue configuring it offline. We can reconnect it later to test ssh access etc once an IP is configured.
Refer to the template to ensure the switches configuration is correct before copying/pasting the configuration. Make sure to do this in small chunks to ensure the buffer doesn’t fill and prevent the code from correctly pasting.
- Note: It is important to have ssh2 set to allow the switch to communicate with Rancid correctly. This should be in the template, but worth noting.
Once the switch has been configured reconnect the trunk interface to ensure it can be reached via ssh. While connected it will need to be added to PRTG, LibreNMS and Rancid.
PRTG: Log into PRTG, add a device and follow the prompts to add a network device. Follow the existing naming convention and use the Scotch Switch template to add the switch. Once detected, remove all the sensors but the ping sensor.
LibreNMS: Much like PRTG, this should be added as a respective device in the same manner the other switches have been added. All defaults can be applied to ensure all interfaces are captured for monitoring etc.
Rancid: Requires more customisation, especially if this is a new switch in a new building. The steps below outline how to log onto Rancid and add the relevant device to the database:
SSH into the PSPNMS01 server (10.83.83.68)
Use "sudo -s" to escalate to root
Use "su rancid" to masquerade as user rancid
Change to Scotch configs directory with "cd /var/lib/rancid/configs/Scotch"
Strip out (or add the switch you need)
Save the file after making the changes (:qw) to write it back.
Once added, make sure you can log into the switch using both it's IP and it's hostname and update the rsa fingerprints.
Ssh admin@<ip> and ssh admin@sct-sw-xx-xxx-01
- It may also be necessary to remove the old ssh fingerprints/keys if the switch decides to create a new one. The below commands will do this.
ssh-keygen -f "/var/lib/rancid/.ssh/known_hosts" -R "10.82.10.151"
ssh-keygen -f "/var/lib/rancid/.ssh/known_hosts" -R "sct-sw-xx-xx-xx”