Global System Configuration
Assign Global Configuration Information
37
Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series
This configuration normalizes the method in which traffic is load-shared across the member links of an
EtherChannel. EtherChannels are used extensively in this design because of their resilience.
Create Access Layer VLANs
Step 12
Create VLANs to separate traffic based on end-user devices.
When VLANs are created, they automatically join any interface that is configured for trunk mode.
Earlier, the uplink interface was configured for trunk mode. Therefore, the uplink interface should now
be a member of these VLANs.
Use consistent VLAN IDs and VLAN names in the access layer. Consistent IDs and names help with
consistency, and network operation becomes more efficient.
Note
Do not use VLAN 1.
Note
Use VLAN 200 for wireless clients only if the switch operates as a wireless controller in the converged
access mode.
Create IPv6 First-Hop Security Policies
Step 13
Create and apply global IPv6 security policies on the uplink interfaces to define the trust and roles on
the connected distribution switches or routers.
Blocking router advertisements with Router Advertisement Guard and DHCP responses from untrusted
sources are an easy way to secure against the most common IPv6 problems.
Note
Access interfaces to end devices should not be trusted for router advertisements and IPv6 DHCP
response.
Содержание Catalyst 3850
Страница 2: ......
Страница 4: ......
Страница 10: ...Contents vi Cisco Catalyst 3850 Series and Cisco Catalyst 3650 Series Switches Best Practices Guide ...