Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

5 Basic Switch Settings You Must Know

There are five configurations a network administrator should apply to a newly provisioned switch or router. Although application of these configurations may seem like common sense, 90% of devices I see are missing at least one of these settings, and about 75% are missing two or more. Use this checklist as an action item to verify your existing devices have these settings, at minimum, and integrate these in to any templates or provisioning documents you use. You'll appreciate the results of the consistency this adds to your network management and monitoring.

Define a default gateway or default route
Let's start with the fantastically easy one--a management IP and default gateway. Obviously, you can't manage a device across the network unless it has, at bare minimum, a management IP address. Instead of harping on the obvious, instead take note that many times when edge devices are provisioned, an IP address is configured but the default gateway or default route is forgotten or omitted.

What happens when this configuration is missing? Those edge switches will hum along happily until one of three things happens:

  1. Your management tool is installed or moved to a different subnet.
  2. You try to manage the switch from a different network or subnet.
  3. You begin adding other VLANs or subnets to the switch.

Without a default gateway or route off of the network the switch is using, traffic may reach the switch, but it won't find its way back off that network. You won't believe how many edge devices are in the wild with this grievous omission, often resulting in the switch becoming unmanaged, by virtue of the management tools not able to see it.

Cisco & HP Networking:
# ip default-gateway
# ip route 0.0.0.0 0.0.0.0

Set the time
If I could ask administrators to set only one configuration out of the box after the basic IP settings, I'd ask for this: the correct time. Correct time on a switch is vital when troubleshooting the device. A string of log entries dated 1/1/90 are useless to network administrators troubleshooting a problem.

The three most popular ways to set time on a device are manual time settings, TimeP or Network Time Protocol (NTP), and Simple NTP (SNTP). You should really have a time server in your environment to keep the network all in sync. If you don't have a time server now, you can very easily add one. In Windows Server environments, a few clicks will have you up and running with SNTP in less than 5 minutes. You can also use public (Internet-hosted) time servers, although you shouldn't put yourself in a position to force each switch to call out over the Internet for time. As a last resort, set the time manually, but, by all means, set it somehow.

Cisco:
# ntp server
# clock timezone
# show clock

HP Networking:
# ip timep manual
# timesync timep
# clock timezone
Or
# sntp server
# sntp unicast
# timsync sntp
# show time

Enable neighbor discovery
Neighbor discovery protocols are essential for network administrators and management tools to accurately construct a view of the network topology. Each manufacturer has its own supported mix of neighbor discovery protocols, loosely based on how standards-focused that vendor is and how much it wants to pay in royalties to use proprietary protocols. The two most widely used are LLDP (Link Layer Discovery Protocol), an IEEE standard, and CDP (Cisco Discovery Protocol). Support varies by brand and at times even by model or firmware versions. What you may see in some devices is LLDP supported for listening and talking, but only the only CDP support is for listening. Others may offer equal capabilities for both protocols.

Enabling all supported neighbor discovery methods is highly recommended. The information it provides lets you immediately locate neighboring switches and even media endpoints such as phones and access points that use LLDP-MED, an extension of LLDP. Not only can you see where these devices are connected, you can get details of the device type, its host name, IP address and even what port it's connected to on the other end. In a similar fashion, your network monitoring and management tools will use these protocols to crawl the network, discover new devices, and correctly identify and show interswitch links.

Cisco: CDP is enabled by default, Enable LLDP
# lldp run
# show lldp neighbors <+ optional details>

HP Networking: LLDP is enabled by default. Enable CDP receive only support
# show lldp info remote <+ optional details>
# show cdp neighbors <+ optional details>

Configure logging and traps
Notifications of events on the network are a critical component of monitoring, troubleshooting and real-time alerting. Most switches offer two primary means of sending this data to a central repository: logging events via syslog and trap events via SNMP ((Simple Network Management Protocol). Configuration of both is simple, usually varying minimally from switch to switch and even from brand to brand.

Most organizations have a syslog server or a management tool configured to receive SNMP traps. If yours doesn't have such an application, I'd strongly encourage you to use this opportunity to investigate your options. If you don't have budget or time, look at your existing management tools and you'll likely find something you can use already in production. If not, there are a variety of free syslog and SNMP tools; just make sure you download free tools from a source you trust.

Cisco & HP Networking:
# logging
# snmp-server host

Add custom SNMP communities
SNMP is used to manage or monitor all types of devices in a network, including switches, servers and even desktops. SNMP allows us to define different community strings that are mapped to different access rights. Most simply, we have a read-only string and a read-write string. The read-only string lets monitoring tools see and gather information from the device, whereas the read-write string allows management tools to make modifications and configuration changes to the device. By default, switches most often have either no predefined strings or they use a combination of public and private.

Some of you may feel this should be included with the full management configuration (defining local users or RADIUS/TACACS authentication, enabling secure management with SSH and HTTPS), but I define it as one of the recommended out-of-the-box settings. Within an organization, you likely have only a set or two of custom SNMP community strings, and these strings aren't going to change from the time you order the switch, unbox it and then deploy it. Initial omission of the strings is usually an oversight, or network admins consciously leave it out and figure they'll go back and add it later. Your management tools should already be set to talk to your devices using your custom SNMP strings, so go ahead and start off on the right foot by setting it early on the device. Remember, they are case-sensitive, and you'll avoid the frustration of typos if you include these in a template or at least copy-paste from a base text document. Incorrect SNMP strings are frustrating, especially in larger environments. Correct strings will let your device be seen and managed immediately by all your management and monitoring applications.

Cisco:
# snmp-server community ro
# snmp-server community rw
# show snmp

HP Networking:
# snmp-server community operator restricted
# snmp-server community manager unrestricted
# show snmp-server

There are many other configurations recommended in a production environment, including secure encrypted management and file transfers, as well as SNMPv3 in certain networks. These five settings are a quick start to ensuring consistent management of your infrastructure devices across the enterprise.

Learn more about IT PRO Report: Data Center Networking (free, registration required).


Related Reading


More Insights


Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computings Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013



TechWeb Careers