1) Get familiar with the network
2) Create an accurate Network Diagram!
3) Work logically, from the bottom up in the OSI model:
Physical > Data Link > Network > Transport > Session > Presentation > Application
Most problems lie within Physical, Data Link, Network, and Transport. The issues above that are usually based around development and application problems.
- Check cabling issues
- Check speed and duplex are matching
- Check that the VLAN is still prevent
Spanning Tree Issues:
- Solve the immediate problem by disconnecting the redundant links
- Ensure all links reflect are on your network diagram
- Ensure the root bridge is the correct one
- Make sure all switches are running RSTP!
VLAN and Trunking Issues:
- Watch for native VLAN mismatch
- Hard code trunk ports to trunk mode and On.
- Make sure the VLAN has been activated on the switch.
- Verify the IP address assignments on the VLAN and VLAN interfaces
- Use ping and trace route to diagnose routing issues
- Verify the trunks are correct
- Verify VTP information: Name, Password, Version, Modes
- Last resort: Delete Flash:VLan.dat will delete all VTP & VLAN information!
To secure the switch, do the following recommendations:
- Physical Security
- Set passwords and Logon Banners
- Disable the web server – conf t > no ip http sevrer & no ip http secure
- Limit remote access subnets via access-lists
- use SSH instead of Telnet
- Configure Logging – conf t > logging buffered XXXXXX (sets the logging buffer size) > logging XXX.XXX.XXX.XXX (this points the logs to the IP of a syslog server).
- Limit the ports with CDP – conf t > int faX/X > no cdp enable
(turns off CDP on a port) or no cdp run (disables on the entire switch). CDP is required for IP phones so try to limit this to ports only.
- Use BPDUGuard on Portfast ports – conf t > int faX/X > spanning-tree bpduguard. This will shut down the interface if BPDU’s are seen coming from a port you put this on. This should be used with portfast on ports that switches should not be plugged into.