Professional Documents
Culture Documents
2) Pre-Implementation Checklist
2.1
2.2
3) Implementation
3.1 Integration Device Management
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
re-Implementation Checklist
Capture and backup Device
Labeling cable
Save & Backup configuration
mplementation
ntegration Device Management
Bring UP Management Switch PDC
Bring UP Management Switch SDC
Plug cable & Configure Management Port UAT SDC Devices
Config & verify NTP
Config SNMP & Adding nodes to Solarwind
Telnet port 49 for TACACS Verification
Configure TACACS for NEW MGMT SW (PDC & SDC) & UAT Devices
1 Day N
√
√ 1 Day N
√ 1 Day N
√ √ 1 Day N
√ 1 Day
IMPLEMENTATION
1 Move cable
!!! Move MGMT cable to NEW Switch
2 Global Configuration
3 SNMP Configuration
4 Access-List
5 NTP & SYSLOG
6 Interface Configuration
interface Fa0/6
description ***To idjktpdc01extxes05 Gi1/0/47**
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 8,38
switchport mode trunk
7 AAA and Radius Configuration
FALLBACK
idjktpdc01extxes04 idjktpdc01extxes03
interface Fa0/6 interface Fa0/6
description ***To idjktpdc01extxes05 Gi1/0/48** description ***To idjktsdc03extxes06 Gi1/0/47**
switchport trunk encapsulation dot1q switchport trunk encapsulation dot1q
switchport trunk allowed vlan 8,38 switchport trunk allowed vlan 8,38
switchport mode trunk switchport mode trunk
SDC PDC
idjktpdc01extxes04 idjktpdc01extxes05
idjktpdc01extxes04 idjktpdc01extxes05
hostname idjktpdc01extxes05
!
banner login ^C
idjktpdc01extxes05 (WS-C3650-48FS-S)
^C
ip route 0.0.0.0 0.0.0.0 10.232.8.254
interface GigabitEthernet1/0/1
description ***To idjktpdc01extxr14 Gi0***
switchport access vlan 8
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
description ***To idjktpdc01extxr15 Gig0***
switchport access vlan 8
switchport mode access
spanning-tree portfast
!
interface range GigabitEthernet1/0/3-46
switchport access vlan 8
switchport mode access
spanning-tree portfast
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet1/0/47
description ***To idjktpdc01extxes04 Fa0/6***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 8,38
switchport mode trunk
no channel-group 5 mode on
!
interface GigabitEthernet1/0/48
description ***To idjktpdc01extxes04 Fa0/31***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 8,38
switchport mode trunk
no channel-group 5 mode on
!
interface Vlan1
no ip address
shutdown
!
interface Vlan8
no shutdown
description ***MGMT PDC***
ip address 10.232.8.88 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan38
no shutdown
description ***MGMT SDC***
ip address 10.232.38.88 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
aaa new-model
aaa authentication login DBS_TACACS group ta
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group tacacs+ no
aaa authorization exec DBSINDO_TACACS grou
aaa authorization configuration default group ta
aaa authorization commands 15 default group t
aaa accounting exec default start-stop group ta
aaa accounting commands 15 default start-stop
no username admin
no aaa new-model
line vty 0 4
login local
no access-class 12 in vrf-also
no login authentication DBSINDO_TACACS
SDC
idjktsdc03extxes06
idjktsdc03extxes06
hostname idjktsdc03extxes06
!
banner login ^C
idjktsdc03extxes06 (WS-C3650-48FS-S)
^C
ip route 0.0.0.0 0.0.0.0 10.232.38.254
interface GigabitEthernet1/0/1
description ***To idjktsdc03extxr14 Gi0***
switchport access vlan 38
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
description ***To idjktsdc03extxr15 Gi0***
switchport access vlan 38
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/3
description ***To idjktsdc03uatxr01 Gi0***
switchport access vlan 38
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/4
description ***To idjktsdc03uatxr02 Gi0***
switchport access vlan 38
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/5
description ***To idjktsdc03uatxs01 Gi0/0***
switchport access vlan 38
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/6
description ***To idjktsdc03uatxs01 Gi0/0***
switchport access vlan 38
switchport mode access
spanning-tree portfast
!
interface range GigabitEthernet1/0/7-46
switchport access vlan 38
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/47
description ***To idjktsdc03extxes03 Fa0/x***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 8,38
switchport mode trunk
!
interface GigabitEthernet1/0/48
description ***To idjktsdc03extxes03 Fa0/x***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 8,38
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan8
no shutdown
description ***MGMT PDC***
ip address 10.232.8.98 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan38
no shutdown
description ***MGMT SDC***
ip address 10.232.38.98 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
aaa new-model
aaa authentication login DBS_TACACS group ta
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group tacacs+ no
aaa authorization exec DBSINDO_TACACS grou
aaa authorization configuration default group ta
aaa authorization commands 15 default group t
aaa accounting exec default start-stop group ta
aaa accounting commands 15 default start-stop
no username admin
no aaa new-model
line vty 0 4
login local
no access-class 12 in vrf-also
no login authentication DBSINDO_TACACS
SDC
idjktsdc03uatxs01
idjktsdc03uatxs01
hostname idjktsdc03uatxs01
!
banner login ^C
idjktsdc03uatxs01 (C9500-48Y4C-A)
^C
ip route vrf Mgmt-vrf 10.0.0.0 255.0.0.0 10.232.38.254
!
interface GigabitEthernet0/0
no shutdown
ip address 10.232.38.212 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
aaa new-model
aaa authentication login DBS_TACACS group tacacs+ enable
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group tacacs+ none
aaa authorization exec DBSINDO_TACACS group tacacs+ none
aaa authorization configuration default group tacacs+
aaa authorization commands 15 default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
ip tacacs source-interface GigabitEthernet0/0
tacacs-server host 10.67.1.75 key 7 104A0B0A0F16190A1E102B
tacacs-server host 10.232.6.237 key 7 01170417510A0D0E33584F
tacacs-server host 10.232.36.237 key 7 13011501010D0F2B393029
tacacs-server host 10.67.1.78 key 7 01170417510A0D0E33584
!
line con 0
exec-timeout 15 0
login authentication DBSINDO_TACACS
line aux 0
exec-timeout 15 0
login authentication DBSINDO_TACACS
line vty 0 4
access-class 12 in vrf-also
exec-timeout 15 0
login authentication DBSINDO_TACACS
transport input ssh
line vty 5 15
transport input none
no username admin
no aaa new-model
line vty 0 4
login local
no access-class 12 in vrf-also
no login authentication DBSINDO_TACACS
CWJ 31st Floor
no ip access-list extended ACL-POSTURE-REDIRECT
SDC
idjktsdc03uatxs02
idjktsdc03uatxs02
hostname idjktsdc03uatxs01
!
banner login ^C
idjktsdc03uatxs02 (C9500-48Y4C-A)
^C
ip route vrf Mgmt-vrf 10.0.0.0 255.0.0.0 10.232.38.254
!
no username admin
no aaa new-model
line vty 0 4
login local
no access-class 12 in vrf-also
no login authentication DBSINDO_TACACS
CWJ 31st Floor
no ip access-list extended ACL-POSTURE-REDIRECT
SDC
idjktsdc03uatxr01
idjktsdc03uatxr01
hostname idjktsdc03uatxs01
!
banner login ^C
idjktsdc03uatxr01 (ISR4331)
^C
ip route vrf Mgmt-intf 10.0.0.0 255.0.0.0 10.232.38.254
!
no username admin
no aaa new-model
line vty 0 4
login local
no access-class 12 in vrf-also
no login authentication DBSINDO_TACACS
CWJ 31st Floor
no ip access-list extended ACL-POSTURE-REDIRECT
SDC
idjktsdc03uatxr02
idjktsdc03uatxr02
hostname idjktsdc03uatxr02
!
banner login ^C
idjktsdc03uatxr02 (ISR4331)
^C
ip route vrf Mgmt-intf 10.0.0.0 255.0.0.0 10.232.38.254
!
no username admin
no aaa new-model
line vty 0 4
login local
no access-class 12 in vrf-also
no login authentication DBSINDO_TACACS
CWJ 31st Floor
no ip access-list extended ACL-POSTURE-REDIRECT
aaa authentication login
aaa authorization consol
aaa authorization config-
aaa authorization exec d
aaa authorization exec D
aaa authorization configu
aaa authorization comm
aaa accounting exec def
aaa accounting comman
!
ip tacacs source-interfac
tacacs-server host 10.67
tacacs-server host 10.23
tacacs-server host 10.23
tacacs-server host 10.67
!
line con 0
exec-timeout 15 0
login authentication DBS
line aux 0
exec-timeout 15 0
login authentication DBS
line vty 0 4
access-class 12 in vrf-a
exec-timeout 15 0
login authentication DBS
transport input ssh
line vty 5 15
transport input none
no username admin
aaa authentication login DBS_TACACS group tacacs+ enable
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group tacacs+ none
aaa authorization exec DBSINDO_TACACS group tacacs+ none
aaa authorization configuration default group tacacs+
aaa authorization commands 15 default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
exec-timeout 15 0
login authentication DBSINDO_TACACS
line vty 0 4
access-class 12 in vrf-also
exec-timeout 15 0
login authentication DBSINDO_TACACS
transport input ssh
line vty 5 15
transport input none
no username admin
Open Rule based on this requirement:
SOURCE
Hostname/
No. IP Address
Location
10.234.34.0/24 NET_DBSI_USER_CWJ_SEGMENT34
10.234.44.0/24 NET_DBSI_USER_CWJ_SEGMENT44
10.232.39.0/24 NET_DBSI_Working_Room_Sigma
1
10.232.9.0/24 NET_DBSI_Working_Room_DCI
10.232.38.210/32 idjktsdc03uatxr01
10.232.38.211/32 idjktsdc03uatxr02
10.232.38.212/32 idjktsdc03uatxs01
2
10.232.38.213/32 idjktsdc03uatxs02
10.232.8.88/32 idjktpdc01extxes05
10.232.38.98/32 idjktsdc03extxes06
10.232.38.210/32 idjktsdc03uatxr01
10.232.38.211/32 idjktsdc03uatxr02
10.232.38.212/32 idjktsdc03uatxs01
3
10.232.38.213/32 idjktsdc03uatxs02
10.232.8.88/32 idjktpdc01extxes05
10.232.38.98/32 idjktsdc03extxes06
10.232.36.212/32
10.232.36.213/32
10.67.10.15/32 Solarwind
4
Netbrain
10.67.22.155/32
10.67.22.157/32
10.232.38.210/32 idjktsdc03uatxr01
10.232.38.211/32 idjktsdc03uatxr02
5 10.232.38.212/32 idjktsdc03uatxs01
10.232.38.213/32 idjktsdc03uatxs02
10.232.38.98/32 idjktsdc03extxes06
6 10.232.8.88/32 idjktpdc01extxes05
10.232.38.210/32 idjktsdc03uatxr01
10.232.38.211/32 idjktsdc03uatxr02
7 10.232.38.212/32 idjktsdc03uatxs01
10.232.38.213/32 idjktsdc03uatxs02
10.232.8.88/32 idjktpdc01extxes05
10.232.38.98/32 idjktsdc03extxes06
10.232.38.210/32 idjktsdc03uatxr01
10.232.38.211/32 idjktsdc03uatxr02
8
8
10.232.38.212/32 idjktsdc03uatxs01
10.232.38.213/32 idjktsdc03uatxs02
10.232.38.210/32 idjktsdc03uatxr01
10.232.38.211/32 idjktsdc03uatxr02
9
10.232.38.212/32 idjktsdc03uatxs01
10.232.38.213/32 idjktsdc03uatxs02
IP NAT Allocation
Device IP Real
idjktsdc03uatxr01 10.232.38.210/24
idjktsdc03uatxr02 10.232.38.211/24
idjktsdc03uatxs01 10.232.38.212/24
idjktsdc03uatxs02 10.232.38.213/24
idjktpdc01extxes05 10.232.8.88/24
idjktsdc03extxes06 10.232.38.98/24
DESTINATION
10.232.36.212/32 Solarwind
10.232.36.213/32 Netbrain
10.67.10.15/32
UDP_161
10.67.22.155/32
10.67.22.157/32
10.232.38.210/32 idjktsdc03uatxr01
10.232.38.211/32 idjktsdc03uatxr02
10.232.38.212/32 idjktsdc03uatxs01 UDP_162
10.232.38.213/32 idjktsdc03uatxs02
10.232.8.88/32 idjktpdc01extxes05
10.232.38.98/32 idjktsdc03extxes06
TCP_123
UDP_123
10.232.40.3/32
NTP SDC
10.232.40.4/32
TCP_123
10.232.10.3/32, 10.232.10.3/32 NTP PDC
UDP_123
10.232.74.10/32
10.232.74.11/32
DNS UDP_53
DNS UDP_53
10.232.70.52/32
IP NAT
10.232.36.245
10.232.36.246
10.232.36.247
10.232.36.248
10.232.6.238
10.232.36.138
Rule
ADD/
DELETE
ADD
ADD
ADD
ADD
ADD
ADD
ADD
ADD
ADD
ADD
Hostname Port Mgt Sw Mgt Hostname Sw Mgt Port VLAN
idjktsdc03uatxr01 Gi0 idjktsdc03extxes06 Gi0/3 access vlan 38
idjktsdc03uatxr02 Gi0 idjktsdc03extxes06 Gi0/4 access vlan 38
idjktsdc03uatxs01 Gi0/0 idjktsdc03extxes06 Gi0/5 access vlan 38
idjktsdc03uatxs02 Gi0/0 idjktsdc03extxes06 Gi0/6 access vlan 38
Old Port New Port Description Cable Type
Idjktsdc03uatxs01
Gi1/0/1 Twen1/0/1 *** To idjktsdc03uatxr01 _Gi0/0/1*** UTP
Gi1/0/2 Twen1/0/2 *** To idjktsdc03extxis03_Gi1/0/42*** UTP
Gi1/0/3 Twen1/0/47 idjktsdc03uatxs02_Twenty1/0/47 UTP
Gi1/0/4 Twen1/0/48 idjktsdc03uatxs02_Twenty1/0/48 UTP
Idjktsdc03uatxs02
Gi1/0/1 Twen1/0/1 *** To idjktsdc03uatxr02 _Gi0/0/1*** UTP
Gi1/0/2 Twen1/0/2 *** To idjktsdc03extxis04_Gi1/0/42*** UTP
Gi1/0/3 Twen1/0/47 idjktsdc03uatxs01_Twenty1/0/47 UTP
Gi1/0/4 Twen1/0/48 idjktsdc03uatxs01_Twenty1/0/48 UTP