Global System Configuration
This configuration normalizes the method in which traffic is load-shared across the member links of an
EtherChannel. EtherChannels are used extensively in this design because of their resilience.
port-channel load-balance src-dst-ip
Create Access Layer VLANs
Create VLANs to separate traffic based on end-user devices.
Step 12
When VLANs are created, they automatically join any interface that is configured for trunk mode.
Earlier, the uplink interface was configured for trunk mode. Therefore, the uplink interface should now
be a member of these VLANs.
Use consistent VLAN IDs and VLAN names in the access layer. Consistent IDs and names help with
consistency, and network operation becomes more efficient.
Do not use VLAN 1.
Note
Use VLAN 200 for wireless clients only if the switch operates as a wireless controller in the converged
Note
access mode.
vlan
name
vlan
name
vlan
name
vlan
name
Create IPv6 First-Hop Security Policies
Create and apply global IPv6 security policies on the uplink interfaces to define the trust and roles on
Step 13
the connected distribution switches or routers.
Blocking router advertisements with Router Advertisement Guard and DHCP responses from untrusted
sources are an easy way to secure against the most common IPv6 problems.
Access interfaces to end devices should not be trusted for router advertisements and IPv6 DHCP
Note
response.
10
Data
11
Voice
12
Access_Points
200
Wireless_Client
Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series
Assign Global Configuration Information
37