basics | defaults | fw | init | lacp | passwords | setup | ssh
no need for ethernet frame padding
no service pad
(weak) password encryption is disabled
no service password-encryption
no need for Radius nor TACACS+ just yet
no aaa new-model
allow first and last subnet addresses e.g. .0 and .255
ip subnet-zero
enable per vlan spanning tree
spanning-tree mode pvst
that one shows up only on very-old switches
no spanning-tree optimize bpdu transmission
fail and display error messages in case of issues with aggregated links
spanning-tree etherchannel guard misconfig
avoid the need for using thousand MACs for bridge IDs
spanning-tree extend system-id
that’s for l3 catalysts, not sure why it shows up on an 2960 – start allocate internal vlans from 1006 upwards
vlan internal allocation policy ascending
otherwise 4094 downwards
!vlan internal allocation policy descending
you will notice LOOP packets in wireshark, as keepalive is the default.
keep it as such as it is required to determine whether an interface is up or not.
What is IP Subnet Zero? - Cisco Articles & Tips https://www.petri.com/csc_ip_subnet_zero
What does ip subnet-zero command do? https://learningnetwork.cisco.com/thread/32136
https://community.cisco.com/t5/switching/no-spanning-tree-optimize-bpdu-transmission/td-p/809382
Consquences of “no keepalive” on switch port https://learningnetwork.cisco.com/thread/35077
Error - “%ETHCNTR-3-LOOP_BACK_DETECTED” Catalyst switch that runs Cisco IOSĀ® Software https://community.cisco.com/t5/networking-documents/error-quot-ethcntr-3-loop-back-detected-quot-catalyst-switch/ta-p/3127989
Disabling keepalive in switch https://community.cisco.com/t5/switching/disabling-keepalive-in-switch/td-p/2275311