Assign Global Configuration Information
Configure System Clock and Console Timestamps
Step 7
Configure a synchronized clock by programming your network devices to synchronize to a local NTP
server in the network.
The local NTP server typically references a more accurate clock feed from an outside source.
ntp server
!
clock timezone PST -8
clock summer-time PDT recurring
Configure console messages, logs, and debug output to provide timestamps on output, which allows
Step 8
cross-referencing of events in a network.
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
Configure DHCP Snooping Security Features
Enable Dynamic Host Configuration Protocol (DHCP) snooping on the data, voice, and wireless AP
Step 9
VLANs.
The switch intercepts and safeguards DHCP messages within the VLAN. This configuration ensures that
an unauthorized DHCP server cannot allocate addresses to end-user devices.
ip dhcp snooping vlan
no ip dhcp snooping information option
ip dhcp snooping
ip dhcp snooping wireless bootp-broadcast enable
Configure ARP Inspection
ARP inspection is a security feature that prevents ARP spoofing.
Enable Address Resolution Protocol (ARP) inspection on the data, voice, and management VLANs.
Step 10
ip arp inspection vlan
Configure EtherChannel Load Balancing
Set EtherChannels to use the traffic source and destination IP address when calculating which link to
Step 11
send traffic to.
EtherChannel traffic should be balanced across all physical interfaces. The default load-balancing
scheme for EtherChannels is based on the source MAC address.
Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series
36
192.168.0.10
10,11,12,100
10,11,100
Global System Configuration