Access port-- trunk port need to be changed to access and voice vlan

Portfast and bpdu guard should be enabled on all server switch ports
mac move notification--generate logs in the L3 swicthes
Broadcast strom control and multicast strom control g 1.5 % on the trunk ports
Access port on the 6500 series enabled broadcast strom control and multicast str
om control
log
copp--control plane policin--apply qos for CPU
service policy
power redundancy-mode redunant
UDLD should be enabled on all uplinks
STP and HSRP loadbalancing should be done like odd and even vlans
root guard enabled
no ip directed broacast-- L3 interface
cleanup of static routes
3560--sdm perfer routing--reboot---sh sdm prefer--routin--11000 unicast ip adres
s
SSH should be enabled.Telnet should be removed
unwanted SNMP traps hsould be removed.
NTP authentication should be enabled
SNMP traps like cpu , links
DHCP snooping need to enable on the trunk ports
2960s series -- flex stack
nsf,ospf n
trunk*vlan==<=3000.

mode--fault taularance--recommened while teaming configuration should be done.

VSS reports from Vijayram for best practices
native vlan trunk configuration doc

Actionables
In Voice ports remove trunk conifguration and configure as access ports for data
and voice vlan
Portfast and bpdu guard should be enabled on all server switch ports
MAC move notification should be enabled on the switches
On all access ports enable broadcast strom control 1.5% and multicast strom cont
rol
Control plane policing-- Rate limit traficc and implement in the Copp interface
Enable the command power redunancy-mode redunant
UDLD should be enabled on all the uplink ports
STP and HSRP loadbalanching should be done with odd and even vlans
root guard should be enabled
loop guard should be enabled
configure no ip directed-broadcast on all L3 interfaces
Cleanup of static routes /32 in the L3 switches
In 3560 SDM prefer should be configured to support more number of routes in the
L3 switches
SSH should be enabled
Unwanted SNMP traps should be removed
NTP authentication should be enabled
enable critical SNMP traps for cpu and links on access switches
Enable DHCP snooping to eliminate the rouge DHCP server requests
Logging trap debugging
Enable vtp version 2 with password on all switches in the infracture
shut down all unused ports
Dyanmic arp inspection--DAI

Server Team
Recomend server team to configure fault tolarance while performing teaming confi
gurations

Vijayarm
VSS reports for best practices
native vlan trunk conifgurations documents
12.2 sxh1
arp timer 900 mac aging 900 msec
NBAR
document for control plane policing