Switch Configuration© 2004, Cisco Systems, Inc. All rights reserved.   1
Objectives       © 2004, Cisco Systems, Inc. All rights reserved.   2
Starting the SwitchSwitches:• have several ports that hosts can connect to;• have specialized ports for the purpose of  ma...
Catalyst 2950 series Switches Features• Fixed configuration  symmetrical switches with  all ports being FastEthernet  or 1...
LEDs Light-emitting diodes (LEDs) • help monitor system activity and performance; • on the front of a switch:       - Syst...
LEDsSystem LED• shows whether the system is receiving power and functioning  correctly;RPS LED• indicates whether or not t...
Mode LED     © 2004, Cisco Systems, Inc. All rights reserved.   7
Verifying Port LEDs During Switch POST  Power-On Self Test (POST)  • runs automatically to verify that the switch  functio...
Verifying Port LEDs During Switch POST Port Status LEDs during POST: turn amber - for about 30 seconds • the switch discov...
Connecting Switch to PC © 2004, Cisco Systems, Inc. All rights reserved.   10
Console Connection      © 2004, Cisco Systems, Inc. All rights reserved.   11
Console Connection      © 2004, Cisco Systems, Inc. All rights reserved.   12
Console Connection      Shows information about the switch:      • details about POST status;      • data about the switch...
Switch CLI© 2004, Cisco Systems, Inc. All rights reserved.   14
Command-Line Interface (CLI)Command-line interface (CLI) for Cisco switches:• is very similar to the CLI for Cisco routers...
“Help” command      © 2004, Cisco Systems, Inc. All rights reserved.   16
Command Modes                              • User EXEC                              • Privileged EXEC     © 2004, Cisco Sy...
User EXEC mode  User EXEC mode  • default mode;  • is recognized by its prompt, which    ends in a greater-than character ...
Privileged EXEC modePrivileged EXEC mode• to enter enable command is used from User EXEC  mode;• is recognized by its prom...
Default Running Configuration   © 2004, Cisco Systems, Inc. All rights reserved.   20
Default Running Configuration Default Running Configuration • when powered up for the first time, a switch   has default d...
Verifying the Catalyst Switch DefaultConfiguration               • show running-config               • show interface     ...
Default Running Configuration       © 2004, Cisco Systems, Inc. All rights reserved.   23
Default Port Settings  Default Running Configuration  • the switch ports or interfaces are set to    auto mode;  • all swi...
Default Port Settings       © 2004, Cisco Systems, Inc. All rights reserved.   25
Default Port Settings       © 2004, Cisco Systems, Inc. All rights reserved.   26
Default Flash Directory Content                                                          IOS image                        ...
Default Flash Directory ContentDefault Running Configuration• by default flash directory contains:     - IOS image;     - ...
IOS Version and Config. Register             show version command – used to verify:             • IOS version;            ...
Reset Switch Configuration    © 2004, Cisco Systems, Inc. All rights reserved.   30
Reset Switch ConfigurationSteps to overwrite any existing configuration:Erase the back up configuration file:    - delete ...
Reset Switch Configuration       © 2004, Cisco Systems, Inc. All rights reserved.   32
Configuring the Switch© 2004, Cisco Systems, Inc. All rights reserved.   33
Hostname and Passwords Configuration      © 2004, Cisco Systems, Inc. All rights reserved.   34
IP address and Default Gateway Configuration      IP address Configuration:      • allows the switch to be accessible by T...
VLAN1Management VLAN:• by default, VLAN 1 is the management  VLAN;• all internetworking devices should be in  the manageme...
Port Speed and Duplex Settings Configuration        © 2004, Cisco Systems, Inc. All rights reserved.   37
Port Speed and Duplex Settings Configuration   Fast Ethernet switch ports:   •by default set to auto-speed and auto-   dup...
HTTP Service and Port Configuration• Intelligent network devices can provide a web-based  interface for configuration and ...
HTTP Service and Port Configuration       © 2004, Cisco Systems, Inc. All rights reserved.   40
Configuring the Catalyst Switch                                                             Web Management Interface  Web ...
Managing the MAC Address Table     © 2004, Cisco Systems, Inc. All rights reserved.   42
MAC Address TableSwitches• examine the source address of frames that  are received on the ports;• learn the MAC addresses ...
Check Learned MAC Addresses   show mac-address-table command - Privileged EXEC mode   • examines the addresses that a swit...
MAC Address TableSwitches:• dynamically learn and maintain thousands  of MAC addresses;• learned entries may be discarded ...
Check Learned MAC Addresses  Clear mac-address-table command - Privileged EXEC mode  • used to remove dynamically learned ...
Managing the MAC Address Table      © 2004, Cisco Systems, Inc. All rights reserved.   47
Static MAC AddressesStatic MAC address:• permanently assigned to an interface;Reasons for use a Static MAC address:• will ...
Configuring Static MAC Addresses       © 2004, Cisco Systems, Inc. All rights reserved.   49
Configuring Static MAC Addresses       © 2004, Cisco Systems, Inc. All rights reserved.   50
Static MAC Addresses  To configure:  Switch(config)#mac-address-table static <mac-  address of host > interface FastEthern...
Port Security© 2004, Cisco Systems, Inc. All rights reserved.   52
Port Security  Port Security  • It is possible to limit the number of    addresses that can be learned on an    interface;...
Port Security Configuration       © 2004, Cisco Systems, Inc. All rights reserved.   54
Configuring Port SecurityCatalyst 2950 Series wg_sw_2950(config-if)#switchport port-security [mac-address mac-address] | [...
Verifying Port Securityon the Catalyst 2950 Series wg_sw_2950#show port-security [interface interface-id] [address] [ | {b...
Verifying Port Securityon the Catalyst 2950 Series (Cont.)wg_sw_2950#sh port-securitySecure Port MaxSecureAddr CurrentAddr...
Port Security    To configure port security :    Switch(config-if)#switchport port-security    To reverse port security:  ...
Adding and Moving Switches      to the Network   © 2004, Cisco Systems, Inc. All rights reserved.   59
Adding New Switch     Adding New Switch     Must be configured:     • Switch name;     • IP address for the switch in the ...
Adding New Switch      © 2004, Cisco Systems, Inc. All rights reserved.   61
Moving a SwitchHost is moved:• from one port or switch to another;• configurations that can cause unexpected  behavior sho...
Managing Switch Operation  © 2004, Cisco Systems, Inc. All rights reserved.   63
Managing Switch Operation• An administrator should document and  maintain the operational configuration  files for network...
Password Recovery© 2004, Cisco Systems, Inc. All rights reserved.   65
Enable Security       © 2004, Cisco Systems, Inc. All rights reserved.   66
Passwords Passwords • must be set on the console and vty lines-   for security and management purposes; • must be set enab...
Password Recovery (2950)1. Make sure that a PC is connected to the   console port and a HyperTerminal   window is open.2. ...
Password Recovery (2950)3. Type flash_init4. Type load_helper5. Type dir flash:6. rename flash:config.text flash:config.ol...
Password Recovery (2950) 9. Type rename flash:config.old    flash:config.text 10. copy flash:config.text system:running-  ...
Password Recovery (2950)                                                   11.      © 2004, Cisco Systems, Inc. All rights...
Summary     © 2004, Cisco Systems, Inc. All rights reserved.   72
ExercisesLab Activity6.2.1. Lab Activity – Verifying Default Switch Configuration6.2.2. Lab Activity – Basic Switch Config...
Upcoming SlideShare
Loading in …5
×

Switch configuration

3,244 views
3,247 views

Published on

0 Comments
9 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,244
On SlideShare
0
From Embeds
0
Number of Embeds
1,353
Actions
Shares
0
Downloads
0
Comments
0
Likes
9
Embeds 0
No embeds

No notes for slide
  • Layer 2 of 2 Note: When the switch-sticky learns a MAC address on a secured port, the switch will make that MAC address a permanent address.
  • Layer 2 of 2 Emphasize: The default action is “suspend.”
  • Layer 2 of 2 Emphasize: The default action is “suspend.”
  • Switch configuration

    1. 1. Switch Configuration© 2004, Cisco Systems, Inc. All rights reserved. 1
    2. 2. Objectives © 2004, Cisco Systems, Inc. All rights reserved. 2
    3. 3. Starting the SwitchSwitches:• have several ports that hosts can connect to;• have specialized ports for the purpose of management;• can be managed and the configuration can be viewed and changed through the console port ;• typically have no power switch to turn them on and off - simply connect or disconnect from a power source; © 2004, Cisco Systems, Inc. All rights reserved. 3
    4. 4. Catalyst 2950 series Switches Features• Fixed configuration symmetrical switches with all ports being FastEthernet or 10/100;• Asymmetrical switches with two fixed fiber or copper Gigabit Ethernet ports;• Asymmetrical switches with modular Gigabit Interface Converter (GBIC) slots © 2004, Cisco Systems, Inc. All rights reserved. 4
    5. 5. LEDs Light-emitting diodes (LEDs) • help monitor system activity and performance; • on the front of a switch: - System LED - Remote Power Supply (RPS) LED - Port Mode LEDs - Port Status LEDs © 2004, Cisco Systems, Inc. All rights reserved. 5
    6. 6. LEDsSystem LED• shows whether the system is receiving power and functioning correctly;RPS LED• indicates whether or not the remote power supply is in use;Mode LEDs• indicate the current state of the Mode button;• are used to determine how the Port Status LEDs are interpreted;• to select or change the port mode, press the Mode button repeatedly until the Mode LEDs indicate the desired mode.Port Status LEDs• have different meanings, depending on the current value of the Mode LED. © 2004, Cisco Systems, Inc. All rights reserved. 6
    7. 7. Mode LED © 2004, Cisco Systems, Inc. All rights reserved. 7
    8. 8. Verifying Port LEDs During Switch POST Power-On Self Test (POST) • runs automatically to verify that the switch functions correctly; • POST failure is considered to be a fatal error; • should not expect a reliable operation of the switch if POST fails. © 2004, Cisco Systems, Inc. All rights reserved. 8
    9. 9. Verifying Port LEDs During Switch POST Port Status LEDs during POST: turn amber - for about 30 seconds • the switch discovers the network topology and searches for loops; turn green • the switch has established a link between the port and a target, such as a computer; turn off • the switch has determined that nothing is plugged into the port. © 2004, Cisco Systems, Inc. All rights reserved. 9
    10. 10. Connecting Switch to PC © 2004, Cisco Systems, Inc. All rights reserved. 10
    11. 11. Console Connection © 2004, Cisco Systems, Inc. All rights reserved. 11
    12. 12. Console Connection © 2004, Cisco Systems, Inc. All rights reserved. 12
    13. 13. Console Connection Shows information about the switch: • details about POST status; • data about the switch hardware. © 2004, Cisco Systems, Inc. All rights reserved. 13
    14. 14. Switch CLI© 2004, Cisco Systems, Inc. All rights reserved. 14
    15. 15. Command-Line Interface (CLI)Command-line interface (CLI) for Cisco switches:• is very similar to the CLI for Cisco routers. © 2004, Cisco Systems, Inc. All rights reserved. 15
    16. 16. “Help” command © 2004, Cisco Systems, Inc. All rights reserved. 16
    17. 17. Command Modes • User EXEC • Privileged EXEC © 2004, Cisco Systems, Inc. All rights reserved. 17
    18. 18. User EXEC mode User EXEC mode • default mode; • is recognized by its prompt, which ends in a greater-than character (>); • available commands are limited: - to change terminal settings; - to perform basic tests; - to display system information. © 2004, Cisco Systems, Inc. All rights reserved. 18
    19. 19. Privileged EXEC modePrivileged EXEC mode• to enter enable command is used from User EXEC mode;• is recognized by its prompt, which ends in a pound- sign character (#);• the command set includes the configure command: - allows other command modes to be accessed;• should be password protected to prevent unauthorized use;• the password does not appear on the screen, and is case sensitive. © 2004, Cisco Systems, Inc. All rights reserved. 19
    20. 20. Default Running Configuration © 2004, Cisco Systems, Inc. All rights reserved. 20
    21. 21. Default Running Configuration Default Running Configuration • when powered up for the first time, a switch has default data in the running configuration file; • default hostname - Switch; • no passwords are set on the console or virtual terminal (vty) lines; • the switch has no IP address (IP address for management purposes is configured on the virtual interface VLAN 1) © 2004, Cisco Systems, Inc. All rights reserved. 21
    22. 22. Verifying the Catalyst Switch DefaultConfiguration • show running-config • show interface • show vlan • show flash • show version © 2004, Cisco Systems, Inc. All rights reserved. 22
    23. 23. Default Running Configuration © 2004, Cisco Systems, Inc. All rights reserved. 23
    24. 24. Default Port Settings Default Running Configuration • the switch ports or interfaces are set to auto mode; • all switch ports are in VLAN 1; • VLAN 1 is known as the default management VLAN. © 2004, Cisco Systems, Inc. All rights reserved. 24
    25. 25. Default Port Settings © 2004, Cisco Systems, Inc. All rights reserved. 25
    26. 26. Default Port Settings © 2004, Cisco Systems, Inc. All rights reserved. 26
    27. 27. Default Flash Directory Content IOS image file env_vars sub-directory html © 2004, Cisco Systems, Inc. All rights reserved. 27
    28. 28. Default Flash Directory ContentDefault Running Configuration• by default flash directory contains: - IOS image; - file env_vars; - sub-directory html.• flash directory does not contain: - config.text – switch configuration file; - vlan.dat - VLAN database file. © 2004, Cisco Systems, Inc. All rights reserved. 28
    29. 29. IOS Version and Config. Register show version command – used to verify: • IOS version; • configuration register settings. © 2004, Cisco Systems, Inc. All rights reserved. 29
    30. 30. Reset Switch Configuration © 2004, Cisco Systems, Inc. All rights reserved. 30
    31. 31. Reset Switch ConfigurationSteps to overwrite any existing configuration:Erase the back up configuration file: - delete file startup-config• Restart the switch: - use reload command. © 2004, Cisco Systems, Inc. All rights reserved. 31
    32. 32. Reset Switch Configuration © 2004, Cisco Systems, Inc. All rights reserved. 32
    33. 33. Configuring the Switch© 2004, Cisco Systems, Inc. All rights reserved. 33
    34. 34. Hostname and Passwords Configuration © 2004, Cisco Systems, Inc. All rights reserved. 34
    35. 35. IP address and Default Gateway Configuration IP address Configuration: • allows the switch to be accessible by Telnet and other TCP/IP applications © 2004, Cisco Systems, Inc. All rights reserved. 35
    36. 36. VLAN1Management VLAN:• by default, VLAN 1 is the management VLAN;• all internetworking devices should be in the management VLAN;• allows a single management workstation to access, configure, and manage all the internetworking devices. © 2004, Cisco Systems, Inc. All rights reserved. 36
    37. 37. Port Speed and Duplex Settings Configuration © 2004, Cisco Systems, Inc. All rights reserved. 37
    38. 38. Port Speed and Duplex Settings Configuration Fast Ethernet switch ports: •by default set to auto-speed and auto- duplex (allows the interfaces to negotiate these settings); •Network administrators can manually configure the interface speed and duplex values © 2004, Cisco Systems, Inc. All rights reserved. 38
    39. 39. HTTP Service and Port Configuration• Intelligent network devices can provide a web-based interface for configuration and management purposes;• Once a switch is configured with an IP address and gateway, it can be accessed by a web-based interface;HTTP services:• can be access by a web browser using: - IP address; - port 80 - the default port for http.• can be turned on or off, and the port address for the service can be chosen. © 2004, Cisco Systems, Inc. All rights reserved. 39
    40. 40. HTTP Service and Port Configuration © 2004, Cisco Systems, Inc. All rights reserved. 40
    41. 41. Configuring the Catalyst Switch Web Management Interface Web Management Interface © 2004, Cisco Systems, Inc. All rights reserved. 41
    42. 42. Managing the MAC Address Table © 2004, Cisco Systems, Inc. All rights reserved. 42
    43. 43. MAC Address TableSwitches• examine the source address of frames that are received on the ports;• learn the MAC addresses of PCs or workstations that are connected to their switch ports;• record learned MAC addresses in a MAC address table. © 2004, Cisco Systems, Inc. All rights reserved. 43
    44. 44. Check Learned MAC Addresses show mac-address-table command - Privileged EXEC mode • examines the addresses that a switch has learned © 2004, Cisco Systems, Inc. All rights reserved. 44
    45. 45. MAC Address TableSwitches:• dynamically learn and maintain thousands of MAC addresses;• learned entries may be discarded from the MAC address table (to preserve memory and for optimal operation) ;• the MAC address entry is automatically discarded or aged out after 300 seconds (if no frames are seen with a previously learned address). © 2004, Cisco Systems, Inc. All rights reserved. 45
    46. 46. Check Learned MAC Addresses Clear mac-address-table command - Privileged EXEC mode • used to remove dynamically learned MAC addresses; • used to remove static MAC address entries. © 2004, Cisco Systems, Inc. All rights reserved. 46
    47. 47. Managing the MAC Address Table © 2004, Cisco Systems, Inc. All rights reserved. 47
    48. 48. Static MAC AddressesStatic MAC address:• permanently assigned to an interface;Reasons for use a Static MAC address:• will not be aged out automatically by the switch;• a specific server or user workstation must be attached to the port and the MAC address is known;• Security is enhanced. © 2004, Cisco Systems, Inc. All rights reserved. 48
    49. 49. Configuring Static MAC Addresses © 2004, Cisco Systems, Inc. All rights reserved. 49
    50. 50. Configuring Static MAC Addresses © 2004, Cisco Systems, Inc. All rights reserved. 50
    51. 51. Static MAC Addresses To configure: Switch(config)#mac-address-table static <mac- address of host > interface FastEthernet <Ethernet number > vlan <vlan name > To remove: Switch(config)# no mac-address-table static <mac- address of host > interface FastEthernet <Ethernet number > vlan <vlan name > © 2004, Cisco Systems, Inc. All rights reserved. 51
    52. 52. Port Security© 2004, Cisco Systems, Inc. All rights reserved. 52
    53. 53. Port Security Port Security • It is possible to limit the number of addresses that can be learned on an interface; • the number of MAC addresses per port can be limited to 1; • the first address dynamically learned by the switch becomes the secure address. © 2004, Cisco Systems, Inc. All rights reserved. 53
    54. 54. Port Security Configuration © 2004, Cisco Systems, Inc. All rights reserved. 54
    55. 55. Configuring Port SecurityCatalyst 2950 Series wg_sw_2950(config-if)#switchport port-security [mac-address mac-address] | [maximum value] | [violation {protect | restrict | shutdown}]wg_sw_2950(config)#interface fa0/1wg_sw_2950(config-if)#switchport mode accesswg_sw_2950(config-if)#switchport port-securitywg_sw_2950(config-if)#switchport port-security maximum 1wg_sw_2950(config-if)#switchport port-security mac-address 0008.eeee.eeeewg_sw_2950(config-if)#switchport port-security violation shutdown © 2004, Cisco Systems, Inc. All rights reserved. 55
    56. 56. Verifying Port Securityon the Catalyst 2950 Series wg_sw_2950#show port-security [interface interface-id] [address] [ | {begin | exclude | include} expression] wg_sw_2950#show port-security interface fastethernet 0/5 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 20 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address : 0000.0000.0000 Security Violation Count : 0 © 2004, Cisco Systems, Inc. All rights reserved. 56
    57. 57. Verifying Port Securityon the Catalyst 2950 Series (Cont.)wg_sw_2950#sh port-securitySecure Port MaxSecureAddr CurrentAddr SecurityViolationSecurity Action (Count) (Count) (Count)-------------------------------------------------------------------------- Fa0/2 1 1 0Shutdown---------------------------------------------------------------------------Total Addresses in System (excluding one mac per port) : 0Max Addresses limit in System (excluding one mac per port) :1024 © 2004, Cisco Systems, Inc. All rights reserved. 57
    58. 58. Port Security To configure port security : Switch(config-if)#switchport port-security To reverse port security: Switch(config-if)# no switchport port- security To verify port security status: Switch(config)#show port security © 2004, Cisco Systems, Inc. All rights reserved. 58
    59. 59. Adding and Moving Switches to the Network © 2004, Cisco Systems, Inc. All rights reserved. 59
    60. 60. Adding New Switch Adding New Switch Must be configured: • Switch name; • IP address for the switch in the management VLAN; • a default gateway; • Line passwords. © 2004, Cisco Systems, Inc. All rights reserved. 60
    61. 61. Adding New Switch © 2004, Cisco Systems, Inc. All rights reserved. 61
    62. 62. Moving a SwitchHost is moved:• from one port or switch to another;• configurations that can cause unexpected behavior should be removed;• configuration that is required can then be added. © 2004, Cisco Systems, Inc. All rights reserved. 62
    63. 63. Managing Switch Operation © 2004, Cisco Systems, Inc. All rights reserved. 63
    64. 64. Managing Switch Operation• An administrator should document and maintain the operational configuration files for networking devices;• The most recent running-configuration file should be backed up on a server or disk;• The Cisco IOS Software should also be backed up to a local server. The Cisco IOS Software can then be reloaded to Flash memory if needed. © 2004, Cisco Systems, Inc. All rights reserved. 64
    65. 65. Password Recovery© 2004, Cisco Systems, Inc. All rights reserved. 65
    66. 66. Enable Security © 2004, Cisco Systems, Inc. All rights reserved. 66
    67. 67. Passwords Passwords • must be set on the console and vty lines- for security and management purposes; • must be set enable password; • must be set enable secret password. © 2004, Cisco Systems, Inc. All rights reserved. 67
    68. 68. Password Recovery (2950)1. Make sure that a PC is connected to the console port and a HyperTerminal window is open.2. Turn the switch off. Turn it back on while holding down the “MODE” button on the front of the switch at the same time that the switch is powered on. Release the “MODE” button after the STAT LED goes out. © 2004, Cisco Systems, Inc. All rights reserved. 68
    69. 69. Password Recovery (2950)3. Type flash_init4. Type load_helper5. Type dir flash:6. rename flash:config.text flash:config.old7. Type boot8. N at the following prompt to start the Setup program. © 2004, Cisco Systems, Inc. All rights reserved. 69
    70. 70. Password Recovery (2950) 9. Type rename flash:config.old flash:config.text 10. copy flash:config.text system:running- config © 2004, Cisco Systems, Inc. All rights reserved. 70
    71. 71. Password Recovery (2950) 11. © 2004, Cisco Systems, Inc. All rights reserved. 71
    72. 72. Summary © 2004, Cisco Systems, Inc. All rights reserved. 72
    73. 73. ExercisesLab Activity6.2.1. Lab Activity – Verifying Default Switch Configuration6.2.2. Lab Activity – Basic Switch Configuration6.2.3. Lab Activity – Managing the MAC Address Table6.2.4. Lab Activity – Configuring Static MAC Addresses6.2.5. Lab Activity – Configuring Port Security6.2.6. Lab Activity – Add, Move, Change MAC Addresses6.2.7. Lab Activity – Managing Switch Operating System Files6.2.7. Lab Activity – Managing Switch Startup Configuration Files6.2.8. Lab Activity – Password Recovery Procedure on a Catalyst 2900 Series Switch6.2.9. Lab Activity – Firmware Upgrade on a Catalyst 2900 Series Switch © 2004, Cisco Systems, Inc. All rights reserved. 73

    ×