Switch-ийн тохиргоо© 2004, Cisco Systems, Inc. All rights reserved.   1
Starting the Switch Switches: • Хостын холбоход зориулагдсан хэд хэдэн   оролттой • Мөн тусгай зориулалтын оролттой • Тохи...
Catalyst 2950 series Switches Features• Бүх оролт нь тэгш хэмийн  дагуу бэхлэгдсэн.  FastEthernet or 10/100;• Оролт нь тэг...
LEDs-гэрэлүүд Light-emitting diodes (LEDs) • Дэлгэцэн дээр системийн үйл ажиллагаа ба   гүйцэтгэлийг харуулна. • Switch дэ...
Mode LED     © 2004, Cisco Systems, Inc. All rights reserved.   7
Verifying Port LEDs During Switch POST  Power-On Self Test (POST)  •Switch-ийг алдаагүй үүргээ биелүүлж байгааг  шалгах зо...
Verifying Port LEDs During Switch POST Port Status LEDs during POST: turn amber - ойролцоогоор 30 seconds • Switch нь сүлж...
Switch-ээс PC рүү холбох  © 2004, Cisco Systems, Inc. All rights reserved.   10
Console Connection      © 2004, Cisco Systems, Inc. All rights reserved.   11
Console Connection      © 2004, Cisco Systems, Inc. All rights reserved.   12
Console Connection      Shows information about the switch:      • details about POST status;      • data about the switch...
Switch CLI© 2004, Cisco Systems, Inc. All rights reserved.   14
Command-Line Interface (CLI) командынмөрийн интерпайс Command-line interface (CLI) Cisco-ийн  switch-үүд хэрэглэнэ. • энэ ...
“Help” command      © 2004, Cisco Systems, Inc. All rights reserved.   16
Command Modes    • User EXEC (хэрэглэгчийн)    • Privileged EXEC (давуу эрхтэй)      © 2004, Cisco Systems, Inc. All right...
User EXEC mode  User EXEC mode  • Өөрчлөх горим;  • Зөвшөөрөгдсөн командуудын хязгаар:      - Терминалын тохиргоог өөрчлөх...
Privileged EXEC modePrivileged EXEC mode• enable command-ийг өгч хэрэглэчийн EXEC горим  ажиллагаанд бэлэн болно• Үүний да...
Default Running Configuration   © 2004, Cisco Systems, Inc. All rights reserved.   20
Default Running Configuration  Default Running Configuration  • Дөнгөж ажиллуулж эхлэхэд switch нь    ямар нэгэн өгөгдөлгү...
Verifying the Catalyst Switch DefaultConfiguration               • show running-config               • show interface     ...
Default Running Configuration       © 2004, Cisco Systems, Inc. All rights reserved.   23
Default Port Settings Default Running Configuration • Switch-ийн оролтууд эсвэл interface нь   бүгд автомат горимд байна. ...
Default Port Settings       © 2004, Cisco Systems, Inc. All rights reserved.   25
Default Port Settings       © 2004, Cisco Systems, Inc. All rights reserved.   26
Default Flash Directory Content                                                          IOS image                        ...
Default Flash Directory Content Default Running Configuration • by default flash directory агуулна:      - IOS image;     ...
IOS Version and Config. Register       show version command – хэрэглэгч шалгах команд:       • IOS version;       • config...
Configuring the Switch© 2004, Cisco Systems, Inc. All rights reserved.   30
Hostname and Passwords Configuration      © 2004, Cisco Systems, Inc. All rights reserved.   31
IP address and Default Gateway Configuration      IP address Configuration:      • switch нь Telnet ба бусад TCP/IP проток...
VLAN1Management VLAN:• by default, VLAN 1 is the management  VLAN;• Интернетэд холбогдон ажиллаж байгаа  бүх төхөөрөмжүүд ...
Port Speed and Duplex Settings Configuration        © 2004, Cisco Systems, Inc. All rights reserved.   34
Port Speed and Duplex Settings Configuration   Fast Ethernet switch ports:   •by default set to auto-speed and auto-   dup...
HTTP Service and Port Configuration• Intelligent network devices can provide a web-based  interface for configuration and ...
HTTP Service and Port Configuration       © 2004, Cisco Systems, Inc. All rights reserved.   37
Configuring the Catalyst Switch                                                             Web Management Interface  Web ...
Managing the MAC Address Table     © 2004, Cisco Systems, Inc. All rights reserved.   39
MAC Address TableSwitches• examine the source address of frames that  are received on the ports;• learn the MAC addresses ...
Check Learned MAC Addresses   show mac-address-table command - Privileged EXEC mode   • examines the addresses that a swit...
MAC Address TableSwitches:• dynamically learn and maintain thousands  of MAC addresses;• learned entries may be discarded ...
Check Learned MAC Addresses  Clear mac-address-table command - Privileged EXEC mode  • used to remove dynamically learned ...
Managing the MAC Address Table      © 2004, Cisco Systems, Inc. All rights reserved.   44
Static MAC AddressesStatic MAC address:• permanently assigned to an interface;Reasons for use a Static MAC address:• will ...
Configuring Static MAC Addresses      © 2004, Cisco Systems, Inc. All rights reserved.   46
Configuring Static MAC Addresses      © 2004, Cisco Systems, Inc. All rights reserved.   47
Static MAC Addresses  To configure:  Switch(config)#mac-address-table static <mac-  address of host > interface FastEthern...
Port Security© 2004, Cisco Systems, Inc. All rights reserved.   49
Port Security  Port Security  • It is possible to limit the number of    addresses that can be learned on an    interface;...
Port Security Configuration       © 2004, Cisco Systems, Inc. All rights reserved.   51
Configuring Port SecurityCatalyst 2950 Series wg_sw_2950(config-if)#switchport port-security [mac-address mac-address] | [...
Verifying Port Securityon the Catalyst 2950 Series wg_sw_2950#show port-security [interface interface-id] [address] [ | {b...
Verifying Port Securityon the Catalyst 2950 Series (Cont.)wg_sw_2950#sh port-securitySecure Port MaxSecureAddr CurrentAddr...
Port Security    To configure port security :    Switch(config-if)#switchport port-security    To reverse port security:  ...
Adding and Moving Switches      to the Network   © 2004, Cisco Systems, Inc. All rights reserved.   56
Adding New Switch     Adding New Switch     Must be configured:     • Switch name;     • IP address for the switch in the ...
Adding New Switch      © 2004, Cisco Systems, Inc. All rights reserved.   58
Moving a SwitchHost is moved:• from one port or switch to another;• configurations that can cause unexpected  behavior sho...
Upcoming SlideShare
Loading in …5
×

Лекц 8

3,296 views

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,296
On SlideShare
0
From Embeds
0
Number of Embeds
1,294
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Лекц 8

  1. 1. Switch-ийн тохиргоо© 2004, Cisco Systems, Inc. All rights reserved. 1
  2. 2. Starting the Switch Switches: • Хостын холбоход зориулагдсан хэд хэдэн оролттой • Мөн тусгай зориулалтын оролттой • Тохиргоо хийлгэхдээ удирдуулахаас гадна шууд холболтын console port-той • Цахилгаанд залгаагүй тохиолдолд switch нь унтраастай буюу холбогдоогүй байна © 2004, Cisco Systems, Inc. All rights reserved. 3
  3. 3. Catalyst 2950 series Switches Features• Бүх оролт нь тэгш хэмийн дагуу бэхлэгдсэн. FastEthernet or 10/100;• Оролт нь тэгш бус. Шилэн кабелийн 2 эсвэл Gigabit Ethernet-ийн зэс оролттой.• Оролт нь тэгш бус. Модулийн Gigabit Interface Converter (GBIC) суурьтай. © 2004, Cisco Systems, Inc. All rights reserved. 4
  4. 4. LEDs-гэрэлүүд Light-emitting diodes (LEDs) • Дэлгэцэн дээр системийн үйл ажиллагаа ба гүйцэтгэлийг харуулна. • Switch дээр байрлах гэрлүүд: - System LED - Remote Power Supply (RPS) LED - Port Mode LEDs - Port Status LEDs © 2004, Cisco Systems, Inc. All rights reserved. 5
  5. 5. Mode LED © 2004, Cisco Systems, Inc. All rights reserved. 7
  6. 6. Verifying Port LEDs During Switch POST Power-On Self Test (POST) •Switch-ийг алдаагүй үүргээ биелүүлж байгааг шалгах зорилгоор автоматаар ажиллаж эхлэнэ. © 2004, Cisco Systems, Inc. All rights reserved. 8
  7. 7. Verifying Port LEDs During Switch POST Port Status LEDs during POST: turn amber - ойролцоогоор 30 seconds • Switch нь сүлжээний топологи ба зангилааг хайж олно. turn green • switch нь компьютер ба оролт нь зөв холбогдсон тохиолдолд turn off • switch-ийн оролтод ямарч холболт байхгүй тохиолдолд © 2004, Cisco Systems, Inc. All rights reserved. 9
  8. 8. Switch-ээс PC рүү холбох © 2004, Cisco Systems, Inc. All rights reserved. 10
  9. 9. Console Connection © 2004, Cisco Systems, Inc. All rights reserved. 11
  10. 10. Console Connection © 2004, Cisco Systems, Inc. All rights reserved. 12
  11. 11. Console Connection Shows information about the switch: • details about POST status; • data about the switch hardware. © 2004, Cisco Systems, Inc. All rights reserved. 13
  12. 12. Switch CLI© 2004, Cisco Systems, Inc. All rights reserved. 14
  13. 13. Command-Line Interface (CLI) командынмөрийн интерпайс Command-line interface (CLI) Cisco-ийн switch-үүд хэрэглэнэ. • энэ CLI дээр командууд нь Cisco-ийн router-үүд дээр хийгдэх командтай их адилхан. © 2004, Cisco Systems, Inc. All rights reserved. 15
  14. 14. “Help” command © 2004, Cisco Systems, Inc. All rights reserved. 16
  15. 15. Command Modes • User EXEC (хэрэглэгчийн) • Privileged EXEC (давуу эрхтэй) © 2004, Cisco Systems, Inc. All rights reserved. 17
  16. 16. User EXEC mode User EXEC mode • Өөрчлөх горим; • Зөвшөөрөгдсөн командуудын хязгаар: - Терминалын тохиргоог өөрчлөх; - үндсэн текстийг гүйцэтгэх; - дэлгэцэн дээр системийн мэдээллийг гаргах. © 2004, Cisco Systems, Inc. All rights reserved. 18
  17. 17. Privileged EXEC modePrivileged EXEC mode• enable command-ийг өгч хэрэглэчийн EXEC горим ажиллагаанд бэлэн болно• Үүний дараа нэрийн ард (#) тэмдэглэгээтэй болно• Командуудын хэрэглээ нээлттэй болно.• Зөвшөөрөлгүй хэрэглэгчийн хандалтаас сэргийлж нууц үг хийж хамгаалж болно.• нууц үг нь дэлгэц нь дээр харагдахгүй © 2004, Cisco Systems, Inc. All rights reserved. 19
  18. 18. Default Running Configuration © 2004, Cisco Systems, Inc. All rights reserved. 20
  19. 19. Default Running Configuration Default Running Configuration • Дөнгөж ажиллуулж эхлэхэд switch нь ямар нэгэн өгөгдөлгүй тохиргоо хийхэд бэлэн байна. • Switch-ийн нэрийг өөрчлөх боломжтой. • Ямар ч нууц үггүй байх ба нууц үгийг цогцоор нь хийж болно. Console эсвэл virtual terminal (vty) lines • Switch нь IP address хаяггүй. (IP address for management purposes is configured on the virtual interface VLAN 1) © 2004, Cisco Systems, Inc. All rights reserved. 21
  20. 20. Verifying the Catalyst Switch DefaultConfiguration • show running-config • show interface • show vlan • show flash • show version © 2004, Cisco Systems, Inc. All rights reserved. 22
  21. 21. Default Running Configuration © 2004, Cisco Systems, Inc. All rights reserved. 23
  22. 22. Default Port Settings Default Running Configuration • Switch-ийн оролтууд эсвэл interface нь бүгд автомат горимд байна. • Switch-ийн бүх оролтууд нь VLAN 1 байна. • VLAN 1 нь VLAN менежемент © 2004, Cisco Systems, Inc. All rights reserved. 24
  23. 23. Default Port Settings © 2004, Cisco Systems, Inc. All rights reserved. 25
  24. 24. Default Port Settings © 2004, Cisco Systems, Inc. All rights reserved. 26
  25. 25. Default Flash Directory Content IOS image file env_vars sub-directory html © 2004, Cisco Systems, Inc. All rights reserved. 27
  26. 26. Default Flash Directory Content Default Running Configuration • by default flash directory агуулна: - IOS image; - file env_vars; - sub-directory html. • flash directory агуулахгүй: - config.text – switch configuration file; - vlan.dat - VLAN database file. © 2004, Cisco Systems, Inc. All rights reserved. 28
  27. 27. IOS Version and Config. Register show version command – хэрэглэгч шалгах команд: • IOS version; • configuration register settings. © 2004, Cisco Systems, Inc. All rights reserved. 29
  28. 28. Configuring the Switch© 2004, Cisco Systems, Inc. All rights reserved. 30
  29. 29. Hostname and Passwords Configuration © 2004, Cisco Systems, Inc. All rights reserved. 31
  30. 30. IP address and Default Gateway Configuration IP address Configuration: • switch нь Telnet ба бусад TCP/IP протоколуудыг ашиглахыг зөвшөөрдөг ба хэрэглэхэд дөхөм байдаг. © 2004, Cisco Systems, Inc. All rights reserved. 32
  31. 31. VLAN1Management VLAN:• by default, VLAN 1 is the management VLAN;• Интернетэд холбогдон ажиллаж байгаа бүх төхөөрөмжүүд нь менежемент VLAN-тай байна.• Менежементтай workstation нь бусад төхөөрөмжүүдрүү хандах, тохиргоо хийх, эзэмших эрхтэй. © 2004, Cisco Systems, Inc. All rights reserved. 33
  32. 32. Port Speed and Duplex Settings Configuration © 2004, Cisco Systems, Inc. All rights reserved. 34
  33. 33. Port Speed and Duplex Settings Configuration Fast Ethernet switch ports: •by default set to auto-speed and auto- duplex (allows the interfaces to negotiate these settings); •Network administrators can manually configure the interface speed and duplex values © 2004, Cisco Systems, Inc. All rights reserved. 35
  34. 34. HTTP Service and Port Configuration• Intelligent network devices can provide a web-based interface for configuration and management purposes;• Once a switch is configured with an IP address and gateway, it can be accessed by a web-based interface;HTTP services:• can be access by a web browser using: - IP address; - port 80 - the default port for http.• can be turned on or off, and the port address for the service can be chosen. © 2004, Cisco Systems, Inc. All rights reserved. 36
  35. 35. HTTP Service and Port Configuration © 2004, Cisco Systems, Inc. All rights reserved. 37
  36. 36. Configuring the Catalyst Switch Web Management Interface Web Management Interface © 2004, Cisco Systems, Inc. All rights reserved. 38
  37. 37. Managing the MAC Address Table © 2004, Cisco Systems, Inc. All rights reserved. 39
  38. 38. MAC Address TableSwitches• examine the source address of frames that are received on the ports;• learn the MAC addresses of PCs or workstations that are connected to their switch ports;• record learned MAC addresses in a MAC address table. © 2004, Cisco Systems, Inc. All rights reserved. 40
  39. 39. Check Learned MAC Addresses show mac-address-table command - Privileged EXEC mode • examines the addresses that a switch has learned © 2004, Cisco Systems, Inc. All rights reserved. 41
  40. 40. MAC Address TableSwitches:• dynamically learn and maintain thousands of MAC addresses;• learned entries may be discarded from the MAC address table (to preserve memory and for optimal operation) ;• the MAC address entry is automatically discarded or aged out after 300 seconds (if no frames are seen with a previously learned address). © 2004, Cisco Systems, Inc. All rights reserved. 42
  41. 41. Check Learned MAC Addresses Clear mac-address-table command - Privileged EXEC mode • used to remove dynamically learned MAC addresses; • used to remove static MAC address entries. © 2004, Cisco Systems, Inc. All rights reserved. 43
  42. 42. Managing the MAC Address Table © 2004, Cisco Systems, Inc. All rights reserved. 44
  43. 43. Static MAC AddressesStatic MAC address:• permanently assigned to an interface;Reasons for use a Static MAC address:• will not be aged out automatically by the switch;• a specific server or user workstation must be attached to the port and the MAC address is known;• Security is enhanced. © 2004, Cisco Systems, Inc. All rights reserved. 45
  44. 44. Configuring Static MAC Addresses © 2004, Cisco Systems, Inc. All rights reserved. 46
  45. 45. Configuring Static MAC Addresses © 2004, Cisco Systems, Inc. All rights reserved. 47
  46. 46. Static MAC Addresses To configure: Switch(config)#mac-address-table static <mac- address of host > interface FastEthernet <Ethernet number > vlan <vlan name > To remove: Switch(config)# no mac-address-table static <mac- address of host > interface FastEthernet <Ethernet number > vlan <vlan name > © 2004, Cisco Systems, Inc. All rights reserved. 48
  47. 47. Port Security© 2004, Cisco Systems, Inc. All rights reserved. 49
  48. 48. Port Security Port Security • It is possible to limit the number of addresses that can be learned on an interface; • the number of MAC addresses per port can be limited to 1; • the first address dynamically learned by the switch becomes the secure address. © 2004, Cisco Systems, Inc. All rights reserved. 50
  49. 49. Port Security Configuration © 2004, Cisco Systems, Inc. All rights reserved. 51
  50. 50. Configuring Port SecurityCatalyst 2950 Series wg_sw_2950(config-if)#switchport port-security [mac-address mac-address] | [maximum value] | [violation {protect |restrict | shutdown}]wg_sw_2950(config)#interface fa0/1wg_sw_2950(config-if)#switchport mode accesswg_sw_2950(config-if)#switchport port-securitywg_sw_2950(config-if)#switchport port-security maximum 1wg_sw_2950(config-if)#switchport port-security mac-address 0008.eeee.eeeewg_sw_2950(config-if)#switchport port-security violation shutdown © 2004, Cisco Systems, Inc. All rights reserved. 52
  51. 51. Verifying Port Securityon the Catalyst 2950 Series wg_sw_2950#show port-security [interface interface-id] [address] [ | {begin | exclude | include} expression] wg_sw_2950#show port-security interface fastethernet 0/5 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 20 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address : 0000.0000.0000 Security Violation Count : 0 © 2004, Cisco Systems, Inc. All rights reserved. 53
  52. 52. Verifying Port Securityon the Catalyst 2950 Series (Cont.)wg_sw_2950#sh port-securitySecure Port MaxSecureAddr CurrentAddr SecurityViolationSecurity Action (Count) (Count) (Count)-------------------------------------------------------------------------- Fa0/2 1 1 0Shutdown---------------------------------------------------------------------------Total Addresses in System (excluding one mac per port) : 0Max Addresses limit in System (excluding one mac per port) :1024 © 2004, Cisco Systems, Inc. All rights reserved. 54
  53. 53. Port Security To configure port security : Switch(config-if)#switchport port-security To reverse port security: Switch(config-if)# no switchport port-security To verify port security status: Switch(config)#show port security © 2004, Cisco Systems, Inc. All rights reserved. 55
  54. 54. Adding and Moving Switches to the Network © 2004, Cisco Systems, Inc. All rights reserved. 56
  55. 55. Adding New Switch Adding New Switch Must be configured: • Switch name; • IP address for the switch in the management VLAN; • a default gateway; • Line passwords. © 2004, Cisco Systems, Inc. All rights reserved. 57
  56. 56. Adding New Switch © 2004, Cisco Systems, Inc. All rights reserved. 58
  57. 57. Moving a SwitchHost is moved:• from one port or switch to another;• configurations that can cause unexpected behavior should be removed;• configuration that is required can then be added. © 2004, Cisco Systems, Inc. All rights reserved. 59

×