Chapter 14 - Sw Conf

1,313 views

Published on

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,313
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
57
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • A switch may already be preconfigured and only passwords may need to be entered for the user EXEC, enable, or privileged EXEC modes. Switch configuration mode is entered from privileged EXEC mode. In the CLI, the default privileged EXEC mode is Switch#. In User EXEC mode the prompt will be Switch>. The following steps will ensure that a new configuration will completely overwrite any existing configuration: Remove any existing VLAN information by deleting the VLAN database file vlan.dat from the flash directory Erase the back up configuration file startup-config Reload the switch
  • Security, documentation, and management are important for every internetworking device. A switch should be given a hostname, and passwords should be set on the console and vty lines.
  • To allow the switch to be accessible by Telnet and other TCP/IP applications, IP addresses and a default gateway should be set. By default, VLAN 1 is the management VLAN. In a switch-based network, all internetworking devices should be in the management VLAN. This will allow a single management workstation to access, configure, and manage all the internetworking devices.
  • The Fast Ethernet switch ports default to auto-speed and auto-duplex. This allows the interfaces to negotiate these settings. When a network administrator needs to ensure an interface has particular speed and duplex values, the values can be set manually
  • Intelligent networking devices can provide a web-based interface for configuration and management purposes. Once a switch is configured with an IP address and gateway, it can be accessed in this way. A web browser can access this service using the IP address and port 80, the default port for http. The HTTP service can be turned on or off, and the port address for the service can be chosen. Any additional software such as an applet, can be downloaded to the browser from the switch. Also, the network devices can be managed by a browser based graphical user interface (GUI). 
  • Chapter 14 - Sw Conf

    1. 1. SWITCH CONFIGURATION TS, PHẠM VĂN TÍNH <ul><li>Switching Basics and Intermediate Routing </li></ul>
    2. 2. <ul><li>Objective </li></ul><ul><li>Monitor switch activity and status using LED indicators </li></ul><ul><li>Examine the switch bootup output using HyperTerminal </li></ul><ul><li>Use the help features of the command line interface </li></ul><ul><li>List the major switch command modes </li></ul><ul><li>Verify the default settings of a Catalyst switch </li></ul><ul><li>Set an IP address and default gateway for the switch to allow connection and management over a network </li></ul><ul><li>View the switch settings with a Web browser </li></ul><ul><li>Set interfaces for speed and duplex operation </li></ul><ul><li>Examine and manage the switch MAC address table </li></ul><ul><li>Configure port security </li></ul>
    3. 3. <ul><li>Switch LED indicators </li></ul><ul><li>The System LED shows whether the system is receiving power and functioning correctly. </li></ul><ul><li>The Mode LEDs indicate the current state of the Mode button. </li></ul><ul><li>The Port Status LEDs have different meanings, depending on the current value of the Mode LED </li></ul>
    4. 4. <ul><li>Verifying port LEDs during switch POST </li></ul>
    5. 5. <ul><li>Connecting the Switch to Computer </li></ul>
    6. 6. <ul><li>Show Commands in User EXEC Mode </li></ul>
    7. 7. <ul><li>Verifying the Catalyst switch default configuration </li></ul><ul><li>Hostname is Switch.  No passwords are set on the console or virtual terminal (vty) lines. </li></ul><ul><li>Has no IP address. </li></ul><ul><li>The switch ports or interfaces are set to auto mode. </li></ul><ul><li>All switch ports are in VLAN 1, management VLAN. </li></ul><ul><li>The flash directory by default, has a file that contains the IOS image, a file called env_vars, and a sub-directory called html. </li></ul><ul><li>After configuring the switch, it may contain a config.text file, and a VLAN database. </li></ul><ul><li>Has one broadcast domain </li></ul><ul><li>The Spanning-Tree Protocol is also enabled </li></ul>
    8. 8. <ul><li>Configuring The Catalyst Switch </li></ul><ul><li>Note </li></ul><ul><ul><li>Remove any existing VLAN information by deleting the VLAN database file vlan.dat from the flash directory </li></ul></ul><ul><ul><li>Erase the back up configuration file startup-config </li></ul></ul><ul><ul><li>Reload the switch </li></ul></ul><ul><li>Catalyst 2900 </li></ul><ul><ul><li>Delete flash:vlan.dat </li></ul></ul><ul><ul><li>Erase startup-config </li></ul></ul><ul><ul><li>reload </li></ul></ul><ul><li>Catalyst 1900 </li></ul><ul><ul><li>Delete nvram </li></ul></ul>
    9. 9. <ul><li>Configuring The Catalyst Switch (cont) </li></ul><ul><li>A switch should be given a hostname, and passwords should be set on the console and vty lines </li></ul><ul><li>switch(config)#hostname ALSwitch </li></ul><ul><li>ALSwitch(config)#line console 0 </li></ul><ul><li>ALSwitch(config-line)#login </li></ul><ul><li>ALSwitch(config-line)#password funny </li></ul><ul><li>ALSwitch(config-line)#line vty 0 4 </li></ul><ul><li>ALSwitch(config-line)#login </li></ul><ul><li>ALSwitch(config-line)#password deadman </li></ul><ul><li>ALSwitch(config-line)#^Z </li></ul>
    10. 10. <ul><li>Configuring The Catalyst Switch (cont) </li></ul><ul><li>To allow the switch to be accessible by Telnet and other TCP/IP applications, IP addresses and a default gateway should be set </li></ul><ul><li>Catalyst 29XX: </li></ul><ul><li>ALSwitch(config)#interface vlan 1 </li></ul><ul><li>ALSwitch(config-if)#ip address 192.168.20.254 255.255.255.0 </li></ul><ul><li>ALSwitch(config)#ip default-gateway 192.168.20.1 </li></ul><ul><li>Catalyst 1900: </li></ul><ul><li>ALSwitch(config)#ip address 192.168.20.254 255.255.255.0 </li></ul><ul><li>ALSwitch(config)#ip default-gateway 192.168.20.1 </li></ul>
    11. 11. <ul><li>Configuring The Catalyst Switch (cont) </li></ul><ul><li>The Fast Ethernet switch ports default to auto-speed and auto-duplex </li></ul><ul><li>ALSwitch(config)#interface f0/1 </li></ul><ul><li>ALSwitch(config-if)#duplex full </li></ul><ul><li>ALSwitch(config-if)#speed 100 </li></ul>
    12. 12. <ul><li>Configuring The Catalyst Switch (cont) </li></ul><ul><li>Intelligent networking devices can provide a web-based interface for configuration and management purposes </li></ul><ul><li>ALSwitch(config)#ip http server </li></ul><ul><li>ALSwitch(config)#ip http port 8080 </li></ul><ul><li>Any additional software such as an applet, can be downloaded to the browser from the switch </li></ul>
    13. 13. <ul><li>Managing the MAC address table </li></ul><ul><li>These learned MAC addresses are then recorded in a MAC address table. Frames having a destination MAC address that has been recorded in the table can be switched out to the correct interface. </li></ul><ul><li>To examine the addresses that a switch has learned, enter the privileged EXEC command: show mac-address–table . </li></ul><ul><li>To clear the addresses that a switch has learned, enter the privileged EXEC command: clear mac-address–table . </li></ul>
    14. 14. <ul><li>Configuring static MAC addresses </li></ul><ul><li>The MAC address will not be aged out automatically by the switch. </li></ul><ul><li>A specific server or user workstation must be attached to the port and the MAC address is known. </li></ul><ul><li>Security is enhanced. </li></ul><ul><li>To set a static MAC address entry for a switch: </li></ul><ul><li>Switch(config)# mac-address-table static < mac-address of host > interface FastEthernet < Ethernet numer > vlan_name </li></ul><ul><li>To remove this entry use the no form of the command: </li></ul><ul><li>Switch(config)# no mac-address-table static < mac-address of host > interface FastEthernet < Ethernet number > vlan name </li></ul>
    15. 15. <ul><li>Configuring static MAC addresses </li></ul>
    16. 16. <ul><li>Configuring port security </li></ul><ul><li>Switches provide a feature called port security. It is possible to limit the number of addresses that can be learned on an interface. The switch can be configured to take an action if this is exceeded. </li></ul><ul><li>The number of MAC address per port can be limited to 1. The first address dynamically learned by the switch becomes the secure address. </li></ul><ul><li>To reverse port security on an interface use the no form of the command. </li></ul><ul><li>To verify port security status the command show port security is entered. </li></ul>
    17. 17. <ul><li>Configuring port security </li></ul><ul><li>Choose a interface access mode </li></ul><ul><li>Activate a port security </li></ul><ul><li>Determine number of secure addresses </li></ul><ul><li>Choose a security violation mode </li></ul><ul><li>Determine sercure addresses </li></ul>
    18. 18. <ul><li>Configuring port security </li></ul><ul><li>Switch(config-if)#switchport mode access </li></ul><ul><li>Switch(config-if)#switchport port-security </li></ul><ul><li>Switch(config-if)#switchport port-security maximum 2 </li></ul><ul><li>Switch(config-if)#switchport port-security violation shutdown </li></ul><ul><li>Switch(config-if)#switchport port-security mac-address 0000.0CDA.09A0 </li></ul><ul><li>Switch(config-if)#switchport port-security mac-address sticky </li></ul>
    19. 19. <ul><li>Adding a New Switch </li></ul>
    20. 20. <ul><li>Adding, Moving a Host </li></ul>

    ×