-
Module 2
Switch Configuration
-
2Switch Configuration
z Identify the major components of a Catalyst switchz Monitor
switch activity and status using LED
indicatorsz Examine the switch bootup output using
HyperTerminalz Use the help features of the command line
interfacez List the major switch command modes z Verify the default
settings of a Catalyst switchz Set an IP address and default
gateway for the
switch to allow connection and management over a network
-
3Switch Configuration
z View the switch settings with a Web browserz Set interfaces
for speed and duplex operationz Examine and manage the switch
MAC
address tablez Configure port securityz Manage configuration
files and IOS imagesz Perform password recovery on a switchz
Upgrade the IOS of a switch
-
4Switch Configuration
-
Starting the Switch
-
6Physical startup of the Catalyst switch
z Switches usually have several ports for the purpose of
connecting hosts, as well as specialized ports for the purpose of
management.
z Switches typically have no power switch to turn them on and
off. They simply connect or disconnect from a power source.
-
7Switch LED indications
z The front panel of a switch has several lights to help monitor
system activity and performance. These lights are called
light-emitting diodes (LEDs). The front of the switch has the
following LEDs: System LED Remote Power Supply (RPS)
LED Port Mode LED Port Status LEDs
-
8Switch LED indications
z The System LED: shows whether the system is receiving power
and functioning correctly.
z The RPS LED: indicates whether or not the remote power supply
is in use.
z The Mode LEDs: indicate the current state of the Mode button
used to determine how the Port Status LEDs are interpreted. To
select or change the port mode, press the Mode button repeatedly
until the Mode LEDsindicate the desired mode.
z The Port Status LEDs: meanings depending on the current value
of the Mode LED.
-
9Port LED definitions based on mode LED state
-
10
Verifying port LEDs during switch POST
Once the power cable is connected, the switch initiates a series
of tests called the power-on self test (POST). If the System LED is
green, then POST was successful. If the System LED is amber, then
POST failed. POST failure is considered to be a fatal error.
-
11
Verifying port LEDs during switch POST
z The Port Status LEDs also change during switch POST.
z The Port Status LEDs turn amberfor about 30 seconds as the
switch discovers the network topology and searches for loops.
z If the Port Status LEDs turn green, the switch has established
a link between the port and a target, such as a computer.
z If the Port Status LEDs turn off, the switch has determined
that nothing is plugged into the port.
-
12
Initial bootup output
z The initial bootup output shows information about the switch,
details about POST status, and data about the switch hardware.
z After the switch has booted and completed POST, prompts for
the System Configuration dialog are presented.
-
13
Examining bootloader Output
-
14
Examining help in the Switch CLI
z The command-line interface (CLI) for Cisco switches is very
similar to the CLI for Cisco routers.
z The help command is issued by entering a question mark
(?).
z This form of help is called command syntax help, because it
provides applicable keywords or arguments based on a partial
command.
-
15
Switch command mode
z Switches have several command modesUser EXEC mode Privileged
EXEC mode Global configuration modeInterface modeVlan mode
-
16
Show commands in user EXEC mode
-
17
show running-config
-
18
show interface
-
19
show vlan
-
20
show flash
-
21
show version
-
22
Reset all Switch Configurations & Reload
-
Configuration Switch
-
24
Verifying the Catalyst switch default configuration
z A switch may be given an IP address, for management purposes.
This is configured on the virtual interface, vlan 1.
z By default the switch has no IP address.z The switch ports or
interfaces are set to auto mode
and all switch ports are in VLAN 1. VLAN 1 is known as the
default management VLAN.
-
25
Flash directory content
z The flash directory, by default has a file that contains the
IOS image, a file called env_vars, and a sub-directory called
html.
z After configuring the switch it may contain a config.text file
and a VLAN database.
z The flash directory has no VLAN database file (vlan.dat) and
shows no saved configuration file config.text.
-
26
Switch hostname and passwords
-
27
IP Configuration
To allow the switch to be accessible by Telnet and other TCP/IP
applications, IP addresses and a default gateway should be set. By
default, VLAN 1 is the management VLAN. (more later)In a
switch-based network, all internetworking devices should be in the
management VLAN. This will allow a single management workstation to
access, configure, and manage all the internetworking devices.
-
28
Set port speed and duplex settings
z The Fast Ethernet switch ports default to: auto-speed
auto-duplex.
z This allows the interfaces to negotiate these settings. z When
a network administrator needs to ensure an interface
has particular speed and duplex values, the values can be set
manually.
-
29
http service and port
A web browser can access this service using the IP address and
port 80, the default port for http. The HTTP service can be turned
on or off, and the port address for the service can be chosen.
-
30
Web Interface
z Intelligent networking devices can provide a web-based
interface for configuration and management purposes.
-
31
Managing the MAC address table
z To examine the addresses that a switch has learned, enter the
privileged exec command show mac-addresstable.
z If no frames are seen with a previously learned address, the
MAC address entry is automatically discarded or aged out after 300
seconds
z To delete MAC table use the privileged exec command: clear
mac-address-table dynamic.
-
32
Show mac-address-table
-
33
Configuring static MAC addresses
z The reasons for assigning a permanent MAC address to an
interface include: The MAC address will not be aged out
automatically by the
switch. A specific server or user workstation must be attached
to the
port and the MAC address is known. Security is enhanced.
-
34
Configuration static MAC address
z To set a static MAC address entry for a switch:
Switch(config)#mac-address-table static interface FastEthernet
vlan
z To remove this entry use the no form of the command
z Eg:mac-address-table static 0010.7a60.1884 interface f0/1 vlan
1
-
35
Port security
z Anyone can plug in a PC or laptop into one of these
outlets.
z This is a potential entry point to the network by unauthorized
users.
z Switches provide a feature called port security. z It is
possible to limit the number of addresses that can be
learned on an interface. z The switch can be configured to take
an action if this is
exceeded. Secure MAC addresses can be set statically. z However,
securing MAC addresses statically can be a
complex task and prone to error. z To verify port security
status the command show port
security is entered.
-
36
Configuration port security
-
37
Configuration port securitySwitch(config-if)#switchport mode
accessz Set the interface mode as access; an interface in the
default mode
(dynamic desirable) cannot be configured as a secure
port.Switch(config-if)# switchport port-securityz Enable port
security on the interfaceSwitch(config-if)# switchport
port-security maximum valuez (Optional) Set the maximum number of
secure MAC addresses for the
interface. The range is 1 to 132; the default is
1.Switch(config-if)# switchport port-security mac-address mac-
addressz (Optional) Enter a static secure MAC address for the
interface, repeating
the command as many times as necessary. z You can use this
command to enter the maximum number of secure MAC
addresses. If you configure fewer secure MAC addresses than the
maximum, the remaining MAC addresses are dynamically learned.
z Note If you enable sticky learning after you enter this
command, the secure addresses that were dynamically learned are
converted to sticky secure MAC addresses and are added to the
running configuration.
-
38
2950 Configuration
-
39
Copying IOS from TFTP Server
-
40
Managing Switch operation system file
z An administrator should document and maintain the operational
configuration files for networking devices.
z The most recent running-configuration file should be backed up
on a server or disk.
z The IOS should also be backed up to a local server. The IOS
can then be reloaded to flash memory if needed.
-
41
2950 password recovery
z Turn the switch off. Turn it back on while holding down the
MODE button on the front of the switch at the time that the switch
is power on.
z Release the MODE button after the STAT LED goes out
Switch:flash_init Switch:load_helper Switch:dir flash: Switch:
rename flash:config.text flash:config.old Switch: boot
Switch#rename flash:config.old flash:config.text Switch#copy
flash:config.text system:running-config
z Change console and enable passwordFor other catalyst series,
search for catalyst password recovery on cisco.com)
-
42
Summary
-
Good luck with this module!
Module 2Switch ConfigurationSwitch ConfigurationSwitch
ConfigurationStarting the SwitchPhysical startup of the Catalyst
switchSwitch LED indicationsSwitch LED indicationsPort LED
definitions based on mode LED stateVerifying port LEDs during
switch POSTVerifying port LEDs during switch POSTInitial bootup
outputExamining bootloader OutputExamining help in the Switch
CLISwitch command modeShow commands in user EXEC modeshow
running-configshow interfaceshow vlanshow flashshow versionReset
all Switch Configurations & ReloadConfiguration SwitchVerifying
the Catalyst switch default configurationFlash directory
contentSwitch hostname and passwordsIP ConfigurationSet port speed
and duplex settingshttp service and portWeb InterfaceManaging the
MAC address tableShow mac-address-tableConfiguring static MAC
addressesConfiguration static MAC addressPort securityConfiguration
port securityConfiguration port security2950 ConfigurationCopying
IOS from TFTP ServerManaging Switch operation system file2950
password recoverySummaryGood luck with this module!
