Module 2

Switch Configuration

Switch Configuration
z
z
z
z
z
z
z

Identify the major components of a Catalyst switch

Monitor switch activity and status using LED
indicators
Examine the switch bootup output using
HyperTerminal
Use the help features of the command line interface
List the major switch command modes
Verify the default settings of a Catalyst switch
Set an IP address and default gateway for the
switch to allow connection and management over a
network
2

Switch Configuration
z
z
z
z
z
z
z

View the switch settings with a Web browser

Set interfaces for speed and duplex operation
Examine and manage the switch MAC
address table
Configure port security
Manage configuration files and IOS images
Perform password recovery on a switch
Upgrade the IOS of a switch

Switch Configuration

Starting the Switch

Physical startup of the Catalyst switch

z

Switches usually have several

ports for the purpose of
connecting hosts, as well as
specialized ports for the
purpose of management.
Switches typically have no
power switch to turn them
on and off. They simply
connect or disconnect from a
power source.
6

Switch LED indications

z

The front panel of a switch

has several lights to help
monitor system activity and
performance. These lights
are called light-emitting
diodes (LEDs). The front of
the switch has the following
LEDs:

System LED
Remote Power Supply (RPS)

LED
Port Mode LED
Port Status LEDs

Switch LED indications

z

The System LED: shows whether

the system is receiving power
and functioning correctly.
The RPS LED: indicates whether
or not the remote power supply
is in use.
The Mode LEDs: indicate the
current state of the Mode button
used to determine how the Port
Status LEDs are interpreted. To
select or change the port mode,
press the Mode button
repeatedly until the Mode LEDs
indicate the desired mode.
The Port Status LEDs: meanings
depending on the current value
of the Mode LED.

Port LED definitions based on mode LED state

Verifying port LEDs during switch POST

Once the power cable is connected, the switch initiates a series of tests called the
power-on self test (POST).
If the System LED is green, then POST was successful.
If the System LED is amber, then POST failed. POST failure is considered to be a
fatal error.

10

Verifying port LEDs during switch POST

z
z

The Port Status LEDs also change

during switch POST.
The Port Status LEDs turn amber
for about 30 seconds as the
switch discovers the network
topology and searches for loops.
If the Port Status LEDs turn
green, the switch has established
a link between the port and a
target, such as a computer.
If the Port Status LEDs turn off,
the switch has determined that
nothing is plugged into the port.
11

Initial bootup output

The initial bootup output shows information about the

switch, details about POST status, and data about the
switch hardware.
After the switch has booted and completed POST, prompts
for the System Configuration dialog are presented.

12

Examining bootloader Output

13

Examining help in the Switch CLI

z

The command-line interface (CLI) for Cisco switches

is very similar to the CLI for Cisco routers.
The help command is issued by entering a question
mark (?).
This form of help is called command syntax help,
because it provides applicable keywords or
arguments based on a partial command.

14

Switch command mode

z

Switches have several command modes

User EXEC mode

Privileged EXEC mode
Global configuration mode
Interface mode
Vlan mode

15

Show commands in user EXEC mode

16

show running-config

17

show interface

18

show vlan

19

show flash

20

show version

21

Reset all Switch Configurations & Reload

22

Configuration Switch

Verifying the Catalyst switch default configuration

z

z
z

A switch may be given an IP address, for

management purposes. This is configured on the
virtual interface, vlan 1.
By default the switch has no IP address.
The switch ports or interfaces are set to auto mode
and all switch ports are in VLAN 1. VLAN 1 is
known as the default management VLAN.

24

Flash directory content

z

The flash directory, by default has a file that

contains the IOS image, a file called env_vars, and
a sub-directory called html.
After configuring the switch it may contain a
config.text file and a VLAN database.
The flash directory has no VLAN database file
(vlan.dat) and shows no saved configuration file
config.text.

25

Switch hostname and passwords

26

IP Configuration

To allow the switch to be accessible by Telnet and other

TCP/IP applications, IP addresses and a default gateway
should be set.
By default, VLAN 1 is the management VLAN. (more later)
In a switch-based network, all internetworking devices should
be in the management VLAN.
This will allow a single management workstation to access,
configure, and manage all the internetworking devices.

27

Set port speed and duplex settings

z
z

The Fast Ethernet switch ports default to:

auto-speed
auto-duplex.
This allows the interfaces to negotiate these settings.
When a network administrator needs to ensure an interface
has particular speed and duplex values, the values can be set
manually.

28

http service and port

A web browser can access this service using the IP address and
port 80, the default port for http.
The HTTP service can be turned on or off, and the port address
for the service can be chosen.

29

Web Interface
z

Intelligent networking devices

can provide a web-based
interface for configuration and
management purposes.

30

Managing the MAC address table

z

To examine the addresses that a switch has

learned, enter the privileged exec command
show mac-addresstable.
If no frames are seen with a previously
learned address, the MAC address entry is
automatically discarded or aged out after 300
seconds
To delete MAC table use the privileged exec
command:
clear mac-address-table dynamic.
31

Show mac-address-table

32

Configuring static MAC addresses

The reasons for assigning a permanent MAC address to an interface

include:
The MAC address will not be aged out automatically by the
switch.
A specific server or user workstation must be attached to the
port and the MAC address is known.
Security is enhanced.
33

Configuration static MAC address

z

To set a static MAC address entry for a

switch:

Switch(config)#mac-address-table static <macaddress of host> interface FastEthernet <Ethernet

numer> vlan

To remove this entry use the no form of the

command
Eg:mac-address-table static 0010.7a60.1884
interface f0/1 vlan 1
34

Port security
z
z
z
z
z
z
z

Anyone can plug in a PC or laptop into one of these

outlets.
This is a potential entry point to the network by
unauthorized users.
Switches provide a feature called port security.
It is possible to limit the number of addresses that can be
learned on an interface.
The switch can be configured to take an action if this is
exceeded. Secure MAC addresses can be set statically.
However, securing MAC addresses statically can be a
complex task and prone to error.
To verify port security status the command show port
security is entered.
35

Configuration port security

36

Configuration port security

Switch(config-if)#switchport mode access
z Set the interface mode as access; an interface in the default mode
(dynamic desirable) cannot be configured as a secure port.
Switch(config-if)# switchport port-security
z Enable port security on the interface
Switch(config-if)# switchport port-security maximum value
z (Optional) Set the maximum number of secure MAC addresses for the
interface. The range is 1 to 132; the default is 1.
Switch(config-if)# switchport port-security mac-address mac-

address

z
z

(Optional) Enter a static secure MAC address for the interface, repeating
the command as many times as necessary.
You can use this command to enter the maximum number of secure MAC
addresses. If you configure fewer secure MAC addresses than the
maximum, the remaining MAC addresses are dynamically learned.

Note If you enable sticky learning after you enter this command, the secure
addresses that were dynamically learned are converted to sticky secure MAC
addresses and are added to the running configuration.

37

2950 Configuration

38

Copying IOS from TFTP Server

39

Managing Switch operation system file

z

An administrator should document and

maintain the operational configuration files
for networking devices.
The most recent running-configuration file
should be backed up on a server or disk.
The IOS should also be backed up to a local
server. The IOS can then be reloaded to flash
memory if needed.
40

2950 password recovery

z

Turn the switch off. Turn it back on while holding down the
MODE button on the front of the switch at the time that the
switch is power on.
Release the MODE button after the STAT LED goes out

Switch:flash_init
Switch:load_helper
Switch:dir flash:
Switch: rename flash:config.text flash:config.old
Switch: boot
Switch#rename flash:config.old flash:config.text
Switch#copy flash:config.text system:running-config

Change console and enable password

For other catalyst series, search for catalyst password
recovery on cisco.com)
41

Summary

42

Good luck with this module!