Professional Documents
Culture Documents
Objectives
Monitor switch activity and status using LED indicators Set an IP address and default gateway for the switch to allow connection and management over a network Set interfaces for speed and duplex operation Examine and manage the switch MAC address table Configure port security Manage configuration files and IOS images Perform password recovery on a switch Upgrade the IOS of a switch
Table of Content
1 Starting the Switch 2 Configuring the Switch
- Central processing unit (CPU) - Random access memory (RAM), - An operating system several ports for the purpose of connecting hosts
Alternating Green/Amber Link fault Solid Amber Port is not forwarding becoz it was disabled by management or address violation, or blocked by spanning tree Protocol
If all LEDs are green, the switch is using 50% or more of total bandwidth
Use a rollover cable to connect the console port on the back of the switch to a COM port on the back of the computer Start HyperTerminal on the computer After the switch has booted and completed POST, prompts for the System Configuration dialog are presented
Privileged EXEC mode is also recognized by its ending in a pound-sign character (#).
The Privileged EXEC mode command set includes those commands allowed in User EXEC mode, as well as the configure command. The configure command allows other command modes to be accessed.
1
IP address: 0.0.0.0 CDP: enabled 100baseT port: autonegotiate duplex mode Spanning tree: enabled Console password: none
Show running-config Show interface FastEthernet 0/1 Show vlan Show flash ( or dir flash:) Show version
show running-config
show interface
show vlan
show flash
show version
Catalyst 2900
Delete flash:vlan.dat Erase startup-config reload
Catalyst 1900
Delete nvram
2
switch(config)#hostname ALSwitch ALSwitch(config)#line console 0 ALSwitch(config-line)#login ALSwitch(config-line)#password funny ALSwitch(config-line)#line vty 0 4 ALSwitch(config-line)#login ALSwitch(config-line)#password deadman
2
ALSwitch(config-line)#^Z
Catalyst 2950
wg_sw_2950(config-if)#ip address {ip_address} {mask}
Configures the switch default gateway for the Catalyst 1900 and 2950 switches
Catalyst 2950
wg_sw_2950#show interface vlan 1 Vlan1 is up, line protocol is up Hardware is Cat5k Virtual Ethernet, address is 0010.f6a9.9800 (bia 0010.f6a9.9800) Internet address is 172.16.80.79/24 Broadcast address is 255.255.255.255 . . . wg_sw_2950#
Catalyst 1900
wg_sw_1900(config)#interface e0/1 wg_sw_1900(config-if)#duplex {auto | full | full-flow-control | half}
Catalyst 2950
wg_sw_2950(config)#interface fe0/1 wg_sw_2950(config-if)#duplex {auto | full | half}
Intelligent networking devices can provide a web-based interface for configuration and management purposes ALSwitch(config)#ip http server ALSwitch(config)#ip http port 8080 Any additional software such as an applet, can be downloaded to the browser from the switch
2
Catalyst 1900
Address Dest Interface Type Source Interface List -----------------------------------------------------------------00E0.1E5D.AE2F Ethernet 0/2 Dynamic All 00D0.588F.B604 FastEthernet 0/26 Dynamic All 00E0.1E5D.AE2B FastEthernet 0/26 Dynamic All 0090.273B.87A4 FastEthernet 0/26 Dynamic All 00D0.588F.B600 FastEthernet 0/26 Dynamic All 00D0.5892.38C4 FastEthernet 0/27 Dynamic All
Catalyst 2950
wg_sw_2950#show mac-address-table Dynamic Address Count: 1 Secure Address Count: 0 Static Address (User-defined) Count: 0 System Self Address Count: 25 Total MAC addresses: 26 Maximum MAC addresses: 8192 Non-static Address Table: Destination Address Address Type VLAN Destination Port ------------------- ------------ ---- -------------------0050.0f02.3372 Dynamic 1 FastEthernet0/2
Configuring Static MAC Addresses The reasons for assigning a permanent MAC address to an interface include:
The MAC address will not be aged out automatically by the switch. A specific server or user workstation must be attached to the port and the MAC address is known. Security is enhanced.
wg_sw_1900(config)#mac-address-table restricted static 1111.1111.1111 e0/4 e0/1 wg_sw_1900#show mac-address-table Number of permanent addresses : 1 Number of restricted static addresses : 1 Number of dynamic addresses : 4 Address Dest Interface Type Source Interface List -----------------------------------------------------------------1111.1111.1111 Ethernet 0/4 Static Et0/1 00E0.1E5D.AE2F Ethernet 0/2 Dynamic All 2222.2222.2222 Ethernet 0/3 Permanent All 00D0.588F.B604 FastEthernet 0/26 Dynamic All 00E0.1E5D.AE2B FastEthernet 0/26 Dynamic All 00D0.5892.38C4 FastEthernet 0/27 Dynamic All
wg_sw_2950#mac-address-table secure 0003.3333.3333 fa 0/1 vlan 1 wg_sw_2950#show mac-address-table Dynamic Address Count: 1 Secure Address Count: 1 Static Address (User-defined) Count: 1 System Self Address Count: 25 Total MAC addresses: 28 Maximum MAC addresses: 8192 Non-static Address Table: Destination Address Address Type VLAN Destination Port ------------------- ------------ ---- -------------------0050.0f02.3372 Dynamic 1 FastEthernet0/2 0003.3333.3333 Secure 1 FastEthernet0/1 Static Address Table: Destination Address VLAN ---------------------2222.2222.2222 1 Input Port ---------ALL Output Ports ----------------------Fa0/1
Port security
Anyone can plug in a PC or laptop into one of these outlets. This is a potential entry point to the network by unauthorized users. Switches provide a feature called port security. It is possible to limit the number of addresses that can be learned on an interface. The switch can be configured to take an action if this is exceeded. Secure MAC addresses can be set statically. However, securing MAC addresses statically can be a complex task and prone to error. To verify port security status the command show port security is entered.
The switch supports these types of secure MAC addresses: Static secure MAC Dynamic secure MAC addresses Sticky secure MAC addresses Sticky secure MAC addressesThese are dynamically configured, stored in the address table, and added to the running configuration. If these addresses are saved in the configuration file, when the switch restarts, the interface does not need to dynamically reconfigure them.
3
Switch(config-if)#switchport mode access Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security maximum value Switch(config-if)# switchport port-security mac-address mac-address
2950 Configuration
An administrator should document and maintain the operational configuration files for networking devices. The most recent running-configuration file should be backed up on a server or disk. The IOS should also be backed up to a local server.
Summary
Monitoring switch activity and status using LED indicators Examining the switch bootup output using HyperTerminal Using the help features of the command line interface Setting an IP address and default gateway for the switch to allow connection and management over a network Setting interfaces for speed and duplex operation Examining and managing the switch MAC address table Configuring port security Managing configuration files and IOS images Performing password recovery on a switch Upgrading the IOS of a switch
Q&A