You are on page 1of 46

CCNA Semester 3 Chapter 05 SWITCHING CONFIGURATION

Objectives
Monitor switch activity and status using LED indicators Set an IP address and default gateway for the switch to allow connection and management over a network Set interfaces for speed and duplex operation Examine and manage the switch MAC address table Configure port security Manage configuration files and IOS images Perform password recovery on a switch Upgrade the IOS of a switch

Table of Content
1 Starting the Switch 2 Configuring the Switch

STARTING THE SWITCH

Physical startup of the Catalyst switch

- Central processing unit (CPU) - Random access memory (RAM), - An operating system several ports for the purpose of connecting hosts

Switch LED Indicators: STAT


Off Solid Green Flashing Green No link Link operational Port is sending or receiving data

Alternating Green/Amber Link fault Solid Amber Port is not forwarding becoz it was disabled by management or address violation, or blocked by spanning tree Protocol

Switch LED Indicators: UTL


Off - Each LED that is off indicates a reduction by half of the total bandwidth. - LED are turned off from right to left. - If the right-most LED is off, then the switch is using less than 50% of total bandwidth. -If the two right-most LEDs are off, the switch is using less than 25% of total bandwidth Green
7

If all LEDs are green, the switch is using 50% or more of total bandwidth

Switch LED Indicators: FDUP,100


FDUP Off Port is operating in half-duplex

Green 100 Off Green

Port is operating in full-duplex Port is operating at 10Mbps Port is operating at 100Mbps

Verifying Port Leds During Switch POST


If the System LED is off but the switch is plugged in, then POST is running. If the System LED is green, then POST was successful. If the System LED is amber, then POST failed. POST failure is considered to be a fatal error. The Port Status LEDs turn amber for about 30 seconds as the switch discovers the network topology and searches for loops. If the Port Status LEDs turn green, the switch has established a link between the port and a target

Viewing Initial Bootup Output From The Switch

Use a rollover cable to connect the console port on the back of the switch to a COM port on the back of the computer Start HyperTerminal on the computer After the switch has booted and completed POST, prompts for the System Configuration dialog are presented

Examining Help In The Switch CLI


Switch>? Exec commands: access-enable Create a temporary Access-List entry clear Reset functions connect Open a terminal connection disable Turn off privileged commands disconnect Disconnect an existing network connection enable Turn on privileged commands exit Exit from the EXEC help Description of the interactive help system lock Lock the terminal login Log in as a particular user logout Exit from the EXEC name-connection Name an existing network connection ping Send echo messages rcommand Run command on remote switch --More-1

Switch Command Modes


The User EXEC mode is recognized by its ending in a greater-than character (>).
The commands available in User EXEC mode are limited to those that change terminal settings, perform basic tests, and display system information.

Privileged EXEC mode is also recognized by its ending in a pound-sign character (#).
The Privileged EXEC mode command set includes those commands allowed in User EXEC mode, as well as the configure command. The configure command allows other command modes to be accessed.
1

CONFIGURING THE SWITCH

Catalyst 1900 and 2950 Default Configuration

IP address: 0.0.0.0 CDP: enabled 100baseT port: autonegotiate duplex mode Spanning tree: enabled Console password: none

Verifying The Catalyst Switch Default Configuration

Show running-config Show interface FastEthernet 0/1 Show vlan Show flash ( or dir flash:) Show version

show running-config

show interface

show vlan

show flash

show version

Configuring The Catalyst Switch


Note
Remove any existing VLAN information by deleting the VLAN database file vlan.dat from the flash directory Erase the back up configuration file startup-config Reload the switch

Catalyst 2900
Delete flash:vlan.dat Erase startup-config reload

Catalyst 1900
Delete nvram
2

Configuring The Catalyst Switch (cont)


A switch should be given a hostname, and passwords should be set on the console and vty lines

switch(config)#hostname ALSwitch ALSwitch(config)#line console 0 ALSwitch(config-line)#login ALSwitch(config-line)#password funny ALSwitch(config-line)#line vty 0 4 ALSwitch(config-line)#login ALSwitch(config-line)#password deadman
2

ALSwitch(config-line)#^Z

Configuring the Switch IP Address


Catalyst 1900
wg_sw_1900(config)#ip address {ip_address} {mask} Configures an IP address and subnet mask on the switch
wg_sw_1900(config)#ip address 10.5.5.11 255.255.255.0

Catalyst 2950
wg_sw_2950(config-if)#ip address {ip_address} {mask}

wg_sw_2950(config)#interface vlan 1 wg_sw_2950(config-if)#ip address 10.5.5.11 255.255.255.0

Configuring the Switch Default Gateway

wg_sw_a(config)# ip default-gateway {ip address}

Configures the switch default gateway for the Catalyst 1900 and 2950 switches

wg_sw_a(config)#ip default-gateway 10.5.5.3

Showing the Switch IP Address


Catalyst 1900
wg_sw_1900#show ip IP address: 10.5.5.11 Subnet mask: 255.255.255.0 Default gateway: 10.5.5.3 Management VLAN: 1 wg_sw_a#

Catalyst 2950
wg_sw_2950#show interface vlan 1 Vlan1 is up, line protocol is up Hardware is Cat5k Virtual Ethernet, address is 0010.f6a9.9800 (bia 0010.f6a9.9800) Internet address is 172.16.80.79/24 Broadcast address is 255.255.255.255 . . . wg_sw_2950#

Setting Duplex Options

Catalyst 1900
wg_sw_1900(config)#interface e0/1 wg_sw_1900(config-if)#duplex {auto | full | full-flow-control | half}

Catalyst 2950
wg_sw_2950(config)#interface fe0/1 wg_sw_2950(config-if)#duplex {auto | full | half}

Showing Duplex Options


Switch#show interfaces fastethernet0/3 FastEthernet0/3 is up, line protocol is down Hardware is Fast Ethernet, address is 0000.0000.0003 (bia 0000.0000.0003) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Half-duplex, 10Mb/s input flow-control is off, output flow-control is off ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output never, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 input packets with dribble condition detected 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out

Configuring The Catalyst Switch (cont)

Intelligent networking devices can provide a web-based interface for configuration and management purposes ALSwitch(config)#ip http server ALSwitch(config)#ip http port 8080 Any additional software such as an applet, can be downloaded to the browser from the switch
2

The GUI Interface

Managing the MAC Address Table


wg_sw_1900#show mac-address-table Number of permanent addresses : 0 Number of restricted static addresses : 0 Number of dynamic addresses : 6

Catalyst 1900

Address Dest Interface Type Source Interface List -----------------------------------------------------------------00E0.1E5D.AE2F Ethernet 0/2 Dynamic All 00D0.588F.B604 FastEthernet 0/26 Dynamic All 00E0.1E5D.AE2B FastEthernet 0/26 Dynamic All 0090.273B.87A4 FastEthernet 0/26 Dynamic All 00D0.588F.B600 FastEthernet 0/26 Dynamic All 00D0.5892.38C4 FastEthernet 0/27 Dynamic All

Catalyst 2950

wg_sw_2950#show mac-address-table Dynamic Address Count: 1 Secure Address Count: 0 Static Address (User-defined) Count: 0 System Self Address Count: 25 Total MAC addresses: 26 Maximum MAC addresses: 8192 Non-static Address Table: Destination Address Address Type VLAN Destination Port ------------------- ------------ ---- -------------------0050.0f02.3372 Dynamic 1 FastEthernet0/2

Configuring Static MAC Addresses The reasons for assigning a permanent MAC address to an interface include:
The MAC address will not be aged out automatically by the switch. A specific server or user workstation must be attached to the port and the MAC address is known. Security is enhanced.

Setting a Static MAC Address


Catalyst 1900 and 2950
wg_sw_1900(config)#mac-address-table permanent {mac-address type module/port}
wg_sw_1900(config)#mac-address-table permanent 2222.2222.2222 ethernet 0/3 wg_sw_1900#show mac-address-table Number of permanent addresses : 1 Number of restricted static addresses : 0 Number of dynamic addresses : 4 Address Dest Interface Type Source Interface List -----------------------------------------------------------------00E0.1E5D.AE2F Ethernet 0/2 Dynamic All 2222.2222.2222 Ethernet 0/3 Permanent All 00D0.588F.B604 FastEthernet 0/26 Dynamic All 00E0.1E5D.AE2B FastEthernet 0/26 Dynamic All 00D0.5892.38C4 FastEthernet 0/27 Dynamic All

Catalyst 2950 only


wg_sw_2950(config)#mac-address-table secure mac_addr {vlan vlan_id} [interface int1 [int2 ... int15]]
3

Setting a Restricted Static MAC Address on the Cat 1900


wg_sw_1900(config)#mac-address-table restricted static {mac-address type module/port src-if-list}

wg_sw_1900(config)#mac-address-table restricted static 1111.1111.1111 e0/4 e0/1 wg_sw_1900#show mac-address-table Number of permanent addresses : 1 Number of restricted static addresses : 1 Number of dynamic addresses : 4 Address Dest Interface Type Source Interface List -----------------------------------------------------------------1111.1111.1111 Ethernet 0/4 Static Et0/1 00E0.1E5D.AE2F Ethernet 0/2 Dynamic All 2222.2222.2222 Ethernet 0/3 Permanent All 00D0.588F.B604 FastEthernet 0/26 Dynamic All 00E0.1E5D.AE2B FastEthernet 0/26 Dynamic All 00D0.5892.38C4 FastEthernet 0/27 Dynamic All

Setting a Restricted Static MAC Address on the Cat 2950


wg_sw_2950(config)#mac-address-table secure hw-addr interface [vlan vlan-id]

wg_sw_2950#mac-address-table secure 0003.3333.3333 fa 0/1 vlan 1 wg_sw_2950#show mac-address-table Dynamic Address Count: 1 Secure Address Count: 1 Static Address (User-defined) Count: 1 System Self Address Count: 25 Total MAC addresses: 28 Maximum MAC addresses: 8192 Non-static Address Table: Destination Address Address Type VLAN Destination Port ------------------- ------------ ---- -------------------0050.0f02.3372 Dynamic 1 FastEthernet0/2 0003.3333.3333 Secure 1 FastEthernet0/1 Static Address Table: Destination Address VLAN ---------------------2222.2222.2222 1 Input Port ---------ALL Output Ports ----------------------Fa0/1

Port security
Anyone can plug in a PC or laptop into one of these outlets. This is a potential entry point to the network by unauthorized users. Switches provide a feature called port security. It is possible to limit the number of addresses that can be learned on an interface. The switch can be configured to take an action if this is exceeded. Secure MAC addresses can be set statically. However, securing MAC addresses statically can be a complex task and prone to error. To verify port security status the command show port security is entered.

Secure MAC Addresses


Set the maximum number of secure MAC addresses on a port After you have cure MAC addresses is configured, they are stored in an address table. Setting a maximum number of addresses to one and configuring the MAC address of an attached device ensures that the device has the full bandwidth of the port.

Secure MAC Addresses

The switch supports these types of secure MAC addresses: Static secure MAC Dynamic secure MAC addresses Sticky secure MAC addresses Sticky secure MAC addressesThese are dynamically configured, stored in the address table, and added to the running configuration. If these addresses are saved in the configuration file, when the switch restarts, the interface does not need to dynamically reconfigure them.
3

Configuring port security


Differs on 1900, 2900XL, and 2950 Switches.

2950 Security Commands

Switch(config-if)#switchport mode access Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security maximum value Switch(config-if)# switchport port-security mac-address mac-address

2950 Configuration

Executing Adds, Moves, And Changes

Executing Adds, Moves, And Changes (cont)

Managing Switch Operating System File

An administrator should document and maintain the operational configuration files for networking devices. The most recent running-configuration file should be backed up on a server or disk. The IOS should also be backed up to a local server.

1900/2950 Password Recovery


For security and management purposes, passwords must be set on the console and vty lines. There will be circumstances where physical access to the switch can be achieved, but access to the user or privileged EXEC mode cannot be gained because the passwords are not known or have been forgotten. In these circumstances, a password recovery procedure must be followed.
4

Summary
Monitoring switch activity and status using LED indicators Examining the switch bootup output using HyperTerminal Using the help features of the command line interface Setting an IP address and default gateway for the switch to allow connection and management over a network Setting interfaces for speed and duplex operation Examining and managing the switch MAC address table Configuring port security Managing configuration files and IOS images Performing password recovery on a switch Upgrading the IOS of a switch

Q&A

You might also like