L

Lab - Co
onfigurin
ng a Switch Man
nageme
ent Addrress (Insstructor
V
Version)
Instructor No
ote: Red font color or Gray
y highlights ind
dicate text tha
at appears in the instructor copy only.

T
Topology

A
Addressing
g Table

Device
D Interface IP Address
A Subnet Mas
sk Defau
ult Gateway

S1 VLAN 1 192.16
68.1.2 2
255.255.255.0
0 N/A
PC
C-A NIC 192.16
68.1.10 2
255.255.255.0
0 N/A

O
Objectives
Part 1: Co
onfigure a Basic Network
k Device
 Cable
e the network as shown in the topology.
 Config witch settings including hos
gure basic sw stname, mana
agement address, and Telnet access.
 Config
gure an IP ad
ddress on the PC.
Part 2: Ve
erify and Tes
st Network Connectivity
C
 Displa
ay device con
nfiguration.
 Test end-to-end
e co
onnectivity witth ping.
 Test remote
r gement capability with Telnet.
manag
 Save the switch running configu
uration file.

B
Backgroun
nd / Scenarrio
a a switch vi rtual interface
Cisco switches have a special interfface, known as e (SVI). The S SVI can be coonfigured
with an IP
P address, commmonly referrred to as the managementt address tha at is used for rremote accesss to the
switch to display
d or con
nfigure setting
gs.
In this lab
b, you will build a simple ne
etwork using Ethernet
E N cabling and access a Cissco switch using the
LAN
console and
a remote ac ccess method ds. You will co
onfigure basicc switch settin
ngs and IP ad
ddressing, and
d
demonstra ate the use of a managem ment IP addres ss for remote switch mana agement. The topology connsists of
one switch and one ho ost using only Ethernet and d console portts.
Note: The
e switches used are Cisco Catalyst 2960s with Cisco
o IOS Release e 15.0(2) (lan
nbasek9 imag
ge). Other
switches and
a Cisco IOS S versions ca
an be used. Depending
D on the model an nd Cisco IOS version, the available
command ds and output produced might vary from
m what is show
wn in the labss.
Note: Make sure that the switch has d and has no startup configuration. If yo
s been erased ou are unsure
e, contact
your instru
uctor.

© 2013 Cisco and

d/or its affiliates. All rights reserve
ed. This docume
ent is Cisco Publiic. P
Page 1 of 10
Lab - Configuring a Switch Management Address

Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.

Required Resources
 1 Switch (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
 1 PC (Windows 7, Vista, or XP with terminal emulation program, such as Tera Term)
 Console cables to configure the Cisco IOS devices via the console ports
 Ethernet cables as shown in the topology

Part 1: Configure a Basic Network Device

In Part 1, you will set up the network and configure basic settings, such as hostnames, interface IP
addresses, and passwords.

Step 1: Cable the network.

a. Cable the network as shown in the topology.
b. Establish a console connection to the switch from PC-A.

Step 2: Configure basic switch settings.

In this step, you will configure basic switch settings, such as hostname and configuring an IP address for the
SVI. Assigning an IP address on the switch is only the first step. As the network administrator, you must
specify how the switch will be managed. Telnet and Secure Shell (SSH) are two of the most common
management methods; however, Telnet is a very insecure protocol. All information flowing between the two
devices is sent in plain text. Passwords and other sensitive information can be easily looked at if captured by
a packet sniffer.
a. Assuming the switch had no configuration file stored in nonvolatile random-access memory (NVRAM),
you will be at the user EXEC mode prompt on the switch with a prompt of Switch>. Enter privileged
EXEC mode.
Switch> enable
Switch#
b. Verify a clean configuration file with the show running-config privileged EXEC command. If a
configuration file was previously saved, it will have to be removed. Depending on the switch model and
IOS version, your configuration may look slightly different. However, there should be no configured
passwords or IP address set. If your switch does not have a default configuration, ask your instructor for
help.
c. Enter global configuration mode and assign the switch hostname.
Switch# configure terminal
Switch(config)# hostname S1
S1(config)#
d. Configure the switch password access.
S1(config)# enable secret class
S1(config)#
e. Prevent unwanted Domain Name System (DNS) lookups.
S1(config)# no ip domain-lookup
S1(config)#

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 10
Lab - Configuring a Switch Management Address

f. Configure a login message-of-the-day (MOTD) banner.

S1(config)# banner motd #
Enter Text message. End with the character ‘#’.
Unauthorized access is strictly prohibited. #
g. Verify your access setting by moving between modes.
S1(config)# exit
S1#
S1# exit
Unauthorized access is strictly prohibited.
S1>
What shortcut keys are used to go directly from global configuration mode to privileged EXEC mode?
____________________________________________________________________________________
Ctrl+Z
h. Return to privileged EXEC mode from user EXEC mode.
S1> enable
Password: class
S1#
Note: Password will not show up on screen when entering.
i. Enter global configuration mode to set the SVI IP address to allow remote switch management.
S1# config t
S1#(config)# interface vlan 1
S1(config-if)# ip address 192.168.1.2 255.255.255.0
S1(config-if)# no shut
S1(config-if)# exit
S1(config)#
j. Restrict console port access. The default configuration is to allow all console connections with no
password needed.
S1(config)# line con 0
S1(config-line)# password cisco
S1(config-line)# login
S1(config-line)# exit
S1(config)#
k. Configure the virtual terminal (VTY) line for the switch to allow Telnet access. If you do not configure a
VTY password, you will not be able to Telnet to the switch.
S1(config)# line vty 0 4
S1(config-line)# password cisco
S1(config-line)# login
S1(config-line)# end
S1#
*Mar 1 00:06:11.590: %SYS-5-CONFIG_I: Configured from console by console

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 10
Lab - Configuring a Switch Management Address

Step 3: Configure an IP address on PC-A.

a. Assign the IP address and subnet mask to the PC, as shown in the Addressing Table on page 1. The
procedure for assigning an IP address on a PC running Windows 7 is described below:
1) Click the Windows Start icon > Control Panel.
2) Click View By: > Category.
3) Choose View network status and tasks > Change adapter settings.
4) Right-click Local Area Network Connection and select Properties.
5) Choose Internet Protocol Version 4 (TCP/IPv4), click Properties > OK.
6) Click the Use the following IP address radio button and enter the IP address and subnet mask.

Part 2: Verify and Test Network Connectivity

You will now verify and document the switch configuration, test end-to-end connectivity between PC-A and
S1, and test the remote management capability of the switch.

Step 1: Display the S1 device configuration.

a. Return to your console connection using Tera Term on PC-A to display and verify your switch
configuration by issuing the show run command. A sample configuration is shown below. The settings
you configured are highlighted in yellow. The other configuration settings are IOS defaults.
S1# show run
Building configuration...

Current configuration : 1508 bytes

!
! Last configuration change at 00:06:11 UTC Mon Mar 1 1993
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname S1
!
boot-start-marker
boot-end-marker
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
system mtu routing 1500
!
!
no ip domain-lookup
!
spanning-tree mode pvst

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 10
Lab - Configuring a Switch Management Address

spanning-tree extend system-id

!
vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2

<output omitted>

interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.2 255.255.255.0
!
ip http server
ip http secure-server
!
banner motd ^C
Unauthorized access is strictly prohibited. ^C
!
line con 0
password cisco
login
line vty 0 4
password cisco
login
line vty 5 15
login
!
end
b. Verify the status of your SVI management interface. Your VLAN 1 interface should be up/up and have an
IP address assigned. Notice that switch port F0/6 is also up because PC-A is connected to it. Because all
switch ports are initially in VLAN 1, by default, you can communicate with the switch using the IP address
you configured for VLAN 1.
S1# show ip interface brief
Interface IP-Address OK? Method Status Protocol
Vlan1 192.168.1.2 YES manual up up
FastEthernet0/1 unassigned YES unset down down
FastEthernet0/2 unassigned YES unset down down
FastEthernet0/3 unassigned YES unset down down
FastEthernet0/4 unassigned YES unset down down
FastEthernet0/5 unassigned YES unset down down
FastEthernet0/6 unassigned YES unset up up

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 10
L
Lab - Configu
uring a Switc
ch Managem
ment Address
s

FastE
Ethernet0/7 una
assigned YES unse
et down down
FastE
Ethernet0/8 una
assigned YES et
unse down down
FastE
Ethernet0/9 una
assigned YES et
unse down down
FastE
Ethernet0/10
0 una
assigned YES et
unse down down
FastE
Ethernet0/11
1 una
assigned YES et
unse down down
FastE
Ethernet0/12
2 una
assigned YES et
unse down down
FastE
Ethernet0/13
3 una
assigned YES et
unse down down
FastE
Ethernet0/14
4 una
assigned YES et
unse down down
FastE
Ethernet0/15
5 una
assigned YES et
unse down down
FastE
Ethernet0/16
6 una
assigned YES et
unse down down
FastE
Ethernet0/17
7 una
assigned YES et
unse down down
FastE
Ethernet0/18
8 una
assigned YES et
unse down down
FastE
Ethernet0/19
9 una
assigned YES et
unse down down
FastE
Ethernet0/20
0 una
assigned YES et
unse down down
FastE
Ethernet0/21
1 una
assigned YES et
unse down down
FastE
Ethernet0/22
2 una
assigned YES et
unse down down
FastE
Ethernet0/23
3 una
assigned YES et
unse down down
FastE
Ethernet0/24
4 una
assigned YES et
unse down down
Gigab
bitEthernet0
0/1 una
assigned YES et
unse down down
Gigab
bitEthernet0
0/2 una
assigned YES et
unse down down

S
Step 2: Tes
st end-to-en
nd connectiv
vity.
Open a co
ommand prom mpt window (c
cmd.exe) on PC-A by clickking the Wind dows Start iccon and enter cmd into
the Searc
ch for progra
ams and files
s field. Verify the
t IP addresss of PC-A byy using the ipc
config /all co
ommand.
This comm
mand displays the PC hostname and th he IPv4 addre
ess informatio
on. Ping PC-AA’s own addre ess and
the managgement addre
ess of S1.
a. Ping your
y own PC--A address firrst.
C:\Us
sers\NetAc
cad> ping 192.168.1.
1 10
Your output should
d be similar to
o the following
g screen:

© 2013 Cisco and

d/or its affiliates. All rights reserve
ed. This docume
ent is Cisco Publiic. P
Page 6 of 10
L
Lab - Configu
uring a Switc
ch Managem
ment Address
s

b. Ping the
t SVI mana
agement addrress of S1.
C:\Us
sers\NetAc
cad> ping 192.168.1.
1 2
Your output shouldd be similar to
o the following
g screen. If pi ng results are
e not successsful, troublesh
hoot the
basic device config
gurations. Youu should chec ck both the phhysical cablinng and IP adddressing, if neecessary.

S
Step 3: Tes
st and verify
y remote ma
anagement of S1.
You will now use Telne et to remotelyy access the switch
s S1 usin
ng the SVI ma anagement address. In this lab,
PC-A and d S1 reside sid de by side. In
n a productionn network, the
e switch could d be in a wirin
ng closet on th
he top
floor whilee your manag gement PC is located on th he ground flooor. Telnet is n
not a secure pprotocol. However, you
will use it in this lab to test remote access.
a ormation sen t by Telnet, in
All info ncluding passswords and
command ds, is sent acrross the sessiion in plain teext. In subseq uent labs, yo u will use Seccure Shell (SS
SH) to
remotely access
a netwoork devices.
Note: Win ndows 7 does s not natively support Telne
et. The admin
nistrator mustt enable this p
protocol. To in
nstall the
Telnet clie
ent, open a co
ommand prom mpt window and
a type pkgm mgr /iu:“T TelnetClien nt”.
C:\Us
sers\NetAc
cad> pkgmgr
r /iu:”Tel
lnetClient”
”
a. With the
t command d prompt wind
dow still open on PC-A, isssue a Telnet ccommand to cconnect to S1 via the
SVI management
m address.
a The password is cisco.
C:\Us
sers\NetAc
cad> telnet
t 192.168.1.2
Your output should
d be similar to
o the following
g screen:

© 2013 Cisco and

d/or its affiliates. All rights reserve
ed. This docume
ent is Cisco Publiic. P
Page 7 of 10
L
Lab - Configu
uring a Switc
ch Managem
ment Address
s

b. After entering the cisco

c passwo
ord, you will be
b at the userr EXEC mode
e prompt. Type enable at th
he
promp pt. Enter the class
c ord to enter privileged EXE
passwo EC mode and issue a showw run comma and.

S
Step 4: Sav
ve the configuration file.
a. From your Telnet session,
s issue
e the copy ru
un start comm
mand at the p
prompt.
S1# copy
c run start
s
Desti
ination fi
ilename [st
tartup-con
nfig]? [Ent
ter]
Build
ding confi
iguration ..
.
S1#
he Telnet ses
b. Exit th ssion by typing
g quit. You will d to the Wind
w be returned dows 7 comm
mand prompt.

R
Reflection
Why mustt you use a co
onsole conne
ection to initiallly configure tthe switch? W
Why not conne
ect to the swittch via
Telnet or SSH?
________
___________
____________
___________
___________
____________
____________
___________
________
No IP adddressing parameters are co
onfigured yet.. A switch firsst placed into service has n
no networking
g
configured
d.

D
Device Con
nfigs

S
Switch S1(Complete))
S
S1#show run
n
B
Building co
onfigurati
ion...
!
C
Current con
nfiguratio
on : 1508 bytes
b
!
v
version 15.
.0

© 2013 Cisco and

d/or its affiliates. All rights reserve
ed. This docume
ent is Cisco Publiic. P
Page 8 of 10
Lab - Configuring a Switch Management Address

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname S1
!
boot-start-marker
boot-end-marker
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
system mtu routing 1500
!
!
no ip domain-lookup
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 9 of 10
Lab - Configuring a Switch Management Address

!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.2 255.255.255.0
!
ip http server
ip http secure-server
!
banner motd ^C
Unauthorized access is strictly prohibited. ^C
!
line con 0
password cisco
login
line vty 0 4
password class
login
line vty 5 15
login
!
end

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 10 of 10