Week 2 - Lab Instructions - Basic Switch Configuration
Week 2 - Lab Instructions - Basic Switch Configuration
Computer
Networks
Products
Lecturer:
Dr Hamidreza Bagheri
2024-2025
Creating a Simple Topology
The Cisco IOS user interface is divided into many different modes. The commands
available to you depend on which mode you are currently in. Enter a question mark
(?) at the system prompt to obtain a list of commands available for each command
mode.
You can start a CLI session through a console connection, through Telnet, an SSH, or
by using the browser.
When you start a session, you begin in user mode, often called user EXEC mode. Only
a limited subset of the commands is available in user EXEC mode. For example, most
of the user EXEC commands are one-time commands, such as show commands, which
show the current configuration status, and clear commands, which clear counters or
interfaces. The user EXEC commands are not saved when the switch reboots.
To have access to all commands, you must enter privileged EXEC mode. Normally, you
must enter a password to enter privileged EXEC mode. From this mode, you can enter
any privileged EXEC command or enter global configuration mode.
Using the configuration modes (global, interface, and line), you can make changes to
the running configuration. If you save the configuration, these commands are stored
and used when the switch reboots. To access the various configuration modes, you
must start at global configuration mode. From global configuration mode, you can
enter interface configuration mode and line configuration mode.
This table describes the main command modes, how to access each one, the
prompt you see in that mode, and how to exit the mode.
User EXEC Begin a session Switch> Enter logout or quit. Use this mode to
using Telnet,
• Change
SSH, or console.
terminal
settings.
• Perform basic
tests.
• Display system
information.
Privileged While in user Switch# Enter disable to exit. Use this mode to
EXEC EXEC mode, verify commands
enter that you have
the enable com entered. Use a
mand. password to
protect access to
this mode.
1|Page
Mode Access Method Prompt Exit Method About This Mode
Source:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/consol
idated_guide/b_consolidated_3850_3se_cg_chapter_01.html
2|Page
Configuring Initial Switch Settings
Objectives
Part 1: Verify the Default Switch Configuration
Part 2: Configure a Basic Switch Configuration
Part 3: Configure a MOTD Banner
Part 4: Save Configuration Files to NVRAM
Part 5: Configure S2
Background
In this activity, you will perform basic switch configurations. You will get secure
access to the CLI and console ports using encrypted and plain text passwords. You
will also learn how to configure messages for users logging into the switch. These
banners are also used to warn unauthorized users that access is prohibited.
You can access all switch commands from privileged mode. However, because many
of the privileged commands configure operating parameters, privileged access should
be password-protected to prevent unauthorized use.
The privileged EXEC command set includes those commands contained in user EXEC
mode, as well as the configure command through which access to the remaining
command modes are gained. Design the below topology.
3|Page
a. Click S1 and then the CLI tab. Press Enter
Switch> enable
Switch#
Notice that the prompt changed in the configuration to reflect privileged EXEC mode.
4|Page
To secure access to the console line, access config-line mode and set the console
password to ‘letmein’.
Exit privileged mode to verify that the console port password is in effect.
S1# exit
Note: If the switch did not prompt you for a password, then you did not configure the
login parameter in Step 2.
Set the enable password to c1$c0. This password protects access to privileged mode.
Note: The 0 in c1$c0 is a zero, not a capital O. This password will not grade as correct
until after you encrypt it in Step 8.
5|Page
S1> enable
S1# configure terminal
S1(config)# enable password c1$c0
S1(config)# exit
%SYS-5-CONFIG_I: Configured from console by console
S1#
c. The first password is the console password you configured for line con 0. Enter
this password to return to user EXEC mode.
e. Enter the second password you configured to protect privileged EXEC mode.
Notice how the console and enable passwords are both in plain text. This could pose
a security risk if someone is looking over your shoulder.
The enable password should be replaced with the newer encrypted secret password
using the enable secret command.
S1# config t
S1(config)# exit
6|Page
S1#
Note: The enable secret password overrides the enable password. If both are
configured on the switch, you must enter the enable secret password to enter
privileged EXEC mode.
Step 7: verify that the enable secret password is added to the configuration file.
a. Enter the show running-configuration command again to verify the new enable
secret password is configured.
As you noticed in Step 7, the enable secret password was encrypted, but the enable
and console passwords were still in plain text. We will now encrypt these plain text
passwords using the service password-encryption command.
S1# config t
S1(config)# service password-encryption
S1(config)# exit
If you configure any more passwords on the switch, will they be displayed in the
configuration file as plain text or in encrypted form? Explain why? The service
password-encryption command encrypts all current and future passwords.
The Cisco IOS command set includes a feature that allows you to configure messages
that anyone logging onto the switch sees. These messages are called message of the
7|Page
day, or MOTD banners. Enclose the banner text in quotations or use a delimiter
different from any character appearing in the MOTD string.
S1# config t
S1(config)# banner motd “This is a secure system.
Authorized Access Only!”
S1(config)# exit
%SYS-5-CONFIG_I: Configured from console by console
S1#
When will this banner be displayed? The message will be displayed when someone
enters the switch through the console port.
Why should every switch have a MOTD banner? Every switch should have a banner
to warn unauthorized users that access is prohibited but can also be used for sending
messages to network personnel/technicians (such as impending system shutdowns
or who to contact for access)
Step 1: Verify that the configuration is accurate using the show run command.
You have completed the basic configuration of the switch. Now back up the running
configuration file to NVRAM to ensure that the changes made are not lost if the system
is rebooted or loses power.
8|Page
Are all the changes that were entered recorded in the file? Yes, it is the same as the
running configuration.
Part 5: Configure S2
You have completed the configuration on S1. You will now configure S2. If you cannot
remember the commands, refer to Parts 1 to 4 for assistance.
a. Name device: S2
d. Configure a message to those logging into the switch with the following message:
g. Save the configuration file to avoid loss if the switch is powered down.
Switch> enable
Switch# config t
Enter configuration commands, one per line. End with
CNTL/Z.
Switch(config)# hostname S2
S2(config)# line console 0
S2(config-line)# password letmein
S2(config-line)# login
S2(config-line)# enable password c1$c0
S2(config)# enable secret itsasecret
9|Page
S2(config)# banner motd $any text here$
S2(config)# service password-encryption
S2(config)# do copy running-config startup-config
10 | P a g e