Scribd
Upload
12 views15 pages

Switch Configuration

Switch Configiration

Uploaded by

zebrehe
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
12 views15 pages

Switch Configuration

Switch Configiration

Uploaded by

zebrehe
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

Network Device and Configuration

Switch configuration
Switches

Switch LED Indicators


Switches have several status LED (light-emitting diode) indicator lights. You can use the switch
LEDs to quickly monitor switch activity and its performance. Switches of different models and
feature sets will have different LEDs, and their placement on the front panel of the switch can
also vary. The figure below shows the switch LEDs and the Mode button for a Cisco Catalyst
2960 switch.

The following describes the purpose of the LED indicators and the meaning of their colors:

1. System LED: - shows whether the system is receiving power and is functioning properly.
 If the LED is off, it means that the system is not powered on.
 If the LED is green, the system is operating normally.
 If the LED is amber, the system is receiving power but is not functioning properly.

2. RPS LED: - shows the Redundant Power System status.


 If the LED is off, the RPS is off or not properly connected.
 If the LED is green, the RPS is connected and ready to provide backup power.
 If the LED is blinking green, the RPS is connected but is unavailable because it is
providing power to another device.
 If the LED is amber, the RPS is in standby mode or in a fault condition.
 If the LED is blinking amber, the internal power supply in the switch has failed,
and the RPS is providing power.

Page 1 of 15
Faculty of Computing Technology
Network Device and Configuration

3. Port Status LED: - when selected, the port LEDs will display colors with different meanings.
 If the LED is off, there is no link, or the port was administratively shut down.
 If the LED is green, a link is present.
 If the LED is blinking green, there is activity and the port is sending or receiving
data.
 If the LED is alternating green-amber, there is a link fault.
 If the LED is amber, the port is blocked to ensure that a loop does not exist in the
forwarding domain and is not forwarding data.
 If the LED is blinking amber, the port is blocked to prevent a possible loop in the
forwarding domain.
4. Port Duplex LED: - indicates that the port duplex mode is selected when the LED is green.
 When selected, port LEDs that are off are in half-duplex mode.
 If the port LED is green, the port is in full-duplex mode.
5. Port Speed LED: - indicates that the port speed mode is selected. When selected,
 If the LED is off, the port is operating at 10 Mb/s.
 If the LED is green, the port is operating at 100 Mb/s.
 If the LED is blinking green, the port is operating at 1000 Mb/s.
6. Power over Ethernet (PoE) Mode LED: - if PoE is supported, a PoE mode LED will be
present.
 If the LED is off, it indicates that the PoE mode is not selected and that none of
the ports have been denied power or placed in a fault condition.
 If the LED is blinking amber, the PoE mode is not selected but at least one of the
ports has been denied power, or has a PoE fault.
 If the LED is green, it indicates that the PoE mode is selected and that the port
LEDs will display colors with different meanings.
7. Port Speed LED: -
 If the port LED is off, the PoE is off.
 If the port LED is green, the PoE is on.
 If the port LED is alternating green-amber, PoE is denied because providing power
to the powered device will exceed the switch power capacity.
 If the LED is blinking amber, PoE is off because of a fault.
 If the LED is amber, PoE for the port has been disabled.

Switch Boot Sequence

After a Cisco switch is powered on, it goes through the following five-step boot sequence:

Step 1: First, the switch loads a power-on self-test (POST) program stored in ROM.
POST checks the CPU subsystem. It tests the CPU, DRAM, and the portion of the flash
device that makes up the flash file system.
Page 2 of 15
Faculty of Computing Technology
Network Device and Configuration

Step 2: Next, the switch loads the boot loader software. The boot loader is a small
program stored in ROM that is run immediately after POST successfully completes.

Step 3: The boot loader performs low-level CPU initialization. It initializes the CPU
registers, which control where physical memory is mapped, the quantity of memory, and
its speed.

Step 4: The boot loader initializes the flash file system on the system board.

Step 5: Finally, the boot loader locates and loads a default IOS operating system software
image into memory and gives control of the switch over to the IOS.

Configuration Modes

The Cisco IOS command-line interface is divided into different command modes in which each
command mode has its own set of commands available for the configuration, maintenance, and
monitoring of router and network operations. The commands available to you at any given time
depend on the mode you are in. Entering a question mark (?) at the system prompt (switch
prompt or router prompt) allows you to obtain a list of commands available for each command
mode.

The standard order that a user would access the modes is as follows:

 User EXEC mode;


 Privileged EXEC mode;
 Global configuration mode;
 Specific configuration modes;
 Configuration submodes; and
 Configuration subsubmodes.

Page 3 of 15
Faculty of Computing Technology
Network Device and Configuration

Verification commands at the Privileged mode

Changing switch name

 hostname command followed by the name changes the name of the switch (ICT in this case)

Switch> enable
Switch# configure terminal
Switch(config)# hostname ICT_Switch
ICT_Switch(config)#

Configuring Banner

 A banner is a message presented to a user who is using the Cisco switch. Based on the type
of banner you configured for use, the message will be shown to users of Cisco switch.

ICT_Switch(config)# banner motd #Unauthorized access to this device is prohibited!#

Configure Switch Port mode and speed

 Switch ports can be manually configured with specific duplex and speed settings.
 Use the duplex interface configuration mode command to manually specify the duplex mode
for a switch port.

Page 4 of 15
Faculty of Computing Technology
Network Device and Configuration

 Use the speed interface configuration mode command to manually specify the speed for a
switch port.
 In the figure below, it shows how the switches (eg. S1 on port Fa0/1) are manually
configured with the full keyword for the duplex command, and the 100 keyword for the
speed command.

Setting Passwords to a Switch

 Privileged EXEC mode has to be password protected in order to prohibit unauthorized users.
So we can set a password using commands enable password or enable secret.

enable password

 It is the less secure of the two commands as it simply stores the password in plaintext.

ICT_Switch# conf t
ICT_Switch(config)# enable password Ci$$c0

 To encrypt the password set by enable password, we can use the following command

ICT_Switch(config)#service password-encryption

Page 5 of 15
Faculty of Computing Technology
Network Device and Configuration

OR

enable secret

 It is an IOS command that enables a secure password to ​ be established on the device.


 It is the most secure of the two commands as it creates an encrypted password using MD5
hashing algorithm.
 It overrides the password set by enable password⁣

ICT_Switch(config)# enable secret Ci$$c0Secret

To delete enable password

ICT_Switch (config)# no enable password

To delete enable secret

ICT_Switch(config)# no enable secret

Configuring Console password

This is used when we need to manage and configure the switch using the computer connected
using console cable.

ICT_Switch# conf t
ICT_Switch (config)# line console 0
ICT_Switch (config-line)# password con0
ICT_Switch (config-line)# login
ICT_Switch (config-line)# end
ICT_Switch#

Page 6 of 15
Faculty of Computing Technology
Network Device and Configuration

NB

The command end or ctrl + Z help you to return directly into privileged mode from other modes
(eg. From the line configuration mode in the above case)

Following this, in order to configure from the computer connected t the switch using console
cable:

Click on the computerselect Desktop Tab  click Terminal  click OK

(Now you can get into the switch)

Configuring Telnet

 Cisco switches can be configured with a special IP address known as the switch virtual
interface (SVI). The SVI, or management address, can be used for remote access to the
switch to display or configure settings. If the VLAN 1 SVI is assigned an IP address, by
default, all ports on VLAN 1 have access to the SVI IP address.
 The task could be accomplished using the following steps

Page 7 of 15
Faculty of Computing Technology
Network Device and Configuration

Step 1: - First lets configure the telnet password as the following


ICT_Switch# conf t
ICT_Switch (config)# line vty 0 15
ICT_Switch (config-line)# password tel015
ICT_Switch (config-line)# login
ICT_Switch (config-line)# end
ICT_Switch#

Step 2: -Then, in order to login into the switch from a remotely connected computer, we have to
first assign a virtual IP ( 192.168.99.100/24) to the VLAN (Currently we only have the default
VLAN, i.e VLAN 1)

ICT_Switch (config)# interface vlan 1


ICT_Switch (config-if)# ip address 192.168.99.100 255.255.255.0
ICT_Switch (config-if)# no shutdown
ICT_Switch (config-if)# end
ICT_Switch#

Step 3: - Go to the command prompt from the computer connected to the switch (Click on the
computerselect Desktop Tab  click Command Prompt

Then Type the following

Ip address of the Vlan

C:\> telnet 192.168.99.100

Password of the telnet (tel1015) in this case

Password: tel1015

Type enable command to enter into the privileged mode, then password of the switch

ICT_Switch>enable

Password:

ICT_Switch# -------------------- ( You now have entered into the privileged mode)

Page 8 of 15
Faculty of Computing Technology
Network Device and Configuration

Configuring switch port security

 Switch port Security is a network security feature that associates specific MAC addresses
of devices with specific interfaces on a switch to restrict access to a given switch
interface so that only the authorized devices can use it.
 If an unauthorized device is connected to the same port, you can define the action that the
switch will take, such as discarding the traffic, sending an alert, or shutting down the port.

ICT_Switch# conf t
ICT_Switch(config)#int fa0/1
ICT_Switch(config-if)# switchport mode access
ICT_Switch(config-if)#switchport port-security
ICT_Switch(config-if)#switchport port-security mac-address sticky
ICT_Switch(config-if)#switchport port-security violation shutdown
ICT_Switch(config-if)#switchport port-security maximum 1

Page 9 of 15
Faculty of Computing Technology
Network Device and Configuration

The purpose of the above commands are describes as following.

 ICT_Switch(config)#int fa0/1 ---- lets you into an interface configuration mode of


FastEthernet0/1
 ICT_Switch(config-if)#switchport mode access ---- configures the interface (port) as an
access port
 ICT_Switch(config-if)#switchport port-security ---- Enables port security
 ICT_Switch(config-if)#switchport port-security mac-address sticky ---- sticky command
enables to dynamically learn the MAC address of the connected host
 ICT_Switch(config-if)#switchport port-security violation shutdown ---- the port will be
shutdown if rogue computer tries to connect into it.
 ICT_Switch(config-if)#switchport port-security maximum 1 ---- allows the maximum
number of computers allowed to access this port is only 1

Violation modes

While defining the action that the switch will take when a frame from an unathorized device is
received. This is done using the switchport port-security violation {protect | restrict | shutdown}
interface command. Though all the three options discard the traffic from the unauthorized device,
they have differences.

Shutdown: -

 In this mode, the switch ports shuts down when the violation occurs. Also, a SNMP trap
is sent and the message is logged. You can enable the port again with the no
shutdown interface configuration command

Protect: -

 When the maximum number of secure MAC addresses has been reached, packets from
devices with unknown source addresses are dropped until you remove the necessary
number of secure MAC addresses from the table. In this mode, you are not notified when
a security violation occurs.

Restrict: -

 It is identical with protect mode, but notifies you when a security violation occurs.
Specifically, a SNMP trap is sent, a syslog message is logged and the violation counter
increments.

Page 10 of 15
Faculty of Computing Technology
Network Device and Configuration

Configuring VLAN

 A Virtual LAN (VLAN) is simply a logical LAN, just as its name suggests. VLANs have
similar characteristics with those of physical LANs, only that with VLANs, you can
logically group hosts even if they are physically located on separate LAN segments.
 We treat each VLAN as a separate subnet or broadcast domain. For this reason, to move
packets from one VLAN to another, we have to use a router or a layer 3 switch.
 Initially every port in a switch is part of a default VLAN (i.e. VLAN 1) and it is not
possible to delete the default VLANs.

 According to the above figure, Fa0/1 and Fa0/2 are assigned to VLAN 10 and Fa0/3 and
Fa0/4 are assigned to VLAN 20.
 Fa0/5 will act as a trunk

Page 11 of 15
Faculty of Computing Technology
Network Device and Configuration

Step 1: - configuring VLAN Id and VLAN Name (lets name VLAN 10 and VLAN 20 as HR,
and MGT respectively

ICT_Switch# conf t
ICT_Switch(config)#vlan 10
ICT_Switch(config-vlan)# name HR
ICT_Switch(config-vlan)# vlan 20
ICT_Switch(config-vlan)# name MGT
ICT_Switch(config-vlan)# end
ICT_Switch#

Step 2: - Assign interfaces to the VLANs they belong

 Fa0/1 and Fa0/2 are assigned to VLAN 10

ICT_Switch> enable
ICT_Switch# conf t
ICT_Switch(config)#int Fa0/1
ICT_Switch(config-if)# switchport mode access
ICT_Switch(config-if)# switchport access vlan 10
ICT_Switch(config-if)# int Fa0/2
ICT_Switch(config-if)# switchport mode access
ICT_Switch(config-if)# switchport access vlan 10
ICT_Switch(config-if)# end
ICT_Switch#

 Fa0/3 and Fa0/3 are assigned to VLAN 20 (using range of ports to save time)

ICT_Switch> enable
ICT_Switch# conf t
ICT_Switch(config)#int range Fa0/3-4
ICT_Switch(config-if-range)# switchport mode access
ICT_Switch(config-if-range)# switchport access vlan 20
ICT_Switch(config-if-range)# end

Page 12 of 15
Faculty of Computing Technology
Network Device and Configuration

ICT_Switch#

Step 3: - configuring Fa0/5 as trunk

ICT_Switch> enable
ICT_Switch# conf t
ICT_Switch(config)#int Fa0/5
ICT_Switch(config-if)# switchport mode trunk
ICT_Switch(config-if)# switchport trunk allowed 1-20
ICT_Switch(config-if)# end
ICT_Switch#

The command below restricts the trunk port (Fa0/5) to be only used by vlans whose ID are in
between 1 and 20 (For instance, If we have vlan 30, it is not allowed to use this trunk)

ICT_Switch(config-if)# switchport trunk allowed 1-20

Access vs Trunk ports

 An access port is assigned to a single VLAN. These ports are configured for switch ports
that connect to devices with a normal network card, for example a PC in a network.
 On the other hand, a trunk port is a port that can be connected to another switch or
router. This port can carry traffic of multiple VLANs.

Page 13 of 15
Faculty of Computing Technology
Network Device and Configuration

Step 4: - Assign static IP addresses to the four PCs which are located in the separate VLANs.
PC1 and PC2 fall in VLAN 10 while PC3 and PC4 fall in VLAN 20.

PC1:- IP address 192.168.10.1 Subnet mask 255.255.255.0 Default gateway 192.168.10.254

PC2: - IP address 192.168.10.2 Subnet mask 255.255.255.0 Default gateway 192.168.10.254

PC3: - IP address 192.168.20.1 Subnet mask 255.255.255.0 Default gateway 192.168.20.254

PC4: - IP address 192.168.20.2 Subnet mask 255.255.255.0 Default gateway 192.168.20.254

Configuring Inter-vlan Routing

 In order to let communication among computers that belong to different VLANs possible a
router is needed
 We’ll configure the router so that it will enable communication between the two vlans via a
single physical interface.
 We’ll divide the single physical interface on the router into logical interfaces (sub interfaces).
 Each sub-interface will then serve as a default gateway for each of the VLANs. This scenario
is called router on a stick (R.O.A.S) and will allow the VLANs to communicate through the
single physical interface.

Router> enable
Router# conf t
Router(config)#int Fa0/0
Router(config-if)#no shutdown
Router(config-if)# int Fa0/0.10
Router(config-subif)# encapsulation dot1q 10 -------- (10 refers VLAN id for Fa0/1 and Fa0/2)
Router(config-subif)# ip address 192.168.10.254 255.255.255.0 -------- (ip address of the default
gateway for PC1and PC2)
Router(config-subif)# int Fa0/0.20
Router(config-subif)# encapsulation dot1q 20 ----- (20 refers VLAN id for Fa0/3 and Fa0/4)
Router(config-subif)# ip address 192.168.20.254 255.255.255.0 -------- (ip address of the default
gateway for PC3and PC4)

Page 14 of 15
Faculty of Computing Technology
Network Device and Configuration

NB

 Now, we can ping from PC1 to PC3 and PC4 and vice versa.

Page 15 of 15
Faculty of Computing Technology

You might also like