07 - operating lan switches

7/30/2019 07 - Operating LAN Switches

1/39


2/39

Agenda

www.asghars.blogspot.com2

Introduction

Cisco Catalyst Switch Brand

Cisco Linksys Switch Brand

The Cisco Catalyst 2960 Switch

Switch Status from LEDs

Accessing the Cisco IOS CLI

CLI Access from the Console

CLI Access with Telnet & SSH

Setting Password Security for CLI

Cisco IOS Modes of Operation

User EXEC Mode

Privileged EXEC Mode

1/2


3/39

Agenda


Global Configuration Mode

Switch Configuration Files

Types of Switch Memory RAM/DRAM

ROM

Flash Memory NVRAM

Types of Configurations Initial Configuration (Setup Mode)

Startup Configuration

Running Configuration

Copying Configuration Files

Erasing Configuration Files

2/2


4/39

Introduction


Cisco has two major brands of LAN switching products Cisco Catalyst Switch Brand

Includes a large collection of switches, all of which have

been designed with Enterprises in mind

The Catalyst switches have a wide range of sizes, functions,and forwarding rates

Cisco Linksys Switch Brand

Includes a variety of switches designed for use in the home

The CCNA exams focus on how to implement LANsusing Cisco Catalyst switches

Both the Catalyst and Linksys brands of Cisco switches

provide the same base features

1/2


5/39

Introduction


Within the Cisco Catalyst brand, Cisco produces awide variety of switch series or families

Each switch series includes several specific models

of switches that have:

Similar Features,

Similar Price-Versus-Performance trade-offs, and

Similar Internal components

2/2


6/39



Cisco positions the 2960 series/family of switchesas full-featured, low cost wiring closet/cabinet

switches for enterprises

2960 switches are mostly used as access switches

The distribution layer switches are often from a

different Cisco switch family, typically a more

powerful and more expensive product family

Figure on next slide shows the photo of the 2960

switch series from Cisco

1/8


7/39



The top switch (WS-2960-24TT-L) has 24 RJ-45 UTP 10/100 ports, meaning that these ports can negotiate

the use of 10BASE-T or 100BASE-TX Ethernet

The WS-2960-24TT-L switch has two additional RJ-45

ports on the right that are 10/100/1000 interfaces,intended to connect

to the core switches

of an Enterprise

campus LAN

2/8


8/39



Cisco refers to a switchs physical connectors as eitherinterfaces or ports. Each interface has a number in the

style x/y, where x and y are two different numbers

In a 2960, the number before the / is always 0. The first

10/100 interface on a 2960 is numbered starting at 0/1,the second is 0/2, and so on

The interfaces also have names; for example, interface

FastEthernet 0/1 is the first of the 10/100 interfaces.

Any Gigabit-capable interfaces would be called

GigabitEthernet interfaces

3/8


9/39



Cisco supports two major types of switch operatingsystems:

Internetwork Operating System (IOS)

Catalyst Operating System (Cat OS)

Most Cisco Catalyst switch series today run only CiscoIOS

But for some historical reasons, some of the high-end

Cisco LAN switches support both Cisco IOS and Cat OS Cisco also uses the term hybrid to refer to 6500

switches that use Cat OS and the term native to refer to

6500 switches that use Cisco IOS

4/8


10/39



Switch Status from LEDs Switch hardware includes several LEDs that provide

some status and troubleshooting information

Figure shows the front of a 2960 series switch, with

five LEDs on the left, one LED over each port, and amode button

SYST (System)

RPS (Redundant Power Supply)

STAT (Status)DUPLX (Duplex)

SPEED

Port

5/8

MODE


11/39



To make sense of the LEDs, consider the specificexample of SYST LED

SYST LED provides a quick overall status of the switch,

with three states on most 2960 switch models:

Off: switch is not powered onOn (green): switch is powered on and operational (Cisco

IOS has been loaded)

On (amber): switchs Power-On Self Test (POST) process

failed, and the Cisco IOS did not load. In this case, the

typical response is to power the switch off and back on

again. If the same failure occurs, a call to the Cisco

Technical Assistance Center (TAC) is typically the next step

6/8


12/39



The particular details of how each LED works differbetween different Cisco switch families and with differentmodels inside the same switch family

The port LEDsthe LEDs sitting above or below eachEthernet portmeans something different depending on

which of three port LED modes is currently used on theswitch

The switches have a mode button (labeled with number 6in Figure) that, when pressed, cycles the port LEDsthrough three modes:

STAT

DUPLX, and

SPEED

7/8


13/39



Each of the three port LED modes changes themeaning of the port LEDs associated with each port

In STAT (status) Mode

Off: The link is not working

Solid Green: The link is working, but theres no current traffic Flashing Green: The link is working, and traffic is currently

passing over the interface

Flashing Amber: The interface is administratively disabled or has

been dynamically disabled for a variety of reasons

In SPEED Mode

Dark LED; meaning 10 Mbps

Solid Green Light; meaning 100 Mbps

Flashing Green; meaning 1000 Mbps (1 Gbps)

8/8


14/39



The command-line interface (CLI) is a text-basedinterface in which the user, typically a networkengineer, enters a text command and presses Enter

Pressing Enter sends the command to the switch,

which tells the device to do something Cisco IOS not also define an interface (CLI) for

humans but it also controls the switchsperformance and behavior

The switch CLI can be accessed through threepopular methodsthe console, Telnet, and SecureShell (SSH)

1/7


15/39



The console is a physical port built specifically to allowaccess to the CLI

Telnet and SSH use the IP network in which the switchresides to reach the switch

Figure depicts the options You can also use the

Cisco Device Manager

(CDM) or Cisco Security

Device Manager (SDM) to

configure the switch using

web browser

2/7


16/39



CLI Access from the Console

Every Cisco switch has a console port, which is physicallyan RJ-45 port

A PC connects to the console port using a UTP rollovercable

The UTP rollover cable has

RJ-45 connectors on each

end, with pin combination as

1 to 8 ,2 to 7, 3 to 6, and 4 to 5

Figure shows the RJ-45 end of

the console cable connected to a switch and the DB-9 endconnected to a laptop PC

3/7


17/39



Next, a terminal emulator software package (e.g. tera

term) must be installed and configured to use the PCs

serial port, matching the switchs console port settings

The default console port settings

on a switch are as follows: 9600 bits/second

No hardware flow control

8-bit ASCII

No stop bits 1 parity bit

Figure shows the configuration

window for the settings just listed

4/7


18/39



CLI Access with Telnet & SSH

Most terminal emulator packages also include both Telnet& SSH client functions

Telnet or SSH application protocol calls the terminalemulator a Telnet Client or SSH Client and device that

listens for commands is called Telnet Server or SSHServer

The switch runs Telnet and SSH server software bydefault, but needs to have an IP address configured

Telnet & SHH is TCP based where Telnet uses the port 23and SHH uses the port 22

The key difference b/w Telnet & SHH is that Telnet sendsall data as clear-text data, while the SHH sends data inmore secure manner by using the encryption

5/7


19/39



Setting Password Security for CLI

By default switch allows only console access, but noTelnet or SHH access

To add basic password checking for console and

Telnet, engineers needs to configure a couple of basiccommands

Following are the two basic commands to configurepassword

Console (Console Password)line console 0llogin

password mypass

6/7


20/39



Telnet (vty Password)line vty 0 15

login

password mypass

Cisco switches refers to console as console line-

specifically, console line 0 Cisco switches also support 16 Telnet sessions,

referenced as virtual terminal (vty) lines 0 through 15

SSH requires a little more effort than console &

Telnet, as SSH uses public key cryptography toexchange a shared session key

Additionally, SSH requires both username andpassword for login

7/7


21/39



Cisco IOS provides access to several differentcommand modes

Each command mode provides a different group ofrelated commands

Entering a question mark(?) at the system promptallows you to obtain a list of commands availablefor each command mode

The three basic modes are:

User EXEC Mode

Privileged EXEC Mode

Global Configuration Mode

1/10


22/39



User EXEC Mode

It is the default command mode for the CLI

It is also called User Mode

The user EXEC commands allow you to connect to

remote devices, change terminal settings on atemporary basis, perform basic tests, and list systeminformation

EXEC refers to the fact that the user only enter thecommand, switch executes that command and thendisplay the message

The prompt for user EXEC mode is the name of thedevice followed by an angle bracket:

2/10


23/39



Privileged EXEC Mode Privileged EXEC commands set operating parameters

Privileged EXEC mode is password protected

It is also called simply privileged or enable mode

To enter privileged mode, enter the enable EXECcommand from user EXEC mode:

To set enable mode password, use either the enable

password or enable secretcommands

It is recommended that you use the enable

secret command because it uses an improved

encryption algorithm

3/10


24/39



Use the enable password command only if

you boot an older image of the Cisco IOS software

Figure shows the User & Privileged modes

4/10


25/39



Global Configuration Mode Global configuration commands apply to features

that affect the system as a whole, rather than just one

protocol or interface

Commands entered in configuration mode update theactive configuration file

Configuration mode itself contains submodes

Submodes used to configure specific system features Context-setting commands move you from one

configuration mode or context to another

5/10


26/39



To enter global configuration mode, enter

the configure command from privileged EXEC

mode:

The system prompt changes to indicate that you are

now in global configuration mode

Some of the submodes are:

Access-list Configuration

Line Configuration

6/10


27/39



Interface Configuration

Access-list Configuration

Use access-list configuration mode when you are

creating a named IP or IPX access list

From global configuration mode, use the ipaccess-list or ipx access-list command

Line configuration

Line configuration commands modify the operation of

an auxiliary, console, physical, or virtual terminal line

7/10


28/39



From global configuration mode, enter by specifying a

line with a line {aux | con | tty | vty}

line-number [ending-line-number]

command

Interface Configuration

The commands entered in this mode modify theoperation of an interface

From global configuration mode, enter by specifying an

interface with an interface command

8/10


29/39



Figure shows the relationship b/w EXEC modes and

configuration mode

9/10


30/39



Theend

or Ctrl+z key sequence exit the user from

any part of configuration mode and go back to

privileged EXEC mode

While the exit command backs you out of

configuration mode one sub-configuration mode at

a time

10/10


31/39



To work with files, you need some sort of memory

Cisco switches uses several types of permanentmemory as:

RAM/DRAM

Used by switch as it is used by any other computer ROM

Stores bootstrap/boot-helper program, that is loaded whenthe switch first power on

Bootstrap program finds the image of IOS and load it into

the RAM

Flash Memory

Found in the form of chip inside the switch or a removablememory card

1/9


32/39



Stores the Cisco IOS images and it is the default location

where bootstrap searches for the IOS image It can also be used to store configuration or backup files

Nonvolatile RAM (NVRAM)

Stores the initial or startup configuration file

A configuration file saves the switch configurationcommands in text format

Switch maintains the following types of configuration:

Initial Configuration (Setup Mode)

Setup mode leads a switch administrator to a basic switchconfiguration by using questions that prompt for basicswitch configuration parameters

Figure on next slide describe the process used by setup

mode

2/9


33/39



3/9


34/39



Startup Configuration

Used for initialization when the switch boots

If this file does not exist, the system boots using the

factory defaults

It is stored in NVRAM You can use the show startup-config command

to view the startup configuration file

The IOS File System (IFS) refers to startup-config as

nvram:startup-config

4/9

5/9


35/39



Running Configuration

Stores the currently used configuration commands

This file changes dynamically when someone enters

commands in configuration mode

It is stored in RAM If the switch is reloaded (rebooted) and the running

configuration is not saved all commands will be lost

You can use the show running-config command

to view the startup configuration file

5/9

6/9


36/39



The IOS File System (IFS)

refers to running-config

as system:running-config

6/9

7/9


37/39



Copying Configuration Files

The copy command can be used to copy files b/w

RAM or NVRAM on a switch and a TFTP server

The copy command can be summarized as:

copy { tftp | running-config | startup-config }

{ tftp | running-config | startup-config }

It always replaces the existing configuration file when

the file is copied into NVRAM or into a TFTP server,

while it merged the configuration file into the

running-config file in RAM

7/9

8/9


38/39



Figure depicts the locations and results of copy

operation

8/9

9/9


39/39


h bl t39

Erasing Configuration Files

You can use three different commands to erase the

contents of NVRAM

write erase (older)

erase startup-config (older)

erase nvram(recomened)

All the three commands will erase the contents of the

NVRAM configuration file

Note there is no command to erase the contents of

the running-config file; to clear the running-config

file, simply erase the startup-config file and then

l d h i h

9/9

07 - operating lan switches

Documents