cns-lab 9-cisco switch configuration

7/27/2019 CNs-Lab 9-Cisco Switch Configuration

1/8

Dr. Shareef M. Shareef Computer Networks 1

Practical 9:

By the end of this Lab, you will be able to:

Describe basic switch configuration methods. Configure a switch.

Five ways to manage Switches:

Management options

o After the hardware has been installed and cabled it is likely that at least a minimal additionalconfiguration would be required.

o Until an IP address has been assigned configuration is performed using the console port(usually at the rear of the switch).

o Most switch management options require network access and a valid IP address for theswitch.

o If and when the switch has a network connection and a valid IP address, then a number ofoptions for switch management are possible:

telnet: Accesses the command linesimilar to console port access but over the network.

SNMP (Simple Network Management Protocol): For management using networkmanagement systems such as HP OpenView.

HTTP (Hyper Text Transfer Protocol): Web based management. The switch acts as a webserver, the administrator just points the browser at the switch.

TFTP (Trivial File Transfer Protocol): Used to download configurations.


2/8


Why we configure switches?

Switches are layer 2 devices and are therefore relatively easy to configure in comparison torouters.

In most cases, the default configuration of switches will enable the switch to connect PCsand servers together with ease - plug and play.

Further configuration of switches is advisable for the following reasons:Security

Adding passwords to the switch to prevent unauthorised access.

Management

An IP address is advisable to enable management of the switch and should be configured.

Performance

With an out of the box configuration, convergence times of 50+ seconds would not be

uncommon. With a little bit of effort these times can be reduced to 0-8 seconds. Extra configuration

can also make the network more stable and less prone to issues, such as broadcast storms.

Console Port


3/8


Console port

The normal place to start configuring is via a console port. This is the only option if the switch does not have an IP address configured. The console cable is connected directly to the switch. The console connector is normally in the back of the switch, as shown above. The console connector is normally a 9-pin D type serial connector, however, Cisco uses an

RJ connector

The other end of the console cable will be connected to a dumb ASCII terminal or the COMport of a PC.

Note that some switches do not provide a console port. In this case a default IP address is usually provided.

Cisco Switch Connection

Working with Cisco Switch IOS:

IOS stands for ( Internetworking Operating System); Its an operating system of Ciscodevices.

Connecting to Cisco Device:HyperTerminal

A- HyperTerminal is the usual software to use when connecting your PC to the console port ona switch.

B- The main reason for using HyperTerminal is that it is free and comes with MicrosofWindows.

C- The settings for HyperTerminal need to match the console port settings on the switch.D- When using HyperTerminal, your PC is effectively acting as a screen and keyboard for the

switch.

Hyper Terminal


4/8


NOW,

1. Get a console cable .2. plug the serial end into the back of your PC.3. plug the RJ 45 end into the console port of the switch.4. Get a Terminal Program as Hyper Terminal. Or (TeraTerm, Minicom, SecureCRT)5. After setup the program, now you just have to set it up to connect via COM port with:6. A typical configuration is:a) Flow control: None

b) Baud Rate (Speed): 9600c) Data bits: 8d) Parity : Nonee) Stop Bits : 1f) Flow Control : None7. Now you connected

Students should be able to know which type of cable will be used in this scenario?

Switch> User Mode (User Exec)

Switch# Privileged Mode (Privileged Exec)

Switch(Config)# Global Configuration Mode

User Mode is Very Basic Monitoring mode (Ping, Telnet to another Switch) Privilege Mode to enter that mode you should type enablein the User Mode, on this mode

you can view anything on Cisco Switch view the Packet incoming and outgoing view the

passwords, view the Configuration but you cant configure on that mode. Global Configuration mode is used to make the necessary Configuration on the Switch, by

typing conf tin the Privilege Mode

Performing initial configuration in a switch:I. First thing you do for configuring a Switch on a New Brand Device is to set a Name. We

will change the default name into SengSwitch,

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname SengSwitch


5/8


SengSwitch(config)#

Of Course the name of the Switch should be named logically which means the Location of the

Switch will be its name.

For Example : 3rdFL,Switch1 or 2ndFL,Switch2

II. Second thing to do is to give the Switch an IP Address in order to Telnet on it. In order togive a Switch an IP Address you must have at least a Basic Understanding on VLAN

(Virtual Lans), what it does is that it divides your local network from one broadcast domain

into multiple Broadcast Domains on the same device.

So, why we are talking on VLAN, because when we assign the Switch with an IP Address

we need to go to VLAN Interface, because the Switch ports is not configured by IP address

but the VLAN interface is configured.

But we dont know which VLAN we are on or we dont know how to create one right now, but by

Default the Switches Creates its Default VLAN 1 whether you need it or not, all the Port on the

Switch is on VLAN1 by Default, thats why everything works with out any Configuration on the

switch Interfaces, any port can communicate with the other port because every interfaces is a

member on VLAN1 by default.

So, to configure the IP Address of the VLAN1 do the following.

SengSwitch(config)#interface vlan 1

SengSwitch(config-if)#ip address 172.30.2.180 255.255.255.0

Now your Switch has an IP Address. Now we need to check what

we have done,

Then, we have to type the following command.

SengSwitch#show interfaces vlan 1

The result would be like below;

Vlan1 is administratively down, line protocol is down

Hardware is CPU Interface, address is 0030.f2cb.3969 (bia 0030.f2cb.3969)

Internet address is 172.30.2.180/24

MTU 1500 bytes, BW 100000 Kbit, DLY 1000000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not setARP type: ARPA, ARP Timeout 04:00:00

Last input 21:40:21, output never, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

1682 packets input, 530955 bytes, 0 no buffer

Received 0 broadcasts (0 IP multicast)

0 runts, 0 giants, 0 throttles0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored


6/8


563859 packets output, 0 bytes, 0 underruns

0 output errors, 23 interface resets

0 output buffer failures, 0 output buffers swapped out

As you can observe on the Marked Red that Vlan1 interface is administratively is down & Line

Protocol is down, Administratively down means that the Physical Layer of Vlan1 is Down Line Protocol is down represents the Data Link State. Note any time you see administratively is down means that the interface is SHUTDOWN, so

to enable it type No Shutdown.

SengSwitch#conf t

SengSwitch(config)#interface vlan 1

SengSwitch(config-if)#no shutdown

Assign Gateway to the Switch:

o Now we need to assign a Default GW to the Switch in order to get out of the Network andbe able to communicate with other network. For example;

SengSwitch(config)#ip default-gateway 172.30.2.1

o Save Configuration; Now Final Step is we need to save the configuration we have made onthe Switch. Everything we have done till now is saved in RAM.

o To do so we must save the Configuration to NVRAMSengSwitch#copy running-config startup-config

Destination filename [startup-config]?Building configuration...

[OK]

To check what we have done type the following.

SengSwitch#show startup-config

Configuring Switch Security:

To secure the Switch we need to setup some Passwords, on the first Use for the Switch thereis no password is configured so it needs to be setup. First we will setup a Password to

protect the Privilege mode from accessing.SengSwitch>en

SengSwitch#conf t

SengSwitch(config)#enable password 1234software

So 1234softwareis our Privileged mode password (you canput your private password) But there is a disadvantage in setting this type of password because this password is not

encrypted its written in a clear text, as you can see by usingshow running config:

SengSwitch#show running-config

Building configuration...

Current configuration : 1059 bytes!


7/8


version 12.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname SengSwitch!

enable password 1234software

.....

........

So to make the Password Encrypted and More Secure, we do the Following:

SengSwitch(config)#enable secret 1234software

Now when we show the running Configuration, the password is written encrypted Now when we exit from this mode and return to the User Mode and try to enter the privilege

Mode again it will ask you for the Password, when you enter the Unencrypted Password itwill not accept it but when you enter the Secret Password (Encrypted one) we have entered

it will accept it, because the Enable Secret Overwrite the Enable Password.

SO Why ? Why do the enable password exist while the enable secret overwrite it, because a lot of

people configure CISCO Devices in a fast Way or on a fly this is done by after making the initial

Configuration on the Cisco Device, and then you make the Show run Command after that take a

Copy Starting at (! Mark) as shown before in the figure till the End of the Show Run and Paste it in

a Notepad Program.

Then you can Backup a Basic Configuration you may use on any Cisco Switch Device, thatyou may take it and paste it to any device you may want to configure it, by going to the

Configuration Mode and just PASTE it.

So if there are OLD Version of IOS that only uses enable Password, and not enable Secret,so when you copy the Configuration file and paste it on that old IOS Switch it will accept

the enable password.

To enable a Password on the Console, on the Global Configuration Mode type theFollowing:

SengSwitch(config)#line console 0

SengSwitch(config-line)#password soft0000

You can put any password rather than (soft0000) for the console But the Cisco switch does not know that I need to be asked for that Password, so I should

write login to ask me or prompt me to enter a Password.

SengSwitch(config-line)#login

So now , when you try to login the switch in user mode, this been secured also. You have toenter the password that you configure it before on line console ,


8/8


Then password for the privileged mode, hence we have two levels of passwords ( for bothmodes; user mode and privileged mode).

Basic Troubleshoot

Troubleshooting For troubleshooting the following is also available:

LEDs IP not required:

On connection of a cable the port LED should change colour (as long as the connected device is

active). If the LED remains off after connection this is an indication that either the connected device

is off or that the wrong cable type is being used.

Analyser ports IP not required:By their nature switches do not allow analysers to work as the switches filter traffic. Most switches

allow a port to be configured as an analyser port which stops filtering on that port. This then

allows an analyser attached to that port to see all packets. Beware of legal issues of snooping if

carrying other peoples traffic.

Log files IP not required:

Most network devices provide log files, which provide a record of the messages that have been

displayed on the screen. Syslog can often be used to allow these log files to be stored on a remote

machine (syslog requires IP).

cns-lab 9-cisco switch configuration

Documents