-
7/27/2019 CNs Lab 2 Performing Initial Configuration in a Switch
1/14
Performing initial configuration in a switch 1. First thing you do for configuring a Switch on a New
Brand Device is to set a Name. We will change the defaultname into SEngSwitch
Switch>en
Switch#conf tEnter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname SEngSwitch
SEngSwitch(config)#
Of Course the name of the Switch should be named logicallywhich means the Location of the Switch will be its name.
For Example : 3rdFL,Switch1 or 2ndFL,Switch2
-
7/27/2019 CNs Lab 2 Performing Initial Configuration in a Switch
2/14
2. Second thing to do is to give the Switch an IP Address inorder to Telnet on it. In order to give a Switch an IP Addressyou must have at least a Basic Understanding on VLAN(Virtual Lans), what it does is that it divides your local
network from one broadcast domain into multiple BroadcastDomains on the same device.
So why we are talking on VLAN cause when we assign theSwitch with an IP Address we need to go to VLAN Interface,
cause the Switch ports is not configured by IP address but theVLAN interface is configured.
-
7/27/2019 CNs Lab 2 Performing Initial Configuration in a Switch
3/14
But we dont know which VLAN we are on or we dont knowhow to create one right now, but by Default the SwitchesCreates its Default VLAN 1 whether you need it or not, allthe Port on the Switch is on VLAN1by Default, thats why
everything works with out any Configuration on the switchInterfaces, any port can communicate with the other portcause every interfaces is a member on VLAN1 by default.
-
7/27/2019 CNs Lab 2 Performing Initial Configuration in a Switch
4/14
So to configure the IP Address of the VLAN1 do thefollowing.
SEngSwitch(config)#interface vlan 1
SEngSwitch(config-if)#ip address 172.30.2.180 255.255.255.0
Now your Switch has an IP Address. Now we need to check whatwe have done, so we have to type the following command.
SEngSwitch#show interfaces vlan 1
The result will be like below;
-
7/27/2019 CNs Lab 2 Performing Initial Configuration in a Switch
5/14
Vlan1 is administratively down, line protocol is down
Hardware is CPU Interface, address is 0030.f2cb.3969 (bia 0030.f2cb.3969)
Internet address is 172.30.2.180/24
MTU 1500 bytes, BW 100000 Kbit, DLY 1000000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input 21:40:21, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1682 packets input, 530955 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
563859 packets output, 0 bytes, 0 underruns
0 output errors, 23 interface resets
0 output buffer failures, 0 output buffers swapped out
-
7/27/2019 CNs Lab 2 Performing Initial Configuration in a Switch
6/14
As you can see on the Marked Red that Vlan1 interface isadministratively is down & Line Protocol is down,
Administratively is down mean the Physical Layer of Vlan1 isDown
Line Protocol is down represents the Data Link State.
Note any time you see administratively is down means thatthe interface is SHUTDOWN, so to enable it type No
Shutdown.SEngSwitch#conf tSEngSwitch(config)#interface vlan 1
SEngSwitch(config-if)#no shutdown
-
7/27/2019 CNs Lab 2 Performing Initial Configuration in a Switch
7/14
Assign Gateway to the Switch Now we need to assign a Default GW to the Switch in order
to get out of the Network and be able to communicate withother network. For example;
SEngSwitch(config)#ip default-gateway 172.30.2.1
Save Configuration; Now Final Step is we need to save theconfiguration we have made on the Switch. Everything wehave done till now is saved in RAM.
To do so we must save the Configuration to NVRAMSEngSwitch#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
-
7/27/2019 CNs Lab 2 Performing Initial Configuration in a Switch
8/14
To check what we have done type the following.SEngSwitch#show startup-config
-
7/27/2019 CNs Lab 2 Performing Initial Configuration in a Switch
9/14
Configuring Switch Security: To secure the Switch we need to setup some Passwords, on
the first Use for the Switch there is no password isconfigured so it needs to be setup. First we will setup aPassword to protect the Privilege mode from accessing.
SEngSwitch>en
SEngSwitch#conf t
SEngSwitch(config)#enable password 1234software
So 1234software is our Privileged mode password (you can
put you your private password) But there is a disadvantage in setting this type of password
because this password is not encrypted its written in a cleartext, as you can see by using show running config:
-
7/27/2019 CNs Lab 2 Performing Initial Configuration in a Switch
10/14
SEngSwitch#show running-configBuilding configuration...
Current configuration : 1059 bytes
!
version 12.1no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SEngSwitch!
enable password 1234software
.....
........
-
7/27/2019 CNs Lab 2 Performing Initial Configuration in a Switch
11/14
So to make the Password Encrypted and More Secure, we dothe Following:
SEngSwitch(config)#enable secret 1234software
Now when we show the running Configuration, the passwordis written encrypted
Now when we exit from this mode and return to the UserMode and try to enter the privilege Mode again it ill ask forthe Password, when you enter the Unencrypted Password itwill not accept it but when you enter the Secret Password(Encrypted one) we have entered here which is 1234software( new one) it will accept it, because the Enable SecretOverwrite the Enable Password.
-
7/27/2019 CNs Lab 2 Performing Initial Configuration in a Switch
12/14
SO Why ? Why do the enable password exist while theenable secret overwrite it, because a lot of people configureCISCO Devices in a fast Way or on a fly this is done by aftermaking the initial Configuration on the Cisco Device, and
then you make the Show run Command after that take aCopy Starting at (! Mark) as shown before in the figure tillthe End of the Show Run and Paste it in a Notepad Program.
Then you can Backup a Basic Configuration you may use on
any Cisco Switch Device, that you may take it and paste it toany device you may want to configure it, by going to theConfiguration Mode and just PASTE.
-
7/27/2019 CNs Lab 2 Performing Initial Configuration in a Switch
13/14
So if there are OLD Version of IOS that only uses enablePassword, and not enable Secret, so when you copy theConfiguration file and paste it on that old IOS Switch it willaccept the enable password.
To enable a Password on the Console, on the GlobalConfiguration Mode type the Following:
SEngSwitch(config)#line console 0
SEngSwitch(config-line)#password soft0000
You can put any password rather than (soft0000) for theconsole
-
7/27/2019 CNs Lab 2 Performing Initial Configuration in a Switch
14/14
But the Cisco switch does not know that I need to be askedfor that Password, so I should write login to ask me orprompt me to enter a Password.
SEngSwitch(config-line)#login
So now , when you try to login the switch in user mode, thisbeen secured also. You have to enter the password the youconfigured before on line console ,
Then password for the privileged mode, thus we have twolevels of passwords ( for both modes; user mode andprivileged mode)