1 © 2004, cisco systems, inc. all rights reserved. ccna 3 v3.1 module 6 switch configuration

1© 2004, Cisco Systems, Inc. All rights reserved.

CCNA 3 v3.1 Module 6 Switch Configuration


Objectives


LAN Design Goals

• Functionality

• Scalability

• Adaptability

• Manageability


Physical Startup of Catalyst Switches

• Switches typically have no power switch to turn them on and off.

• They simply connect or disconnect from a power source.


LEDs on the front of a switch

• System LED

whether the system is receiving power and functioning correctly.

• Remote Power Supply (RPS) LED

whether or not the remote power supply is in use

• Port Mode LEDs

the state of the Mode button

determine how the Port Status LEDs are interpreted

• Port Status LEDs


Port LED Definitions Based on Mode LED State

Catalyst 1900

Catalyst 2950


Verifying Port LEDs During Switch POST

The Port Status LEDs turn amber (琥珀色 ) for about 30 seconds as the switch discovers the network topology and searches for loops.

If the Port Status LEDs turn green, the switch has established a link between the port and a target, such as a computer.

The Port Status LEDs also change during POST.

If the Port Status LEDs turn off, the switch has determined that nothing is plugged into the port.


Connecting a Switch to a PC


Examining Help in the Switch CLI


Show Commands in User EXEC Mode


Changing Modes

User EXECmode

Privileged EXECmode

enable

(password)

configure terminal

Switch#Switch>


Verifying the Catalyst Switch Default Configuration

• show running-config

Displays the current active configuration file of the switch

• show interface

Displays the statistics for all interfaces configured on the switch

• show ip

Displays the IP address, subnet mask, and default gateway

• show version

Displays the configuration of the system hardware, software version, names, and sources of configuration files and boot images

Do e-Lab 6.2.1


Configuring the Catalyst Switch

• To overwrite any existing configuration, follow these steps:

Remove any existing VLAN information by deleting the VLAN database file, vlan.dat from the Flash memory directory.

Erase the backup configuration file startup-config.

Reload the switch.

delete flash:vlan.dat (Catalyst 2950)delete nvram (Catalyst 1900)

erase startup-configreload


Set Switch Hostname, Set Password on Lines

or 15


Set IP Address and Default Gateway


Management VLAN

• management VLAN is used to manage all of the network devices on a network

• In a switch-based network, all network devices should be in the management VLAN

• By default, VLAN 1 is the management VLAN

• All ports belong to VLAN 1 by default.

• To allow for management of network devices while keeping traffic from network hosts off of the management VLAN, remove all of the access ports from VLAN 1 and place them in another VLAN


Set Port Speed and Duplex Setting (If Necessary)

default is auto-duplex

default is auto-speed


HTTP Service and Port

Any additional software such as an applet can be downloaded to the browser from the switch.

The switch can be managed by a browser based GUI. Do e-Lab 6.2.2


Managing the MAC Address Table

Switches learn the MAC addresses of PCs or workstations that are connected to their switch ports by examining the source address of frames that are received on that port.

entered in the Privileged EXEC mode

MAC address entry is automatically discarded or aged out after 300 seconds

Do e-Lab 6.2.3


Configuring Static MAC Addresses

• Reasons to assign a permanent MAC address to an interface:

The MAC address will not be aged out automatically by the switch.

A specific server or user workstation must be attached to the port and the MAC address is known.

Security is enhanced.


Configuring Static MAC Addresses


Removing a Static MAC Address

Do e-Lab 6.2.4


Port Security

• Secure MAC addresses can be configured statically. However, it is a complex task and is usually prone to error.

• It is possible to limit the number of addresses that can be learned on an interface.

• Set the limit to 1 and the first address dynamically learned by the switch becomes the secure address.


Configuring Port Security

Do e-Lab 6.2.5

The command show port security can be used to verify port security status.


Adding a New Switch: The Procedure

• Configure the switch name

• Determine and configure the IP address for management purposes

• Configure a default gateway

• Configure administrative access for the console, auxiliary, and virtual terminal (VTY) interfaces

• Configure security for the device

• Configure the access switch ports as necessary


Add, Move, and Change MAC Addresses

Adding a MAC Address1. Configure port security2. Configure the MAC address

Changing a MAC Address1. Remove MAC address restrictions

Moving a MAC Address1. Add the address to a new port2. Configure port security on the new switch3. Configure the MAC address to the port allocated for the new user4. Remove the old port configuration Do e-Lab 6.2.6


Managing Switch Operation

• An administrator should document and maintain the operational configuration files for networking devices.

• The most recent running-configuration file should be backed up on a server or disk.

• The Cisco IOS Software should also be backed up to a local server. The Cisco IOS Software can then be reloaded to Flash memory if needed.


Passwords

• For security and management purposes, passwords must be set on the console and vty lines.

• An enable password and an enable secret password must also be set.


Firmware and IOS Images

Do e-Lab 6.2.9


Summary

1 © 2004, cisco systems, inc. all rights reserved. ccna 3 v3.1 module 6 switch configuration

Documents