chapter 14 - sw conf
TRANSCRIPT
Kh
oa
CN
TT
1/19
PH
ẠM
VĂ
N T
ÍNH
12-2
005
SWITCH SWITCH
CONFIGURATIONCONFIGURATION
TS, PHẠM VĂN TÍNHTS, PHẠM VĂN TÍNH
Switching Basics and Switching Basics and Intermediate RoutingIntermediate Routing
Kh
oa
CN
TT
2/19
PH
ẠM
VĂ
N T
ÍNH
12-2
005
ObjectiveObjective
Monitor switch activity and status using LED indicators
Examine the switch bootup output using HyperTerminal
Use the help features of the command line interface
List the major switch command modes Verify the default settings of a Catalyst switch Set an IP address and default gateway for the
switch to allow connection and management over a network
View the switch settings with a Web browser Set interfaces for speed and duplex operation Examine and manage the switch MAC address
table Configure port security
Kh
oa
CN
TT
3/19
PH
ẠM
VĂ
N T
ÍNH
12-2
005
Switch LED indicatorsSwitch LED indicators
• The System LED shows whether the system is receiving power and functioning correctly.
• The Mode LEDs indicate the current state of the Mode button.
• The Port Status LEDs have different meanings, depending on the current value of the Mode LED
Port LED Definitions based on MODE LED State
Kh
oa
CN
TT
4/19
PH
ẠM
VĂ
N T
ÍNH
12-2
005
Verifying port LEDs during switch POSTVerifying port LEDs during switch POST
Kh
oa
CN
TT
5/19
PH
ẠM
VĂ
N T
ÍNH
12-2
005
Connecting the Switch to ComputerConnecting the Switch to Computer
Show more ...
Kh
oa
CN
TT
6/19
PH
ẠM
VĂ
N T
ÍNH
12-2
005
Show Commands in User EXEC ModeShow Commands in User EXEC Mode
Kh
oa
CN
TT
7/19
PH
ẠM
VĂ
N T
ÍNH
12-2
005
Verifying the Catalyst switch default Verifying the Catalyst switch default configurationconfiguration
• Hostname is Switch. No passwords are set on the console or virtual terminal (vty) lines.
• Has no IP address.
• The switch ports or interfaces are set to auto mode.
• All switch ports are in VLAN 1, management VLAN.
• The flash directory by default, has a file that contains the IOS image, a file called env_vars, and a sub-directory called html.
• After configuring the switch, it may contain a config.text file, and a VLAN database.
• Has one broadcast domain
• The Spanning-Tree Protocol is also enabled
Show more ...
Kh
oa
CN
TT
8/19
PH
ẠM
VĂ
N T
ÍNH
12-2
005
Configuring The Catalyst Switch Configuring The Catalyst Switch
• Note
– Remove any existing VLAN information by deleting the VLAN database file vlan.dat from the flash directory
– Erase the back up configuration file startup-config
– Reload the switch
• Catalyst 2900
– Delete flash:vlan.dat
– Erase startup-config
– reload
• Catalyst 1900
– Delete nvram
Kh
oa
CN
TT
9/19
PH
ẠM
VĂ
N T
ÍNH
12-2
005
Configuring The Catalyst Switch (cont)Configuring The Catalyst Switch (cont)
• A switch should be given a hostname, and passwords should be set on the console and vty lines
• switch(config)#hostname ALSwitch
• ALSwitch(config)#line console 0
• ALSwitch(config-line)#login
• ALSwitch(config-line)#password funny
• ALSwitch(config-line)#line vty 0 4
• ALSwitch(config-line)#login
• ALSwitch(config-line)#password deadman
• ALSwitch(config-line)#^Z
Kh
oa
CN
TT
10/1
9P
HẠ
M V
ĂN
TÍN
H12
-200
5
Configuring The Catalyst Switch (cont)Configuring The Catalyst Switch (cont)
• To allow the switch to be accessible by Telnet and other TCP/IP applications, IP addresses and a default gateway should be set
Catalyst 29XX:
ALSwitch(config)#interface vlan 1
ALSwitch(config-if)#ip address 192.168.20.254 255.255.255.0
ALSwitch(config)#ip default-gateway 192.168.20.1
Catalyst 1900:
ALSwitch(config)#ip address 192.168.20.254 255.255.255.0
ALSwitch(config)#ip default-gateway 192.168.20.1
Kh
oa
CN
TT
11/1
9P
HẠ
M V
ĂN
TÍN
H12
-200
5
Configuring The Catalyst Switch (cont)Configuring The Catalyst Switch (cont)
• The Fast Ethernet switch ports default to auto-speed and auto-duplex
• ALSwitch(config)#interface f0/1
• ALSwitch(config-if)#duplex full
• ALSwitch(config-if)#speed 100
Kh
oa
CN
TT
12/1
9P
HẠ
M V
ĂN
TÍN
H12
-200
5
Configuring The Catalyst Switch (cont)Configuring The Catalyst Switch (cont)
• Intelligent networking devices can provide a web-based interface for configuration and management purposes
• ALSwitch(config)#ip http server
• ALSwitch(config)#ip http port 8080
• Any additional software such as an applet, can be downloaded to the browser from the switch
Kh
oa
CN
TT
13/1
9P
HẠ
M V
ĂN
TÍN
H12
-200
5
Managing the MAC address tableManaging the MAC address table
• These learned MAC addresses are then recorded in a MAC address table. Frames having a destination MAC address that has been recorded in the table can be switched out to the correct interface.
• To examine the addresses that a switch has learned, enter the privileged EXEC command: show mac-address–table.
• To clear the addresses that a switch has learned, enter the privileged EXEC command:clear mac-address–table.
Show more ...
Kh
oa
CN
TT
14/1
9P
HẠ
M V
ĂN
TÍN
H12
-200
5
Configuring static MAC addressesConfiguring static MAC addresses
• The MAC address will not be aged out automatically by the switch.
• A specific server or user workstation must be attached to the port and the MAC address is known.
• Security is enhanced. • To set a static MAC address entry for a switch: Switch(config)#mac-address-table static <mac-
address of host> interface FastEthernet <Ethernet numer> vlan_name
• To remove this entry use the no form of the command:
Switch(config)#no mac-address-table static <mac-address of host> interface FastEthernet <Ethernet number> vlan name
Kh
oa
CN
TT
15/1
9P
HẠ
M V
ĂN
TÍN
H12
-200
5
Configuring static MAC addressesConfiguring static MAC addresses
Kh
oa
CN
TT
16/1
9P
HẠ
M V
ĂN
TÍN
H12
-200
5
Configuring port securityConfiguring port security
• Switches provide a feature called port security. It is possible to limit the number of addresses that can be learned on an interface. The switch can be configured to take an action if this is exceeded.
• The number of MAC address per port can be limited to 1. The first address dynamically learned by the switch becomes the secure address.
• To reverse port security on an interface use the no form of the command.
• To verify port security status the command show port security is entered.
Kh
oa
CN
TT
17/1
9P
HẠ
M V
ĂN
TÍN
H12
-200
5
Configuring port securityConfiguring port security
• Choose a interface access mode
• Activate a port security
• Determine number of secure addresses
• Choose a security violation mode
• Determine sercure addresses
Kh
oa
CN
TT
18/1
9P
HẠ
M V
ĂN
TÍN
H12
-200
5
Configuring port securityConfiguring port security
• Switch(config-if)#switchport mode access
• Switch(config-if)#switchport port-security
• Switch(config-if)#switchport port-security maximum 2
• Switch(config-if)#switchport port-security violation shutdown
• Switch(config-if)#switchport port-security mac-address 0000.0CDA.09A0
• Switch(config-if)#switchport port-security mac-address sticky
Kh
oa
CN
TT
19/1
9P
HẠ
M V
ĂN
TÍN
H12
-200
5
Adding a New SwitchAdding a New Switch
Kh
oa
CN
TT
20/1
9P
HẠ
M V
ĂN
TÍN
H12
-200
5
Adding, Moving a HostAdding, Moving a Host