1. 1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 6 Switch Configuration

2. 222 © 2004, Cisco Systems, Inc. All rights reserved. Objectives

3. 333 © 2004, Cisco Systems, Inc. All rights reserved. LAN Design Goals Functionality Scalability Adaptability Manageability

4. 444 © 2004, Cisco Systems, Inc. All rights reserved. Physical Startup of Catalyst Switches Switches typically have no power switch to turn them on and off. They simply connect or disconnect from a power source.

5. 555 © 2004, Cisco Systems, Inc. All rights reserved. LEDs on the front of a switch System LED whether the system is receiving power and functioning correctly. Remote Power Supply (RPS) LED whether or not the remote power supply is in use Port Mode LEDs the state of the Mode button determine how the Port Status LEDs are interpreted Port Status LEDs

6. 666 © 2004, Cisco Systems, Inc. All rights reserved. Port LED Definitions Based on Mode LED State Catalyst 1900 Catalyst 2950

7. 777 © 2004, Cisco Systems, Inc. All rights reserved. Verifying Port LEDs During Switch POST The Port Status LEDs turn amber ( 琥珀色 ) for about 30 seconds as the switch discovers the network topology and searches for loops. If the Port Status LEDs turn green, the switch has established a link between the port and a target, such as a computer. The Port Status LEDs also change during POST. If the Port Status LEDs turn off, the switch has determined that nothing is plugged into the port.

8. 888 © 2004, Cisco Systems, Inc. All rights reserved. Connecting a Switch to a PC

9. 999 © 2004, Cisco Systems, Inc. All rights reserved. Examining Help in the Switch CLI

10. 10 © 2004, Cisco Systems, Inc. All rights reserved. Show Commands in User EXEC Mode

11. 11 © 2004, Cisco Systems, Inc. All rights reserved. Changing Modes User EXEC mode Privileged EXEC mode enable (password) configure terminal Switch#Switch>

12. 12 © 2004, Cisco Systems, Inc. All rights reserved. Verifying the Catalyst Switch Default Configuration show running-config Displays the current active configuration file of the switch show interface Displays the statistics for all interfaces configured on the switch show ip Displays the IP address, subnet mask, and default gateway show version Displays the configuration of the system hardware, software version, names, and sources of configuration files and boot images Do e-Lab 6.2.1

13. 13 © 2004, Cisco Systems, Inc. All rights reserved. Configuring the Catalyst Switch To overwrite any existing configuration, follow these steps: Remove any existing VLAN information by deleting the VLAN database file, vlan.dat from the Flash memory directory. Erase the backup configuration file startup-config. Reload the switch. delete flash:vlan.dat (Catalyst 2950) delete nvram (Catalyst 1900) erase startup-config reload

14. 14 © 2004, Cisco Systems, Inc. All rights reserved. Set Switch Hostname, Set Password on Lines or 15

15. 15 © 2004, Cisco Systems, Inc. All rights reserved. Set IP Address and Default Gateway

16. 16 © 2004, Cisco Systems, Inc. All rights reserved. Management VLAN management VLAN is used to manage all of the network devices on a network In a switch-based network, all network devices should be in the management VLAN By default, VLAN 1 is the management VLAN All ports belong to VLAN 1 by default. To allow for management of network devices while keeping traffic from network hosts off of the management VLAN, remove all of the access ports from VLAN 1 and place them in another VLAN

17. 17 © 2004, Cisco Systems, Inc. All rights reserved. Set Port Speed and Duplex Setting (If Necessary) default is auto-duplex default is auto-speed

18. 18 © 2004, Cisco Systems, Inc. All rights reserved. HTTP Service and Port Any additional software such as an applet can be downloaded to the browser from the switch. The switch can be managed by a browser based GUI. Do e-Lab 6.2.2

19. 19 © 2004, Cisco Systems, Inc. All rights reserved. Managing the MAC Address Table Switches learn the MAC addresses of PCs or workstations that are connected to their switch ports by examining the source address of frames that are received on that port. entered in the Privileged EXEC mode MAC address entry is automatically discarded or aged out after 300 seconds Do e-Lab 6.2.3

20. 20 © 2004, Cisco Systems, Inc. All rights reserved. Configuring Static MAC Addresses Reasons to assign a permanent MAC address to an interface: The MAC address will not be aged out automatically by the switch. A specific server or user workstation must be attached to the port and the MAC address is known. Security is enhanced.

21. 21 © 2004, Cisco Systems, Inc. All rights reserved. Configuring Static MAC Addresses

22. 22 © 2004, Cisco Systems, Inc. All rights reserved. Removing a Static MAC Address Do e-Lab 6.2.4

23. 23 © 2004, Cisco Systems, Inc. All rights reserved. Port Security Secure MAC addresses can be configured statically. However, it is a complex task and is usually prone to error. It is possible to limit the number of addresses that can be learned on an interface. Set the limit to 1 and the first address dynamically learned by the switch becomes the secure address.

24. 24 © 2004, Cisco Systems, Inc. All rights reserved. Configuring Port Security Do e-Lab 6.2.5 The command show port security can be used to verify port security status.

25. 25 © 2004, Cisco Systems, Inc. All rights reserved. Adding a New Switch: The Procedure Configure the switch name Determine and configure the IP address for management purposes Configure a default gateway Configure administrative access for the console, auxiliary, and virtual terminal (VTY) interfaces Configure security for the device Configure the access switch ports as necessary

26. 26 © 2004, Cisco Systems, Inc. All rights reserved. Add, Move, and Change MAC Addresses Adding a MAC Address 1. Configure port security 2. Configure the MAC address Changing a MAC Address 1. Remove MAC address restrictions Moving a MAC Address 1. Add the address to a new port 2. Configure port security on the new switch 3. Configure the MAC address to the port allocated for the new user 4. Remove the old port configuration Do e-Lab 6.2.6

27. 27 © 2004, Cisco Systems, Inc. All rights reserved. Managing Switch Operation An administrator should document and maintain the operational configuration files for networking devices. The most recent running-configuration file should be backed up on a server or disk. The Cisco IOS Software should also be backed up to a local server. The Cisco IOS Software can then be reloaded to Flash memory if needed.

28. 28 © 2004, Cisco Systems, Inc. All rights reserved. Passwords For security and management purposes, passwords must be set on the console and vty lines. An enable password and an enable secret password must also be set.

29. 29 © 2004, Cisco Systems, Inc. All rights reserved. Firmware and IOS Images Do e-Lab 6.2.9

30. 30 © 2004, Cisco Systems, Inc. All rights reserved. Summary