1

Pertemuan 9 Switch Configuration

Discussion Topics

• Starting the Switch• Configuring the Switch

2

Starting the Switch

Switches:• are dedicated, specialized computers, which contain

a central processing unit (CPU), random access memory (RAM), and an operating system;

• have several ports that hosts can connect to;• have specialized ports for the purpose of

management; • can be managed and the configuration can be viewed

and changed through the console port ;• typically have no power switch to turn them on and off

- simply connect or disconnect from a power source;

Catalyst 2950 series Switches Features

• Fixed configuration symmetrical switches with all ports being FastEthernet or 10/100;

• Asymmetrical switches with two fixed fiber or copper Gigabit Ethernet ports;

• Asymmetrical switches with modular Gigabit Interface Converter (GBIC) slots

LEDs

Light-emitting diodes (LEDs) • help monitor system activity and performance;• on the front of a switch:

- System LED - Remote Power Supply (RPS) LED - Port Mode LEDs - Port Status LEDs

LEDs

System LED• shows whether the system is receiving power and functioning correctly;

RPS LED• indicates whether or not the remote power supply is in use;

Mode LEDs • indicate the current state of the Mode button;• are used to determine how the Port Status LEDs are interpreted;• to select or change the port mode, press the Mode button repeatedly until

the Mode LEDs indicate the desired mode.

Port Status LEDs• have different meanings, depending on the current value of the Mode

LED.

Switch Mode LED Indicators

Mode LED

Mode LED

Mode LED

Verifying Port LEDs During Switch POST

Power-On Self Test (POST)

• runs automatically to verify that the switch functions correctly;

• POST failure is considered to be a fatal error;

• should not expect a reliable operation of the switch if POST fails.

Verifying Port LEDs During Switch POST

Port Status LEDs during POST:turn amber - for about 30 seconds • the switch discovers the network topology and

searches for loops;turn green• the switch has established a link between the port

and a target, such as a computer;turn off• the switch has determined that nothing is plugged

into the port.

Console Connection

Console Connection

Console Connection

Shows information about the switch:

• details about POST status;

• data about the switch hardware.

Command-Line Interface (CLI)

Command-line interface (CLI) for Cisco switches:

• is very similar to the CLI for Cisco routers.

“Help” command

“help” command

“Help” commandWord help• to obtain a list of commands that begin with a particular

character sequence, enter those characters followed immediately by the question mark (?);

• do not enter a space before the question mark;• it completes a word. Command syntax help • to list keywords or arguments that are associated with a

particular command, enter one or more words associated with the command, followed by a space and then a question mark (?);

• provides applicable keywords or arguments based on a partial command.

Command Modes

• User EXEC

• Privileged EXEC

User EXEC mode

User EXEC mode• default mode; • is recognized by its prompt, which ends in

a greater-than character (>);• available commands are limited:

- to change terminal settings;- to perform basic tests; - to display system information.

“show” command

Show commands that are available in User EXEC mode

Privileged EXEC mode

Privileged EXEC mode• to enter enable command is used from User EXEC

mode;• is recognized by its prompt, which ends in a pound-sign

character (#);• the command set includes the configure command:

- allows other command modes to be accessed;• should be password protected to prevent unauthorized

use;• the password does not appear on the screen, and is case

sensitive.

Default Running Configuration

Default Running Configuration• when powered up for the first time, a switch has

default data in the running configuration file;• default hostname - Switch;• no passwords are set on the console or virtual

terminal (vty) lines;• the switch has no IP address (IP address for

management purposes is configured on the virtual interface VLAN 1)

Verifying the Catalyst Switch Default Configuration

• show running-config• show interface• show vlan• show flash• show version

Default Running Configuration

Default Port Settings

Default Running Configuration

• the switch ports or interfaces are set to auto mode;

• all switch ports are in VLAN 1;

• VLAN 1 is known as the default management VLAN.

Default Port Settings

Default Port Settings

Default Flash Directory Content

IOS image

file env_vars

sub-directory html

Default Flash Directory Content

Default Running Configuration• by default flash directory contains:

- IOS image;

- file env_vars;

- sub-directory html.

• flash directory does not contain:

- config.text – switch configuration file;

- vlan.dat - VLAN database file.

IOS Version and Config. Register

show version command – used to verify:• IOS version; • configuration register settings.

Reset Switch Configuration

Reset Switch Configuration

Steps to overwrite any existing configuration:

• Remove the current VLAN information:

- delete the VLAN database file vlan.dat from the flash directory

• Erase the back up configuration file:

- delete file startup-config

• Restart the switch:

- use reload command.

Reset Switch Configuration

Hostname and Passwords Configuration

IP address and Default Gateway Configuration

IP address Configuration:

• allows the switch to be accessible by Telnet and other TCP/IP applications

VLAN1

Management VLAN:

• by default, VLAN 1 is the management VLAN;

• all internetworking devices should be in the management VLAN;

• allows a single management workstation to access, configure, and manage all the internetworking devices.

Port Speed and Duplex Settings Configuration

Port Speed and Duplex Settings Configuration

Fast Ethernet switch ports:

•by default set to auto-speed and auto-duplex (allows the interfaces to negotiate these settings);

•Network administrators can manually configure the interface speed and duplex values

HTTP Service and Port Configuration

• Intelligent network devices can provide a web-based interface for configuration and management purposes;

• Once a switch is configured with an IP address and gateway, it can be accessed by a web-based interface;

HTTP services:• can be access by a web browser using:

- IP address;- port 80 - the default port for http.

• can be turned on or off, and the port address for the service can be chosen.

HTTP Service and Port Configuration

Configuring the Catalyst Switch

Web Management Interface

Web Management Interface

MAC Address Table

Switches

• examine the source address of frames that are received on the ports;

• learn the MAC addresses of PCs or workstations that are connected to their switch ports;

• record learned MAC addresses in a MAC address table.

Check Learned MAC Addresses

show mac-address-table command - Privileged EXEC mode

• examines the addresses that a switch has learned

MAC Address Table

Switches: • dynamically learn and maintain thousands

of MAC addresses;• learned entries may be discarded from the

MAC address table (to preserve memory and for optimal operation) ;

• the MAC address entry is automatically discarded or aged out after 300 seconds (if no frames are seen with a previously learned address).

Check Learned MAC Addresses

Clear mac-address-table command - Privileged EXEC mode

• used to remove dynamically learned MAC addresses;

• used to remove static MAC address entries.

Managing the MAC Address Table

Static MAC Addresses

Static MAC address:

• permanently assigned to an interface;

Reasons for use a Static MAC address:

• will not be aged out automatically by the switch;

• a specific server or user workstation must be attached to the port and the MAC address is known;

• Security is enhanced.

Configuring Static MAC Addresses

Configuring Static MAC Addresses

Static MAC Addresses

To configure:

Switch(config)#mac-address-table static <mac-address

of host > interface FastEthernet <Ethernet number >

vlan <vlan name > To remove:

Switch(config)# no mac-address-table static <mac-

address of host > interface FastEthernet <Ethernet

number > vlan <vlan name >

Port Security

Port Security

• It is possible to limit the number of addresses that can be learned on an interface;

• the number of MAC addresses per port can be limited to 1;

• the first address dynamically learned by the switch becomes the secure address.

Port Security Configuration

Port Security

To configure port security :

Switch(config-if)#switchport port-security

To reverse port security:

Switch(config-if)# no switchport port-security

To verify port security status:

Switch(config)#show port security

Adding New Switch

Adding New Switch

Must be configured:

• Switch name;

• IP address for the switch in the management VLAN;

• a default gateway;

• Line passwords.

Adding New Switch

Moving a Switch

Host is moved:

• from one port or switch to another;

• configurations that can cause unexpected behavior should be removed;

• configuration that is required can then be added.

Add, Remove and Change MAC Addresses

Managing Switch Operation

• An administrator should document and maintain the operational configuration files for networking devices;

• The most recent running-configuration file should be backed up on a server or disk;

• The Cisco IOS Software should also be backed up to a local server. The Cisco IOS Software can then be reloaded to Flash memory if needed.

Managing Switch Operation

Enable Security

Passwords

Passwords

• must be set on the console and vty lines- for security and management purposes;

• must be set enable password;

• must be set enable secret password.

Password Recovery (2950)

1. Make sure that a PC is connected to the console port and a HyperTerminal window is open.

2. Turn the switch off. Turn it back on while holding down the “MODE” button on the front of the switch at the same time that the switch is powered on. Release the “MODE” button after the STAT LED goes out.

Password Recovery (2950)

3. Type flash_init

4. Type load_helper

5. Type dir flash:

6. rename flash:config.text flash:config.old

7. Type boot

8. N at the following prompt to start the Setup program.

Password Recovery (2950)

9. Type rename flash:config.old flash:config.text

10.copy flash:config.text system:running-config

Password Recovery (2950)

11.

Firmware and IOS Images

To upgrade the IOS, download a copy of the new image to a local server from the Cisco Connection Online (CCO) Software Center

Summary