Practical 9:

By the end of this Lab, you will be able to: Describe basic switch configuration methods. Configure a switch. Five ways to manage Switches:

Management options o After the hardware has been installed and cabled it is likely that at least a minimal additional configuration would be required. o Until an IP address has been assigned configuration is performed using the console port (usually at the rear of the switch). o Most switch management options require network access and a valid IP address for the switch. o If and when the switch has a network connection and a valid IP address, then a number of options for switch management are possible: telnet: Accesses the command line similar to console port access but over the network. SNMP (Simple Network Management Protocol): For management using network management systems such as HP OpenView. HTTP (Hyper Text Transfer Protocol): Web based management. The switch acts as a web server, the administrator just points the browser at the switch. TFTP (Trivial File Transfer Protocol): Used to download configurations.

Dr. Shareef M. Shareef

Computer Networks

Why we configure switches? Switches are layer 2 devices and are therefore relatively easy to configure in comparison to routers. In most cases, the default configuration of switches will enable the switch to connect PCs and servers together with ease - plug and play. Further configuration of switches is advisable for the following reasons: Security Adding passwords to the switch to prevent unauthorised access. Management An IP address is advisable to enable management of the switch and should be configured. Performance With an out of the box configuration, convergence times of 50+ seconds would not be uncommon. With a little bit of effort these times can be reduced to 0-8 seconds. Extra configuration can also make the network more stable and less prone to issues, such as broadcast storms.

Console Port

Dr. Shareef M. Shareef

Computer Networks

Console port The normal place to start configuring is via a console port. This is the only option if the switch does not have an IP address configured. The console cable is connected directly to the switch. The console connector is normally in the back of the switch, as shown above. The console connector is normally a 9-pin D type serial connector, however, Cisco uses an RJ connector The other end of the console cable will be connected to a dumb ASCII terminal or the COM port of a PC. Note that some switches do not provide a console port. In this case a default IP address is usually provided.

Cisco Switch Connection

Working with Cisco Switch IOS: IOS stands for ( Internetworking Operating System); Its an operating system of Cisco devices. Connecting to Cisco Device:

HyperTerminal
A- HyperTerminal is the usual software to use when connecting your PC to the console port on a switch. B- The main reason for using HyperTerminal is that it is free and comes with Microsof Windows. C- The settings for HyperTerminal need to match the console port settings on the switch. D- When using HyperTerminal, your PC is effectively acting as a screen and keyboard for the switch.

Hyper Terminal

Dr. Shareef M. Shareef

Computer Networks

NOW, 1. 2. 3. 4. 5. 6. a) b) c) d) e) f) 7. Get a console cable . plug the serial end into the back of your PC. plug the RJ 45 end into the console port of the switch. Get a Terminal Program as Hyper Terminal. Or (TeraTerm, Minicom, SecureCRT) After setup the program, now you just have to set it up to connect via COM port with: A typical configuration is: Flow control: None Baud Rate (Speed): 9600 Data bits: 8 Parity : None Stop Bits : 1 Flow Control : None Now you connected

Students should be able to know which type of cable will be used in this scenario?

Switch> Switch# Switch(Config)#

User Mode (User Exec) Privileged Mode (Privileged Exec) Global Configuration Mode

User Mode is Very Basic Monitoring mode (Ping, Telnet to another Switch) Privilege Mode to enter that mode you should type enable in the User Mode, on this mode you can view anything on Cisco Switch view the Packet incoming and outgoing view the passwords, view the Configuration but you cant configure on that mode. Global Configuration mode is used to make the necessary Configuration on the Switch, by typing conf t in the Privilege Mode

Performing initial configuration in a switch:

I. First thing you do for configuring a Switch on a New Brand Device is to set a Name. We will change the default name into SengSwitch,

Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname SengSwitch
Dr. Shareef M. Shareef Computer Networks 4

SengSwitch(config)# Of Course the name of the Switch should be named logically which means the Location of the Switch will be its name. For Example : 3rdFL,Switch1 or 2ndFL,Switch2 II. Second thing to do is to give the Switch an IP Address in order to Telnet on it. In order to give a Switch an IP Address you must have at least a Basic Understanding on VLAN (Virtual Lans), what it does is that it divides your local network from one broadcast domain into multiple Broadcast Domains on the same device. So, why we are talking on VLAN, because when we assign the Switch with an IP Address we need to go to VLAN Interface, because the Switch ports is not configured by IP address but the VLAN interface is configured.

But we dont know which VLAN we are on or we dont know how to create one right now, but by Default the Switches Creates its Default VLAN 1 whether you need it or not, all the Port on the Switch is on VLAN1 by Default, thats why everything works with out any Configuration on the switch Interfaces, any port can communicate with the other port because every interfaces is a member on VLAN1 by default. So, to configure the IP Address of the VLAN1 do the following. SengSwitch(config)#interface vlan 1 SengSwitch(config-if)#ip address 172.30.2.180 255.255.255.0 Now your Switch has an IP Address. Now we need to check what we have done, Then, we have to type the following command. SengSwitch#show interfaces vlan 1 The result would be like below; Vlan1 is administratively down, line protocol is down Hardware is CPU Interface, address is 0030.f2cb.3969 (bia 0030.f2cb.3969) Internet address is 172.30.2.180/24 MTU 1500 bytes, BW 100000 Kbit, DLY 1000000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set ARP type: ARPA, ARP Timeout 04:00:00 Last input 21:40:21, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1682 packets input, 530955 bytes, 0 no buffer Received 0 broadcasts (0 IP multicast) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
Dr. Shareef M. Shareef Computer Networks 5

563859 packets output, 0 bytes, 0 underruns 0 output errors, 23 interface resets 0 output buffer failures, 0 output buffers swapped out As you can observe on the Marked Red that Vlan1 interface is administratively is down & Line Protocol is down, Administratively down means that the Physical Layer of Vlan1 is Down Line Protocol is down represents the Data Link State. Note any time you see administratively is down means that the interface is SHUTDOWN, so to enable it type No Shutdown. SengSwitch#conf t SengSwitch(config)#interface vlan 1 SengSwitch(config-if)#no shutdown

Assign Gateway to the Switch: o Now we need to assign a Default GW to the Switch in order to get out of the Network and be able to communicate with other network. For example; SengSwitch(config)#ip default-gateway 172.30.2.1 o Save Configuration; Now Final Step is we need to save the configuration we have made on the Switch. Everything we have done till now is saved in RAM. o To do so we must save the Configuration to NVRAM SengSwitch#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] To check what we have done type the following. SengSwitch#show startup-config Configuring Switch Security: To secure the Switch we need to setup some Passwords, on the first Use for the Switch there is no password is configured so it needs to be setup. First we will setup a Password to protect the Privilege mode from accessing. SengSwitch>en SengSwitch#conf t SengSwitch(config)#enable password 1234software So 1234software is our Privileged mode password (you can put your private password) But there is a disadvantage in setting this type of password because this password is not encrypted its written in a clear text, as you can see by using show running config: SengSwitch#show running-config Building configuration... Current configuration : 1059 bytes !
Dr. Shareef M. Shareef Computer Networks 6

version 12.1 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname SengSwitch ! enable password 1234software ..... ........ So to make the Password Encrypted and More Secure, we do the Following: SengSwitch(config)#enable secret 1234software Now when we show the running Configuration, the password is written encrypted Now when we exit from this mode and return to the User Mode and try to enter the privilege Mode again it will ask you for the Password, when you enter the Unencrypted Password it will not accept it but when you enter the Secret Password (Encrypted one) we have entered it will accept it, because the Enable Secret Overwrite the Enable Password. SO Why ? Why do the enable password exist while the enable secret overwrite it, because a lot of people configure CISCO Devices in a fast Way or on a fly this is done by after making the initial Configuration on the Cisco Device, and then you make the Show run Command after that take a Copy Starting at (! Mark) as shown before in the figure till the End of the Show Run and Paste it in a Notepad Program. Then you can Backup a Basic Configuration you may use on any Cisco Switch Device, that you may take it and paste it to any device you may want to configure it, by going to the Configuration Mode and just PASTE it. So if there are OLD Version of IOS that only uses enable Password, and not enable Secret, so when you copy the Configuration file and paste it on that old IOS Switch it will accept the enable password. To enable a Password on the Console, on the Global Configuration Mode type the Following: SengSwitch(config)#line console 0 SengSwitch(config-line)#password soft0000 You can put any password rather than (soft0000) for the console But the Cisco switch does not know that I need to be asked for that Password, so I should write login to ask me or prompt me to enter a Password. SengSwitch(config-line)#login So now , when you try to login the switch in user mode, this been secured also. You have to enter the password that you configure it before on line console ,
Dr. Shareef M. Shareef Computer Networks 7

 Then password for the privileged mode, hence we have two levels of passwords ( for both modes; user mode and privileged mode).

Basic Troubleshoot

Troubleshooting
For troubleshooting the following is also available: LEDs IP not required: On connection of a cable the port LED should change colour (as long as the connected device is active). If the LED remains off after connection this is an indication that either the connected device is off or that the wrong cable type is being used. Analyser ports IP not required: By their nature switches do not allow analysers to work as the switches filter traffic. Most switches allow a port to be configured as an analyser port which stops filtering on that port. This then allows an analyser attached to that port to see all packets. Beware of legal issues of snooping if carrying other peoples traffic. Log files IP not required: Most network devices provide log files, which provide a record of the messages that have been displayed on the screen. Syslog can often be used to allow these log files to be stored on a remote machine (syslog requires IP).

Dr. Shareef M. Shareef

Computer Networks