UiTM CISCO NETWORKING ACADEMY FACULTY OF ELECTRICAL ENGINEERING Erasing and Reloading the Switch

For the majority of the labs, it is necessary to start with an unconfigured switch. Using a switch with an existing configuration may produce unpredictable results. These instructions show you how to prepare the switch prior to starting the lab. These instructions are for the 2960 switch; however, the procedure for the 2900 and 2950 switches is the same. Step 1: Enter privileged EXEC mode by typing the enable command. If prompted for a password, enter class or cisco. If that does not work, ask the instructor. Switch>enable Step 2: Remove the VLAN database information file. Switch#delete flash:vlan.dat Delete filename [vlan.dat]?[Enter] Delete flash:vlan.dat? [confirm] [Enter] If there is no VLAN file, this message is displayed: %Error deleting flash:vlan.dat (No such file or directory) Step 3: Remove the switch startup configuration file from NVRAM. Switch#erase startup-config The responding line prompt will be: Erasing the nvram filesystem will remove all files! Continue? [confirm] Press Enter to confirm. The response should be: Erase of nvram: complete Step 4: Check that the VLAN information was deleted. Verify that the VLAN configuration was deleted in Step 2 using the show vlan command. If the VLAN information was successfully deleted in Step 2, go to Step 5 and restart the switch using the reload command. If previous VLAN configuration information is still present (other than the default management VLAN 1), you must power-cycle the switch (hardware restart ) instead of issuing the reload command. To power-cycle the switch, remove the power cord from the back of the switch or unplug it, and then plug it back in. Step 5: Restart the software. Note: This step is not necessary if the switch was restarted using the power-cycle method. At the privileged EXEC mode prompt, enter the reload command. Switch(config)#reload The responding line prompt will be: System configuration has been modified. Save? [yes/no]: Type n and then press Enter. The responding line prompt will be: Proceed with reload? [confirm] [Enter] The first line of the response will be: 1|Page

Reload requested by console. After the switch has reloaded, the line prompt will be: Would you like to enter the initial configuration dialog? [yes/no]: Type n and then press Enter. The responding line prompt will be: Press RETURN to get started! [Enter]

! Basic Switch Configuration

Switch>enable Switch#configure terminal Switch(config)#hostname Switch_A <--- to set switch hostname Switch_A(config)#enable secret class <--- to set enable password (encrypted) Switch_A(config)#enable password cisco <--- to set enable password in clear text Switch_A(config)#line con 0 <--- to set console password Switch_A(config-line)#password cisco Switch_A(config-line)#login Switch_A(config-line)#line vty 0 15 <--- to set telnet password Switch_A(config-line)#password cisco Switch_A(config-line)#login Switch_A(config-line)#exit

! To set IP add to the switch

Switch_A(config-line)#interface vlan 1 Switch_A(config)#ip address 192.168.1.2 255.255.255.0 Switch_A(config-if)#no shutdown Switch_A(config-if)#exit

! To set default-gateway to the switch

Switch_A(config)#ip default-gateway 192.168.1.1 <--- to set default-gateway Switch_A(config)#end !

! Creating VLANs

Switch_A#configure terminal Switch_A(config)#vlan 2 Switch_A(config-vlan)#name VLAN2 Switch_A(config-vlan)#vlan 3 Switch_A(config-vlan)#name VLAN3 2|Page

Switch_A(config-vlan)#end

! Configuring Static VLAN (Assigning ports to VLAN, e.g vlan 2)

Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/4 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 2 Switch_A(config-if)#end

! Configuring Static VLAN (Assigning range of ports to specific VLANs)

S3(config)#interface range fa0/6-10 S3(config-if-range)#switchport access vlan 30 S3(config)#interface range fa0/11-17 S3(config-if-range)#switchport access vlan 10 S3(config)#interface range fa0/18-24 S3(config-if-range)#switchport access vlan 20 S3(config-if-range)#end

! To remove a host(port) from a VLAN (e.g vlan 2)

Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/4 Switch_A(config-if)#no switchport access vlan 2

! To delete a VLAN
Switch_A#vlan database Switch_A(vlan)#no vlan 3 Switch_A(vlan)#exit !

! To create 802.1q trunk

Switch_A(config)#interface fastethernet 0/1 Switch_A(config-if)#switchport mode trunk Switch_A(config-if)#switchport trunk encapsulation dot1q <--- Not required for Catalyst 2950 Switch_A(config-if)#end

! VTP Configuration
Switch_A#configure terminal Switch_A(config)#vtp mode server <--- to set server mode Switch_A(config)#vtp domain group1 <--- to set domain name Switch_A(config)#exit Switch_B# configure terminal Switch_B(config)#vtp mode client <--- to set client mode Switch_B(config)#vtp domain group1 <--- to set domain namee Switch_B(config)#exit 3|Page

! Configuring InterVLAN Routing

! This configuration is on the ROUTER interface used as the trunk. ! Router_A(config)#interface fastethernet 0/0 Router_A(config-if)#no shutdown Router_A(config-if)#interface fastethernet 0/0.1 Router_A(config-subif)#encapsulation dot1q 1 Router_A(config-subif)#ip address 192.168.1.1 255.255.255.0 Router_A(config-if)#interface fastethernet 0/0.2 Router_A(config-subif)#encapsulation dot1q 10 Router_A(config-subif)#ip address 192.168.5.1 255.255.255.0 Router_A(config-if)#interface fastethernet 0/0.3 Router_A(config-subif)#encapsulation dot1q 20 Router_A(config-subif)#ip address 192.168.7.1 255.255.255.0 Router_A(config-subif)#end

! Setting duplex
switch(config)#interface fa0/1 swconfig-if)#duplex {auto | full | half}

! Setting a static mac-address

switch(config)#mac-address-table static mac-addr vlan vlan-id interface interface-id e.g: switch(config)# mac-address-table static 0004.5600.67ab vlan 1 interface fastethernet0/2

! Securing Switch Configuring Port Security

switch(config-if)#switchport port-security [mac-address mac-address] | [maximum value] | [violation {protect |restrict | shutdown}] e.g: switch(config)#interface fa0/1 switch (config-if)#switchport mode access switch (config-if)#switchport port-security switch config-if)#switchport port-security maximum 1 switch (config-if)#switchport port-security mac-address 0008.eeee.eeee switch (config-if)#switchport port-security violation shutdown

! SSH Access Telnet is unsecure. Cisco recommends using SSH to encrypt communication between Cisco device and the host.
Switch_B# configure terminal Switch_B(config)#username ccna password cisco123 Switch_B(config)#ip domain-name cisco.com Switch_B(config)#crypto key generate rsa Switch_B(config)#ip ssh ver 2 Switch_B(config)#line vty 0 15 4|Page

Switch_B(config)#login local Switch_B(config)#transport input ssh

Use show command to verity switch status

switch#show run switch#show spanning-tree detail switch#show vlan Switch#show interfaces fastethernet0/2 switch#show mac-address-table switch#show port-security interface fastethernet 0/5 switch#show spanning-tree switch#show spanning-tree vlan 1

To save current config file to NVRAM

Spanning-tree !To enable PVRST

Switch(config)# spanning-tree mode rapid-pvst

!To specify a switch to be the root switch for a particular vlan

Switch(config)# spanning-tree vlan 1 root primary <--- increases the switch priority (lowering the numerical value) so that the witch becomes the root bridge and forces spanning tree to perform recalculation.

5|Page