CCNA 3 v3.

1 Module 6
Switch Configuration

LOCAL CISCO ACADEMY ELSYS TU

INSTRUCTOR: STELA STEFANOVA

© 2004, Cisco Systems, Inc. All rights reserved. 1

Objectives

© 2004, Cisco Systems, Inc. All rights reserved. 2

Starting the Switch

Switches:
• are dedicated, specialized computers, which
contain a central processing unit (CPU), random
access memory (RAM), and an operating system;
• have several ports that hosts can connect to;
• have specialized ports for the purpose of
management;
• can be managed and the configuration can be
viewed and changed through the console port ;
• typically have no power switch to turn them on
and off - simply connect or disconnect from a
power source;
© 2004, Cisco Systems, Inc. All rights reserved. 3
 Catalyst 2950 series Switches Features

• Fixed configuration
symmetrical switches with
all ports being FastEthernet
or 10/100;
• Asymmetrical switches
with two fixed fiber or
copper Gigabit Ethernet
ports;
• Asymmetrical switches
with modular Gigabit
Interface Converter (GBIC)
slots

© 2004, Cisco Systems, Inc. All rights reserved. 4

LEDs

Light-emitting diodes (LEDs)

• help monitor system activity and performance;
• on the front of a switch:
- System LED
- Remote Power Supply (RPS) LED
- Port Mode LEDs
- Port Status LEDs

© 2004, Cisco Systems, Inc. All rights reserved. 5

 LEDs
System LED
• shows whether the system is receiving power and functioning
correctly;

RPS LED
• indicates whether or not the remote power supply is in use;

Mode LEDs
• indicate the current state of the Mode button;
• are used to determine how the Port Status LEDs are interpreted;
• to select or change the port mode, press the Mode button repeatedly
until the Mode LEDs indicate the desired mode.

Port Status LEDs

• have different meanings, depending on the current value of the
Mode LED. © 2004, Cisco Systems, Inc. All rights reserved. 6
Switch Mode LED Indicators

© 2004, Cisco Systems, Inc. All rights reserved. 7

Mode LED

© 2004, Cisco Systems, Inc. All rights reserved. 8

Mode LED

© 2004, Cisco Systems, Inc. All rights reserved. 9

Mode LED

© 2004, Cisco Systems, Inc. All rights reserved. 10

Verifying Port LEDs During Switch POST

Power-On Self Test (POST)

• runs automatically to verify that the switch
functions correctly;
• POST failure is considered to be a fatal error;
• should not expect a reliable operation of the
switch if POST fails.

© 2004, Cisco Systems, Inc. All rights reserved. 11

Verifying Port LEDs During Switch POST

Port Status LEDs during POST:

turn amber - for about 30 seconds
• the switch discovers the network topology and
searches for loops;
turn green
• the switch has established a link between the
port and a target, such as a computer;
turn off
• the switch has determined that nothing is
plugged into the port.
© 2004, Cisco Systems, Inc. All rights reserved. 12
Connecting Switch to PC

© 2004, Cisco Systems, Inc. All rights reserved. 13

Console Connection

© 2004, Cisco Systems, Inc. All rights reserved. 14

Console Connection

© 2004, Cisco Systems, Inc. All rights reserved. 15

Console Connection

Shows information about the switch:

• details about POST status;
• data about the switch hardware.
© 2004, Cisco Systems, Inc. All rights reserved. 16
 Switch CLI

© 2004, Cisco Systems, Inc. All rights reserved. 17

Command-Line Interface (CLI)

Command-line interface (CLI) for Cisco

switches:
• is very similar to the CLI for Cisco routers.

© 2004, Cisco Systems, Inc. All rights reserved. 18

“Help” command

© 2004, Cisco Systems, Inc. All rights reserved. 19

“help” command
“Help” command
Word help
• to obtain a list of commands that begin with a particular
character sequence, enter those characters followed
immediately by the question mark (?);
• do not enter a space before the question mark;
• it completes a word.
Command syntax help
• to list keywords or arguments that are associated with a
particular command, enter one or more words associated
with the command, followed by a space and then a
question mark (?);
• provides applicable keywords or arguments based on a
partial command.
© 2004, Cisco Systems, Inc. All rights reserved. 20
Command Modes

• User EXEC
• Privileged EXEC

© 2004, Cisco Systems, Inc. All rights reserved. 21

User EXEC mode

User EXEC mode

• default mode;
• is recognized by its prompt, which
ends in a greater-than character (>);
• available commands are limited:
- to change terminal settings;
- to perform basic tests;
- to display system information.

© 2004, Cisco Systems, Inc. All rights reserved. 22

“show” command

Show commands that are available in User EXEC mode

© 2004, Cisco Systems, Inc. All rights reserved. 23

Privileged EXEC mode

Privileged EXEC mode

• to enter enable command is used from User EXEC
mode;
• is recognized by its prompt, which ends in a pound-
sign character (#);
• the command set includes the configure command:
- allows other command modes to be accessed;
• should be password protected to prevent
unauthorized use;
• the password does not appear on the screen, and is
case sensitive.

© 2004, Cisco Systems, Inc. All rights reserved. 24

Default Running Configuration

© 2004, Cisco Systems, Inc. All rights reserved. 25

Default Running Configuration

Default Running Configuration

• when powered up for the first time, a switch
has default data in the running configuration
file;
• default hostname - Switch;
• no passwords are set on the console or
virtual terminal (vty) lines;
• the switch has no IP address (IP address for
management purposes is configured on the virtual
interface VLAN 1)

© 2004, Cisco Systems, Inc. All rights reserved. 26

Verifying the Catalyst Switch Default
Configuration

• show running-config
• show interface
• show vlan
• show flash
• show version

© 2004, Cisco Systems, Inc. All rights reserved. 27

Default Running Configuration

© 2004, Cisco Systems, Inc. All rights reserved. 28

Default Port Settings

Default Running Configuration

• the switch ports or interfaces are set to
auto mode;
• all switch ports are in VLAN 1;
• VLAN 1 is known as the default
management VLAN.

© 2004, Cisco Systems, Inc. All rights reserved. 29

Default Port Settings

© 2004, Cisco Systems, Inc. All rights reserved. 30

Default Port Settings

© 2004, Cisco Systems, Inc. All rights reserved. 31

Default Flash Directory Content

IOS image

file env_vars

sub-directory
html

© 2004, Cisco Systems, Inc. All rights reserved. 32

Default Flash Directory Content

Default Running Configuration

• by default flash directory contains:
- IOS image;
- file env_vars;
- sub-directory html.
• flash directory does not contain:
- config.text – switch configuration file;
- vlan.dat - VLAN database file.
© 2004, Cisco Systems, Inc. All rights reserved. 33
IOS Version and Config. Register
show version command – used to verify:
• IOS version;
• configuration register settings.

© 2004, Cisco Systems, Inc. All rights reserved. 34

Reset Switch Configuration

© 2004, Cisco Systems, Inc. All rights reserved. 35

Reset Switch Configuration

Steps to overwrite any existing configuration:

• Remove the current VLAN information:
- delete the VLAN database file vlan.dat
from the flash directory
• Erase the back up configuration file:
- delete file startup-config
• Restart the switch:
- use reload command.
© 2004, Cisco Systems, Inc. All rights reserved. 36
Reset Switch Configuration

© 2004, Cisco Systems, Inc. All rights reserved. 37

 Configuring the Switch

© 2004, Cisco Systems, Inc. All rights reserved. 38

Hostname and Passwords Configuration

© 2004, Cisco Systems, Inc. All rights reserved. 39

IP address and Default Gateway Configuration
IP address Configuration:
• allows the switch to be accessible by Telnet and other
TCP/IP applications

© 2004, Cisco Systems, Inc. All rights reserved. 40

VLAN1

Management VLAN:
• by default, VLAN 1 is the management
VLAN;
• all internetworking devices should be in
the management VLAN;
• allows a single management workstation
to access, configure, and manage all the
internetworking devices.

© 2004, Cisco Systems, Inc. All rights reserved. 41

Port Speed and Duplex Settings Configuration

© 2004, Cisco Systems, Inc. All rights reserved. 42

Port Speed and Duplex Settings Configuration

Fast Ethernet switch ports:

•by default set to auto-speed and auto-
duplex (allows the interfaces to
negotiate these settings);
•Network administrators can manually
configure the interface speed and
duplex values

© 2004, Cisco Systems, Inc. All rights reserved. 43

HTTP Service and Port Configuration

• Intelligent network devices can provide a web-based

interface for configuration and management
purposes;
• Once a switch is configured with an IP address and
gateway, it can be accessed by a web-based
interface;
HTTP services:
• can be access by a web browser using:
- IP address;
- port 80 - the default port for http.
• can be turned on or off, and the port address for the
service can be chosen.
© 2004, Cisco Systems, Inc. All rights reserved. 44
HTTP Service and Port Configuration

© 2004, Cisco Systems, Inc. All rights reserved. 45

Configuring the Catalyst Switch

Web Management Interface

Web Management Interface

© 2004, Cisco Systems, Inc. All rights reserved. 46

Managing the MAC Address Table

© 2004, Cisco Systems, Inc. All rights reserved. 47

MAC Address Table

Switches
• examine the source address of frames that
are received on the ports;
• learn the MAC addresses of PCs or
workstations that are connected to their
switch ports;
• record learned MAC addresses in a MAC
address table.
© 2004, Cisco Systems, Inc. All rights reserved. 48
Check Learned MAC Addresses

show mac-address-table command - Privileged EXEC mode

• examines the addresses that a switch has learned
© 2004, Cisco Systems, Inc. All rights reserved. 49
MAC Address Table

Switches:
• dynamically learn and maintain thousands
of MAC addresses;
• learned entries may be discarded from the
MAC address table (to preserve memory and
for optimal operation) ;
• the MAC address entry is automatically
discarded or aged out after 300 seconds (if
no frames are seen with a previously learned
address).
© 2004, Cisco Systems, Inc. All rights reserved. 50
Check Learned MAC Addresses

Clear mac-address-table command - Privileged EXEC mode

• used to remove dynamically learned MAC addresses;
• used to remove static MAC address entries.
© 2004, Cisco Systems, Inc. All rights reserved. 51
Managing the MAC Address Table

© 2004, Cisco Systems, Inc. All rights reserved. 52

Static MAC Addresses

Static MAC address:

• permanently assigned to an interface;
Reasons for use a Static MAC address:
• will not be aged out automatically by the switch;
• a specific server or user workstation must be
attached to the port and the MAC address is
known;
• Security is enhanced.
© 2004, Cisco Systems, Inc. All rights reserved. 53
Configuring Static MAC Addresses

© 2004, Cisco Systems, Inc. All rights reserved. 54

Configuring Static MAC Addresses

© 2004, Cisco Systems, Inc. All rights reserved. 55

Static MAC Addresses

To configure:

Switch(config)#mac-address-table static <mac-

address of host > interface FastEthernet <Ethernet
number > vlan <vlan name >
To remove:

Switch(config)# no mac-address-table static <mac-

address of host > interface FastEthernet <Ethernet
number > vlan <vlan name >
© 2004, Cisco Systems, Inc. All rights reserved. 56
 Port Security

© 2004, Cisco Systems, Inc. All rights reserved. 57

Port Security

Port Security
• It is possible to limit the number of
addresses that can be learned on an
interface;
• the number of MAC addresses per port
can be limited to 1;
• the first address dynamically learned by
the switch becomes the secure address.

© 2004, Cisco Systems, Inc. All rights reserved. 58

Port Security Configuration

© 2004, Cisco Systems, Inc. All rights reserved. 59

Port Security

To configure port security :

Switch(config-if)#switchport port-security

To reverse port security:

Switch(config-if)# no switchport port-
security
To verify port security status:
Switch(config)#show port security

© 2004, Cisco Systems, Inc. All rights reserved. 60

Adding and Moving Switches
to the Network

© 2004, Cisco Systems, Inc. All rights reserved. 61

Adding New Switch

Adding New Switch

Must be configured:
• Switch name;
• IP address for the switch in the
management VLAN;
• a default gateway;
• Line passwords.

© 2004, Cisco Systems, Inc. All rights reserved. 62

Adding New Switch

© 2004, Cisco Systems, Inc. All rights reserved. 63

Moving a Switch

Host is moved:
• from one port or switch to another;
• configurations that can cause unexpected
behavior should be removed;
• configuration that is required can then be
added.

© 2004, Cisco Systems, Inc. All rights reserved. 64

Add, Remove and Change MAC Addresses

© 2004, Cisco Systems, Inc. All rights reserved. 65

Managing Switch Operation

© 2004, Cisco Systems, Inc. All rights reserved. 66

Managing Switch Operation

• An administrator should document and

maintain the operational configuration
files for networking devices;
• The most recent running-configuration file
should be backed up on a server or disk;
• The Cisco IOS Software should also be
backed up to a local server. The Cisco IOS
Software can then be reloaded to Flash
memory if needed.

© 2004, Cisco Systems, Inc. All rights reserved. 67

Managing Switch Operation

© 2004, Cisco Systems, Inc. All rights reserved. 68

 Password Recovery

© 2004, Cisco Systems, Inc. All rights reserved. 69

Enable Security

© 2004, Cisco Systems, Inc. All rights reserved. 70

Passwords

Passwords
• must be set on the console and vty lines-
for security and management purposes;
• must be set enable password;
• must be set enable secret password.

© 2004, Cisco Systems, Inc. All rights reserved. 71

Password Recovery (2950)

• Make sure that a PC is connected to the

console port and a HyperTerminal
window is open.
• Turn the switch off. Turn it back on while
holding down the “MODE” button on the
front of the switch at the same time that
the switch is powered on. Release the
“MODE” button after the STAT LED goes
out.

© 2004, Cisco Systems, Inc. All rights reserved. 72

Password Recovery (2950)

• Type flash_init
• Type load_helper
• Type dir flash:
• rename flash:config.text flash:config.old
• Type boot
• N at the following prompt to start the
Setup program.

© 2004, Cisco Systems, Inc. All rights reserved. 73

Password Recovery (2950)

• Type rename flash:config.old

flash:config.text
2. copy flash:config.text system:running-
config

© 2004, Cisco Systems, Inc. All rights reserved. 74

Password Recovery (2950)

11.

© 2004, Cisco Systems, Inc. All rights reserved. 75

Firmware and IOS Images

To upgrade the IOS, download a copy of the new image to a local server
from the Cisco Connection Online (CCO) Software Center

© 2004, Cisco Systems, Inc. All rights reserved. 76

Summary

© 2004, Cisco Systems, Inc. All rights reserved. 77

Exercises

E-Labs
6.2.1. e-Lab Activity – Basic Switch Operation
6.2.2. e-Lab Activity – Basic Switch Configuration
6.2.3. e-Lab Activity – Managing the MAC Address Table
6.2.4. e-Lab Activity – Configuring Static MAC Addresses
6.2.5. e-Lab Activity – Configuring Port Security
6.2.6. e-Lab Activity – Add, Move, Change MAC Addresses
6.2.7. e-Lab Activity – Managing Switch Operating System Files
6.2.7. e-Lab Activity – Managing Switch Startup Configuration Files
6.2.8. e-Lab Activity – Password Recovery Procedure on a Catalyst
2900 Series Switch
6.2.9. e-Lab Activity – Firmware Upgrade on a Catalyst 2900 Series
Switch

© 2004, Cisco Systems, Inc. All rights reserved. 78

 Exercises
Lab Activity
6.2.1. Lab Activity – Verifying Default Switch Configuration
6.2.2. Lab Activity – Basic Switch Configuration
6.2.3. Lab Activity – Managing the MAC Address Table
6.2.4. Lab Activity – Configuring Static MAC Addresses
6.2.5. Lab Activity – Configuring Port Security
6.2.6. Lab Activity – Add, Move, Change MAC Addresses
6.2.7. Lab Activity – Managing Switch Operating System Files
6.2.7. Lab Activity – Managing Switch Startup Configuration Files
6.2.8. Lab Activity – Password Recovery Procedure on a Catalyst 2900
Series Switch
6.2.9. Lab Activity – Firmware Upgrade on a Catalyst 2900 Series Switch
© 2004, Cisco Systems, Inc. All rights reserved. 79