Chapter 14 - Sw Conf

Kh

oa

CN

TT

1/19

PH

ẠM

VĂ

N T

ÍNH

12-2

005

SWITCH SWITCH

CONFIGURATIONCONFIGURATION

TS, PHẠM VĂN TÍNHTS, PHẠM VĂN TÍNH

Switching Basics and Switching Basics and Intermediate RoutingIntermediate Routing

Kh

oa

CN

TT

2/19

PH

ẠM

VĂ

N T

ÍNH

12-2

005

ObjectiveObjective

Monitor switch activity and status using LED indicators

Examine the switch bootup output using HyperTerminal

Use the help features of the command line interface

List the major switch command modes Verify the default settings of a Catalyst switch Set an IP address and default gateway for the

switch to allow connection and management over a network

View the switch settings with a Web browser Set interfaces for speed and duplex operation Examine and manage the switch MAC address

table Configure port security

Kh

oa

CN

TT

3/19

PH

ẠM

VĂ

N T

ÍNH

12-2

005

Switch LED indicatorsSwitch LED indicators

• The System LED shows whether the system is receiving power and functioning correctly.

• The Mode LEDs indicate the current state of the Mode button.

• The Port Status LEDs have different meanings, depending on the current value of the Mode LED

Port LED Definitions based on MODE LED State

Kh

oa

CN

TT

4/19

PH

ẠM

VĂ

N T

ÍNH

12-2

005

Verifying port LEDs during switch POSTVerifying port LEDs during switch POST

Kh

oa

CN

TT

5/19

PH

ẠM

VĂ

N T

ÍNH

12-2

005

Connecting the Switch to ComputerConnecting the Switch to Computer

Show more ...

Kh

oa

CN

TT

6/19

PH

ẠM

VĂ

N T

ÍNH

12-2

005

Show Commands in User EXEC ModeShow Commands in User EXEC Mode

Kh

oa

CN

TT

7/19

PH

ẠM

VĂ

N T

ÍNH

12-2

005

Verifying the Catalyst switch default Verifying the Catalyst switch default configurationconfiguration

• Hostname is Switch. No passwords are set on the console or virtual terminal (vty) lines.

• Has no IP address.

• The switch ports or interfaces are set to auto mode.

• All switch ports are in VLAN 1, management VLAN.

• The flash directory by default, has a file that contains the IOS image, a file called env_vars, and a sub-directory called html.

• After configuring the switch, it may contain a config.text file, and a VLAN database.

• Has one broadcast domain

• The Spanning-Tree Protocol is also enabled

Show more ...

Kh

oa

CN

TT

8/19

PH

ẠM

VĂ

N T

ÍNH

12-2

005

Configuring The Catalyst Switch Configuring The Catalyst Switch

• Note

– Remove any existing VLAN information by deleting the VLAN database file vlan.dat from the flash directory

– Erase the back up configuration file startup-config

– Reload the switch

• Catalyst 2900

– Delete flash:vlan.dat

– Erase startup-config

– reload

• Catalyst 1900

– Delete nvram

Kh

oa

CN

TT

9/19

PH

ẠM

VĂ

N T

ÍNH

12-2

005

Configuring The Catalyst Switch (cont)Configuring The Catalyst Switch (cont)

• A switch should be given a hostname, and passwords should be set on the console and vty lines

• switch(config)#hostname ALSwitch

• ALSwitch(config)#line console 0

• ALSwitch(config-line)#login

• ALSwitch(config-line)#password funny

• ALSwitch(config-line)#line vty 0 4

• ALSwitch(config-line)#login

• ALSwitch(config-line)#password deadman

• ALSwitch(config-line)#^Z

Kh

oa

CN

TT

10/1

9P

HẠ

M V

ĂN

TÍN

H12

-200

5


• To allow the switch to be accessible by Telnet and other TCP/IP applications, IP addresses and a default gateway should be set

Catalyst 29XX:

ALSwitch(config)#interface vlan 1

ALSwitch(config-if)#ip address 192.168.20.254 255.255.255.0

ALSwitch(config)#ip default-gateway 192.168.20.1

Catalyst 1900:

ALSwitch(config)#ip address 192.168.20.254 255.255.255.0

ALSwitch(config)#ip default-gateway 192.168.20.1

Kh

oa

CN

TT

11/1

9P

HẠ

M V

ĂN

TÍN

H12

-200

5


• The Fast Ethernet switch ports default to auto-speed and auto-duplex

• ALSwitch(config)#interface f0/1

• ALSwitch(config-if)#duplex full

• ALSwitch(config-if)#speed 100

Kh

oa

CN

TT

12/1

9P

HẠ

M V

ĂN

TÍN

H12

-200

5


• Intelligent networking devices can provide a web-based interface for configuration and management purposes

• ALSwitch(config)#ip http server

• ALSwitch(config)#ip http port 8080

• Any additional software such as an applet, can be downloaded to the browser from the switch

Kh

oa

CN

TT

13/1

9P

HẠ

M V

ĂN

TÍN

H12

-200

5

Managing the MAC address tableManaging the MAC address table

• These learned MAC addresses are then recorded in a MAC address table. Frames having a destination MAC address that has been recorded in the table can be switched out to the correct interface.

• To examine the addresses that a switch has learned, enter the privileged EXEC command: show mac-address–table.

• To clear the addresses that a switch has learned, enter the privileged EXEC command:clear mac-address–table.

Show more ...

Kh

oa

CN

TT

14/1

9P

HẠ

M V

ĂN

TÍN

H12

-200

5

Configuring static MAC addressesConfiguring static MAC addresses

• The MAC address will not be aged out automatically by the switch.

• A specific server or user workstation must be attached to the port and the MAC address is known.

• Security is enhanced. • To set a static MAC address entry for a switch: Switch(config)#mac-address-table static <mac-

address of host> interface FastEthernet <Ethernet numer> vlan_name

• To remove this entry use the no form of the command:

Switch(config)#no mac-address-table static <mac-address of host> interface FastEthernet <Ethernet number> vlan name

Kh

oa

CN

TT

15/1

9P

HẠ

M V

ĂN

TÍN

H12

-200

5

Configuring static MAC addressesConfiguring static MAC addresses

Kh

oa

CN

TT

16/1

9P

HẠ

M V

ĂN

TÍN

H12

-200

5

Configuring port securityConfiguring port security

• Switches provide a feature called port security. It is possible to limit the number of addresses that can be learned on an interface. The switch can be configured to take an action if this is exceeded.

• The number of MAC address per port can be limited to 1. The first address dynamically learned by the switch becomes the secure address.

• To reverse port security on an interface use the no form of the command.

• To verify port security status the command show port security is entered.

Kh

oa

CN

TT

17/1

9P

HẠ

M V

ĂN

TÍN

H12

-200

5


• Choose a interface access mode

• Activate a port security

• Determine number of secure addresses

• Choose a security violation mode

• Determine sercure addresses

Kh

oa

CN

TT

18/1

9P

HẠ

M V

ĂN

TÍN

H12

-200

5


• Switch(config-if)#switchport mode access

• Switch(config-if)#switchport port-security

• Switch(config-if)#switchport port-security maximum 2

• Switch(config-if)#switchport port-security violation shutdown

• Switch(config-if)#switchport port-security mac-address 0000.0CDA.09A0

• Switch(config-if)#switchport port-security mac-address sticky

Kh

oa

CN

TT

19/1

9P

HẠ

M V

ĂN

TÍN

H12

-200

5

Adding a New SwitchAdding a New Switch

Kh

oa

CN

TT

20/1

9P

HẠ

M V

ĂN

TÍN

H12

-200

5

Adding, Moving a HostAdding, Moving a Host

Chapter 14 - Sw Conf

Education

Transcript of Chapter 14 - Sw Conf