Setup Preconfigured Protections on AWS WAF - November 2016 Webinar Series
Configuring Network Devices - AOI...
Transcript of Configuring Network Devices - AOI...
![Page 1: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/1.jpg)
Version 4.1
Configuring Network Devices
![Page 2: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/2.jpg)
Objectives
• Configure a router with an initial configuration.
• Use Cisco SDM to configure a Cisco ISR with LAN connectivity, Internet connectivity and NAT.
• Configure a Cisco router for LAN connectivity, Internet connectivity and NAT using the Cisco IOS CLI.
• Configure a WAN connection from customer premises to an ISP.
• Describe, setup and configure a standalone LAN switch.
![Page 3: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/3.jpg)
Initial ISR Router Configuration• ISR (Integrated Services Router combines routing, LAN
switching, security, voice, & WAN connectivity features.
• Ideal for small to medium-sized businesses & ISP
managed customers.
![Page 4: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/4.jpg)
Initial ISR Router Configuration• Cisco IOS – offered in modules called images
• IP Base image: entry-level Cisco IOS
• Images are specific to models of devices
![Page 5: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/5.jpg)
Cisco 1841 Modular routerTable 1 Memory Requirements for Cisco 1841 Modular Router
Platform Feature Set
Flash RAM
Image Memory1 Memory
Cisco 1841 IP Base c1841-ipbase-mz 64 MB 128 MB
IP Voice c1841-ipvoice-mz 64 MB 192 MB
Enterprise Base c1841-entbase-mz 32 MB 128 MB
Advanced Security c1841-advsecurityk9-
mz
64 MB 192 MB
SP Services c1841-spservicesk9-mz 64 MB 192 MB
Enterprise Services c1841-entservicesk9-
mz
64 MB 192 MB
Advanced IP
Services
c1841-advipservicesk9-
mz
64 MB 192 MB
Advanced Enterprise
Services
c1841-adventerprisek9-
mz
64 MB 192 MB
![Page 6: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/6.jpg)
CISCO IOS Image: Types of Images• Two main types of image your router may use:
1. System image - complete Cisco IOS software. This image is loaded when your router boots and is used most of the time.
– On most platforms, the image is located in Flash memory.
2. Boot image - A subset of the Cisco IOS software. This image is used to perform network booting or to load Cisco IOS images onto the router. This image is also used if the router cannot find a valid system image. Depending on your platform, this image may be called xboot image, rxbootimage, bootstrap image, or boot loader/helper image.
• On some platforms, the boot image is contained in ROM. In others, the boot image can be stored in Flash memory. On these platforms, you can specify which image should be used as the boot image using the boot bootldr global configuration command. Refer to your hardware documentation for information about the boot image used on your router.
![Page 7: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/7.jpg)
Image Naming Convention
• You can identify the platform, features and
image location by the image name.
• Naming convention is: platform – features –
type
• Example: c2600-js-l_121-3.bin• c2600 - hardware platform
• js - features set (enterprise)
• l - file format (relocatable, not compressed)
• 121-3 - version & release # (version 12.1 release 3)
![Page 8: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/8.jpg)
Image Naming Convention - continued
• Platform – variable platform that can use image
– For example c1700, c2600, c7000
• Features –feature sets supported by image.
• Type – can contain following characters
• f—The image runs from Flash memory.
• • m—The image runs from RAM.
• • r—The image runs from ROM.
• • l—The image is relocatable.
• • z—The image is zip compressed.
• • x—The image is mzip compressed.
![Page 9: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/9.jpg)
Initial ISR Router Configuration• Tools and equipment required for setup:
![Page 10: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/10.jpg)
Initial ISR Router ConfigurationThree-stage bootup process:
• Power-on self test (POST)
• Locate and load Cisco IOS
• Locate startup configuration file or enter setup mode
![Page 11: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/11.jpg)
Bootup Process - contd
• POST (Power On Self Test) – test hardware
• After POST, the bootstrap program is loaded
• Bootstrap locates IOS and loads it into RAM
– IOS can be located – flash memory, TFTP server,
or another location
– By default, IOS loads from flash
• After IOS is loaded, bootstrap locates startup
configuration file in NVRAM (non-volatile random
access memory)
• Startup configuration – when loaded into RAM
(working memory), it become the “running”
configuration.
![Page 12: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/12.jpg)
Loading Cisco IOS
Get default IOS from FLASH
Flash empty
Get IOS from TFTP Server
TFTP Server empty
Get limited Cisco IOS from ROM
![Page 13: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/13.jpg)
Show version command output
• Router>show version
• IOS version
• Bootstrap program stored in ROM
• Complete filename of IOS
• Type of CPU; amount of RAM
• Number & type of interfaces
• Amount of NVRAM (used to store startup config)
• Amount of Flash (used to store IOS
• Configuration register in hex
![Page 14: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/14.jpg)
Configuration register
• Default setting – 0x2102 (remember this?)
– Loads IOS from flash
– Loads startup-config from NVRAM
• Most common settings
• 0x2142 –ignores contents of NVRAM/configuration
• 0x2120 – The router into ROMmon mode
• http://www.cisco.com/en/US/products/hw/routers/ps13
3/products_tech_note09186a008022493f.shtml
– **Go to Configuration Register Values & Their
Meaning.
![Page 15: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/15.jpg)
Initial ISR Router Configuration
Verifying and troubleshooting bootup process:
• View output from the show version command
• Use dir flash: and boot flash: in ROMmon mode
• View boot system commands [see miage below on next slide]
![Page 16: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/16.jpg)
Initial ISR Router Configuration (continued)
![Page 17: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/17.jpg)
Initial ISR Router Configuration (continued)
• Out-of-band management for initial configuration
• In-band management over a network connection
In-Band Out-of-Band
HTTP or Telnet
Terminal emulation
![Page 18: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/18.jpg)
Initial ISR Router Configuration (continued)
• Command Line Interface (CLI): text-
based program
• Can be used in both in-band or out-of-
band
• Extensive help system [see image below
on next slide]
![Page 19: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/19.jpg)
Initial ISR Router Configuration (continued)
![Page 20: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/20.jpg)
SDM
• Security Device Manager (SDM): web-based
GUI
• In-Band only
• SDM Express (Basic) or Full package
(Advanced configuration)
• Comes preinstalled in flash
![Page 21: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/21.jpg)
CLI vs. SDM
CLI SDM
User Interface Term Emulation software Web-based browser
Telnet
Configuration Method Text-based Cisco commands GUI buttons & text boxes
Expertise in Cisco Device Config.
Depends on the config task Do not need knowledge of CLI commands
Help Features Command-prompt based GUI based online help & tutorials
Flash Requirements Covered by IOS requirements 6MB of free memory
Availability ALL Cisco devices Cisco 830 series thru Cisco 7301
What It’s Used When device does not support SDM
Initial config of SDM equipped device
![Page 22: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/22.jpg)
Using Cisco SDM Express and
SDM• Follow best practices for installing a new
device to ensure correct functions
![Page 23: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/23.jpg)
Using Cisco SDM Express and
SDMEight SDM Express configuration screens:
• Overview
• Basic configuration
• LAN IP address
• DHCP
• Internet (WAN)
• Firewall
• Security settings
• Summary
![Page 24: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/24.jpg)
Using Cisco SDM Express and
SDM• Use Basic NAT Wizard to configure dynamic
NAT with PAT
![Page 25: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/25.jpg)
Configuring a Router Using IOS
CLI• CLI command modes: two levels of access
![Page 26: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/26.jpg)
Configuring a Router Using IOS
CLI• Configuration modes can alter the operation of
the device
![Page 27: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/27.jpg)
Configuring a Router Using IOS
CLI
Help features:
• Command completion
• Error indicators
• Command history
– Enabled by default
– Records 10 command
– Max 256 commands
– history size command
• Arrow and function keys
![Page 28: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/28.jpg)
Configuring a Router Using IOS
CLI
• Show commands
display
configuration and
operation
information• R#show run
• R#show
interfaces
• R#show ip route
• R#show protocols
![Page 29: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/29.jpg)
Configuring a Router Using IOS
CLI• Use Cisco IOS CLI to perform an initial router
configuration
![Page 30: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/30.jpg)
Configuring a Router Using IOS
CLI• Configure serial and Ethernet interfaces on a
router
(DTE) Data Terminal Equipment endpoint of user’s device on the WAN link; Cisco routers
(DCE) Data Communications Equipment; provides clock rate; modem; converts data from router to acceptable format to cross the WAN
If back-to-back router scenario, one of the routers will be DCE and one DTE.
![Page 31: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/31.jpg)
Configuring a Router Using IOS
CLI• Configure a default route for the Cisco
router
• Default route used when router does not
know where to send a packet.IP address of
next-hop router
Or
port number
![Page 32: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/32.jpg)
Configuring a Router Using IOS
CLI• Configure a Cisco router to function as a
DHCP server
![Page 33: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/33.jpg)
Configuring a Router Using IOS
CLI• Configure static NAT on a Cisco router to
enable Internet access for an internal server
![Page 34: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/34.jpg)
Configuring a Router Using IOS
CLI• Back up and restore configuration files using a
TFTP server
![Page 35: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/35.jpg)
Configuring a Router Using IOS
CLI• Capture and save configuration file output from
a terminal session
![Page 36: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/36.jpg)
Connecting the CPE to the ISP
• Customer Premise Equipment (CPE) – network devices installed
at customer location.
• Configuration checklists ensure that all configuration
requirements are met
![Page 37: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/37.jpg)
Connecting the CPE to the ISP
• Use inventory and configuration checklists and
an installation plan to ensure successful
installation
![Page 38: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/38.jpg)
Connecting the CPE to the ISP
• Documentation includes diagrams, checklists,
and activity logs
![Page 39: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/39.jpg)
Connecting the CPE to the ISP
Types of customer connections over a WAN:
• Point-to-point: often called leased lines;
typically most expensive; price based on
bandwidth & distance between 2 points
• Circuit-switched – similar to a phone call made
over a phone network; example is ISDN or
dialup connection; physical circuit reserved
from source to destination
• Packet-switched – each customer has a virtual
circuit; example is Frame Relay
![Page 40: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/40.jpg)
Customer Connections over
WAN• Bandwidth and cost influence WAN choices
![Page 41: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/41.jpg)
Connecting the CPE to the ISP
• Clock rate and serial encapsulation are needed when configuring serial
WAN connections
– Clock rate is set by DCE
– DTE accepts clock rate
• Leased WAN connections use serial connection & require Channel
Service Unit/Data Service Unit (CSU/DSU
DCE
DTE
![Page 42: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/42.jpg)
Initial Cisco 2960 Switch
Configuration • Fixed-configuration, standalone devices – does not use modules or flash
card slots. Physical configuration can’t be changed.
• Layer 2 device that directs stream of message coming in from one port,
our of another based on destination MAC address.
• Configured using GUI or CLI
![Page 43: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/43.jpg)
Cisco 2960 switch
• Comes preconfigured
• Needs to be assigned basic security info
• Basic commands (ex: hostname,
passwords) sames as ISR switch.
• Configure management IP address
• One virtual local area network, VLAN 1 is
preconfigured to provide access to
management functions.
![Page 44: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/44.jpg)
Initial Cisco 2960 Switch
Configuration• Switch settings can be configured using the
Cisco IOS CLI
• Assign an IP address to the default
management virtual local area network,
VLAN1
![Page 45: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/45.jpg)
Initial Cisco 2960 Switch
Configuration• Check switch components
• Connect cables to the switch
• Power up the switch and observe POST
![Page 46: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/46.jpg)
Initial Cisco 2960 Switch
Configuration• Connect the stand-alone LAN switch to the
router and verify connectivity
• Configure port security to prevent
unauthorized use
• Shut down unused ports
![Page 47: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/47.jpg)
Switch port security
• Port security limits the # of MAC addresses allowed per port.• Set port to access mode using switchport mode access
command• 3 ways to configure port security:• Static – MAC addresses are manually assigned using
switchport port-security mac-address [mac-address] interface config command.
– S1# configure terminal– S1(config-if)#interface fastethernet 0/20– S1(config-if)#switchport mode access– S1(config-if)#switchport port-security mac-address 1000.2000.3000– S1(config-if)#end–
•
![Page 48: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/48.jpg)
Switch port - contd
• Dynamic MAC addresses are dynamically learned & stored in address table
• # of addresses stored can be controlled; default is one address.
• If port is shut down or switch is restarted, address learned are cleared from the table
S1# configure terminal– S1(config-if)#interface fastethernet 0/20– S1(config-if)#switchport mode access– S1(config-if)#switchport port-security– S1(config-if)#end
![Page 49: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/49.jpg)
Switch port - contd
• Sticky – similar to dynamic
• Addresses learned are saved to the
running-config– S1# configure terminal– S1(config-if)#interface fastethernet 0/20– S1(config-if)#switchport mode access– S1(config-if)#switchport port-security– S1(config-if)#switchport port-security maximum 50– S1(config-if)#switchport port-security mac-address sticky– S1(config-if)#end
![Page 50: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/50.jpg)
Initial Cisco 2960 Switch
Configuration• Cisco Discovery Protocol (CDP) gathers
information about directly-connected Cisco
network devices
• Two Cisco devices directly connected on the
same local network are called neighbors
![Page 51: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/51.jpg)
Summary
• The Integrated Services Router (ISR) is a good choice for small to medium businesses and ISP-managed customers.
• ISRs can be initially configured using SDM or the router IOS CLI.
• When using the CLI, ―show‖ commands verify configuration elements.
• An installation plan can minimize disruption to a network when new devices are being added.
• Documentation is necessary, both when
![Page 52: Configuring Network Devices - AOI Instituteonline.aoi.edu.au/documents/1307892663Presentation_3.pdfCisco 2960 switch •Comes preconfigured •Needs to be assigned basic security info](https://reader034.fdocuments.in/reader034/viewer/2022042117/5e9589b7621d0275bd3342ac/html5/thumbnails/52.jpg)