Networking Week 12: Switch Configurations

Questions and Answers

What does a blinking amber LED light indicate on a switch?

• The device is functioning normally
• PoE is denied due to power limitations (correct)
• The switch is starting up
• Power is being supplied correctly

What should be done first when accessing a Cisco Catalyst 2960 switch?

• Install the device's firmware
• Run the system configuration dialog
• Connect the rollover cable to the console port (correct)
• Configure the IP address

What is the baud rate setting commonly used for Cisco switches?

• 4800
• 9600 (correct)
• 115200
• 19200

What happens if no configuration is found on the switch during startup?

The system configuration dialog is initiated (A)

To establish a terminal session for CLI access on the switch, which of these programs can be used?

HyperTerminal (D)

What is the expected outcome of the switch bootup process after power is applied?

Flash is validated before loading the IOS (B)

Which command line configuration step is essential before making any changes to the switch?

Connect to the console via Terminal (B)

In the context of a switch booting up, what does 'IOS' stand for?

Internetwork Operating System (B)

What is the purpose of the VTY lines on a switch?

To provide remote access to the switch (B)

What command is used to configure a password for the console line?

line console 0 (C)

Why should Privileged EXEC mode be password protected?

To prevent unauthorized access and configuration changes (A)

Which command is used to set the enable secret password?

enable secret Top$ecretPrivEXECpassWORD (A)

What is the main disadvantage of using Telnet for remote access?

Data is transmitted in plaintext (A)

Which of the following commands exits the VTY configuration mode?

exit (A)

How many VTY lines are configured on the switch?

16 (A)

What does SSH provide for managing network devices?

Remote access with encryption (B)

What command is used to generate RSA keys for enabling SSH?

crypto key generate rsa (B)

What is the valid range for the key modulus size when generating RSA keys?

360 to 2048 (C)

Which command is used to set the SSH version to be used?

ip ssh version 2 (C)

What command should be used to check local users' database for user authentication?

login local (B)

To create a VLAN and assign a name, which command sequence should be used?

vlan 2 name Registrar (C)

What is the first step in setting up specific VTY lines for SSH access?

QCUSwitch(config)#line vty 0 5 (C)

What command is used to add ports to a VLAN after creation?

configure access ports for vlan (A)

Which of the following commands enables SSH and shows a confirmation message?

*Mar 4 7:4:9.374: %SSH-5-ENABLED: SSH 1.99 has been enabled (D)

Flashcards

VTY lines

Virtual Terminal lines used for remote access to a device (like a switch).

VTY range (0-15)

The specified range of VTY lines to configure on a switch.

Password protection of VTY

Securing access to virtual terminal lines by setting passwords.

Console line

A physical or virtual connection to a device's command prompt allowing direct, local interaction.

Console line password

A password set for local console access.

Privileged EXEC mode

A higher-level mode in a network device's command line interface (CLI) granting more commands and access to configuration.

Enable secret (for Privileged EXEC)

A powerful password protecting access to Privileged EXEC mode within the switch, more secure than standard passwords.

SSH

Secure Shell, a cryptographic network protocol for securely accessing a remote device’s command line interface over a network.

Enabling SSH on a switch

SSH (Secure Shell) is a network protocol that allows secure remote login to a device over a network. Enabling SSH on a switch allows remote access via a secure connection.

SSH key generation

Generating RSA keys is the first step when enabling SSH. It creates a secure key pair for authenticating connections.

Key modulus size

The key modulus is the size of the key used in cryptographic operations during SSH sessions. Larger sizes offer stronger security but can take longer to generate.

SSH version 2

SSH version 2 is a more secure and newer version of the SSH protocol compared to previous versions, offering enhanced security and features.

Transport input SSH

This command configures a VTY line to accept SSH connections.

VLAN creation

VLANs (Virtual LANs) logically segment a network into smaller, isolated broadcast domains. VLANs improve network security and performance.

Assigning ports to VLANs

This command configures ports of a network to be assigned to a specific VLAN for controlling data communication.

PoE Denied LED

Alternating green and amber LED indicates insufficient power for the device.

PoE Unavailable

Blinking amber LED signals a fault preventing power delivery.

Switch Boot Process

Sequence of actions when powering on, validating flash, locating, uncompressing, and loading the Inter-networking Operating System (IOS).

System Configuration Dialog

Script prompts to set basic switch configuration if no prior settings exist.

Console Port

Serial port of the switch used for initial configuration access.

Terminal Emulation

Software to connect to a computer's console, allowing interaction via command-line interface.

Baud rate 9600

The speed at which data transmits between the computer and the switch during initial console connection.

Basic Switch Config

Initial setup of a switch, which involves connecting to the console

Study Notes

Week 12: Initial Switch Configuration

• Learning Outcomes: Familiarize with Cisco 2960 series switches, perform initial switch configuration, understand commands used in switch configuration.

Cisco Catalyst 2960 Series Switches

• Intelligent Ethernet switches, new family of fixed-configuration standalone devices.
• Provide 10/100 Fast Ethernet and 10/100/1000 Gigabit Ethernet connectivity.
• Enable enhanced LAN services for entry-level enterprise, mid-market, and branch office networks.

Switch Configurations (Specific Part Numbers)

• WS-C2960-24TT-L: 24 Ethernet 10/100 ports, 2 10/100/1000 TX uplinks, rack unit (RU), multilayer switch, Entry-level.
• WS-C2960-48TT-L: 48 Ethernet 10/100 ports, 2 10/100/1000 TX uplinks, rack unit (RU), multilayer switch, Entry-level.
• WS-C2960-24TC-L: 24 Ethernet 10/100 ports, 4 dual-purpose uplinks (1 10/100/1000 Ethernet port + 1 SFP Gigabit Ethernet port per uplink), rack unit (RU), multilayer switch, Entry-level.
• WS-C2960-48TC-L: 48 Ethernet 10/100 ports, 4 dual-purpose uplinks (1 10/100/1000 Ethernet port + 1 SFP Gigabit Ethernet port per uplink), rack unit (RU), multilayer switch, Entry-level.
• WS-C2960G-24TC-L: 24 Ethernet 10/100/1000 ports, 4 dual-purpose uplinks (1 10/100/1000 Ethernet port + 1 SFP Gigabit Ethernet port per uplink), rack unit (RU), multilayer switch, Entry-level.

Switch LEDs

• System LED: Indicates switch connection to power source. Green light confirms power and proper functioning.
• Redundant Power System (RPS) LED: Shows RPS status. Green light = RPS running. Flashing green = providing power to another device. Amber light = standby mode. Blinking amber = RPS failure.
• Port Status LED: Shows port status mode (default green = active). Green LED indicates data transmission/reception. Amber = link fault/port blocked, completely off = no link. Alternating green/amber = link fault.
• Port Duplex LED: Indicates port duplex mode. Green light = full-duplex.
• Port Speed LED: Indicates port operating speed. No LED = 10 Mb/s. Green=100 Mb/s. Blinking green = 1000 Mb/s
• Power over Ethernet (PoE) Mode: Green LED = PoE is activated. Alternating green/amber = PoE is being denied. Blinking amber = PoE is unavailable.

System Configuration Dialog

• If no configuration is found, the IOS runs the setup script (System Configuration Dialog).
• The script asks questions to help configure the switch.

Boot Loader

• Connect rollover cable to switch's console port and computer's COM port.
• Use a terminal emulation program (e.g., HyperTerminal, Tera Term, PuTTY) to view CLI output.
• The switch's boot process involves validating the flash and loading the IOS.

IP Address and Default Gateway

• Use the command-line interface
• Enter commands: switch#configure terminal, switch(config)#interface Vlan1, switch(config-if)#ip address 192.168.0.254 255.255.255.0, no shutdown, exit, ip default-gateway 192.168.0.1, end

Basic Switch Configuration (CLI)

• Step 1: Connect to the console. Many Cisco switches use serial settings: Baud Rate: 9600, Data bits: 8, Stop bits: 1, Parity: None.
• Step 2: Set management IP and default gateway. Enter the desired IP address and subnet mask values.
• Step 3: Set hostname and domain name. Use hostname command in global configuration mode to set a logical hostname. Use ip domain-name command in global configuration mode to set a domain name.
• Step 4: Set logins for VTY lines and console port. Configure strong passwords for all virtual terminal lines (VTY lines 0-15) and for the console port (line console 0).
• Step 5: Set Privileged EXEC password. Password protect the privileged EXEC mode (enable secret).
• Step 6: Enable SSH.switch(config)#ip ssh version 2
• Step 7: Configure Trunk ports
• Step 8: Add access ports to VLAN
• Step 9: Configure trunk ports (if needed)
• Step 10: Save configuration. Use copy running-config startup-config command to save config to startup config file.