Switch Initial Configuration

Questions and Answers

Which of the following best describes the purpose of the Module Objective?

• Configure devices using security best practices (correct)
• Optimize network performance
• Design network topologies
• Troubleshoot network connectivity issues

Securing remote access involves configurations on a router instead of a switch.

False (B)

What is the primary function of the "boot system" command in a Cisco IOS device?

Specifies the IOS image file to be used during the boot process.

The switch loads a ______ program stored in ROM to check the CPU subsystem.

POST

Match the following switch LED indicators with their descriptions:

SYST = Indicates whether the system is receiving power and functioning properly. RPS = Shows the Redundant Power Supply status. SPEED = Indicates port speed mode is selected. PoE = Indicates the Power over Ethernet status of ports on the switch.

When the STAT LED is green on a switch, what does this indicate?

Port status mode is selected. (C)

Recovering from a system crash ALWAYS requires specialized software provided by Cisco.

False (B)

What is the purpose of configuring a default gateway for a switch?

Enables remote management of the switch from networks that are not directly connected.

By default, switch management is controlled through ______.

VLAN1

Match the task with the corresponding IOS command used to configure a switch's SVI:

Enter global configuration mode = S1# configure terminal Enter interface configuration mode for the SVI = S1(config)# interface vlan 99 Enable the management interface = S1(config-if)# no shutdown Save the running config to the startup config = S1# copy running-config startup-config

If a switch does not receive default gateway information from a router advertisement (RA) message, what must be configured?

An IPv4 default gateway (C)

Applying an IP address to the SVI allows the switch to route Layer 3 packets.

False (B)

What commands are useful for determining the status of physical and virtual switch interfaces?

show ip interface brief and show ipv6 interface brief.

With full-duplex communication, the collision detection circuit on the ______ is disabled.

NIC

Match the term with its function related to switch port configuration

duplex = Determines if the port can transmit and receive simultaneously or only one direction at a time. speed = Sets the data transfer rate of the port. auto-MDIX = Automatically detects and configures the required cable connection type.

What happens when connecting to switches without the auto-MDIX feature using a straight-through cable?

A crossover cable must be used instead. (A)

The auto-MDIX feature is available on all Cisco Catalyst switches by default.

False (B)

What is the command used to examine the auto-MDIX setting for a specific interface?

show controllers ethernet-controller command.

show running-config command can be used to verify if the switch has been configured with an IPv4 address with ______ value and default gateway.

VLAN

Match the command with the information it displays:

show interfaces = Displays status and statistics information on the network interfaces of the switch. show startup-config = Displays the current startup configuration. show flash = Displays information about the flash file system. show version = Displays system hardware and software status.

On the FastEthernet0/18 interface, what does the 'line protocol is up (connected)' indicate in the show interfaces command output?

The data link layer protocol keepalives are being received (A)

If both the interface and line protocol are down, a cable is attached to the interface.

False (B)

What does the 'show interfaces' command output show?

Counters and statistics for the FastEthernet0/18 interface.

Packets that are discarded because they are smaller than the minimum packet size for the medium are called ______.

Runts

Match the error type from show interfaces with its description:

CRC errors = Generated when the calculated checksum is not the same as the checksum received, indicating a media or cable error. Collisions = Number of messages retransmitted because of an Ethernet collision. In half duplex operation, it is considered normal. Late collisions = A collision that occurs after 512 bits, this is usually because of a duplex mismatch or maximum cable length exceeded.

In which duplex operations are collisions considered normal?

Half-duplex (A)

SSH (Secure Shell) uses TCP port 23.

False (B)

Why is SSH preferred over Telnet for remote management?

Provides strong encryption for secure remote connections.

To enable SSH on a switch, the IOS filename must include the combination ______ .

k9

Match the SSH configuration step with the appropriate command:

Configure the IP domain = ip domain-name domain-name Generate RSA key pairs = crypto key generate rsa Configure user authentication = username username secret password Enable SSH on vty lines = transport input ssh

Which command is used to display the version and configuration data for SSH on a device?

show ip ssh (B)

The enable secret password command is used to encrypt all passwords in the configuration file.

False (B)

What is the primary purpose of configuring a banner message?

Provide legal notification of unauthorized access.

For both Cisco switches and routers, the command used to save changes is ______ .

copy running-config startup-config

Match the description to the router configuration:

ip address ip-address subnet-mask = Configure a router interface's IPV4 address. ipv6 address ipv6-address/prefix = Configure a router interface's IPV6 address. no shutdown = Activates a router interface. description text = Documents the interfaces connection for maintenance.

By default, are LAN and WAN interfaces activated on a Cisco router?

No, all interfaces are deactivated by default. (C)

A loopback interface is physically connected to another device.

False (B)

What is the purpose of configuring a loopback interface on a router?

Help in testing internal routing processes, by emulating networks behind the router.

Both show ip interface brief and_show ipv6 interface brief_ commands are to display a summary for all ______ .

interfaces

Match 'show' command with its description related to troubleshooting direct connected networks

'show ip interface brief' = Display the summary for all interfaces including the IPv4 or IPv6 address. 'show running-config interface interface-id' = This shows a comprehensive listing of how the specified interface is configured. 'show ip route' = This shows the devices current routing table. Code "C" illustrates local area network connections.

When a router interface is configured with a global unicast address and is in the 'up/up' state, how is this represented in the IPv6 routing table?

As a directly connected network indicated by 'C' (B)

In a Cisco switch or router, a terminal length of 0 prevents pausing between screens of output.

True (A)

What does the show interface history command do?

Displays shows the contents of the buffer.

Use the switch ______ to monitor switch activity and performance: SYST, RPS, STAT, DUPLX, SPEED, and PoE.

LEDs

Match the Term with it's Description for commands

terminal length 0 = Prevents the router from pausing between screens of output show running-config interface interface-id = Displays the commands applied to the specific interface of a router or switch. show ip ssh = Displays the version and configuration data for SSH from a router and switch.

Flashcards

Switch POST

The switch loads a power-on self-test (POST) program stored in ROM, POST checks the CPU subsystem.

Boot Loader

The switch loads the boot loader software which is a small program stored in ROM that is run immediately after POST successfully completes.

CPU Initialization

The boot loader performs low-level CPU initialization, initializing the CPU registers.

Flash File System Initialization:

The boot loader initializes the flash file system on the system board.

IOS Loading

The boot loader locates and loads a default IOS operating system software image into memory and gives control of the switch over to the IOS.

Switch Auto Boot

The switch attempts to automatically boot by using information in the BOOT environment variable.

IOS Interface Initialization

IOS operating system then initializes the interfaces using the Cisco IOS commands found in the startup-config file.

System LED (SYST)

This shows whether the system is receiving power and functioning properly.

Port Status LED (STAT)

When green, indicates port status mode is selected. Port status can then be understood by the light associated with each port.

Port Duplex LED (DUPLX)

When green, indicates port duplex mode is selected. Port duplex can then be understood by the light associated with each port.

Port Speed LED (SPEED)

When green, indicates port speed mode is selected. Port speed can then be understood by the light associated with each port.

Power over Ethernet LED (PoE)

Present if the switch supports PoE, indicates the PoE status of ports on the switch.

Boot Loader Access

The boot loader has a command line that provides access to the files stored in flash memory.

Switch Remote Access

The switch must be configured with an IP address and a subnet mask in order to prepare for remote management access.

Default Gateway

The switch must be configured with a default gateway in order to manage the switch from a remote network.

Full-Duplex

Full-duplex communication increases bandwidth efficiency by allowing both ends of a connection to transmit and receive data simultaneously.

Autonegotiation Failure

Autonegotiation failure creates mismatched settings.

show interfaces

show interfaces command displays status and statistics information on the network interfaces of the switch.

Interface Hardware Layer Status

The first parameter (FastEthernet0/18 is up) refers to the hardware layer and indicates whether the interface is receiving a carrier detect signal.

Data Link Layer

The second parameter (line protocol is up) refers to the data ink layer and indicates whether the data link layer protocol keepalives are being received.

Runts

Ethernet frames that are shorter than the 64-byte minimum allowed length are called runts.

Giants

Ethernet frames that are larger than the maximum allowed size are called giants.

CRC Errors

On Ethernet and serial interfaces, CRC errors usually indicate a media or cable error.

Late collision

A late collision refers to a collision that occurs after 512 bits of the frame have been transmitted.

Telnet

Telnet (using TCP port 23) is an older protocol that uses unsecure plaintext transmission

SSH

SSH (using TCP port 22) provides security for remote connections by providing strong encryption

SSH Configuration

You must verify that the switch supports it, configure the IP domain, generate RSA key pairs, configure use authentication, configure the VTY lines, and enable SSH version 2.

show ip SSH

Use the show ip ssh command to display the version and configuration data for SSH on the device.

Authentication banner

Configure a banner to provide legal notification of unauthorized access

Routers Config

Router to provide legal notification of unauthorized access

Layer 2 Switch support LANs

Layer 2 switches support LANs; therefore, they have multiple FastEthernet or Gigabit Ethernet ports

Router LANs and WANs

Routers support LANs and WANs and can interconnect different types of networks; therefore, they support many types of interfaces

Address Commands

The ip address ip-address subnet-mask and the ipv6 address ipv6-address/prefix interface configuration commands

Device interface needs to be activated

Activate with no shutdown command, The interface must also be connected to another device (a hub, a switch, or another router) for the physical layer to be active.

show ip interface command

Displays a summary for all interfaces including the IPv4 or IPv6 address of the interface and current operational status

Show config interface id

Displays the commands applied to the specified interface

Show route

These display the contents of the IPv4 or IPv6 routing table stored in RAM

Enable the filtering:

Use filter expressions: section, include, exclude, and begin

Study Notes

Module 1: Basic Device Configuration

• The module focuses on configuring devices using security best practices.

Module Objectives

• Configure a switch with initial settings.
• Configure switch ports to meet network requirements.
• Configure secure management access on a switch.
• Configure basic router settings to route between two directly-connected networks using CLI.
• Verify connectivity between two directly connected networks.

1.1 Configure a Switch with Initial Settings

• It covers the initial configurations of a Cisco switch.

Switch Boot Sequence

• Step 1: The switch loads a power-on self-test (POST) program from ROM, checking the CPU subsystem, DRAM, and flash file system.
• Step 2: Loads the boot loader software, a small program stored in ROM that runs after POST.
• Step 3: The boot loader performs low-level CPU initialization, including initializing CPU registers for memory mapping, quantity, and speed.
• Step 4: The boot loader initializes the flash file system on the system board.
• Step 5: The boot loader locates and loads the default IOS operating system software image into memory. The switch gives control over to the IOS.

The boot system Command

• The switch attempts to automatically boot, using info in the BOOT environment variable. If unset, it tries to load and execute the first executable file.
• The IOS operating system initializes interfaces using Cisco IOS commands found in the startup-config file, named config.text, located in flash.
• Setting the BOOT environment variable requires the boot system global configuration mode command specifying the IOS location. show boot displays the current IOS boot file.

Switch LED Indicators

• SYST: Shows the system's power and functioning status.
• RPS: Indicates the Redundant Power Supply status.
• STAT (Port Status): Port status mode (default). The light shows the light status by port.
• DUPLX (Port Duplex): Indicates port duplex mode selected. The light shows the duplex mode per port.
• SPEED (Port Speed): Indicates port speed mode selected. The light indicates the speed per port.
• PoE (Power over Ethernet): Indicates PoE status if the switch supports PoE.
• The Mode button changes modes: STAT, DUPLX, SPEED, and PoE.

Switch LED Indicators (Cont.)

• RPS Off, means no RPS is ready. RPS green means RPS is ready. RPS blinking green means RPS is up but unavailable. RPS amber implies standby or fault. RPS blinking amber is internal PS failed with RPS providing power.
• PoE off is not selected or there are no issues. PoE green is selected. PoE disabled is amber. PoE is off due to fault in amber blinking state. PoE is denied due to over budget in the case of alternating green and amber.
• STAT green means Link Up. STAT amber is port blocked preventing loop. STAT alternating green/amber mean link fault.
• DUPLX green is full-duplex while amber means port blocked preventing loop.
• Speed, Off equals 10Mbps, Green equals 100Mbps and Blinking Green means 1000Mbps.

Recovering from a System Crash

• The boot loader provides switch access if the OS is unusable, due to missing/damaged files.
• Access to files in flash memory are available with the boot loader command line through a console connection.
• Step 1: Connect a PC to the switch console port via console cable, and configure terminal emulation software.
• Step 2: Unplug the switch power cord.
• Step 3: Reconnect power while holding the Mode button for 15 seconds; System LED flashes green.
• Step 4: Hold Mode, until the System LED briefly turns amber, then solid green, release Mode.
• Step 5: The boot loader switch: prompt appears.
• The boot loader command line, supports re-installing the OS or a lost password.

Switch Management Access

• Remote switch management needs IP address and subnet mask configuration.
• Remote network switch management needs a default gateway.
• The switch virtual interface (SVI) should be assigned an IP address.
• The SVI is a virtual interface, not a physical port.
• A console cable configures the device initially.

Switch SVI Configuration Example

• Switches are configured to have management controlled through VLAN 1 by default where all ports are assigned to VLAN 1 by default.
• As a security practice you should not use VLAN 1 for management.
• Configure the Management Interface by applying an IPv4 address and a subnet mask is applied to the management SVI of the switch.
• SVI for VLAN 99 will not appear until VLAN 99 exists and there is a connected device on it's switch port.
• Switches may need IPv6 config with sdm prefer dual-ipv4-and-ipv6 default, then reload.

Switch SVI Configuration Example (Cont.)

• Commands
• Enter global configuration mode with configure terminal
• Enter the interface configuration mode for the SVI with: interface vlan 99
• Apply the IPv4 address: ip address 172.17.99.11 255.255.255.0
• Apply the IPv6 address: ipv6 address 2001:db8:acad:99::1/64
• Enable the SVI: no shutdown
• Return to privileged EXEC mode: end
• Save the running config: copy running-config startup-config

Switch SVI Configuration Example (Cont.)

• Switches MUST be configured with a default gateway if it will be managed remotely from networks that are not directly connected.
• Switches do not require IPv6 default gateway when default information comes via a router advertisement (RA).
• Configure the default gatway by entering global configuration mode with: configure terminal
• Configure default gateway with ip default-gateway 172.17.99.1
• Exit the configuration mode with end

Switch SVI Configuration Example (Cont.)

• Useful commands to determine the status of virtual and physical interfaces are the show ip interface brief and show ipv6 interface brief.
• The output confirms Interface VLAN 99 is configured with IPv4 and IPv6.
• Note: Applying an IP address to the SVI is only for remote management access. This alone will not allow it to route layer 3 packets.

1.2 Configure Switch Ports

• It covers the configuration of switch ports.

Duplex Communication

• Full-duplex communication boosts bandwidth by allowing simultaneous data TX/RX, and avoids the collisions of half-duplex.
• A switch port in full-duplex mode with one device connected creates a microsegmented LAN without collisions.
• Full-duplex mode: collision detection is disabled, 100% efficiency in both directions, doubling available bandwidth.

Configure Switch Ports at the Physical Layer

• Switch ports have configurable duplex/speed settings via duplex and speed commands.
• Default duplex/speed setting for Cisco Catalyst 2960/3560 switches is auto (10/100/1000 ports will operate in either half or full duplex).
• Use autonegotiation for unknown/changing device settings on the port. Manually set the speed and duplex for servers, dedicated workstations, and network devices.
• Mismatched duplex/speed leads to connectivity issues. Autonegotiation failure leads to mismatched setting.
• Fiber-optic ports work at one preset speed as full-duplex.

Configure Switch Ports at the Physical Layer (Cont.)

• Examples of tasks
• Enter global configuration mode with configure terminal
• Enter interface configuration mode with interface FastEthernet 0/1
• COnfigure the interface duplex with duplex full
• Configure the interface speed with speed 100
• Return to the privileged EXEC mode with end

Auto-MDIX

• Auto-MDIX detects the cable connection type and configures the connection appropriately.
• Straight-through cables connect switches without Auto-MDIX to devices like servers, workstations, or routers; crossover cables connect to other switches or repeaters.
• Enable auto-MDIX with the mdix auto command, with interface speed & duplex needs to be set autimatically for feature to work right.
• Auto-MDIX is default on Catalyst 2960/3560, and older Catalyst 2950/3550 switches do not have Auto-MDIX.
• Commands include: show controllers ethernet-controller

Switch Verification Commands

• Commands
• Display interface status and configuration with show interfaces [interface-id]
• Display current startup confiuration with show startup-config
• Display current running configuration with show running-config
• Display information about flash filesystem with show flash
• Display system hardware and software status with show version
• Display a history of commands entered with show history
• Display IP info with show ip interface [interface-id]
• Display MAC address table with show mac-address-table

Verify Switch Port Configuration

• The show running-config command checks switch configuration for correctness.
• Check if the Fast Ethernet 0/18 interface is configured with the management VLAN 99. Check if the VLAN 99 is configured with the IPv4 address and whether the default gateway is properly set.

Verify Switch Port Configuration (Cont.)

• Use show interfaces shows status/statistics of switch network interfaces.
• First output line of show interface is the FastEtherNet 0/18 meaning the interface is operational. The duplex is shown as being full and the speed is 100 Mbps.

Network Access Layer Issues

• The output line shows information of show interfaces can be used to detect media issues.
• Possible fixes:
• Issue exists where interface is up and line protocol is down.
• problem exists when both protocol and interface is down
• interface has been disabled when administratively down

Network Access Layer Issues (Cont.)

• Common media errors diagnosable with show interfaces include Input Errors (runts/giants/CRC, no buffer and so on) and CRC errors are indicated when the calculated checksum doesn't equal the expected.

Interface Input and Output Errors

• A summary of all errors in datagrams received on an interface are "Input errors" that the show interfaces shows.
• The show interfaces output include: runt frames, giant frames and CRC errors, along with other errors.

Interface Input and Output Errors (Cont.)

• "Output errors" is total errors, which prevented final datagram transmission via the inspected interface and can be shown with show interfaces.
• Collisions occur in half-duplex operations, with no collisions with full-duplex communication.
• Late collisions happen when collisions occur after 512 frame bits have been transmitted. Excessive is the cables cause, incorrect misconfiguration.

Troubleshooting Network Access Layer Issues

• Troubleshooting steps involving switch and another devices, include show interfaces command to check interface.
• Then, check EMI, Duplex and Cables.

1.3 Secure Remote Access

• This discusses ways of securing remote access to network devices.

Telnet Operation

• Telnet uses TCP port 23.
• Username and password are sent plain text unencrypted
• Attacker can monitor capture using Wireshark
• User admin and password CCNA can be captured during Telnet session.

SSH Operation

• Secure Shell (SSH) is a type of secure that uses TCP port 22 which provides encrypted remote management.
• Replace it with Telnet for management connections.
• Session can be tracked via IP, credentials are encrypted (unlike Telnet).

Verify the Switch Supports SSH

• To enable SSH, a Catalyst 2960 switch needs a version of the IOS software with cryptographic features and capabilities.
• show version to check the switch's IOS. An "k9" in the IOS filename indicates that the switch contains cryptographic (encrypted) features and capabilities .

Configure SSH

• Before SSH config, the switch hostname must be unique with network connectivity.
• Step 1: Verify SSH support with with: show ip ssh
• Step 2: Configure the IP domain with ip domain-name domain-name
• Step 3: Generate RSA key pairs with crypto key generate rsa to enable server. Delete wiht: crypto key zeroize rsa`.
• Step 4: Configure user authentication to use the local authentication with username and password: username username secret password
• Step 5: Configure the vty lines and enable the SSH protocol with with: transport input sshand locally with: login local line
• Step 6: Enable SSH version 2 with ip ssh version 2

Verify SSH is Operational

• Third party SSH clients, such as PuTTY, should be used to an SSH server such as that configured on the Cisco device.
• Verify that show ip ssh confirms the operation to be enabled.

1.4 Basic Router Configuration

Configure Basic Router Settings

• Configure the basic router or switches settings so that they can have a similar operational set. Commands:
• hostname R1 where the hostname is assigned
• enable secret class enable a secure password
• Access through enable secret and line.
• Configuring a banner that notifies access.

Configure Basic Router Settings (Cont.)

• Set a banner by entering configuration mode and typing `banner motd $ Authorized Access Only! $
• Enable all modes and save changes.

Basic Router Configuration

• The topology uses a stack to configure IPv6 and IPv4 interfaces.

Configure Router Interfaces

• Routers use LAN and WAN interfaces to support network connections of different types.
• Available interfaces MUST be a global address.

Configure Router Interfaces (Cont.)

• Command to configure interface:
• interface gigabitethernet 0/0/0
• After entering configuration mode, assign the IP address, IPv6 address and description. If appropriate, shut it down.

IPv4 Loopback Interfaces

• A common configuration of the Cisco IOS is to enable the loopback interface
• Loopback interface is a network interface that is local to the router.
• Commands
• Router(config)# interface loopback number -Router(config-if)# ip address ip-address subnet-mask

1.5 Verify Directly Connected Networks

Interface Verification Commands

• To identify interface commands, useful steps are show ip interface brief where a summary with the IPv4 and IPv6 is displayed
• Commands can be applied to the specified interface.

Verify Interface Status

• show ip interface brief is used to identify the status.
• They can be used together to see that interfaces are correctly configured.

Verify IPv6 Link Local and Multicast Addresses

• Output of the show ipv6 interface brief displays IPv6 address. One addess is the IPv6 global unicast address.
• Show IPv6 interface displays the multicast addresses.

Verify Interface Configuration

• The current config can be looked at by running command show.
• The show interfaces command can be more detailed and show information.

Verify Routes

• Show how "show ip routes and IPV6" commands
• Can verify interfaces.

Filter Show Command Output

• Terminal length command specifies lines displayed and a value of 0 prevents a router from pausing at line screens.
• Commands can be filtered.

Command History Feature

• A listing of the executed commands can be accessed to be recalled.

What Did I Learn In This Module?

• Five step boot
• Use LEDs to monitor switch performances such as SYST, RPX, STAT and POE.
• Setup remote management with ip address and subnet mask.

What Did I Learn In This Module? (Cont.)

• Commands that can be used when verifying switch configurations include TELNET to verify switch.
• To configure SSH, verify that commands such as username, password and enable secret must be secured by SSH on devices.

What Did I Learn In This Module? (Cont.)

• One feature between switches
• Routers can interconnect devices so they both must be up to see interfaces.
• Commands - List current status, check history and view the list.

Module 1: Basic Device Configuration

• New Terms and Commands
  • boot system flash
  • Power over Ethernet (PoE)
  • duplex
  • speed
  • auto-mdix
  • show controllers ethernet controller X phy
  • show flash
  • show history
  • show ip ssh
  • ip ssh version 2
  • Loopback Interface
  • interface loopback x
  • include
  • exclude
  • section
  • show history
  • terminal history size

Description

Learn how to configure a Cisco switch with initial settings. Understand the switch boot sequence, and configure the hostname. Practice security best practices for device configuration.