Week 12 Initial Switch Configuration PDF
Document Details
Uploaded by WarmheartedColumbus
Quezon City University
Tags
Summary
This document provides a week 12 presentation on configuring Cisco Catalyst 2960 series switches. It covers topics like switch configuration, learning outcomes, and detailed information about the Cisco Catalyst 2960 Series Intelligent Ethernet switches.
Full Transcript
WEEK 12 INITIAL SWITCH CONFIGURATION NET102 – NETWORKING 2 To get familiar with CISCO 2960 series switch To perform initial switch configuration Understand the commands used in switch...
WEEK 12 INITIAL SWITCH CONFIGURATION NET102 – NETWORKING 2 To get familiar with CISCO 2960 series switch To perform initial switch configuration Understand the commands used in switch configuration 2 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES Cisco Catalyst 2960 Series Intelligent Ethernet switches are a new family of fixed-configuration standalone devices that provide desktop 10/100 Fast Ethernet and 10/100/1000 Gigabit Ethernet connectivity, enabling enhanced LAN services for entry-level enterprise, mid-market, and branch office networks. 3 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES 4 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES Front panel Rear panel 5 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES Switch LEDs The System LED is shown at the top of the LED lights and simply shows that the switch is connected to a power source and is functioning correctly. Redundant Power System (RPS) LED This LED shows you the status of your Redundant Power System (RPS). The RPS is a feature that Cisco uses to protect your switch from power failures that could damage the device. A green LED indicates that the RPS is up and running. If the RPS light is off then the switch isn’t connected to the backup power supply. If you see a flashing green LED then that means the RPS is connected but is providing power to another device. An amber LED tells you the device is in standby mode. However, if this light blinks then that means the device has failed and the RPS is providing backup power. Port Status LED The Port Status LED light is used to tell you when port status mode has been selected. When the LED is green this means that port status mode is in operation. This is the default mode of the switch. A green LED light indicates that the port is in the process of sending or receiving data. When the LED is completely turned off and inactive this means that there is no link. Likewise, if the LED alternates between green and amber then there is a link fault. In the event that the port is blocked, you will be notified with an amber light. 6 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES Switch LEDs Port Duplex LED The Port Duplex LED light is used to indicate when port duplex mode is activated. If you see a green light then all ports that are turned off are in half-duplex mode. A green LED also means that the port is considered to be in full-duplex mode. Port Speed LED The Port Speed LED is used to indicate how well your switch is performing in terms of speed. When there is no active LED then you know the port is operating at 10 Mb/s. A green LED light tells you that the port is operating at a speed of 100 Mb/s. A blinking green LED port tells you that a port is operating quickly at 1000 Mb/s. Power over Ethernet (PoE) Mode When PoE mode is selected the LED light will be on. However, if there is no LED then this means that PoE mode hasn’t been selected for use. A green LED means that PoE has been selected and there will also be additional display colors shown on port LEDs containing further information. If the LED is alternating between green and amber then this means that PoE is being denied. This is because providing power to the device takes more power than the switch can provide. A blinking amber LED light means that PoE is unavailable due to a fault. 7 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES Boot loader For your initial access to the switch, make sure you plug the rollover cable into the switch’s console port and the other end into the COM port of your computer. Start up a terminal emulation program such as HyperTerminal, Tera Term, or PuTTY to view the command-line interface (CLI) output of the switch. When power is applied to the 2960, the switch will begin its bootup process. Flash is first validated, and then the IOS is found, uncompressed, and loaded. 8 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES System Configuration Dialog If no configuration is found, the IOS will run the setup script, commonly called the System Configuration Dialog. This script asks you questions to help it create a basic configuration on the switch. 9 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES System Configuration Dialog 10 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES IP Address and Default Gateway 11 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES Basic switch configuration Using command line configuration (CLI) Step 1: Connect to the console; from the PC desktop tab select Terminal Many Cisco switches use these serial settings: Baud rate: 9600 Data bits: 8 Stop bits: 1 Parity: None Click ok. 12 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES Basic switch configuration Access levels and modes 13 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES Basic switch configuration Using command line configuration (CLI) Step 2: Set a management IP and default gateway The management IP address is where you can log in to the switch for future administrative tasks. Once your management IP is set up, you can use it to SSH into the switch and configure it over the network. First, we access Privileged EXEC mode with the “enable” switch configuration command: Switch>enable Switch# From there, we enter Global Configuration mode with “config t” (or “configure terminal”): Switch#config t [Enter configuration commands, one per line. End with “CNTL/Z”.] Switch(config)# 14 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES Basic switch configuration Using command line configuration (CLI) Step 2: Set a management IP and default gateway Next, we access the VLAN interface: Switch(config)#interface vlan 1 Switch(config-if)# Now, we can assign the management IP and subnet. In this example, I’ll assign 10.10.11.11 with a 255.255.255.0 subnet. Be sure to replace that with the correct values for your switch! Switch(config-if)#ip address 10.10.11.11 255.255.255.0 Switch(config-if)# 15 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES Basic switch configuration Using command line configuration (CLI) Step 2: Set a management IP and default gateway We can exit interface configuration mode and assign a default gateway for the switch from global configuration mode. Switch(config-if)#exit Switch(config)#ip default-gateway 10.10.11.1 Switch(config)# 16 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES Basic switch configuration Using command line configuration (CLI) Step 3: Set hostname and domain name In addition to setting the IP address of the switch, you should give it a logical hostname. To do that, we enter global configuration mode and use the hostname command: Switch(config)#hostname QCUSwitch QCUSwitch(config)# Similarly, we can also add a domain name with the domain command: QCUSwitch(config)#ip domain-name QCU.local QCUSwitch(config)# 17 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES Basic switch configuration Using command line configuration (CLI) Step 4: Set logins on VTY lines and console port Strong passwords are an important part of hardening a managed switch, so next we’ll add a password to all virtual terminal (VTY) lines. Our switch has 16 VTY lines which are used for remote access, so we’ll configure the entire range from 0-15: QCUSwitch(config)#line vty 0 15 QCUwitch(config-line)#password BigSecretDon'tT3ll@ny1 QCUSwitch(config-line)# Next, we’ll exit the VTY configuration, access console line 0, and assign it a separate password: 18 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES Basic switch configuration Using command line configuration (CLI) Step 4: Set logins on VTY lines and console port Next, we’ll exit the VTY configuration, access console line 0, and assign it a separate password: QCUSwitch(config-line)#exit QCUSwitch(config)#line console 0 QCUSwitch(config-line)#password BigSecretForConsoleDon'tT3ll@ny1 QCUSwich(config-line)# 19 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES Basic switch configuration Using command line configuration (CLI) Step 5: Set Privileged EXEC password In addition to password protecting the VTY and console lines, we can and should protect Privileged EXEC mode with a password. We can do that from global configuration mode: QCUSwitch(config-line)#exit QCUSwitch(config)#enable secret Top$ecretPrivEXECpassWORD QCUSwitch(config)# 20 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES Basic switch configuration Using command line configuration (CLI) Step 6: Enable SSH At some point, you’ll find yourself in need of access to your network devices, and you’re not physically in the same room as them. To access a switch’s CLI over the network, you’ll need to use Telnet or SSH. From a security perspective, Telnet is usually a non-starter because data is transmitted in plaintext. That leaves us with SSH. The first step to enabling SSH is generating the RSA keys: QCUSwitch(config)#crypto key generate rsa The name for the keys will be: QCUSwitch.QCU Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus : % Generating 2048-bit RSA keys, keys will be non-exportable...[OK] QCUSwitch(config)# 21 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES Basic switch configuration Using command line configuration (CLI) Step 6: Enable SSH QCUSwitch(config)#ip ssh version 2 Next, we’ll set the SSH version to *Mar 4 7:4:9.374: %SSH-5-ENABLED: SSH 1.99 has been enabled 2: QCUSwitch(config)# Now, we can set SSH up on specific VTY lines. We’ll use the first 6 lines here: QCUSwitch(config)#line vty 0 5 QCUSwitch(config-line)#transport input ssh Finally, we’ll tell the switch to check the local users’ database to authenticate users: QCUwitch(config-line)#login local QCUSwitch(config-line)# 22 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES Basic switch configuration Using command line configuration (CLI) Step 7: Create VLANs One of the most obvious reasons to use a managed switch is the ability to create VLANs to separate network segments. We can do that by using the vlan command, and then assigning our VLAN a name. For example, to create VLAN 2 and name it “Registrar”: QCUSwitch(config-line)#vlan 2 QCUSwitch(config-vlan)#name Registrar QCUSwitch(config-vlan)# You can now exit, and repeat these steps for as many VLANs as you need. 23 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES Basic switch configuration Using command line configuration (CLI) Step 8: Add access ports to a VLAN After we create our VLANs, we can add ports to them. For example, to add ports 5, 6, and 7 as access ports in VLAN 2, we can use these switch configuration commands: QCUSwitch(config-vlan)#exit QCUSwitch(config)#interface range fast QCUSwitch(config)#interface range fastEthernet 0/5-7 QCUSwitch(config-if-range)#switchport mode access QCUSwitch(config-if-range)#switchport access vlan 2 QCUSwitch(config-if-range)# 24 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES Basic switch configuration Using command line configuration (CLI) Step 9: Configure trunk ports If you need one port to transmit traffic from multiple VLANs, you’ll need to designate it a “trunk port”. To make a port a trunk port, we simply access its configuration and set the mode to trunk. For example, to make port 2 on our switch a trunk port: QCUSwitch(config-if-range)#exit QCUSwitch(config)#interface fastEthernet 0/2 QCUSwitch(config-if)#switchport mode trunk QCUSwitch(config-if)# 25 NET102 – NETWORKING 2 WEEK 12 INITIAL SWITCH CONFIGURATION CISCO CATALYST 2960 SERIES SWITCHES Basic switch configuration Using command line configuration (CLI) Step 10: Save configuration When our configuration is complete, we can save our changes to the startup configuration. Don’t forget this step, or all your work will be gone come the next switch reboot! QCUSwitch(config-if)#exit QCUSwitch(config)#exit QCUSwitch# %SYS-5-CONFIG_I: Configured from console by console QCUSwitch#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] QCUSwitch# 26 NET102 – NETWORKING 2 27
