Chapter 6
Upon completion of this chapter, you should be able to: Configure switches Configure VLANs Verify configuration settings Troubleshoot problems
Unmanaged Plug in and connect devices Nothing to configure Managed Configure settings, security, switching modes, etc.
6.1
Out-of-band management Means direct maintenance access only Can access when nothing is configured yet Need a computer w/ terminal emulation software & console cable Assign a password to it!
In-band management Browser-based config Telnet remote access (plain-text) One active interface must be configured Secure Shell (SSH) remote access (encrypted)
6.1
Switch> enable (en) Switch# configure terminal (config t) Switch(config)# interface xxx (int) Switch(config-if)# Switch(config)# line xxx Switch(config-line)# Switch(config-line)#exit (goes back one mode) Ctrl+Z or end= (goes back to privileged mode) Switch# disable (goes back to user mode)
Packet Tracer Lab Navigating the IOS
Create a two PC network connected via a switch Setting a name for the switch Limiting access to the device configuration Configuring banner messages Saving the configuration
What are the default hostnames?
Must be in privileged mode
Put switch in a secure location Set passwords & encrypt them Enable password Enable secret password Console password Vty password Encrypt all passwords
We’ll use cisco & class Use passwords that are more than 8 characters Use combination of upper & lowercase letters, numbers, special characters Avoid using the same password for all devices Avoid using common words such as password or administrator END OF DAY 3
In Packet Tracer, complete: Privileged enable password (cisco) Privileged enable secret password (class) Console password (cisco) VTY password (cisco) Banner MOTD Encrypt all passwords Then verify all passwords are encrypted by show run
Startup Config What is saved in NVRAM Switch# copy run start (SAVES CONFIG) Switch# show startup-config (show start) (SHOWS THE CONFIG) Running Config What is running in RAM Make a change= stays in RAM Save the config so it goes to NVRAM for next boot/reboot Switch# show running-config (show run) (SHOWS CONFIG IN RAM)
In order to return the device to its default "out-of-the-box" configuration (comparable to a factory reset): Switch#delete vlan.dat Delete filename [vlan.dat]? Delete flash:vlan.dat? [confirm] Switch#erase startup-config
Configuring a Switch You will perform basic switch configurations. You will secure access to the command-line interface (CLI) and console ports using encrypted and plain text passwords. You will also learn how to configure messages for users logging into the switch. These banners are also used to warn unauthorized users that access is prohibited.
TestOut Modify System Passwords TestOut Practice Questions (5)
What mode do you need to be in to make configuration changes? Privileged If you erase the startup-config, what else will you need to do in order to return the device to factory default? Reload
6.2
Virtual interface Allows remote access Configure switch IP and default gateway
Basic Switch Configuration You will implement basic connectivity by configuring IP addressing on switches and PCs. You will use various show commands to verify configurations and use the ping command to verify basic connectivity between devices. TestOut LAB- Configure Management VLAN Settings TestOut LAB- Configure Switch IP Settings TestOut Practice Questions (3)
6.3
Switch Interfaces
Speed & duplex settings are auto, by default Full duplex, Half duplex, Auto Must match setting of device Half duplex uses CSMA/CD to avoid collisions
If nothing will connect to a port, shut it down GOOD SECURITY MEASURE
TestOut Configure Switch Ports TestOut Practice Questions (4)
6.4
Normally a switch is in one broadcast domain VLAN splits layer 2 switch into multiple broadcast domains (own networks) Isolates traffic to only their own VLAN
Switch#show vlan All ports a member of VLAN by default
1 st : Create the VLANs 2 nd : Assign interfaces to VLANs
Show vlan brief Delete a vlan
TestOut Create VLAN Lab TestOut Explore VLANs Lab TestOut Practice Questions (13) Packet Tracer VLAN Lab
6.5
By default, all ports are access ports Usually connect to an end device (PC, printer, server, etc.) Can only be assigned to 1 VLAN
Can be assigned to multiple VLANs Allows same VLANs to talk between switches
VLAN Trunking Protocol Allows VLAN configuration to be shared Server Mode Client Mode Transparent Mode IEEE 802.1Q encapsulation
Connection is currently in default VLAN1. VLAN10 frames will NOT be sent across. Connection is currently in trunk mode. All VLAN frames will be sent across.
Create the VLANs and name them Assign interfaces to VLANs Connect switches & change mode to trunk You can now connect (ping) to devices in the same VLAN on the other switch
TestOut Configure Trunking Lab
6.6
Could happen with redundant links between switches Can take the network down!
Enabled by default Each switch has a Bridge ID (BID) Will identify which switch is the BOSS! Bridge ID shared when switches turn on Sends BPDU with the ID They then elect a ROOT BRIDGE (the boss) Lowest # On other switches: They look for shortest path to the Root Bridge They disable all other paths to prevent the loop
A switch port goes through & remains in one of these modes: Blocking Listening Learning Forwarding Disabled
TestOut Configuring STP TestOut Selecting a Root Bridge TestOut Find STP Info
6.7
Mismatched duplex settings Could SLOW DOWN transmissions Mismatched speed settings Can only operate at slowest speed BOTH SHOULD BE SET TO AUTO If it’s still slow, it could be poor wiring (crosstalk) Switching Loops Misconfigured VLAN assignments
TestOut Practice Questions (13)
Complete the study guide handout Complete TestOut Practice in Packet Tracer Jeopardy review
Chapter 6