1 Pertemuan 9 Switch Configuration

Discussion Topics Starting the Switch Configuring the Switch 2

Starting the Switch Switches: are dedicated, specialized computers, which contain a central processing unit (CPU), random access memory (RAM), and an operating system; have several ports that hosts can connect to; have specialized ports for the purpose of management; can be managed and the configuration can be viewed and changed through the console port ; typically have no power switch to turn them on and off - simply connect or disconnect from a power source;

Catalyst 2950 series Switches Features Fixed configuration symmetrical switches with all ports being FastEthernet or 10/100; Asymmetrical switches with two fixed fiber or copper Gigabit Ethernet ports; Asymmetrical switches with modular Gigabit Interface Converter (GBIC) slots

LEDs Light-emitting diodes (LEDs) help monitor system activity and performance; on the front of a switch: - System LED - Remote Power Supply (RPS) LED - Port Mode LEDs - Port Status LEDs

LEDs System LED shows whether the system is receiving power and functioning correctly; RPS LED indicates whether or not the remote power supply is in use; Mode LEDs indicate the current state of the Mode button; are used to determine how the Port Status LEDs are interpreted; to select or change the port mode, press the Mode button repeatedly until the Mode LEDs indicate the desired mode. Port Status LEDs have different meanings, depending on the current value of the Mode LED.

Switch Mode LED Indicators

Mode LED

Verifying Port LEDs During Switch POST Power-On Self Test (POST) runs automatically to verify that the switch functions correctly; POST failure is considered to be a fatal error; should not expect a reliable operation of the switch if POST fails.

Verifying Port LEDs During Switch POST Port Status LEDs during POST: turn amber - for about 30 seconds the switch discovers the network topology and searches for loops; turn green the switch has established a link between the port and a target, such as a computer; turn off the switch has determined that nothing is plugged into the port.

Console Connection

Shows information about the switch: details about POST status; data about the switch hardware.

Command-Line Interface (CLI) Command-line interface (CLI) for Cisco switches: is very similar to the CLI for Cisco routers.

“Help” command

“help” command “Help” command Word help to obtain a list of commands that begin with a particular character sequence, enter those characters followed immediately by the question mark (?); do not enter a space before the question mark; it completes a word. Command syntax help to list keywords or arguments that are associated with a particular command, enter one or more words associated with the command, followed by a space and then a question mark (?); provides applicable keywords or arguments based on a partial command.

Command Modes User EXEC Privileged EXEC

User EXEC mode default mode; is recognized by its prompt, which ends in a greater-than character (>); available commands are limited: - to change terminal settings; - to perform basic tests; - to display system information.

“show” command Show commands that are available in User EXEC mode

Privileged EXEC mode to enter enable command is used from User EXEC mode; is recognized by its prompt, which ends in a pound-sign character (#); the command set includes the configure command: - allows other command modes to be accessed; should be password protected to prevent unauthorized use; the password does not appear on the screen, and is case sensitive.

Default Running Configuration when powered up for the first time, a switch has default data in the running configuration file; default hostname - Switch; no passwords are set on the console or virtual terminal (vty) lines; the switch has no IP address ( IP address for management purposes is configured on the virtual interface VLAN 1 )

Verifying the Catalyst Switch Default Configuration show running-config show interface show vlan show flash show version

Default Running Configuration

Default Port Settings Default Running Configuration the switch ports or interfaces are set to auto mode; all switch ports are in VLAN 1; VLAN 1 is known as the default management VLAN.

Default Port Settings

Default Flash Directory Content IOS image file env_vars sub-directory html

Default Flash Directory Content Default Running Configuration by default flash directory contains: - IOS image; - file env_vars; - sub-directory html. flash directory does not contain: - config.text – switch configuration file; - vlan.dat - VLAN database file.

IOS Version and Config. Register show version command – used to verify: IOS version; configuration register settings.

Reset Switch Configuration

Steps to overwrite any existing configuration : Remove the current VLAN information: - delete the VLAN database file vlan.dat from the flash directory Erase the back up configuration file: - delete file startup-config Restart the switch: - use reload command.

Reset Switch Configuration

Hostname and Passwords Configuration

IP address and Default Gateway Configuration IP address Configuration: allows the switch to be accessible by Telnet and other TCP/IP applications

VLAN1 Management VLAN: by default, VLAN 1 is the management VLAN; all internetworking devices should be in the management VLAN; allows a single management workstation to access, configure, and manage all the internetworking devices.

Port Speed and Duplex Settings Configuration

Fast Ethernet switch ports: by default set to auto-speed and auto- duplex (allows the interfaces to negotiate these settings); Network administrators can manually configure the interface speed and duplex values

HTTP Service and Port Configuration Intelligent network devices can provide a web-based interface for configuration and management purposes; Once a switch is configured with an IP address and gateway, it can be accessed by a web-based interface; HTTP services: can be access by a web browser using: - IP address; - port 80 - the default port for http. can be turned on or off, and the port address for the service can be chosen.

HTTP Service and Port Configuration

Configuring the Catalyst Switch Web Management Interface

MAC Address Table Switches examine the source address of frames that are received on the ports; learn the MAC addresses of PCs or workstations that are connected to their switch ports; record learned MAC addresses in a MAC address table.

Check Learned MAC Addresses show mac-address-table command - Privileged EXEC mode examines the addresses that a switch has learned

MAC Address Table Switches: dynamically learn and maintain thousands of MAC addresses; learned entries may be discarded from the MAC address table ( to preserve memory and for optimal operation ) ; the MAC address entry is automatically discarded or aged out after 300 seconds ( if no frames are seen with a previously learned address ).

Check Learned MAC Addresses Clear mac-address-table command - Privileged EXEC mode used to remove dynamically learned MAC addresses; used to remove static MAC address entries.

Managing the MAC Address Table

Static MAC Addresses Static MAC address: permanently assigned to an interface; Reasons for use a Static MAC address: will not be aged out automatically by the switch; a specific server or user workstation must be attached to the port and the MAC address is known; Security is enhanced.

Configuring Static MAC Addresses

Static MAC Addresses To configure: Switch(config)# mac-address-table static interface FastEthernet vlan To remove: Switch(config)# no mac-address-table static interface FastEthernet vlan

Port Security It is possible to limit the number of addresses that can be learned on an interface; the number of MAC addresses per port can be limited to 1; the first address dynamically learned by the switch becomes the secure address.

Port Security Configuration

Port Security To configure port security : Switch(config-if)# switchport port-security To reverse port security: Switch(config-if)# no switchport port-security To verify port security status: Switch(config)# show port security

Adding New Switch Must be configured: Switch name; IP address for the switch in the management VLAN; a default gateway; Line passwords.

Adding New Switch

Moving a Switch Host is moved: from one port or switch to another; configurations that can cause unexpected behavior should be removed; configuration that is required can then be added.

Add, Remove and Change MAC Addresses

Managing Switch Operation An administrator should document and maintain the operational configuration files for networking devices; The most recent running-configuration file should be backed up on a server or disk; The Cisco IOS Software should also be backed up to a local server. The Cisco IOS Software can then be reloaded to Flash memory if needed.

Managing Switch Operation

Enable Security

Passwords must be set on the console and vty lines- for security and management purposes; must be set enable password; must be set enable secret password.

Password Recovery (2950) 1.Make sure that a PC is connected to the console port and a HyperTerminal window is open. 2.Turn the switch off. Turn it back on while holding down the “MODE” button on the front of the switch at the same time that the switch is powered on. Release the “MODE” button after the STAT LED goes out.

Password Recovery (2950) 3.Type flash_init 4.Type load_helper 5.Type dir flash: 6.rename flash:config.text flash:config.old 7.Type boot 8.N at the following prompt to start the Setup program.

Password Recovery (2950) 9.Type rename flash:config.old flash:config.text 10.copy flash:config.text system:running- config

Password Recovery (2950) 11.

Firmware and IOS Images To upgrade the IOS, download a copy of the new image to a local server from the Cisco Connection Online (CCO) Software Center

Summary