Latest News

Home Switch Configuration - Module 28

Switch Configuration - Module 28



                                                      Overview 


   
28.1 Starting the Switch   
28.1.1 Physical startup of the Catalyst switch 
28.1.2 Switch LED indicators 
28.1.3 Verifying port LEDs during switch POST 
28.1.4 Viewing initial bootup output from the switch 
28.1.5 Examining help in the switch CLI 
28.1.6 Switch command modes 
28.2 Configuring the Switch   
28.2.1 Verifying the Catalyst switch default configuration 
28.2.2 Configuring the Catalyst switch 
28.2.3 Managing the MAC address table 
28.2.4 Configuring static MAC addresses 
28.2.5 Configuring port security 
28.2.6 Executing adds, moves, and changes 
28.2.7 Managing switch operating system file 
28.2.8 1900/2950 password recovery 
28.2.9 1900/2950 firmware upgrade   
 Summary 

   Overview

   
A switch is a Layer 2 network device that acts as the concentration point for the connection of workstations, servers, routers, hubs, and other switches.

A hub is an older type of concentration device that also provides multiple ports. However, hubs are inferior to switches because all devices connected to a hub share the bandwidth and the same collision domain. Another drawback to hubs is that they only operate in half-duplex mode. In half-duplex mode, hubs can only send or receive data at any given time, but they cannot do both at the same time. Switches can operate in full-duplex mode, which means they can send and receive data simultaneously.

Switches are multi-port bridges. Switches are the current standard technology for Ethernet LANs that utilize a star topology. A switch provides many dedicated, point-to-point virtual circuits between connected network devices, so collisions are not likely to occur.

Because of the dominant role of switches in modern networks, the ability to understand and configure switches is essential for network support.

New switches have a preset configuration with factory defaults. This configuration rarely meets the needs of network administrators. Switches can be configured and managed from a command-line interface (CLI). Network devices can also be configured and managed through a web based interface and a browser.

Network administrators must be familiar with all tasks associated with the management of networks with switches. Some of these tasks include maintenance of the switch and its IOS. Other tasks include management of the interfaces and tables for optimal, reliable, and secure operation. Basic switch configuration, IOS upgrades, and password recovery are essential network administrator skills.

This module covers some of the objectives for the CCNA 640-801 and ICND 640-811 exams.  

Students who complete this module should be able to perform the following tasks:

  • Identify the major components of a Catalyst switch
  • Monitor switch activity and status with the use of LED indicators
  • Examine the switch bootup output with the use of HyperTerminal
  • Use the help features of the command-line interface
  • List the major switch command modes
  • Verify the default settings of a Catalyst switch
  • Set an IP address and default gateway for the switch to allow connection and management over a network
  • View the switch settings with a Web browser
  • Configure interfaces for speed and duplex operation
  • Examine and manage the switch MAC address table
  • Configure port security
  • Manage configuration files and IOS images
  • Perform password recovery on a switch
  • Upgrade the IOS of a switch


  28.1  Starting the Switch  
  28.1.1  Physical startup of the Catalyst switch    
 
This page will explain the features, functions, and startup of switches.

Switches are dedicated, specialized computers that contain a central processing unit (CPU), random access memory (RAM), and an operating system. As shown in Figure , switches usually have several ports that hosts can connect to, as well as specialized ports for the purpose of management. Switches can be managed and the configuration can be viewed and changed through the console port.

Switches typically have no power switch to turn them on and off. They simply connect or disconnect from a power source.

Several switches from the Cisco Catalyst 2900 series are shown in Figure . There are 12-port, 24-port, and 48-port models. The top two switches in Figure  are fixed configuration symmetrical switches that offer FastEthernet on all ports or a combination of 10Mbps and 100Mbps ports. The next three switches are asymmetrical models with two fixed fiber or copper Gigabit Ethernet ports. The bottom four switches are asymmetrical models with modular Gigabit Interface Converter (GBIC) slots, which can accommodate a variety of copper and fiber media options.

  28.1  Starting the Switch 
  28.1.2  Switch LED indicators   

The front panel of a switch has several lights to help monitor system activity and performance. These lights are called light-emitting diodes (LEDs). This page will discuss the LEDs on the front of a switch:

  • System LED
  • Remote Power Supply (RPS) LED
  • Port Mode LEDs
  • Port Status LEDs
The System LED shows whether the system is receiving power and functioning correctly.
The RPS LED indicates whether or not the remote power supply is in use.

The Mode LEDs indicate the state of the Mode button. The modes are used to determine how the Port Status LEDs are interpreted. To select or change the port mode, press the Mode button repeatedly until the Mode LEDs indicate the desired mode.

Figure  describes the Port Status LED colors as these are dependent on the value of the Mode LEDs.


  28.1  Starting the Switch  
  28.1.3  Verifying port LEDs during switch POST   
 
This page will explain how LEDs can be used to determine if a switch works properly and has established a link with its target.

Once the power cable is connected, the switch initiates a series of tests called the power-on self test (POST). POST runs automatically to verify that the switch functions correctly. The System LED indicates the success or failure of POST. If the System LED is off but the switch is plugged in, then POST is running. If the System LED is green, then POST was successful. If the System LED is amber, then POST failed. POST failure is considered to be a fatal error. Reliable operation of the switch should not be expected if POST fails.

The Port Status LEDs also change during POST. The Port Status LEDs turn amber for about 30 seconds as the switch discovers the network topology and searches for loops. If the Port Status LEDs turn green, the switch has established a link between the port and a target, such as a computer. If the Port Status LEDs turn off, the switch has determined that nothing is plugged into the port.


  28.1  Starting the Switch  
  28.1.4  Viewing initial bootup output from the switch    
 
This page will explain how HyperTerminal can be used to check and configure a switch.

In order to configure or check the status of a switch, connect a computer to the switch in order to establish a communication session. Use a rollover cable to connect the console port on the back of the switch to a COM port on the back of the computer.

Start HyperTerminal on the computer. A dialog window will be displayed.  The connection must first be named when initially configuring the HyperTerminal communication with the switch. Select the COM port to which the switch is connected from the pull-down menu, and click the OK button. A second dialog window will be displayed. Set up the parameters as shown in Figure , and click the OK button.

Plug the switch into a wall outlet. The initial bootup output from the switch should be displayed on the HyperTerminal screen.  This output shows information about the switch, details about POST status, and data about the switch hardware.

After the switch has booted and completed POST, prompts for the System Configuration dialog are presented. The switch may be configured manually with or without the assistance of the System Configuration dialog. The System Configuration dialog on the switch is simpler than that on a router.


  28.1  Starting the Switch  
  28.1.5  Examining help in the switch CLI    
 
This page will explain how the help system is used in the CLI of Cisco switches.
The CLI for Cisco switches is very similar to the CLI for Cisco routers.

To use the help system enter a question mark (?). When this sign is entered at the system prompt, a list of commands available for the current command mode is displayed.

The help system is very flexible. To obtain a list of commands that begin with a particular character sequence, enter those characters followed immediately by the question mark (?). Do not enter a space before the question mark. This form of help is called word help, because it completes a word.

To list keywords or arguments that are associated with a particular command, enter one or more words associated with the command, followed by a space and then a question mark (?). This form of help is called command syntax help, because it provides applicable keywords or arguments based on a partial command.


  28.1  Starting the Switch  
  28.1.6  Switch command modes    
 
This page will discuss two switch command modes. The default mode is User EXEC mode. The User EXEC mode is recognized by its prompt, which ends in a greater-than character (>). The commands available in User EXEC mode are limited to those that change terminal settings, perform basic tests, and display system information. Figure  describes the show commands that are available in User EXEC mode.

The enable command is used to enter Privileged EXEC mode from User EXEC mode. Privileged EXEC mode is also recognized by its prompt, which ends in a pound-sign character (#). The Privileged EXEC mode command set includes the configure command as well as all commands from the User EXEC mode. The configure command allows other command modes to be accessed. Because these modes are used to configure the switch, access to Privileged EXEC mode should be password protected to prevent unauthorized use. If a password is set, users are prompted to enter the password to gain access to Privileged EXEC mode. The password does not appear on the screen, and is case sensitive.


  28.2  Configuring the Switch  
  28.2.1  Verifying the Catalyst switch default configuration    
 
This page will teach students about the default configuration of a switch and how to verify it.

When powered up for the first time, a switch has default data in the running configuration file. The default hostname is Switch.  No passwords are set on the console or virtual terminal (vty) lines.

A switch may be given an IP address for management purposes. This is configured on the virtual interface, VLAN 1. By default, the switch has no IP address.

The switch ports or interfaces are set to auto mode , and all switch ports are in VLAN 1.  VLAN 1 is known as the default management VLAN.

The flash directory by default, has a file that contains the IOS image, a file called env_vars, and a sub-directory called html. After the switch is configured, the flash directory will contain a file called config.text as well as a VLAN database. As seen in Figure , the flash directory does not contain a config.text file or a VLAN database file called vlan.dat.

The IOS version and the configuration register settings can be verified with the show version command.

In this default state, the switch has one broadcast domain and the CLI can be used to manage and configure the switch through the console port. The Spanning-Tree Protocol is also enabled, and allows the bridge to construct a loop-free topology across an extended LAN.

For small networks, the default configuration may be sufficient. The benefits of better performance with microsegmentation are obtained immediately.


   28.2  Configuring the Switch  
  28.2.2  Configuring the Catalyst switch   
 
This page will teach students how to configure a switch.

A switch may be preconfigured and only passwords may need to be entered for the User EXEC or Privileged EXEC modes. Switch configuration mode is entered from Privileged EXEC mode.

In the CLI, the default Privileged EXEC mode prompt is Switch#. In User EXEC mode the prompt is Switch>.

The following steps will ensure that a new configuration will completely overwrite the current configuration:

  • To remove the current VLAN information, delete the VLAN database file called vlan.dat from the flash directory
  • Erase the back up configuration file called startup-config
  • Restart the switch with the reload command 
Security, documentation, and management are important for every network device.
A switch should be given a hostname, and passwords should be set on the console and vty lines.

A switch should be assigned an IP address so that it can be accessed remotely using Telnet or other TCP/IP applications. A switch should be assigned a default gateway so that when working from the command line interface, other networks can be accessed.

By default, VLAN 1 is the management VLAN. The management VLAN is used to manage all of the network devices on a network. In a switch-based network, all network devices should be in the management VLAN. All ports belong to VLAN 1 by default. A best practice is to remove all of the access ports from VLAN 1 and place them in another VLAN. This allows for management of network devices while keeping traffic from the network hosts off of the management VLAN.

The Fast Ethernet switch ports default to auto-speed and auto-duplex. This allows the interfaces to negotiate these settings. Network administrators can manually configure the interface speed and duplex values if necessary.

Some network devices can provide a web-based interface for configuration and management purposes. Once a switch is configured with an IP address and gateway, it can be accessed in this way. A web browser can access this service using the IP address and port 80, the default port for http. The HTTP service can be turned on or off, and the port address for the service can be chosen.

Any additional software such as an applet can be downloaded to the browser from the switch. Also, the switch can be managed by a browser based graphical user interface (GUI).  

  28.2  Configuring the Switch  
  28.2.3  Managing the MAC address table  
 
This page will explain how switches create and manage MAC address tables.

Switches examine the source address of frames that are received on the ports to learn the MAC address of PCs or workstations that are connected to it. These learned MAC addresses are then recorded in a MAC address table. Frames that have a destination MAC address that has been recorded in the table can be switched out to the correct interface.

The show mac-address-table command can be entered in the Privileged EXEC mode to examine the addresses that a switch has learned.

A switch dynamically learns and maintains thousands of MAC addresses. To preserve memory and for optimal operation of the switch, learned entries may be discarded from the MAC address table. Machines may have been removed from a port, turned off, or moved to another port on the same switch or a different switch. This can cause confusion when frames are forwarded. For all these reasons, if no frames are seen with a previously learned address, the MAC address entry is automatically discarded or aged out after 300 seconds.

Rather than wait for a dynamic entry to age out, network administrators can use the clear mac-address-table command in Privileged EXEC mode.  MAC address entries configured by network administrators can also be removed with this command. This method to clear table entries ensures that invalid addresses are removed immediately.


  28.2  Configuring the Switch  
  28.2.4  Configuring static MAC addresses    
 
This page will explain how static MAC addresses are configured on a Catalyst 2900 switch.
A MAC address can be permanently assigned to an interface. The following are reasons to assign a permanent MAC address to an interface:

  • The MAC address will not be aged out automatically by the switch.
  • A specific server or user workstation must be attached to the port and the MAC address is known.
  • Security is enhanced.
The following command can be used to configure a static MAC address for a switch:

Switch(config)#mac-address-table static <mac-address of host > interface FastEthernet <Ethernet number > vlan <vlan name >
The following command can be used to remove a static MAC address for a switch:

Switch(config)#no mac-address-table static <mac-address of host > interface FastEthernet <Ethernet number > vlan <vlan name >
In the Lab Activities, students will configure static MAC addresses.

  28.2  Configuring the Switch  
  28.2.5  Configuring port security    
 
This page will explain why port security is important and how it is configured on a Catalyst 2950 switch.

Network security is an important responsibility for network administrators. Access layer switch ports are accessible through the structured cabling at wall outlets. Anyone can plug in a PC or laptop into one of these outlets. This is a potential entry point to the network by unauthorized users. Switches provide a feature called port security. It is possible to limit the number of addresses that can be learned on an interface. The switch can be configured to take an action if this is exceeded.  Secure MAC addresses can be configured statically. However, it is a complex task to configure secure MAC addresses statically, and is usually prone to error.

An alternative approach is to set port security on a switch interface. The number of MAC addresses per port can be limited to 1. The first address dynamically learned by the switch becomes the secure address.

To reverse port security on an interface use the no form of the command.
The command show port security can be used to verify port security status.

  28.2  Configuring the Switch  
  28.2.6  Executing adds, moves, and changes   
 
This page will discuss some items that should be configured before a switch is added to a network.

The following are parameters that should be configured on a new switch that is added to a network:

  • Switch name
  • IP address for the switch in the management VLAN
  • A default gateway
  • Line passwords
When a host is moved from one port or switch to another, configurations that can cause unexpected behavior should be removed. The switch can then be reconfigured to reflect the changes.

 28.2  Configuring the Switch  
  28.2.7  Managing switch operating system file    
 
This page will teach students how to document and maintain the operational configuration files for network devices.

Network administrators should document and maintain the operational configuration files for network devices. The most current running-configuration file should be backed up on a server or disk. This is not only essential documentation, but is very useful if a configuration needs to be restored.

The IOS should also be backed up to a local server. The IOS can then be reloaded to flash memory if needed.
  28.2  Configuring the Switch  
  28.2.8  1900/2950 password recovery   
 
This page will discuss the importance of passwords and explain how they are recovered.

For security and management purposes, passwords must be set on the console and vty lines. An enable password and an enable secret password must also be set. These practices help ensure that only authorized users have access to the User and Privileged EXEC modes of the switch.

There will be circumstances where physical access to the switch can be achieved, but access to the User or Privileged EXEC mode cannot be gained because the passwords are not known or have been forgotten.

In these circumstances, a password recovery procedure must be followed.
  28.2  Configuring the Switch  
  28.2.9  1900/2950 firmware upgrade    
 
This page will explain the purpose of IOS and firmware upgrades and how they are performed.

IOS and firmware images are periodically released with bugs fixes, new features, and performance improvements. If the network can be made more secure, or can operate more efficiently with a new version of the IOS, then the IOS should be upgraded.

To upgrade the IOS, download a copy of the new image to a local server from the Cisco Connection Online (CCO) Software Center.
  Summary   
 
This page summarizes the topics discussed in this module.

Switches are similar to routers. They have basic computer components including a CPU, RAM, and an operating system. There are several ports that are used to connect hosts and for management. LEDs on the front of the switch show the system status, RPS, port mode, and port status. When powered on, a switch performs POST automatically to verify that the switch functions correctly. HyperTerminal can be used to configure or check the status of a switch.

Another similarity to Cisco routers is the CLI. Enter a question mark (?) to access help. A list of available commands will display. Switches provide word help and command syntax help.
Switches and routers have the same command modes. User EXEC is the default and is indicated by the greater-than character (>). The enable command changes User EXEC to Privileged EXEC as indicated by the pound sign (#). Access to Privileged EXEC mode should be password protected to prevent unauthorized use. The configure command allows other command modes to be accessed.
Default data is provided when the switch is powered up for the first time. For management purposes, a switch is assigned an IP address. Use the show version command to verify the IOS version and the configuration register settings.

Once a switch is configured with an IP address and gateway, it can be accessed through a web-based interface. This allows for the configuration and management of the switch. This service can be accessed through a web browser with the IP address and port 80, the default port for http.

A switch dynamically learns and maintains thousands of MAC addresses. If frames with a previously learned address are not received, the MAC address entry is automatically discarded or aged out after 300 seconds. The command clear mac-address-table entered in the Privileged EXEC mode can be used to manually clear address tables.

A permanent MAC address assigned to an interface ensures that the MAC address will not be aged out automatically by the switch and to enhance security. The command mac-address-table static <mac-address of host > interface FastEthernet <Ethernet number > vlan <vlan name > can be used to configure a static MAC address. Use the no form of the command to remove it. The command show port security can be used to verify port security.

The switch name, IP address, default gateway, and line passwords should be configured on a new switch that is added to a network. When a host is moved from one port or switched to another, configurations that can cause unexpected behavior should be removed. Documentation should be maintained for the current configuration and backups to the server or a disk should be performed periodically.




No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Turn Pc On Designed by Templateism.com Copyright © 2014

Theme images by Bim. Powered by Blogger.