1 / 22

Configuring Catalyst Switch Operations

Configuring Catalyst Switch Operations. Configuring a Catalyst Switch. Outline. Overview Catalyst Switch Default Configuration Verification Catalyst Switch IP Address and Default Gateway Configuration Duplexing and Speed Duplex Interface Configuration MAC Address Table Management

ksolt
Download Presentation

Configuring Catalyst Switch Operations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Configuring Catalyst Switch Operations Configuring a Catalyst Switch

  2. Outline • Overview • Catalyst Switch Default Configuration Verification • Catalyst Switch IP Address and Default Gateway Configuration • Duplexing and Speed • Duplex Interface Configuration • MAC Address Table Management • Port Security Configuration • Adds, Moves, and Changes for Access Layer Catalyst Switches • Catalyst Switch Configuration File Management • Summary

  3. Catalyst 2950 Series Default Configuration • IP address: 0.0.0.0 • CDP: enabled • 100BaseT port: autonegotiate duplex mode • Spanning tree: enabled • Console password: none

  4. Port Names on Catalyst 2950 Series Switches wg_sw_2950#show spanning-tree detail Port 11 (FastEthernet0/11) of VLAN0001 is forwarding Port path cost 19, Port priority 128, Port Identifier 128.11. Designated root has priority 1, address 0008.20fc.a840 Designated bridge has priority 1, address 0008.20fc.a840 Designated port id is 128.11, designated path cost 0 Timers: message age 2, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 5, received 1181993 • wg_sw_2950#show run • Building configuration... • Current configuration: • ! • ! • interface FastEthernet0/1 • ! • interface FastEthernet0/2 wg_sw_2950#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24

  5. Configuring the Switch IP Address Catalyst 2950 Series wg_sw_2950(config-if)#ip address {ip_address} {mask} • Configures an IP address and subnet mask for the switch VLAN1 interface wg_sw_2950(config)#interface vlan 1 wg_sw_2950(config-if)#ip address 10.5.5.11 255.255.255.0

  6. Configuring the Switch Default Gateway wg_sw_a(config)#ip default-gateway {ip address} • Configures the switch default gateway for the Catalyst 2950 series switches wg_sw_a(config)#ip default-gateway 10.5.5.3

  7. Showing the Switch IP Address Catalyst 2950 Series wg_sw_2950#show interfaces vlan 1 Vlan1 is up, line protocol is up Hardware is CPU Interface, address is 0008.a445.9b40 (bia 0008.a445.9b40) Internet address is 10.2.2.11/24 . . . wg_sw_2950#

  8. Duplex Overview • Half Duplex (CSMA/CD) • Unidirectional data flow • Higher potential for collision • Hub connectivity • Full Duplex • Point-to-point only • Attached to dedicated switched port • Requires full-duplex support on both ends • Collision-free • Collision detect circuit disabled

  9. Setting Duplex Options Catalyst 2950 Series wg_sw_2950(config)#interface fa0/1 wg_sw_2950(config-if)#duplex {auto | full | half}

  10. Showing Duplex Options Switch#show interfaces fastethernet0/2 FastEthernet0/2 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 0008.a445.9b42 (bia 0008.a445.9b42) MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Half-duplex, 10Mb/s input flow-control is unsupported output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:57, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 323479 packets input, 44931071 bytes, 0 no buffer Received 98960 broadcasts (0 multicast) 1 runts, 0 giants, 0 throttles 1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 36374 multicast, 0 pause input 0 input packets with dribble condition detected 1284934 packets output, 103121707 bytes, 0 underruns 0 output errors, 2 collisions, 6 interface resets 0 babbles, 0 late collision, 29 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out

  11. Managing the MAC Address Table Catalyst 2950 Series wg_sw_2950#show mac-address-table Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- All 0008.a445.9b40 STATIC CPU All 0100.0ccc.cccc STATIC CPU All 0100.0ccc.cccd STATIC CPU All 0100.0cdd.dddd STATIC CPU 1 0008.e3e8.0440 DYNAMIC Fa0/2 Total Mac Addresses for this criterion: 5 wg_sw_2950#

  12. Setting a Static MAC Address Catalyst 2950 Series wg_sw_2950(config)#mac-address-table static mac-addr vlan vlan-id interface interface-id wg_sw_2950(config)# mac-address-table static 0004.5600.67ab vlan 1 interface fastethernet0/2

  13. Configuring Port Security Catalyst 2950 Series wg_sw_2950(config-if)#switchport port-security [mac-address mac-address] | [maximum value] | [violation {protect |restrict | shutdown}] wg_sw_2950(config)#interface fa0/1 wg_sw_2950(config-if)#switchport mode access wg_sw_2950(config-if)#switchport port-security wg_sw_2950(config-if)#switchport port-security maximum 1 wg_sw_2950(config-if)#switchport port-security mac-address 0008.eeee.eeee wg_sw_2950(config-if)#switchport port-security violation shutdown

  14. Verifying Port Security on the Catalyst 2950 Series wg_sw_2950#show port-security[interface interface-id] [address] [ | {begin | exclude | include} expression] wg_sw_2950#show port-security interface fastethernet 0/5 Port Security              : Enabled Port Status                : Secure-up Violation Mode             : Shutdown Aging Time                 : 20 mins Aging Type                 : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses      : 1 Total MAC Addresses        : 1 Configured MAC Addresses   : 0 Sticky MAC Addresses       : 0 Last Source Address        : 0000.0000.0000 Security Violation Count   : 0

  15. Verifying Port Security on the Catalyst 2950 Series (Cont.) wg_sw_2950#sh port-security address Secure Mac Address Table ------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 0008.dddd.eeee SecureConfigured Fa0/5 - ------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 1024 wg_sw_2950#sh port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) -------------------------------------------------------------------------- Fa0/2 1 1 0 Shutdown --------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 1024

  16. Executing Adds, Moves, and Changesfor MAC Addresses • Adding a MAC Address • Configure port security. • Configure the MAC address. • Changing a MAC Address • Remove MAC address restrictions. • Moving a MAC Address • Add the address to a new port. • Configure port security on the new switch. • Configure the MAC address to the port allocated for the new user. • Remove the old port configuration.

  17. Adding a New Switch to the Network • Determine the IP address for management purposes. • Configure administrative access for the console, auxiliary, and vty interfaces. • Configure security for the device. • Configure the access switch ports as necessary.

  18. Managing the Configuration File Catalyst 2950 Series wg_sw_2950#copy nvram:startup-config tftp:[[[//location]/directory]/filename] • Uploads the startup configuration in NVRAM to a TFTP server wg_sw_2950#copy system:running-config tftp:[[[//location]/directory]/filename] • Uploads the system running configuration to a TFTP server wg_sw_2950# copy nvram:startup-config tftp://172.16.2.155/wg_sw_a.cfg Address or name of remote host [172.16.2.155]? Destination filename [wg_sw_a.cfg]? !! 1189 bytes copied in 0.068 secs (17485 bytes/sec) wg_sw_2950#

  19. Clearing NVRAM Catalyst 2950 Series wg_sw_2950#erase nvram: -or- wg_sw_2950#erase startup-config • Resets the system configuration to factory defaults wg_sw_2950#erase nvram: Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete wg_sw_2950#

  20. Summary • A Catalyst switch comes with factory default settings that can be displayed with the show command. • The ip address command is used to configure an IP address and subnet mask on a switch. The ip default-gateway command is used to configure a default gateway. • The duplex command is used to configure switch duplex options. • MAC address tables include dynamic and static addresses. The switchport port-security mac-address command is used to set static MAC addresses.

  21. Summary (Cont.) • The port security feature can be used to restrict input to an interface by limiting and identifying MAC addresses of the stations that are allowed to access the port. • As network endpoint topology changes because of added, moved, and changed devices and interfaces, the switch configuration may need to be modified. • The copy command can be used to copy a configuration from or to a file server. The erase nvram: command resets the switch configuration to the factory default settings.

More Related