300 likes | 458 Views
CCNA 3 v3.1 Module 6 Switch Configuration. Objectives. LAN Design Goals. Functionality Scalability Adaptability Manageability. Physical Startup of Catalyst Switches. Switches typically have no power switch to turn them on and off.
E N D
LAN Design Goals • Functionality • Scalability • Adaptability • Manageability
Physical Startup of Catalyst Switches • Switches typically have no power switch to turn them on and off. • They simply connect or disconnect from a power source.
LEDs on the front of a switch • System LED • whether the system is receiving power and functioning correctly. • Remote Power Supply (RPS) LED • whether or not the remote power supply is in use • Port Mode LEDs • the state of the Mode button • determine how the Port Status LEDs are interpreted • Port Status LEDs
Port LED Definitions Based on Mode LED State Catalyst 1900 Catalyst 2950
Verifying Port LEDs During Switch POST The Port Status LEDs also change during POST. The Port Status LEDs turn amber (琥珀色) for about 30 seconds as the switch discovers the network topology and searches for loops. If the Port Status LEDs turn green, the switch has established a link between the port and a target, such as a computer. If the Port Status LEDs turn off, the switch has determined that nothing is plugged into the port.
Changing Modes User EXEC mode Privileged EXEC mode enable configure terminal (password) Switch> Switch#
Verifying the Catalyst Switch Default Configuration • show running-config • Displays the current active configuration file of the switch • show interface • Displays the statistics for all interfaces configured on the switch • show ip • Displays the IP address, subnet mask, and default gateway • show version • Displays the configuration of the system hardware, software version, names, and sources of configuration files and boot images Do e-Lab 6.2.1
Configuring the Catalyst Switch • To overwrite any existing configuration, follow these steps: • Remove any existing VLAN information by deleting the VLAN database file, vlan.dat from the Flash memory directory. • Erase the backup configuration file startup-config. • Reload the switch. delete flash:vlan.dat (Catalyst 2950) delete nvram (Catalyst 1900) erase startup-config reload
Management VLAN • management VLAN is used to manage all of the network devices on a network • In a switch-based network, all network devices should be in the management VLAN • By default, VLAN 1 is the management VLAN • All ports belong to VLAN 1 by default. • To allow for management of network devices while keeping traffic from network hosts off of the management VLAN, remove all of the access ports from VLAN 1 and place them in another VLAN
Set Port Speed and Duplex Setting (If Necessary) default isauto-duplex default isauto-speed
HTTP Service and Port Any additional software such as an applet can be downloaded to the browser from the switch. The switch can be managed by a browser based GUI. Do e-Lab 6.2.2
Managing the MAC Address Table entered in the Privileged EXEC mode MAC address entry is automatically discarded or aged out after 300 seconds Switches learn the MAC addresses of PCs or workstations that are connected to their switch ports by examining the source address of frames that are received on that port. Do e-Lab 6.2.3
Configuring Static MAC Addresses • Reasons to assign a permanent MAC address to an interface: • The MAC address will not be aged out automatically by the switch. • A specific server or user workstation must be attached to the port and the MAC address is known. • Security is enhanced.
Removing a Static MAC Address Do e-Lab 6.2.4
Port Security • Secure MAC addresses can be configured statically. However, it is a complex task and is usually prone to error. • It is possible to limit the number of addresses that can be learned on an interface. • Set the limit to 1 and the first address dynamically learned by the switch becomes the secure address.
Configuring Port Security The command show port security can be used to verify port security status. Do e-Lab 6.2.5
Adding a New Switch: The Procedure • Configure the switch name • Determine and configure the IP address for management purposes • Configure a default gateway • Configure administrative access for the console, auxiliary, and virtual terminal (VTY) interfaces • Configure security for the device • Configure the access switch ports as necessary
Add, Move, and Change MAC Addresses Adding a MAC Address 1. Configure port security 2. Configure the MAC address Changing a MAC Address 1. Remove MAC address restrictions Moving a MAC Address 1. Add the address to a new port 2. Configure port security on the new switch 3. Configure the MAC address to the port allocated for the new user 4. Remove the old port configuration Do e-Lab 6.2.6
Managing Switch Operation • An administrator should document and maintain the operational configuration files for networking devices. • The most recent running-configuration file should be backed up on a server or disk. • The Cisco IOS Software should also be backed up to a local server. The Cisco IOS Software can then be reloaded to Flash memory if needed.
Passwords • For security and management purposes, passwords must be set on the console and vty lines. • An enable password and an enable secret password must also be set.
Firmware and IOS Images Do e-Lab 6.2.9