Configuring Catalyst Switch

Configuring Catalyst Switch Operations
Configuring a Catalyst Switch
2004 Cisco Systems, Inc. All rights reserved.
ICND v2.21-1
Outline
Overview Catalyst Switch Default Configuration Verification Catalyst Switch IP Address and Default Gateway Configuration Duplexing and Speed Duplex Interface Configuration MAC Address Table Management Port Security Configuration Adds, Moves, and Changes for Access Layer Catalyst Switches Catalyst Switch Configuration File Management Summary
2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-2
Catalyst 2950 Series Default Configuration
IP address: 0.0.0.0 CDP: enabled 100BaseT port: autonegotiate duplex mode Spanning tree: enabled Console password: none
ICND v2.21-3
Port Names on Catalyst 2950 Series Switches

wg_sw_2950#show run Building configuration... Current configuration: ! ! interface FastEthernet0/1 ! interface FastEthernet0/2 wg_sw_2950#show spanning-tree detail Port 11 (FastEthernet0/11) of VLAN0001 is forwarding Port path cost 19, Port priority 128, Port Identifier 128.11. Designated root has priority 1, address 0008.20fc.a840 Designated bridge has priority 1, address 0008.20fc.a840 Designated port id is 128.11, designated path cost 0 Timers: message age 2, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 5, received 1181993
wg_sw_2950#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24
ICND v2.21-4
Configuring the Switch IP Address

Catalyst 2950 Series
wg_sw_2950(config-if)#ip address {ip_address} {mask}
Configures an IP address and subnet mask for the switch VLAN1 interface
wg_sw_2950(config)#interface vlan 1 wg_sw_2950(config-if)#ip address 10.5.5.11 255.255.255.0
ICND v2.21-5
Configuring the Switch Default Gateway
wg_sw_a(config)# ip default-gateway {ip address}
Configures the switch default gateway for the 2950 series switches
wg_sw_a(config)#ip default-gateway 10.5.5.3
ICND v2.21-6
Showing the Switch IP Address

wg_sw_2950#show interfaces vlan 1 Vlan1 is up, line protocol is up Hardware is CPU Interface, address is 0008.a445.9b40 (bia 0008.a445.9b40) Internet address is 10.2.2.11/24 . . . wg_sw_2950#
ICND v2.21-7
Duplex Overview
Half Duplex (CSMA/CD) Unidirectional data flow Higher potential for collision Hubs connectivity Full Duplex Point-to-point only Attached to dedicated switched port Requires full-duplex support on both ends Collision-free Collision detect circuit disabled
Setting Duplex Options

wg_sw_2950(config)#interface fa0/1 wg_sw_2950(config-if)#duplex {auto | full | half}
ICND v2.21-9
Showing Duplex Options

Switch#show interfaces fastethernet0/2 FastEthernet0/2 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 0008.a445.9b42 (bia 0008.a445.9b42) MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Half-duplex, 10Mb/s input flow-control is unsupported output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:57, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 323479 packets input, 44931071 bytes, 0 no buffer Received 98960 broadcasts (0 multicast) 1 runts, 0 giants, 0 throttles 1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 36374 multicast, 0 pause input 0 input packets with dribble condition detected 1284934 packets output, 103121707 bytes, 0 underruns 0 output errors, 2 collisions, 6 interface resets 0 babbles, 0 late collision, 29 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
ICND v2.21-10
Managing the MAC Address Table

wg_sw_2950#show mac-address-table Mac Address Table ------------------------------------------Vlan Mac Address Type Ports ------------------------All 0008.a445.9b40 STATIC CPU All 0100.0ccc.cccc STATIC CPU All 0100.0ccc.cccd STATIC CPU All 0100.0cdd.dddd STATIC CPU 1 0008.e3e8.0440 DYNAMIC Fa0/2 Total Mac Addresses for this criterion: 5 wg_sw_2950#
ICND v2.21-11
Setting a Static MAC Address

wg_sw_2950(config)#mac-address-table static mac-addr vlan vlan-id interface interface-id
wg_sw_2950(config)# mac-address-table static 0004.5600.67ab vlan 1 interface fastethernet0/2
ICND v2.21-12
Configuring Port Security

wg_sw_2950(config-if)#switchport port-security [mac-address mac-address] | [maximum value] | [violation {protect |restrict | shutdown}]
wg_sw_2950(config)#interface fa0/1 wg_sw_2950(config-if)#switchport mode access wg_sw_2950(config-if)#switchport port-security wg_sw_2950(config-if)#switchport port-security maximum 1 wg_sw_2950(config-if)#switchport port-security mac-address 0008.eeee.eeee wg_sw_2950(config-if)#switchport port-security violation shutdown
ICND v2.21-13
Verifying Port Security on the Catalyst 2950 Series

wg_sw_2950#show port-security [interface interface-id] [address] [ | {begin | exclude | include} expression]
wg_sw_2950#show port-security interface fastethernet 0/5 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 20 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address : 0000.0000.0000 Security Violation Count : 0
ICND v2.21-14
Verifying Port Security on the Catalyst 2950 Series (Cont.)

wg_sw_2950#sh port-security address Secure Mac Address Table ------------------------------------------------------------------Vlan Mac Address Type Ports Remaining Age (mins) --------------------------------1 0008.dddd.eeee SecureConfigured Fa0/5 ------------------------------------------------------------------Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 1024 wg_sw_2950#sh port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) -------------------------------------------------------------------------Fa0/2 1 1 0 Shutdown --------------------------------------------------------------------------Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 1024
ICND v2.21-15
Executing Adds, Moves, and Changes for MAC Addresses

Adding a MAC Address 1. 2. Configure port security. Configure the MAC address.
Changing a MAC Address 1. Remove MAC address restrictions.
Moving a MAC Address 1. 2. 3. 4.

Add the address to a new port. Configure port security on the new switch. Configure the MAC address to the port allocated for the new user. Remove the old port configuration.
ICND v2.21-16
Adding a New Switch to the Network
1. Determine the IP address for management purposes. 2. Configure administrative access for the console, auxiliary, and vty interfaces. 3. Configure security for the device. 4. Configure the access switch ports as necessary.
ICND v2.21-17
Managing the Configuration File

wg_sw_2950#copy nvram:startup-config tftp:[[[//location]/directory]/filename]
Uploads the startup configuration in NVRAM to a TFTP server

wg_sw_2950#copy system:running-config tftp:[[[//location]/directory]/filename]
Uploads the system running configuration to a TFTP server

wg_sw_2950# copy nvram:startup-config tftp://172.16.2.155/wg_sw_a.cfg Address or name of remote host [172.16.2.155]? Destination filename [wg_sw_a.cfg]? !! 1189 bytes copied in 0.068 secs (17485 bytes/sec) wg_sw_2950#
ICND v2.21-18
Clearing NVRAM
wg_sw_2950#erase nvram: -orwg_sw_2950#erase startup-config
Resets the system configuration to factory defaults

wg_sw_2950#erase nvram: Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete wg_sw_2950#
ICND v2.21-19
Summary
A Catalyst switch comes with factory default settings that can be displayed with the show command. The ip address command is used to configure an IP address and subnet mask on a switch. The ip defaultgateway command is used to configure a default gateway. The duplex command is used to configure switch duplex options. MAC address tables include dynamic and static addresses. The switchport port-security mac-address command is used to set static MAC addresses.
Summary (Cont.)
The port security feature can be used to restrict input to an interface by limiting and identifying MAC addresses of the stations that are allowed to access the port. As network endpoint topology changes because of added, moved, and changed devices and interfaces, the switch configuration may need to be modified. The copy command can be used to copy a configuration from or to a file server. The erase nvram: command resets the switch configuration to the factory default settings.
ICND v2.21-21

Configuring Catalyst Switch

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Configuring Catalyst Switch

Enviado por

Direitos autorais:

Formatos disponíveis

Configuring Catalyst Switch Operations

Configuring a Catalyst Switch

2004 Cisco Systems, Inc. All rights reserved.

Catalyst 2950 Series Default Configuration

2004 Cisco Systems, Inc. All rights reserved.

Port Names on Catalyst 2950 Series Switches

2004 Cisco Systems, Inc. All rights reserved.

Configuring the Switch IP Address

2004 Cisco Systems, Inc. All rights reserved.

Configuring the Switch Default Gateway

wg_sw_a(config)# ip default-gateway {ip address}

wg_sw_a(config)#ip default-gateway 10.5.5.3

2004 Cisco Systems, Inc. All rights reserved.

Showing the Switch IP Address

Catalyst 2950 Series

2004 Cisco Systems, Inc. All rights reserved.

Setting Duplex Options

Catalyst 2950 Series

2004 Cisco Systems, Inc. All rights reserved.

Showing Duplex Options

2004 Cisco Systems, Inc. All rights reserved.

Managing the MAC Address Table

2004 Cisco Systems, Inc. All rights reserved.

Setting a Static MAC Address

wg_sw_2950(config)# mac-address-table static 0004.5600.67ab vlan 1 interface fastethernet0/2

2004 Cisco Systems, Inc. All rights reserved.

Configuring Port Security

2004 Cisco Systems, Inc. All rights reserved.

Verifying Port Security on the Catalyst 2950 Series

2004 Cisco Systems, Inc. All rights reserved.

Verifying Port Security on the Catalyst 2950 Series (Cont.)

2004 Cisco Systems, Inc. All rights reserved.

Executing Adds, Moves, and Changes for MAC Addresses

Changing a MAC Address 1. Remove MAC address restrictions.

Moving a MAC Address 1. 2. 3. 4.

Adding a New Switch to the Network

2004 Cisco Systems, Inc. All rights reserved.

Managing the Configuration File

Uploads the startup configuration in NVRAM to a TFTP server

Uploads the system running configuration to a TFTP server

2004 Cisco Systems, Inc. All rights reserved.

Resets the system configuration to factory defaults

2004 Cisco Systems, Inc. All rights reserved.

2004 Cisco Systems, Inc. All rights reserved.

Você também pode gostar