Upload
tung-hoang
View
219
Download
0
Embed Size (px)
Citation preview
8/6/2019 CCNAV3.3 305
1/46
8/6/2019 CCNAV3.3 305
2/46
2
ObjectivesObjectives
Monitor switch activity and status using LEDindicators Set an IP address and default gateway for the
switch to allow connection and management
over a network Set interfaces for speed and duplex operation Examine and manage the switch MAC
address table Configure port security Manage configuration files and IOS images Perform password recovery on a switch Upgrade the IOS of a switch
8/6/2019 CCNAV3.3 305
3/46
3
Table of ContentTable of Content
1 Starting the Switch2 Configuring the Switch
8/6/2019 CCNAV3.3 305
4/46
8/6/2019 CCNAV3.3 305
5/46
5
Physical startup of the Catalyst switchPhysical startup of the Catalyst switch
- Central processing unit (CPU)- Random access memory (RAM),- An operating system several ports for thepurpose
of connecting hosts
8/6/2019 CCNAV3.3 305
6/46
6
Switch LED Indicators: STATSwitch LED Indicators: STAT
Off No link
Solid Green Link operational
Flashing Green Port is sending or receiving
data
Alternating Green/Amber Link fault
Solid Amber Port is not forwarding becozit was disabled bymanagement or addressviolation, or blocked by
spanning tree Protocol
8/6/2019 CCNAV3.3 305
7/46 7
Switch LED Indicators: UTLSwitch LED Indicators: UTL
Off - Each LED that is off indicates areductionby half of the total bandwidth.
- LED are turned off from right to left.- If the right-most LED is off, then the
switch is using less than 50% of totalbandwidth.
-If the two right-most LEDs are off, theswitch is using less than 25% of totalbandwidth
Green If all LEDs are green, the switch is using50% or more of total bandwidth
8/6/2019 CCNAV3.3 305
8/46 8
Switch LED Indicators: FDUP,100Switch LED Indicators: FDUP,100
FDUP Off Port is operating in half-duplex
Green Port is operating in full-duplex
100 Off Port is operating at 10Mbps
Green Port is operating at 100Mbps
8/6/2019 CCNAV3.3 305
9/46 9
Verifying Port Leds During Switch POSTVerifying Port Leds During Switch POST
If the System LED is off but the switch isplugged in, then POST is running. If the System LED is green, then POST was
successful. If the System LED is amber, then POST failed. POST failure is considered to be a fatal error. The Port Status LEDs turn amber for about 30
seconds as the switch discovers the networktopology and searches for loops.
If the Port Status LEDs turn green, the switchhas established a link between the port and atarget
8/6/2019 CCNAV3.3 305
10/46 1
Viewing Initial Bootup Output From The SwitchViewing Initial Bootup Output From The Switch
Use a rollover cable to connect the console
port on the back of the switch to a COM porton the back of the computer Start HyperTerminal on the computer After the switch has booted and completed
POST, prompts for the System Configurationdialog are presented
8/6/2019 CCNAV3.3 305
11/46 1
Examining Help In The Switch CLIExamining Help In The Switch CLI
Switch>?Exec commands:
access-enable Create a temporary Access-List entryclear Reset functionsconnect Open a terminal connection
disable Turn off privileged commandsdisconnect Disconnect an existing network connectionenable Turn on privileged commandsexit Exit from the EXEChelp Description of the interactive help systemlock Lock the terminallogin Log in as a particular userlogout Exit from the EXECname-connection Name an existing network connectionping Send echo messagesrcommand Run command on remote switch
--More--
8/6/2019 CCNAV3.3 305
12/46 1
Switch Command ModesSwitch Command Modes
The User EXEC mode is recognized by itsending in a greater-than character ( > ). The commands available in User EXEC mode are
limited to those that change terminal settings,
perform basic tests, and display systeminformation.
Privileged EXEC mode is also recognized byits ending in a pound-sign character ( # ). The Privileged EXEC mode command set includes
those commands allowed in User EXEC mode, aswell as the configure command.
The configure command allows other commandmodes to be accessed.
8/6/2019 CCNAV3.3 305
13/46 1
CONFIGURING THE SWITCH
8/6/2019 CCNAV3.3 305
14/46 1
Catalyst 1900 and 2950 Default Configuration
IP address: 0.0.0.0
CDP: enabled 100baseT port: autonegotiate duplex mode Spanning tree: enabled
Console password: none
8/6/2019 CCNAV3.3 305
15/46 1
Verifying The Catalyst Switch Default ConfigurationVerifying The Catalyst Switch Default Configuration
Show running-config Show interface FastEthernet 0/1 Show vlan Show flash ( or dir flash:) Show version
8/6/2019 CCNAV3.3 305
16/46 1
show running-configshow running-config
8/6/2019 CCNAV3.3 305
17/46 1
show interfaceshow interface
8/6/2019 CCNAV3.3 305
18/46
1
show vlanshow vlan
8/6/2019 CCNAV3.3 305
19/46
1
show flashshow flash
8/6/2019 CCNAV3.3 305
20/46
2
show versionshow version
8/6/2019 CCNAV3.3 305
21/46
2
Configuring The Catalyst SwitchConfiguring The Catalyst Switch
Note Remove any existing VLAN information by deleting the
VLAN database file vlan.dat from the flash directory Erase the back up configuration file startup-config Reload the switch
Catalyst 2900 Delete flash:vlan.dat Erase startup-config reload
Catalyst 1900 Delete nvram
8/6/2019 CCNAV3.3 305
22/46
2
Configuring The Catalyst Switch (cont)Configuring The Catalyst Switch (cont)
A switch should be given a hostname, and passwordsshould be set on the console and vty lines
switch(config)#hostname ALSwitch
ALSwitch(config)#line console 0 ALSwitch(config-line)#login ALSwitch(config-line)#password funny
ALSwitch(config-line)#line vty 0 4 ALSwitch(config-line)#login ALSwitch(config-line)#password deadman
ALSwitch(config-line)#^Z
8/6/2019 CCNAV3.3 305
23/46
2
Configuring the Switch IP Address
wg_sw_1900(config)#ip address 10.5.5.11 255.255.255.0
wg_sw_1900(config)#ip address { ip_address } { mask }
Configures an IP address and subnet mask on the switch
Catalyst 1900
wg_sw_2950(config)#interface vlan 1wg_sw_2950(config-if)#ip address 10.5.5.11 255.255.255.0
wg_sw_2950(config-if)#ip address { ip_address } { mask }
Catalyst 2950
8/6/2019 CCNAV3.3 305
24/46
2
Configuring the Switch Default Gateway
wg_sw_a(config)# ip default-gateway { ip address }
Configures the switch default gateway for the Catalyst 1900and 2950 switches
wg_sw_a(config)#ip default-gateway 10.5.5.3
8/6/2019 CCNAV3.3 305
25/46
2
Showing the Switch IP Address
Catalyst 1900
Catalyst 2950
wg_sw_1900#show ipIP address: 10.5.5.11Subnet mask: 255.255.255.0Default gateway: 10.5.5.3
Management VLAN: 1wg_sw_a#
wg_sw_2950#show interface vlan 1 Vlan1 is up, line protocol is up
Hardware is Cat5k Virtual Ethernet, address is 0010.f6a9.9800 (bia 0010.f6a9.9800)Internet address is 172.16.80.79/24Broadcast address is 255.255.255.255. . .
wg_sw_2950#
8/6/2019 CCNAV3.3 305
26/46
2
Setting Duplex Options
wg_sw_1900(config)#interface e0/1
wg_sw_1900(config-if)#duplex {auto | full |full-flow-control | half}
Catalyst 1900
Catalyst 2950
wg_sw_2950(config)#interface fe0/1wg_sw_2950(config-if)#duplex {auto | full | half}
8/6/2019 CCNAV3.3 305
27/46
2
Showing Duplex Options
Switch#show interfaces fastethernet0/3
FastEthernet0/3 is up, line protocol is downHardware is Fast Ethernet, address is 0000.0000.0003 (bia 0000.0000.0003)MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255Encapsulation ARPA, loopback not setKeepalive set (10 sec)Half-duplex, 10Mb/sinput flow-control is off, output flow-control is offARP type: ARPA, ARP Timeout 04:00:00Last input never, output never, output hang neverLast clearing of "show interface" counters neverQueueing strategy: fifoOutput queue 0/40, 0 drops; input queue 0/75, 0 drops5 minute input rate 0 bits/sec, 0 packets/sec5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants, 0 throttles0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 input packets with dribble condition detected 0 packets output, 0 bytes, 0 underruns0 output errors, 0 collisions, 2 interface resets0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier0 output buffer failures, 0 output buffers swapped out
8/6/2019 CCNAV3.3 305
28/46
2
Configuring The Catalyst Switch (cont)Configuring The Catalyst Switch (cont)
Intelligent networking devices can provide a
web-based interface for configuration andmanagement purposes ALSwitch(config)#ip http server ALSwitch(config)#ip http port 8080 Any additional software such as an applet,
can be downloaded to the browser from theswitch
8/6/2019 CCNAV3.3 305
29/46
2
The GUI InterfaceThe GUI Interface
8/6/2019 CCNAV3.3 305
30/46
3
Managing the MAC Address Table
wg_sw_1900#show mac-address-table Number of permanent addresses : 0 Number of restricted static addresses : 0 Number of dynamic addresses : 6
Address Dest Interface Type Source Interface List------------------------------------------------------------------00E0.1E5D.AE2F Ethernet 0/2 Dynamic All00D0.588F.B604 FastEthernet 0/26 Dynamic All00E0.1E5D.AE2B FastEthernet 0/26 Dynamic All0090.273B.87A4 FastEthernet 0/26 Dynamic All00D0.588F.B600 FastEthernet 0/26 Dynamic All00D0.5892.38C4 FastEthernet 0/27 Dynamic All
Catalyst 1900
Catalyst 2950
wg_sw_2950#show mac-address-tableDynamic Address Count: 1
Secure Address Count: 0Static Address (User-defined) Count: 0System Self Address Count: 25Total MAC addresses: 26
Maximum MAC addresses: 8192 Non-static Address Table:
Destination Address Address Type VLAN Destination Port------------------- ------------ ---- --------------------0050.0f02.3372 Dynamic 1 FastEthernet0/2
8/6/2019 CCNAV3.3 305
31/46
3
Configuring Static MAC AddressesConfiguring Static MAC Addresses
The reasons for assigning a permanentMAC address to an interface include:
The MAC address will not be aged outautomatically by the switch. A specific server or user workstation must
be attached to the port and the MACaddress is known.
Security is enhanced.
8/6/2019 CCNAV3.3 305
32/46
3
Setting a Static MAC Address
wg_sw_1900(config)#mac-address-table permanent 2222.2222.2222 ethernet 0/3wg_sw_1900#show mac-address-table
Number of permanent addresses : 1 Number of restricted static addresses : 0 Number of dynamic addresses : 4
Address Dest Interface Type Source Interface List------------------------------------------------------------------00E0.1E5D.AE2F Ethernet 0/2 Dynamic All2222.2222.2222 Ethernet 0/3 Permanent All00D0.588F.B604 FastEthernet 0/26 Dynamic All
00E0.1E5D.AE2B FastEthernet 0/26 Dynamic All00D0.5892.38C4 FastEthernet 0/27 Dynamic All
wg_sw_1900(config)#mac-address-table permanent { mac-address type module/port }
wg_sw_2950(config)#mac-address-table secure mac_addr {vlan vlan_id } [interface int1 [ int2 ... int15 ]]
Catalyst 1900 and 2950
Catalyst 2950 only
8/6/2019 CCNAV3.3 305
33/46
3
Setting a Restricted Static MAC Addresson the Cat 1900
wg_sw_1900(config)#mac-address-table restricted static 1111.1111.1111 e0/4 e0/1wg_sw_1900#show mac-address-table
Number of permanent addresses : 1 Number of restricted static addresses : 1 Number of dynamic addresses : 4
Address Dest Interface Type Source Interface List------------------------------------------------------------------1111.1111.1111 Ethernet 0/4 Static Et0/1
00E0.1E5D.AE2F Ethernet 0/2 Dynamic All2222.2222.2222 Ethernet 0/3 Permanent All00D0.588F.B604 FastEthernet 0/26 Dynamic All00E0.1E5D.AE2B FastEthernet 0/26 Dynamic All00D0.5892.38C4 FastEthernet 0/27 Dynamic All
wg_sw_1900(config)#mac-address-table restricted static{ mac-address type module/port src-if-list }
8/6/2019 CCNAV3.3 305
34/46
3
Setting a Restricted Static MAC Addresson the Cat 2950
wg_sw_2950#mac-address-table secure 0003.3333.3333 fa 0/1 vlan 1wg_sw_2950#show mac-address-tableDynamic Address Count: 1Secure Address Count: 1Static Address (User-defined) Count: 1System Self Address Count: 25Total MAC addresses: 28
Maximum MAC addresses: 8192 Non-static Address Table:
Destination Address Address Type VLAN Destination Port------------------- ------------ ---- --------------------0050.0f02.3372 Dynamic 1 FastEthernet0/20003.3333.3333 Secure 1 FastEthernet0/1 Static Address Table:Destination Address VLAN Input Port Output Ports------------------- ---- ---------- -----------------------2222.2222.2222 1 ALL Fa0/1
wg_sw_2950(config)#mac-address-table securehw-addr interface [vlan vlan-id ]
8/6/2019 CCNAV3.3 305
35/46
3
Port securityPort security
Anyone can plug in a PC or laptop into one of these outlets. This is a potential entry point to the network by
unauthorized users. Switches provide a feature called port security.
It is possible to limit the number of addresses that can belearned on an interface.
The switch can be configured to take an action if this isexceeded. Secure MAC addresses can be set statically.
However, securing MAC addresses statically can be acomplex task and prone to error.
To verify port security status the command show portsecurity is entered.
8/6/2019 CCNAV3.3 305
36/46
3
Secure MAC AddressesSecure MAC Addresses
Set the maximum number of secure MACaddresses on a port
After you have cure MAC addresses isconfigured, they are stored in an addresstable.
Setting a maximum number of addresses toone and configuring the MAC address of an
attached device ensures that the device hasthe full bandwidth of the port.
8/6/2019 CCNAV3.3 305
37/46
3
Secure MAC AddressesSecure MAC Addresses
The switch supports these types of secure MACaddresses :
Static secure MAC
Dynamic secure MAC addresses
Sticky secure MAC addressesSticky secure MAC addressesThese are dynamicallyconfigured, stored in the address table, and added to therunning configuration. If these addresses are saved in theconfiguration file, when the switch restarts, the interface
does not need to dynamically reconfigure them.
8/6/2019 CCNAV3.3 305
38/46
3
Configuring port securityConfiguring port security
Differs on 1900, 2900XL, and 2950 Switches.
8/6/2019 CCNAV3.3 305
39/46
3
2950 Security Commands2950 Security Commands
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security
maximum value Switch(config-if)# switchport port-security
mac-address mac-address
8/6/2019 CCNAV3.3 305
40/46
4
2950 Configuration2950 Configuration
8/6/2019 CCNAV3.3 305
41/46
4
Executing Adds, Moves, And ChangesExecuting Adds, Moves, And Changes
8/6/2019 CCNAV3.3 305
42/46
4
Executing Adds, Moves, And Changes (cont)Executing Adds, Moves, And Changes (cont)
8/6/2019 CCNAV3.3 305
43/46
4
Managing Switch Operating System FileManaging Switch Operating System File
An administrator should document andmaintain the operational configuration filesfor networking devices.
The most recent running-configuration fileshould be backed up on a server or disk.
The IOS should also be backed up to a localserver.
8/6/2019 CCNAV3.3 305
44/46
4
1900/2950 Password Recovery1900/2950 Password Recovery
For security and management purposes,passwords must be set on the console andvty lines.
There will be circumstances where physicalaccess to the switch can be achieved, butaccess to the user or privileged EXEC modecannot be gained because the passwords arenot known or have been forgotten.
In these circumstances, a password recoveryprocedure must be followed.
8/6/2019 CCNAV3.3 305
45/46
4
SummarySummary
Monitoring switch activity and status using LED indicators
Examining the switch bootup output using HyperTerminal
Using the help features of the command line interface
Setting an IP address and default gateway for the switch to allowconnection and management over a network
Setting interfaces for speed and duplex operation
Examining and managing the switch MAC address table
Configuring port security
Managing configuration files and IOS images Performing password recovery on a switch
Upgrading the IOS of a switch
8/6/2019 CCNAV3.3 305
46/46
Q&AQ&A