• No results found

Basic Switch Configuration

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Basic Switch Configuration"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

C

Com

omm

mand Line B

and Line Based Swit

ased Swit ch (C

ch (CLI

LI ))

B

Basic

asic C

Con

onff igu

igurr at

at ion

ion

Sw

Switit ch > ench > enableable UseUsed td t o eno entt er er pripri vileged mvileged mode fode f rr om om nonorr mmal mal mode oode on Cn CLI LI swswitit chch Sw

Switit ch #ch # PPrr iviivi leged mleged modeode Sw

Switit chch# # eraserase e starstar tt uupp-- coconnff igig EErr aaseses ts t he she swwitit ch coch confnf iguigurr aatt ion ion but but nonot t tt he Vhe VLAN coLAN confnf iguigurr aatt ionion Sw

Switit chch# # dedel fl f laslash:vlanh:vlan.. dadatt EErr aaseses ts t he Vhe VLAN conLAN conff iguigurr aatt ionion Sw

Switit ch(ch(coconnff ig)# ig)# hohostst nnamamee name name  To rTo r enenamame te t he swhe switit chch Sw

Switit ch(coch(confnf ig)# ig)# no no hoshostt nanammee CCononvertvert s ts t he she switwit ch nch namame bae back tck t o o SwSwitit chch Sw

Switit ch(coch(confnf ig)# ig)# enenable pable pasasswswordord passwopassworr d d  SetSet s enas enable ble papasswssworordd Sw

Switit ch(coch(confnf ig)# ig)# enenable sable sececrr etet passpasswoworr d d  SetSet s ens enaable pable passsswoworr d in end in encrcr yptypt ed fed f ormorm Sw

Switit ch(coch(confnf ig)# ig)# no no ip doip dommain-ain- loolookupkup To preveTo prevent nt swswitit ch fch f rr om om tt rr ying ying tt o fo f ind a mind a misspisspelled coelled commmmaandnd Sw

Switit ch(cch(cononff ig)# ig)# line cline con on 00 To enTo entt er er line coline confnf iguigurr atat ion ion mmode ode ff or tor t he cohe consnsole pole portort Sw

Switit ch(cch(cononff ig-ig- linline)# e)# ppasasswswoorr dd passwopassworr d d  CCononff igurigur es a pes a pasasswsworor d on td on t he conhe console posole porr tt Sw

Switit ch(ch(coconnff ig-ig- linline)e)# # lologginin EnEnables passables passwoworr d checkd check inging Sw

Switit ch(ch(coconnff ig-ig- linline)e)# # exeexec-c- tt imimeoeouut t 0 00 0 SetSet s ts t he idle the idle t imeoimeout ut periperi od in od in mminutinut es es anand secod secondsnds Sw

Switit ch(coch(confnf ig-ig- line)# line)# loglogginging g synsynchrchr ononououss MoModifdif ies mies messessaage loge logggging fing f acaciliili tt ies fies f or or synsynchrchr ononized ouized outt puputt Sw

Switit ch(cch(coonfnf ig)# ig)# line line vtvt y 0 15y 0 15 ConConff iguigurr es tes t erminaerminal lil li ne ne sesett tt ingingss Sw

Switit ch(cch(cononff ig-ig- linline)# e)# ppasasswswoorr dd passpasswoworr d d  CCononff igures a igures a papasswssword ord on on tt he the t erer mminainal lil li nenes (ts (t elneelnett )) Sw

Switit ch(ch(coconnff ig-ig- linline)e)# # lologginin Sw

Switit ch# ch# shoshow w veverr siosionn II ndicandicatt es Ies I OS veOS verr siosion, sn, systyst em em imimagage fe f ile, basile, base MAC e MAC adaddrdr esess, ms, modeodel #l # ,, co

confnf iguigurr aatt ion ion rr egegistist er (0xer (0x F), F), seserr ial ial ## , a, and nd mmoreore Sw

Switit ch# ch# shoshow w vlanvlan ShowShows ws what hat VLANs aVLANs arr e coe confnf igured on igured on tt he she switwit ch ach and wnd which porthich port s as arr e ine in which VLANs.

which VLANs. Sw

Switit chch# # shshoow inw intt erferf acacee i ni ntt eerr ff a ca ce  e   ShowShows ints int erer ff ace ace setset tt ings ings including including MAC MAC addraddr essess, du, duplex, speplex, speeded Not

Not e: e: MAC MAC adaddrdr esess os of f an an intint erferf acace = e = BBaase MAC se MAC aaddrddr esess os of f swswitit ch + ch + poporr t t ## Sw

Switit chch# # dir fdir f lalassh:h: BoBott h of h of tt hese chese comommmanands shods show infw inf ormaormatt ion aion aboubout t ff lash mlash mememoryory Sw

Switit ch# ch# shshoow w ff laslashh To t

To t elnetelnet , p, ping, oing, or r globaglobally mally mananage tge t he swhe switit ch, you ch, you mmusust t asassign sign an an II P P address. Iaddress. I f f tt he Ihe I P P addraddr ess ess is on is on tt he sahe sammee su

subnet bnet as as tt he mhe mananagagememenent t VLVLAN, tAN, t he swhe switit ch will auch will autt omomatat ically be assically be associaociatt ed wited wit h VLAN 1h VLAN 1.. Sw

Switit chch# # coconnff ig ig tt Entt erEn er s gs global colobal confnf iguratigurat ion ion mmodeode Sw

Switit ch(coch(confnf ig)# ig)# inintt erferf acace e vlavlan n 11 EEntnt ers vlan 1 ers vlan 1 coconfnf iguigurr atat ionion Sw

Switit chch(c(coonnff igig)# )# ip ip adaddress dress 10.10. 1.1. 1.1. 1 255.255.1 255.255. 255.0255.0 Assigns aAssigns an In I P P addraddr ess tess t o vlan o vlan 11 Sw

Switit chch(co(connff ig)ig)# # exitexit Sw

Switit chch# # ip deip deff auault-lt- ggaatt ewewaay 10.y 10. 1.1.1.1. 254254 Set s a Sets a defdef auault lt gagatt eweway ay so so tt hat hat you you mmay aay accesccess ts t hehe sw

switit ch via ch via a a rr outout erer Sw

Switit chch# # shshoow w inintt erferf acacee To vTo view iew tt he she swwitit ch’ch’s ins intt erferf aacesces Sw

(2)

Swit ch(conf ig- if )# descript ion comment s  To descr ibe an int erf ace. Surr ound t he comment s wit h quot es if you want t o leave spaces.

Swit ch(conf ig- if )# speed 10|100| aut o Set s por t speed

Swit ch(conf ig- if )# duplex aut o| f ull| half Set s t he port duplex. Full is def ault f or 100Mbps and half is def ault f or 10Mbps por t s.

I OS-based swit ches r emember t he last 10 commands in t he hist or y buf f er . Use t he bang (!) symbol t o recall pr evious commands.

!! Recall pr evious command

!n Recall command number n (use hist or y command t o see commands st or ed in t he buf f er ) ^ aa^bb Recalls command wit h aa and r eplaces aa wit h bb

Por t Secur it y

Swit ch# show mac- address- t able Displays MAC f orwar ding t able

Swit ch# show mac address- t able Newer command t o display MAC f orwardi ng t able (no hyphen) Swit ch# clear mac addr ess- t able dynamic Reset MAC addr ess t able

Swit ch(conf ig)# mac address- t able st atic mac- addr  vlanvlan- id int erf acei nt er f ace- i d 

Used t o set a st at ic MAC address t o be accept ed on a given por t . Ent er t he MAC addr ess in t he f or m xx xx .xxxx .xxxx

Swit ch(conf ig- if )# swit chport mode access Set s mode on por t t o access only Swit ch(conf ig- if )# swit chport port - securit y Enables por t -secur it y

Swit ch(conf ig- if )# swit chpor t por t - secur it y mac- address st icky All ows por t t o accept only one device Swit ch(conf ig- if )# por t secur it y max- mac- count # On 2900 s: Limit s t he amount of host s per por t Swit ch(conf ig- if )# swit chpor t por t - secur it y maximum # On 2950 s: Limit s t he amount of host s per por t Swit ch(conf ig- if )# swit chpor t por t - secur it y violat ion [shut down | pr ot ect | r est r ict ]

Act ion t o t ake when t her e has been a securi t y violat ion. Rest r ict sends a t r ap t o t he net work management st at ion. Pr ot ect dr ops packet s when t he packet limit is r eached.

Removing Por t Secur it y

I f a secur it y violat ion occur s and t he port has been disabled, f ir st t r y shut t ing t he por t down (shut ) and t hen br inging it back up (no shut ). I f it t r ies t o come back up but shut s down again:

• Swit ch(conf ig- if )# no swit chpor t por t - secur it y

• Swit ch(conf ig- if )# no swit chpor t por t - secur it y mac- address st icky

• Swit ch(conf ig- if )# no swit chpor t por t - secur it y mac- address st icky mac_addr ess  • Swit ch(conf ig- if )# shut

(3)

Passwor d r ecover y

(Pr ocedur es may be f ound on Cisco’s websit e at ht t p:/ / www.cisco.com/ war p/ public/ 474/ .)

• On a 2900XL or 2950, t he procedur e is as f ollows:

o Use HyperT er minal t o st ar t a console session wit h t he swit ch. o Unplug t he swit ch.

o While holding t he MODE but t on in, t urn plug t he swit ch t o t ur n it back on. o Release t he MODE but t on when t he STAT LED goes out .

o I nit ialize t he f ile syst em and f inish loading t he oper at ing syst em by t yping: § Flash_init init ializes f lash f ile syst em

§ Load_helper loads and init ializ es a helper image § Dir f lash: t o see what is in f lash

o Rename f lash:conf ig.t ext f lash:conf ig. old r enames t he conf igur at ion f ile o Type boot t o r eboot t he swit ch

o Choose N t o not cont inue wit h t he conf igur at ion dialog. The operat ing syst em will f inish loading

wit hout a conf igur at ion f ile. This has ef f ect ively bypassed t he passwords.

o Swit ch# r ename f lash:conf ig. old f lash:conf ig. t ext Renames conf ig f il e back t o or iginal o Swit ch# copy f lash:conf ig. t ext syst em: r unning- conf ig Copies conf ig int o DRAM o Now you may change t he passwor ds and save t he new conf igurat ion f il e.

Not e: Since you cannot get t o t he power cor d on t he ot her side of t he swit ch, you may use t he f ollowing procedur e t o get t o t he f lash init step:

§ Type r eload.

§ Pr ess Ent er t o conf ir m t he reload.

§ As soon as you seen “Reload r equest ed” on t he scr een, hold t he MODE but t on in. § Release t he MODE but t on when you see t he SYSTEM li ght change t o solid gr een (not

blinking).

• On a 1900:

o Console int o t he swit ch. o Unplug t he swit ch.

o Hold t he MODE but t on in whil e plugging t he swit ch back in.

o Release t he MODE but t on when you see t he Cisco Syst ems Diagnost ics Console or a couple seconds

af t er t he LED above por t 1x goes of f .

o Pr ess Ent er t o cont inue

o Observe t he f ir mwar e revision number. I f 1.09 or ear lier, call Cisco f or t he f act ory -inst alled

password. I f 1.10 or lat er, choose C t o cont inue wit h st andar d syst em st ar t up. The syst em will t ake a minut e t o per f orm a self - t est . Then you will be asked if you wish t o clear t he passwords.

Fir mwar e Upgrades

Swit ch# show boot shows conf ig f ile

Swit ch# dir f lash: shows cont ent s of f lash memory Swit ch# r ename f lash: I OS_f ile_name.bin f lash: I OS_f ile_name.old

Swit ch# no ip ht t p server Disables access t o swit ch HTM L pages t empor ari ly Swit ch# delet e f lash:ht ml/ * Removes exi st ing ht ml f iles

(4)

Download t he swit ch I OS and HT ML f iles f r om Cisco Connect ion Onli ne wit h a CCO account . You will need t he .t ar f ile.

Swit ch# archive t ar / x t f t p:/ / ip_address_of _t f t p_server/ I OS_image_f ile. t ar f lash: Ext r act s new I OS image and HTML f iles t o f lash memory.

Swit ch# ip ht t p ser ver Re-enables access t o HTML pages

Swit ch# boot syst em f lash:I OS_f ile_name.bin Associat es t he new I OS f ile Swit ch# r eload

TFTP Servers

Swit ch# copy f lash:c2900XL- c3h2s- mz- 120- 5. 3.WC. 1.bin t f t p

Copies t he I OS in f lash memory wit h t he given f ile name (case sensit ive) t o a t f t p server .

Swit ch# copy t f t p f lash Copies an image on a t f t p ser ver i nt o f lash memory on t he swit ch. Swit ch# copy run t f t p Copies running-conf ig on swit ch t o a t f t p ser ver

Switch# copy st art t f t p Copies st ar t up-conf ig on swit ch t o a t f t p server

Swit ch# copy t f t p run Copies r unning-conf ig f r om a t f t p server t o t he swit ch Swit ch# copy t f t p st art Copies start up-conf ig f r om a t f t p server t o t he swit ch

Spanning Tr ee Pr ot ocol

Br idge I D (BI D) = Br idge priorit y. Base MAC Address Root Br idge: lowest BI D

Swit ch# show spanning- t r ee brief For ver sion 12.0 Swit ch# show spanning- t r ee For version 12.1

Swit ch(conf ig)# spanning- t r ee pr ior it y # Changes pri ori t y f or ver sion 12.0

Swit ch(conf ig)# spanning- t r ee vlan 1 pr iorit y 4096 Changes pri ori t y in increment s of 4096 f or version 12.1 Root por t is t he por t closest t o t he r oot br idge

(lowest cost t o get t o t he r oot br idge). Designat ed port s ar e t he port s wit h lowest cost t o t he r oot br idge.

(5)

VLANs

Swit ch# show vlan Displays vl ans

Swit ch# show vlan- member ship Displays vlans on a 190 0 swit ch

Swit ch# vlan dat abase Fr om pr iviledged mode, ent er s vlan dat abase mode t o conf igure VLANs

Swit ch(vlan)# vlan #  name name  Add, delet e, or modif y values of a vlan Swit ch# conf ig t Used on 190 0’s f or t he above commands. Swit ch(conf ig)# vlan #  name name 

Swit ch(conf ig- if )# swit chpor t mode access Set s t r uning mode t o access Swit ch(conf ig- if )# swit chpor t access vlan #  Assigns int erf ace t o t he vlan

Swit ch(conf ig- if )# vlan st at ic #  Used on a 1900 seri es swit ch inst ead of t he above t wo commands

Swit ch# show vlan id #  Displays inf ormat ion about a specif ic vlan only Swit ch# show vlan name VLAN # Alt er nat e command

Swit ch# show vlan #  Used on a 190 0 ser ies swit ch

Swit ch(conf ig- if )# no swit chpor t mode access Removes an int er f ace f r om a vlan Swit ch(conf ig- if )# no swit chport access vlan #

Swit ch# vlan dat abase Delet es a vlan

Swit ch# no vlan #

Tr unking

Swit ch(conf ig)# int f a0/ 1

Swit ch(conf ig- if )# swit chpor t mode tr unk Set s por t t o t r unk

Swit ch(conf ig- if )# swit chpor t t r unk encapsulat ion [isl | dot 1q] Set s t he t r unking encapsulat ion on por t

Thi s line is not needed on a 2950 since it only suppor t s dot 1q t r unking.

Swit ch# show inter f ace # swit chpor t To view t r unking inf ormat ion on int er f ace Swit ch(conf ig- if )# swit chpor t t r unk allowed vlan r emove vlan_ids To r emove t r unk links

Not es:

• Bot h sides of a tr unk must use t he same encapsulat ion. o The Cat alyst 2950 only suppor t s dot 1q

o The Cat alyst 2900 XL and 355 0 suppor t bot h dot 1q and isl

• For host s t o communicat e t hr u a swit ch, t hey must be on t he same vlan.

(6)

VLAN Tr unking Pr ot ocol (VTP) Client and Ser ver Conf igur at ion

Swit ch# vlan dat abase

Swit ch(vlan)# vt p v2- mode Changes t he versi on of VTP t o a newer version. Use only i f all swit ches suppor t version 2. Ver sion 1 is t he def ault .

Swit ch(vlan)# vtp [ser ver | client ] Conf igur es swit ch t o be a VTP ser ver or cli ent. Server is t he def ault .

Swit ch(vlan)# vt p password passwor d  To secur e t he domain. Opt ional.

Swit ch(vlan)# vt p domain name  Set s t he name of t he VTP administ r at ive domain The above commands may also be ent er ed in global conf igurat ion mode:

Swit ch(conf ig)# vt p version 2 Swit ch(conf ig)# vt p domainname 

Swit ch(conf ig)# vt p passwor d passwor d 

Swit ch(conf ig)# vt p mode [ser ver | clent ]

• Addi ng a Swit ch t o a VTP Domain:

o Er ase st art t o clear t he conf igur at ion of t he new swit ch o Power cycle t he swit ch t o clear NVRAM

o Swit ch# show vtp st at us

§ Det er mines whet her ser ver or cli ent . Make sure t he Conf igur at ion r evision number i s

set t o zero. Veri f icat ion Commands:

Swit ch# show vt p st at us Swit ch# show vt p count ers

Conf igur e I nt er- VLAN Rout ing

Rout er(conf ig)# int erf ace # Access t he physical int erf ace Rout er(conf ig- if )# no shut down Turn t he physical int erf ace on

Rout er(conf ig)# int erf ace # . s ub   Conf igur e a subint erf ace on t he rout er-on-a- st ick Rout er(conf ig- if )# encapsulat ion [isl | dot 1q}vlan  Conf igur e t he encapsulat ion and vlan #

References

Download now ( PDF - 6 Page - 236.90 KB )

Related documents

Feasibility Study of Sustainable Energy to Power Wastewater Treatment Plants for Islands

Electricity consumption of the plants was analyzed and the HOMER Energy software was used to evaluate the cost of electricity ($/kWh) of various energy system configurations,

Newsletter Archives Each of us a Healer: Medicine Buddha and the Karma of Healing Copyright C 2000, ExoticIndiaArt

The Buddhist tradition identifies the Medicine Buddha as the ideal healer, and it also stresses that the utmost powers of healing lie within our own selves.. According to Deepak

TATA AIG GENERAL INSURANCE COMPANY LIMITED

TATA AIG General Insurance Company Limited (We, Our or Us) will provide the insurance described in this Policy and any endorsements thereto for the Insured Period as defined in

Recommendation for a Council Decision concluding an agreement between the European Economic Community and the Republic of Niger for the supply of cereals as food aid COM (74) 449 final, 9 April 1974

Deliveries shall be made in ncnv jute bags with a net weight of 50 kg each free to places of destination to be determined between the country.. of destination

How to Cheat at VolP Security pdf

Firewalls, network and system intrusion detection, authentication systems, anti-virus scanners, and other security controls, which should already be in place, are

Bwlding the Molecular Machinery of Memory: Local Protein Synthesis in Hippocampal Neurons

ity. Enhancement of excitatory neurotransmitter release in- duced by BDNF in cult ured hippocampal neurons. Expression of a dominant negative Trk B receptor, T1, reveals a

Super Pivotal Categories, Fermion Condensation, and Fermionic Topological Phases

fusion rules, compute the ground state degeneracy on the torus, and study the modular transformations of the theory... In Chapters 4 and 5 , we present a collection of more

HIPAA FOR HUMAN RESOURCE EXECUTIVES. Stuart Miller, Esq. Gerry Hinkley, Esq. Davis Wright Tremaine LLP

so, unless the group health plan ensures that the plan documents restrict uses and disclosures of PHI by the plan sponsor as required by HIPAA... PLAN