icnd22s01l04

7/29/2019 ICND22S01L04

1/22

2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-1

Configuring Catalyst Switch Operations

Configuring a Catalyst Switch

7/29/2019 ICND22S01L04

2/22


Outline

Overview

Catalyst Switch Default Configuration Verification

Catalyst Switch IP Address and Default GatewayConfiguration

Duplexing and Speed

Duplex Interface Configuration

MAC Address Table Management

Port Security Configuration

Adds, Moves, and Changes for Access Layer CatalystSwitches

Catalyst Switch Configuration File Management

Summary

7/29/2019 ICND22S01L04

3/22


IP address: 0.0.0.0

CDP: enabled

100BaseT port: autonegotiate duplex mode

Spanning tree: enabled

Console password: none

Catalyst 2950 Series DefaultConfiguration

7/29/2019 ICND22S01L04

4/22


wg_sw_2950#show run

Building configuration...Current configuration:!!interface FastEthernet0/1

!interface FastEthernet0/2

wg_sw_2950#show spanning-tree detail

Port 11 (FastEthernet0/11) of VLAN0001 is forwardingPort path cost 19, Port priority 128, Port Identifier 128.11.Designated root has priority 1, address 0008.20fc.a840Designated bridge has priority 1, address 0008.20fc.a840Designated port id is 128.11, designated path cost 0Timers: message age 2, forward delay 0, hold 0

Number of transitions to forwarding state: 1Link type is point-to-point by defaultBPDU: sent 5, received 1181993

wg_sw_2950#show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4,

Fa0/5, Fa0/6, Fa0/7, Fa0/8,Fa0/9, Fa0/10, Fa0/11, Fa0/12,Fa0/13, Fa0/14, Fa0/15, Fa0/16,Fa0/17, Fa0/18, Fa0/19, Fa0/20,Fa0/21, Fa0/22, Fa0/23, Fa0/24

Port Names onCatalyst 2950 Series Switches

7/29/2019 ICND22S01L04

5/22


Configuring theSwitch IP Address

wg_sw_2950(config)#interface vlan 1wg_sw_2950(config-if)#ip address 10.5.5.11 255.255.255.0

wg_sw_2950(config-if)#ip address {ip_address}{mask}

Configures an IP address and subnet mask for the switch VLAN1 interface

Catalyst 2950 Series

7/29/2019 ICND22S01L04

6/22


wg_sw_a(config)#ip default-gateway {ip address} Configures the switch default gateway for the 2950

series switches

Configuring the Switch DefaultGateway

wg_sw_a(config)#ip default-gateway 10.5.5.3

7/29/2019 ICND22S01L04

7/22 2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-7

Showing the Switch IP Address


wg_sw_2950#show interfaces vlan 1

Vlan1 is up, line protocol is upHardware is CPU Interface, address is 0008.a445.9b40 (bia 0008.a445.9b40)Internet address is 10.2.2.11/24

. . .wg_sw_2950#

7/29/2019 ICND22S01L04


Duplex Overview

Half Duplex (CSMA/CD)

Unidirectional data flow

Higher potential for collision

Hubs connectivity

Full Duplex

Point-to-point only

Attached to dedicated switched port Requires full-duplex support on both ends

Collision-free

Collision detect circuit disabled

7/29/2019 ICND22S01L04


Setting Duplex Options


wg_sw_2950(config)#interface fa0/1wg_sw_2950(config-if)#duplex {auto | full | half}

7/29/2019 ICND22S01L04


Showing Duplex Options

Switch#show interfaces fastethernet0/2FastEthernet0/2 is up, line protocol is up (connected)Hardware is Fast Ethernet, address is 0008.a445.9b42 (bia 0008.a445.9b42)MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

reliability 255/255, txload 1/255, rxload 1/255Encapsulation ARPA, loopback not setKeepalive set (10 sec)Half-duplex, 10Mb/sinput flow-control is unsupported output flow-control is unsupported

ARP type: ARPA, ARP Timeout 04:00:00Last input 00:00:57, output 00:00:01, output hang neverLast clearing of "show interface" counters neverInput queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0Queueing strategy: fifoOutput queue: 0/40 (size/max)5 minute input rate 0 bits/sec, 0 packets/sec5 minute output rate 0 bits/sec, 0 packets/sec

323479 packets input, 44931071 bytes, 0 no bufferReceived 98960 broadcasts (0 multicast)

1 runts, 0 giants, 0 throttles1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored0 watchdog, 36374 multicast, 0 pause input0 input packets with dribble condition detected1284934 packets output, 103121707 bytes, 0 underruns0 output errors, 2 collisions, 6 interface resets0 babbles, 0 late collision, 29 deferred0 lost carrier, 0 no carrier, 0 PAUSE output0 output buffer failures, 0 output buffers swapped out

7/29/2019 ICND22S01L04


Managing the MAC Address Table


wg_sw_2950#show mac-address-tableMac Address Table

-------------------------------------------

Vlan Mac Address Type Ports---- ----------- -------- -----All 0008.a445.9b40 STATIC CPUAll 0100.0ccc.cccc STATIC CPUAll 0100.0ccc.cccd STATIC CPUAll 0100.0cdd.dddd STATIC CPU

1 0008.e3e8.0440 DYNAMIC Fa0/2Total Mac Addresses for this criterion: 5

wg_sw_2950#

7/29/2019 ICND22S01L04


Setting a Static MAC Address

wg_sw_2950(config)#mac-address-table staticmac-addrvlan vlan-idinterface interface-id


wg_sw_2950(config)# mac-address-table static 0004.5600.67ab vlan 1interface fastethernet0/2

7/29/2019 ICND22S01L04


Configuring Port Security


wg_sw_2950(config-if)#switchport port-security [mac-addressmac-address] | [maximumvalue] | [violation {protect |restrict| shutdown}]

wg_sw_2950(config)#interface fa0/1wg_sw_2950(config-if)#switchport mode accesswg_sw_2950(config-if)#switchport port-securitywg_sw_2950(config-if)#switchport port-security maximum 1

wg_sw_2950(config-if)#switchport port-security mac-address 0008.eeee.eeeewg_sw_2950(config-if)#switchport port-security violation shutdown

7/29/2019 ICND22S01L04


wg_sw_2950#show port-security[interface interface-id] [address] [ |{begin | exclude | include} expression]

Verifying Port Securityon the Catalyst 2950 Series

wg_sw_2950#show port-security interface fastethernet 0/5Port Security : EnabledPort Status : Secure-upViolation Mode : ShutdownAging Time : 20 minsAging Type : AbsoluteSecureStatic Address Aging : DisabledMaximum MAC Addresses : 1Total MAC Addresses : 1Configured MAC Addresses : 0Sticky MAC Addresses : 0

Last Source Address : 0000.0000.0000Security Violation Count : 0

7/29/2019 ICND22S01L04


Verifying Port Securityon the Catalyst 2950 Series (Cont.)

wg_sw_2950#sh port-securitySecure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action

(Count) (Count) (Count)--------------------------------------------------------------------------

Fa0/2 1 1 0 Shutdown---------------------------------------------------------------------------Total Addresses in System (excluding one mac per port) : 0

Max Addresses limit in System (excluding one mac per port) : 1024

wg_sw_2950#sh port-security addressSecure Mac Address Table

-------------------------------------------------------------------Vlan Mac Address Type Ports Remaining Age

(mins)---- ----------- ---- ----- -------------1 0008.dddd.eeee SecureConfigured Fa0/5 -

-------------------------------------------------------------------

Total Addresses in System (excluding one mac per port) : 0Max Addresses limit in System (excluding one mac per port) : 1024

7/29/2019 ICND22S01L04


Executing Adds, Moves, and Changesfor MAC Addresses

Adding a MAC Address

1. Configure port security.

2. Configure the MAC address.

Changing a MAC Address1. Remove MAC address restrictions.

Moving a MAC Address

1. Add the address to a new port.

2. Configure port security on thenew switch.

3. Configure the MAC address to theport allocated for the new user.

4. Remove the old port configuration.

7/29/2019 ICND22S01L04


Adding a New Switchto the Network

1. Determine the IP address formanagement purposes.

2. Configure administrative accessfor the console, auxiliary, and vtyinterfaces.

3. Configure security for the device.

4. Configure the access switchports as necessary.

7/29/2019 ICND22S01L04


Managing the Configuration File

wg_sw_2950#copy nvram:startup-config tftp:[[[//location]/directory]/filename]


wg_sw_2950# copy nvram:startup-config tftp://172.16.2.155/wg_sw_a.cfgAddress or name of remote host [172.16.2.155]?Destination filename [wg_sw_a.cfg]?!!1189 bytes copied in 0.068 secs (17485 bytes/sec)wg_sw_2950#

Uploads the system running configuration to a TFTP server

wg_sw_2950#copy system:running-config tftp:[[[//location]/directory]/filename]

Uploads the startup configuration in NVRAM to a TFTP server

7/29/2019 ICND22S01L04


Clearing NVRAM

Resets the system configuration to factory defaults

wg_sw_2950#erase nvram:-or-

wg_sw_2950#erase startup-config


wg_sw_2950#erase nvram:Erasing the nvram filesystem will remove allconfiguration files! Continue? [confirm][OK]Erase of nvram: complete

wg_sw_2950#

7/29/2019 ICND22S01L04


Summary

A Catalyst switch comes with factory default settingsthat can be displayed with the show command.

The ip address command is used to configure an IP

address and subnet mask on a switch. The ip default-gateway command is used to configure a defaultgateway.

The duplex command is used to configure switchduplex options.

MAC address tables include dynamic and staticaddresses. The switchport port-security mac-addresscommand is used to set static MAC addresses.

7/29/2019 ICND22S01L04

21/22


Summary (Cont.)

The port security feature can be used to restrict inputto an interface by limiting and identifying MACaddresses of the stations that are allowed to accessthe port.

As network endpoint topology changes because ofadded, moved, and changed devices and interfaces,the switch configuration may need to be modified.

The copy command can be used to copy aconfiguration from or to a file server. The erasenvram: command resets the switch configuration tothe factory default settings.

7/29/2019 ICND22S01L04

22/22

icnd22s01l04

Documents