icnd22s01l04
TRANSCRIPT
-
7/29/2019 ICND22S01L04
1/22
2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-1
Configuring Catalyst Switch Operations
Configuring a Catalyst Switch
-
7/29/2019 ICND22S01L04
2/22
2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-2
Outline
Overview
Catalyst Switch Default Configuration Verification
Catalyst Switch IP Address and Default GatewayConfiguration
Duplexing and Speed
Duplex Interface Configuration
MAC Address Table Management
Port Security Configuration
Adds, Moves, and Changes for Access Layer CatalystSwitches
Catalyst Switch Configuration File Management
Summary
-
7/29/2019 ICND22S01L04
3/22
2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-3
IP address: 0.0.0.0
CDP: enabled
100BaseT port: autonegotiate duplex mode
Spanning tree: enabled
Console password: none
Catalyst 2950 Series DefaultConfiguration
-
7/29/2019 ICND22S01L04
4/22
2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-4
wg_sw_2950#show run
Building configuration...Current configuration:!!interface FastEthernet0/1
!interface FastEthernet0/2
wg_sw_2950#show spanning-tree detail
Port 11 (FastEthernet0/11) of VLAN0001 is forwardingPort path cost 19, Port priority 128, Port Identifier 128.11.Designated root has priority 1, address 0008.20fc.a840Designated bridge has priority 1, address 0008.20fc.a840Designated port id is 128.11, designated path cost 0Timers: message age 2, forward delay 0, hold 0
Number of transitions to forwarding state: 1Link type is point-to-point by defaultBPDU: sent 5, received 1181993
wg_sw_2950#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/6, Fa0/7, Fa0/8,Fa0/9, Fa0/10, Fa0/11, Fa0/12,Fa0/13, Fa0/14, Fa0/15, Fa0/16,Fa0/17, Fa0/18, Fa0/19, Fa0/20,Fa0/21, Fa0/22, Fa0/23, Fa0/24
Port Names onCatalyst 2950 Series Switches
-
7/29/2019 ICND22S01L04
5/22
2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-5
Configuring theSwitch IP Address
wg_sw_2950(config)#interface vlan 1wg_sw_2950(config-if)#ip address 10.5.5.11 255.255.255.0
wg_sw_2950(config-if)#ip address {ip_address}{mask}
Configures an IP address and subnet mask for the switch VLAN1 interface
Catalyst 2950 Series
-
7/29/2019 ICND22S01L04
6/22
2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-6
wg_sw_a(config)#ip default-gateway {ip address} Configures the switch default gateway for the 2950
series switches
Configuring the Switch DefaultGateway
wg_sw_a(config)#ip default-gateway 10.5.5.3
-
7/29/2019 ICND22S01L04
7/22 2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-7
Showing the Switch IP Address
Catalyst 2950 Series
wg_sw_2950#show interfaces vlan 1
Vlan1 is up, line protocol is upHardware is CPU Interface, address is 0008.a445.9b40 (bia 0008.a445.9b40)Internet address is 10.2.2.11/24
. . .wg_sw_2950#
-
7/29/2019 ICND22S01L04
8/22 2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-8
Duplex Overview
Half Duplex (CSMA/CD)
Unidirectional data flow
Higher potential for collision
Hubs connectivity
Full Duplex
Point-to-point only
Attached to dedicated switched port Requires full-duplex support on both ends
Collision-free
Collision detect circuit disabled
-
7/29/2019 ICND22S01L04
9/22 2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-9
Setting Duplex Options
Catalyst 2950 Series
wg_sw_2950(config)#interface fa0/1wg_sw_2950(config-if)#duplex {auto | full | half}
-
7/29/2019 ICND22S01L04
10/22 2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-10
Showing Duplex Options
Switch#show interfaces fastethernet0/2FastEthernet0/2 is up, line protocol is up (connected)Hardware is Fast Ethernet, address is 0008.a445.9b42 (bia 0008.a445.9b42)MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255Encapsulation ARPA, loopback not setKeepalive set (10 sec)Half-duplex, 10Mb/sinput flow-control is unsupported output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00Last input 00:00:57, output 00:00:01, output hang neverLast clearing of "show interface" counters neverInput queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0Queueing strategy: fifoOutput queue: 0/40 (size/max)5 minute input rate 0 bits/sec, 0 packets/sec5 minute output rate 0 bits/sec, 0 packets/sec
323479 packets input, 44931071 bytes, 0 no bufferReceived 98960 broadcasts (0 multicast)
1 runts, 0 giants, 0 throttles1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored0 watchdog, 36374 multicast, 0 pause input0 input packets with dribble condition detected1284934 packets output, 103121707 bytes, 0 underruns0 output errors, 2 collisions, 6 interface resets0 babbles, 0 late collision, 29 deferred0 lost carrier, 0 no carrier, 0 PAUSE output0 output buffer failures, 0 output buffers swapped out
-
7/29/2019 ICND22S01L04
11/22 2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-11
Managing the MAC Address Table
Catalyst 2950 Series
wg_sw_2950#show mac-address-tableMac Address Table
-------------------------------------------
Vlan Mac Address Type Ports---- ----------- -------- -----All 0008.a445.9b40 STATIC CPUAll 0100.0ccc.cccc STATIC CPUAll 0100.0ccc.cccd STATIC CPUAll 0100.0cdd.dddd STATIC CPU
1 0008.e3e8.0440 DYNAMIC Fa0/2Total Mac Addresses for this criterion: 5
wg_sw_2950#
-
7/29/2019 ICND22S01L04
12/22 2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-12
Setting a Static MAC Address
wg_sw_2950(config)#mac-address-table staticmac-addrvlan vlan-idinterface interface-id
Catalyst 2950 Series
wg_sw_2950(config)# mac-address-table static 0004.5600.67ab vlan 1interface fastethernet0/2
-
7/29/2019 ICND22S01L04
13/22 2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-13
Configuring Port Security
Catalyst 2950 Series
wg_sw_2950(config-if)#switchport port-security [mac-addressmac-address] | [maximumvalue] | [violation {protect |restrict| shutdown}]
wg_sw_2950(config)#interface fa0/1wg_sw_2950(config-if)#switchport mode accesswg_sw_2950(config-if)#switchport port-securitywg_sw_2950(config-if)#switchport port-security maximum 1
wg_sw_2950(config-if)#switchport port-security mac-address 0008.eeee.eeeewg_sw_2950(config-if)#switchport port-security violation shutdown
-
7/29/2019 ICND22S01L04
14/22 2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-14
wg_sw_2950#show port-security[interface interface-id] [address] [ |{begin | exclude | include} expression]
Verifying Port Securityon the Catalyst 2950 Series
wg_sw_2950#show port-security interface fastethernet 0/5Port Security : EnabledPort Status : Secure-upViolation Mode : ShutdownAging Time : 20 minsAging Type : AbsoluteSecureStatic Address Aging : DisabledMaximum MAC Addresses : 1Total MAC Addresses : 1Configured MAC Addresses : 0Sticky MAC Addresses : 0
Last Source Address : 0000.0000.0000Security Violation Count : 0
-
7/29/2019 ICND22S01L04
15/22 2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-15
Verifying Port Securityon the Catalyst 2950 Series (Cont.)
wg_sw_2950#sh port-securitySecure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)--------------------------------------------------------------------------
Fa0/2 1 1 0 Shutdown---------------------------------------------------------------------------Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 1024
wg_sw_2950#sh port-security addressSecure Mac Address Table
-------------------------------------------------------------------Vlan Mac Address Type Ports Remaining Age
(mins)---- ----------- ---- ----- -------------1 0008.dddd.eeee SecureConfigured Fa0/5 -
-------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0Max Addresses limit in System (excluding one mac per port) : 1024
-
7/29/2019 ICND22S01L04
16/22 2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-16
Executing Adds, Moves, and Changesfor MAC Addresses
Adding a MAC Address
1. Configure port security.
2. Configure the MAC address.
Changing a MAC Address1. Remove MAC address restrictions.
Moving a MAC Address
1. Add the address to a new port.
2. Configure port security on thenew switch.
3. Configure the MAC address to theport allocated for the new user.
4. Remove the old port configuration.
-
7/29/2019 ICND22S01L04
17/22 2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-17
Adding a New Switchto the Network
1. Determine the IP address formanagement purposes.
2. Configure administrative accessfor the console, auxiliary, and vtyinterfaces.
3. Configure security for the device.
4. Configure the access switchports as necessary.
-
7/29/2019 ICND22S01L04
18/22 2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-18
Managing the Configuration File
wg_sw_2950#copy nvram:startup-config tftp:[[[//location]/directory]/filename]
Catalyst 2950 Series
wg_sw_2950# copy nvram:startup-config tftp://172.16.2.155/wg_sw_a.cfgAddress or name of remote host [172.16.2.155]?Destination filename [wg_sw_a.cfg]?!!1189 bytes copied in 0.068 secs (17485 bytes/sec)wg_sw_2950#
Uploads the system running configuration to a TFTP server
wg_sw_2950#copy system:running-config tftp:[[[//location]/directory]/filename]
Uploads the startup configuration in NVRAM to a TFTP server
-
7/29/2019 ICND22S01L04
19/22 2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-19
Clearing NVRAM
Resets the system configuration to factory defaults
wg_sw_2950#erase nvram:-or-
wg_sw_2950#erase startup-config
Catalyst 2950 Series
wg_sw_2950#erase nvram:Erasing the nvram filesystem will remove allconfiguration files! Continue? [confirm][OK]Erase of nvram: complete
wg_sw_2950#
-
7/29/2019 ICND22S01L04
20/22 2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-20
Summary
A Catalyst switch comes with factory default settingsthat can be displayed with the show command.
The ip address command is used to configure an IP
address and subnet mask on a switch. The ip default-gateway command is used to configure a defaultgateway.
The duplex command is used to configure switchduplex options.
MAC address tables include dynamic and staticaddresses. The switchport port-security mac-addresscommand is used to set static MAC addresses.
-
7/29/2019 ICND22S01L04
21/22
2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-21
Summary (Cont.)
The port security feature can be used to restrict inputto an interface by limiting and identifying MACaddresses of the stations that are allowed to accessthe port.
As network endpoint topology changes because ofadded, moved, and changed devices and interfaces,the switch configuration may need to be modified.
The copy command can be used to copy aconfiguration from or to a file server. The erasenvram: command resets the switch configuration tothe factory default settings.
-
7/29/2019 ICND22S01L04
22/22