- Same as a router, the switch allows us to configure some of the basic things using a set-up script. - This set-up script is simply a yes/no interactive questionnaire that allows any novice to get the switch up and running. - When we say “no” to the set-up script, we’re left in a basic mode (user EXEC mode, discussed in the previous router articles):. - In order to be able to configure anything, we need to be in privilege EXEC mode (a.k.a. - The command that takes us to the privilege exec mode is. - At privilege level 15, since we’re allowed to do basically anything we wish, it’s important to be careful of the commands we type. - We can determine the mode we’re in by the prompts we see, or we can type the command “show privilege”. - One of the basic things to configure is the switch hostname. - The command to do that is “hostname” followed by the name that we wish to assign to the switch:. - Note that changing a switch’s name is a global task, so in order to pull that off, we needed to be in the global configuration mode. - We used the “configure terminal” command to get there. - Note, also, the change in the prompt. - So, we have changed the switch’s name to AccessSwitch.. - Unlike a router, which is a Layer 3 device and has many interfaces that we put IP addresses on, the switch is a Layer 2 device that doesn’t really need any IP addresses. - The only reason to assign an IP address on the switch would be to manage it remotely.. - In fact, you could take a brand new 2950 switch out of the box, start plugging users into it, and the users would be able to communicate with each other and on the network (providing we haven’t messed up the IP addresses on the PCs). - Cisco’s 2950 Catalyst switch assumes that all ports out of the box are part of one logi- cal Layer 2 grouping called VLAN 1.. - So, let’s say we want to be able to manage this switch—meaning we want to be able to ping this switch from remote systems, telnet to and from it, ping from it, and possibly access it via http or any other GUI manage- ment method. - The IP address we are about to assign will be used as a destination IP if we are connecting to the switch remotely. - If we are pinging from the switch, then this IP address will be the source address.. - In a switch, the IP address is assigned to a management VLAN. - Let’s configure this VLAN 1 with an IP address and ensure that remote systems can ping us:. - AccessSwitch(config)#ip default-gateway 10.1.1.1 AccessSwitch(config)#end. - What have we done here? First, we went to the software interface mode we wanted to configure, VLAN 1, and then we assigned the IP address on it while we were in the interface configuration mode (IP address. - Then, we brought up the interface using the “no shutdown”. - Next, the “exit” command takes us one step back to the global configuration mode where we assigned a default gateway of 10.1.1.1 for all remote communications from this switch’s IP network (10.1.1.0 subnetwork).. - Wait… we rushed and gave other administrators in our organization the IP address of our switch. - They are able to ping us, but unfortunately the telnet is not working. - Hmm, I wonder why? That need to be fixed. - We configured an IP address on our management interface VLAN 1, and we assigned a default gateway on the switch, so people are now able to ping us. - We are also able to ping our local and remote systems, proving to us that the router is routing and taking us to those remote networks (For demonstration purposes, our router IP is 10.1.1.1).. - However, when people tried to telnet to our switch, they weren’t able to. - We have to allow telnet access so our other administrators can telnet to our device. - We also want to ensure that we do all basic configurations so our switch is protected.. - Let’s configure the basic components. - For explanation purposes, let’s put a line number on the left side of the commands.. - Line 5: AccessSwitch(config-line)#password cisco Line 6: AccessSwitch(config-line)#exit. - Line 9: AccessSwitch(config-line)#password cisco Line 10: AccessSwitch(config-line)#exec-timeout 20 30 Line 11: AccessSwitch(config-line)#logging sync Line 12: AccessSwitch(config-line)#end. - In Line 1, using the “enable” command, we went to the privilege EXEC mode.. - In Line 2, at the privilege EXEC mode, using the command “config t” (short for “configure terminal” since Cisco devices allow us to abbreviate to save time and typing), we went to the global configuration mode.. - In Line 3, at the global configuration mode using the command “line vty 0 4”, we specified that we wish to allow five simultaneous telnet connections to our AccessSwitch, 0 being the first connection and 4 being the fifth connection. - In Line 4, we basically specified that we want people to be able to login.. - In Line 5, we configured the password that will allow people to be able to login to this switch.. - In Line 6, we used the “exit” command to go one step back. - In this case, we went from line configuration mode to global configuration mode.. - In Line 7, we used the “line console 0” command to go to the line configuration mode. - For the console config- uration, we were first there for VTY access—the five telnet connections we configured in Line 3.. - Line 10 specifies that we want the connection to time out after 20 minutes and 30 seconds of no activity.. - Line 12 uses the command “end,” which takes us straight to the privilege EXEC mode. - In Line 13, we saved the configuration from RAM to NVRAM so it will be loaded the next time we reload the box or if we lose power to the box.. - In Line 14, we used the “disable” command to take us from privilege EXEC mode to user EXEC mode.. - At Line 15, we are at the user EXEC mode.. - Now that we have a basic switch running and people are able not only to ping us but also to telnet to this switch, we should do some basic things to secure the switch and/or we should do some fun Layer 2 things.. - We have just set up a basic IP address on it for man- agement purposes, along with the default gateway so that it can be managed from remote locations.. - Many other cool things can be set up on the switch that’ll make our lives a little easier. - This logical breakdown of the networks is known as a Virtual Local Area Network (VLAN).. - These top- ics are covered in the CCNA Boot Camp at Global Knowledge. - When the switch is turned on, the default is that every port on that switch is part of the same logical group called VLAN1. - All systems that will be plugged into this switch would therefore be part of the same grouping.. - Now that we are about to create logical grouping in this switch, we should be very comfortable with IP sub- nets. - If you’re not, you can check out my white paper “Solving the Mysteries of Subnetting” in the Knowledge Center at globalknowledge.com.. - For example purposes, let’s assume that our switch is a 24-port switch. - This is the same switch we have been using in our previous articles. - Let’s start with two VLANs and do the other two later.. - The command to create the VLAN is done at the global configuration mode (refer to the previous articles if you are not sure about what the different modes are).. - Now that we have created the VLANs, we can verify that they exist using the “Show vlan” command from the privilege EXEC mode. - You can see from the configuration above that we also gave these VLANs a descriptive name (2nd Floor and 3rd Floor in our example). - This optional descriptive name is just to make things easier later on if we have to troubleshoot any VLAN issues. - These names don’t describe the function of the VLANs. - Typically you would use the names to describe the purpose of the VLAN in real life, like Marketing, or Production, or Research, or something that can identify the purpose of these VLANs.. - At this point, these VLANs are not accomplishing anything, since we haven’t assigned our ports to the VLANs.. - The ports still belong to the default VLAN 1. - So, let’s change our ports’ memberships to VLAN 2 and VLAN 3.. - For our example, let’s assign port 7 to VLAN 2 and assign port 18 to VLAN 3. - Again, we can verify the membership by the “Show vlan” command.. - We have now created two VLANs (VLAN1 already exists so we really have three VLANs so far) and port 7 and port 18 have been specifically added to VLAN 2 and VLAN 3, respectively.. - Current versions of the Cisco’s Operating System provide an option to specify a range of ports so we can add multiple ports in a VLAN in one shot. - Let’s do that for the ports from fa 0/19 to fa 0/24 (remember fa in these commands just means FastEthernet):. - Now, some people argue that this two-step process—creating the VLANs then assigning the ports to the appropriate VLAN—is also too much. - For those people (not for the exam), the correct answer would be to just go to the interface configuration mode and start assigning the ports to the VLANs. - The Cisco switch is smart enough to know that the VLAN doesn’t exist, and it will create the VLAN for you as well as assign the port(s) to the VLAN.. - Let’s see that in action. - As you see in the commands above, the system throws an information message at you letting you know that the Access VLAN you are trying to assign to this port doesn’t exist, and it will create it for you. - At this point, we have VLANs created on our switch, an IP address on it for management, and passwords for telnet. - Keep in mind that these topics are going to be covered in much more interesting details in vari- ous other courses
Xem thử không khả dụng, vui lòng xem tại trang nguồn hoặc xem
Tóm tắt