Mettu University

Faculty of Engineering and Technology

Department of Information Technology

Title : Network Device and Configuration

Doc. Type : Lab Manuals
Lab ID : Lab_01
Title : Basic Network Device Configuration
 Device Interface IP Address Subnet Mask Default Gateway
PC1 NIC 192.168.10.20 255.255.255.0 192.168.10.10
PC2 NIC 192.168.10.30 255.255.255.0 192.168.10.10
SW1 VLAN1 192.168.10.10 255.255.255.0 192.168.10.1

1 Learning Objectives
• Upon completion of this lab, you will be able to:

– Cable a network according to the topology diagram

– Clear an existing configuration on a switch
– Examine and verify the default configuration
– Create a basic switch configuration, including a name and an IP address
– Configure passwords to ensure that access to the CLI is secured

2 Task 1 : Cable a network

• Configurations on the switch is performed on 2960 switch

• You can connect the first computer to the switch by using two cables:

1. The first is by using a straight-through cable for a normal network connection (to communicate
with other connected computers or other devices on the network).
2. the second is by using a console (roll-over, which is depicted by blue line on the emulator)
cable to configure the switch.

• The second computer connected to the switch via a straight-through cable, at port number 1.

Page 2 of 20
3 Task 2: Clearing an existing configuration and Reloading the switch
As your first lab in this course it is necessary to start with an unconfigured switch. Using a switch
with an existing configuration may produce unpredictable results. These instructions show you how
to prepare the switch prior to starting the lab. These instructions are for the 2960 switch; however, the
procedure for the 2900 and 2950 switches is the same.

3.1 Step 1: Enter privileged EXEC mode by typing the enable command.
If prompted for a password, enter console. If that does not work, ask the instructor.

3.2 Step 2: Remove the VLAN database information file

3.3 Step 3: Remove the switch startup configuration file from NVRAM.

3.4 Step 4: Check that the VLAN information was deleted

Verify that the VLAN configuration was deleted in Step 2 using the show vlan command. If the
VLAN information was successfully deleted in Step 2, go to Step 5 and restart the switch using the
reload command.

If previous VLAN configuration information is still present (other than the default management VLAN
1), you must power-cycle the switch instead of issuing the reload command. To power-cycle the switch,
remove the power cord from the back of the switch or unplug it, and then plug it back.

3.5 Step 5: Restart the software.

Note: This step is not necessary if the switch was restarted using the power-cycle method. At the
privileged EXEC mode prompt, enter the reload command.

Page 3 of 20
4 Task 3: Examine and verify the default configuration
4.1 Step 1: Enter privileged mode
You can access all the switch commands in privileged mode. However, because many of the privileged
commands configure operating parameters, privileged access should be password-protected to prevent
unauthorized use. The privileged EXEC command set includes those commands contained in user
EXEC mode, as well as the configure command through which access to the remaining command
modes are gained. Enter privileged EXEC mode by entering the enable command.

Notice that the prompt changed in the configuration to reflect privileged EXEC mode.

4.2 Step 2: Examine the current switch configuration

Examine the current running configuration file.

Examine the current contents of NVRAM.

Examine the characteristics of the virtual interface VLAN1:

Now view the IP properties of the interface:

Page 4 of 20
4.3 Step 3: Display Cisco IOS information
Examine the following version information that the switch reports.

4.4 Step 4: Examine the Fast Ethernet interfaces

Examine the default properties of the Fast Ethernet interface used by PC1.

4.5 Step 5: Examine VLAN information

Examine the default VLAN settings of the switch.

4.6 Step 6 Examine flash memory

Issue one of the following commands to examine the contents of the flash directory. Files have a file
extension, such as .bin, at the end of the filename. Directories do not have a file extension.

Page 5 of 20
4.7 Step 7: Examine the startup configuration file
To view the contents of the startup configuration file, issue the show startup-config command in
privileged EXEC mode.

Let’s make one configuration change to the switch and then save it. Type the following commands:

Page 6 of 20
Getting Help
• In any command mode, you can get a list of available commands by entering a question mark (?).

• To obtain a list of commands that begin with a particular character sequence, type in those
characters followed immediately by the question mark (?).

• To list keywords or arguments, enter a question mark in place of a keyword or argument. Include
a space before the question mark.

Command interpretation
When the switch interprets the commands entered, it compares the command to the possible commands
in that mode and if there is a single match with the characters given the switch executes the command.
An example might make it clear. Let’s say we want to move from unprivileged to privilege mode.
The command is enable.

The same thing can be done with every command. As long as there’s no other command sharing the
characters given, the switch will accept the command as the one it can translate to. The hostname can
therefore be set with the command:

Page 7 of 20
Basic switch names
The switch name is tool to let us see what device we are connected to. The prompt will display the
name of the switch so,
Switch>
tells us that we are connected to a switch named ’Switch’. The prompt also tells us another thing,
"where" in the different hierarchical modes of the switch we are, in this case we are in ’unprivileged
mode’. The switch has three basic modes, unprivileged, privilege (or enable) and configuration (global
configuration) mode. The prompts are, in the same order:

The configuration mode actually has a few sub-modes like interface configuration and line configuration
modes:

Some features, like the configuration VLAN, have their own sub-modes.

Navigation between modes

Moving between modes is done by calling the "name" of the mode if you want to move up in the
hierarchy and exit or end if you want to move down:

Notice how the move from line-configuration to privilege mode differs from the move from
interface-configuration to configuration mode? The command exit will move you down one step
while end will take you all the way back to privilege mode no matter where you start.

Page 8 of 20
5 Task 4: Create a Basic Switch Configuration
5.1 Step 1: Assign a name to the switch
The configuration mode is mainly used for configuration that will affect the "whole" switch (in
contrast to interface configuration mode that will only affect the specified interface or interfaces). To
change the name, move to configuration mode and execute the following command:

NB: whenever you made changes to the switch, make sure that you save your work, and you saved
your new configurations to the NVRAM (to the start up configuration).

Page 9 of 20
5.2 Step 2: Disabling DNS look-up
Apart from the command interpretation and shortening, the switch will interpret any unknown single
command in unprivileged or privileged mode as an attempt to make a telnet connection. This can
be quite annoying since a spelling error for enable (let’s say enalbe ) could turn into a waiting period
while the DNS times out the switch realizes that it can’t find an IP for ’ enalbe’. The lookup will be
done even if the switch don’t have an IP enable interface.

Depending on the software, the domain-lookup part might be split into two (domain lookup).
As we see in the command to disable DNS look-up the keyword ’no’ is used before the command. To
enable look-up, just issue the command without the no, i.e. ip domain-lookup. This is the standard
way to turn off function in Cisco IOS. For example if we want to enable an interface, we issue the no
shutdown command and if we want to disable it, we just issue shutdown. Now copy the running
configuration to the startup configuration, and then make sure that the changes are done by issuing
the show command

6 Task 5. Set the Access Passwords

Passwords can be configured to control who can access what on the switch. Different passwords can
be used to limit access to:

• the switch via the console

• the switch via the network,

• protects access to privileged EXEC mode

6.1 Step 1: Setting Privilege Mode Password (enable password/secret)

There are actually two ways to configure the "enable" password for the switch, one is in plain text by
using the keyword password and the other is in encrypted text in a special form of the MD5 hash by
using the keyword secret.

Page 10 of 20
To configure password using the secret keyword, use the following command:

Whenever a user tries to move from the unprivileged mode to the privilege mode, a prompt will appear
asking for the password as shown in below, and enter secret.

NB: If you configure password by using both the password and secret keywords, then the secret
password will get the priority.

6.2 Step 2: Setting Password for the Console

To limit the access via the console port (used for initial and on site configuration) use the following
string of commands:

Page 11 of 20
1
2 SW1 # configure terminal
3 - >({ enter to the global configuration mode )
4 SW1 ( config ) # line console 0
5 - >( enter to the line configuration mode )
6 SW1 ( config - line )# password console
7 - >( set the password for console access to ' console ')
8 SW1 ( config - line )# login
9 - >( tell the switch to prompt for password during login )
10 SW1 ( config - line )# end
11 - >( going the whole way back to the privileged mode )
12 SW1 # show running - config
13 - >( checking your configuration )

This will set the password ’con’ for the console line. Whenever someone connect to the port, they
will be prompted for this password. Now let’s check the effect of our configuration:

Page 12 of 20
6.3 Step 3: Accessing the switch from PC1 through the console interface:
Go to PC1 and click on it, click on the Desktop tab, click on terminal, then OK

6.4 Step 4: Setting Password for Network Access

Since it’s not always possible to make a physical connection to the switch, it might be a good idea to
make it accessible via the network. The simplest way is to allow access via telnet, only prompting for
a password:

Now we configured the switch to ask for password when someone tries to connect. What remains is,
assigning an IP address to the switch. Before you can manage SW1 remotely from PC1, you need to
assign the switch an IP address. The default configuration on the switch is to have the management
of the switch controlled through VLAN 1. However, a best practice for basic switch configuration is
to change the management VLAN to a VLAN other than VLAN 1. The implications and reasoning
behind this action are explained in the next chapters.

Page 13 of 20
 Create VLAN Management
1 SW1#configure terminal
2 SW1(config)#vlan 99 (creating new VLAN, rather than using VLAN 1)
3 SW1(config-vlan)#name Management (naming the new VLAN)
4 SW1(config-vlan)#exit
5 SW1(config)#interface vlan 99
6 SW1(config-if)#ip address 192.168.10.10 255.255.255.0
7 SW1(config-if)#no shutdown (by default it is shut down, so open it)
8 SW1(config-if)#end
9 SW1#show running-config
10

Notice that the VLAN 99 interface is in the down state even though you entered the command no
shutdown. The interface is currently down because no switch ports are assigned to VLAN 99. Assign
all user ports to VLAN 99.

6.5 Step 5: Set the switch default gateway

SW1 is a layer 2 switch, so it makes forwarding decisions based on the Layer 2 header. If multiple
networks are is is connected to a switch, you need to specify how the switch forwards the internetwork
frames, because the path must be determined at Layer three. This is done by specifying a default gateway
address that points to a router or Layer 3 switch. Although this activity does not include an external IP
gateway, assume that you will eventually connect the LAN to a router for external access. Assuming
that the LAN interface on the router is 192.168.10.1, set the default gateway for the switch.

Default Gateway
1 SW1(config)#ip default-gateway 192.168.10.1
2 SW1(config)#exit
3

NB: Don’t forget to save your works whenever you make new changes to the switch configuration.

6.6 Step 6: Verify the management LANs settings

Verify the interface settings on VLAN 99.

Page 14 of 20
6.7 Step 7: Configure the IP address and default gateway for PC1
Now we gave IP address to the switch, set password to secure access via network. What remains is,
setting an IP address on the computers, check the connectivity between the computers and the switch,
and finally access the switch from the PC2 via telnet.
First configure the two computers with the necessary as shown below.

• Assign IP address 192.168.10.20 to PC1 with default gateway 192.168.10.10 and subnet mask
255.255.255.0.

• Assign IP address 192.168.10.30 to PC2 with default gateway 192.168.10.10 and subnet mask
255.255.255.0.

Page 15 of 20
6.8 Step 8. Accessing the switch from PC2 using telnet :
Go to PC2, click on PC1 Icon Desktop Command Prompt , and ping the switch’s IP address we assigned
before (192.168.10.10) to check the connectivity between the two devices by using the following
command:

PC>ping 192.168.10.10

The figure above shows that the switch can be accessed from PC2, so what we need to do is use the
following command to access the switch via telnet (don’t forget the password is telnet as we configured
previously):

telnet 192.168.10.10

NB: The password we set on the switch to access it from remote location is telnet. And also as you

Page 16 of 20
type the password, the text will not going to be displayed on the area, so that just type your password
correctly and press enter. Additionally, passwords are case-sensitive, so that donâĂŹt forget to set the
caps-lock key accordingly.

6.9 Step 9: Configuring a banner

A banner can be used to give information to someone that connects to the system. A good idea is to
explain that the system is private, plus the user should be an authorized user to access the system. The
banner text is started and ended with the same escape character – make sure to select one that you won’t
use in the banner text.

7 Configuring Secure Shell(SSH) on Switches Running Cisco IOS

Secure Shell (SSH) is a protocol which provides a secure remote access connection to network devices.
Communication between the client and server is encrypted in both SSH version 1 and SSH version 2.
Implement SSH version 2 when possible because it uses a more enhanced security encryption algorithm.

SSH configuration
1 SW1>enable
2 SW1#configure terminal
3 SW1(config)# ip domain-name lab.com
4 SW1(config)#crypto key generate rsa
5 How many bits in the modulus [512]: 1024
6 SW1(config)#ip ssh version 2
7 SW1(config)#line vty 0 15
8 SW1(config-line)#transport input ssh
9 SW1(config-line)#login local
10 SW1(config-line)#exit
11 SW1(config)#username admin secret ssh1234
12

So what we need to do is use the following command to access the switch via ssh (don’t forget the
password is telnet as we configured previously):

PC>ssh -l admin 192.168.10.10

Page 17 of 20
Page 18 of 20
8 Summary of the Configurations

Page 19 of 20
 Configure Management Interface Address
1 SW1(config)#vlan 99
2 SW1(config-vlan)#name Management
3 SW1(config-vlan)#exit
4 SW1(config)#interface vlan 99
5 SW1(config-if)#ip address 192.168.10.10 255.255.255.0
6 SW1(config-if)#no shutdown
7 SW1(config-if)#end
8

Enable the user ports (Access Ports)

1 SW1#configure terminal
2 SW1(config)#interface range fa0/1 - 24
3 SW1(config-if-range)#switchport access vlan 99
4 SW1(config-if-range)#exit
5 SW1(config)#
6

Set the switch default gateway

1 SW1(config)#ip default-gateway 192.168.10.1
2 SW1(config)#exit
3

SSH configuration
1
2 SW1>enable
3 SW1#configure terminal
4 SW1(config)# ip domain-name lab.com
5 SW1(config)#crypto key generate rsa
6 How many bits in the modulus [512]: 1024
7 SW1(config)#ip ssh version 2
8 SW1(config)#line vty 0 15
9 SW1(config-line)#transport input ssh
10 SW1(config-line)#login local
11 SW1(config-line)#exit
12 SW1(config)#username admin secret ssh1234
13

Page 20 of 20