Professional Documents
Culture Documents
Mettu University: Faculty of Engineering and Technology
Mettu University: Faculty of Engineering and Technology
1 Learning Objectives
• Upon completion of this lab, you will be able to:
• You can connect the first computer to the switch by using two cables:
1. The first is by using a straight-through cable for a normal network connection (to communicate
with other connected computers or other devices on the network).
2. the second is by using a console (roll-over, which is depicted by blue line on the emulator)
cable to configure the switch.
• The second computer connected to the switch via a straight-through cable, at port number 1.
Page 2 of 20
3 Task 2: Clearing an existing configuration and Reloading the switch
As your first lab in this course it is necessary to start with an unconfigured switch. Using a switch
with an existing configuration may produce unpredictable results. These instructions show you how
to prepare the switch prior to starting the lab. These instructions are for the 2960 switch; however, the
procedure for the 2900 and 2950 switches is the same.
3.1 Step 1: Enter privileged EXEC mode by typing the enable command.
If prompted for a password, enter console. If that does not work, ask the instructor.
3.3 Step 3: Remove the switch startup configuration file from NVRAM.
If previous VLAN configuration information is still present (other than the default management VLAN
1), you must power-cycle the switch instead of issuing the reload command. To power-cycle the switch,
remove the power cord from the back of the switch or unplug it, and then plug it back.
Page 3 of 20
4 Task 3: Examine and verify the default configuration
4.1 Step 1: Enter privileged mode
You can access all the switch commands in privileged mode. However, because many of the privileged
commands configure operating parameters, privileged access should be password-protected to prevent
unauthorized use. The privileged EXEC command set includes those commands contained in user
EXEC mode, as well as the configure command through which access to the remaining command
modes are gained. Enter privileged EXEC mode by entering the enable command.
Notice that the prompt changed in the configuration to reflect privileged EXEC mode.
Page 4 of 20
4.3 Step 3: Display Cisco IOS information
Examine the following version information that the switch reports.
Page 5 of 20
4.7 Step 7: Examine the startup configuration file
To view the contents of the startup configuration file, issue the show startup-config command in
privileged EXEC mode.
Let’s make one configuration change to the switch and then save it. Type the following commands:
Page 6 of 20
Getting Help
• In any command mode, you can get a list of available commands by entering a question mark (?).
• To obtain a list of commands that begin with a particular character sequence, type in those
characters followed immediately by the question mark (?).
• To list keywords or arguments, enter a question mark in place of a keyword or argument. Include
a space before the question mark.
Command interpretation
When the switch interprets the commands entered, it compares the command to the possible commands
in that mode and if there is a single match with the characters given the switch executes the command.
An example might make it clear. Let’s say we want to move from unprivileged to privilege mode.
The command is enable.
The same thing can be done with every command. As long as there’s no other command sharing the
characters given, the switch will accept the command as the one it can translate to. The hostname can
therefore be set with the command:
Page 7 of 20
Basic switch names
The switch name is tool to let us see what device we are connected to. The prompt will display the
name of the switch so,
Switch>
tells us that we are connected to a switch named ’Switch’. The prompt also tells us another thing,
"where" in the different hierarchical modes of the switch we are, in this case we are in ’unprivileged
mode’. The switch has three basic modes, unprivileged, privilege (or enable) and configuration (global
configuration) mode. The prompts are, in the same order:
The configuration mode actually has a few sub-modes like interface configuration and line configuration
modes:
Some features, like the configuration VLAN, have their own sub-modes.
Notice how the move from line-configuration to privilege mode differs from the move from
interface-configuration to configuration mode? The command exit will move you down one step
while end will take you all the way back to privilege mode no matter where you start.
Page 8 of 20
5 Task 4: Create a Basic Switch Configuration
5.1 Step 1: Assign a name to the switch
The configuration mode is mainly used for configuration that will affect the "whole" switch (in
contrast to interface configuration mode that will only affect the specified interface or interfaces). To
change the name, move to configuration mode and execute the following command:
NB: whenever you made changes to the switch, make sure that you save your work, and you saved
your new configurations to the NVRAM (to the start up configuration).
Page 9 of 20
5.2 Step 2: Disabling DNS look-up
Apart from the command interpretation and shortening, the switch will interpret any unknown single
command in unprivileged or privileged mode as an attempt to make a telnet connection. This can
be quite annoying since a spelling error for enable (let’s say enalbe ) could turn into a waiting period
while the DNS times out the switch realizes that it can’t find an IP for ’ enalbe’. The lookup will be
done even if the switch don’t have an IP enable interface.
Depending on the software, the domain-lookup part might be split into two (domain lookup).
As we see in the command to disable DNS look-up the keyword ’no’ is used before the command. To
enable look-up, just issue the command without the no, i.e. ip domain-lookup. This is the standard
way to turn off function in Cisco IOS. For example if we want to enable an interface, we issue the no
shutdown command and if we want to disable it, we just issue shutdown. Now copy the running
configuration to the startup configuration, and then make sure that the changes are done by issuing
the show command
Page 10 of 20
To configure password using the secret keyword, use the following command:
Whenever a user tries to move from the unprivileged mode to the privilege mode, a prompt will appear
asking for the password as shown in below, and enter secret.
NB: If you configure password by using both the password and secret keywords, then the secret
password will get the priority.
Page 11 of 20
1
2 SW1 # configure terminal
3 - >({ enter to the global configuration mode )
4 SW1 ( config ) # line console 0
5 - >( enter to the line configuration mode )
6 SW1 ( config - line )# password console
7 - >( set the password for console access to ' console ')
8 SW1 ( config - line )# login
9 - >( tell the switch to prompt for password during login )
10 SW1 ( config - line )# end
11 - >( going the whole way back to the privileged mode )
12 SW1 # show running - config
13 - >( checking your configuration )
This will set the password ’con’ for the console line. Whenever someone connect to the port, they
will be prompted for this password. Now let’s check the effect of our configuration:
Page 12 of 20
6.3 Step 3: Accessing the switch from PC1 through the console interface:
Go to PC1 and click on it, click on the Desktop tab, click on terminal, then OK
Now we configured the switch to ask for password when someone tries to connect. What remains is,
assigning an IP address to the switch. Before you can manage SW1 remotely from PC1, you need to
assign the switch an IP address. The default configuration on the switch is to have the management
of the switch controlled through VLAN 1. However, a best practice for basic switch configuration is
to change the management VLAN to a VLAN other than VLAN 1. The implications and reasoning
behind this action are explained in the next chapters.
Page 13 of 20
Create VLAN Management
1 SW1#configure terminal
2 SW1(config)#vlan 99 (creating new VLAN, rather than using VLAN 1)
3 SW1(config-vlan)#name Management (naming the new VLAN)
4 SW1(config-vlan)#exit
5 SW1(config)#interface vlan 99
6 SW1(config-if)#ip address 192.168.10.10 255.255.255.0
7 SW1(config-if)#no shutdown (by default it is shut down, so open it)
8 SW1(config-if)#end
9 SW1#show running-config
10
Notice that the VLAN 99 interface is in the down state even though you entered the command no
shutdown. The interface is currently down because no switch ports are assigned to VLAN 99. Assign
all user ports to VLAN 99.
Default Gateway
1 SW1(config)#ip default-gateway 192.168.10.1
2 SW1(config)#exit
3
NB: Don’t forget to save your works whenever you make new changes to the switch configuration.
Page 14 of 20
6.7 Step 7: Configure the IP address and default gateway for PC1
Now we gave IP address to the switch, set password to secure access via network. What remains is,
setting an IP address on the computers, check the connectivity between the computers and the switch,
and finally access the switch from the PC2 via telnet.
First configure the two computers with the necessary as shown below.
• Assign IP address 192.168.10.20 to PC1 with default gateway 192.168.10.10 and subnet mask
255.255.255.0.
• Assign IP address 192.168.10.30 to PC2 with default gateway 192.168.10.10 and subnet mask
255.255.255.0.
Page 15 of 20
6.8 Step 8. Accessing the switch from PC2 using telnet :
Go to PC2, click on PC1 Icon Desktop Command Prompt , and ping the switch’s IP address we assigned
before (192.168.10.10) to check the connectivity between the two devices by using the following
command:
PC>ping 192.168.10.10
The figure above shows that the switch can be accessed from PC2, so what we need to do is use the
following command to access the switch via telnet (don’t forget the password is telnet as we configured
previously):
telnet 192.168.10.10
NB: The password we set on the switch to access it from remote location is telnet. And also as you
Page 16 of 20
type the password, the text will not going to be displayed on the area, so that just type your password
correctly and press enter. Additionally, passwords are case-sensitive, so that donâĂŹt forget to set the
caps-lock key accordingly.
SSH configuration
1 SW1>enable
2 SW1#configure terminal
3 SW1(config)# ip domain-name lab.com
4 SW1(config)#crypto key generate rsa
5 How many bits in the modulus [512]: 1024
6 SW1(config)#ip ssh version 2
7 SW1(config)#line vty 0 15
8 SW1(config-line)#transport input ssh
9 SW1(config-line)#login local
10 SW1(config-line)#exit
11 SW1(config)#username admin secret ssh1234
12
So what we need to do is use the following command to access the switch via ssh (don’t forget the
password is telnet as we configured previously):
Page 17 of 20
Page 18 of 20
8 Summary of the Configurations
Page 19 of 20
Configure Management Interface Address
1 SW1(config)#vlan 99
2 SW1(config-vlan)#name Management
3 SW1(config-vlan)#exit
4 SW1(config)#interface vlan 99
5 SW1(config-if)#ip address 192.168.10.10 255.255.255.0
6 SW1(config-if)#no shutdown
7 SW1(config-if)#end
8
SSH configuration
1
2 SW1>enable
3 SW1#configure terminal
4 SW1(config)# ip domain-name lab.com
5 SW1(config)#crypto key generate rsa
6 How many bits in the modulus [512]: 1024
7 SW1(config)#ip ssh version 2
8 SW1(config)#line vty 0 15
9 SW1(config-line)#transport input ssh
10 SW1(config-line)#login local
11 SW1(config-line)#exit
12 SW1(config)#username admin secret ssh1234
13
Page 20 of 20