Introduction to Switches and Virtual LANS

Lab. 6
Introduction to switches
Learning Objectives:




To learn basic Cisco switch operation.
To learn basic switch configuration commands.
To learn about Virtual LANs and VLAN configuration.
Verify and test switch configurations using show commands.
Introduction
Switches are dedicated, specialized computers that contain a central processing unit (CPU),
random access memory (RAM), and an operating system. Switches usually have several
ports that hosts can connect to, as well as specialized ports for the purpose of management.
Switches examine the source address of frames that are received on the ports to learn the
MAC address of PCs or workstations that are connected to it. These learned MAC addresses
are then recorded in a MAC address table. Frames that have a destination MAC address that
has been recorded in the table can be switched out to the correct interface.
Once the power cable is connected, (POST) starts. When any port is connected, the port
status LEDs turn amber for about 30 seconds as the switch discovers the network topology
and searches for loops. If the Port Status LEDs turn green, the switch has established a link
between the port and a target, such as a computer. If the Port Status LEDs turn off, the
switch has determined that nothing is plugged into the port.
Starting the HyperTerminal from computer to switch is the same as the route. The flash
directory by default has a file that contains the IOS image, a file called env_vars, and a subdirectory called html. After the switch is configured, the flash directory will contain a file called
config.text as well as a VLAN database.
In the default state, the switch has one broadcast domain. The switch ports or interfaces are
set to auto mode “auto-speed and auto-duplex allows the interfaces to negotiate these
settings“and all switch ports are in VLAN 1 known as the default management VLAN.
Network administrators can manually configure the interface speed and duplex values if
necessary. For small networks, the default configuration may be sufficient. A switch may be
given an IP address for management purposes using Telnet or GUI. A switch should be also
assigned a default gateway if management is to be performed outside the LAN. The IP
address is configured on the virtual interface, VLAN 1. By default, the switch has no IP
address.
The switch or group of switches might be configured to be divided to different broadcast
domains that can’t be connected without a router as this would violate the integrity of the
VLAN broadcast domain; this improves the overall performance of the network and achieve
security. The primary benefit of VLANs is that they permit the network administrator to
organize the LAN logically instead of physically. Each VLAN has its own MAC address table.
This includes the ability to add workstations to the LAN, control network traffic, and improve
security.
The following steps are needed to erase old switch configuration:
1. Delete vlan information by deleting the old
VLAN database file called vlan.dat from the
flash.
2. Erase startup-config
3. Reload the switch.
Some network devices can provide a web-based interface for configuration and management
purposes. Once a switch is configured with an IP address and gateway, it can be accessed in
this way. The switch can be managed by a browser based graphical user interface (GUI). A
web browser can access this service using the IP address and port 80, the default port for
http. The HTTP service can be turned on or off, and the port address for the service can be
chosen. “Enable secret or password should also be configured”
The show mac-address-table command can be entered in the Privileged EXEC mode to
examine the addresses that a switch has learned. Machines may have been moved to
another port on the same switch or a different switch. This can cause confusion when frames
are forwarded. For all these reasons, if no frames are seen with a previously learned
address, the MAC address entry is automatically discarded or aged out after 300 seconds.
Rather than wait for a dynamic entry to age out, network administrators can use the clear
mac-address-table command in Privileged EXEC mode.
Network security is an important responsibility for network administrators. Access layer switch
ports are accessible through the structured cabling at wall outlets. Anyone can plug in a PC
or laptop into one of these outlets. This is a potential entry point to the network by
unauthorized users. Switches provide a feature called port security. It is possible to limit the
number of addresses that can be learned on an interface. The switch can be configured to
take an action if this is exceeded. Secure MAC addresses can be configured statically.
However, it is a complex task to configure secure MAC addresses statically, and is usually
prone to error. The number of MAC addresses per port can be limited to 1. The first address
dynamically learned by the switch becomes the secure address.
802.1Q is a frame tagging method used to tag packets leaving a specific VLAN. Static VLANs
ports are ports on a switch that are manually assigned to a VLAN. These ports maintain their
assigned VLAN configuration until they are changed manually. Use the show Vlan brief
commands to verify VLAN configuration.
Static VLANs are ports on a switch that are manually assigned to a VLAN. To configure
VLANs on Cisco 2900 series switches, specific guidelines must be observed:


The maximum number of VLANs is switch dependent.
One of the factory-default VLANs is default Ethernet VLAN, VLAN 1.
Procedure:
Part 1, Basic switch configuration.
For all configuration steps below, refer to the commands in the introduction above
whenever needed.
1.
Connect two Pc's to the switch as follows :
2.
Enter the switch privileged mode and examine
the configuration using the following
commands.
Switch# show interface VLAN 1
a. Is there an IP address set on the switch?
Switch# show version
b. What is the IOS version that the switch is running?
c. What is the system image file name?
3.
Examine the default properties of any Fast Ethernet interface. (Example Fa 0/4):
Switch# show interface fastethernet 0/4
a. Is the interface up or down? Comments?
4.
Examine the default VLAN settings of the Switch
Switch>show vlan
a. What is the name of VLAN 1?
b. Which ports are in this VLAN?
5.
Issue one of the following to examine the contents of the flash directory
Switch# dir flash:
or
Switch# show flash
a. Name the files and directories found?
6.
Set the enable password to cisco and the enable secret password to class as you configure on
routers.
7.
Configure layer 3 management access to the switch, by setting the IP address of the switch to
internal virtual interface VLAN 1 172.30.1.2 with a subnet mask of 255.255.0.0 and the
default gateway to be 172.30.0.20 , Enable VLAN1 using the no shutdown command
8.
Configure Laptops to be on the same network of the Vlan if not configured.
9.
Verify connectivity between the host laptop and the switch using ping.
10. Prepare the switch to be accessed GUI by the Explorer by turning the HTTP service.
11. Record the MAC addresses of the laptops using the ipconfig/all command
12. Determine if the switch has learned the MAC address
ALSwitch#show mac-address-table
a. Do the MAC addresses match the host MAC addresses?
Comments?
13. Practice password recovery procedure on a Catalyst 2950 Series Switch
a) Save your configuration.Turn the switch off. Turn it back on while holding down
the “MODE” button on the front of the switch at the same time that the switch is
powered on. Release the “MODE” button after the STAT LED goes out.
b) To initialize the file system and finish loading the operating system enter the
following commands:
i. flash_init
ii. load_helper
iii. dir flash:
c) Type (rename flash:config.text flash:config.old ) to rename the configuration file
, this file contains the password definition.
d) Restart the system
e) Type rename flash:config.old flash:config.text to rename the configuration file
with its original name at the Privileged EXEC mode prompt.
f) Copy the configuration file into memory as follows:
Switch#copy flash:config.text system:running-config
Source filename [config.text]?[enter]
Destination filename [running-config][enter]
a)
The configuration file is now reloaded. Change the old unknown passwords and
save again.
Part (2), Basic VLAN Configuration
1.
Display the VLAN interface information
Switch_A# show vlan brief
a.
2.
Which ports belong to the default VLAN?
Create and name two VLANs
Switch_A#vlan database
Switch_A(vlan)#vlan 2 name VLAN2
Switch_A(vlan)#vlan 3 name VLAN3
Switch_A(vlan)#exit
a. Type the command Switch#show vlan brief
b. Are there new VLANs in the listing?
3.
Assign ports 4,5,6 to VLAN 2 as follows
Switch_A#configure terminal
Switch_A(config)#interface fastethernet 0/4
Switch_A(config-if)#switchport mode access
Switch_A(config-if)#switchport access vlan 2
a. Complete for interfaces 5,6 in the same way
4.
5.
Assign ports 7, 8, and 9 to VLAN 3 using the same commands above.
Display the VLAN interface information using the show vlan brief command
Switch_A# show vlan brief
a. Are ports 7 through 9 assigned to VLAN 3?
6.
Move two hosts (PC's) between different VLANS interfaces, try to ping one PC from the
other, Ping two pc's while on the same VLAN. What are the results?
7.
Delete an interface from a VLAN
Switch_A#configure terminal
Switch_A(config)#interface fastethernet 0/4
Switch_A(config-if)#no switchport access vlan 2
a. Switch_A#show vlan brief
b. Is port 0/4 removed from VLAN 2?
8.
Delete VLAN 3
Switch_A#vlan database
Switch_A(vlan)#no vlan 3
``Deleting VLAN 3
Switch_A(vlan)#exit
a. Switch_A#show vlan brief
b. Is VLAN 3 removed?
9. Try to Delete VLAN 1 in the same previous way, what is the result?
10. Erase switch configuration and vlan database as explained in the introduction.