Lab. 6 Introduction to switches Learning Objectives: To learn basic Cisco switch operation. To learn basic switch configuration commands. To learn about Virtual LANs and VLAN configuration. Verify and test switch configurations using show commands. Introduction Switches are dedicated, specialized computers that contain a central processing unit (CPU), random access memory (RAM), and an operating system. Switches usually have several ports that hosts can connect to, as well as specialized ports for the purpose of management. Switches examine the source address of frames that are received on the ports to learn the MAC address of PCs or workstations that are connected to it. These learned MAC addresses are then recorded in a MAC address table. Frames that have a destination MAC address that has been recorded in the table can be switched out to the correct interface. Once the power cable is connected, (POST) starts. When any port is connected, the port status LEDs turn amber for about 30 seconds as the switch discovers the network topology and searches for loops. If the Port Status LEDs turn green, the switch has established a link between the port and a target, such as a computer. If the Port Status LEDs turn off, the switch has determined that nothing is plugged into the port. Starting the HyperTerminal from computer to switch is the same as the route. The flash directory by default has a file that contains the IOS image, a file called env_vars, and a subdirectory called html. After the switch is configured, the flash directory will contain a file called config.text as well as a VLAN database. In the default state, the switch has one broadcast domain. The switch ports or interfaces are set to auto mode “auto-speed and auto-duplex allows the interfaces to negotiate these settings“and all switch ports are in VLAN 1 known as the default management VLAN. Network administrators can manually configure the interface speed and duplex values if necessary. For small networks, the default configuration may be sufficient. A switch may be given an IP address for management purposes using Telnet or GUI. A switch should be also assigned a default gateway if management is to be performed outside the LAN. The IP address is configured on the virtual interface, VLAN 1. By default, the switch has no IP address. The switch or group of switches might be configured to be divided to different broadcast domains that can’t be connected without a router as this would violate the integrity of the VLAN broadcast domain; this improves the overall performance of the network and achieve security. The primary benefit of VLANs is that they permit the network administrator to organize the LAN logically instead of physically. Each VLAN has its own MAC address table. This includes the ability to add workstations to the LAN, control network traffic, and improve security. The following steps are needed to erase old switch configuration: 1. Delete vlan information by deleting the old VLAN database file called vlan.dat from the flash. 2. Erase startup-config 3. Reload the switch. Some network devices can provide a web-based interface for configuration and management purposes. Once a switch is configured with an IP address and gateway, it can be accessed in this way. The switch can be managed by a browser based graphical user interface (GUI). A web browser can access this service using the IP address and port 80, the default port for http. The HTTP service can be turned on or off, and the port address for the service can be chosen. “Enable secret or password should also be configured” The show mac-address-table command can be entered in the Privileged EXEC mode to examine the addresses that a switch has learned. Machines may have been moved to another port on the same switch or a different switch. This can cause confusion when frames are forwarded. For all these reasons, if no frames are seen with a previously learned address, the MAC address entry is automatically discarded or aged out after 300 seconds. Rather than wait for a dynamic entry to age out, network administrators can use the clear mac-address-table command in Privileged EXEC mode. Network security is an important responsibility for network administrators. Access layer switch ports are accessible through the structured cabling at wall outlets. Anyone can plug in a PC or laptop into one of these outlets. This is a potential entry point to the network by unauthorized users. Switches provide a feature called port security. It is possible to limit the number of addresses that can be learned on an interface. The switch can be configured to take an action if this is exceeded. Secure MAC addresses can be configured statically. However, it is a complex task to configure secure MAC addresses statically, and is usually prone to error. The number of MAC addresses per port can be limited to 1. The first address dynamically learned by the switch becomes the secure address. 802.1Q is a frame tagging method used to tag packets leaving a specific VLAN. Static VLANs ports are ports on a switch that are manually assigned to a VLAN. These ports maintain their assigned VLAN configuration until they are changed manually. Use the show Vlan brief commands to verify VLAN configuration. Static VLANs are ports on a switch that are manually assigned to a VLAN. To configure VLANs on Cisco 2900 series switches, specific guidelines must be observed: The maximum number of VLANs is switch dependent. One of the factory-default VLANs is default Ethernet VLAN, VLAN 1. Procedure: Part 1, Basic switch configuration. For all configuration steps below, refer to the commands in the introduction above whenever needed. 1. Connect two Pc's to the switch as follows : 2. Enter the switch privileged mode and examine the configuration using the following commands. Switch# show interface VLAN 1 a. Is there an IP address set on the switch? Switch# show version b. What is the IOS version that the switch is running? c. What is the system image file name? 3. Examine the default properties of any Fast Ethernet interface. (Example Fa 0/4): Switch# show interface fastethernet 0/4 a. Is the interface up or down? Comments? 4. Examine the default VLAN settings of the Switch Switch>show vlan a. What is the name of VLAN 1? b. Which ports are in this VLAN? 5. Issue one of the following to examine the contents of the flash directory Switch# dir flash: or Switch# show flash a. Name the files and directories found? 6. Set the enable password to cisco and the enable secret password to class as you configure on routers. 7. Configure layer 3 management access to the switch, by setting the IP address of the switch to internal virtual interface VLAN 1 172.30.1.2 with a subnet mask of 255.255.0.0 and the default gateway to be 172.30.0.20 , Enable VLAN1 using the no shutdown command 8. Configure Laptops to be on the same network of the Vlan if not configured. 9. Verify connectivity between the host laptop and the switch using ping. 10. Prepare the switch to be accessed GUI by the Explorer by turning the HTTP service. 11. Record the MAC addresses of the laptops using the ipconfig/all command 12. Determine if the switch has learned the MAC address ALSwitch#show mac-address-table a. Do the MAC addresses match the host MAC addresses? Comments? 13. Practice password recovery procedure on a Catalyst 2950 Series Switch a) Save your configuration.Turn the switch off. Turn it back on while holding down the “MODE” button on the front of the switch at the same time that the switch is powered on. Release the “MODE” button after the STAT LED goes out. b) To initialize the file system and finish loading the operating system enter the following commands: i. flash_init ii. load_helper iii. dir flash: c) Type (rename flash:config.text flash:config.old ) to rename the configuration file , this file contains the password definition. d) Restart the system e) Type rename flash:config.old flash:config.text to rename the configuration file with its original name at the Privileged EXEC mode prompt. f) Copy the configuration file into memory as follows: Switch#copy flash:config.text system:running-config Source filename [config.text]?[enter] Destination filename [running-config][enter] a) The configuration file is now reloaded. Change the old unknown passwords and save again. Part (2), Basic VLAN Configuration 1. Display the VLAN interface information Switch_A# show vlan brief a. 2. Which ports belong to the default VLAN? Create and name two VLANs Switch_A#vlan database Switch_A(vlan)#vlan 2 name VLAN2 Switch_A(vlan)#vlan 3 name VLAN3 Switch_A(vlan)#exit a. Type the command Switch#show vlan brief b. Are there new VLANs in the listing? 3. Assign ports 4,5,6 to VLAN 2 as follows Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/4 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 2 a. Complete for interfaces 5,6 in the same way 4. 5. Assign ports 7, 8, and 9 to VLAN 3 using the same commands above. Display the VLAN interface information using the show vlan brief command Switch_A# show vlan brief a. Are ports 7 through 9 assigned to VLAN 3? 6. Move two hosts (PC's) between different VLANS interfaces, try to ping one PC from the other, Ping two pc's while on the same VLAN. What are the results? 7. Delete an interface from a VLAN Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/4 Switch_A(config-if)#no switchport access vlan 2 a. Switch_A#show vlan brief b. Is port 0/4 removed from VLAN 2? 8. Delete VLAN 3 Switch_A#vlan database Switch_A(vlan)#no vlan 3 ``Deleting VLAN 3 Switch_A(vlan)#exit a. Switch_A#show vlan brief b. Is VLAN 3 removed? 9. Try to Delete VLAN 1 in the same previous way, what is the result? 10. Erase switch configuration and vlan database as explained in the introduction.
© Copyright 2024