© 2006 Cisco Systems, Inc. All rights reserved. ICND v Configuring Catalyst Switch Operations Configuring a Catalyst Switch

© 2006 Cisco Systems, Inc. All rights reserved. ICND v Outline Overview Catalyst Switch Default Configuration Verification Catalyst Switch IP Address and Default Gateway Configuration Duplexing and Speed Duplex Interface Configuration MAC Address Table Management Port Security Configuration Adds, Moves, and Changes for Access Layer Catalyst Switches Catalyst Switch Configuration File Management Summary

© 2006 Cisco Systems, Inc. All rights reserved. ICND v IP address: CDP: enabled 100BaseT port: autonegotiate duplex mode Spanning tree: enabled Console password: none Catalyst 2950 Series Default Configuration

© 2006 Cisco Systems, Inc. All rights reserved. ICND v wg_sw_2950#show run Building configuration... Current configuration: ! interface FastEthernet0/1 ! interface FastEthernet0/2 wg_sw_2950#show spanning-tree detail Port 11 (FastEthernet0/11) of VLAN0001 is forwarding Port path cost 19, Port priority 128, Port Identifier Designated root has priority 1, address fc.a840 Designated bridge has priority 1, address fc.a840 Designated port id is , designated path cost 0 Timers: message age 2, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 5, received wg_sw_2950#show vlan VLAN Name Status Ports default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24 Port Names on Catalyst 2950 Series Switches

© 2006 Cisco Systems, Inc. All rights reserved. ICND v wg_sw_2950(config)#interface vlan 1 wg_sw_2950(config-if)#ip address wg_sw_2950(config-if)#ip address {ip_address} {mask} Configures an IP address and subnet mask for the switch VLAN1 interface Catalyst 2950 Series Configuring the Switch IP Address

© 2006 Cisco Systems, Inc. All rights reserved. ICND v wg_sw_a(config)# ip default-gateway {ip address} Configures the switch default gateway for the Catalyst 2950 series switches wg_sw_a(config)#ip default-gateway Configuring the Switch Default Gateway

© 2006 Cisco Systems, Inc. All rights reserved. ICND v Catalyst 2950 Series wg_sw_2950#show interfaces vlan 1 Vlan1 is up, line protocol is up Hardware is CPU Interface, address is 0008.a445.9b40 (bia 0008.a445.9b40) Internet address is /24... wg_sw_2950# Showing the Switch IP Address

© 2006 Cisco Systems, Inc. All rights reserved. ICND v Half Duplex (CSMA/CD) Unidirectional data flow Higher potential for collision Hub connectivity Full Duplex Point-to-point only Attached to dedicated switched port Requires full-duplex support on both ends Collision-free Collision detect circuit disabled Duplex Overview

© 2006 Cisco Systems, Inc. All rights reserved. ICND v Catalyst 2950 Series wg_sw_2950(config)#interface fa0/1 wg_sw_2950(config-if)#duplex {auto | full | half} Setting Duplex Options

© 2006 Cisco Systems, Inc. All rights reserved. ICND v Switch#show interfaces fastethernet0/2 FastEthernet0/2 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 0008.a445.9b42 (bia 0008.a445.9b42) MTU 1500 bytes, BW Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Half-duplex, 10Mb/s input flow-control is unsupported output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:57, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec packets input, bytes, 0 no buffer Received broadcasts (0 multicast) 1 runts, 0 giants, 0 throttles 1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, multicast, 0 pause input 0 input packets with dribble condition detected packets output, bytes, 0 underruns 0 output errors, 2 collisions, 6 interface resets 0 babbles, 0 late collision, 29 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out Showing Duplex Options

© 2006 Cisco Systems, Inc. All rights reserved. ICND v Catalyst 2950 Series wg_sw_2950#show mac-address-table Mac Address Table Vlan Mac Address Type Ports All 0008.a445.9b40 STATIC CPU All ccc.cccc STATIC CPU All ccc.cccd STATIC CPU All cdd.dddd STATIC CPU e3e DYNAMIC Fa0/2 Total Mac Addresses for this criterion: 5 wg_sw_2950# Managing the MAC Address Table

© 2006 Cisco Systems, Inc. All rights reserved. ICND v wg_sw_2950(config)#mac-address-table static mac-addr vlan vlan-id interface interface-id Catalyst 2950 Series wg_sw_2950(config)# mac-address-table static ab vlan 1 interface fastethernet0/2 Setting a Static MAC Address

© 2006 Cisco Systems, Inc. All rights reserved. ICND v Catalyst 2950 Series wg_sw_2950(config-if)#switchport port-security [mac-address mac-address] | [maximum value] | [violation {protect |restrict | shutdown}] wg_sw_2950(config)#interface fa0/1 wg_sw_2950(config-if)#switchport mode access wg_sw_2950(config-if)#switchport port-security wg_sw_2950(config-if)#switchport port-security maximum 1 wg_sw_2950(config-if)#switchport port-security mac-address 0008.eeee.eeee wg_sw_2950(config-if)#switchport port-security violation shutdown Configuring Port Security

© 2006 Cisco Systems, Inc. All rights reserved. ICND v wg_sw_2950#show port-security [interface interface-id] [address] [ | {begin | exclude | include} expression] wg_sw_2950#show port-security interface fastethernet 0/5 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 20 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address : Security Violation Count : 0 Verifying Port Security on the Catalyst 2950 Series

© 2006 Cisco Systems, Inc. All rights reserved. ICND v wg_sw_2950#sh port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) Fa0/ Shutdown Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 1024 wg_sw_2950#sh port-security address Secure Mac Address Table Vlan Mac Address Type Ports Remaining Age (mins) dddd.eeee SecureConfigured Fa0/ Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 1024 Verifying Port Security on the Catalyst 2950 Series (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. ICND v Executing Adds, Moves, and Changes for MAC Addresses Adding a MAC Address 1. Configure port security. 2. Configure the MAC address. Changing a MAC Address 1. Remove MAC address restrictions. Moving a MAC Address 1. Add the address to a new port. 2. Configure port security on the new switch. 3. Configure the MAC address to the port allocated for the new user. 4. Remove the old port configuration.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v Adding a New Switch to the Network 1. Determine the IP address for management purposes. 2. Configure administrative access for the console, auxiliary, and vty interfaces. 3. Configure security for the device. 4. Configure the access switch ports as necessary.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v wg_sw_2950#copy nvram:startup-config tftp:[[[//location]/directory]/filename] Catalyst 2950 Series wg_sw_2950# copy nvram:startup-config tftp:// /wg_sw_a.cfg Address or name of remote host [ ]? Destination filename [wg_sw_a.cfg]? !! 1189 bytes copied in secs (17485 bytes/sec) wg_sw_2950# Uploads the system running configuration to a TFTP server wg_sw_2950#copy system:running-config tftp:[[[//location]/directory]/filename] Uploads the startup configuration in NVRAM to a TFTP server Managing the Configuration File

© 2006 Cisco Systems, Inc. All rights reserved. ICND v Resets the system configuration to factory defaults wg_sw_2950#erase nvram: -or- wg_sw_2950#erase startup-config Catalyst 2950 Series wg_sw_2950#erase nvram: Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete wg_sw_2950# Clearing NVRAM

© 2006 Cisco Systems, Inc. All rights reserved. ICND v Summary A Catalyst switch comes with factory default settings that can be displayed with the show command. The ip address command is used to configure an IP address and subnet mask on a switch. The ip default-gateway command is used to configure a default gateway. The duplex command is used to configure switch duplex options. MAC address tables include dynamic and static addresses. The switchport port-security mac-address command is used to set static MAC addresses.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v Summary (Cont.) The port security feature can be used to restrict input to an interface by limiting and identifying MAC addresses of the stations that are allowed to access the port. As network endpoint topology changes because of added, moved, and changed devices and interfaces, the switch configuration may need to be modified. The copy command can be used to copy a configuration from or to a file server. The erase nvram: command resets the switch configuration to the factory default settings.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v