5 Perform and verify initial switch configuration tasks, including remote access management

85711.book Page 89 Thursday, September 27, 2007 10:35 AM



2.5 Perform and verify initial switch configuration tasks, including remote access



89



You can learn all about the Cisco family of Catalyst switches at

www.cisco.com/en/US/products/hw/switches/index.html.



Catalyst Switch Configuration

Figure 2.15 shows the switched network I’ll be working on to show you Cisco’s Catalyst

switch configuraitons.

FIGURE 2.15

Clients



2960

S1



Our switched network



Phone A



Phone A



3550



3560



Core



Clients



S2



IVR



I’m going to use a new 3560, a 2960, and a 3550 switch. But before we actually get into

configuring one of the Catalyst switches, I’ve got to fill you in regarding the bootup process

of these switches. Figure 2.16 shows the detail of a typical Cisco Catalyst switch, and I need

to tell you about the different interfaces and features of this product.

FIGURE 2.16



A Cisco Catalyst switch



System LED



PoE



The first thing I want you to know is that the console port for the Catalyst switches are typically located on the back of the switch. But on a smaller switch, like the 3560 shown in the

figure, the console is right in the front to make it easier to use. (The eight-port 2960 looks



85711.book Page 90 Thursday, September 27, 2007 10:35 AM



90



Chapter 2



Configure, verify, and troubleshoot a switch with VLANs



exactly the same.) If the POST completes successfully, the system LED turns green; if the POST

fails, it will turn amber. And seeing the amber glow is a very bad thing—typically fatal. So, you

may just want to keep a spare switch around—especially in case it happens to be a production

switch that’s croaked! The bottom button is used to show you which lights are providing

Power over Ethernet (PoE). You can see this by pressing the Mode button. The PoE is a very

nice feature of these switches. It allows me to power my access point and phone by just connecting them into the switch with an Ethernet cable! Sweet.

After a switch boots up, you can use the Express Setup HTTP screen. Figure 2.17 shows the

screen you’ll get when you connect to a new switch and use 10.0.0.1 in the HTTP field of your

browser. Oh, and obviously your host needs to be in the same subnet.

FIGURE 2.17



Express Setup HTTP screen



The screen shows us that we can set some basic functions. To me, it’s easier to configure

the information from the CLI, which I’ll show you next, but this is actually just one of your

options. You can configure the IP address, mask, and default gateway of the switch, plus the

passwords. You can also configure the management VLAN, but I’m going to hold off on that

for now and show you how to do that in the next chapter. Moving on, optionally, you can configure the hostname, system contact, and location and set up Telnet access. And last, the

Express Setup HTTP screen provides you with some simple help on setting the switch up with

SNMP so that your Network Management System (NMS) can find it.

Now if we connect our switches to each other, as shown in Figure 2.15, remember that first

we’ll need a crossover cable between the switches. My 2960 and 3560 switches autodetect the

connection type, so I was able to use straight-through cables. But a 2950 or 3550 switch won’t

auto-detect the cable type. Different switches have different needs and abilities, so just keep

this in mind when connecting your various switches together.

When you first connect the switch ports to each other, the link lights are amber and then

turn green indicating normal operation. This is spanning-tree converging, and as you already

know, this process takes around 50 seconds with no extensions enabled. But if you connect

into a switch port and the switch port LED is alternating green and amber, this means the port

is experiencing errors. If this happens, check the host NIC or the cabling.



85711.book Page 91 Thursday, September 27, 2007 10:35 AM



2.5 Perform and verify initial switch configuration tasks, including remote access



91



Okay—let’s start our configuration by connecting into a switch and setting the administrative

functions. We’ll also assign an IP address to theswitch, but this isn’t really necessary to make our

network function. The only reason we’re going to do that is so we can manage/administer it.

Let’s use a simple IP scheme like 192.168.10.16/28. This mask should be familiar to you!

Check out the following output:

Switch>en

Switch#config t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname S1

S1(config)#enable secret todd

S1(config)#int f0/1

S1(config-if)#description 1st Connection to Core Switch

S1(config-if)#int f0/2

S1(config-if)#description 2nd Connection to Core Switch

S1(config-if)#int f0/3

S1(config-if)#description Connection to HostA

S1(config-if)#int f0/4

S1(config-if)#description Connection to PhoneA

S1(config-if)#int f0/8

S1(config-if)#description Connection to IVR

S1(config-if)#line console 0

S1(config-line)#password console

S1(config-line)#login

S1(config-line)#exit

S1(config)#line vty 0 ?

<1-15> Last Line number



S1(config)#line vty 0 15

S1(config-line)#password telnet

S1(config-line)#login

S1(config-line)#int vlan 1

S1(config-if)#ip address 192.168.10.17 255.255.255.240

S1(config-if)#no shut

S1(config-if)#exit

S1(config)#banner motd # This is the S1 switch #

S1(config)#exit

S1(config)#ip default-gateway 192.168.10.30

S1#copy run start

Destination filename [startup-config]? [enter]

Building configuration...

[OK]

S1#



85711.book Page 92 Thursday, September 27, 2007 10:35 AM



92



Chapter 2



Configure, verify, and troubleshoot a switch with VLANs



The first thing to notice about this is that there’s no IP address configured on the switch’s

interfaces. Since all ports on a switch are enabled by default, there’s not so much to configure.

The IP address is configured under a logical interface, called a management domain or VLAN.

You would typically use the default VLAN 1 to manage a switched network just as we’re

doing here.

The rest of the configuration is basically the same as the process you go through for router

configuration. Remember, no IP addresses on switch interfaces, no routing protocols, and so

on. We’re performing layer 2 switching at this point, not routing! Also, note that there is no

aux port on Cisco switches.



Exam Objectives

Remember how to set an IP address on a switch. To configure an IP address on a switch, an

address is never configured on a switch port, but rather what is called the management VLAN.

By default this is VLAN 1. Here is an example on how to set an IP address on a switch using

the default VLAN:

Switch(config-line)#int vlan 1

Switch(config-if)#ip address 192.168.10.17 255.255.255.240

Switch(config-if)#no shut



Remember how to configure a switch for remote management. To allow hosts from outside the management VLAN to access the switch for administrative purposes you need to set

a default gateway on the switch. Here is how you would do that:

Switch(config)#ip default-gateway 192.168.10.30



2.6 Verify network status and switch

operation using basic utilities (including:

ping, traceroute, Telnet, SSH, arp,

ipconfig), SHOW & DEBUG commands

Before we move on to determining IP address problems and how to fix them, I just want to

mention some basic DOS commands that you can use to help troubleshoot your network from

both a PC and a Cisco router (the commands might do the same thing, but they are implemented differently).

Packet InterNet Groper (ping)

Uses ICMP echo request and replies to test if a node

IP stack is initialized and alive on the network.



85711.book Page 93 Thursday, September 27, 2007 10:35 AM



2.6 Verify network status and switch operation using basic utilities



93



traceroute Displays the list of routers on a path to a network destination by using TTL

time-outs and ICMP error messages. This command will not work from a DOS prompt.

tracert Same command as traceroute, but it’s a Microsoft Windows command and will

not work on a Cisco router.

arp -a



Displays IP-to-MAC-address mappings on a Windows PC.



show ip arp

Same command as arp -a, but displays the ARP table on a Cisco router.

Like the commands traceroute and tracert, they are not interchangeable through DOS

and Cisco.

ipconfig /all



Used only from a DOS prompt, shows you the PC network configuration.



Once you’ve gone through all these steps and used the appropriate DOS commands, if

necessary, what do you do if you find a problem? How do you go about fixing an IP address

configuration error? Let’s move on and discuss how to determine the IP address problems

and how to fix them.



Checking Network Connectivity

You can use the ping and traceroute commands to test connectivity to remote devices, and

both of them can be used with many protocols, not just IP.



Using the Ping Command

So far, you’ve seen many examples of pinging devices to test IP connectivity and name resolution using the DNS server. To see all the different protocols that you can use with ping, use

the ping ? command like this:

Todd2509#ping ?

WORD

Ping destination address or hostname

apollo

Apollo echo

appletalk Appletalk echo

clns

CLNS echo

decnet

DECnet echo

ip

IP echo

ipx

Novell/IPX echo

srb

srb echo

tag

Tag encapsulated IP echo

vines

Vines echo

xns

XNS echo