Basic Switch Configuration

Most of the company uses Cisco switches and routers in their enterprise company for better network. It has capabilities to handle a large traffic through network and also provides reliable, reduntant and scalable network. As a network engineer you are daily task to install a new switches, create the customer required VLAN , System build DHCP, assign ports to VLAN and test the machines before going to the live Scenarios.

First thing you would want to know is that model of the switch as Cisco provides switches in many new L3 and L2 e.g. Cisco 2960, Cisco 3750,Cisco 4500. Althrough a Cisco Switch is more simple network device compared with other devices like firewall, routers.

  • Configure Hostname for a Cisco Switch

Switch>enable

Switch#configure terminal

Switch(config)#Hostname CAT1

Switch(config)#exit

Password are used to restrict physical access to switch. If you used normal password in switches than if has possibilities to crack those password using MD5 decryption and other techniques. Hence normally used service password encryption in Cisco switches and routers to protect access from other users. Cisco Switches supports  console line for local login and VTY for the remote login.For example if you have secured VTYs line leaving console line unsecure, an intruder can take advantage of this situation in connecting with device. Once you are connected with device, all remaining authentication are same. No separate configuration is required for further modes.

  • Set Password on a Catalyst Switch

Switch>enable

Switch#configure terminal

Switch(config)#line console 0

Switch(config-line)#password Cisco

Switch(config)#exit

Switch(config)#line vty 0 15

Switch(config-line)#password Cisco123

Switch(config-line)#login

Switch(config)#exit

VTY is the virtual terminal for the access of telnet or SSH. Switch connect to telnet and SSH through the VTY lines. By default first five vty lines are enabled but if you want to secure more precisely than depending on the switch model VTY lines supports e.g 16 VTY lines for cisco switch 2960.

  • Set username and password for Telnet and SSh

Switch(config)#username admin password Cisco123

Or

Switch(config)#username admin secret Cisco123

Once you write service password  encryption than every password is encrypted.

Create access list for only selected user to access Telnet

  • Standard Access List

Switch(config)#ip access-list standred TELNET-ACCESS

Switch(config-std-nacl)#permit 10.0.0.100

Switch(config-std-nacl)#permit 20.0.0.200

Switch(config)#exit

  • Extended Access List

Switch(config)#ip access-list extended TELNET-ACCESS

Switch(config-ext-nacl)#permit 10.0.0.100

Switch(config-ext-nacl)#permit 20.0.0.200

Switch(config)#exit

There are two types of Access list Standard access list and Extended access list. Standard ACL range from 1 to 99 and 1300 to 1999 similarly in Extended ACL range starts from 100 to 199 and 2000 to 2699. In Standard ACL traffic is send on the basic of source address and in Extended ACL traffic is send on the basic of  both source and destination address and also on the bases of protocols TCP and UDP and  port number.

  • VLAN Configuration

VLAN (Virtual local area network) is used to divide a large network in small segments. It is also used to control broadcast domain, broadcast form one VLAN is not propagated in another VLAN and keep the security between the VLANs.

Switch(config)#vlan 10

Switch(config-if)#name IT_DEPT

Switch(config)#exit

Or

Switch(config)#vlan 20,30,40

Switch(config-if)#name HR

Switch(config)#exit

  • For verification of  vlan

Switch(config)#do show vlan brief

  • Configure IP Address to Switch

Switch(config)#int vlan 10

Switch(config-if)#ip address 10.0.0.1 255.255.255.0

Switch(config-if)# no shut

Switch(config)#exit

Switch(config)# ip default-gateway 172.25.15.10

It is important that you run and  check carefully the output of the following commands.

For verification

Switch(config)#do show ip interface brief

Switch(config)#do show version

Switch(config)#do show running-config

 

,

Leave a Reply

Your email address will not be published. Required fields are marked *