Most of the company uses Cisco switches and routers in their enterprise company for better network. It has capabilities to handle a large traffic through network and also provides reliable, reduntant and scalable network. As a network engineer you are daily task to install a new switches, create the customer required VLAN , System build DHCP, assign ports to VLAN and test the machines before going to the live Scenarios.
First thing you would want to know is that model of the switch as Cisco provides switches in many new L3 and L2 e.g. Cisco 2960, Cisco 3750,Cisco 4500. Althrough a Cisco Switch is more simple network device compared with other devices like firewall, routers.
- Configure Hostname for a Cisco Switch
Password are used to restrict physical access to switch. If you used normal password in switches than if has possibilities to crack those password using MD5 decryption and other techniques. Hence normally used service password encryption in Cisco switches and routers to protect access from other users. Cisco Switches supports console line for local login and VTY for the remote login.For example if you have secured VTYs line leaving console line unsecure, an intruder can take advantage of this situation in connecting with device. Once you are connected with device, all remaining authentication are same. No separate configuration is required for further modes.
- Set Password on a Catalyst Switch
Switch(config)#line console 0
Switch(config)#line vty 0 15
VTY is the virtual terminal for the access of telnet or SSH. Switch connect to telnet and SSH through the VTY lines. By default first five vty lines are enabled but if you want to secure more precisely than depending on the switch model VTY lines supports e.g 16 VTY lines for cisco switch 2960.
- Set username and password for Telnet and SSh
Switch(config)#username admin password Cisco123
Switch(config)#username admin secret Cisco123
Once you write service password encryption than every password is encrypted.
Create access list for only selected user to access Telnet
- Standard Access List
Switch(config)#ip access-list standred TELNET-ACCESS
- Extended Access List
Switch(config)#ip access-list extended TELNET-ACCESS
There are two types of Access list Standard access list and Extended access list. Standard ACL range from 1 to 99 and 1300 to 1999 similarly in Extended ACL range starts from 100 to 199 and 2000 to 2699. In Standard ACL traffic is send on the basic of source address and in Extended ACL traffic is send on the basic of both source and destination address and also on the bases of protocols TCP and UDP and port number.
- VLAN Configuration
VLAN (Virtual local area network) is used to divide a large network in small segments. It is also used to control broadcast domain, broadcast form one VLAN is not propagated in another VLAN and keep the security between the VLANs.
- For verification of vlan
Switch(config)#do show vlan brief
- Configure IP Address to Switch
Switch(config)#int vlan 10
Switch(config-if)#ip address 10.0.0.1 255.255.255.0
Switch(config-if)# no shut
Switch(config)# ip default-gateway 172.25.15.10
It is important that you run and check carefully the output of the following commands.
Switch(config)#do show ip interface brief
Switch(config)#do show version
Switch(config)#do show running-config