Basic Switch Management v1.21 – Aaron Balchunas
* * *
All original material copyright © 2007 by Aaron Balchunas (aaron@routeralley.com),
unless otherwise noted. All other material copyright © of their respective owners.
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright. Updated material may be found at http://www.routeralley.com.
1
- Basic Switch Management -
Catalyst Operating Systems
Catalyst switches, depending on the model, support one of two possible
operating systems:
• Catalyst OS (CatOS)
• IOS
The CatOS is an antiquated interface based on “set” commands. Retired
Catalyst models such as the 40xx and 50xx series supported the CatOS
interface.
Modern Catalyst switches support the Cisco IOS, enhanced with switchingspecific
commands. Catalyst models that support the Cisco IOS include:
• 29xx series
• 35xx series
• 37xx series
• 45xx series
• 49xx series
• 65xx series
The Cisco IOS interface on Catalyst switches is nearly identical to that of the
router IOS (with the exception of the switching-specific commands). The
IOS is covered in great detail in other guides on this site, specifically:
• Router Components
• Introduction to the Cisco IOS
• Advanced IOS Functions
Some basic IOS concepts will be reviewed in this guide. For more
comprehensive information, please consult the above guides.
Basic Switch Management v1.21 – Aaron Balchunas
* * *
All original material copyright © 2007 by Aaron Balchunas (aaron@routeralley.com),
unless otherwise noted. All other material copyright © of their respective owners.
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright. Updated material may be found at http://www.routeralley.com.
2
Using Lines to Configure the IOS
Three methods (or lines) exist to configure Cisco IOS devices (including
Catalyst switches):
• Console ports
• Auxiliary ports
• VTY (telnet) ports
Nearly every modern Cisco router or switch includes a console port,
sometimes labeled on the device simply as con. The console port is generally
a RJ-45 connector, and requires a rollover cable to connect to. The opposite
side of the rollover cable connects to a PC’s serial port using a serial
terminal adapter.
From the PC, software such as HyperTerminal is required to make a
connection from the local serial port to the router console port. The
following settings are necessary for a successful connection:
• Bits per second - 9600 baud
• Data bits - 8
• Parity - None
• Stop bits - 1
• Flow Control - Hardware
Some Cisco devices include an auxiliary port, in addition to the console
port. The auxiliary port can function similarly to a console port, and can be
accessed using a rollover cable. Additionally, auxiliary ports support modem
commands, thus providing dial-in access to Cisco devices.
Telnet, and now SSH, are the most common methods of remote access to
routers and switches. The standard edition of the IOS supports up to 5
simultaneous VTY connections. Enterprise editions of the IOS support up
to 255 VTY connections.
There are two requirements before a Catalyst switch will accept a VTY
connection:
• An IP address must be configured on the Management VLAN
(by default, this is VLAN 1)
• At least one VTY port must be configured with a password
Basic Switch Management v1.21 – Aaron Balchunas
* * *
All original material copyright © 2007 by Aaron Balchunas (aaron@routeralley.com),
unless otherwise noted. All other material copyright © of their respective owners.
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright. Updated material may be found at http://www.routeralley.com.
3
IOS Modes on Cisco Catalyst Switches
The Cisco IOS is comprised of several modes, each of which contains a set
of commands specific to the function of that mode.
By default, the first mode you enter when logging into a Cisco device is
User EXEC mode. User mode appends a “>” after the device hostname:
Switch>
No configuration can be changed or viewed from User mode. Only basic
status information can be viewed from this mode.
Privileged EXEC mode allows all configuration files, settings, and status
information to be viewed. Privileged mode appends a “#” after the device
hostname:
Switch#
To enter Privileged mode, type enable from User mode:
Switch> enable
Switch#
To return back to User mode from Privileged mode, type disable:
Switch# disable
Switch>
Very little configuration can be changed directly from Privileged mode.
Instead, to actually configure the Cisco device, one must enter Global
Configuration mode:
Switch(config)#
To enter Global Configuration mode, type configure terminal from
Privileged Mode:
Switch# configure terminal
Switch(config)#
To return back to Privileged mode, type exit:
Switch(config)# exit
Switch#
Basic Switch Management v1.21 – Aaron Balchunas
* * *
All original material copyright © 2007 by Aaron Balchunas (aaron@routeralley.com),
unless otherwise noted. All other material copyright © of their respective owners.
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright. Updated material may be found at http://www.routeralley.com.
4
IOS Modes on Cisco Catalyst Switches (continued)
As its name implies, Global Configuration mode allows parameters that
globally affect the device to be changed. Additionally, Global Configuration
mode is sectioned into several sub-modes dedicated for specific functions.
Among the most common sub-modes are the following:
• Interface Configuration mode - Switch(config-if)#
• Line Configuration mode - Switch(config-line)#
Recall the difference between interfaces and lines. Interfaces connect
routers and switches to each other. In other words, traffic is actually routed
or switched across interfaces. Examples of interfaces include Serial, ATM,
Ethernet, Fast Ethernet, and Token Ring.
To configure an interface, one must specify both the type of interface, and
the interface number (which always begins at “0”). Thus, to configure the
first Ethernet interface on a router:
Switch(config)# interface ethernet 0
Switch(config-if)#
Lines identify ports that allow us to connect into, and then configure, Cisco
devices. Examples would include console ports, auxiliary ports, and VTY
(or telnet) ports.
Just like interfaces, to configure a line, one must specify both the type of
line, and the line number (again, always begins at “0”). Thus, to configure
the first console line on a switch:
Switch(config)# line console 0
Switch(config-line)#
Multiple telnet lines can be configured simultaneously. To configure the first
sixteen telnet (or VTY) lines on a switch:
Switch(config)# line vty 0 15
Switch(config-line)#
Notice that Catalyst switches natively support up to 16 VTY connections. A
Cisco router running the standard IOS supports up to 5 VTY connections.
Remember that the numbering for both interfaces and lines begins with “0.”
Basic Switch Management v1.21 – Aaron Balchunas
* * *
All original material copyright © 2007 by Aaron Balchunas (aaron@routeralley.com),
unless otherwise noted. All other material copyright © of their respective owners.
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright. Updated material may be found at http://www.routeralley.com.
5
Enable Passwords
The enable password protects a switch’s Privileged mode. This password
can be set or changed from Global Configuration mode:
Switch(config)# enable password MYPASSWORD
Switch(config)# enable secret MYPASSWORD2
The enable password command sets an unencrypted password intended for
legacy systems that do not support encryption. It is no longer widely used.
The enable secret command sets an MD5-hashed password, and thus is far
more secure. The enable password and enable secret passwords cannot be
identical. The switch will not accept identical passwords for these two
commands.
Line Passwords and Configuration
Passwords can additionally be configured on switch lines, such as telnet
(vty), console, and auxiliary ports. To change the password for a console
port and all telnet ports:
Switch(config)# line console 0
Switch(config-line)# login
Switch(config-line)# password cisco1234
Switch(config-line)# exec-timeout 0 0
Switch(config-line)# logging synchronous
Switch(config)# line vty 0 15
Switch(config-line)# login
Switch(config-line)# password cisco1234
Switch(config-line)# exec-timeout 0 0
Switch(config-line)# logging synchronous
The exec-timeout 0 0 command is optional, and disables the automatic
timeout of your connection. The two zeroes represent the timeout value in
minutes and seconds, respectively. Thus, to set a timeout for 2 minutes and
30 seconds:
Switch(config-line)# exec-timeout 2 30
The logging synchronous command is also optional, and prevents system
messages from interrupting your command prompt.
By default, line passwords are stored in clear-text in configuration files. To
ensure these passwords are encrypted in all configuration files:
Switch(config)# service password–encryption
Basic Switch Management v1.21 – Aaron Balchunas
* * *
All original material copyright © 2007 by Aaron Balchunas (aaron@routeralley.com),
unless otherwise noted. All other material copyright © of their respective owners.
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright. Updated material may be found at http://www.routeralley.com.
6
Catalyst Configuration Files
Like Cisco routers, Catalyst switches employ a startup-config file (stored in
NVRAM) and a running-config (stored in RAM). The startup-config is the
saved configuration used when a router boots, and the running-config is the
currently active configuration.
Any configuration change made to an IOS device is made to the runningconfig.
Because the running-config file is stored in RAM, the contents of
this file will be lost during a power-cycle. To save the contents of the
running-config to the startup-config file:
Switch# copy run start
Catalyst switches additionally employ the following configuration and
diagnostic files, all stored in Flash memory:
• vlan.dat
• system_env_vars
• crashinfo
The vlan.dat file contains a list all created VLANs, and includes any VTP
specific information. The vlan.dat file does not contain information on
interface-to-VLAN assignments (which is stored in the startup-config).
The system_env_vars file contains environmental information specific to
the Catalyst switch, including serial/model numbers and MAC addresses.
The crashinfo file contains memory-dump information about previous
switch failures.
To delete all files in flash:
Switch# erase flash:
To delete a specific file in flash:
Switch# erase flash:FILENAME
To delete a specific file in flash:
Switch# format flash:
To upload an IOS image file from a TFTP server to flash:
Switch# copy tftp: flash:FILENAME
Basic Switch Management v1.21 – Aaron Balchunas
* * *
All original material copyright © 2007 by Aaron Balchunas (aaron@routeralley.com),
unless otherwise noted. All other material copyright © of their respective owners.
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright. Updated material may be found at http://www.routeralley.com.
7
Configuring Telnet Access on Catalyst Switches
Recall the two requirements to configure a Catalyst switch for VTY access:
• An IP address must be configured on the Management VLAN (by
default, this is VLAN 1)
• At least one VTY port must be configured with a password.
Configuring passwords on VTY lines was covered previously:
Switch(config)# line vty 0 15
Switch(config-line)# login
Switch(config-line)# password cisco1234
To assign an IP address to the Management VLAN:
Switch(config)# interface vlan 1
Switch(config-if)# ip address 192.168.123.151 255.255.255.0
Switch(config-if)# no shut
0 comments:
Post a Comment