mode are limited to those that change terminal
settings, perform basic tests, and display system information.
Figure describes the show commands that are available in
User EXEC mode. The enable command is used to change
from User EXEC mode to Privileged EXEC mode. Privileged EXEC
mode is also recognized by its prompt, which ends in a
pound-sign character (#). The Privileged EXEC mode
command set includes those commands allowed in User EXEC mode,
as well as the configure command. The configure
command allows other command modes to be accessed. Because
these modes are used to configure the switch, access to
Privileged EXEC mode should be password protected to prevent
unauthorized use. If the system administrator has set a
password, then users are prompted to enter the password before
being granted access to Privileged EXEC mode. The password does
not appear on the screen, and is case sensitive.
Content
6.2 Configuring the Switch 6.2.1
Verifying the Catalyst switch default configuration When
powered up for the first time, a switch has default data in the
running configuration file. The default hostname is Switch. No
passwords are set on the console or virtual terminal (vty)
lines. A switch may be given an IP address for management
purposes. This is configured on the virtual interface, VLAN 1.
By default, the switch has no IP address. The switch ports or
interfaces are set to auto mode , and all switch ports are in
VLAN 1. VLAN 1 is known as the default management VLAN. The
flash directory by default, has a file that contains the IOS
image, a file called env_vars, and a sub-directory called html.
After configuring the switch, it may contain a config.text
file, and a VLAN database. The flash directory has no VLAN
database file, vlan.dat, and shows no saved configuration file,
config.text. The IOS version and the configuration register
settings can be verified with the show version command.
In this default state, the switch has one broadcast domain and
can be managed or configured through the console port using the
CLI. The Spanning-Tree Protocol is also enabled, and allows the
bridge to construct a loop-free topology across an extended
LAN. For small networks, the default configuration may be
sufficient. The benefits of better performance with
microsegmentation are obtained immediately. Lab
Activity Lab Exercise: Verifying Default Switch
Configuration In this lab, the student will investigate the
default configuration of a 2900 series switch. Lab
Activity e-Lab Activity: Basic Switch Operation In this
lab, the student will look at the configuration of a 2950
switch. Web Links Features, default Settings, and
Descriptions http://www.cisco.com/univercd/cc/td/doc/
product/lan/ cat2950/2950_wc/ scg/ scg_mgmt.htm#xtocid111203
Content 6.2 Configuring the Switch
6.2.2 Configuring the catalyst switch A switch may already
be preconfigured and only passwords may need to be entered for
the user EXEC, enable, or privileged EXEC modes. Switch
configuration mode is entered from privileged EXEC mode. In the
CLI, the default privileged EXEC mode is Switch#. In User EXEC
mode the prompt will be Switch>. The following steps will
ensure that a new configuration will completely overwrite any
existing configuration: - Remove any existing VLAN
information by deleting the VLAN database file vlan.dat from
the flash directory
- Erase the back up configuration
file startup-config
- Reload the switch
Security, documentation, and management are important for every
internetworking device. A switch should be given a hostname,
and passwords should be set on the console and vty lines. To
allow the switch to be accessible by Telnet and other TCP/IP
applications, IP addresses and a default gateway should be set.
By default, VLAN 1 is the management VLAN. In a switch-based
network, all internetworking devices should be in the
management VLAN. This will allow a single management
workstation to access, configure, and manage all the
internetworking devices. The Fast Ethernet switch ports default
to auto-speed and auto-duplex. This allows the interfaces to
negotiate these settings. When a network administrator needs to
ensure an interface has particular speed and duplex values, the
values can be set manually. Intelligent networking devices can
provide a web-based interface for configuration and management
purposes. Once a switch is configured with an IP address and
gateway, it can be accessed in this way. A web browser can
access this service using the IP address and port 80, the
default port for http. The HTTP service can be turned on or
off, and the port address for the service can be chosen. Any
additional software such as an applet, can be downloaded to the
browser from the switch. Also, the network devices can be
managed by a browser based graphical user interface (GUI).
Lab Activity Lab Exercise: Basic Switch Configuration In
this lab, the student will configure a switch with a name and
an IP address. Lab Activity e-Lab Activity: Basic
Switch Configuration In this lab, the student will configure a
2950 switch. Web Links Using the Command-Line Interface
http://www.cisco.com/univercd/cc/ td/doc/product/lan/
cat2950/12111ea1/ scg/swcli.htm
Content 6.2
Configuring the Switch 6.2.3 Managing the MAC address
table Switches learn the MAC addresses of PCs or workstations
that are connected to their switch ports by examining the
source address of frames that are received on that port. These
learned MAC addresses are then recorded in a MAC address table.
Frames having a destination MAC address that has been recorded
in the table can be switched out to the correct interface. To
examine the addresses that a switch has learned, enter the
privileged EXEC command show mac-address–table. A switch
dynamically learns and maintains thousands of MAC addresses. To
preserve memory and for optimal operation of the switch,
learned entries may be discarded from the MAC address table.
Machines may have been removed from a port, turned off, or
moved to another port on the same switch or a different switch.
This could cause confusion in frame forwarding. For all these
reasons, if no frames are seen with a previously learned
address, the MAC address entry is automatically discarded or
aged out after 300 seconds. Rather than wait for a dynamic
entry to age out, the administrator has the option to use the
privileged EXEC command clear mac-address-table.
MAC address entries that an administrator has configured can
also be removed using this command. Using this method to clear
table entries ensures that invalid addresses are removed
immediately. Lab Activity Lab Exercise: Managing the
MAC Address Table In this lab, the student will create a basic
switch configuration and manage the MAC table. Lab
Activity e-Lab Activity: Managing the MAC Address Tables In
this lab, the student will observe and clear the MAC address
table. Web Links Managing the MAC Address Table
http://www.cisco.com/univercd/cc/ td/doc/product/
lan/cat2950/12111ea1/ scg/swadmin.htm#xtocid65
Content
6.2 Configuring the Switch 6.2.4
Configuring static MAC addresses It may be decided that it is
desirable for a MAC address to be permanently assigned to an
interface. The reasons for assigning a permanent MAC address to
an interface include: - The MAC address will not be aged
out automatically by the switch.
- A specific server or
user workstation must be attached to the port and the MAC
address is known.
- Security is enhanced.
To
set a static MAC address entry for a switch:
Switch(config)#mac-address-table static
<mac-address of host> interface
FastEthernet <Ethernet numer> vlan To
remove this entry use the no form of the command:
Switch(config)#no mac-address-table static
<mac-address of host> interface
FastEthernet <Ethernet number> vlan