<vlan name> Lab Activity Lab
Exercise: Configuring Static MAC Addresses In this lab, the
student will create a static address entry in the switch MAC
table. Lab Activity e-Lab Activity: Configuring Static
MAC Addresses In this lab, the student will configure static
MAC addresses. Web Links Adding and Removing Static
Address Entries http://www.cisco.com/univercd/cc/t
d/doc/product/l an/cat2950/12111ea1/ scg/swadmin.htm#xtocid72
Content 6.2 Configuring the Switch
6.2.5 Configuring port security Securing an internetwork is
an important responsibility for a network administrator. Access
layer switchports are accessible through the structured cabling
at wall outlets in offices and rooms. Anyone can plug in a PC
or laptop into one of these outlets. This is a potential entry
point to the network by unauthorized users. Switches provide a
feature called port security. It is possible to limit the
number of addresses that can be learned on an interface. The
switch can be configured to take an action if this is exceeded.
Secure MAC addresses can be set statically. However, securing
MAC addresses statically can be a complex task and prone to
error. An alternative approach is to set port security on a
switch interface. The number of MAC address per port can be
limited to 1. The first address dynamically learned by the
switch becomes the secure address. To reverse port security on
an interface use the no form of the command. To verify
port security status the command show port security is
entered. Lab Activity Lab Exercise: Configuring Port
Security In this lab, the student will create and verify a
basic switch configuration. Lab Activity e-Lab
Activity: Configuring Port Security In this lab, the student
will set port security for ports on the switch. Web
Links Enabling Port Security
http://www.cisco.com/univercd/cc/ td/doc/product/lan/
cat2950/2950_wc/scg/ scg_mgmt.htm#xtocid1112059
Content
6.2 Configuring the Switch 6.2.6
Executing adds, moves, and changes When a new switch is added
to a network, configure the following: - Switch name
- IP address for the switch in the management VLAN
- A default gateway
- Line passwords
When a host is moved from one port or switch to another,
configurations that can cause unexpected behavior should be
removed. Configuration that is required can then be added.
Lab Activity Lab Exercise: Add, Move, and Change MAC
Addresses In this lab, the student will create and verify a
basic switch configuration. Lab Activity e-Lab
Activity: Add, Move, and Change MAC Addresses on the Switch In
this lab, the student will add a MAC address to the switch,
then move the address, and change it.
Content
6.2 Configuring the Switch 6.2.7 Managing
switch operating system file An administrator should document
and maintain the operational configuration files for networking
devices. The most recent running-configuration file should be
backed up on a server or disk. This is not only essential
documentation, but is very useful if a configuration needs to
be restored. The IOS should also be backed up to a local
server. The IOS can then be reloaded to flash memory if needed.
Lab Activity Lab Exercise: Managing Switch Operating
System Files In this lab, the student will create and verify a
basic switch configuration, backup the switch IOS to a TFTP
server, and then restore it. Lab Activity Lab Exercise:
Managing Switch Startup Configuration Files In this lab, the
student will create and verify a basic switch configuration,
backup the switch startup configuration file to a TFTP server,
and then restore it. Lab Activity e-Lab Activity:
Managing the Switch Operating System Files In this lab, the
student will move files to and from the switch using a TFTP
server. Lab Activity e-Lab Activity: Managing the
Startup Configuration Files In this lab, the student will move
files to and from the switch using a TFTP server. Web
Links Downloading Software http://www.cisco.com/univercd/cc/
td/doc/product/lan/ cat2950/1219ea1/ ol236202.htm#xtocid10
Content 6.2 Configuring the Switch
6.2.8 1900/2950 password recovery For security and
management purposes, passwords must be set on the console and
vty lines. An enable password and an enable secret password
must also be set. These practices help ensure that only
authorized users have access to the user and privileged EXEC
modes of the switch. There will be circumstances where physical
access to the switch can be achieved, but access to the user or
privileged EXEC mode cannot be gained because the passwords are
not known or have been forgotten. In these circumstances, a
password recovery procedure must be followed. Lab
Activity Lab Exercise: Password Recovery Procedure on a
Catalyst 2900 Series Switch In this lab, the student will
create and verify a basic switch configuration. Lab
Activity e-Lab Activity: Password Recovery Procedure on a
2900 Series Switch In this lab, the student will go through the
procedure for password recovery. Web Links Recovering
from a Lost or Forgotten Password
http://www.cisco.com/univercd/cc/ td/doc/product/lan/
cat2950/12111ea1/scg/ swtrbl.htm#xtocid3
Content
6.2 Configuring the Switch 6.2.9
1900/2900 firmware upgrade IOS and firmware images are
periodically released with bugs fixed, new features introduced,
and performance improved. If the network can be made more
secure, or can operate more efficiently with a new version of
the IOS, then the IOS should be upgraded. To upgrade the IOS,
obtain a copy of the new image to a local server from the Cisco
Connection Online (CCO) Software Center. Lab Activity
Lab Exercise: Firmware Upgrade of a Catalyst 2900 Series
Switch In this lab, the student will create and verify a basic
switch configuration, then upgrade the IOS and HTML files from
a file supplied by the instructor. Lab Activity e-Lab
Activity: Firmware Upgrade of a Catalyst 2900 Series Switch In
this lab, the student will upgrade the firmware of the switch.
Web Links Download Software
http://www.cisco.com/univercd/cc/ td/doc/product/lan/
cat2950/1219ea1/ ol236202.htm#xtocid10
Content
Summary An understanding of the following key points should
have been achieved: - The major components of a Catalyst
switch
- Monitoring switch activity and status using LED
indicators
- Examining the switch bootup output using
HyperTerminal
- Using the help features of the command
line interface
- The major switch command modes
- The default settings of a Catalyst switch
- Setting
an IP address and default gateway for the switch to allow
connection and management over a network
- Viewing the
switch settings with a Web browser
- Setting interfaces
for speed and duplex operation
- Examining and managing
the switch MAC address table
- Configuring port
security
- Managing configuration files and IOS
images
- Performing password recovery on a switch
- Upgrading the IOS of a switch