<vlan name> Lab Activity Lab Exercise: Configuring Static MAC Addresses In this lab, the student will create a static address entry in the switch MAC table. Lab Activity e-Lab Activity: Configuring Static MAC Addresses In this lab, the student will configure static MAC addresses. Web Links Adding and Removing Static Address Entries http://www.cisco.com/univercd/cc/t d/doc/product/l an/cat2950/12111ea1/ scg/swadmin.htm#xtocid72
Content 6.2 Configuring the Switch 6.2.5 Configuring port security Securing an internetwork is an important responsibility for a network administrator. Access layer switchports are accessible through the structured cabling at wall outlets in offices and rooms. Anyone can plug in a PC or laptop into one of these outlets. This is a potential entry point to the network by unauthorized users. Switches provide a feature called port security. It is possible to limit the number of addresses that can be learned on an interface. The switch can be configured to take an action if this is exceeded. Secure MAC addresses can be set statically. However, securing MAC addresses statically can be a complex task and prone to error. An alternative approach is to set port security on a switch interface. The number of MAC address per port can be limited to 1. The first address dynamically learned by the switch becomes the secure address. To reverse port security on an interface use the no form of the command. To verify port security status the command show port security is entered. Lab Activity Lab Exercise: Configuring Port Security In this lab, the student will create and verify a basic switch configuration. Lab Activity e-Lab Activity: Configuring Port Security In this lab, the student will set port security for ports on the switch. Web Links Enabling Port Security http://www.cisco.com/univercd/cc/ td/doc/product/lan/ cat2950/2950_wc/scg/ scg_mgmt.htm#xtocid1112059
Content 6.2 Configuring the Switch 6.2.6 Executing adds, moves, and changes When a new switch is added to a network, configure the following: When a host is moved from one port or switch to another, configurations that can cause unexpected behavior should be removed. Configuration that is required can then be added. Lab Activity Lab Exercise: Add, Move, and Change MAC Addresses In this lab, the student will create and verify a basic switch configuration. Lab Activity e-Lab Activity: Add, Move, and Change MAC Addresses on the Switch In this lab, the student will add a MAC address to the switch, then move the address, and change it.
Content 6.2 Configuring the Switch 6.2.7 Managing switch operating system file An administrator should document and maintain the operational configuration files for networking devices. The most recent running-configuration file should be backed up on a server or disk. This is not only essential documentation, but is very useful if a configuration needs to be restored. The IOS should also be backed up to a local server. The IOS can then be reloaded to flash memory if needed. Lab Activity Lab Exercise: Managing Switch Operating System Files In this lab, the student will create and verify a basic switch configuration, backup the switch IOS to a TFTP server, and then restore it. Lab Activity Lab Exercise: Managing Switch Startup Configuration Files In this lab, the student will create and verify a basic switch configuration, backup the switch startup configuration file to a TFTP server, and then restore it. Lab Activity e-Lab Activity: Managing the Switch Operating System Files In this lab, the student will move files to and from the switch using a TFTP server. Lab Activity e-Lab Activity: Managing the Startup Configuration Files In this lab, the student will move files to and from the switch using a TFTP server. Web Links Downloading Software http://www.cisco.com/univercd/cc/ td/doc/product/lan/ cat2950/1219ea1/ ol236202.htm#xtocid10
Content 6.2 Configuring the Switch 6.2.8 1900/2950 password recovery For security and management purposes, passwords must be set on the console and vty lines. An enable password and an enable secret password must also be set. These practices help ensure that only authorized users have access to the user and privileged EXEC modes of the switch. There will be circumstances where physical access to the switch can be achieved, but access to the user or privileged EXEC mode cannot be gained because the passwords are not known or have been forgotten. In these circumstances, a password recovery procedure must be followed. Lab Activity Lab Exercise: Password Recovery Procedure on a Catalyst 2900 Series Switch In this lab, the student will create and verify a basic switch configuration. Lab Activity e-Lab Activity: Password Recovery Procedure on a 2900 Series Switch In this lab, the student will go through the procedure for password recovery. Web Links Recovering from a Lost or Forgotten Password http://www.cisco.com/univercd/cc/ td/doc/product/lan/ cat2950/12111ea1/scg/ swtrbl.htm#xtocid3
Content 6.2 Configuring the Switch 6.2.9 1900/2900 firmware upgrade IOS and firmware images are periodically released with bugs fixed, new features introduced, and performance improved. If the network can be made more secure, or can operate more efficiently with a new version of the IOS, then the IOS should be upgraded. To upgrade the IOS, obtain a copy of the new image to a local server from the Cisco Connection Online (CCO) Software Center. Lab Activity Lab Exercise: Firmware Upgrade of a Catalyst 2900 Series Switch In this lab, the student will create and verify a basic switch configuration, then upgrade the IOS and HTML files from a file supplied by the instructor. Lab Activity e-Lab Activity: Firmware Upgrade of a Catalyst 2900 Series Switch In this lab, the student will upgrade the firmware of the switch. Web Links Download Software http://www.cisco.com/univercd/cc/ td/doc/product/lan/ cat2950/1219ea1/ ol236202.htm#xtocid10
Content Summary An understanding of the following key points should have been achieved: