[CCNA] Base Switch Configuration

In this post, we’ll see how can we performing an initial switch configuration (can also done with a router).


We’ll work through this Todo one by one:

  1. Hostname
  2. Console password
  3. Telnet password
  4. Enable password
  5. Management IP address (VLAN 1)
  6. Default gateway
  7. Shutdown
  8. Login banner
  9. Saving configuration

1. The first thing is to name the switch, using the hostname command from the global configuration mode; each company has its own naming schema (like the region number, floor, switch… etc), in our case we’ll use a simple name.

Switch>enable
Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname ?
  WORD  This system's network name
Switch(config)#hostname MainSwitch
MainSwitch(config)#

2. 5 passwords are used to secure your Cisco device: console, auxiliary, vty (telnet), enable password, enable secret. To set the console user-mode password go the the console configuration mode.

MainSwitch(config)#line console ?
    First Line number
MainSwitch(config)#line console 0
MainSwitch(config-line)#password ?
  7     Specifies a HIDDEN password will follow
  LINE  The UNENCRYPTED (cleartext) line password
MainSwitch(config-line)#password cisco
MainSwitch(config-line)#end
MainSwitch#
%SYS-5-CONFIG_I: Configured from console by console

MainSwitch#

Until now, the switch doesn’t ask you for the password when trying to login using the console port, why ? because we forgot to tell it to check the password 😀

MainSwitch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
MainSwitch(config)#line console 0
MainSwitch(config-line)#?
Line configuration commands:
  ...
  login         Enable password checking
  ...
MainSwitch(config-line)#login
MainSwitch(config-line)#exec-timeout ?
    Timeout in minutes
MainSwitch(config-line)#exec-timeout 0 ?
    Timeout in seconds

MainSwitch(config-line)#exec-timeout 0 0
MainSwitch(config-line)#
MainSwitch(config-line)#logging synchronous
MainSwitch(config-line)#
  • exec-timeout: sets the timeout for the console execute session, in this case 0 minute, 0 second => disable the time-out, because it’s a lab-env.
  • logging synchronous: stops annoying console messages (syslog) from popping up and disrupting the input you’re trying to type (you can fix it using the Tab key).

3. Telnet is what allows you to manage the switch remotely, using the line mode to set the password, taking two arguments the first and the last line number, by default Cisco allows 5 sessions simultaneous, but you can go until 16.

MainSwitch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
MainSwitch(config)#line ?
     First Line number
  console  Primary terminal line
  vty      Virtual terminal
MainSwitch(config)#line vty ?
    First Line number
MainSwitch(config)#line vty 0 ?
    Last Line number

MainSwitch(config)#line vty 0 15
MainSwitch(config-line)#password cisco
MainSwitch(config-line)#
  • The VTY doesn’t require the login command, because it’s already setting by Cisco, that’s Cisco’s form of security.
MainSwitch#show running-config | begin line vty
line vty 0 4
 password cisco
 login
line vty 5 15
 password cisco
 login
!
!
end

MainSwitch#

4. The enable password protects the transition from the User Mode to the Privileged Mode, it is similar to other passwords, however it’s from the global config mode, because it’s affect the whole device. enable password and enable secret commands do exactly the same thing:

  • enable password sets the password in clear text.
  • enable secret encrypts it using the MD5 algorithm.
MainSwitch(config)#enable ?
  password  Assign the privileged level password
  secret    Assign the privileged level secret
MainSwitch(config)#enable password ?
  7      Specifies a HIDDEN password will follow
  LINE   The UNENCRYPTED (cleartext) 'enable' password
  level  Set exec level password
MainSwitch(config)#enable password cisco
MainSwitch(config)#enable secret ?
  0      Specifies an UNENCRYPTED password will follow
  5      Specifies an ENCRYPTED secret will follow
  LINE   The UNENCRYPTED (cleartext) 'enable' secret
  level  Set exec level password
MainSwitch(config)#enable secret c1sc0
MainSwitch(config)#^Z
%SYS-5-CONFIG_I: Configured from console by console

MainSwitch#show running-config
Building configuration...
...
!
hostname MainSwitch
!
enable secret 5 $1$mERr$fUHfKnbAzwSaPfCLSoNMr1
enable password cisco
!

MainSwitch#

If the secret password is setting, the enable is no longer allowing you to use the enable password anymore because Cisco prefer the securing way.

All the console, Telnet password as enable password are saved in clear text, Cisco has a command that allows you to encrypt those passwords:

MainSwitch(config)#service ?
  password-encryption  Encrypt system passwords
  timestamps           Timestamp debug/log messages
MainSwitch(config)#service password-encryption
MainSwitch(config)#

5. Assigning IP address to a switch has a relation with VLAN, by default switch ports are all part of VLAN 1

MainSwitch#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gig1/1, Gig1/2
...
...
MainSwitch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
MainSwitch(config)#interface vlan 1
MainSwitch(config-if)#ip address ?
  A.B.C.D  IP address
  dhcp     IP Address negotiated via DHCP
MainSwitch(config-if)#ip address 172.16.30.11 255.255.255.0
MainSwitch(config-if)#no shutdown

MainSwitch(config-if)#
%LINK-5-CHANGED: Interface Vlan1, changed state to up

MainSwitch(config-if)#

6. Now, we move on to the default gateway, that allows you to manage the switch remotely (really remotely, outside the LAN), the default gateway is the IP address of the router interface (to communicate out of your network).

MainSwitch(config)#ip default-gateway ?
  A.B.C.D  IP address of default gateway
MainSwitch(config)#ip default-gateway 172.16.30.1
MainSwitch(config)#

Now, that switch knows how can get off its own network.

7. The shutdown command allows you to shutdown interfaces (turn off) as well as turn on using the negative command (no shutdown), so to shutdown an interface:

MainSwitch#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/1        unassigned      YES manual down                  down
FastEthernet0/2        unassigned      YES manual down                  down
FastEthernet0/3        unassigned      YES manual down                  down
FastEthernet0/4        unassigned      YES manual down                  down
FastEthernet0/5        unassigned      YES manual down                  down
FastEthernet0/6        unassigned      YES manual down                  down
FastEthernet0/7        unassigned      YES manual down                  down
FastEthernet0/8        unassigned      YES manual down                  down
FastEthernet0/9        unassigned      YES manual down                  down
FastEthernet0/10       unassigned      YES manual down                  down
 --More--
MainSwitch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
MainSwitch(config)#interface fastEthernet 0/1
MainSwitch(config-if)#shutdown

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
MainSwitch(config-if)#

Also, you can turn off a list of interfaces, using the rang argument:

MainSwitch(config)#interface range fastEthernet 0/1 - 10
MainSwitch(config-if-range)#shutdown

%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/3, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/4, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/5, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/6, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/7, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/8, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/9, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/10, changed state to administratively down
MainSwitch(config-if-range)#
  • You can notice that the syslog messages inform you about what really happening on your device.

8. There are more than banner that can use on Cisco device, here we are focusing on the motd banner (Message Of The Day)

MainSwitch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
MainSwitch(config)#banner ?
  motd  Set Message of the Day banner
  ...
MainSwitch(config)#banner motd ?
  LINE  c banner-text c, where 'c' is a delimiting character
MainSwitch(config)#banner motd #
Enter TEXT message.  End with the character '#'.
Welcome To The MainSwitch
Unauthorized Access Prohibited
#

MainSwitch(config)#

Where # is the eliminated character (marks the beginning and the end of the message). So, when you try to connect to the switch:

Welcome To The MainSwitch
Unauthorized Access Prohibited

User Access Verification

Password:

9. Finally, the great piece is to save the configuration, running-config is running on RAM not NVRAM (Non-Volatile) where the the startup-config is saved:

MainSwitch#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
MainSwitch#
MainSwitch#write memory
Building configuration...
[OK]
MainSwitch#
MainSwitch#wr
Building configuration...
[OK]
MainSwitch#
  • write memory (or wr as shortcut) do the same as copy running-config startup-config

10. To verify your configuration, you can use the show commands:

MainSwitch#show running-config
Building configuration...

Current configuration : 1263 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname MainSwitch
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
enable password 7 0822455D0A16
!
...

I hope this been informative for you, enjoy !

Advertisements

Tagged: , , ,

One thought on “[CCNA] Base Switch Configuration

  1. [CCNA] Configuring SSH | Boubakr Tech June 10, 2014 at 12:04 am Reply

    […] course the device must have an IP address, check this post for the initial […]

Leave a Reply :

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: