Written By Harris Andrea
In my opinion, the Cisco switches are the best in the market. Versatile, reliable, flexible and powerful, the Cisco switch product line (such as the 2960, 3560, 3650, 3850, 4500, 6500, 9400 series etc) offer unparalleled performance and features.
Although a Cisco switch is a much simpler network device compared with other devices (such as routers and firewalls for example), many people have difficulties to configure a Cisco Catalyst Switch.
Unlike other lower class switch vendors (which are plug-and-play), the Cisco switch needs some initial basic configuration in order to enable management, security and some other important features.
In this article I will describe the basic steps needed to configure and setup a Cisco switch from scratch. I don’t like graphical GUI or web management at all, so I will show you command line configuration (CLI) which is much more powerful and actually forces the administrators to learn what they are doing on the device.
STEP1: Connect to the device via console
Use a terminal emulation software such as PuTTY and connect to the console of the switch. You will get the initial command prompt “Switch>”
Type “enable” and hit enter. You will get into privileged EXEC mode (“Switch#”)
Now, get into Global Configuration Mode:
Switch# configure terminal
Switch(config)#
Note: The switch will not ask you for a password when entering into Privileged EXEC mode (i.e after typing “enable”) if it has the default factory configuration. See Step 3 below about setting up a password for the Privileged EXEC mode.
STEP2: Set up a hostname for the particular switch to distinguish it in the network
Switch(config)# hostname access-switch1
access-switch1(config)#
STEP3: Configure an administration password (enable secret password)
access-switch1(config)# enable secret somestrongpass
The password above will be used to enter into Privileged EXEC mode as described in Step 1 above.
STEP4: Configure a password for Telnet and Console access
It is a very good security practice to lock-down all access lines of a switch with a password. Although it is much better to configure an external AAA server (for centralized Authentication Authorization and Accounting), in this article we will just configure a password on each access line (VTY lines for Telnet and Console line):
access-switch1(config)# line vty 0 15
access-switch1(config-line)# password strongtelnetpass
access-switch1(config-line)# login
access-switch1(config-line)# exit
access-switch1(config)#
access-switch1(config)# line console 0
access-switch1(config-line)# password strongconsolepass
access-switch1(config-line)# login
access-switch1(config-line)# exit
access-switch1(config)#
STEP5: Define which IP addresses are allowed to access the switch via Telnet
access-switch1(config)# ip access-list standard TELNET-ACCESS
access-switch1(config-std-nacl)# permit 10.1.1.100
access-switch1(config-std-nacl)# permit 10.1.1.101
access-switch1(config-std-nacl)# exit
!Apply the access list to Telnet VTY Lines
access-switch1(config)# line vty 0 15
access-switch1(config-line)# access-class TELNET-ACCESS in
access-switch1(config-line)# exit
access-switch1(config)#
STEP6: Assign IP address to the switch for management
!Management IP is assigned to Vlan 1 by default
access-switch1(config)# interface vlan 1
access-switch1(config-if)# ip address 10.1.1.200 255.255.255.0
access-switch1(config-if)# exit
access-switch1(config)#
STEP7: Assign default gateway to the switch
access-switch1(config)# ip default-gateway 10.1.1.254
STEP8: Disable unneeded ports on the switch
! This step is optional but enhances security
! Assume that we have a 48-port switch and we don’t need ports 25 to 48
access-switch1(config)# interface range fa 0/25-48
access-switch1(config-if-range)# shutdown
access-switch1(config-if-range)# exit
access-switch1(config)#
STEP9: Configure Layer2 VLANs and assign ports to the them
By default, all physical ports of the switch belong to the native VLAN1. One of the most important functions of an Ethernet switch is to segment the network into multiple Layer2 VLANs (with each VLAN belonging to a different Layer3 subnet).
In order to do the above Layer2 segmentation you need to create additional VLANs from the default VLAN1 and then assign physical ports to these new vlans. Let’s create two new vlans (VLAN2 and VLAN3) and assign two ports to each one.
! First create the Layer2 VLANs on the switch
access-switch1(config)# vlan 2
access-switch1(config-vlan)# name TEACHERS
access-switch1(config-vlan)# exit
access-switch1(config)# vlan 3
access-switch1(config-vlan)# name STUDENTS
access-switch1(config-vlan)# exit
! Now assign the physical ports to each VLAN. Ports 1-2 are assigned to VLAN2 and ports 3-4 to VLAN3
access-switch1(config)# interface range fa 0/1-2
access-switch1(config-if-range)#switchport mode access
access-switch1(config-if-range)# switchport access vlan 2
access-switch1(config-if-range)# exit
access-switch1(config)# interface range fa 0/3-4
access-switch1(config-if-range)#switchport mode access
access-switch1(config-if-range)# switchport access vlan 3
access-switch1(config-if-range)# exit
STEP10: Save the configuration
access-switch1(config)# exit
access-switch1# wr
The above command to save the configuration can also be accomplished withcopy run start
The above are some steps that can be followed for basic set-up of a Cisco switch. Of course there are more things you can configure (such as SNMP servers, NTP, AAA, Vlan trunking protocol, 802.1q Trunk ports, Layer 3 inter-vlan routing etc) but those depend on the requirements of each particular network.
Some Useful “Show” Commands
After configuring the basic steps above, let’s see some useful commands to monitor your configuration or troubleshoot possible problems:
access-switch1# show run (Displays the current running configuration)
access-switch1# show interfaces (Displays the configuration of all interfaces and the status of each one)
access-switch1# show vlan (Displays all vlan numbers, names, ports associated with each vlan etc)
access-switch1# show interface status (Displays status of interfaces, speed, duplex etc)
access-switch1# show mac address-table (Displays current MAC address table and which MAC address is learned on each interface)
Related Posts
- From Reactive to Proactive: Mastering Network Performance with Switch Monitoring
- How Does a Network Switch Learn MAC Addresses?
- How to Find a Device MAC Address on a Cisco Switch (show mac address-table)
- Cisco Switch Layer2 Layer3 Design and Configuration
