Basic Device

Configuratio
n

Module 1
Mike Fuszner

1
Configure a
Switch with
Basic
Settings

2
Boot Sequence
When a switch is powered on, it goes
through this sequence:
Power-on self-test (POST) stored in RAM tests
CPU, DRAM, and flash.
The boot loader is then loaded from ROM.
CPU registers are initialized.
The flash file system is initialized.
A default IOS is located and loaded.

3
The switch attempts to automatically boot by using information in
the BOOT environment variable. If this variable is not set, the
switch attempts to load and execute the first executable file it can
by performing a recursive, depth-first search throughout the flash
file system, where each encountered subdirectory is completely
searched before continuing the search in the original directory.
The BOOT environment variable is set using the following
command:

Use show bootvar (or show boot in

older IOSs) to see what the current
boot file is set to.

4
1

5
Connecting to the Switch
Connect a console,
or rollover cable,
from the console
port on the switch to
a terminal adapter
(if necessary)
plugged into a serial
port on the
computer.
The proper settings
for your terminal
emulation program
are: 9600 bps, 8
data bits, no parity, 6
Breaking into the boot
loader…
❶ Connect a PC by console cable to the switch
console port. Configure terminal emulation
software to connect to the switch.
❷ Unplug the switch power cord.
❸ Reconnect the power cord to the switch and,
within 15 seconds, press and hold down the Mode
button while the System LED is still flashing
green.
❹Continue pressing the Mode button until the
System LED turns briefly amber and then solid
green; then release the Mode button.
❺ The boot loader switch: prompt appears in the
You may reformat the flash file system, reinstall the IOS, or
terminal emulation software on the PC.
conduct password recovery from the switch: prompt.
7
Recovering from a System
Crash
❶ From the switch: prompt, initialize flash

❷ Set the boot environment variable to the IOS image

❸ Use the set command to verify the setting

❹ Issue the boot command to load the IOS

8
Switch Topology

Cable the topology according to the ports shown.

9
Clear the Switch
Switch> enable Used to enter privileged mode
from normal mode on CLI switch.

Switch# Privileged mode

 
Switch# erase startup-config Erases the switch configuration
but not the VLAN configuration.

Switch# del flash:vlan.dat Erases the VLAN configuration.

Switch# reload Reboots the switch.

10
 Host Name and Passwords
Switch>enable Switch>enable
Switch#config t Switch#config t
Switch(config)#hostname S1 Switch(config)#hostname S2
S1(config)#enable password cisco S2(config)#enable password cisco
S1(config)#enable secret class S2(config)#enable secret class
S1(config)#line console 0 S2(config)#line console 0
S1(config-line)#password cisco S2(config-line)#password cisco
S1(config-line)#login S2(config-line)#login
S1(config-line)#exit S2(config-line)#exit
S1(config)#line vty 0 15 S2(config)#line vty 0 15
S1(config-line)#password cisco S2(config-line)#password cisco
S1(config-line)#login S2(config-line)#login
S1(config-line)#exit S2(config-line)#exit
S1(config)# S2(config)#

11
Encrypted Passwords
When configuring passwords in Cisco IOS
CLI, by default all passwords, except for
the enable secret password, are stored in
clear text format within the startup-config
and running-config.
When the service password-
encryption command is entered from
global configuration mode, all system
passwords are stored in an encrypted
form.

12
Special Commands
S1(config)#line console 0
S1(config-line)#logging synchronous
S1(config-line)#exec-timeout 0 0
S1(config-line)#exit
S1(config)#no ip domain-lookup
S1(config)#service password-encryption
S2(config)#line console 0
S2(config-line)#logging synchronous
S2(config-line)#exec-timeout 0 0
S2(config-line)#exit
S2(config)#no ip domain-lookup
S2(config)#service password-encryption
13
Basic Configuration
An access layer switch is much like a PC
in that you need to configure an IP
address, a subnet mask, and a default
gateway.
 This IP address is assigned to a virtual
interface called a virtual LAN (VLAN), and
then it is necessary to ensure the VLAN is
assigned to a specific port or ports on the
switch.
 The default configuration on the switch is to
have the management of the switch controlled
through VLAN 1. However, a best practice for
basic switch configuration is to change the
14
1

15
16
Management VLAN – S1
S1(config)#interface vlan 99
S1(config-if)#ip address 172.17.99.11 255.255.0.0
S1(config-if)#no shutdown
S1(config-if)#exit
S1(config)#ip default-gateway 172.17.99.1
S1(config)#interface f0/18
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 99
S1(config-if)#end
S1#copy running-config startup-config

We do not have a router attached in our topology, so the default

gateway is not reachable at this time. In later lessons we will
include a router at the address 172.17.99.1.
You may verify your configuration with show running-config
and show ip interface brief.
17
Management VLAN – S2
S2(config)#interface vlan 99
S2(config-if)#ip address 172.17.99.13 255.255.0.0
S2(config-if)#no shutdown
S2(config-if)#exit
S2(config)#ip default-gateway 172.17.99.1
S2(config)#interface f0/18
S2(config-if)#switchport mode access
S2(config-if)#switchport access vlan 99
S2(config-if)#end
S2#copy running-config startup-config

18
MDIX Auto Command
You used to be required to use certain
cable types (cross-over, straight-through)
when connecting between specific
devices, switch-to-switch or switch-to-
router. Instead, you can now use the
mdix auto interface configuration
command in the CLI to enable the
automatic medium-dependent
interface crossover (auto-MDIX)
feature.
 The auto-MDIX feature is enabled by default
on switches running
S1(config)#int fa0/1 Cisco IOS Release
S2(config)#int fa0/1
S1(config-if)#mdix auto S2(config-if)#mdix auto
12.2(18)SE or later. For releases between 19
Most Ethernet and Fast Ethernet NICs sold today offer full-
duplex capability. Gigabit Ethernet and 10Gb NICs require
full-duplex connections to operate.

20
21
Interface Description, Duplex,
Speed
S1(config)#interface fa0/1
S1(config-if)#description Connection to S2
S1(config-if)#duplex ?
auto Enable AUTO duplex configuration
full Force full duplex operation
half Force half-duplex operation
S1(config-if)#duplex auto
S1(config-if)#speed ?
10 Force 10 Mbps operation
100 Force 100 Mbps operation
auto Enable AUTO speed configuration
S1(config-if)#speed auto
To turn auto negotiation off:
S1(config-if)# no negotiation auto 22
Interface Description, Duplex,
Speed
S2(config)#interface fa0/1
S2(config-if)#description Connection to S1
S2(config-if)#duplex ?
auto Enable AUTO duplex configuration
full Force full duplex operation
half Force half-duplex operation
S2(config-if)#duplex auto
S2(config-if)#speed ?
10 Force 10 Mbps operation
100 Force 100 Mbps operation
auto Enable AUTO speed configuration
S2(config-if)#speed auto

23
S1(config)#ip http authentication enable
S1(config)#ip http server
S2(config)#ip http authentication enable
S2(config)#ip http server
24
Switch MAC Address Tables
A switch builds its MAC address table by
recording the MAC addresses of the nodes
connected to each of its ports.
 When an incoming data frame is received by
a switch and the destination MAC address is
not in the table, the switch forwards the frame
out all ports, except for the port on which it
was received.
 Typically, switch ports used to interconnect
two switches have multiple MAC addresses
recorded in the MAC address table.
Formerly called the Content Addressable Memory, or CAM, table.

25
Building the MAC Address
Table
Dynamic addresses are source MAC
addresses that the switch learns and then
ages when they are not in use. When the
switch receives a frame, it assigns the
source MAC address to the port.
 A network administrator can specifically
assign static MAC addresses to certain ports.
Static addresses are not aged out.
mac-address-table static <MAC address> vlan {1-4096,
ALL} interface interface-id
View the mac-address-table using the command:
show mac-address-table

26
Banner Messages
 Banner messages should be used to warn would-be intruders that
they are not welcome on your network. Banners are important,
especially from a legal perspective. Intruders have been known to
win court cases because they did not encounter appropriate
warning messages when accessing router networks.
 Choosing what to place in banner messages is extremely
important and should be reviewed by lawyers and /or legal counsel
before placing the messages on your routers.

Never use the word “welcome” or any

other familiar or similar greeting that
may be misconstrued as an invitation to
use the network.

27
Configuring Banner Messages

Sample
login
message
similar to
the FBI’s
Atlanta
computer
crime
squad.

There are three banner messages configured above:

1) message of the day
2) login
3) exec

28
Banner Message Display
Message of the day
banner message appears
first.

Login
banner
message
appears
after the
motd
banner.

Exec banner message

appears after logging
into exec mode.

29
Restore Configurations

There is also the option of entering the copy startup-config

running-config command. Unfortunately, this command does not
entirely overwrite the running configuration; it only adds existing
commands from the startup configuration to the running
configuration.

30
Using a TFTP Server

Use TFTPd32, a free TFTP server, to save your running-config. You

may download TFTPd32 free from http://tftpd32.jounin.net/.

31
1

32
33
Secure
Remote
Access

Subtitle

34
34
Telnet and SSH
Telnet
 Most common access method.
 Sends clear text message streams.
 Is not secure.
 Is the default.
Secure Shell (SSH)
 Should be the common access method.
 Sends an encrypted message stream.
 Is secure.

35
1

36
Configuring Telnet
S1(config)#line vty 0 15
S1(config-line)#transport input telnet

S2(config)#line vty 0 15
S2(config-line)#transport input telnet

37
Configuring SSH
SSH is a cryptographic security feature
that is subject to export restrictions. To
use this feature, a cryptographic image
must be installed on your switch.
 To implement SSH, you need to generate RSA
keys.
 Cisco recommends using a modulus size of
S1(config)#username Mike password cisco
1024 bits.
S1(config)#ip domain-name mydomain.com
S1(config)#crypto key generate rsa Configure
S1(config)#ip ssh version 2 the same
S1(config)#line vty 0 15 commands
on S2.
S1(config-line)#login local
S1(config-line)#transport input ssh
38
1

39
Password Recovery
The password recovery process requires
physical access to the device and varies from
device to device.
To locate password recovery procedures, go to
www.cisco.com and search for “password recovery”.
This should lead you to the following Web site:
http://www.cisco.com/en/US/products/sw/iosswrel/ps183
1/products_tech_note09186a00801746e6.shtml
To recover the password on a Cisco 2960 switch, use the following steps:

Step 1. Connect a terminal or PC with terminal-emulation software to the

switch console port.

Step 2. Set the line speed on the emulation software to 9600 baud.

Step 3. Power off the switch. Reconnect the power cord to the switch and
within 15 seconds, press the Mode button while the System LED is still
flashing green. Continue pressing the Mode button until the System LED
turns briefly amber and then solid green. Then release the Mode button.

Step 4. Initialize the Flash file system using the flash_init command.
40
Basic Router
Configuration

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 41
41
42
43
44
45
Loopback Interfaces
The loopback interface is a logical
interface that is internal to the router.
Not assigned to a physical port
Can never be connected to any other device
Considered a software interface that is
automatically placed in an “up” state
Multiple loopback interfaces can be enabled
on a router

46
 show show
show show show show
ip show ip
ipv6 ip interfa ipv6
interfa ipv6 interf
interfa rout ces interf
ce route ace
ce brief e ace
brief

47
Terminal Length
Command output pauses after 24 lines by
default
Press Enter to display the next line
Press the space bar to display the next set of
24 lines
Use the terminal length command to change
the number of lines:
Set length to
0 to prevent
pausing

48
 Filtering show command output

section include exclude begin

49
Command History
The command history stores recently
used commands
Use the up or down arrow keys to traverse
through the list Changes the
The last 10 commands are stored number of
commands
remembered

50
51