CCNA :) Be a Good Network Administrator

Configuring port security   6.2.5  This page will explain why port security is important and how it is configured on a Catalyst 2950 switch. Network security is an important responsibility for network administrators. Access layer switch ports are accessible through the structured cabling at wall outlets. Anyone can plug in a PC or laptop into one of these outlets. This is a potential entry point to the network by unauthorized users. Switches provide a feature called port security. It is possible to limit the number of addresses that can be learned on an interface. The switch can be configured to take an action if this is exceeded. Secure MAC addresses can be configured statically. However, it is a complex task to configure secure MAC addresses statically, and is usually prone to error. An alternative approach is to set port security on a switch interface. The number of MAC addresses per port can be limited to 1. The first address dynamically learned by the switch bec...

Managing the MAC address table 6.2.3  This page will explain how switches create and manage MAC address tables. Switches examine the source address of frames that are received on the ports to learn the MAC address of PCs or workstations that are connected to it. These learned MAC addresses are then recorded in a MAC address table. Frames that have a destination MAC address that has been recorded in the table can be switched out to the correct interface. The show mac-address-table command can be entered in the Privileged EXEC mode to examine the addresses that a switch has learned. A switch dynamically learns and maintains thousands of MAC addresses. To preserve memory and for optimal operation of the switch, learned entries may be discarded from the MAC address table. Machines may have been removed from a port, turned off, or moved to another port on the same switch or a different switch. This can cause confusion when frames are forwarded. For all these reasons, if no...

Configuring the Catalyst switch   6.2.2  This page will teach students how to configure a switch. A switch may be preconfigured and only passwords may need to be entered for the User EXEC or Privileged EXEC modes. Switch configuration mode is entered from Privileged EXEC mode. In the CLI, the default Privileged EXEC mode prompt is Switch# . In User EXEC mode the prompt is Switch> . The following steps will ensure that a new configuration will completely overwrite the current configuration: To remove the current VLAN information, delete the VLAN database file called vlan.dat from the flash directory Erase the back up configuration file called startup-config Restart the switch with the reload command  Security, documentation, and management are important for every network device. A switch should be given a hostname, and passwords should be set on the console and vty lines.  A switch should be assigned an IP addres...

Verifying the Catalyst switch default configuration   Switch name Command Explanation SydneySwitch# show version Displays the configuration of the system hardware, software version, names, and sources of configuration files and boot images SydneySwitch# show running-configuration Displays the current active configuration file of the switch SydneySwitch# show interfaces Displays the statistics for all interfaces configured on the switch SydneySwitch# show ip Displays the IP address, subnet mask, and default gateway 6.2.1  This page will teach students about the default configuration of a switch and how to verify it. When powered up for the first time, a switch has default data in the running configuration file. The default hostname is Switch.  No passwords are set on the console or virtual terminal (vty) lines.  A switch may be given an IP address for management purposes. This is configured on the virtual interface, VLAN 1. B...

Switch command modes   6.1.6  This page will discuss two switch command modes. The default mode is User EXEC mode. The User EXEC mode is recognized by its prompt, which ends in a greater-than character ( > ). The commands available in User EXEC mode are limited to those that change terminal settings, perform basic tests, and display system information. Figure describes the show commands that are available in User EXEC mode. The enable command is used to enter Privileged EXEC mode from User EXEC mode. Privileged EXEC mode is also recognized by its prompt, which ends in a pound-sign character ( # ). The Privileged EXEC mode command set includes the configure command as well as all commands from the User EXEC mode. The configure command allows other command modes to be accessed. Because these modes are used to configure the switch, access to Privileged EXEC mode should be password protected to prevent unauthorized use. If a password is set, users are prompted to ent...

Examining help in the switch CLI   Context Sensitive Help Console Error Messages Command History Buffer Provides a list of commands and the arguments associated with a specific command. Identifies problems with any switch commands that are incorrectly entered so that the operator can alter or correct them. Allows recall of long or complex commands or entries for reentry, review, or correction. 6.1.5  This page will explain how the help system is used in the CLI of Cisco switches. The CLI for Cisco switches is very similar to the CLI for Cisco routers. To use the help system enter a question mark ( ? ). When this sign is entered at the system prompt, a list of commands available for the current command mode is displayed.  The help system is very flexible. To obtain a list of commands that begin with a particular character sequence, enter those characters followed immediately by the question...

Viewing initial bootup output from the switch   6.1.4  This page will explain how HyperTerminal can be used to check and configure a switch. In order to configure or check the status of a switch, connect a computer to the switch in order to establish a communication session. Use a rollover cable to connect the console port on the back of the switch to a COM port on the back of the computer.  Start HyperTerminal on the computer. A dialog window will be displayed. The connection must first be named when initially configuring the HyperTerminal communication with the switch. Select the COM port to which the switch is connected from the pull-down menu, and click the OK button. A second dialog window will be displayed. Set up the parameters and click the OK button. Plug the switch into a wall outlet. The initial bootup output from the switch should be displayed on the HyperTerminal screen. This output shows information about the switch, details about POST status, and...

Verifying port LEDs during switch POST   6.1.3  There are many ideas to present here. The following could help in answering some of the questions students might ask about POST LEDs during switch POST: At the start all port LEDs are green Each LED turns off after its test completes If a test fails, its LED turns amber System LED turns amber if any test fails If no test fails, POST completes On POST completion, LEDs blink   Port LED Display Mode Description Port status (STAT LED on) Off: No link present Green: Link present, no activity Flashing green: Link present with traffic activity Alternating green and amber: Link fault. Error frames can affect connectivity. Excessive collisions and cyclic redundancy check (CRC), alignment, and jabber errors are monitored for a link-fault indication. Amber: Port not forwarding because management disabled the port, suspended because of an address viola...

Switch LED indicators   6.1.2  The front panel of a switch has several lights to help monitor system activity and performance. These lights are called light-emitting diodes (LEDs). This page will discuss the LEDs on the front of a switch: System LED Remote Power Supply (RPS) LED Port Mode LEDs Port Status LEDs The System LED shows whether the system is receiving power and functioning correctly. The RPS LED indicates whether or not the remote power supply is in use. The Mode LEDs indicate the state of the Mode button. The modes are used to determine how the Port Status LEDs are interpreted. To select or change the port mode, press the Mode button repeatedly until the Mode LEDs indicate the desired mode. Figure describes the Port Status LED colors as these are dependent on the value of the Mode LEDs. The next page will explain how LEDs are used to verify the functionality of a switch.

Physical startup of the Catalyst switch  6.1.1 The following are points to observe before starting the switch: Verify the cable and console connection. Attach the power cable plug to the switch power supply socket. Observe the boot sequence: LEDs on the switch chassis Cisco IOS software output text The following are points to observe during the initial startup of a Catalyst switch: System startup routines initiate the switch software Initial startup uses default configuration parameters Step Action 1 Before starting the switch, verify the following: All network cable connections are secure. The terminal is connected to the console point. A console terminal application, such as HyperTerminal, is selected. 2 Attach the power cable plug to the switch power supply socket. The switch should power up. Note that most switches do not have on...

Switch Configuration / Overview When teaching Module 6, explain how a Catalyst switch goes through its startup on powering up. When the startup is complete, the initial software settings may be configured. In this module students will have the opportunity to complete a series of hands-on labs that should help them feel comfortable with the command-line interface (CLI) configuration of switches. Comparisons can be made between the ways students have been programming routers and the way they will program switches. It is suggested that the case study be examined along with the work in this module, since the students will begin programming the switches. Relate what they are learning to the case study. CAUTION: This module contains many hands-on labs and instructors are encouraged to assist their students in completing as many of these labs as possible. Prepare the students to see different outputs based on the type of switch they are using. Some academies may be using the menu driv...

Summary Before moving on to Module 6, the students must be proficient in explaining the concepts of LAN switches and LAN design. Online assessment options include the end-of-module online quiz in the curriculum and the online Module 5 exam. From memory students should be able to complete the Matching LAN Design and Goals activity and the Point and Click Core Layer activity. An understanding of the following key points should have been achieved: The four major goals of LAN design Key considerations in LAN design The steps in systematic LAN design Design issues associated with Layers 1, 2, and 3 The three-layer design model The functions of each of layer of the three-layer model Cisco access layer switches and their features Cisco distribution layer switches and their features Cisco core layer switches and their features   This page summarizes the topics discussed in this module. LAN design depends on the requirements of indi...