Basic Switch Configuration

ADMINISTRATIVE CONFIGURATIONS

Even though the following sections aren’t critical to making a router or switch work on a
network, they’re still really important. I’m going to guide you through configuring specific
commands that are particularly helpful when administering your network. You can configure
the following administrative functions on a router and switch:
 Hostnames
 Banners
 Passwords
 Interface descriptions
Cisco switch, but understand that these commands are used in the exact same way on a Cisco.
Hostnames
We use the hostname command to set the identity of the router and switch. This is only locally
significant, meaning it doesn’t affect how the router or switch performs name lookups or how
the device actually works on the internetwork. But the hostname is still important in routes
because it’s often used for authentication in many wide area networks (WANs). Here’s an
example:
Switch#config t
Switch(config)#hostname TCFL
TCFL(config)#hostname TELONE
TELONE(config)#hostname COLLEGE
COLLEGE(config)#
Banners
A very good reason for having a banner is to give any and all who dare attempt to telnet or
sneak into your internetwork a little security notice. Here are the three types of banners you
need to be sure you’re familiar with:
 Exec process creation banner
 Login banner
 Message of the day banner
MOTD Banner: the “message of the day” banner is presented to everyone that connects to the
router. It is typically used to display a temporary notice that may change regularly, such as
system availability. To create a MOTD banner on a Cisco router, the following banner MOTD
command is used from the router’s global config mode:
Router(config)# banner motd
#Attention! We will be having scheduled system maintenance on this device.#
Router(config)#

Exec banner You can configure a line-activation (exec) banner to be displayed when EXEC
processes such as a line activation or an incoming connection to a VTY line have been created.
Simply initiating a user exec session through a console port will activate the exec banner.
R1(config)#banner exec #
Enter TEXT message. End with the character '#'.
You are connected to line $(line) at router $(hostname)#

Routing Concepts Tutorials

Compiled By Talent Mphande
Login banner You can configure a login banner for display on all connected terminals. It will
show up after the MOTD banner but before the login prompts. This login banner can’t be
disabled on a per-line basis, so to globally disable it you’ve got to delete it with the no banner
login command. We use Exec banner to display messages after the users, or network
administrators are authenticated to our Cisco IOS devices and before the user enters UserExec
Mode. Unlike MOTD, the Exec banner is designed to be more of a permanent message and
would not change frequently. To create an Exec banner on a Cisco router, the following Exec
banner command is used from the router’s global configuration mode:
R1(config)#banner login $ Authenticate yourself! $

How to set name on switch

Switch name can be set from global configuration mode. Use hostname [desired
hostname] command to set name on switch.

SETTING PASSWORDS
There are five passwords you’ll need to secure your Cisco routers: console, auxiliary,
telnet/SSH (VTY), enable password, and enable secret. The enable secret and enable password
are the ones used to set the password for securing privileged mode. Once the enable commands
are set, users will be prompted for a password. The other three are used to configure a password
when user mode is accessed through the console port, through the auxiliary port, or via Telnet.

How to set password on a Catalyst switch

Passwords are used to restrict physical access to switch. Cisco switch supports console line for
local login and VTYs for remote login. All supported lines need be secure for User Exec mode.
For example if you have secured VTYs line leaving console line unsecure, an intruder can take
advantage of this situation in connecting with device. Once you are connected with device, all
remaining authentication are same. No separate configuration is required for further modes.
Password can be set from their respective line mode. Enter in line mode from global
configuration mode.

Routing Concepts Tutorials

Compiled By Talent Mphande
VTY term stand for virtual terminal such as telnet or SSH. Switch may support up to thousand
VTYs lines. By default first five (0 - 4) lines are enabled. Switch supports both local and remote
server authentication. In local database authentication method switch allows us to set a separate
password for each user. Two global configuration commands are used to set local user
database.

Switch(config)#username [Username] password[test123]

Or
Switch(config)#username [Username] secret[test123]

Both commands do same job. Advantage of using secret option over password option is that
in secret option password is stored in MD5 encryption format while in password option
password is stored in plain text format.

Switch(config)# enable password Privilege_EXEC_password

or
Switch(config)# enable secret Privilege_EXEC_password

Enable Passwords
You set the enable passwords from global configuration mode like this:

Telnet Password
To set the user-mode password for Telnet access into the router or switch, use the line vty
command. IOS switches typically have 16 lines, but routers running the Enterprise edition have
considerably more.

Routing Concepts Tutorials

Compiled By Talent Mphande
After your IOS devices are configured with an IP address, you can use the Telnet program to
configure and check your routers instead of having to use a console cable. You can use the
Telnet program by typing telnet from any command prompt (DOS or Cisco).

Auxiliary Password
To configure the auxiliary password on a router, go into global configuration mode and type
line aux ?. And by the way, you won’t find these ports on a switch. This output shows that you
only get a choice of 0–0, which is because there’s only one port:

Tcfl#config t
Tcfl(config)#line aux 0
Tcfl(config-line)#login
Tcfl(config-line)#password aux
Tcfl(config-line)#login

How to reset switch to factory defaults

Following commands will erase all configurations. In production environment you should
always takes backup before removing configurations. In LAB environment we can skip backup
process.

Switch>enable
Switch#delete flash:vlan.dat
Delete filename [vlan.dat]? [Press Enter Key]
Delete flash:vlan.dat? [confirm] [ Reconfirm by pressing enter key]
Switch#erase startup-config
Switch#reload

How to set IP address in Switch

IP address is the address of device in network. Switch allows us to set IP address on interface
level. IP address assigned on interface is used to manage that particular interface. To manage
entire switch we have to assign IP address to VLAN1( Default VLAN of switch). We also have
to set default gateway IP address from global configuration mode. In following example we
would assign IP 172.16.10.2 255.255.255.0 to VLAN1 and set default gateway to 172.16.10.1.

Switch>enable
Switch#configure terminal
Switch(config)#interface vlan1
Switch(config-if)#ip address 172.16.10.2 255.255.255.0
Switch(config-if)#exit
Switch(config)#ip default-gateway 172.16.10.1

Routing Concepts Tutorials

Compiled By Talent Mphande
How to set interface description
Switches have several interfaces. Adding description to interface is a good habit. It may help
you in finding correct interface. In following example we would add description Development
VLAN to interface FastEthernet 0/1.

Switch(config)#interface fastethernet 0/1

Switch(config-if)#description Development VLAN

How to save running configuration in switch

Switch keeps all running configuration in RAM. All data from RAM is erased when we turned
off the device. To save running configuration use following command

show version
show version command provides general information about device including its model number,
type of interfaces, its software version, configuration settings, location of IOS and
configuration files and available memories.

show flash
Switch stores IOS image file in flash memory. show flash command will list the content of
flash memory. This command is useful to get information about IOS file and available memory
space in flash.

show running-config
Configuration parameter values are created, stored, updated and deleted from running
configuration. Running configuration is stored in RAM. We can use show running-config
command to view the running configuration.

Routing Concepts Tutorials

Compiled By Talent Mphande
show startup-config
Any configuration stored in RAM is erased when devices is turned off. We can save running
configuration in NVRAM. If we have saved running configuration in NVRAM, it would be
automatically loaded back in RAM from NVRAM during the next boot. As switch load this
configuration back in RAM in startup of device, at NVRAM it is known as startup-config.

show vlan
show vlan command will display the VLANs. For administrative purpose, switch automatically
create VLAN 1 and assign all its interfaces to it. You can create custom VLANs from global
configuration mode and then assign them to interfaces.

Routing Concepts Tutorials

Compiled By Talent Mphande
show interface
show interface command displays information about interfaces. Without argument it would list
all interfaces. To get information about specific interface we need to pass its interface number
as an argument. For example to view details about FastEthernet 0/1, use show interface
fastethernet 0/1. First line from output provides information about the status of interface.

FastEthernet0/18 is up, line protocol is up ( connected)

The first up indicates the status of the physical layer, and the second up indicates to the status
of the data link layer.Possible interface status
 up and up :- Interface is operational.
 up and down :- Its data link layer problem.
 down and down :- Its physical layer problem.
 Administratively down and down :- Interface is disabled with shutdown command.

Possible values for physical layer status

 Up :- Switch is sensing physical layer signal.
 Down :- Switch is not sensing physical layer signal. Possible reasons could be cable is
not connected, wrong cable type is used and remote end device is turned off.
 Administratively down :- Interface is disabled by using shutdown command.

Possible values for data link layer status

 Up :- The data link layer is operational.
 Down :- The data link layer is not operational. Possible reasons could be a disabled
physical layer, missed keep alives on a serial link, no clocking or an incorrect
encapsulation type.

show ip interface brief

show ip interface brief is a extremely useful command to get quick overview of all interfaces
on switch. It lists their status including IP address and protocol.

Routing Concepts Tutorials

Compiled By Talent Mphande
COMPLETE BASIC SWITCH SETUP EXAMPLE

Switch>enable
Switch# configure terminal
Switch(config)#
STEP2: Set up a hostname for the particular switch to distinguish it in the network
Switch(config)# hostname access-switch1
access-switch1(config)#
STEP3: Configure an administration password (enable secret password)
access-switch1(config)# enable secret somestrongpass
The password above will be used to enter into Privileged EXEC mode.
STEP4: Configure a password for Telnet and Console access
access-switch1(config)# line vty 0 15
access-switch1(config-line)# password strongtelnetpass
access-switch1(config-line)# login
access-switch1(config-line)# exit
access-switch1(config)#
access-switch1(config)# line console 0
access-switch1(config-line)# password strongconsolepass
access-switch1(config-line)# login
access-switch1(config-line)# exit
access-switch1(config)#
STEP5: Assign IP address to the switch for management
!Management IP is assigned to Vlan 1 by default
access-switch1(config)# interface vlan 1
access-switch1(config-if)# ip address 10.1.1.200 255.255.255.0
access-switch1(config-if)# exit
access-switch1(config)#
STEP6: Assign default gateway to the switch
access-switch1(config)# ip default-gateway 10.1.1.254
STEP7: Disable unneeded ports on the switch
! This step is optional but enhances security
! Assume that we have a 48-port switch and we don’t need ports 25 to 48
access-switch1(config)# interface range fe 0/25-48
access-switch1(config-if-range)# shutdown
access-switch1(config-if-range)# exit
access-switch1(config)#
STEP9: Save the configuration
access-switch1(config)# exit
access-switch1# wr
access-switch1# show run (Displays the current running configuration)
access-switch1# show interfaces (Displays the configuration of all interfaces and the status
of each one)
access-switch1# show vlan (Displays all vlan numbers, names, ports associated with each
vlan etc)
access-switch1# show interface status (Displays status of interfaces, speed, duplex etc)
access-switch1# show mac address-table (Displays current MAC address table and which
MAC address is learned on each interface.

Routing Concepts Tutorials

Compiled By Talent Mphande