Scribd Logo
Upload

Welcome to Scribd!

  • CH 09

    Uploaded by

    Abebe Tesfaye
    11 views24 pages
    This document chapter discusses configuring switch interfaces in Cisco devices. It covers configuring interface speed, duplex settings, descriptions, status, and multiple interfaces using the range command. It also discusses controlling interface state with shutdown, removing configurations with no, and autonegotiation settings. The chapter describes port security configuration and verification commands for defining allowed MAC addresses on an interface.

    Original Description:

    CCNA study material

    Original Title

    Ch09

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document chapter discusses configuring switch interfaces in Cisco devices. It covers configuring interface speed, duplex settings, descriptions, status, and multiple interfaces using the range command. It also discusses controlling interface state with shutdown, removing configurations with no, and autonegotiation settings. The chapter describes port security configuration and verification commands for defining allowed MAC addresses on an interface.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    11 views24 pages

    CH 09

    Uploaded by

    Abebe Tesfaye
    This document chapter discusses configuring switch interfaces in Cisco devices. It covers configuring interface speed, duplex settings, descriptions, status, and multiple interfaces using the range command. It also discusses controlling interface state with shutdown, removing configurations with no, and autonegotiation settings. The chapter describes port security configuration and verification commands for defining allowed MAC addresses on an interface.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 24

    Interconnecting Cisco Networking

    Devices Part 1
    ICND1 100-105

    Instructor
    Paul A. Parker

    1
    Chapter 9

    Configuring Switch Interfaces

    2
    Chapter 9
    Configuring Switch Interfaces
    v Configuring Speed, Duplex, and Description

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 3


    Chapter 9
    Configuring Switch Interfaces
    v Displaying Interface Status

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 4


    Chapter 9
    Configuring Switch Interfaces
    v Configuring Multiple Interfaces with the range Command
    ▼ The interface range FastEthernet 0/11 - 20 command tells
    IOS that the next subcommand(s) apply to interfaces Fa0/11
    through Fa0/20. You can define a range as long as all interfaces
    are the same type and are numbered consecutively.
    ▼ IOS does not actually put the interface range command into the
    configuration. Instead, it acts as if you had typed the
    subcommand under every single interface in the specified range.
    v Controlling Interface State with shutdown
    ▼ The shutdown command (to disable), and the no shutdown
    command (to enable).
    ▼ You may use the abbreviations shut and no shut.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 5


    Chapter 9
    Configuring Switch Interfaces
    v Removing Configuration with the no Command
    ▼ With some IOS configuration commands (but not all), you can
    revert to the default setting by issuing a no version of the
    command.
    ➘  If you earlier had configured speed 100 on an interface, the no
    speed command on that same interface reverts to the default speed
    setting (which happens to be speed auto).
    ➘  Same idea with the duplex command: an earlier configuration of
    duplex half or duplex full, followed by no duplex on the same
    interface, reverts the configuration back to the default of duplex
    auto.
    ➘  If you had configured a description command with some text, to
    go back to the default state of having no description command at all
    for that interface, use the no description command.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 6


    Chapter 9
    Autonegotiation
    v Autonegotiation
    ▼ For any 10/100 or 10/100/1000 interfaces—that is, interfaces
    that can run at different speeds—Cisco Catalyst switches default
    to a setting of duplex auto and speed auto. As a result, those
    interfaces attempt to automatically determine the speed and
    duplex setting to use. Alternatively, you can configure most
    devices, switch interfaces included, to use a specific speed and/or
    duplex.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 7


    Chapter 9
    Autonegotiation
    v Autonegotiation Under Working Conditions
    ▼ PC1: The switch port claims it can go as fast as 1000 Mbps, but
    PC1’s NIC claims a top speed of 10 Mbps. Both the PC and
    switch choose the best speed both support (10 Mbps) and the
    best duplex (full).
    ▼ PC2: PC2 claims a best speed of 100 Mbps, which means it can
    use 10BASE-T or 100BASE-T. The switch port and NIC negotiate
    to use the best speed of 100 Mbps
    and full duplex.
    ▼ PC3: It uses a 10/100/1000 NIC,
    supporting all three speeds and
    standards, so both the NIC and
    switch port choose 1000 Mbps
    and full duplex.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 8


    Chapter 9
    Autonegotiation
    v Autonegotiation Results When Only One Node Uses It
    ▼ IEEE autonegotiation defines some rules (defaults) that nodes
    should use as defaults when autonegotiation fails—that is, when
    a node tries to use autonegotiation but hears nothing from the
    device. The rules:
    ▼ Speed: Use your slowest supported speed (often 10 Mbps).
    ▼ Duplex: If your speed = 10 or 100,
    use half duplex; otherwise, use full
    duplex.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 9


    Chapter 9
    Autonegotiation
    v Autonegotiation Results When Only One Node Uses It
    ▼ Cisco switches can make a better choice than that base IEEE
    logic, because Cisco switches can actually sense the speed used
    by other nodes, even without IEEE autonegotiation. As a result,
    Cisco switches use this slightly different logic to choose the speed
    when autonegotiation fails:
    ▼ Speed: Sense the speed (without using autonegotiation), but if
    that fails, use the IEEE default (slowest supported speed, often
    10 Mbps).
    ▼ Duplex: Use the IEEE defaults: If speed = 10 or 100, use half
    duplex; otherwise, use full duplex.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 10


    Chapter 9
    Autonegotiation
    v Autonegotiation and LAN Hubs
    ▼ LAN hubs also impact how autonegotiation works. Basically, hubs
    do not react to autonegotiation messages, and they do not
    forward the messages. As a result, devices connected to a hub
    must use the IEEE rules for choosing default settings, which
    often results in the devices using 10 Mbps and half duplex.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 11


    Chapter 9
    Port Security
    v Port Security
    ▼ The following list summarizes these ideas common to all
    variations of port security:
    ➘  Define a maximum number of source MAC addresses allowed for all
    frames coming in the interface.
    ➘  Watch all incoming frames, and keep a list of all source MAC
    addresses, plus a counter of the number of different source MAC
    addresses.
    ➘  When adding a new source MAC address to the list, if the number of
    MAC addresses pushes past the configured maximum, a port security
    violation has occurred. The switch takes action (the default action is
    to shut down the interface).

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 12


    Chapter 9
    Port Security
    v Configuring Port Security
    ▼ Step 1. Make the switch interface either a static access or trunk
    interface using the switchport mode access or the
    switchport mode trunk interface subcommands, respectively.
    ▼ Step 2. Enable port security using the switchport port-
    security interface subcommand.
    ▼ Step 3. (Optional) Override the default maximum number of
    allowed MAC addresses associated with the interface (1) by using
    the switchport port-security maximum number interface
    subcommand.
    ▼ Step 4. (Optional) Override the default action to take upon a
    security violation (shutdown) using the switchport port-
    security violation {protect | restrict | shutdown} interface
    subcommand.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 13


    Chapter 9
    Port Security
    v Configuring Port Security
    ▼ Step 5. (Optional) Predefine any allowed source MAC addresses
    for this interface using the switchport port-security mac-
    address mac-address command. Use the command multiple
    times to define more than one MAC address.
    ▼ Step 6. (Optional) Tell the switch to “sticky learn” dynamically
    learned MAC addresses with the switchport port-security
    mac-address sticky interface subcommand.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 14


    Chapter 9
    Port Security
    v Verifying Port Security
    ▼ The show port-security interface command lists the
    configuration settings for port security on an interface.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 15


    Chapter 9
    Port Security
    v Port Security Violation Actions
    ▼ The switchport port-security violation { protect | restrict
    | shutdown } defines the action taken when a violation on the
    port occurs.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 16


    Chapter 9
    Port Security
    v Port Security MAC Addresses as Static and Secure but not
    Dynamic
    ▼ Once a switch port has been configured with port security, the
    switch no longer considers MAC addresses associated with that
    port as being dynamic entries as listed with the show mac
    address-table dynamic EXEC command. Even if the MAC
    addresses are dynamically learned, once port security has been
    enabled, you need to use one of these options to see the MAC
    table entries associated with ports using port security:
    ▼ show mac address-table secure: Lists MAC addresses
    associated with ports that use port security
    ▼ show mac address-table static: Lists MAC addresses
    associated with ports that use port security, as well as any other
    statically defined MAC addresses

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 17


    Chapter 9
    Exam Preparation Tasks

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 18


    Chapter 9
    Command References
    v Switch Interface Configuration

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 19


    Chapter 9
    Command References
    v Switch Interface Configuration

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 20


    Chapter 9
    Command References
    v Port Security Configuration

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 21


    Chapter 9
    Command References
    v EXEC Command Reference

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 22


    Chapter 9
    Command References
    v EXEC Command Reference

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 23


    Questions?

    24

    You might also like