Professional Documents
Culture Documents
1900 Using CLI
1900 Using CLI
1900 Using CLI
Objective
• Investigate the default configuration of a 1900 series switch.
• Configure a switch with a name and an IP address.
• Configure passwords to ensure that access to the CLI is secured.
• Save the active configuration.
PC1
Background / Preparation
Cable a network similar to the one in the diagram. We will use this diagram for following labs.
Start a HyperTerminal session.
> enable
#
b. Notice the prompt changed in the configuration to reflect privileged exec mode.
Step 3 Examine the current switch configuration
a. Examine the following current running configuration file.
# show running-config
b. How many Ethernet or Fast Ethernet interfaces does the switch have? ___________________
c. What is the range of values shown for the VTY lines? _______________________________
d. Issue the following to show the current IP address of the switch.
# show ip
# show version
b. What is the IOS version that the switch is running? _________________________________
c. What is the system image file name? ___________________________________________
d. What is the base MAC address of this switch? _____________________________________
e. Is the switch running enterprise edition software? __________________________________
# show vlan
b. What is the name of VLAN 1? ________________________________________________
c. Which ports are in this VLAN? ________________________________________________
d. Is VLAN 1 active? _________________________________________________________
e. What type of VLAN is the default VLAN? _________________________________________
Step 7 Assign a name to the switch
a. Enter enable and then the configuration mode. The configuration mode allows the management
of the switch. Enter AL Switch, the name this switch will be referred to in the following
# configure terminal
Enter the configuration commands, one for each line. End by pressing Ctrl + Z.
(config)# hostname 1900
1900# show ip
Objective
• Manage the switch MAC table.
• Create a static address entry in the switch MAC table a test it.
• Remove the created static MAC address entry.
Step 3 Determine the MAC addresses that the switch has learned
a. To determine the what MAC addresses the switch has learned use the show mac-address-table
command as follows at the privileged exec mode prompt:
Objective
• Configure port security on individual ports.
• Configure port for rapid Spanning Tree operation.
Securing network is an important responsibility for a network administrator. Access layer switchports are
accessible through the structured cabling at wall outlets in offices and rooms. Anyone can plug in a PC or
laptop into one of these outlets. This is a potential entry point to the network by unauthorized users.
Switches provide a feature called port security. It is possible to limit the number of addresses that can be
learned on an interface. The switch can be configured to take an action if this is exceeded. Secure MAC
addresses can be set statically. However, securing MAC addresses statically can be a complex task and
prone to error.
An alternative approach is to set port security on a switch interface. The number of MAC address per port
can be limited to 1. The first address dynamically learned by the switch becomes the secure address.
When a switch port comes up it normally goes thru the normal 802.1d Spanning Tree states of Blocking,
Listening, Learning, and then Forwarding. This process can take up to 45 seconds to occur. When Port
fast mode (rapid spanning tree) is enabled, the Spanning Tree Protocol (STP) can transition the port's
state from Blocking to Forwarding without going through the intermediate states of Listening and Learning.
However, Port Fast mode should only be enabled on ports connecting single end stations. When
connecting to another switches, do not enable Port Fast mode on these ports, since you will start loosing
BPDUs and get your network into loops. You cannot enable Port Fast mode on trunked connections.
Before continuing with other labs, remove port security from configuration.
Lab 4: Password Recovery Procedure on a Catalyst 1900 Series Switches
Objective
• Gain access to the switch if password is lost
1.) Power-cycle the switch. After POST completes, the following prompt displays:
Objective
• Create two VLANs, name them and assign member ports to them.
• Delete VLAN information
Background / Preparation
When managing a switch, the Management Domain is always VLAN 1. The Network
Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All
ports are assigned to VLAN 1 by default.
a. Ping from the host in port 0/1 to the host in port 0/3.
b. Was the ping successful? ______________________
c. Ping from the host in port 0/1 to the host in port 0/4.
d. Was the ping successful? ______________________
e. Why? ______________________________________
1900# conf t
1900(config)# interface Ethernet 0/2
1900(config-if)# no vlan static 2
1900(config-if)# end
1900# conf t
1900# no vlan 2
1900(config)#exit
Step 12 Display the VLAN Interface Information
Switch_A# conf t
Switch_A(config)# no vlan 1
Switch_A(config)# no vlan 1
^
% Invalid input detected at '^' marker.
Switch_A(config)#exit
Objective
Background / Preparation
Trunking changes the formatting of the packets. The ports need to be in agreement as to which format is
being used to transmit data on the trunk or no data will be passed. If there is different trunking
encapsulation on the two ends of the link they will not able to communicate. A similar situations will occur
if one of the ports is configured in trunking mode, unconditionally, and the other one as in access mode,
unconditionally.
On all Catalyst 1900 series switches use following commands to configure trunk connection: (here
is the sample from configuring just two of them)
a. To verify that port fastethernet 0/26 has been established as a trunk port, type:
Using ping, verify that hosts on the same VLAN can communicate between each other. Can they
also talk to hosts on different VLANs?
b. For routers that do support Inter-VLAN routing, dividing physical interface into logical subinterfaces is
the way. While using just one physical interface, you will create one subinterface per each VLAN to be
connected to the router. Remember, as long as at least one of your subinterfaces are connected to
default, management VLAN, you can connect to switch remotely through telnet:
2600(config)# interface ethernet 0/0
2600(config-if)# no shutdown
2600(config-if)# duplex full ! Set this also on the switch port F0/10
2600(config-if)# interface ethernet 0/0.1
2600(config-subif)# encapsulation dot1q 1
2600(config-subif)# ip address <VLAN IP subnet> <subnet mask>
2600(config-subif)# interface ethernet 0/0.2
2600(config-subif)# encapsulation dot1q 2
2600(config-subif)# ip address <VLAN IP subnet> <subnet mask>
2600(config-subif)# interface ethernet 0/0.3
2600(config-subif)# encapsulation dot1q 3
2600(config-subif)# ip address <VLAN IP subnet> <subnet mask>
2600(config-subif)# end