Scribd
Upload
23K views

Basic Cisco Switch Configuration

The document provides steps for basic Cisco switch configuration including: 1. Connecting to the switch console and entering privileged mode. 2. Setting the hostname, enable secret password, and passwords for telnet and console access. 3. Assigning an IP address to the switch, default gateway, and restricting telnet access by IP. 4. Configuring VLANs, assigning ports to VLANs, and saving the configuration.

Uploaded by

Mohammed Hazzaa
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
23K views

Basic Cisco Switch Configuration

The document provides steps for basic Cisco switch configuration including: 1. Connecting to the switch console and entering privileged mode. 2. Setting the hostname, enable secret password, and passwords for telnet and console access. 3. Assigning an IP address to the switch, default gateway, and restricting telnet access by IP. 4. Configuring VLANs, assigning ports to VLANs, and saving the configuration.

Uploaded by

Mohammed Hazzaa
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Basic Cisco Switch Configuration

In my opinion, the Cisco switches are the best in the market. Versatile, reliable, flexible
and powerful, the Cisco switch product line (such as the 2960, 3560, 3650, 3850, 4500,
6500, 9400 series etc) offer unparalleled performance and features.

Although a Cisco switch is a much simpler network device compared with other devices
(such as routers and firewalls for example), many people have difficulties to configure a
Cisco Catalyst Switch.

Unlike other lower class switch vendors (which are plug-and-play), the Cisco switch
needs some initial basic configuration in order to enable management, security and
some other important features.

In this article I will describe the basic steps needed to configure and setup a Cisco
switch from scratch. I don’t like graphical GUI or web management at all, so I will show
you command line configuration (CLI) which is much more powerful and actually forces
the administrators to learn what they are doing on the device.

STEP1: Connect to the device via console

Use a terminal emulation software such as PuTTY and connect to the console of the
switch. You will get the initial command prompt “Switch>”

Type “enable” and hit enter. You will get into privileged EXEC mode (“Switch#”)

Now, get into Global Configuration Mode:


Switch# configure terminal
Switch(config)#

Note: The switch will not ask you for a password when entering into Privileged EXEC
mode (i.e after typing “enable”) if it has the default factory configuration. See Step 3
below about setting up a password for the Privileged EXEC mode. 

STEP2: Set up a hostname for the particular switch to distinguish it in the


network

Switch(config)# hostname access-switch1


access-switch1(config)#

STEP3: Configure an administration password (enable secret password)

access-switch1(config)# enable secret somestrongpass

The password above will be used to enter into Privileged EXEC mode as described in
Step 1 above. 

MORE READING:  VLAN access-map (VACL) Example Configuration on Cisco


Switch

STEP4: Configure a password for Telnet and Console access

It is a very good security practice to lock-down all access lines of a switch with a
password. Although it is much better to configure an external AAA server (for
centralized Authentication Authorization and Accounting), in this article we will just
configure a password on each access line (VTY lines for Telnet and Console line):

access-switch1(config)# line vty 0 15


access-switch1(config-line)# password strongtelnetpass
access-switch1(config-line)# login
access-switch1(config-line)# exit
access-switch1(config)#

access-switch1(config)# line console 0


access-switch1(config-line)# password strongconsolepass
access-switch1(config-line)# login
access-switch1(config-line)# exit
access-switch1(config)#

STEP5: Define which IP addresses are allowed to access the switch via Telnet
access-switch1(config)# ip access-list standard TELNET-ACCESS
access-switch1(config-std-nacl)# permit 10.1.1.100
access-switch1(config-std-nacl)# permit 10.1.1.101
access-switch1(config-std-nacl)# exit

!Apply the access list to Telnet VTY Lines


access-switch1(config)# line vty 0 15
access-switch1(config-line)# access-class TELNET-ACCESS in
access-switch1(config-line)# exit
access-switch1(config)#

STEP6: Assign IP address to the switch for management

!Management IP is assigned to Vlan 1 by default


access-switch1(config)# interface vlan 1
access-switch1(config-if)# ip address 10.1.1.200 255.255.255.0
access-switch1(config-if)# exit
access-switch1(config)#

STEP7: Assign default gateway to the switch

access-switch1(config)# ip default-gateway 10.1.1.254

STEP8: Disable unneeded ports on the switch

! This step is optional but enhances security


! Assume that we have a 48-port switch and we don’t need ports 25 to 48

access-switch1(config)# interface range fe 0/25-48


access-switch1(config-if-range)# shutdown
access-switch1(config-if-range)# exit
access-switch1(config)#

STEP9: Configure Layer2 VLANs and assign ports to the them

By default, all physical ports of the switch belong to the native VLAN1. One of the most
important functions of an Ethernet switch is to segment the network into multiple Layer2
VLANs (with each VLAN belonging to a different Layer3 subnet).

MORE READING:  Cisco Switch Commands Cheat Sheet (CLI)

In order to do the above Layer2 segmentation you need to create additional VLANs
from the default VLAN1 and then assign physical ports to these new vlans. Let’s create
two new vlans (VLAN2 and VLAN3) and assign two ports to each one.
! First create the Layer2 VLANs on the switch

access-switch1(config)# vlan 2
access-switch1(config-vlan)# name TEACHERS
access-switch1(config-vlan)# exit

access-switch1(config)# vlan 3
access-switch1(config-vlan)# name STUDENTS
access-switch1(config-vlan)# exit

! Now assign the physical ports to each VLAN. Ports 1-2 are assigned to VLAN2 and
ports 3-4 to VLAN3

access-switch1(config)# interface range fe 0/1-2


access-switch1(config-if-range)# switchport mode access
access-switch1(config-if-range)# switchport access vlan 2
access-switch1(config-if-range)# exit

access-switch1(config)# interface range fe 0/3-4


access-switch1(config-if-range)# switchport mode access
access-switch1(config-if-range)# switchport access vlan 3
access-switch1(config-if-range)# exit

STEP10: Save the configuration

access-switch1(config)# exit
access-switch1# wr

The above command to save the configuration can also be accomplished with  copy
run start

The above are some steps that can be followed for basic set-up of a Cisco switch. Of
course there are more things you can configure (such as SNMP servers, NTP,
AAA, Vlan trunking protocol, 802.1q Trunk ports, Layer 3 inter-vlan routing etc) but
those depend on the requirements of each particular network.

Some Useful “Show” Commands

After configuring the basic steps above, let’s see some useful commands to monitor
your configuration or troubleshoot possible problems:

access-switch1# show run  (Displays the current running configuration)


access-switch1# show interfaces  (Displays the configuration of all interfaces and the
status of each one)
access-switch1# show vlan  (Displays all vlan numbers, names, ports associated with
each vlan etc)
access-switch1# show interface status  (Displays status of interfaces, speed, duplex
etc)
access-switch1# show mac address-table  (Displays current MAC address table and
which MAC address is learned on each interface)

You might also like