Switching Concepts and Configuration ~ LONETHOUGHT'S

Basic Switch Configuration (2.1)

Switches are one of the most numerous devices installed onto the corporate network infrastructure. Configuring them can be fun and challenging. Knowing how switches normally boot and load an operating system is also important.

Switch Boot Sequence (2.1.1.1)

After a Cisco switch is powered on, it goes through the following boot sequence:

Step 1. First, the switch loads a power-on self-test (POST) program stored in ROM. POST checks the CPU subsystem. It tests the CPU, DRAM, and the portion of the flash device that makes up the flash file system.
Step 2. Next, the switch loads the boot loader software. The boot loader is a small program stored in ROM and is run immediately after POST successfully completes.
Step 3. The boot loader performs low-level CPU initialization. It initializes the CPU registers that control where physical memory is mapped, the quantity of memory, and memory speed.
Step 4. The boot loader initializes the flash file system on the system board.
Step 5. Finally, the boot loader locates and loads a default IOS operating system software image into memory and hands control of the switch over to the IOS.
The boot loader finds the Cisco IOS image on the switch using the following process: The switch attempts to automatically boot by using information in the BOOT environment variable. If this variable is not set, the switch attempts to load and execute the first executable file it can by performing a recursive, depth-first search throughout the flash file system. In a depth-first search of a directory, each encountered subdirectory is completely searched before continuing the search in the original directory. On Catalyst 2960 Series switches, the image file is normally contained in a directory that has the same name as the image file (excluding the .bin file extension).
The IOS operating system then initializes the interfaces using the Cisco IOS commands found in the configuration file, startup configuration, which is stored in NVRAM.
In Figure 2-1, the BOOT environment variable is set using the boot system global configuration mode command. Use the show bootvar command (show boot in older IOS versions) to see the current IOS boot file version.

Figure 2-1 Configure BOOT Environment Variable

Recovering from a System Crash (2.1.1.2)

The boot loader provides access into the switch if the operating system cannot be used because of missing or damaged system files. The boot loader has a command line that provides access to files stored in flash memory.
The boot loader can be accessed through a console connection using these steps:

Step 1. Connect a console cable from the PC to the switch console port. Configure terminal emulation software to connect to the switch.
Step 2. Unplug the switch power cord.
Step 3. Reconnect the power cord to the switch and within 15 seconds press and hold down the Mode button while the System LED is still flashing green.
Step 4. Continue pressing the Mode button until the System LED turns briefly amber and then solid green; then release the Mode button.
Step 5. The boot loader switch: prompt appears in the terminal emulation software on the PC.
The boot loader command line supports commands to format the flash file system, reinstall the operating system software, and recover from a lost or forgotten password. For example, the dir command can be used to view a list of files within a specified directory as shown in Figure 2-2.

Figure 2-2 Directory Listing in Boot Loader

Switch LED Indicators (2.1.1.3)

Cisco Catalyst switches have several status LED indicator lights. You can use the switch LEDs to quickly monitor switch activity and its performance. Switches of different models and feature sets will have different LEDs, and their placement on the front panel of the switch may also vary.
Figure 2-3 shows the switch LEDs and the Mode button for a Cisco Catalyst 2960 switch. The Mode button is used to toggle through port status, port duplex, port speed, and PoE (if supported) status of the port LEDs.

Figure 2-3 Cisco 2960 Switch LEDs

Table 2-1 contains the purpose of the Cisco 2960 switch LED indicators, and the meaning of their colors.

Table 2-1 Purpose of Cisco Switch LEDs

System LED	Shows whether the system is receiving power and is functioning properly. If the LED is off, it means the system is not powered. If the LED is green, the system is operating normally. If the LED is amber, the system is receiving power but is not functioning properly.
Redundant Power System (RPS) LED	Shows the RPS status. If the LED is off, the RPS is off or not properly connected. If the LED is green, the RPS is connected and ready to provide backup power. If the LED is blinking green, the RPS is connected but is unavailable because it is providing power to another device. If the LED is amber, the RPS is in standby mode or in a fault condition. If the LED is blinking amber, the internal power supply in the switch has failed, and the RPS is providing power.
Port Status LED	Indicates that the port status mode is selected when the LED is green.This is the default mode. When selected, the port LEDs will display colors with different meanings. If the LED is off, there is no link, or the port was administratively shut down. If the LED is green, a link is present. If the LED is blinking green, there is activity and the port is sending or receiving data. If the LED is alternating green-amber, there is a link fault. If the LED is amber, the port is blocked to ensure a loop does not exist in the forwarding domain and is not forwarding data (typically, ports will remain in this state for the first 30 seconds after being activated). If the LED is blinking amber, the port is blocked to prevent a possible loop in the forwarding domain.
Port Duplex LED	Indicates the port duplex mode is selected when the LED is green. When selected, port LEDs that are off are in half-duplex mode. If the port LED is green, the port is in full-duplex mode.
Port Speed LED	Indicates the port speed mode is selected. When selected, the port LEDs will display colors with different meanings. If the LED is off, the port is operating at 10 Mb/s. If the LED is green, the port is operating at 100 Mb/s. If the LED is blinking green, the port is operating at 1000 Mb/s.
Power over Ethernet (PoE) Mode LED	If PoE is supported, a PoE mode LED will be present. If the LED is off, it indicates the PoE mode is not selected and none of the ports have been denied power or placed in a fault condition. If the LED is blinking amber, the PoE mode is not selected but at least one of the ports has been denied power, or has a PoE fault. If the LED is green, it indicates the PoE mode is selected and the port LEDs will display colors with different meanings. If the port LED is off, PoE is off. If the port LED is green, PoE is being provided to a device. If the port LED is alternating green-amber, PoE is denied because providing power to the powered device will exceed the switch power capacity. If the LED is blinking amber, PoE is off due to a fault. If the LED is amber, PoE for the port has been disabled .

Preparing for Basic Switch Management (2.1.1.4)

To prepare a switch for remote management access, the switch must be configured with an IP address and a subnet mask. Keep in mind that to manage the switch from a remote network, the switch must be configured with a default gateway. This is very similar to configuring the IP address information on host devices. In Figure 2-4, the switch virtual interface (SVI) on S1 should be assigned an IP address. The SVI is a virtual interface, not a physical port on the switch.

Figure 2-4 Preparing for Remote Switch Management

SVI is a concept related to VLANs. VLANs are numbered logical groups to which physical ports can be assigned. Configurations and settings applied to a VLAN are also applied to all the ports assigned to that VLAN.
By default, the switch is configured to have the management of the switch controlled through VLAN 1. All ports are assigned to VLAN 1 by default. For security purposes, it is considered a best practice to use a VLAN other than VLAN 1 for the management VLAN. Furthermore, it is also a best practice to use a VLAN that is not used by end devices such as users and printers.

Configuring Basic Switch Management Access with IPv4 (2.1.1.5)

Step 1. Configure the Management Interface.

An IP address and subnet mask is configured on the management SVI of the switch from VLAN interface configuration mode. As shown in Table 2-2, the interface vlan 99 command is used to enter interface configuration mode. The ip address command is used to configure the IP address. The no shutdown command enables the interface.

Table 2-2 Configure the Switch Management Interface

Enter global configuration mode.	`S1# configure terminal`
Enter interface configuration mode for the SVI.	`S1(config)# interface vlan 99`
Configure the management interface IP address.	`S1(config-if)# ip address 172.17.99.11 255.255.0.0`
Enable the management interface.	`S1(config-if)# no shutdown`
Return to privileged EXEC mode.	`S1(config-if)# end`
Save the running config to the startupconfig.	`S1# copy running-config startup-config`

In this example, VLAN 99 is configured with the IP address and mask of 172.17.99.11. To create a VLAN with the vlan_id of 99 and associate it to an interface, use the following commands:

S1(config)# vlan vlan_id
S1(config-vlan)# name vlan_name
S1(config)# end
S1(config)# config terminal
S1(config)# interface interface_id
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan vlan_id

Step 2. Configure the Default Gateway.

The switch should be configured with a default gateway if the switch will be managed remotely from networks not directly connected. The default gateway is the first Layer 3 device (such as a router) on the same management VLAN network to which the switch connects. The switch will forward IP packets with destination IP addresses outside the local network to the default gateway. As shown in Table 2-3 and Figure 2-5, R1 is the default gateway for S1. The interface on R1 connected to the switch has IP address 172.17.99.1. This address is the default gateway address for S1.

Table 2-3 Commands to Configure a Switch Default Gateway

Enter global configuration mode.	`S1# configure terminal`
Configure the switch default gateway.	`S1(config)# ip default-gateway 172.17.99.1`
Return to privileged EXEC mode.	`S1(config)# end`
Save the running config to the startup config.	`S1# copy running-config startup-config`

Figure 2-5 Configuring the Switch Default Gateway

To configure the default gateway for the switch, use the ip default-gateway command. Enter the IP address of the default gateway. The default gateway is the IP address of the router interface to which the switch connects. Use the following command to backup the configuration: copy running-config startup-config.

Step 3. Verify the Configuration.

As shown in Figure 2-6, the show ip interface brief command is useful when determining the status of both physical and virtual interfaces. The output shown in Figure 2-6 confirms that interface VLAN 99 has been configured with an IP address and a subnet mask, and that FastEthernet port Fa0/18 has been assigned to the VLAN 99 management interface. Both interfaces are now “up/up” and operational.

Figure 2-6 Verifying the Switch Management Interface Configuration

5. Configure Switch Ports (2.1.2) | Next Section
Previous Section

LONETHOUGHT'S

lonethouts.blogspot.com

Monday, January 2, 2017