Basic Configuration of Cisco Switch

Basic Configuration of Cisco Switch

This article will provide you the Basic Configuration of Cisco Switch (step-by-step) that are required to maintain a secure and available switched LAN environment are analyzed .
The switches are used to connect several devices on the same network . In a properly designed network, LAN switches are responsible for controlling the flow of data in the access layer and directing it to networked resources.
Cisco switches are automatic configuration and do not need any additional configuration to start working. However, Cisco switches run Cisco IOS and can be manually configured to best meet the needs of the network. This includes adjusting the requirements for speed, bandwidth and port security.
In addition, Cisco switches can be managed locally and remotely. To manage a switch remotely, it must be configured with an IP address and a default gateway . Cisco Router IOS backup
In this article following Topic will be covered:

Setting initial parameters of a switch

Basic administration of a switch

Port configuration of a switch

Verifying the switch configuration of ports

Network access layer problems

Troubleshooting the network access layer

SETTING INITIAL PARAMETERS OF A SWITCH

START SEQUENCE OF A SWITCH

Once the Cisco switch is turned on, it performs the following boot sequence:

1. First, the switch loads a power-on self-test program (POST) stored in ROM. The POST verifies the CPU subsystem. This checks the CPU, DRAM memory and the part of the flash device that integrates the flash file system.
2. Next, the switch loads the bootloader software. The bootloader is a small program stored in the ROM that runs immediately after the POST completes successfully.
3. The bootloader performs initialization of the low level CPU. Initializes the CPU records, which control where the physical memory is allocated, the amount of memory and its speed.
4. The boot loader starts the flash file system on the system board.
5. Finally, the boot loader locates and loads an IOS operating system software image into memory and delegates control of the switch to IOS.

The boot loader searches for the Cisco IOS image on the switch as follows: the switch attempts to boot automatically using the information from the BOOT environment variable. If this variable is not set, the switch attempts to load and run the first executable file that it can by recursive and in-depth search across the entire flash file system. When an in-depth search of a directory is performed, each subdirectory that is found before continuing the search in the original directory is completely analyzed. On the Catalyst 2960 series switches, the image file is usually located in a directory that has the same name as the image file (except the .bin file extension). Learn About Cisco Router Boot Process

Then, the IOS operating system starts the interfaces using the Cisco IOS commands found in the boot configuration file, which is stored in NVRAM.

CONFIGURE BOOT VARIABLE

The BOOT environment variable is set with the boot system command of the global configuration mode. Note that the IOS is located in a different folder and that the path of the folder is specified. Use the show boot command to see the current configuration of the IOS boot file.

S1 (config) # boot system  flash: /c2960-lanbasek9-mz.150-2.SE/ c2960-lanbasek9-mz.150-2.SE.bin

• Green : Command
• Pink: Storage Device
• Orange : Path to the location in the file system
• Violet: IOS file name

RECOVERY AFTER A SYSTEM CRASH

The boot loader provides access to the switch if the operating system cannot be used due to lack of system files or damage to them. The boot loader has a command line that provides access to files stored in flash memory.
The boot loader can be accessed through a console connection with the following steps:

• Step 1 : Connect a computer to the console port of the switch with a console cable. Configure the terminal emulation software to connect to the switch.
• Step 2 : Disconnect the power cable from the switch.
• Step 3 : Reconnect the power cable to the switch, wait 15 seconds, and then press and hold the Mode button   while the system LED continues to flash green.
• Step 4 : Continue to press the Mode  button  until the system LED turns amber for a brief moment and then green, then release the Mode button  .
• Step 5 : The switch input request appears  :  from the bootloader in the terminal emulation software on the computer.

The boot loader command line supports commands to format the flash file system, reinstall the operating system software and recover a lost or forgotten password. For example, the dir  command  can be used to view a list of files within a specific directory, as shown in the figure.

Switch # dir flash:
Directory of flash: /

2 -rwx 11607161 Mar 1 2013 03:10:47 +00: 00 c2960-
lanbasek9-mz.150-2.SE.bin
 3 -rwx 1809 Mar 1 2013 00:02:48 +00: 00 config.text
 5 -rwx 1919 Mar 1 2013 00:02:48 +00: 00 private-
config.text
 6 -rwx 59416 Mar 1 2013 00:02:49 +00: 00 multiple-fs

32514048 bytes total (20841472 bytes free)
Switch # Note : Note that, in this example, the IOS is located at the root of the flash memory folder.

LED INDICATORS OF THE SWITCHES

Cisco Catalyst switches have several LED status lights. You can use the switch LEDs to quickly control the activity and performance of the switch. The different models and feature sets of the switches have different LEDs, and the location of these on the switch's front panel may also vary.

In Image, the LEDs and the Mode button of a Cisco Catalyst 2960 switch are shown. The Mode button is used to toggle between port status, port duplex mode, port speed, and Ethernet power status (PoE [if supported]) of the port LEDs. The following describes the purpose of the LED indicators and the meaning of the colors:

MEANING OF LED COLORS

• System LED:  shows if the system receives power and is functioning properly. If the LED is off, it means the system is not on. If the LED is green, the system works normally. If the LED is amber, the system receives power but does not work properly.
• Redundant Power System (RPS) LED:  Shows the status of the RPS. If the LED is off, the RPS is off or not connected correctly. If the LED is green, the RPS is connected and ready to provide backup power. If the LED flashes and is green, the RPS is connected but not available because it is providing power to another device. If the LED is amber, the RPS is in reserve mode or has a fault. If the LED flashes and is amber, the switch's internal power supply has a fault, and the RPS is providing power.
• Port Status LED: when the LED is green, it indicates that the port status mode was selected. This is the default mode. When selected, the port LED indicators show colors with different meanings. If the LED is off, there is no link, or the port was administratively inactive. If the LED is green, there is a link present. If the LED flashes and is green, there is activity, and the port is sending or receiving data. If the LED alternates between green and amber, there is a link failure. If the LED is amber, the port is blocked to ensure that there is no loop in the forwarding domain and does not forward data (normally, the ports remain in this state for the first 30 seconds after activation). If the LED flashes and is amber,
• Port duplex mode LED:  when the LED is green, it indicates that the port duplex mode was selected. When selected, the port LEDs that are off are in half-duplex mode. If the port LED is green, the port is in full duplex mode.
• Port speed LED:  Indicates that the port speed mode was selected. When selected, the port LED indicators show colors with different meanings. If the LED is off, the port operates at 10 Mb / s. If the LED is green, the port operates at 100 Mb / s. If the LED flashes and is green, the port operates at 1000 Mb / s.
• Ethernet power mode LED: If Ethernet power is supported, there is a PoE mode LED. If the LED is off, it indicates that the Ethernet power mode was not selected, that none of the ports were denied power supply and none failed. If the LED flashes and is amber, the Ethernet power mode was not selected, but at least one of the ports was denied power supply or one of them has an Ethernet power failure. If the LED is green, it indicates that the Ethernet power mode was selected, and the LEDs on the port show colors with different meanings. If the port LED is off, Ethernet power is off. If the port LED is green, Ethernet power is activated. If the LED on the port alternates between green and amber, the Ethernet power is denied, since, if power is supplied to the powered device, the power supply of the switch is exceeded. If the LED flashes and is amber, the Ethernet power is disabled due to a fault. If the LED is amber, Ethernet power is disabled for the port.

BASIC ADMINISTRATION OF A SWITCH

For access to remote management of a switch, it must be configured with an IP address and a subnet mask . Remember that to manage a switch from a remote network, it must be configured with a default gateway . This is a process very similar to the configuration of IP address information on host devices. In Image 2, an IP address must be assigned to the virtual switch interface (SVI) of S1. The SVI is a virtual interface, not a physical switch port.

SVI is a concept related to VLANs. VLANs are numbered logical groups to which physical ports can be assigned. The configuration parameters applied to a VLAN also apply to all ports assigned to that VLAN.
By default, the switch is configured so that control of the switch management is performed using VLAN 1 . All ports are assigned to VLAN 1 by default. For security reasons, it is recommended to use an administration VLAN other than VLAN 1.

STEPS TO CONFIGURE ACCESS TO BASIC ADMINISTRATION OF A SWITCH WITH IPV4

• STEP 1: ADMINISTRATION INTERFACE CONFIGURATION

An IPv4 address and a subnet mask are configured in the switch management SVI from the VLAN interface configuration mode. As shown in Figure 1, the vlan 99 interface  command  is used to enter the interface configuration mode. To configure the IPv4 address, the ip address command is used  . The no shutdown  command  enables the interface. In this example, VLAN 99 was configured with IPv4 address 172.17.99.11.

Description	Command
Enter global configuration mode.	S1 # configure terminal
Enter the interface configuration mode for the SVI.	S1 (config) # interface vlan 99
Configure the IP address of the administration interface.	S1 (config-if) # ip address 172.17.99.11 255.255.255.0
Enable the administration interface.	S1 (config-if) # no shutdown
Return to privileged EXEC mode.	S1 (config-if) # end
Save the running configuration in the startup configuration.	S1 # copy running-config startup-config
Table Configuration of the administration interface of a switch.

Save the running configuration in the startup configuration. S1 # copy running-config startup-config
The SVI for VLAN 99 is not shown as “up / up” until VLAN 99 is created and a device is connected to a switch port associated with VLAN 99. To create a VLAN with vlan_id 99 and associate it with a interface, use the following commands:

S1 (config) # vlan vlan_id
S1 (config-vlan) # name vlan_name
S1 (config-vlan) # exit
S1 (config) # interface interface_id
S1 (config-if) # switchport access vlan vlan_id

• STEP 2: DEFAULT GATEWAY CONFIGURATION

If the switch is to be managed remotely from networks that are not directly connected, it must be configured with a default gateway. The default gateway is the router to which the switch is connected. The switch forwards IP packets with destination IP addresses outside the local network to the default gateway. As shown in Figure 2, R1 is the default gateway for S1. The interface on R1 connected to the switch has the IPv4 address 172.17.99.1. This is the default gateway address for S1.

Description	Command
Enter global configuration mode.	S1 # configure terminal
Configure the default gateway for the switch.	S1 (config) # ip default-gateway 172.17.99.1
Return to privileged EXEC mode.	S1 (config-if) # end
Save the running configuration in the startup configuration.	S1 # copy running-config startup-config
Default gateway configuration table of a switch

• STEP 3: VERIFY THE CONFIGURATION

As shown below, the show ip interface brief command is useful for determining the status of virtual and physical interfaces. The result shown confirms that VLAN 99 has been configured with an IPv4 address and a subnet mask.

S1 # show ip interface brief

PORT CONFIGURATION OF A SWITCH

Switch ports can be manually configured with specific duplex and speed parameters. Use the duplex  command  of the interface configuration mode to manually specify the duplex mode of a switch port. Use the speed command   of the interface configuration mode to manually specify the speed of a switch port. In Image 3, port F0 / 1 of switches S1 and S2 is manually configured with the keyword  full  for the duplex command   and the keyword  100  for the speed command  .

Description	Command
Enter global configuration mode.	S1 # configure terminal
Enter the interface configuration mode.	S1 (config) # interface FastEthernet 0/1
Configure the duplex mode of the interface.	S1 (config-if) # duplex full
Configure the interface speed.	S1 (config-if) # speed 100
Return to privileged EXEC mode.	S1 (config-if) # end
Save the running configuration in the startup configuration.	S1 # copy running-config startup-config

The default duplex and speed settings for the switch ports on the Cisco Catalyst 2960 and 3560 switches are automatic. The 10/100/1000 ports work in half-duplex or full-duplex mode when set to 10 Mb / s or 100 Mb / s, but only work in full-duplex mode when set to 1000 Mb / s (1 Gb / s) . Autonegotiation is useful when the duplex and speed settings of the device that connects to the port are unknown or when such settings may change. When connecting to known devices, such as servers, dedicated workstations or network devices, it is recommended to manually set the duplex and speed settings.
When troubleshooting port switch problems, duplex and speed settings must be verified.
All fiber optic ports, such as 1000BASE-SX ports, only work at a predefined speed and are always full duplex.

AUTO-MDIX

Until recently, certain types of cable (crossed or direct) were required to connect devices. Switch-to-switch or switch-to-router connections required the use of different Ethernet cables. By using the automatic medium-dependent interface cross-connect feature ( auto-MDIX ) on an interface, this problem is eliminated. When you enable the auto-MDIX feature, the interface automatically detects the type of cable connection required(direct or cross) and configure the connection according to that information. When connecting to switches without the auto-MDIX function, direct cables must be used to connect to devices such as servers, workstations or routers. Cross cables must be used to connect to other switches or repeaters.
With the auto-MDIX feature enabled, any type of cable can be used to connect to other devices, and the interface is automatically adjusted to provide satisfactory communications. On the most modern Cisco switches, the mdix auto interface configuration mode command   enables the feature. When using auto-MDIX on an interface, the speed and duplex mode of the interface must be set to  auto  for the feature to function properly.

Description	Cisco Commands
Enter global configuration mode.	S1 # configure terminal
Enter the interface configuration mode.	S1 (config) # interface FastEthernet 0/1
Configure the interface to auto-negotiate duplex communication with the connected device.	S1 (config-if) # auto duplex
Configure the interface to automatically negotiate speed with the connected device.	S1 (config-if) # speed auto
Enable auto-MDIX on the interface.	S1 (config-if) # mdix auto
Return to privileged EXEC mode.	S1 (config-if) # end
Save the running configuration in the startup configuration.	S1 # copy running-config startup-config

VERIFYING THE SWITCH CONFIGURATION OF PORTS

The following describes some of the options of the show command   that are useful for verifying the common configurable features of a switch.

Description	Cisco Command
Shows the status and configuration of the interface.	S1 # show interfaces [id-interface]
Shows the current startup settings.	S1 # show startup-config
Shows the current operating settings.	S1 # show running-config
Displays information about the flash file system.	S1 # flash show
Shows the status of the system hardware and software.	S1 # show version
Shows the history of commands entered.	S1 # show history
Shows IP information of an interface.	S1 # show ip [interface id]
Shows the MAC address table.	S1 # show mac-address-table -OR- S1 # show mac address-table

In the following scheme, an abbreviated result of the show running-config command is shown  .

S1 # show running-config
Building configuration ...

Current configuration: 1664 bytes
<Result omitted>

FastEthernet interface
 switchport access vlan 99
 switchport mode access
<Result omitted>

Vlan99 interface
 ip address 172.17.99.11 255.255.0.0
<Result omitted>

ip default-gateway 172.17.99.1
<Result omitted>

Use this command to verify that the switch has been configured correctly. As seen in the result of S1, some important information is shown:

• Fast Ethernet interface 0/18 configured with management VLAN 99
• VLAN 99 configured with IPv4 address 172.17.99.11 255.255.255.0
• Default gateway set in 172.17.99.1

The show interfaces command   is another frequently used command that shows statistical and status information about the switch's network interfaces. The show interfaces command   is commonly used when configuring and controlling network devices.The result of the show interfaces fastEthernet 0/18 command is  shown below . In the first line of the illustration, it is indicated that the FastEthernet 0/18 interface is “up / up”, which means that it is in operation. Further down in the result, it is shown that the duplex mode is full and the speed is 100 Mb 

S1 # show interfaces fastEthernet 0/18
FastEthernet0 / 18 is up, line protocol is up (connected) 
 Hardware is Fast Ethernet, address is 0cd9.96e8.8a01 
(bia 0cd9.96e8.8a01)
 MTU 1500 bytes, BW 100000 Kbit / sec, DLY 100 usec, 
 reliability 255/255, txload 1/255, rxload 1/255
 Encapsulation ARPA, loopback not set
 Keepalive set (10 sec)
 Full-duplex, 100Mb / s, media type is 10 / 100BaseTX
 input flow-control is off, output flow-control is 
unsupported 
 ARP type: ARPA, ARP Timeout 04:00:00
 Last input 00:00:01, output 00:00:06, output hang 
 never
 Last clearing of "show interface" counters never
 Input queue: 0/75/0/0 (size / max / drops / flushes); 
 Total output drops: 0
 Queueing strategy: fifo
 Output queue: 0/40 (size / max)
 5 minute input rate 0 bits / sec, 0 packets / sec
 5 minute output rate 0 bits / sec, 0 packets / sec
 25994 packets input, 2013962 bytes, 0 no buffer
 Received 22213 broadcasts (21934 multicasts)
 0 runts, 0 giants, 0 throttles
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 
 ignored
 0 watchdog, 21934 multicast, 0 pause input
 0 input packets with dribble condition detected
 7203 packets output, 771291 bytes, 0 underruns
<Result omitted>

NETWORK ACCESS LAYER PROBLEMS

The result of the show interfaces command   can be used to detect frequent media problems. One of the most important parts of this result is the display of the status of the line protocol and data link.

S1 # show interfaces FastEthernet0 / 1

The first parameter (FastEthernet0 / 1 is up) refers to the hardware layer and indicates if the interface is receiving a carrier detection signal. The second parameter (line protocol is up) refers to the data link layer and indicates whether the keepers of the data link layer protocol are received. Based on the result of the show interfaces command  , possible problems can be repaired as follows:

• If the interface is active and the line protocol is inactive, there is a problem. There may be an incompatibility in the type of encapsulation, the interface at the other end may be disabled due to errors or there may be a hardware problem.
• If the line protocol and interface are inactive, there is a cable that is not connected or there is some other interface problem. For example, in a direct connection, the other end of the connection may be administratively inactive.
• If the interface is administratively inactive, it was manually disabled in the active configuration (the shutdown command was issued  ).

FREQUENT ERRORS

The following table explains some of these frequent errors, which can be detected using the show interfaces command .

Type of error	Description
Input Errors	Total number of errors. It includes collision fragment counts, giant fragments, those that are not buffered, CRC, frames, saturation and ignored.
Runts	Packages that are discarded because they are smaller than the minimum package size for the medium. For example, any Ethernet packet that is less than 64 bytes is considered a collision fragment.
Giants	Packages that are discarded because they exceed the maximum package size for the medium. For example, any Ethernet packet that has more than 1518 bytes is considered a giant fragment.
CRC	CRC errors are generated when the calculated checksum is not equal to the checksum received.
Output Errors	The sum of all errors that prevent the final transmission of datagrams through the interface being analyzed.
Collisions	Number of messages retransmitted due to an Ethernet collision.
Late Collisions	A collision that occurs after 512 bits of the frame were transmitted.

 TROUBLESHOOTING THE NETWORK ACCESS LAYER

Most of the problems that affect switched networks occur during initial deployment. In theory, once installed, the networks continue to run smoothly. However, the cables are damaged, the configuration changes, and new devices that require configuration changes are connected to the switch. Maintenance and resolution of network infrastructure problems is required on a permanent basis.

In order to resolve situations in which a connection is not available or has a bad connection between a switch and another device, follow this general process:

IF THE INTERFACE IS INACTIVE

If the interface is inactive, do the following:

• Verify that the appropriate cables are used. Also, check the cables and connectors for damage. If it is suspected that there is a defective or incorrect cable, replace it.
• If the interface remains inactive, the problem may be due to an incompatibility in the speed setting. In general, the speed of an interface is negotiated automatically; therefore, even if configured manually, the interface that is connected must automatically negotiate accordingly. If a speed incompatibility occurs due to an incorrect configuration or a hardware or software problem, this could cause the interface to become inactive. Set the same speed manually at both ends of the connection if there is a suspicion that there is a problem.

IF THE INTERFACE IS INACTIVE BUT WITH CONNECTIVITY PROBLEMS

If the interface is active but there are still connectivity problems, do the following:

• Using the show interfaces command  , look for signs of excessive noise. Signs may include an increase in collision fragment counters, giant fragments and CRC errors. If there is an excess of noise, first look for the origin of the noise and, if possible, eliminate it. Also, verify what type of cable is used and that the cable does not exceed the maximum length.
• If there are no noise problems, check for excessive collisions. If there are collisions or late collisions, verify the duplex configuration at both ends of the connection. Like the speed setting, the duplex setting is usually negotiated automatically. If there seems to be a difference between duplexes, manually configure the duplex as full at both ends of the connection.