How to Upload Config to Switch Console

Cisco switches provide outstanding performance, security, scalability, and toll-efficiency for any network type. They are not ordinary plug-and-play devices that exercise non need configuration or interest when resolving issues. However, Cisco switches do require an initial setup, ongoing monitoring, and maintenance.

How to configure a Cisco switch? In this footstep-by-step guide, nosotros'll configure a Cisco Catalyst Switch. Catalyst series is a well-known family of enterprise-grade network equipment, which varies from wireless controllers, switches, and wireless access points. Catalyst switches use the IOS equally their operating system. There are two different interfaces to configure a Cisco switch, via the modern Web Console or through the more versatile Cisco IOS Command-Line Interface.

In this step-by-step guide on configuring a Cisco switch:

1. Inspecting and connecting to your hardware
2. Establishing a serial connection
3. Moving through command modes
4. Initial configuration commands
5. Restrict admission to your switch
6. Configure your switch ports and VLANs
7. Useful additional commands

ane. Inspecting and connecting to your hardware

Before configuring your Cisco switch, you'll need to be able to identify the ability cablevision, switch ports, panel ports. In addition, all Cisco switches come with LEDs that permit you know the current state of your switch.

• Connect the switch's power cablevision to the ability source, and wait for the lights to come.
• Check the front end side of the switch. The switch's (SYST) Arrangement's LEDs are as follow:
  • Off: The system is not powered. If power cables are connected just LEDs are off, check the power source or switch's power cable.
  • Green: The switch is operational.
  • Blinking green: The arrangement'southward software is loading.
  • Amber: Power is ok, just the system is not functional.
  • Blinking bister: Fault with either: network module, power supply, or fan.

• Check the lights. They vary according to the Cisco Switch series, merely generally, you lot should see the Organisation light (every bit displayed higher up), along with other lights like Console, Active, RPS, Stack, PoE, Duplex, Speed, etc.
• Check the backside of the switch. Behind the switch, you lot should be able to run into the power supply and console port. The console port of switches can exist either, Serial or Mini USB. You lot should also see the IOS label on the backside, which shows the operating system version that comes by default.

How to connect to a Cisco Switch?

Connect to the panel (direction) port using a console cablevision.

• Depending on the console port of the Cisco Switch, yous should use different adapters. Mostly, at that place are two types of cablevision adapters: a Series DB-9/Ethernet RJ45 Console cable (as shown below) and a USB/Series DB-9 adapter (if your calculator does not take a series port).

• How to physically connect your laptop or PC to the console port? Plug the serial DB9 cease of the console cable into your calculator's serial port and connect the RJ45 stop on the Cisco Switch. But if your estimator does not take a series DB-9 port, connect the serial DB9 console cable stop into the Series-to-USB adapter and and so plug it into your laptop. Bear in listen that these adapters piece of work with a software commuter.

2. Establishing a serial connectedness

To institute a serial connection to your computer, you'll need to use software that controls serial lines. A well-known software that tin can do this is PuTTy. This software is a costless SSH, Telnet, rlogin, and TCP customer. Unfortunately, PuTTy is only supported by Windows. And so if you lot are running Linux or macOS, in that location are some alternatives such as SecureCRT and MobaXTerm.

• Ensure you are connected to the panel port of the Cisco switch using the right cable, every bit shown in the previous section.
• Wait for the COM (advice port) established by your computer. A COM port is the name of the serial port interface on PCs. It refers to physical ports and emulated ports similar those of USB adapters. So, if you are using a USB/RJ45 adapter, y'all'll demand to discover the COM port. To do this, get to Windows Device Manager and check your Ports. So, locate the cable (with driver) that yous are using and tape the COM number (in this case, COM i).

• Let'due south configure the series connection lines in your figurer. Open up PuTTY. Get to Configuration > Connection > Serial. Set the following parameters.
  • The series line to connect to The COM # you constitute in the previous section.
  • Speed: varies according to your hardware — 9600 to 115200 (bps).
  • Data Bits: 8
  • Stop Bits: 1
  • Parity: None
  • Menstruation Control: None
• Save your connectedness and click on Open up. Yous'll be instantly connected to the switch.

iii. Moving through command modes

Once connected to the switch, yous'll be greeted with the prompt:

Switch>

The hostname "Switch" is the current name of the switch, and the ">" means you are in "unprivileged" control way. In this manner, you'll only be able to brandish information but not change any configuration. To start configuring your Cisco switch, y'all'll need to scale your user privileges.

Navigate through Cisco's control modes

There are two privilege level modes:

• The "Unprivileged" User EXEC: ">" is the default mode. Here you can only display and see sure debug information.
• The "Privileged" User EXEC: "#" configuration style. There are other modes within the privilege mode, including global, interface, subinterface, router, and line configuration modes.

To motility beyond these modes, you can use the following commands

• enable. Change from unprivileged (>) to privileged (#)
• disable. Switch from privileged (#) to unprivileged (>).
• Configure last. Enter global configuration mode.
• exit. Revert one mode.
• terminate. Revert to the privilege enable mode.

four. Initial Configuration Commands

Although switching configuration will vary according to the topology, the primary and security pattern depends on the topology. For case, yous can alter the hostname, console port, vty ports, etc.

a. Configure an appropriate hostname

Enter to the privilege mode (enable) and then configuration mode (config terminal). Then, event the following command:

Switch(config)# hostname <proper noun>

You'll notice that the switch changed its proper name from "Switch" to whatever name you gave it.

b. Protect the privilege EXEC mode with an "encrypted" password

Protect the privilege EXEC style and all sub-modes, including global, interface, subinterface, router, and line configuration modes. Enter global configuration way and consequence:

enable underground <your countersign>

To test the new configuration, exit privilege EXEC mode and try to reaccess it. Starting time, use the "exit" command and so "enable" (every bit shown in the picture below).

Discover that nether unprivileged User EXEC mode, if you attempt to enter privileged User EXEC manner, the console will ask you lot for a password. If you type the incorrect password, yous'll not be able to move to the Privileged User EXEC mode.

You could have likewise used:

enable password <countersign>

But the chief difference between "enable secret" vs. "enable password" is encryption. If someone gets their hands on the configuration file (either a printed version or TXT), they could easily detect the countersign in plain text. With "enable secret," the countersign is encrypted with MD5.

c. Configure a management interface IP

Logging to a switch for management tin be challenging. First, using the console port requires you to be on-site and next to the switch. Second, you can't log in remotely to an L2 switch via Telnet or SSH by default. Tertiary, layer two switches won't take IP configuration on their physical interfaces. So, the only solution is to create a Switched Virtual Interface (SVI) and assign information technology an IP.

Enter global configuration fashion and consequence the following set up of commands:

Switch(config)# interface vlan i

Switch(config-if)# ip address <ip accost> <mask>

Switch(config-if)# exit

d. Configure a default gateway

To brand your switch accessible from a remote network using Telnet or SSH, you'll need to configure information technology with a default router. For example, L2 switches would simply need a Default Gateway (DG) with L3 capabilities when they need direction from external networks.

To configure a DG on your Cisco switch:

• First, brand certain the DG is on the same network.
• DG must have the proper routes to route such packets.
• Then, enter global configuration mode and outcome the following command.

Switch(config)#ip default-gateway <ip address>

• Use the "ping" control to examination connectivity.
• E'er at the cease of your remember to save your configuration with:

Switch# wr

5. Restrict access to the switch

Security is ane of the essential tasks when configuring your switch.

a. Protect console, telnet, and aux ports

When you accessed the switch via the console for the commencement fourth dimension, information technology didn't request a password. To protect your switch from unauthorized access, you'll need to institute hallmark for all kinds of input connections. Aside from restricting panel ports, you'll likewise need to consider Telnet and Aux ports.

Issue the post-obit commands:

• To find the electric current connexion lines on your switch.

Switch>show running-config.

• To make up one's mind the current connectedness lines and their numbers.

Switch>show line.

• Configure line console password.

Switch(config)# line con 0

Switch(config-line)# password $$ECRETCONSOLE

Switch(config-line)# login

Switch(config-line)# exit

• Configure line vty password.

Switch(config)# line vty 0 four

Switch(config-line)# countersign $$ECRETVTY

Switch(config-line)# login

Switch(config-line)# exit

• In one case configured, issue the "show running-config" again to verify your configuration.

b. Restrict admission at the IP level with an ACL

Create an Access Command List (ACL) to deny (or permit) access to the switch based on IP addresses. You can permit access to a single IP or deny access to an unabridged network with an ACL. One time created, you can assign the new ACL to the VTY line and protect Telnet access.

Issue the post-obit commands:

• Create an ACL.

Switch(config)# ip admission-list <number> <allow|deny> <ip accost><wildcard>

• You can likewise create standard ACLs with the following gear up of commands.

Switch(config)# ip access-list standard TELNET

Switch(config-std-nacl)# permit <IP-1>

Switch(config-std-nacl)# let <IP-2>

Switch(config-std-nacl)# exit

• Assign the new ACL to the VTY line.

Switch(config)# line vty 0 4

Switch(config-line)# access-class <admission-listing number> in

Switch(config-line)# exit

The example ready of commands on the screenshot will do the post-obit: The Access listing number 101 defines "permit" to the IP address 192.168.20.1. Although no "deny" has been described in the ACL 101, all access lists end with an implicit "deny all." If the traffic going through the ACL 101 does not match the rules (if IP is not 192.168.20.1), all traffic is ultimately dropped. Finally, this ACL is attached to the VTY (Telnet connections) 0 four, so nobody except 192.168.xx.1 tin connect to the switch via Telnet.

c. Disable unnecessary switch ports (or assign them to a Blackhole VLAN)

Although this footstep is not mandatory, it is highly recommended. As a best security practice, disable all unused ports using the "shutdown" command. Let's suppose our switch has 48 switch ports and that we are non using ports from eighteen to 48.

Switch(config)# interface range fa 0/18-48

Switch(config-if-range)# shutdown

Switch(config-if-range)# go out

Switch(config)#

An alternative to shutting down ports is creating a "black hole VLAN" and assigning them all unnecessary switch ports. As a general rule of thumb, it is recommended to assign switch ports (used or unused) to any VLAN, except VLAN 1. If any of these ports are however on the default VLAN 1, and the port is enabled, it might expose user broadcast or multicast traffic.

Create a black hole VLAN and assign all unused ports to information technology

Switch(config)#vlan 999

Switch(config-vlan)#proper name BlackHole

Switch(config-vlan)#exit

Switch(config)#interface range fa 0/18-48

Switch(config-if-range)#switchport access vlan 999

Switch(config-if-range)#switchport manner access

Switch(config-if-range)#leave

Remember to save your configuration with:

Switch# wr

Configure your switch ports and VLANs

I of the well-nigh critical functions of a Layer two Cisco Switch is to segment the network into different L2 VLANs, where each of these VLANs belongs to a carve up L3 subnet.

Switch ports are past default assigned to VLAN one, and so y'all'll need to create additional VLANs and assign the physical switch ports accordingly. As mentioned in the previous department, avert using the VLAN one for user traffic.

Let's create ii VLANs and assign the physical switch ports to each of them. Recollect that nosotros have already disabled (or sent to blackhole VLAN) some portion of our switch ports.

Utilise the following commands to create VLANs:

Switch(config)# vlan two

Switch(config-vlan)# name Admin

Switch(config-vlan)# exit

Switch(config)# vlan 3

Switch(config-vlan)# name Users

Switch(config-vlan)# exit

Assign the physical switch ports to each VLAN

Switch(config)# interface range fa 0/i-3

Switch(config-if-range)# switchport fashion access

Switch(config-if-range)# switchport access vlan two

Switch(config-if-range)# leave

Switch(config)# interface range fa 0/4-17

Switch(config-if-range)# switchport mode access

Switch(config-if-range)# switchport access vlan 3

Switch(config-if-range)# exit

Save your configuration with:

Switch# wr

7. Useful Boosted Commands

After following the basic Cisco switch configuration shown in the previous sections, you tin can utilize the additional commands to monitor and troubleshoot your configuration.

a. Displays the electric current configuration

Switch# testify run

b. Show the current MAC accost tabular array.

Switch# testify mac address-table

c. Shows all interfaces, their configuration, and the status.

Switch# show interfaces

d. Displays the condition of all interfaces, including parameters like speed, duplex, and more.

Switch# bear witness interface condition

e. Shows all the VLAN numbers, names, and their associated switch ports.

Switch# testify vlan

choatebroateretted.blogspot.com

Source: https://www.netadmintools.com/how-to-configure-cisco-switches/

Share this post