Configuring Cisco

Basic configuration of Cisco 2960 switch

06.10.2015

Read this article in Russian

Let’s consider the simplest case when you have to hook up 3 departments of a company to different logical networks (Vlans) using one access level switch Cisco 2960 (Sometimes they are called switches of the second level of OSI model).

For example we need to organize these networks (Vlan):

  • Sales department (168.10.0 255.255.255.0)
  • Accounting department (168.20.0 255.255.255.0)
  • Administration (168.100.0 255.255.255.0)
  • Special network for managing the network equipment (192.168.1.0 255.255.255.0)

 
cisco-switch-2960 en

Video version of this article

Just in case:
2nd level devices are able to transmit within a certain network and perform transmission based on information about the MAC addresses (eg: within the network 192.168.0.0 /24).

3rd level devices (eg: Cisco 3560 switch) are able to route network traffic based on information about ip addresses and transfer them between different networks (eg: between 192.168.1.0 /24 network and 192.168.2.0 /24 network).

Step 0: Reset all settings

(Do it only on new or test devices! This leads to complete removal of existing configuration)

After removing a new switch out of the box, use the console cable to connect to the switch and clear all it’s current configuration by going to the privileged mode (#) and using the command write erase (details about the configuration of Cisco equipment can be found here).

Switch>enable
Switch# write erase
/confirmation of cleaning the configuration/
Switch# reload
/confirmation/

The switch will reboot within 3 minutes and initial configuration dialog will appear. Type “no” and move to next step.
--- System Configuration Dialog ---
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Would you like to enter the initial configuration dialog? [yes/no]:

Step 1: pick a name for your switch

Assign a name to the switch SW-DELTACONFIG-1.(SW – abbreviation SWitch). Just go to configuration mode (conf t) and type the following commands:
Switch #conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch (config)# hostname SW-DELTACONFIG-1
SW-DELTACONFIG-1(config)#

So, the device name changed from the «Switch» to «SW-DELTACONFIG-1».

Step 2: Customizing the management interface

Let’s customize our interface for managing the switch. By default it’s Vlan 1. You should assign an ip address of the interface and activate it by command no shutdown.

SW-DELTACONFIG-1(config)#
interface vlan 1
ip address 192.168.1.11 255.255.255.0
no shutdown

From now your switch will be available under the ip addess 192.168.1.11

Step 3: User authentication

Then, we have to configure authentication to access the device. Set password to access the privileged mode (the # sign next to device name), and create a user account with password for remote connection.

Setting a password to access the privileged mode #
SW-DELTACONFIG-1(config)#
enable secret XXXX

Creating a user account for remote connection and a password
username admin secret YYYYY

Enabling authentication using the local database of usernames and passwords
SW-DELTACONFIG-1(config)#
line vty 0 4
login local

To check the availability of enable mode (#) after the input of these commands, exit all configuration modes (press exit or Q in each mode or use the combination of keys Ctrl+Z). You should see the initial mode on your screen (denoted by symbol >). Try to re-enter the privileged mode (denoted by symbol #). For password request – type the one you’ve chosen before.

If you did it right, you will see the following text:
SW-DELTACONFIG-1>enable
Password:  XXXXX
SW-DELTACONFIG-1#

To check the remote access, run the workstation’s command line and then type telnet 192.168.1.11. You should see a dialog with username and password request.

After confirming that the device is accessible via Telnet, I highly recommend setting up secure access via SSH. See the instruction in this article.

Step 4: Creating a Vlan

Let’s create a Vlan for each department and assign serial numbers and names to them.
SW-DELTACONFIG-1(config)#
vlan 10
name NET_SALES
vlan 20
name NET_ACCOUNT
vlan 100
name NET_ADMIN

Each switch has Vlan 1 as a default one. It will be used for remote control.

To check the current Vlan settings, type sh vlan command:
SW-DELTACONFIG-1# show vlan
VLAN Name                 Status    Ports
---- -------------------- -------- -------------------------------
1    default              active    Fa0/1, Fa0/2, /...cut.../
10  NET_SALES            active
20  NET_ACCOUNT          active
100  NET_ADMIN            active

Make sure that all networks are in your list.

Step 5: Binding Vlans and ports

Assign the switch access ports to your Vlan’s. For example, switch has 24 FastEthernet ports and 2 Gigabit Ethernet ports. For users connection only Fast Ethernet will be used.

Let’s split them as follows:

  • 6 for administration network (Vlan 100)
  • 12 for sales department (Vlan 10)
  • 6 for accounting department (Vlan20)

It would be great to add description strings for each interface . This is a text field which doesn’t affect any other settings.
SW-DELTACONFIG-1(config)#
interface range fa 0/1 – 6
switchport access vlan 100
description NET_ADMIN
interface range fa 0/7 – 18
switchport access vlan 10
description NET_SALES
interface range fa 0/19 – 24
switchport access vlan 20
description NET_ACCOUNT

Then, ports will be shown next to each Vlan. The result of sh vlan command should be similar to this:
SW-DELTACONFIG-1# show vlan
VLAN Name            Status    Ports
---- ---------------- --------- -------------------------------
1    default          active
10  NET_SALES        active    Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18
20  NET_ACCOUNT      active    Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24
100  NET_ADMIN        active    Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6

By previous commands we shared one physical switch to 4 logical ones (Vlan 1, Vlan 10, Vlan 20 and Vlan 100).

Important!
Connections between hosts will be able only if their ports on the switch belongs to the same Vlan.
Hosts that are connected to ports belonging to different Vlans can’t communicate with each other even if correct ip addressing will be configured.

You need a router connected to the switch using a trunk port in order to that all networks could communicate with each other. All necessary information about configuration can be found in this article. The difference of trunk interface is that the transmission of each packet of traffic is marked by Vlan number. This allows the device to forward packets correctly. In the switch, port is configured like this:
SW-DELTACONFIG-1(config)#
interface GigabitEthernet 0/1
switchport mode trunk
switchport trunk encapsulation dot1q

If system doesn’t accept the last line, then dot1q mode is the only possible one, and goes by default.

After making all of the steps, connect two workstations to ports belonging to the same Vlan, eg with the number 100, set ip addresses 192.168.100.1 and 192.168.100.2, then use ping from one to another. A successful response means that everything works as it should.

For reference:
There are 3rd level switches of OSI model (eg Cisco 3560) which combine functions of router (3rd level devices) and 2nd level switches (access level). 3rd level devices are used for transferring data between different networks using information about ip addresses.

The solution of a similar problem in the organization of several Vlan using this switch is shown in this article.

Important!

Don’t forget to save running configuration on all Cisco devices or you will loose all the changes after reboot. Do this with the command “write” or “copy run start
FW-DELTACONFIG-1#write
Building configuration...
[OK]

Back to Table of contents

deltaconfig logo Personal Cisco tutor

Comments

avatar
Sort by:   newest | oldest | most voted
Wisam
Guest
Wisam

Great material for beginner!!!

wpDiscuz
×

How can I help you?