Basic configuration of Cisco 2960 switch
Let’s consider the simplest case when you have to hook up 3 departments of a company to different logical networks (Vlans) using one access layer switch Cisco 2960 (Sometimes they are called switches of the second layer of OSI model).
For example we need to organize these networks (Vlan):
- Sales department (168.10.0 255.255.255.0)
- Accounting department (168.20.0 255.255.255.0)
- Administration (168.100.0 255.255.255.0)
- Special network for managing the network equipment (192.168.1.0 255.255.255.0)
Video version of this article
Just in case:
2nd layer devices are able to transmit within a certain network and perform transmission based on information about the MAC addresses (eg: within the network 192.168.0.0 /24).
3rd layer devices (eg: Cisco 3560 switch) are able to route network traffic based on information about ip addresses and transfer them between different networks (eg: between 192.168.1.0 /24 network and 192.168.2.0 /24 network).
Step 0: Reset all settings
(Do it only on new or test devices! This leads to complete removal of existing configuration)
After removing a new switch out of the box, use the console cable to connect to the switch and clear all it’s current configuration by going to the privileged mode (#) and using the command write erase (details about the configuration of Cisco equipment can be found here).
Switch# write erase
/confirmation of cleaning the configuration/
The switch will reboot within 3 minutes and initial configuration dialog will appear. Type “no” and move to next step.
--- System Configuration Dialog ---
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets ''.
Would you like to enter the initial configuration dialog? [yes/no]:
Step 1: pick a name for your switch
Assign a name to the switch SW-DELTACONFIG-1.(SW – abbreviation SWitch). Just go to configuration mode (conf t) and type the following commands:
Switch #conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch (config)# hostname SW-DELTACONFIG-1
So, the device name changed from the «Switch» to «SW-DELTACONFIG-1».
Step 2: Customizing the management interface
Let’s customize our interface for managing the switch. By default it’s Vlan 1. You should assign an ip address of the interface and activate it by command no shutdown.
interface vlan 1
ip address 192.168.1.11 255.255.255.0
From now your switch will be available under the ip addess 192.168.1.11
Step 3: User authentication
Then, we have to configure authentication to access the device. Set password to access the privileged mode (the # sign next to device name), and create a user account with password for remote connection.
Setting a password to access the privileged mode #
enable secret XXXX
Creating a user account for remote connection and a password
username admin secret YYYYY
Enabling authentication using the local database of usernames and passwords
line vty 0 4
To check the availability of enable mode (#) after the input of these commands, exit all configuration modes (press exit or Q in each mode or use the combination of keys Ctrl+Z). You should see the initial mode on your screen (denoted by symbol >). Try to re-enter the privileged mode (denoted by symbol #). For password request – type the one you’ve chosen before.
If you did it right, you will see the following text:
To check the remote access, run the workstation’s command line and then type telnet 192.168.1.11. You should see a dialog with username and password request.
After confirming that the device is accessible via Telnet, I highly recommend setting up secure access via SSH. See the instruction in this article.
Step 4: Creating a Vlan
Let’s create a Vlan for each department and assign serial numbers and names to them.
Each switch has Vlan 1 as a default one. It will be used for remote control.
To check the current Vlan settings, type sh vlan command:
SW-DELTACONFIG-1# show vlan
VLAN Name Status Ports
---- -------------------- -------- -------------------------------
1 default active Fa0/1, Fa0/2, /...cut.../
10 NET_SALES active
20 NET_ACCOUNT active
100 NET_ADMIN active
Make sure that all networks are in your list.
Step 5: Binding Vlans and ports
Assign the switch access ports to your Vlan’s. For example, switch has 24 FastEthernet ports and 2 Gigabit Ethernet ports. For users connection only Fast Ethernet will be used.
Let’s split them as follows:
- 6 for administration network (Vlan 100)
- 12 for sales department (Vlan 10)
- 6 for accounting department (Vlan20)
It would be great to add description strings for each interface . This is a text field which doesn’t affect any other settings.
interface range fa 0/1 – 6
switchport access vlan 100
interface range fa 0/7 – 18
switchport access vlan 10
interface range fa 0/19 – 24
switchport access vlan 20
Then, ports will be shown next to each Vlan. The result of sh vlan command should be similar to this:
SW-DELTACONFIG-1# show vlan
VLAN Name Status Ports
---- ---------------- --------- -------------------------------
1 default active
10 NET_SALES active Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18
20 NET_ACCOUNT active Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24
100 NET_ADMIN active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6
By previous commands we shared one physical switch to 4 logical ones (Vlan 1, Vlan 10, Vlan 20 and Vlan 100).
Connections between hosts will be able only if their ports on the switch belongs to the same Vlan.
Hosts that are connected to ports belonging to different Vlans can’t communicate with each other even if correct ip addressing will be configured.
You need a router connected to the switch using a trunk port in order to that all networks could communicate with each other. All necessary information about configuration can be found in this article. The difference of trunk interface is that the transmission of each packet of traffic is marked by Vlan number. This allows the device to forward packets correctly. In the switch, port is configured like this:
interface GigabitEthernet 0/1
switchport mode trunk
switchport trunk encapsulation dot1q
If system doesn’t accept the last line, then dot1q mode is the only possible one, and goes by default.
After making all of the steps, connect two workstations to ports belonging to the same Vlan, eg with the number 100, set ip addresses 192.168.100.1 and 192.168.100.2, then use ping from one to another. A successful response means that everything works as it should.
There are 3rd layer switches of OSI model (eg Cisco 3560) which combine functions of router (3rd layer devices) and 2nd layer switches (access layer). 3rd layer devices are used for transferring data between different networks using information about ip addresses.
The solution of a similar problem in the organization of several Vlan using this switch is shown in this article.
Don’t forget to save running configuration on all Cisco devices or you will loose all the changes after reboot. Do this with the command “write” or “copy run start”
This article was written by Alexey Yurchenko