initial switch configurations

Initial Switch Configurations – CCNA Course

by
Initial Switch Configurations - CCNA Course

Catalyst switches, for the most part, are designed so that the default state of the switch allows for basic layer 2 functionality without requiring any configuration from the administrator. For example, the physical interfaces on the switch are already enabled, which means that you can plug a cable in the switch and the interface operates without requiring you to perform a no shutdown on that interface. Does that mean you don’t have to learn about catalyst switch commands? No such luck.

The majority of the administrative configurations such as configuring hostnames, login banners, passwords, and telnet/SSH access are identical to the configurations of the router IOS, as described in the article “Foundation Cisco IOS operations”.

Assigning a Management IP address to a switch

Cisco Layer 2 switches forward frame solely based on MAC addresses. On the other hand, Layer 3 switches and routers use IP addresses in their data forwarding decisions. So why assign an IP address to a Layer 2 switch?

We have an article “Foundation Cisco configuration” where we mentioned that to remotely manage a device via SSH, Telnet, or HTTP, you need to have IP connectivity to the switch. Likewise, if you were to manage the switch using SNMP, you would also have to program your management server to use its IP address to gather statistics from the switch. All these management functions assume that an IP address is assigned to the device, which in the catalyst switch’s case does not have an IP address in its default configuration.

Unlike cisco routers, Layer 2 switches do not assign IP addresses on all the physical interfaces. In fact, the interfaces to which you assign an IP address on a Layer 2 Catalyst switch is actually a virtual interface called VLAN 1. To assign an IP address to the entire switch, you use exactly the same syntax as a route’s physical interface to configure the VLAN 1 interface:

Switch(config)#interface VLAN1
Switch(config-if)#ip address 172.16.1.100 255.255.0.0
Switch(config-if)#no shutdown
01:35:19: %LINK-3-UPDOWN: Interface VLAN1, changed state to up

Defining a Default Gateway

If you were to Telnet into the switch from the terminal on the far network, the Telnet traffic would traverse through the local router, across the WAN link, through the remote router, and finally to the switch. To return the Telnet traffic back to the terminal, the switch would have to send it to a routing device, because the terminal is on another network. To instruct the switch to send any traffic destined for another network to that router, you have to define a default gateway (also known as a gateway of last resort) as shown in the picture below.

Initial Switch Configurations - CCNA Course

IP assignment Using DHCP

Similar to router interfaces, the IP assigned to the VLAN1 interface and the default gateway can be dynamically assigned using a DHCP server. The configuration is also similar to DHCP-assigned router interfaces except that the configuration is applied to the logical VLAN.

1 interface as opposed to a physical port on the switch:

Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z
Switch(config)#interface vlan 1
Switch(config-if)#ip address dhcp
Switch(config-if)#no shutdown
00:58:49: %LINK-3-UPDOWN: Interface vlan1, changed state to up Interface Vlan1 assigned DHCP address 172.16.1.100, mask 255.255.0.0

The command to configure a default gateway is ip default-gateway, followed by the IP address of the router that is on the switch’s segment in Global configuration. Using the example in the above picture, the configuration would look like the following:

Switch(config)#ip default-gateway 172.16.1.1

IP Assignment Using DHCP

Similar to router interfaces, the IP assigned to the VLAN1 interface and the default gateway can be dynamically assigned using a DHCP server. The configuration is also similar to DHCP-assigned router interfaces except that the configuration is applied to the logical VLAN 1 interfaces as opposed to a physical port on the switch:

Switch#configure terminal
Enter configuration commans, one per line, end with CNTL/Z.
Switch(config)#interface vlan 1
Switch(config-if)#ip address dhcp
Switch(config-if)#no shutdown
00:58:49: %LINK-3-UPDOWN: Interface Vlan1, changed state to up Interface Vlan1 assigned DHCP address 172.16.1.100, mask 255.255.0.0

After the IP address dhcp command is applied, the switch sends a DHCPDISCOVER broadcast out on all switch ports assigned to VLAN1 (by default, all switch ports are assigned to VLAN1). If a configured DHCP server exists on those segments, it replies with the IP address for the VLAN 1 interface and default gateway for the switch. As such, there is no required configuration of an IP address or default gateway in the switch configuration. It must be said, however, that despite the fact that this does simplify some of the administration configuration or reconfiguration tasks that re necessary to manage a switch, it is not practical because you need to readily know the IP address of the switch to effectively manage it.

Verifying the IP address and default gateway assigned by the DHCP server cannot be achieved by showing the running or startup configuration. Instead, you can use the output from the show dhcp lease command to verify the IP address and default gateway:

Switch#show dhcp lease
Temp IP addr: 172.16.1.100 for peer on Interface: Vlan1
Temp subnet mask: 255.255.0.0
DHCP Lease server: 172.16.1.1, state: 3 bound
DHCP transaction id: 1967
Lease: 16000 secs, Renewal: 3000 secs, Rebind: 16000 secs
Temp default-gateway addr: 172.16.1.1
Next timer fires after: 172.16.1.1
Retry count: 0    client-ID: cisco-0019.e86a.6fc0-v11
Hostname: Switch

Configuring Multiple Switch Interfaces

By design, switches may have a plethora of interfaces that may require a similar configuration. For instance, if the first 20 ports of your switch need to be set to a speed of 100mbs and full-duplex, you would be undertaking quite an administrative task of typing the same commands into each interface configuration for all 20 interfaces. To save time, the catalyst switch’s IOS contains a navigation and configuration command shortcut called interface range that enables you to define a range of switch ports and configure them simultaneously. The configuration can be condensed to something like this:

Switch(config)#interface range FastEthernet 0/1-20
Switch(config-if)#speed 100
Switch(config-if)#duplex full

Configuring and Verifying Spanning Tree Protocol

STP is enabled by default on all Cisco Catalyst switches. In fact, if you are running multiple VLANs(Virtual LANs) on your switch, Cisco switches run an instance of STP on each VLAN configured. With that being said, no configuration is required unless you want to alter the default parameters of STP or manually define optimal switching paths or designated certain switches as root bridges.

Changing priority and port cost

One of the common configurations you might encounter in your travels is to change the default priority of a switch to ensure that it will win the election for root bridge. To configure this option, you have to define which VLAN’s priority you want to change and give value in increments of 4096. For instance, if you wanted your switch to be the root bridge for VLAN 1, you would configure the following in global configuration:

Switch(config)#spanning-tree vlan 1 priority 4096

Cisco also created a command that automatically changes the switch’s priority to become the root bridge for a given VLAN:

Switch(config)#spanning-tree vlan 4 root primary

If you wanted to change the default cost calculations for a specific interface to ensure that a port becomes a forwarding interface, you could change the spanning-tree cost on any interface by entering interface configuration mode and using the following commands:

Switch(config)#interface FastEthernet 0/1
Switch(config-if)#spanning-tree cost 1

Verifying Spanning Tree Protocol

To verify spanning tree operation in your switch, you can issue the show spanning-tree command to see a display of the STP operations for each VLAN. If you want to see specific information regarding a particular VLAN or interface, you can also add additional keywords after the command to see the output for only those items. The following output from show spanning-tree displays the STP statistics for VLAN 1:

Switch#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID        Priority              32769
               Address               000d.65d0.4e00
               This bridge is the root
               Hello Time         2 sec Max age    20 sec    forward delay 15 sec
Bridge ID      Priority              32769    (priority 32768 sys-id-text 1)
               Address               000d.65d0.4e00
               Hello Time         2 sec Max age    20 sec    forward delay 15 sec
               Aging time          15
Interface      Role       Sts          Cost         Prio.Nbr          Type      
Fa0/1          Desg       LIS           19           128.1             P2p
Fa0/23         Desg       FWD           19           128.24            P2p
Fa0/24         Back       BLK           19           128.23            P2p

Notice in this output that you can see the MAC address and the priority of the root bridge and the local switch (which happens to be the root bridge for this VLAN). In addition, you can see the timers using 802.1d for port state transitions, including the max age and forward delay. Finally, this useful show command displays the interfaces that are active and participating in STP and their associated roles and states in the spanning tree network.