Вы находитесь на странице: 1из 14

Performing initial configuration in a switch

1. First thing you do for configuring a Switch on a New

Brand Device is to set a Name. We will change the default name into SEngSwitch
Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname SEngSwitch

Of Course the name of the Switch should be named logically

which means the Location of the Switch will be its name. For Example : 3rdFL,Switch1 or 2ndFL,Switch2

2. Second thing to do is to give the Switch an IP Address in

order to Telnet on it. In order to give a Switch an IP Address you must have at least a Basic Understanding on VLAN (Virtual Lans), what it does is that it divides your local network from one broadcast domain into multiple Broadcast Domains on the same device. So why we are talking on VLAN cause when we assign the Switch with an IP Address we need to go to VLAN Interface, cause the Switch ports is not configured by IP address but the VLAN interface is configured.

But we dont know which VLAN we are on or we dont know

how to create one right now, but by Default the Switches Creates its Default VLAN 1 whether you need it or not, all the Port on the Switch is on VLAN1 by Default, thats why everything works with out any Configuration on the switch Interfaces, any port can communicate with the other port cause every interfaces is a member on VLAN1 by default.

So to configure the IP Address of the VLAN1 do the

SEngSwitch(config)#interface vlan 1 SEngSwitch(config-if)#ip address

Now your Switch has an IP Address. Now we need to check what

we have done, so we have to type the following command.

SEngSwitch#show interfaces vlan 1

The result will be like below;

Vlan1 is administratively down, line protocol is down Hardware is CPU Interface, address is 0030.f2cb.3969 (bia 0030.f2cb.3969) Internet address is MTU 1500 bytes, BW 100000 Kbit, DLY 1000000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set ARP type: ARPA, ARP Timeout 04:00:00 Last input 21:40:21, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1682 packets input, 530955 bytes, 0 no buffer Received 0 broadcasts (0 IP multicast) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 563859 packets output, 0 bytes, 0 underruns 0 output errors, 23 interface resets 0 output buffer failures, 0 output buffers swapped out

As you can see on the Marked Red that Vlan1 interface is

administratively is down & Line Protocol is down, Administratively is down mean the Physical Layer of Vlan1 is Down Line Protocol is down represents the Data Link State. Note any time you see administratively is down means that the interface is SHUTDOWN, so to enable it type No Shutdown.
SEngSwitch#conf t

SEngSwitch(config)#interface vlan 1
SEngSwitch(config-if)#no shutdown

Assign Gateway to the Switch

Now we need to assign a Default GW to the Switch in order

to get out of the Network and be able to communicate with other network. For example;
SEngSwitch(config)#ip default-gateway

Save Configuration; Now Final Step is we need to save the

configuration we have made on the Switch. Everything we have done till now is saved in RAM. To do so we must save the Configuration to NVRAM
SEngSwitch#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK]

To check what we have done type the following.

SEngSwitch#show startup-config

Configuring Switch Security:

To secure the Switch we need to setup some Passwords, on

the first Use for the Switch there is no password is configured so it needs to be setup. First we will setup a Password to protect the Privilege mode from accessing.
SEngSwitch>en SEngSwitch#conf t

SEngSwitch(config)#enable password 1234software

So 1234software is our Privileged mode password (you can

put you your private password) But there is a disadvantage in setting this type of password because this password is not encrypted its written in a clear text, as you can see by using show running config:

SEngSwitch#show running-config Building configuration... Current configuration : 1059 bytes ! version 12.1 no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption ! hostname SEngSwitch !

enable password 1234software

..... ........

So to make the Password Encrypted and More Secure, we do

the Following:
SEngSwitch(config)#enable secret 1234software

Now when we show the running Configuration, the password

is written encrypted Now when we exit from this mode and return to the User Mode and try to enter the privilege Mode again it ill ask for the Password, when you enter the Unencrypted Password it will not accept it but when you enter the Secret Password (Encrypted one) we have entered here which is 1234software ( new one) it will accept it, because the Enable Secret Overwrite the Enable Password.

SO Why ? Why do the enable password exist while the

enable secret overwrite it, because a lot of people configure CISCO Devices in a fast Way or on a fly this is done by after making the initial Configuration on the Cisco Device, and then you make the Show run Command after that take a Copy Starting at (! Mark) as shown before in the figure till the End of the Show Run and Paste it in a Notepad Program. Then you can Backup a Basic Configuration you may use on any Cisco Switch Device, that you may take it and paste it to any device you may want to configure it, by going to the Configuration Mode and just PASTE.

So if there are OLD Version of IOS that only uses enable

Password, and not enable Secret, so when you copy the Configuration file and paste it on that old IOS Switch it will accept the enable password.
To enable a Password on the Console, on the Global

Configuration Mode type the Following:

SEngSwitch(config)#line console 0 SEngSwitch(config-line)#password soft0000

You can put any password rather than (soft0000) for the


But the Cisco switch does not know that I need to be asked

for that Password, so I should write login to ask me or prompt me to enter a Password.

So now , when you try to login the switch in user mode, this

been secured also.You have to enter the password the you configured before on line console , Then password for the privileged mode, thus we have two levels of passwords ( for both modes; user mode and privileged mode)