2.6 Given a scenario, configure a switch using proper features - Paiet/Tech-Journal-for-Everything GitHub Wiki

2.6 Given a scenario, configure a switch using proper features

  • VLAN
    • Native VLAN/Default VLAN
      • Scenario Default settings of a Cisco Switch.
        • All interfaces will be in the same broadcast domain.
        • Usually, this is VLAN1
        • Production traffic and switch management traffic in same broadcast domain.
      • Demo
        • show vlan
    • VTP
      • Scenario When using multiple switches and we need to insure that same vlans appear on multiple switches.
        • same department users are in different buildings but need access to the same devices.
      • Create VTP Domain
      • VTP Mode server, client, & transparent
  • Spanning tree (802.1d)/rapid spanning tree (802.1w)
    • Scenario Switching loops & Broadcast
      • Diagram
    • Default Switching Behavior (diagram)
      • Flooding
      • Forwarding/blocking
      • Filtering
  • Interface configuration
    • Trunking/802.1q

Scenario If we must do inter-vlan routing

SW01(config)# Interface fastethernet 0/0
SW01(config-if)# switchport mode trunk
SW01(config-if)# switchport trunk

  • Tag vs untag VLANs

    • VLAN tagging inserts VLAN ID into the frame header
    • All frames identify what VLANs they are in
    • Only the native VLAN has untagged traffic

  • Port bonding (LACP)

  • Port mirroring (local vs remote)

Speed and duplexing

SW01(config)# Interface fastethernet 0/1
SW01(config-if)# speed 100
SW01(config-if)# duplex full

IP address assignment

SW01(config)# Interface fastethernet 0/2
SW01(config-if)# no switchport
SW01(config-if)# ip add 172.16.100.102 255.255.255.0
SW01(config-if)# no shutdown

VLAN assignment

Scenario Need to configure ports to be in vlan

SW01(config)# Interface fastethernet 0/3
SW01(config-if)# switchport mode access
SW01(config-if)# switchport access vlan 20
SW01(config-if)# no shutdown

Default gateway Scenario If the device is to be managed from another network then we must configure an ip address and a default gateway for the switch itself.

SW01(config)# interface vlan 1
SW01(config-if)# ip add 172.16.123.1 255.255.255.0
SW01(config-if)# exit
SW01(config)# ip default-gateway 172.16.123.254
  • PoE and PoE+ (802.3af, 802.3at)
    • Power over Ethernet (802.3af)
      • Original Standard
      • 15.4 Watts DC
      • Doesn't affect network performance
      • devices: IP phones, wireless AP, IP Security Cams these are known as PDs (Powered Devices)
      • devices: PSE (Power Source Equipment) PoE Equipment e.q PoE Switch
      • Doesn't damage non-PoE devices
    • Power over Ethernet+ (802.3at)
      • Min 24 Watts DC
      • Specified for more power demanding devives
      • Requires Cat5e cables
      • Devices are in power classifications
        • Type 1 - Lower powered devices
        • Type 2 - Higher powered devices
  • Switch management

User/passwords (local user accounts)

SW01# configure terminal
SW01(config)# username Ronnie password Passw0rd!
SW01(config)# username Daniel password Passw0rd!
SW01(config)# enable password cisco

2.6 Given a scenario, configure a switch using proper features Pt2

  • Switch management

User/passwords (local user accounts)

SW01# configure terminal
SW01(config)# username Ronnie password Passw0rd!
SW01(config)# username Daniel password Passw0rd!
SW01(config)# enable password cisco

AAA configuration (similar to centralized user accounts)

SW01(config)# aaa new-model
SW01(config)# aaa authentication login default group radius local
SW01(config)# radius-server 172.16.123.2

Console (demo console cable)

SW01(config)# line console 0
SW01(config)# login authentication local
SW01(config)# exec-timeout 15
SW01(config)# logging synchronous

Virtual terminals (use Putty)

SW01(config)# line vty 0 15
SW01(config)# login authentication local
SW01(config)# exec-timeout 15
SW01(config)# logging synchronous
  • In-band/Out-of-band management (diagram)
    • Scenario To make sure that networking devices are managed regardless of whether regular traffic through the device is working or not.
    • In-band management is to manage traffic using the same channels as data does.
      • setting up SSH access
        • configuring management interface on switch
        • configuring crypto certificate
        • configuring virtual terminal access
      • setting up management vlans
    • Out-of-band management is using different channels
      • setting up terminal access service with with different IP address access
      • console port access to manage networking equipment.
    • This should be complementary, not exclusionary.
  • Managed vs Unmanaged
    • Configurable Switch
    • Non-Configurable Switches