Switch - dejanu/linux GitHub Wiki

! For a switch to have an IP address , SVI (Switch Virtual Interface) must be configured, in order to manage the switch remotely.
! service password-encryption = prevent all configured pwd to appear in plain text in config files

! A default gateway address allows a switch to forward packets that originate on the switch to remote networks, and does not provide Layer 3 routing for PCs that are connected on that switch. A switch can still be accessible from Telnet as long as the source of the Telnet connection is on the local network.

! A switch must have configured a default gateway , for remote access (e.g telnet), acctually he acts like a end device so it will have the same default gateway as a local host: (config)#ip default-gateway 192.168.0.1

Cisco IOS modes:

  1. User Exec Mode(monitoring "read/view only"):
    >enable (go to next mode Privileged Exec Mode)

  2. Privileged Exec Mode(config and management cmds):
    #configure terminal (go to Global Configuration Mode)

  3. Global Configuration:
    (config)# line console 0 (go to LINE CONFIG MODE)
    (config)# interface vlan 1 (go to INTERFACE CONFIG MODE)

Cisco IOS interfaces:

  1. SVI (Switch Virtual Interface) - For a Switch to Have an IP a SVI must be configured:
    The SVI provides a virtual interface for remote access to the switch:
    SwitchA(config)# interface vlan 1 | fastEthernet 0/1
    SwitchA(config-if)# ip address 192.168.1.1 255.255.255.0
    SwitchA(config-if)# no shutdown

List interfaces and verify interface status: (config)# do show ip interface brief
Select interface: (config)# interface fastEthernet 0/0 selected interface

Add description to interface: (config)# description banner
Change the hostname:(config)#:hostname your_name
Add message of the day: (config)#banner motd # legal info #

  1. Console Interface

Configure Login Password:

For User Exec Mode:
(config-line)# password cisco
(config-line)# login

For Privileged Exec Mode:
(config)# enable secret cisco (Encrypted)
(config)# enable password cisco

###Take it from scratch(delete vlan configurations):

#erase startup-config
#delete vlan.dat
#reaload

Configure TELNET for switch:

1)PC IP allocation (source ip)
2)Switch IP allocation (destination ip):
(config)#interface faceEthernet0/5
3)Activate TELNET on switch

**2) IP config for VLAN1 interface **

Pe interfetele the Switch fast0/1-24 nu se pot aloca ip uri, interfetele FE au doar addresse MAC
Alta interfata pe care o putem configura e VLAN1 , si e sg interfata pe switch pe care putem seta IP, interfata vlan1 e interconnectata logic la toate interfetele fizice:

(config)# interface vlan1
(config-if)# ip address IP MASK
(config-if)# description admin telnet
(config-if)# no shutdown
verification #do show ip interface brief

**3) Activate the TELNET up to 16 sessions **

Configure the VTY (Virtual Terminal) for secure Telnet/SSH from host to switch:
(config)# line vty 0 15
(config-line)# password cisco
(config-line)# login

#show interface fa0/0 #show mac

2)Router IP allocation:

enable + configure terminal

(config)#interface g0/0
do show ip interface #list interfaces

ip address ip 255.255.255.0

description VLAN1
no shutdown
`do show ip interface

exit
(config)#interface g0/1

Switch Config steps:

  1. Configure device name:
    (config#)hostname name

  2. Secure Exec mode:
    (config)# line console 0
    (config-line)# password cisco
    (config-line)# login

  3. Secure Privileged Exec Mode:
    (config)# enable secret cisco (Encrypted)
    (config)# enable password cisco

  4. Secure all pwd in the config file:
    service password-encryption

  5. Secure TELENET:
    (config)#line vty 0 15#configure all 16 vtys
    (config-line)#password cisco
    (config-line)#login (config)#do show users

  6. Configure Banner:
    (config)# banner motd # message of the day #

  7. Configure SVI(Switch Virtual Interface) - For a Switch to Have an IP a SVI must be configured:
    SwitchA(config)# interface vlan 1 | fastEthernet 0/1
    SwitchA(config-if)# ip address 192.168.1.1 255.255.255.0
    SwitchA(config-if)# no shutdown

  8. Save Configuration:
    copy running-config startup-config

(config)#service password-encryption = encrypt all un-ncrypted pwd : console, enable password cisco
#show running-config = verify the configuration
(config-line)#logging synchronous = separate routers output messages from admin commands
For line console 0 and line vty 0 15 setting password:
(config-line)# password cisco
(config-line)# login
(config-line)# do show running-config

Any place that says VTY and VLAN are the same thing is junk.

A VTY line is used for SSH and Telnet access to the device. Here you configure login parameters and password.

A VLAN interface is in simplest terms the Layer 3 interface for a VLAN, allowing you to configure an IP address on it.

Edit:

An example of a VTY configuration:

line vty 0 4 access-class SSH in exec-timeout 0 0 privilege level 15 password cisco.123 logging synchronous transport preferred ssh transport input telnet ssh transport output all

An example of a VLAN Interface configuration:

interface Vlan15 description Printers VLAN ip address 192.168.15.1 255.255.255.224 ip helper-address 192.168.15.75 ipv6 address 2606:A000:4390:7015::1/64 ipv6 enable ipv6 dhcp relay destination 2606:A000:4390:7070::100 ipv6 ospf 1 area 0