Switch Virtual Interface Configuration

Posted on by examcert

Switch Virtual Interface Configuration (28.1.2)

To access the switch remotely, an IP address and a subnet mask must be configured on the switch virtual interface (SVI). To configure an SVI on a switch, use the interface vlan 1 global configuration command. Vlan 1 is not an actual physical interface but a virtual one. Next, assign an IPv4 address using the ip address ip-address subnet-mask interface configuration command. Finally, enable the virtual interface using the no shutdown interface configuration command.

After the switch is configured with these commands, shown in Example 28-2, the switch has all the IPv4 elements ready for communication over the network.

Note:
Similar to Windows hosts, switches configured with an IPv4 address will typically also need to have a default gateway assigned. This can be done using the ip default-gateway ip-address global configuration command. The ip-address parameter would be the IPv4 address of the local router on the network, as shown in the example. However, in this topic you will only be configuring a network with switches and hosts. Routers will be configured later.

Example 28-2 SVI Configuration
Sw-Floor-1#
configure terminal
Sw-Floor-1(config)#
interface vlan 1
Sw-Floor-1(config-if)#
ip address 192.168.1.20 255.255.255.0
Sw-Floor-1(config-if)#
no shutdown
Sw-Floor-1(config-if)#
exit
Sw-Floor-1(config)#
ip default-gateway 192.168.1.1

Syntax Checker – Configure a Switch Virtual Interface (28.1.3)
Refer to the online course to complete this Activity.

Packet Tracer – Implement Basic Connectivity (28.1.4)
In this activity, you will complete the following objectives:

  • Perform a Basic Configuration on S1 and S2
  • Configure the PCs
  • Configure the Switch Management Interface
    Refer to the online course to complete this Activity.
    Configure Initial Router Settings (28.2)
    The basic router configuration is similar to that of the switch. However, the function and interfaces on a router are different and therefore there will be some differences.
    Basic Router Configuration Steps (28.2.1)
    The following tasks should be completed when configuring initial settings on a router.
    Step 1. Configure the device name.
    Router(config)#
    hostname
    hostname

Step 2. Secure privileged EXEC mode.
Router(config)#
enable secret
password

Step 3. Secure user EXEC mode.
Router(config)#
line console 0
Router(config-line)#
password
password
Router(config-line)#
login

Step 4. Secure remote Telnet / SSH access.
Router(config-line)#
line vty 0 4
Router(config-line)#
password
password
Router(config-line)#
login
Router(config-line)#
transport input
{
ssh
|
telnet
|
none
|
all
}

Step 5. Secure all passwords in the config file.
Router(config-line)#
exit
Router(config)#
service password-encryption

Step 6. Provide legal notification.
Router(config)#
banner motd
delimiter message delimiter

Step 7. Save the configuration.
Router(config)#
copy running-config startup-config
Basic Router Configuration Example (28.2.2)
In Example 28-3, router R1 will be configured with initial settings. To configure the device name for R1, use the following commands.
Example 28-3 Device name Configuration
Router>
enable
Router#
configure terminal
Enter configuration commands, one per line.
End with CNTL/Z.
Router(config)#
hostname R1
R1(config)#

Note:
Notice how the router prompt now displays the router host name.
All router access should be secured. Privileged EXEC mode provides the user with complete access to the device and its configuration, so you must secure it.
The commands in Example 28-4 secure privileged EXEC mode and user EXEC mode, enable Telnet and SSH remote access, and encrypt all plaintext (i.e., user EXEC and vty line) passwords. It is very important to use a strong password when securing privileged EXEC mode because this mode allows access to the configuration of the device.
Example 28-4 Basic Router Security
R1(config)#
enable secret class
R1(config)#
R1(config)#
line console 0
R1(config-line)#
password cisco
R1(config-line)#
login
R1(config-line)#
exit
R1(config)#
R1(config)#
line vty 0 4
R1(config-line)#
password cisco
R1(config-line)#
login
R1(config-line)#
transport input ssh telnet
R1(config-line)#
exit
R1(config)#
R1(config)#
service password-encryption
R1(config)#

The legal notification warns users that the device should only be accessed by permitted users. Legal notification can be configured like in the following Example 28-5.
Example 28-5 Banner Configuration
R1(config)#
banner motd #
Enter TEXT message. End with a new line and the #
WARNING: Unauthorized access is
prohibited! #
R1(config)#

If the router were to be configured with the previous commands and it accidently lost power, the router configuration would be lost. For this reason, it is important to save the configuration when changes are implemented. Example 28-6 shows saving the configuration to NVRAM.
Example 28-6 Saving the Configuration
R1#
copy running-config startup-config
Destination filename [startup-config]?
Building configuration…
[OK]
R1#

Leave a Reply

Your email address will not be published. Required fields are marked *