Objectives
Upon completion of this chapter, you will be able to answer the following questions:
- How do you configure initial settings on a Cisco switch?
- How do you configure initial settings on a router?
- How do you configure devices for secure remote management?
- How do you build a network that includes a switch and router?
Key Terms
This chapter uses the following key terms. You can find the definitions in the Glossary.
switch virtual interface (SVI)
Introduction (28.0)
Hi, it’s me, Webster. You and Diego now have a good grasp of the Cisco IOS command line functions. This will make Diego’s next task much easier. At the new location, he will have to set up and configure all the devices, which will include host devices, switches and routers, and all the wiring needed. This new network must be able to communicate with the network at headquarters, as well as being able to access the internet. This is a bit more complicated than my home network, but I feel like I might be able to do it, with a little help. That is why I’m going to take this module. I hope you’ll join me!
Basic Switch Configuration (28.1)
The Cisco switch comes preconfigured and only needs to be assigned basic security information before being connected to the network. Elements that are usually configured on a LAN switch include: host name, management IP address information, passwords, and descriptive information.
Basic Switch Configuration Steps (28.1.1)
The switch host name is the configured name of the device. Just like each computer or printer is assigned a name, networking equipment should be configured with a descriptive name. It is helpful if the device name includes the location where the switch will be installed. An example might be: SW_Bldg_R-Room_216.
A management IP address is only necessary if you plan to configure and manage the switch through an in-band connection on the network. A management address enables you to reach the device through Telnet, SSH, or HTTP clients. The IP address information that must be configured on a switch is essentially the same as you configure on a PC: IP address, subnet mask, and default gateway.
In order to secure a Cisco LAN switch, it is necessary to configure passwords on each of the various methods of access to the command line. The minimum requirements include assigning passwords to remote access methods, such as Telnet, SSH and the console connection. You must also assign a password to the privileged mode in which configuration changes can be made.
Note:
Telnet sends the username and password in plaintext and is not considered secure. SSH encrypts the username and password and is, therefore, a more secure method.
Before configuring a switch, review the following initial switch configuration tasks:
- Configure the device name.
- hostname name
- Secure user EXEC mode.
- line console 0
- password password
- login
- Secure remote Telnet / SSH access.
- line vty 0 15
- password password
- login
- Secure privileged EXEC mode.
- enable secret password
- Secure all passwords in the config file.
- service password-encryption
- Provide legal notification.
- banner motd delimiter message delimiter
- Configure the management SVI.
- interface vlan 1
- ip address ip-address subnet-mask
- no shutdown
- Save the configuration.
- copy running-config startup-config
Example 28-1 show a sample switch configuration using the above commands.
Example 28-1 Sample Switch Configuration
Switch>
enable
Switch#
configure terminal
Switch(config)#
hostname S1
S1(config)#
enable secret class
S1(config)#
line console 0
S1(config-line)#
password cisco
S1(config-line)#
login
S1(config-line)#
line vty 0 15
S1(config-line)#
password cisco
S1(config-line)#
login
S1(config-line)#
exit
S1(config)#
service password-encryption
S1(config)# banner motd #No unauthorized access allowed!#
S1(config)#
interface vlan1
S1(config-if)#
ip address 192.168.1.20 255.255.255.0
S1(config-if)#
no shutdown
S1(config-if)#
end
S1#
copy running-config startup-config
Destination filename [startup-config]?
Building configuration…
[OK]
S1#