Your company has gained a new customer. The website is growing and the process of increasing capacity will take place in the next three days. As a Network Engineer, your job is to set up a new switch, establish separate networks for the client, ensure that the system builds the DHCP, assign the appropriate ports for access, and test the machines before they can be used. This article provides a simple and fast guide on how to configure the Cisco Switch.

Cisco Switch Configuration: Device Hardware

The first thing you need to know is the brand and model of the switch you will be using. This is important whether your company buys a new switchorthe client provides their own device, such as aCisco 2960 or Cisco 3750. If you are using a spare switch, it is recommended to inspect the device hardware and the cables connected to it for any damages.

To start, power on the switch and make sure all the indicator lights are functioning properly. Next, you will need to establish a console connection with the device. Connect your computer to the switch using a rollover cable. You will need to download and install Putty for this task, or use any other preferred tool.

Open Putty and choose a serial connection with a speed of 9600. Once you are connected to the switch, it is essential to execute and carefully examine the output of the following commands:

• show version

• show running-config

• show vlan brief

• show vtp status

For spare switches, make sure to delete the flash:vlan.dat file to erase the previous VLAN configuration.

Setup Management IP

Changing the hostname of the switch is not necessary, but many companies choose to do so for better organization and management. Therefore, you should set the switch's hostname according to your company's naming convention and then assign an IP address on the management VLAN. Additionally, ensure that the switch has a proper hostname and domain name configured.

(config)#ip domain-name routerfreak.com

(config)#hostname Switch01

(config)#interface Vlan1

(config)#description Management Vlan

(config)#ip address 192.168.101.1 255.255.255.0

Checking VTP Revision Number

IMPORTANT: Always check if the existing connected switches are using VTP (Virtual Trunking Protocol) and check their revision numbers. Do this with the show vtp status command.

By default, a new switch will have a VTP revision number of zero. The revision number determines which updates are used in a VTP Domain. When you set a VTP Domain Name, the revision number is set to zero. Each change to the VLAN database increases the revision number by one. A switch will only process data from a neighboring switch if they are in the same domain and the neighboring switch has a higher revision number.

This means that switches will update their VLAN configuration based on the VTP information sent by the switch with the highest revision number.

Therefore, make sure the switch has a revision number of zero before adding it to the network. Failing to do so will seriously impact the network's operation. You can easily reset the revision number by changing the VTP Domain Name to something else and then changing it back.

Tip: you can change the mode to transparent and then change the domain to reset it back to zero.

On config mode issue the commands:

vtp [client | server | transparent]| server | transparent]

vtp domain name

Access Ports Configuration

Now it's time to activate the access ports. Your company should have a pre-made template for configuring access ports – but if not, here are a few commands you can use:

Example of access port configuration:

description *** DESCRIPTION ***

switchport access vlan###

switchport mode access

power inline consumption###

queue-set 2

mls qos trust dscp

storm-control multicast level 50.00

no cdp enable

spanning-tree portfast

spanning-tree bpduguard enable

The way ports are set up depends on what the workstations need. In the example mentioned, it is mostly used for getting data through softphones. However, workstations that use Avaya hardphones or Cisco phones have a different configuration.

Configure the trunk ports

The newer switches no longer support ISL. To check if your switch supports ISL, enter the command "sh int g0/1 capabilities" and look for the supported trunking protocol. If ISL is supported, you need to configure the trunk port with the command "switchport trunk encapsulation dot1q". If not, simply use the command "switchport mode trunk". This means that no other encapsulation is supported, so there is no need for an encapsulation command. The switch only supports 802.1Q.

Here is a sample configuration that you can use for your trunk settings:

interface GigabitEthernet1/0/1

 description *** UPLINK ***

 switchport trunk encapsulation dot1q

 switchport mode trunk

 speed 1000

 duplex full

Configuring SSH Access

In the beginning, we completed simple network settings on the switch, such as establishing the management IP, giving it a hostname, and setting the domain name.

A switch needs RSA keys for the SSH process. Therefore, we can create these keys using crypto commands, as demonstrated below:

Switch01(config)#crypto key generate rsa

The name for the keys will be: Switch01.routefreak.com

Choose the size of the key modulus in the range of 360 to 2048 for your

General Purpose Keys. Choosing a key modulus greater than 512 may take

a few minutes.

How many bits in the modulus [512]: 1024

 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

Setup VTY Line Config

#line vty 0 4

(config-line)#transport input ssh

(config-line)#login local

(config-line)#password routerfreak

(config-line)#exit

If you have not set the console line yet, you can easily input these values:

#line console 0

(config-line)#logging synchronous

(config-line)#login local

Set the enable password using the enable secret password command. Then, set the privilege exec password with username name privilege 15 secret password.

Make sure that the password-encryption service is activated. This will encrypt the password.

Switch01#service password-encryption

To check if SSH is enabled on the Cisco device, type 'sh ip ssh' and confirm.

Now, attempt to log in from a different computer to make sure you can connect to the Cisco switch using SSH.

remote-computer#ssh 192.168..101.1

Login as: username

Password: 

Switch01>en

Password:

Switch01#

Exit and disable the new access to ensure that it is functioning correctly before proceeding to set up TACACS.

Save the configuration:

copy running-config startup-config.

Setup AAA and TACACS

AAA and TACACS collaborate to handle the security of logging into your device.

This article will guide you on how to set up AAA and TACACS with their configuration and recommended methods.

We're almost finished!

To complete the process, perform the following final steps: test access, reload the switch, prepare the cables, and label the switch.

That's all! Now it's time to install it in the rack!

If you need Switches, Routers, or need more network information, welcome to contact us www.hi-network.com (Email: [email protected])