2.9 2 Lab Basic Switch And End Device Configuration

Let's dive into the essential world of network configuration, focusing on basic switch and end device setup. This foundational knowledge is crucial for anyone looking to build, manage, or troubleshoot a small to medium-sized network. Understanding how to properly configure switches and end devices is the bedrock upon which more complex networking skills are built.

Understanding the Basics

Before we jump into specific configurations, it's vital to understand the roles of switches and end devices in a network.

• Switches: These are the traffic directors of your network. They intelligently forward data packets to the correct destination based on MAC addresses. Unlike hubs, which blindly broadcast data, switches learn which devices are connected to each port and forward traffic only to the intended recipient. This significantly improves network efficiency and security.
• End Devices: These are the devices that users interact with directly, such as computers, laptops, smartphones, printers, and servers. They generate and consume data on the network. End devices need to be properly configured with IP addresses, subnet masks, default gateways, and DNS server information to communicate effectively.

Basic Switch Configuration: A Step-by-Step Guide

Configuring a switch typically involves accessing its command-line interface (CLI). This can be done through a console connection, SSH, or Telnet. Most modern switches favor SSH for its enhanced security. Let's walk through the essential configuration steps.

1. Accessing the Switch CLI:

• Console Connection: Use a console cable (usually a rollover cable) to connect your computer to the switch's console port. Use a terminal emulation program like PuTTY or Tera Term to access the CLI. Configure the terminal settings:
  • Baud rate: 9600
  • Data bits: 8
  • Parity: None
  • Stop bits: 1
  • Flow control: None
• SSH (Secure Shell): SSH provides a secure, encrypted connection to the switch. To use SSH, you'll need to configure an IP address and enable SSH on the switch.
• Telnet: Telnet is an older, less secure protocol. It's generally not recommended for production environments due to its lack of encryption.

2. Entering Enable Mode:

Once you've accessed the CLI, you'll be in user EXEC mode. To configure the switch, you need to enter privileged EXEC mode (also known as enable mode). Type enable and press Enter. You may be prompted for a password. If a password hasn't been configured, you'll enter enable mode directly. The prompt will change to Switch#.

3. Entering Global Configuration Mode:

From enable mode, you can enter global configuration mode. This is where you'll make most of the changes to the switch's configuration. Type configure terminal or conf t for short, and press Enter. The prompt will change to Switch(config)#.

4. Setting the Hostname:

It's good practice to give your switch a descriptive hostname. This makes it easier to identify the switch on the network. Use the hostname command followed by the desired hostname. For example:

Switch(config)# hostname DistributionSwitch01
DistributionSwitch01(config)#

5. Securing Access:

Security is paramount. The following steps are essential for securing your switch.

• Enable Secret Password: This encrypts the enable password, making it much harder to crack.

  DistributionSwitch01(config)# enable secret class
  

  Replace class with a strong password.

• Console Password: Set a password for the console port to prevent unauthorized access.

  DistributionSwitch01(config)# line console 0
  DistributionSwitch01(config-line)# password cisco
  DistributionSwitch01(config-line)# login
  DistributionSwitch01(config-line)# exit
  

  Replace cisco with a strong password.

• VTY (Virtual Terminal) Passwords: VTY lines are used for Telnet and SSH access. Set a password for these lines as well.

  DistributionSwitch01(config)# line vty 0 15
  DistributionSwitch01(config-line)# password cisco
  DistributionSwitch01(config-line)# login
  DistributionSwitch01(config-line)# exit
  

  Again, replace cisco with a strong password.

• SSH Configuration: For enhanced security, configure SSH. This involves generating cryptographic keys and enabling SSH on the VTY lines.

  DistributionSwitch01(config)# ip domain-name example.com
  DistributionSwitch01(config)# crypto key generate rsa modulus 2048
  DistributionSwitch01(config)# line vty 0 15
  DistributionSwitch01(config-line)# transport input ssh
  DistributionSwitch01(config-line)# login local
  DistributionSwitch01(config-line)# exit
  

  This configuration sets the domain name, generates RSA keys (2048-bit is a good balance between security and performance), and configures the VTY lines to only allow SSH connections, using local authentication (user accounts).

• Creating Local User Accounts: Instead of relying solely on passwords for VTY lines, create local user accounts.

  DistributionSwitch01(config)# username admin privilege 15 secret strongpassword
  

  This creates a user named "admin" with privilege level 15 (full administrative access) and a strong, encrypted password. When SSH is configured to use login local, it will prompt for these credentials.

• Banner Message: Display a banner message to warn unauthorized users.

  DistributionSwitch01(config)# banner motd # WARNING: Unauthorized access is prohibited! #
  

  The # character is used as a delimiter for the message.

6. Configuring VLANs (Virtual LANs):

VLANs segment your network into logical broadcast domains. This improves security and performance.

• Creating a VLAN:

  DistributionSwitch01(config)# vlan 10
  DistributionSwitch01(config-vlan)# name Users
  DistributionSwitch01(config-vlan)# exit
  

  This creates VLAN 10 and names it "Users."

• Assigning Ports to VLANs:

  DistributionSwitch01(config)# interface GigabitEthernet0/1
  DistributionSwitch01(config-if)# switchport mode access
  DistributionSwitch01(config-if)# switchport access vlan 10
  DistributionSwitch01(config-if)# exit
  

  This assigns port GigabitEthernet0/1 to VLAN 10. The switchport mode access command specifies that the port is an access port, meaning it's designed to connect to a single end device.

• Creating Trunk Ports: Trunk ports carry traffic for multiple VLANs. This is used to connect switches together.

  DistributionSwitch01(config)# interface GigabitEthernet0/24
  DistributionSwitch01(config-if)# switchport mode trunk
  DistributionSwitch01(config-if)# switchport trunk encapsulation dot1q
  DistributionSwitch01(config-if)# switchport trunk allowed vlan 10,20,30
  DistributionSwitch01(config-if)# exit
  

  This configures port GigabitEthernet0/24 as a trunk port, using the 802.1Q encapsulation protocol, and allows VLANs 10, 20, and 30 to pass over the trunk.

7. Configuring Port Security:

Port security limits the number of MAC addresses that can be learned on a port. This helps prevent MAC address flooding attacks.

DistributionSwitch01(config)# interface GigabitEthernet0/2
DistributionSwitch01(config-if)# switchport port-security
DistributionSwitch01(config-if)# switchport port-security maximum 1
DistributionSwitch01(config-if)# switchport port-security violation restrict
DistributionSwitch01(config-if)# exit

This enables port security on GigabitEthernet0/2, limits the number of allowed MAC addresses to 1, and sets the violation mode to "restrict," which means that when a violation occurs, the port will drop traffic from unknown MAC addresses and log the event.

8. Configuring Spanning Tree Protocol (STP):

STP prevents loops in the network. While modern networks often use Rapid Spanning Tree Protocol (RSTP) or Multiple Spanning Tree Protocol (MSTP), understanding the basics of STP is important.

DistributionSwitch01(config)# spanning-tree mode rapid-pvst

This enables Rapid PVST+, a per-VLAN version of RSTP.

9. Saving the Configuration:

It's crucial to save your configuration. Otherwise, your changes will be lost when the switch is rebooted.

DistributionSwitch01# copy running-config startup-config

This copies the running configuration (the current configuration in RAM) to the startup configuration (the configuration stored in NVRAM).

10. Verifying the Configuration:

Use the show commands to verify your configuration.

• show running-config: Displays the current running configuration.
• show vlan brief: Displays a summary of VLANs.
• show interface status: Displays the status of interfaces.
• show ip interface brief: (If the switch has an IP address) Displays a summary of interface IP addresses.
• show port-security interface GigabitEthernet0/2: Displays the port security configuration for a specific interface.

Basic End Device Configuration

Configuring end devices involves assigning them IP addresses, subnet masks, default gateways, and DNS server information. This can be done manually or automatically using DHCP (Dynamic Host Configuration Protocol).

1. Manual Configuration:

• Windows: Go to Control Panel > Network and Internet > Network and Sharing Center > Change adapter settings. Right-click on your network adapter and select Properties. Select "Internet Protocol Version 4 (TCP/IPv4)" and click Properties. Select "Use the following IP address" and enter the IP address, subnet mask, default gateway, and DNS server addresses.
• macOS: Go to System Preferences > Network. Select your network interface (e.g., Ethernet or Wi-Fi) and click Advanced. Go to the TCP/IP tab and configure the IP address, subnet mask, and router (default gateway). Go to the DNS tab and add DNS server addresses.
• Linux: The configuration process varies depending on the distribution. Common methods include using NetworkManager or editing configuration files such as /etc/network/interfaces or /etc/netplan/.

Example Configuration (Windows):

• IP Address: 192.168.1.10
• Subnet Mask: 255.255.255.0
• Default Gateway: 192.168.1.1
• Preferred DNS Server: 8.8.8.8
• Alternate DNS Server: 8.8.4.4

2. DHCP Configuration:

DHCP automatically assigns IP addresses and other network settings to end devices. To use DHCP, the end device needs to be configured to obtain an IP address automatically.

• Windows: In the TCP/IPv4 properties, select "Obtain an IP address automatically" and "Obtain DNS server address automatically."
• macOS: In the TCP/IP tab, select "Using DHCP."
• Linux: In NetworkManager, select "Automatic (DHCP)." When using configuration files, set the interface to use DHCP.

A DHCP server needs to be present on the network to provide IP addresses. This is often a router or a dedicated DHCP server.

3. Verifying the Configuration:

• Windows: Use the ipconfig command in the Command Prompt to display the network configuration.
• macOS: Use the ifconfig command in the Terminal to display the network configuration.
• Linux: Use the ip addr or ifconfig command to display the network configuration.

4. Testing Connectivity:

Use the ping command to test connectivity to other devices on the network and to the internet.

• ping 192.168.1.1 (ping the default gateway)
• ping 8.8.8.8 (ping a public DNS server)
• ping google.com (ping a website)

Advanced Configuration Considerations

While the above steps cover basic configuration, there are many more advanced configuration options available.

• Quality of Service (QoS): QoS allows you to prioritize certain types of traffic over others. This is useful for ensuring that voice and video traffic receive preferential treatment.
• Link Aggregation (LAG): LAG allows you to combine multiple physical links into a single logical link. This increases bandwidth and provides redundancy.
• Routing Protocols: For larger networks, routing protocols such as OSPF or BGP are used to dynamically learn network routes.
• Network Monitoring: Implement network monitoring tools to track network performance and identify potential problems.

Troubleshooting Common Issues

Even with careful configuration, problems can still occur. Here are some common issues and how to troubleshoot them.

• Connectivity Issues: If a device cannot connect to the network, check the following:
  • Is the device physically connected to the network?
  • Is the device configured with the correct IP address, subnet mask, and default gateway?
  • Is the switch port configured correctly?
  • Is there a firewall blocking traffic?
• Slow Network Performance: If the network is running slowly, check the following:
  • Is the network congested?
  • Are there any network loops?
  • Are there any faulty network devices?
• Security Issues: If you suspect a security breach, check the following:
  • Are the switch passwords strong and secure?
  • Is SSH enabled?
  • Is port security configured?
  • Are there any unauthorized devices on the network?

Practical Examples

Let's illustrate these concepts with a couple of practical examples.

Scenario 1: Setting up a small office network

Imagine a small office with 10 employees. You need to set up a network that allows them to share files, access the internet, and print documents.

1. Choose a switch: Select a 24-port Gigabit Ethernet switch. This provides enough ports for all the employees and some room for expansion.
2. Configure the switch:
   • Set the hostname.
   • Secure access with enable secret, console password, and VTY passwords.
   • Create a VLAN for the employees (e.g., VLAN 10).
   • Assign the switch ports to VLAN 10.
   • Enable port security on each port.
   • Configure STP.
   • Save the configuration.
3. Configure the end devices (computers):
   • Assign each computer a static IP address in the 192.168.1.0/24 network (e.g., 192.168.1.10, 192.168.1.11, etc.).
   • Set the subnet mask to 255.255.255.0.
   • Set the default gateway to the IP address of the router (e.g., 192.168.1.1).
   • Set the DNS server addresses to 8.8.8.8 and 8.8.4.4.
4. Configure the printer:
   • Assign the printer a static IP address in the 192.168.1.0/24 network (e.g., 192.168.1.20).
   • Set the subnet mask to 255.255.255.0.
   • Set the default gateway to the IP address of the router (e.g., 192.168.1.1).

Scenario 2: Expanding an existing network

You have an existing network and need to add a new department with 5 employees.

1. Choose a switch: Select an 8-port Gigabit Ethernet switch.
2. Configure the switch:
   • Set the hostname.
   • Secure access.
   • Create a new VLAN for the new department (e.g., VLAN 20).
   • Assign the switch ports to VLAN 20.
   • Enable port security.
   • Configure STP.
   • Configure a trunk port to connect the new switch to the existing switch.
   • Save the configuration.
3. Configure the end devices (computers):
   • Assign each computer a static IP address in a new subnet (e.g., 192.168.2.0/24).
   • Set the subnet mask to 255.255.255.0.
   • Set the default gateway to the IP address of the router (or a Layer 3 switch that can route between the subnets).
   • Set the DNS server addresses.
4. Configure routing:
   • Configure routing on the router (or Layer 3 switch) to allow traffic to flow between the existing network (192.168.1.0/24) and the new network (192.168.2.0/24).

Conclusion

Mastering basic switch and end device configuration is a fundamental skill for anyone working with networks. By understanding the concepts and following the steps outlined in this article, you can build and manage a secure and efficient network. Remember to always prioritize security, plan your network carefully, and document your configurations. As your network grows and becomes more complex, you can build upon these basic skills to implement more advanced features and technologies. Regular practice and continuous learning are key to becoming a proficient network administrator.