Chapter Eight

---

Configuration of Switch

This chapter will walk you through the commands and information that are related to the configuration of switch. I will shed light on the hostnames, passwords, duplex and speed settings, interface descriptions and port security and I will explain each command and its purpose. The first on the line is the help command.

• The command switch>? will allow you to get help about different aspects of switches. The symbol ? works in the same manner as it does in a router.

Command Modes

• The command switch>enable lets you enter the user mode in the same way you do in a router.
• The command switch# will allow you to enter the privileged mode in the same way as you do in a router.
• The command switch>disable will allow you to leave the privileged mode in the same way as you do in a router.
• The command switch>exit will allow you to leave the user mode in the same way as you do in a router.

Command Verification

• The command switch#show version will allow you to see the information about the hardware and the software.
• The command switch#show interfaces will let you see the information about the configuration of interfaces and the status of the lines such as admin down, up/up and up/down.
• The command switch#show flash: will allow you to see the information about the flash memory. This feature is only available for the 2900/2950 series only.
• The command switch#show vlan will allow you to see the information about the present configuration of VLAN.
• The command switch#show mac-address-table will allow you to see the information about the forwarding table of the present MAC address.
• The command switch#show post will allow you to see the information about the POST that is switch passed.
• The command switch#show controllers ethernet-controller will allow you to see the information about the Ethernet controller.
• The command switch#show start will allow you to see the information about the present level of configuration in NVRAM.
• The command switch#show running-config will allow you to see the information about the present configuration style in NVRAM.
• The command switch#show interface vlan1 will allow you to see the information about the settings of the virtual interfaces such as VLAN1 and the default interfaces such as VLAN on the system’s switch.

Resetting Configuration

The following settings are for the 1900 series switches.

• The command 1900switch#delete vtp will allow you to remove the information about VLAN Trunking Protocol.
• The command 1900switch#delete nvram will allow you to reset the switch along the lines of the default settings.
• The command 1900switch>en will allow you to get back to the privileged mode.
• The command 1900switch#reload will allow you to restart your switch.

The following settings are for the 2900/2950 series switches.

• The command switch#delete flash:vlan.dat will allow you to delete the VLAN database from the system's flash memory.
• The command Switch#erase startup-config will allow you to delete all the files from the NVRAM.
• The command Switch#reload will allow you to restart the switch.

Setting Hostnames

For 1900 series switches:

• The command #config t will allow you to start the process of setting up the hostnames.
• The command (config)#hostname AustinSwitch will allow you to set up the name of the switch. The method is the same as for the router. The interface will appear like the following: AustinSwitch(config)#.

For 2900/2950 series switches:

• The first command is Swtich#config t.
• The command Switch(config)#hostname AustinSwitch will allow you to set up the name of the switch. The method is the same as for the router. you will see the following in the next line: 2900Switch(config)#.

Setting passwords for 1900 Series Switches:

• The command AustinSwitch(config)#enable password level1 python will allow you to set up the user mode password to python.
• The command AustinSwitch(config)#enable password level15 python1 will allow you to set up the enable mode password to python1.
• The command AustinSwitch(config)#enable secret python2 will allow you to set up the enable secret password to python2.

Setting passwords in 2900/2950 series:

• The command AustinSwitch(config)#enable password python1 will allow you to set up the enable mode password to python1.
• The command AustinSwitch(config)#enable secret password python1 will allow you to set up the encrypted secret password to python1.
• The command AustinSwitch(config)#line con 0 will allow you to enter the line console mode on the network.
• The command AustinSwitch(config-line)#login will allow you to set up and enable the passwords' checking process.
• The command AustinSwitch(config-line)#password python1 will allow you to set up the password to python1.
• The command AustinSwitch(config-line)#exit will allow you to exit the console.
• The command AustinSwitch(config-line)#line aux 0 will allow you to enter the line auxiliary mode.
• The command AustinSwitch(config-line)#login will allow you to set up and enable the checking of passwords.
• The command AustinSwitch(config-line)#password python1 will allow you to set up the enable mode password to python1.
• The command AustinSwitch(config-line)#exit will allow you to exit the line auxiliary mode.
• The command AustinSwitch(config-line)#line vty 0 4 will allow you to enter the line vty mode for all the virtual ports.
• The command AustinSwitch(config-line)#login will allow you to set up and enable the checking of the passwords.
• The command AustinSwitch(config-line)#exit will allow you to exit the line vty mode.

Setting IP Addresses

• The command AustinSwitch(config)#ip address (write ip address here) will allow you to set up the system's IP address and the mask to enable remote access to switch.

For 2900/2950 series:

• The command AustinSwitch(config)#ip address (write ip address here) will allow you to set up the system's IP address and the mask to enable remote access to switch.

Interface Descriptions

• The command AustinSwitch(config-if)#description Finance VLAN will allow you to set up and add the description for your interfaces.

For 2900/2950 series switches:

• The command AustinSwitch(config-if)#int fa0/1 will allow you to enter the interface mode.
• The command AustinSwitch(config-if)#description Finance VLAN will allow you to set up and add the description for your interfaces.

Duplex Settings

• The command AustinSwitch(config)#int e0/1 will allow you to use e0/1 on the 2900/2950 series.
• The command AustinSwitch(config-if)#duplex full will allow you to force the full-duplex operation on your network.
• The command AustinSwitch(config-if)#duplex half will allow you to force the half-duplex operation on your network.
• The command AustinSwitch(config-if)#duplex auto will allow you to force the auto-duplex configuration on your network.

Duplex Settings for 2900/2950 series:

• The command AustinSwitch(config)#int fa0/1 will allow you to start the process.
• The command AustinSwitch(config-if)#speed 10 will allow you to force the 10-Mbps operation.
• The command AustinSwitch(config-if)#speed 100 will allow you to force the 100-Mbps operation.
• The command AustinSwitch(config-if)#speed auto will allow you to force the enabling of autospeed configuration.

Web-based Interface for Configuration Setting

• The command AustinSwitch(config)#ip http server will allow you to turn on the HTTP service on your network.
• The command AustinSwitch(config)#ip http port 80 will allow you to set the port for HTTP. You will have to turn off the port security reasons unless you have to use it to do some work.

MAC Address Management

• The command AustinSwitch#show mac-address-table will allow you to see the forwarding table for the present MAC address on the network system.
• The command AustinSwitch#clear mac-address-table will allow you to erase the entries of the forwarding table for the present MAC address on the network system.
• The command AustinSwitch#clear mac-address-table dynamic will allow you to delete only the dynamic entries from the forwarding table for the present MAC address on the network system.

Configuring Static MAC Addresses

• The command AustinSwitch(config)#mac-address-table permanent x.x.x e0/1 will allow you to set up the permanent address in the present MAC address table for your interface e 0/1.
• The command AustinSwitch#clear mac-address-table perm will allow you to delete all the permanent entries that you have made in the table.

For 2900/2950 series

• The command AustinSwitch(config)#mac-address-table static x.x.x fa0/1 vlan 1 will allow you to set up the permanent address in the present MAC address table for your interface fa0/1 in VLAN 1.
• The command AustinSwitch(config)#no mac-address-table permanent x.x.x e0/1 will allow you to erase the permanent address in the present MAC address table for your interface e 0/1.

Port Security

• The command AustinSwitch(config-if)#port secure will allow you to set up security for the interface you are working in.
• The command AustinSwitch(config-if)#port secure max-mac-count 1 will allow you one MAC address in the table for the given interface.

For 2900 series:

• The command AustinSwitch(config)#int fa0/1 will allow you to set up the interface for working.
• The command AustinSwitch(config-if)#port security will allow you to set up the mode for security.
• The command AustinSwitch(config-if)#port secure max-mac-count 1 will allow you to set up only one mac address for the given interface.
• The command AustinSwitch(config-if)#port security action shutdown will allow you to shut down the port if it witnesses any kind of violation in the system.

For 2950 series:

• The command AustinSwitch(config)#int fa0/1 will allow you to set up the interface to start working in.
• The command AustinSwitch(config-if)#switchport port-security is the next command on the line.
• The command AustinSwitch(config-if)#switchport port-security mac-address sticky will allow you to initiate the process of conversion of MAC addresses to secure and sticky addresses. The MAC address that is learned first will be accepted on the port.
• The command AustinSwitch(config-if)#switchport port-security maximum 1 will allow you to give one address for the interface.
• The command AustinSwitch(config-if)#switchport port-security violation shutdown will allow the port to shut down when it witnesses some kind of violation in the network system.

Port Security Violation

• The command AustinSwitch#show mac-address-table security will allow you to see the MAC address table that is packed up with the maximum security information.
• The command AustinSwitch#show port security will allow you to see the MAC address table that is packed up with the maximum security information.

2900 Switch Configuration

• The command switch>en will allow you to enter the privileged mode of the system network.
• The command switch#config t will allow you to enter the global configuration mode in the network.
• The command switch(config)#no ip domain-lookup will turn off the DNS queries so that the spelling mistakes will keep you from slowing down in the midst of the process.
• The command switch(config)#hostname AustinSwitch will allow you to set up the name of the host. You can choose the name you like for the system.
• The command AustinSwitch(config)#enable secret python1 will allow you to set up the secret password to python1.
• The command AustinSwitch(config)#line con 0 will allow you to enter the line console.
• The command AustinSwitch(config-line)#logging synchronous will allow you to append different commands to the new line. The router information will not interrupt the sequence.
• The command AustinSwitch(config-line)#login will allow the user to log in the console before he or she can use it.
• The command AustinSwitch(config-line)#password python2 will allow you to set up the password to python2.
• The command AustinSwitch(config-line)#exec-timeout 0 0 will allow the console not to log out of the system.
• The command AustinSwitch(config-line)#exit will allow you to switch back to the global configuration mode.
• The command AustinSwitch(config)#line aux 0 will allow you to switch to the line auxiliary mode in a network system.
• The command AustinSwitch(config-line)#password python2 will allow you to change and set up the password to python2.
• The command AustinSwitch(config-line)#exit will allow you to switch back to the global configuration mode.
• The command AustinSwitch(config)#line vty 0 15 will allow you to switch back to the configuration mode for all the 16 vty ports at the same time.
• The command AustinSwitch(config-line)#login will allow you to log in on the system to use the vty ports.
• The command AustinSwitch(config-line)#password python2 will allow you to change and set up the password to python2.
• The command AustinSwitch(config-line)#exit will allow you to switch back to the global configuration mode.
• The command AustinSwitch(config)#ip default-gateway 192.168.1.1 will allow you to set up the gateway to default.
• The command AustinSwitch(config)#int vlan 1 will allow you to switch back to the virtual interface VLAN 1.
• The command AustinSwitch(config-if)#ip add (enter ip address here) will allow you to set up the switch's IP address.
• The command AustinSwitch(config-if)#no shut will allow you to switch on the virtual interface.
• The command AustinSwitch(config-if)#int fa 0/1 will allow you to switch back to the interface fa 0/1.
• The command AustinSwitch(config-if)#desc Link to Router will allow you to set up the local description.
• The command AustinSwitch(config-if)#int fa 0/4 will allow you to switch back to the interface fa 0/4.
• The command AustinSwitch(config-if)#desc Link to Workstation A will allow you to set up the interface's local description.
• The command AustinSwitch(config-if)#port security will allow you to activate the system's port security.
• The command AustinSwitch(config-if)#port security max-mac-count 1 will allow you to include one MAC address into the MAC table.
• The command AustinSwitch(config-if)#port security action shutdown will allow you to turn off the port if multiple MAC addresses are reported in the system.
• The command AustinSwitch(config-if)#int fa 0/8 will allow you to switch back to the interface fa 0/8.
• The command AustinSwitch(config-if)#desc Link to Workstation B will allow you to set up the interface's local description.
• The command AustinSwitch(config-if)#port security will allow you to activate the system's port security.
• The command AustinSwitch(config-if)#port security max-mac-count 1 will allow you to include one MAC address into the MAC table.
• The command AustinSwitch(config-if)#port security action shutdown will allow you to turn off the port if multiple MAC addresses are reported in the system.
• The command AustinSwitch(config-if)#port security action shutdown will allow you to turn off the port if multiple MAC addresses are reported in the system.
• The command AustinSwitch(config-if)#exit will allow you to switch back to the global configuration mode.
• The command AustinSwitch(config)#exit will allow you to switch back to the privileged mode.
• The command AustinSwitch#copy run start will allow you to save the configurations to NVRAM.

Spanning Tree Protocol

In this section, I will explain the concept of spanning-tree verification and the troubleshooting process.

Verifying Spanning-Tree Protocol

• The command AustinSwitch#show spanning-tree brief will allow you to see the spanning-tree table for the switch.
• The command AustinSwitch#show spanning-tree will allow you to see the spanning-tree table for the switch.
• The command AustinSwitch#show spanning-tree int fa 0/17will allow you to see the information on spanning-tree for the port fa 0/17.
• The command AustinSwitch#show spanning-tree vlan y will allow you to see the information about the spanning-tree for a particular VLAN.
• The command AustinSwitch#show spanning-tree {all} will allow you to see the information about the changes in the topology in spanning-tree.

Changing Spanning-tree Priority of the Switch

• The command AustinSwitch(config)#spanning-tree priority 15 will allow you to set the priority at will. The number at the end of the command can be any in between 1 and 65535. A lower number indicates a better chance of electing the root bridge. The default number for the priority is 32768.
• The command AustinSwitch(config)#spanning-tree vlan 1 priority 15 will allow you to set the priority at will. The number at the end of the command can be any in between 1 and 65535. A lower number indicates a better chance of electing the root bridge. The default number for the priority is 32768.
• The command AustinSwitch#spanning-tree vlan y root will allow you to shift the switch to root switch for VLAN y by dropping he priority to 24576 or less than the present root bridge.

Changing the Spanning Tree Cost

• The first command on the line is AustinSwitch#config t.
• The command AustinSwitch(config)#int fa 0/1 will allow you to start the interface.
• The command AustinSwitch(config)#spanning-tree cost y will allow you to set up the cost for the spanning tree to the specified value of y.

Changing Spanning Tree

• The command AustinSwitch(config)#int fa 0/1 will allow you to start the interface.
• The command AustinSwitch(config)#spanning-tree portfast will allow you to force the port to shift back to the forwarding state, without transitioning through the learning states, the blocking, and the listening processes. You can save about 50 seconds of the wait time by going through this process. This is the best command on the access ports that you will never be able to hook up to some other switch.

Portfast BPDU Guard Command

• The command AustinSwitch#config t will allow you to start the configuration mode.
• The command AustinSwitch(config)#spanning-tree portfast bpduguard will allow you to enable the BPDU Guard for your network system's interfaces.
• The command AustinSwitch(config)#errdiable recovery cause bpduguard will allow the port to get re-enabled after setting up a recovery timer.
• The command AustinSwitch(config)#errdiable recovery interval 500 will allow the port to get re-enabled after setting up a recovery timer to 500 seconds. The default timer is 300 seconds.
• The command AustinSwitch(config)#show spanning-tree summary totals will allow you to verify whether the BPDU Guard remains enabled or not.
• The command AustinSwitch#show errdisable recovery will allow you to see the information about the errdisable recovery timer.

Configuration of EtherChannel

• The command AustinSwitch#config t will allow you to start the configuration mode.
• The command AustinSwitch(config)#int fa 0/11 will allow you to start the interface.
• The command AustinSwitch(config-if)channel-group y mode on will allow you to start the mode for channel groups. In the command, y is the total number of channel groups. It must watch the other interfaces.
• The command AustinSwitch(config)#int fa 0/12 will allow you to start the interface.
• The command AustinSwitch(config-if)channel-group y mode on will allow you to start the mode for channel groups. In the command, y is the total number of channel groups. It must watch the other interfaces.

Verification

• The command AustinSwitch#show etherchannel y detail will allow you to see comprehensive information about the ether channel.
• The command AustinSwitch#show etherchannel y port will allow you to see comprehensive information about the EtherChannel port.
• The command AustinSwitch#show etherchannel y port-channel will allow you to see comprehensive information about the port channel.
• The command AustinSwitch#show etherchannel y summary will allow you to see the one-line summary information about per channel-groups.

The EtherChannel may combine about two to eight parallel links of Ethernet. The 1900 switches need 9.00.03 or the later Enterprise Edition software, the 2900 switches need the IOS 11.2(8)SA or later versions and the 2950 switches need the IOS 12.0(5.2)WC(1). You can set up the auto mode, the desirable mode and the on mode.

The auto mode tells the switch to wait for the other switches to kick off the EtherChannel negotiations. If the auto mode is set on both sides, the EtherChannel will never be able to form. Both sides will keep waiting for the other side to initiate negotiations. The desirable mode tells the switch that it is willing to turn the EtherChannel on. The on mode tells the switch that it wants to form the Ether Channel.