C H A P T E R 8 Operating Cisco LAN Switches LAN switches may be the most common networking device found in the Enterprise today. Most new end-user computers sold today include a built-in Ethernet NIC of some kind. Switches provide a connection point for the Ethernet devices so that the devices on the LAN can communicate with each other and with the rest of an Enterprise network or with the Internet. Cisco routers also happen to use the exact same user interface as the Cisco Catalyst switches described in this chapter. So, even though this chapter is called “Operating Cisco LAN Switches,” keep in mind that the user interface of Cisco routers works the same way. Chapter 13, “Operating Cisco Routers,” begins by summarizing the features covered in this chapter that also apply to routers. “Do I Know This Already?” Quiz The “Do I Know This Already?” quiz allows you to assess whether you should read the entire chapter. If you miss no more than one of these seven self-assessment questions, you might want to move ahead to the “Exam Preparation Tasks” section. Table 8-1 lists the major headings in this chapter and the “Do I Know This Already?” quiz questions covering the material in those sections. This helps you assess your knowledge of these specific areas. The answers to the “Do I Know This Already?” quiz appear in Appendix A. Table 8-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping Foundation Topics Section Questions Accessing the Cisco Catalyst 2960 Switch CLI 1–3 Configuring Cisco IOS Software 4–7 1828xbook.fm Page 197 Thursday, July 26, 2007 3:10 PM 198 Chapter 8: Operating Cisco LAN Switches 1. In what modes can you execute the command show mac-address-table? a. User mode b. Enable mode c. Global configuration mode d. Setup mode e. Interface configuration mode 2. In which of the following modes of the CLI could you issue a command to reboot the switch? a. User mode b. Enable mode c. Global configuration mode d. Interface configuration mode 3. Which of the following is a difference between Telnet and SSH as supported by a Cisco switch? a. SSH encrypts the passwords used at login, but not other traffic; Telnet encrypts nothing. b. SSH encrypts all data exchange, including login passwords; Telnet encrypts nothing. c. Telnet is used from Microsoft operating systems, and SSH is used from UNIX and Linux operating systems. d. Telnet encrypts only password exchanges; SSH encrypts all data exchanges. 4. What type of switch memory is used to store the configuration used by the switch when it is up and working? a. RAM b. ROM c. Flash d. NVRAM e. Bubble 1828xbook.fm Page 198 Thursday, July 26, 2007 3:10 PM “Do I Know This Already?” Quiz 199 5. What command copies the configuration from RAM into NVRAM? a. copy running-config tftp b. copy tftp running-config c. copy running-config start-up-config d. copy start-up-config running-config e. copy startup-config running-config f. copy running-config startup-config 6. Which mode prompts the user for basic configuration information? a. User mode b. Enable mode c. Global configuration mode d. Setup mode e. Interface configuration mode 7. A switch user is currently in console line configuration mode. Which of the following would place the user in enable mode? a. Using the exit command once b. Using the exit command twice in a row c. Pressing the Ctrl-z key sequence d. Using the quit command 1828xbook.fm Page 199 Thursday, July 26, 2007 3:10 PM 200 Chapter 8: Operating Cisco LAN Switches Foundation Topics When you buy a Cisco Catalyst switch, you can take it out of the box, power on the switch by connecting the power cable to the switch and a power outlet, and connect hosts to the switch using the correct UTP cables, and the switch works. You do not have to do anything else, and you certainly do not have to tell the switch to start forwarding Ethernet frames. The switch uses default settings so that all interfaces will work, assuming that the right cables and devices connect to the switch, and the switch forwards frames in and out of each interface. However, most Enterprises will want to be able to check on the switch’s status, look at information about what the switch is doing, and possibly configure specific features of the switch. Engineers will also want to enable security features that allow them to securely access the switches without being vulnerable to malicious people breaking into the switches. To perform these tasks, a network engineer needs to connect to the switch’s user interface. This chapter explains the details of how to access a Cisco switch’s user interface, how to use commands to find out how the switch is currently working, and how to configure the switch to tell it what to do. This chapter focuses on the processes, as opposed to examining a particular set of commands. Chapter 9, “Ethernet Switch Configuration,” then takes a closer look at the variety of commands that can be used from the switch user interface. Cisco has two major brands of LAN switching products. The Cisco Catalyst switch brand includes a large collection of switches, all of which have been designed with Enterprises (companies, governments, and so on) in mind. The Catalyst switches have a wide range of sizes, functions, and forwarding rates. The Cisco Linksys switch brand includes a variety of switches designed for use in the home. The CCNA exams focus on how to implement LANs using Cisco Catalyst switches, so this chapter explains how to gain access to a Cisco Catalyst switch to monitor, configure, and troubleshoot problems. However, both the Catalyst and Linksys brands of Cisco switches provide the same base features, as covered earlier in Chapters 3 and 7. Note that for the rest of this chapter, all references to a “Cisco switch” refer to Cisco Catalyst switches, not Cisco Linksys switches. Accessing the Cisco Catalyst 2960 Switch CLI Cisco uses the same concept of a command-line interface (CLI) with its router products and most of its Catalyst LAN switch products. The CLI is a text-based interface in which the user, typically a network engineer, enters a text command and presses Enter. Pressing Enter 1828xbook.fm Page 200 Thursday, July 26, 2007 3:10 PM Accessing the Cisco Catalyst 2960 Switch CLI 201 sends the command to the switch, which tells the device to do something. The switch does what the command says, and in some cases, the switch replies with some messages stating the results of the command. Before getting into the details of the CLI, this section examines the models of Cisco LAN switches typically referenced for CCNA exams. Then this section explains how a network engineer can get access to the CLI to issue commands. Cisco Catalyst Switches and the 2960 Switch Within the Cisco Catalyst brand of LAN switches, Cisco produces a wide variety of switch series or families. Each switch series includes several specific models of switches that have similar features, similar price-versus-performance trade-offs, and similar internal components. Cisco positions the 2960 series (family) of switches as full-featured, low-cost wiring closet switches for Enterprises. That means that you would expect to use 2960 switches as access switches, as shown in Figure 7-12 in Chapter 7, “Ethernet LAN Switching Concepts.” Access switches provide the connection point for end-user devices, with cabling running from desks to the switch in a nearby wiring closet. 2960 access switches would also connect to the rest of the Enterprise network using a couple of uplinks, often connecting to distribution layer switches. The distribution layer switches are often from a different Cisco switch family, typically a more powerful and more expensive product family. Figure 8-1 shows a photo of the 2960 switch series from Cisco. Each switch is a different specific model of switch inside the 2960 series. For example, the top switch in Figure 8-1 (model WS-2960-24TT-L) has 24 RJ-45 UTP 10/100 ports, meaning that these ports can negotiate the use of 10BASE-T or 100BASE-TX Ethernet. The WS-2960-24TT-L switch has two additional RJ-45 ports on the right that are 10/100/1000 interfaces, intended to connect to the core of an Enterprise campus LAN. Cisco refers to a switch’s physical connectors as either interfaces or ports. Each interface has a number in the style x/y, where x and y are two different numbers. On a 2960, the number before the / is always 0. The first 10/100 interface on a 2960 is numbered starting at 0/1, the second is 0/2, and so on. The interfaces also have names; for example, “interface FastEthernet 0/1” is the first of the 10/100 interfaces. Any Gigabit-capable interfaces would be called “GigabitEthernet” interfaces. For example, the first 10/100/1000 interface on a 2960 would be “interface gigabitethernet 0/1.” 1828xbook.fm Page 201 Thursday, July 26, 2007 3:10 PM 202 Chapter 8: Operating Cisco LAN Switches Figure 8-1 Cisco 2960 Catalyst Switch Series Cisco supports two major types of switch operating systems: Internetwork Operating System (IOS) and Catalyst Operating System (Cat OS). Most Cisco Catalyst switch series today run only Cisco IOS, but for some historical reasons, some of the high-end Cisco LAN switches support both Cisco IOS and Cat OS. For the purposes of the CCNA exams, you can ignore Cat OS, focusing on Cisco IOS. However, keep in mind that you might see terminology and phrasing such as “IOS-based switch,” referring to the fact that the switch runs Cisco IOS, not Cat OS. Switch Status from LEDs When an engineer needs to examine how a switch is working to verify its current status and to troubleshoot any problems, the vast majority of the time is spent using commands from the Cisco IOS CLI. However, the switch hardware does include several LEDs that provide some status and troubleshooting information, both during the time right after the switch has been powered on and during ongoing operations. Before moving on to discuss the CLI, this brief section examines the switch LEDs and their meanings. NOTE For the real world, note that Cisco’s most popular core switch product, the 6500 series, can run either Cisco IOS or Cat OS. Cisco also uses the term hybrid to refer to 6500 switches that use Cat OS and the term native to refer to 6500 switches that use Cisco IOS. 1828xbook.fm Page 202 Thursday, July 26, 2007 3:10 PM Accessing the Cisco Catalyst 2960 Switch CLI 203 Most Cisco Catalyst switches have some LEDs, including an LED for each physical Ethernet interface. For example, Figure 8-2 shows the front of a 2960 series switch, with five LEDs on the left, one LED over each port, and a mode button. Figure 8-2 2960 LEDs and a Mode Button The figure points out the various LEDs, with various meanings. Table 8-2 summarizes the LEDs, and additional explanations follow the table. Table 8-2 LEDs in Figure 8-2 Number in Figure 8-2 Name Description 1 SYST (system) Implies the overall system status 2 RPS (Redundant Power Supply) Suggests the status of the extra (redundant) power supply 3STAT (Status) If on (green), implies that each port LED implies that port’s status 4 DUPLX (duplex) If on (green), each port LED implies that port’s duplex (on/green is full; off means half) 5 SPEED If on (green), each port LED implies the speed of that port, as follows: off means 10 Mbps, solid green means 100 Mbps, and flashing green means 1 Gbps. 7 Port Has different meanings, depending on the port mode as toggled using the mode button 1 2 3 4 5 7 SYST 1X 1X Cisco Systems RPS STAT DUPLX SPEED MODE 6 2 1 4 3 6 5 8 7 1 0 9 1 2 1 1 1828xbook.fm Page 203 Thursday, July 26, 2007 3:10 PM 204 Chapter 8: Operating Cisco LAN Switches A few specific examples can help make sense of the LEDs. For example, consider the SYST LED for a moment. This LED provides a quick overall status of the switch, with three simple states on most 2960 switch models: ■ Off: The switch is not powered on ■ On (green): The switch is powered on and operational (Cisco IOS has been loaded) ■ On (amber): The switch’s Power-On Self Test (POST) process failed, and the Cisco IOS did not load. So, a quick look at the SYST LED on the switch tells you whether the switch is working and, if it isn’t, whether this is due to a loss of power (the SYST LED is off) or some kind of POST problem (LED amber). In this last case, the typical response is to power the switch off and back on again. If the same failure occurs, a call to the Cisco Technical Assistance Center (TAC) is typically the next step. Besides the straightforward SYST LED, the port LEDs—the LEDs sitting above or below each Ethernet port—means something different depending on which of three port LED modes is currently used on the switch. The switches have a mode button (labelled with number 6 in Figure 8-2) that, when pressed, cycles the port LEDs through three modes: STAT, DUPLX, and SPEED. The current port LED mode is signified by a solid green STAT, DUPLX, or SPEED LED (the lower three LEDs on the left part of Figure 8-2, labeled 3, 4, and 5). To move to another port LED mode, the engineer simply presses the mode button another time or two. Each of the three port LED modes changes the meaning of the port LEDs associated with each port. For example, in STAT (status) mode, each port LED implies status information about that one associated port. For example: ■ Off: The link is not working. ■ Solid green: The link is working, but there’s no current traffic. ■ Flashing green: The link is working, and traffic is currently passing over the interface. ■ Flashing amber: The interface is administratively disabled or has been dynamically disabled for a variety of reasons. In contrast, in SPEED port LED mode, the port LEDs imply the operating speed of the interface, with a dark LED meaning 10 Mbps, a solid green light meaning 100 Mbps, and flashing green meaning 1000 Mbps (1 Gbps). The particular details of how each LED works differ between different Cisco switch families and with different models inside the same switch family. So, memorizing the 1828xbook.fm Page 204 Thursday, July 26, 2007 3:10 PM Accessing the Cisco Catalyst 2960 Switch CLI 205 specific meaning of particular LED combinations is probably not required, and this chapter does not attempt to cover all combinations for even a single switch. However, it is important to remember the general ideas, the concept of a mode button that changes the meaning of the port LEDs, and the three meanings of the SYST LED mentioned earlier in this section. The vast majority of the time, switches power up just fine and load Cisco IOS, and then the engineer simply accesses the CLI to operate and examine the switch. Next, the chapter focuses on the details of how to access the CLI. Accessing the Cisco IOS CLI Cisco IOS Software for Catalyst switches implements and controls logic and functions performed by a Cisco switch. Besides controlling the switch’s performance and behavior, Cisco IOS also defines an interface for humans called the CLI. The Cisco IOS CLI allows the user to use a terminal emulation program, which accepts text entered by the user. When the user presses Enter, the terminal emulator sends that text to the switch. The switch processes the text as if it is a command, does what the command says, and sends text back to the terminal emulator. The switch CLI can be accessed through three popular methods—the console, Telnet, and Secure Shell (SSH). Two of these methods (Telnet and SSH) use the IP network in which the switch resides to reach the switch. The console is a physical port built specifically to allow access to the CLI. Figure 8-3 depicts the options. Figure 8-3 CLI Access Console User Mode Interface 2960 Switch Telnet and SSH (Short) Console Cable RJ-45 1 Console Cable - Rollover RJ-45RJ-45 8 1 8 1828xbook.fm Page 205 Thursday, July 26, 2007 3:10 PM 206 Chapter 8: Operating Cisco LAN Switches Next, this section examines each of these three access methods in more detail. CLI Access from the Console The console port provides a way to connect to a switch CLI even if the switch has not been connected to a network yet. Every Cisco switch has a console port, which is physically an RJ-45 port. A PC connects to the console port using a UTP rollover cable, which is also connected to the PC’s serial port. The UTP rollover cable has RJ-45 connectors on each end, with pin 1 on one end connected to pin 8 on the other, pin 2 to pin 7, pin 3 to pin 6, and pin 4 to pin 5. In some cases, a PC’s serial interface does not use an RJ-45 connector, an adapter must be used to convert from the PC’s physical interface—typically either a nine- pin connector or a USB connector—to an RJ-45. Figure 8-4 shows the RJ-45 end of the console cable connected to a switch and the DB-9 end connected to a laptop PC. Figure 8-4 Console Connection to a Switch As soon as the PC is physically connected to the console port, a terminal emulator software package must be installed and configured on the PC. Today, terminal emulator software includes support for Telnet and Secure Shell (SSH), which can be used to access the switch CLI via the network, but not through the console. NOTE You can also use a web browser to configure a switch, but the interface is not the CLI interface. This interface uses a tool called either the Cisco Device Manager (CDM) or Cisco Security Device Manager (SDM). Some SDM coverage is included in Chapter 17, “WAN Configuration,” in relation to configuring a router. 1828xbook.fm Page 206 Thursday, July 26, 2007 3:10 PM [...]... Figure 8- 9 Figure 8- 9 Locations for Copying and Results from Copy Operations copy tftp running-config copy running-config startup-config RAM NVRAM TFTP copy running-config tftp copy startup-config running-config copy tftp startup-config copy startup-config tftp The commands for copying Cisco IOS configurations can be summarized as follows: t t copy {tftp | running-config | startup-config} {tftp | running-config... created by Cisco IOS to manage files For example, the copy command can refer to the startup-config file as nvram:startup-config Table 8- 8 lists the alternative names for these two configuration files Table 8- 8 IFS Filenames for the Startup and Running Config Files Config File Common Name Alternative Names startup-config nvram: nvram:startup-config running-config system:running-config Initial Configuration (Setup... from this chapter and check your answers in the glossary: command-line interface (CLI), Secure Shell (SSH), enable mode, user mode, configuration mode, startup-config file, running-config file, setup mode Command References Table 8- 1 0 lists and briefly describes the configuration commands used in this chapter  182 8xbook.fm Page 227 Thursday, July 26, 2007 3:10 PM Command References Table 8- 1 0 Chapter 8 Configuration... two-key combination (the Ctrl key and the letter z) that together do the same thing as the end command 227 182 8xbook.fm Page 2 28 Thursday, July 26, 2007 3:10 PM 2 28 Chapter 8: Operating Cisco LAN Switches Table 8- 1 1 lists and briefly describes the EXEC commands used in this chapter Table 8- 1 1 Chapter 8 EXEC Command Reference Command Purpose no debug all Enable mode EXEC command to disable all currently... you change only the running-config file This means that the configuration example earlier in this chapter (Example 8- 1 ) updates only the running-config file However, if the switch lost power right after that example, all that configuration would be lost If you want to keep that configuration, you have to copy the running-config file into NVRAM, overwriting the old startup-config file  182 8xbook.fm Page 219 Thursday,... 2007 3:10 PM 226 Chapter 8: Operating Cisco LAN Switches Exam Preparation Tasks Review All the Key Topics Review the most important topics from this chapter, noted with the key topics icon Table 8- 9 lists these key topics and where each is discussed Table 8- 9 Key Topics for Chapter 8 Key Topic Element Description Page Number List A Cisco switch’s default console port settings 207 Table 8- 6 A list of configuration... session show system:running-config Same as the show running-config command show startup-config Lists the contents of the startup-config (initial config) file  182 8xbook.fm Page 229 Thursday, July 26, 2007 3:10 PM Command References Table 8- 1 1 Chapter 8 EXEC Command Reference (Continued) Command Purpose show nvram:startup-config Same as the show startup-config command show nvram: enable Moves the user from user... with the CLI configuration mode Figure 8- 1 0 and Example 8- 3 describe the process used by setup mode Setup mode is used most frequently when the switch boots, and it has no configuration in NVRAM You can also enter setup mode by using the setup command from privileged mode Figure 8- 1 0 Getting into Setup Mode Turn on switch Is NVRAM Empty? No Copy startup-config to running-config No Complete IOS Initialization... hostname fred enable secret 5 $1$wNE7$4JSktD3uN1Af5FpctmPz11 enable password notcisco line vty 0 15 password wilma no snmp-server continues 223 182 8xbook.fm Page 224 Thursday, July 26, 2007 3:10 PM 224 Chapter 8: Operating Cisco LAN Switches Example 8- 3 Initial Configuration Dialog Example (Continued) ! ! interface Vlan1 shutdown no ip address ! interface FastEthernet0/1 ! interface FastEthernet0/2 !... Erasing Configuration Files If you reload the switch at the end of Example 8- 2 , the hostname reverts to Hannah, because the running-config file has not been copied into the startup-config file However, if you want to keep the new hostname of jessie, you would use the command copy running-config startup-config, which overwrites the current startup-config file with what is currently in the running configuration file . Figure 8- 3 depicts the options. Figure 8- 3 CLI Access Console User Mode Interface 2960 Switch Telnet and SSH (Short) Console Cable RJ-45 1 Console Cable - Rollover RJ-45RJ-45 8 1 8 182 8xbook.fm. tftp b. copy tftp running-config c. copy running-config start-up-config d. copy start-up-config running-config e. copy startup-config running-config f. copy running-config startup-config 6. Which mode prompts. LEDs, with various meanings. Table 8- 2 summarizes the LEDs, and additional explanations follow the table. Table 8- 2 LEDs in Figure 8- 2 Number in Figure 8- 2 Name Description 1 SYST (system)