Try   HackMD
Basic Switch Configuration

SVI Configuration – Switch Management Access

  1. Enter global configuration mode.
  2. Configure the default gateway for the switch (if it will be managed remotely from networks that are not directly connected).
  3. Enter interface configuration mode for the SVI.
  4. Configure the management interface IPv4 address.
  5. Configure the management interface IPv6 address.
  6. Enable the management interface.
  7. Return to the privileged EXEC mode.
  8. Save the running config to the startup config.
S1# configure terminal
S1(config)# ip default-gateway 172.17.99.1
S1(config)# interface vlan 99	
S1(config-if)# ip address 172.17.99.11 255.255.255.0
S1(config-if)# ipv6 address 2001:db8:acad:99::11/64	
S1(config-if)# no shutdown
S1(config-if)# end
S1# copy running-config startup-config

Because, it will receive its default gateway information from a router advertisement (RA) message, the switch does not require an IPv6 default gateway.

Switch Port Configuration – Layer 1 (Physical)

Switch ports can be manually configured with specific duplex and speed settings. Most 10/100/1000 ports operate in either half- or full-duplex mode when they are set to 10 or 100 Mbps and operate only in full-duplex mode when set to 1000 Mbps (1 Gbps).

The default setting for both duplex and speed for switch ports on many Cisco switches is auto. Autonegotiation is useful when the speed and duplex settings of the device connecting to the port are unknown or may change. When connecting to known devices such as servers, dedicated workstations, or network devices, a best practice is to manually set the speed and duplex settings.

  1. Enter global configuration mode.
  2. Enter interface configuration mode.
  3. Configure the interface duplex.
  4. Configure the interface speed.
  5. Return to the privileged EXEC mode.
  6. Save the running config to the startup config.
S1# configure terminal
S1(config)# interface FastEthernet 0/1
S1(config-if)# duplex full
S1(config-if)# speed 100
S1(config-if)# end
S1# copy running-config startup-config

Mismatched settings for the duplex mode and speed of switch ports can cause connectivity issues. Autonegotiation failure creates mismatched settings.

SSH Access Configuration

Refer to: Security Configuration — SSH Management

Switch Verification Commands

The following table summarizes some of the more useful switch verification commands:

Task IOS Commands
Display interface status and configuration. S1# show interfaces [interface-id]
Display current startup configuration. S1# show startup-config
Display current running configuration. S1# show running-config
Display information about flash file system. S1# show flash
Display system hardware and software status. S1# show version
Display history of command entered. S1# show history
Display IP information about an interface. S1# show ip interface [interface-id]
or
S1# show ipv6 interface [interface-id]
Display the MAC address table. S1# show mac-address-table
or
S1# show mac address-table

Common Interface Errors

The output from the show interfaces command is useful for detecting common media issues. Based on the output of the command, possible problems can be fixed as follows:

  • If the interface is up and the line protocol is down, a problem exists. There could be an encapsulation type mismatch, the interface on the other end could be error-disabled, or there could be a hardware problem.
  • If the line protocol and the interface are both down, a cable is not attached, or some other interface problem exists. For example, in a back-to-back connection, the other end of the connection may be administratively down.
  • If the interface is administratively down, it has been manually disabled (the shutdown command has been issued) in the active configuration.

Some media errors are not severe enough to cause the circuit to fail but do cause network performance issues. The folling sections explain some of these common errors which can be detected using the show interfaces command.

Input Errors

“Input errors” is the sum of all errors in datagrams that were received on the interface being examined. This includes runts, giants, CRC, no buffer, frame, overrun, and ignored counts. The reported input errors from the show interfaces command include the following:

Error Type Description
Runts Packets that are discarded because they are smaller than the minimum packet size for the medium. For instance, any Ethernet packet that is less than 64 bytes is considered a runt. Malfunctioning NICs are the usual cause of excessive runt frames, but they can also be caused by collisions.
Giants Packets that are discarded because they exceed the maximum packet size for the medium. For example, any Ethernet packet that is greater than 1,518 bytes is considered a giant.
CRC CRC errors are generated when the calculated checksum is not the same as the checksum received. On Ethernet and serial interfaces, CRC errors usually indicate a media or cable error. Common causes include electrical interference, loose or damaged connections, or incorrect cabling.

Output Errors

“Output errors” is the sum of all errors that prevented the final transmission of datagrams out the interface that is being examined. The reported output errors from the show interfaces command include the following:

Error Type Description
Collisions Number of messages retransmitted because of an Ethernet collision. Collisions in half-duplex operations are normal. However, you should never see collisions on an interface configured for full-duplex communication.
Late Collisions A collision that occurs after 512 bits of the frame have been transmitted. Excessive cable lengths are the most common cause of late collisions. Another common cause is duplex misconfiguration.
Last changed by 
Faelin Landy
0
282

Read more

Ruby on Rails Tutorial, pt. 1 – Ruby

Overview of the "Ruby" part of Ruby on Rails

Jan 25, 2024
ASA Firewall Configuration

ASA Firewall Configuration [toc] --- Getting Started ASA CLI Overview The ASA command line interface has a similar look and feel to the Cisco router IOS. However, the ASA CLI also has different commands. This table contrasts common IOS router and ASA commands.

Nov 21, 2021
Network Security Configuration

Network Security Configuration [toc] --- {%hackmd r8ZvM3noSwKf-NviH6Qb3Q %} Dynamic Routing Protocol Security Routing systems can be attacked by disrupting peer network routers, or by falsifying or spoofing the information carried within the routing protocols. Spoofing routing information may generally be used to cause systems to misinform each other, cause a DoS attack, or cause traffic to follow a path it would not normally follow.

Nov 21, 2021
VPN Configuration

VPN Configuration [toc] --- Overview To secure network traffic between sites and users, organizations use virtual private networks (VPNs) to create end-to-end private network connections. VPNs are private in that traffic over a VPN is encrypted to keep the data confidential while it is transported across a public network. :::info The first types of VPNs were strictly IP tunnels that did not include authentication or encryption of the data. For example, Generic Routing Encapsulation (GRE), which does not include encryption services, is used to encapsulate IPv4 and IPv6 traffic inside an IP tunnel to create a virtual point-to-point link.

Nov 18, 2021
Read more from Faelin Landy
Published on HackMD