Console> enable
Enter password:
5.Because you have not yet set a Privileged EXEC mode password, pressing Enter will put you into Privileged EXEC mode. The console will show the following prompt:
Console> (enable)
∙You are now in Privileged EXEC mode.
Warning Starting here, all configuration changes are executed and saved to memory immediately.
Setting the Login and Enable Passwords
Because you don’t want the janitor coming in and trying to configure your networks, you need to configure a password. You should close your security hole to prevent unauthorized access to your switch.
1.To set a password for user access, enter the following command in Privileged EXEC mode (the new password is noaccess):
Console> (enable) set password
Enter old password: <press enter>
Enter new password: noaccess
Retype new password: noaccess
Password changed.
2.Now add an additional layer of security by changing the password to enter Privileged EXEC mode on your switch. It looks similar to the User EXEC mode change. For security purposes, the password will be masked. To change the Privileged EXEC mode password, enter the following (set the password as noone):
Console> (enable) set enablepass
Enter old password: <press enter>
Enter new password: noone
Retype new password: noone
Password changed.
Tip |
At any time, you can type “?” or “help” to access the CLI help facility. For help on specific |
|
|
commands, you can enter the command followed by a question mark; for example, set ? or set |
|
|
help. |
|
Related solutions: |
Found on page: |
|
Creating a Standard Access List |
402 |
|
Creating an Extended Access List |
403 |
|
Enabling Port Security |
411 |
|
Changing the Console Prompt
The switch prompt is set by default to Console>. To help you to identify the switch you are configuring—especially when you Telnet into your switch—you should name the switch prompt something
that identifies it. If you fail to identify the switch correctly, it can be pretty embarrassing to work on the wrong switch. To change your hostname to CORIOLIS5000, use the following command:
Console(enable) set prompt CORIOLIS5000
CORIOLIS5000(enable)
Remember, you are still in Privileged EXEC mode, and the change will take place immediately.
43
Entering a Contact Name and Location Information
Next, let’s set the contact name for the person or organization that is administering this switch. Use the following commands to set the switch contact and location:
CORIOLIS5500(enable) set system contact Joe Snow
CORIOLIS5500(enable) set system location Coriolis Wiring Closet
Configuring System and Time Information
For troubleshooting with SNMP and Cisco Discovery Protocol (CDP), you need to configure system information to identify the switch. By setting the correct date and time, you can be assured that error or log messages will be accurate. To make changes to the system information, use the following commands:
CORIOLIS5500(enable) set system name CORIOLIS−5500
CORIOLIS5500(enable) set time Sun 10/08/00 23:59:00
Configuring an IP Address and Netmask
Before you can Telnet, ping, or manage the switch remotely, you need to define an IP address and netmask for the console port and assign it to a VLAN. By default, the switch console is in VLAN1. The syntax for setting up a console interface is:
set interface sc0 [vlan] [ip address] [subnet mask] [broadcast address]
For example, to set up a console with the IP address 68.187.127.1 and a netmask of 255.255.255.0 in VLAN2, you would enter the following command:
Console (enable) set interface sc0 2 68.187.127.1 255.255.255.0
Interface sc0 vlan set, IP address and netmask set.
Note It is only necessary to enter the broadcast address if the address entered is something other than a Class A, B, or C address.
Serial Line Internet Protocol (SLIP) access can also be set up for the console port. SLIP is an older method of connecting to network devices. When you configure the SLIP (sl0) interface, you can open a point−to−point connection to the switch through the console port from a workstation. The command syntax for configuring a SLIP interface is:
set interface sl0 slip_addr dest_addr
To configure a SLIP interface, enter the following:
Console> (enable) set interface sl0 68.187.127.1 68.187.127.2
Interface sl0 slip and destination address set.
Console> (enable) slip attach
Console Port now running SLIP.
The console port must be used for the SLIP connections. If you use the console port to access the switch when you enter the slip attach command, you will lose the console port connection. When the SLIP connection is enabled and SLIP is attached on the console port, an Electronic Industries Association/Telecommunications Industry Association−232 (EIA/TIA−232) or dumb terminal cannot connect through the console port.
To see the interface IP information that has been configured, use the following command:
Console> (enable) show interface sl0: flags=51<UP,POINTOPOINT,RUNNING>
slip 68.187.127.1 dest 68.187.127.2
44
sc0: flags=63<UP,BROADCAST,RUNNING>
vlan 1 inet 68.187.127.1 netmask 255.255.255.0 broadcast 68.187.127.1
Console> (enable)
Configuring a Default Route and Gateway
Data traffic not addressed to the local subnet or VLAN must be sent to a default route or destination. For redundancy purposes, a secondary default gateway can be configured if the primary gateway link is lost. The switch attempts to use the secondary gateways in the order they were configured, unless the syntax primary is used. The switch will send periodic pings to determine if each gateway has lost connectivity. If the primary gateway loses its link, it begins forwarding to the secondary default gateway. When connectivity to the primary gateway link is restored, the switch resumes sending traffic to the primary gateway.
You can define up to three default IP gateways. The first gateway configured becomes the primary default gateway. If multiple gateways are defined, the last primary gateway configured is the primary default gateway. You can also use the primary subcommand to make a certain IP address the defined primary default gateway. The rest become secondary in the event of a network problem, as shown here:
Console> (enable) set ip route default 68.187.127.1
Route added.
Console> (enable) set ip route default 68.187.127.2 primary
Route added.
Viewing the Default Routes
The following command allows you to see the default routes on both the Cisco IOS−based command−line interfaces:
Console> (enable) show ip route
Fragmentation |
Redirect |
Unreachable |
————————————— |
———————— |
——————————— |
enabled |
enabled |
enabled |
The primary gateway: 68.187.127.1 |
|
|
|
||
Destination |
Gateway |
RouteMask |
Flags |
Use |
Interface |
——————————— |
——————— |
————————— |
————— |
————— |
————————— |
default |
68.187.127.1 |
0x0 |
UG |
100 |
sc0 |
default |
68.187.127.2 |
0x0 |
G |
0 |
sc0 |
Configuring Port Speed and Duplex
You can manually set 10Mbps and 100Mbps ports. Occasionally, you will find an interface that cannot autonegotiate the speed correctly. You can choose from three syntaxes:
∙10—10Mbps traffic only
∙100—100Mbps traffic only
∙auto—Autonegotiates the speed of the traffic on the port
Let’s take a look at some examples. To configure port 3 on module 2 to auto−negotiate, use the following command:
Console? (enable) set port speed 2/3 auto
Port 2/3 set to auto−sensing mode.
You can also enter multiple ports’ consecutive port numbers. The following example configures ports 1 through 8 on the same line card used in the previous example to 100Mbps:
45
SeansSwitch |
(enable) set |
port speed |
? |
<mod/port> |
|
Module |
number and Port number(s) |
SeansSwitch |
(enable) set |
port speed 2/1 ? |
|
auto |
|
Set speed to auto |
|
<port_speed> |
Port speed (4, 10, 16, 100 or 1000) |
||
SeansSwitch |
(enable) set |
port speed 2/1−8 100 |
|
Ports 2/1−8 |
transmission |
speed set to 100Mbps. |
|
SeansSwitch |
(enable) |
|
|
To manually configure a line card port to full duplex, use the following command:
SeansSwitch |
(enable) set port duplex ? |
|
<mod/port> |
Module number and Port number(s) |
|
SeansSwitch |
(enable) set port duplex 2/1 |
? |
full |
Full duplex |
|
half |
Half duplex |
|
SeansSwitch |
(enable) set port duplex 2/1 |
full |
Port(s) 2/1 |
set to full−duplex. |
|
SeansSwitch |
(enable) |
|
Note The possible syntaxes are full or half, representing full duplex or half duplex.
Enabling SNMP
SNMP is used by SNMP management stations to monitor network devices such as switches. By configuring operating thresholds, you can configure SNMP to generate trap messages when changes or problems occur on a switch.
There are three levels of access for configuring SNMP. The levels of access are defined by the information configured on the switch; the accessing management station must abide by those given sets of rights. The levels can be defined with community string configuration or by trap receivers, as follows:
∙Read−only—Allows management stations to read the SNMP information but make no configuration changes.
∙Read−write—Allows management stations to set SNMP parameters on the switch with the exception of community strings.
∙Read−write−all—Allows complete access to the switch. The SNMP management stations can alter all information and community strings.
The following commands are examples of how to configure all three types of access and set the functions of the SNMP management stations:
Console> (enable) set snmp community read−only public
SNMP read−only community string set to Ôpublic’.
Console> (enable) set snmp community read−write public2
SNMP read−write community string set to Ôpublic2’.
Console> (enable) set snmp community read−write−all public3
SNMP read−write−all community string set to Ôpublic3’.
Configuring Trap Message Targets
You can configure trap message receivers by specifying the IP address of each receiver and the access type allowed. You must then enable SNMP traps, as shown here:
Console> (enable) set snmp trap 68.187.127.6 read−write−all
SNMP trap receiver added.
Console> (enable) set snmp trap 68.187.127.4 read−write
SNMP trap receiver added.
Console> (enable) set snmp trap enable all
All SNMP traps enabled.
46
Configuring a Menu−Driven IOS
The Catalyst 3000 series has a menu−driven switch interface, which allows you to use the arrow keys on your keyboard to select the different options used to configure the switch. As with the other two types of interfaces, you need to connect the switch to a dumb terminal or PC. This switch, however, supports a process known as autobaud, which allows you to press the Enter key several times to get the switch’s attention. The switch will then automatically configure the console port to the correct baud rate. Here’s how to do it:
1.The first screen you come to shows the MAC address assigned to the switch and the system contact, and asks you to type in the password. If this is the initial configuration, press the Enter key to continue. This will bring you to the Main menu, shown in Figure 2.3. No password is configured when the switch has just been loaded with a new IOS or straight out of the box.
Figure 2.3: : The main menu of the menu−driven IOS.
2.Because you are going to configure the switch, choose the Configuration option. You are presented with two options. You can choose either Serial Link Configuration to configure the console port, or Telnet Configuration to configure Telnet.
When you enter the Configuration menu, you will notice that you are given the option to configure your switch for options that are not available without certain add−on or module cards for your switch. This is more evident if you have the Enhanced Feature Set, which is now the standard for the Cisco 3000 series. Without the Enhanced Feature Set, you will not have VLAN and EtherChannel menu options. In this example you’ll be configuring a Cisco 3000 series switch with the Enhanced Feature Set, as depicted in Figure 2.4.
Figure 2.4: The Configuration menu of the menu−driven IOS.
Tip |
If you make a mistake in your configuration, you can use Ctrl+P to exit the switch |
|
without saving changes. Use the Exit Console or Return To Previous Menu option to |
|
save your changes and exit the switch configuration mode. |
3.You have the option of choosing a time−out value for the console session. If you would like to disable time−outs, enter a zero. Otherwise, enter a time in minutes from 1 to 1,440.
47