Monday, July 27, 2009

VLANs

Creating Static VLANs

Static VLANs occur when a switch port is manually assigned by the network administrator to belong to a VLAN. Each port is associated with a specific VLAN. By default, all ports are originally assigned to VLAN 1.

Using VLAN Configuration Mode


NOTE: This method is the only way to configure extended-range VLANs (VLAN IDs from 100 to 4094).

NOTE: Regardless of the method used to create VLANs, the VTP revision number is increased by 1 each time a VLAN is created or changed.


Assigning Ports to VLANs


NOTE: When the switchport mode access command is used, the port operates as a nontrunking, single VLAN interface that transmits and receives nonencapsulated frames.

An access port can belong to only one VLAN.


Using the range Command


Verifying VLAN Information


Saving VLAN Configurations

The configurations of VLANs 1 through 1005 are always saved in the VLAN database. As long as the apply or the exit command is executed in VLAN database mode, changes are saved. If you are using VLAN configuration mode, the exit command saves the changes to the VLAN database, too.

If the VLAN database configuration is used at startup, and the startup configuration file contains extended-range VLAN configuration, this information is lost when the system boots.

If you are using VTP transparent mode, the configurations are also saved in the running
configuration and can be saved to the startup configuration using the copy running-config startup-config command.

If the VTP mode is transparent in the startup configuration, and the VLAN database and the
VTP domain name from the VLAN database matches that in the startup configuration file, the VLAN database is ignored (cleared), and the VTP and VLAN configurations in the startup configuration file are used. The VLAN database revision number remains unchanged in the VLAN database.


Erasing VLAN Configurations


NOTE: When you delete a VLAN from a switch that is in VTP server mode, the VLAN is removed from the VLAN database for all switches in the VTP domain. When you delete a VLAN from a switch that is in VTP transparent mode, the VLAN is deleted only on that specific switch.

NOTE: You cannot delete the default VLANs for the different media types: Ethernet VLAN 1 and FDDI or Token Ring VLANs 1002 to 1005.

CAUTION: When you delete a VLAN, any ports assigned to that VLAN become inactive. They remain associated with the VLAN (and thus inactive) until you assign them to a new VLAN. Therefore, it is recommended that you reassign ports to a new VLAN or the default VLAN before you delete a VLAN from the VLAN database.

Monday, July 13, 2009

Configuring a Switch

Help Commands


Command Modes


Verifying Commands


Resetting Switch Configuration


Setting Host Names


Setting Passwords
Setting passwords for the 2960 series switches is the same method as used for a router.


Setting IP Addresses and Default Gateways


TIP: For the 2960 series switches, the IP address of the switch is just that—the IP address for the entire switch. That is why you set the address in VLAN 1 (the default VLAN of the switch) and not in a specific Ethernet interface.
Setting Interface Descriptions


TIP: The 2960 series switches have either 12 or 24 Fast Ethernet ports named fa0/1, fa0/2,
... fa0/24—there is no fastethernet 0/0.


Setting Duplex Operation


Setting Operation Speed


Managing the MAC Address Table


Configuring Static MAC Addresses


Switch Port Security



Verifying Switch Port Security



Sticky MAC Addresses

Sticky MAC addresses are a feature of port security. Sticky MAC addresses limit switch port access to a specific MAC address that can be dynamically learned, as opposed to a network administrator manually associating a MAC address with a specific switch port. These addresses are stored in the running configuration file. If this file is saved, the sticky MAC addresses do not have to be relearned when the switch is rebooted, and thus provide a high level of switch port security.

Tuesday, July 7, 2009

Configuring a Single Cisco Router

Router Modes


TIP: There are other modes than these. Not all commands work in all modes. Be careful. If you type in a command that you know is correct—show running-config, for example—and you get an error, make sure that you are in the correct mode.

Entering Global Configuration Mode


Configuring a Router Name
This command works on both routers and switches.

Configuring Passwords
These commands work on both routers and switches.


CAUTION: The enable secret password is encrypted by default. The enable password is not. For this reason, recommended practice is that you never use the enable password command. Use only the enable secret password command in a router or switch configuration.

You cannot set both enable secret password and enable password to the same password. Doing so defeats the use of encryption.
Interface Names

One of the biggest problems that new administrators face is the interface names on the different models of routers. With all the different Cisco devices in production networks today, some administrators are becoming confused about the names of their interfaces. The following chart is a sample of some of the different interface names for various routers.

This is by no means a complete list. Refer to the hardware guide of the specific router that you are working on to see the different combinations, or use the following command to see which interfaces are installed on your particular router:


router#show ip interface brief



Moving Between Interfaces
What happens in Column 1 is the same thing occurring in Column 3.



Configuring a Serial Interface



TIP: The clock rate command is used only on a serial interface that has a DCE cable plugged into it. There must be a clock rate set on every serial link between routers. It does not matter which router has the DCE cable plugged into it or which interface the cable is plugged into. Serial 0 on one router can be plugged into Serial 1 on another router.


Configuring a Fast Ethernet Interface

Creating a Message-of-the-Day Banner


TIP: The MOTD banner is displayed on all terminals and is useful for sending messages that affect all users. Use the no banner motd command to disable the MOTD banner. The MOTD banner displays before the login prompt and the login banner, if one has been created.


Creating a Login Banner


TIP: The login banner displays before the username and password login prompts. Use the no banner login command to disable the login banner. The MOTD banner displays before the login banner.

Setting the Clock Time Zone


Assigning a Local Host Name to an IP Address


TIP: The default port number in the ip host command is 23, or Telnet. If you want to Telnet to a device, just enter the IP host name itself:

Router#london = Router#telnet london = Router#telnet 172.16.1.3


The no ip domain-lookup Command


TIP: Ever type in a command incorrectly and are left having to wait for a minute or two as the router tries to translate your command to a domain server of 255.255.255.255? The router is set by default to try to resolve any word that is not a command to a Domain Name System (DNS) server at address 255.255.255.255. If you are not going to set up DNS, turn off this feature to save you time as you type, especially if you are a poor typist.


The logging synchronous Command


TIP: Ever try to type in a command and an informational line appears in the middle of what you were typing? Lose your place? Do not know where you are in the command, so you just press Enter and start all over? The logging synchronous command tells the router that if any informational items get displayed on the screen, your prompt and command line should be moved to a new line, so as not to confuse you.

The informational line does not get inserted into the middle of the command you are trying to type. If you were to continue typing, the command would execute properly, even though it looks wrong on the screen.


The exec-timeout Command



TIP: The command exec-timeout 0 0 is great for a lab environment because the console never logs out. This is considered to be bad security and is dangerous in the real world. The default for the exec-timeout command is 10 minutes and zero (0) seconds (exec-timeout 10 0).

Saving Configurations


Erasing Configurations


TIP: The running configuration is still in dynamic memory. Reload the router to clear the running configuration.

show Commands



EXEC Commands in Configuration Mode: The do Command


TIP: The do command is useful when you want to execute EXEC commands, such as show, clear, or debug, while remaining in global configuration mode or in any configuration submode. You cannot use the do command to execute the configure terminal command because it is the configure terminal command that changes the mode to global configuration mode.