Difference between revisions of "Cisco Switches"
(First save) |
(Untagged trunk ports) |
||
(4 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
Generally it is better to use Cisco switches as the interface is familier, works better than the web-driven rivals, they are more reliable and familiarity is worth money, unlike any other switch or router (with the exception of Juniper). | Generally it is better to use Cisco switches as the interface is familier, works better than the web-driven rivals, they are more reliable and familiarity is worth money, unlike any other switch or router (with the exception of Juniper). | ||
=== Goals === | |||
Broadly, create the VLAN, add and IP address to VLANs where needed, and move ports into the vlan. | |||
== Fix idle timeout == | |||
Looking at <i>sh line vty 0</i> around other details I can see the idle timeout is only ten minutes. I like to change it to thirty minutes to give me more thinking time and to make the notes on this page without it logging me out. | |||
<nowiki>switch>sh line vty 0 | |||
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int | |||
* 1 VTY - - - - - 8 0 0/0 - | |||
Line 1, Location: "", Type: "xterm-256color" | |||
Length: 24 lines, Width: 80 columns | |||
Baud rate (TX/RX) is 9600/9600 | |||
Status: PSI Enabled, Ready, Active, No Exit Banner, Ctrl-c Enabled | |||
Automore On, Notify Process | |||
Capabilities: none | |||
Modem state: Ready | |||
Special Chars: Escape Hold Stop Start Disconnect Activation | |||
^^x none - - none | |||
Timeouts: Idle EXEC Idle Session Modem Answer Session Dispatch | |||
00:10:00 never none not set</nowiki> | |||
This is how I change it to thirty minutes | |||
<nowiki> | |||
switch>en | |||
Password: | |||
switch#conf t | |||
Enter configuration commands, one per line. End with CNTL/Z. | |||
switch(config)#line vty 0 15 | |||
switch(config-line)#exec-timeout 30 0 | |||
switch(config-line)#exit | |||
switch(config)#exit | |||
switch#disa | |||
switch></nowiki> | |||
Now the timeout is thirty minutes. | |||
<nowiki> | |||
switch>sh line vty 0 | |||
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int | |||
* 1 VTY - - - - - 8 0 0/0 - | |||
Line 1, Location: "", Type: "xterm-256color" | |||
Length: 24 lines, Width: 80 columns | |||
Baud rate (TX/RX) is 9600/9600 | |||
Status: PSI Enabled, Ready, Active, No Exit Banner, Ctrl-c Enabled | |||
Automore On, Notify Process | |||
Capabilities: none | |||
Modem state: Ready | |||
Special Chars: Escape Hold Stop Start Disconnect Activation | |||
^^x none - - none | |||
Timeouts: Idle EXEC Idle Session Modem Answer Session Dispatch | |||
00:30:00 never none not set | |||
</nowiki> | |||
== Set IP address == | |||
So as to be able to telnet or SSH on (if supported) instead of using the serial console | |||
<nowiki> | |||
switch#conf t | |||
Enter configuration commands, one per line. End with CNTL/Z. | |||
switch(config)#int vlan1 | |||
switch(config-if)#ip address 192.168.1.2 255.255.255.0 | |||
switch(config-if)#exit | |||
switch(config)#ip default-gateway 192.168.1.1 | |||
switch(config)#exit | |||
switch#</nowiki> | |||
== Create VLANs == | |||
Looking at the vlan setup doesn't require enable but changing it does. | |||
<nowiki> | |||
switch>sh vlan | |||
VLAN Name Status Ports | |||
---- -------------------------------- --------- ------------------------------- | |||
1 default active Gi1/0/1, Gi1/0/2, Gi1/0/3 | |||
Gi1/0/4, Gi1/0/5, Gi1/0/6 | |||
Gi1/0/7, Gi1/0/8, Gi1/0/9 | |||
Gi1/0/10, Gi1/0/11, Gi1/0/12 | |||
Gi1/0/13, Gi1/0/14, Gi1/0/15 | |||
Gi1/0/16, Gi1/0/17, Gi1/0/18 | |||
Gi1/0/19, Gi1/0/20, Gi1/0/21 | |||
Gi1/0/22, Gi1/0/23, Gi1/0/24 | |||
Gi1/0/25, Gi1/0/26, Gi1/0/27 | |||
Gi1/0/28, Gi1/0/29, Gi1/0/30 | |||
Gi1/0/31, Gi1/0/32, Gi1/0/33 | |||
Gi1/0/34, Gi1/0/35, Gi1/0/36 | |||
Gi1/0/37, Gi1/0/38, Gi1/0/39 | |||
Gi1/0/40, Gi1/0/41, Gi1/0/42 | |||
Gi1/0/43, Gi1/0/44, Gi1/0/45 | |||
Gi1/0/46, Gi1/0/47, Gi1/0/48 | |||
Gi1/0/49, Gi1/0/50, Gi1/0/51 | |||
Gi1/0/52 | |||
1002 fddi-default act/unsup | |||
1003 trcrf-default act/unsup | |||
1004 fddinet-default act/unsup | |||
1005 trbrf-default act/unsup | |||
</nowiki> | |||
At this point everything is in VLAN1, which is the default configuration. However our goal here is to put ports into a relevant VLAN and turn off VLAN1. First we need to create some VLANs. Go into enable mode and conf t. | |||
<nowiki> | |||
switch>en | |||
Password: | |||
switch#conf t | |||
Enter configuration commands, one per line. End with CNTL/Z. | |||
switch(config)#vlan 30 | |||
switch(config-vlan)#name servers | |||
switch(config-vlan)#exit | |||
switch(config)#exit | |||
switch#</nowiki> | |||
=== Setup trunk to Switch 2 === | |||
<nowiki> | |||
switch#conf t | |||
Enter configuration commands, one per line. End with CNTL/Z. | |||
switch(config)#int gi1/0/4 | |||
switch(config-if)#switchport trunk encapsulation dot1q | |||
switch(config-if)#switchport mode trunk | |||
switch(config-if)#switchport trunk allowed vlan remove 1-4094 | |||
switch(config-if)#switchport trunk allowed vlan add 30,40 | |||
switch(config-if)#exit | |||
switch(config)#exit | |||
switch#</nowiki> | |||
=== Setup trunk to Switch 1 === | |||
<nowiki> | |||
switch2#conf t | |||
Enter configuration commands, one per line. End with CNTL/Z. | |||
switch2(config)#int gi1/0/6 | |||
switch2(config-if)#switchport trunk encapsulation dot1q | |||
switch2(config-if)#switchport mode trunk | |||
switch2(config-if)#switchport trunk allowed vlan remove 1-4094 | |||
switch2(config-if)#switchport trunk allowed vlan add 30,40 | |||
switch2(config-if)#exit | |||
switch2(config)#exit</nowiki> | |||
This config can now be seen with sh run (only pasting the relevant section) | |||
<nowiki> | |||
switch2#sh run | |||
! | |||
interface GigabitEthernet1/0/1 | |||
switchport trunk encapsulation dot1q | |||
switchport trunk allowed vlan 30,40 | |||
switchport mode trunk | |||
!</nowiki> | |||
=== Port with untagged and tagged traffic === | |||
This is when a port is used as an access port and also has vlans available. Typically necessary for setting up something with a single interface. | |||
<nowiki> | |||
! | |||
interface GigabitEthernet1/0/2 | |||
description white wire | |||
switchport trunk encapsulation dot1q | |||
switchport trunk native vlan 40 | |||
switchport trunk allowed vlan 30,40,50 | |||
switchport mode trunk | |||
! | |||
</nowiki> | |||
In the above config it is necessary to have the "native" vlan (the equivalent of an access vlan, "switchport access vlan 40") also an allowed vlan for the trunk port. |
Latest revision as of 16:29, 6 September 2023
Generally it is better to use Cisco switches as the interface is familier, works better than the web-driven rivals, they are more reliable and familiarity is worth money, unlike any other switch or router (with the exception of Juniper).
Goals
Broadly, create the VLAN, add and IP address to VLANs where needed, and move ports into the vlan.
Fix idle timeout
Looking at sh line vty 0 around other details I can see the idle timeout is only ten minutes. I like to change it to thirty minutes to give me more thinking time and to make the notes on this page without it logging me out.
switch>sh line vty 0 Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int * 1 VTY - - - - - 8 0 0/0 - Line 1, Location: "", Type: "xterm-256color" Length: 24 lines, Width: 80 columns Baud rate (TX/RX) is 9600/9600 Status: PSI Enabled, Ready, Active, No Exit Banner, Ctrl-c Enabled Automore On, Notify Process Capabilities: none Modem state: Ready Special Chars: Escape Hold Stop Start Disconnect Activation ^^x none - - none Timeouts: Idle EXEC Idle Session Modem Answer Session Dispatch 00:10:00 never none not set
This is how I change it to thirty minutes
switch>en Password: switch#conf t Enter configuration commands, one per line. End with CNTL/Z. switch(config)#line vty 0 15 switch(config-line)#exec-timeout 30 0 switch(config-line)#exit switch(config)#exit switch#disa switch>
Now the timeout is thirty minutes.
switch>sh line vty 0 Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int * 1 VTY - - - - - 8 0 0/0 - Line 1, Location: "", Type: "xterm-256color" Length: 24 lines, Width: 80 columns Baud rate (TX/RX) is 9600/9600 Status: PSI Enabled, Ready, Active, No Exit Banner, Ctrl-c Enabled Automore On, Notify Process Capabilities: none Modem state: Ready Special Chars: Escape Hold Stop Start Disconnect Activation ^^x none - - none Timeouts: Idle EXEC Idle Session Modem Answer Session Dispatch 00:30:00 never none not set
Set IP address
So as to be able to telnet or SSH on (if supported) instead of using the serial console
switch#conf t Enter configuration commands, one per line. End with CNTL/Z. switch(config)#int vlan1 switch(config-if)#ip address 192.168.1.2 255.255.255.0 switch(config-if)#exit switch(config)#ip default-gateway 192.168.1.1 switch(config)#exit switch#
Create VLANs
Looking at the vlan setup doesn't require enable but changing it does.
switch>sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi1/0/1, Gi1/0/2, Gi1/0/3 Gi1/0/4, Gi1/0/5, Gi1/0/6 Gi1/0/7, Gi1/0/8, Gi1/0/9 Gi1/0/10, Gi1/0/11, Gi1/0/12 Gi1/0/13, Gi1/0/14, Gi1/0/15 Gi1/0/16, Gi1/0/17, Gi1/0/18 Gi1/0/19, Gi1/0/20, Gi1/0/21 Gi1/0/22, Gi1/0/23, Gi1/0/24 Gi1/0/25, Gi1/0/26, Gi1/0/27 Gi1/0/28, Gi1/0/29, Gi1/0/30 Gi1/0/31, Gi1/0/32, Gi1/0/33 Gi1/0/34, Gi1/0/35, Gi1/0/36 Gi1/0/37, Gi1/0/38, Gi1/0/39 Gi1/0/40, Gi1/0/41, Gi1/0/42 Gi1/0/43, Gi1/0/44, Gi1/0/45 Gi1/0/46, Gi1/0/47, Gi1/0/48 Gi1/0/49, Gi1/0/50, Gi1/0/51 Gi1/0/52 1002 fddi-default act/unsup 1003 trcrf-default act/unsup 1004 fddinet-default act/unsup 1005 trbrf-default act/unsup
At this point everything is in VLAN1, which is the default configuration. However our goal here is to put ports into a relevant VLAN and turn off VLAN1. First we need to create some VLANs. Go into enable mode and conf t.
switch>en Password: switch#conf t Enter configuration commands, one per line. End with CNTL/Z. switch(config)#vlan 30 switch(config-vlan)#name servers switch(config-vlan)#exit switch(config)#exit switch#
Setup trunk to Switch 2
switch#conf t Enter configuration commands, one per line. End with CNTL/Z. switch(config)#int gi1/0/4 switch(config-if)#switchport trunk encapsulation dot1q switch(config-if)#switchport mode trunk switch(config-if)#switchport trunk allowed vlan remove 1-4094 switch(config-if)#switchport trunk allowed vlan add 30,40 switch(config-if)#exit switch(config)#exit switch#
Setup trunk to Switch 1
switch2#conf t Enter configuration commands, one per line. End with CNTL/Z. switch2(config)#int gi1/0/6 switch2(config-if)#switchport trunk encapsulation dot1q switch2(config-if)#switchport mode trunk switch2(config-if)#switchport trunk allowed vlan remove 1-4094 switch2(config-if)#switchport trunk allowed vlan add 30,40 switch2(config-if)#exit switch2(config)#exit
This config can now be seen with sh run (only pasting the relevant section)
switch2#sh run ! interface GigabitEthernet1/0/1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 30,40 switchport mode trunk !
Port with untagged and tagged traffic
This is when a port is used as an access port and also has vlans available. Typically necessary for setting up something with a single interface.
! interface GigabitEthernet1/0/2 description white wire switchport trunk encapsulation dot1q switchport trunk native vlan 40 switchport trunk allowed vlan 30,40,50 switchport mode trunk !
In the above config it is necessary to have the "native" vlan (the equivalent of an access vlan, "switchport access vlan 40") also an allowed vlan for the trunk port.