Difference between revisions of "Cisco Switches"

From Palfrepedia
Jump to navigation Jump to search
m (Protected "Cisco Switches" ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite)))
(Untagged trunk ports)
 
(2 intermediate revisions by the same user not shown)
Line 51: Line 51:
</nowiki>
</nowiki>


== Set IP address ==
So as to be able to telnet or SSH on (if supported) instead of using the serial console
<nowiki>
switch#conf t                                                             
Enter configuration commands, one per line.  End with CNTL/Z.           
switch(config)#int vlan1                                                 
switch(config-if)#ip address 192.168.1.2 255.255.255.0                   
switch(config-if)#exit                                                                                                                 
switch(config)#ip default-gateway 192.168.1.1                                   
switch(config)#exit                                                             
switch#</nowiki>                                 
                             
== Create VLANs ==
== Create VLANs ==
Looking at the vlan setup doesn't require enable but changing it does.
Looking at the vlan setup doesn't require enable but changing it does.
Line 88: Line 100:
switch#conf t
switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)#vlan 2
switch(config)#vlan 30
switch(config-vlan)#name dmz
switch(config-vlan)#name servers
switch(config-vlan)#exit
switch(config-vlan)#exit
switch(config)#exit
switch(config)#exit
switch#</nowiki>
switch#</nowiki>
=== Setup trunk to Switch 2 ===
<nowiki>
switch#conf t   
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)#int gi1/0/4
switch(config-if)#switchport trunk encapsulation dot1q
switch(config-if)#switchport mode trunk
switch(config-if)#switchport trunk allowed vlan remove 1-4094
switch(config-if)#switchport trunk allowed vlan add 30,40
switch(config-if)#exit
switch(config)#exit
switch#</nowiki>
=== Setup trunk to Switch 1 ===
<nowiki>
switch2#conf t 
Enter configuration commands, one per line.  End with CNTL/Z.
switch2(config)#int gi1/0/6
switch2(config-if)#switchport trunk encapsulation dot1q
switch2(config-if)#switchport mode trunk
switch2(config-if)#switchport trunk allowed vlan remove 1-4094
switch2(config-if)#switchport trunk allowed vlan add 30,40
switch2(config-if)#exit
switch2(config)#exit</nowiki>
This config can now be seen with sh run (only pasting the relevant section)
<nowiki>
switch2#sh run
!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 30,40
switchport mode trunk
!</nowiki>
=== Port with untagged and tagged traffic ===
This is when a port is used as an access port and also has vlans available. Typically necessary for setting up something with a single interface.
<nowiki>
!
interface GigabitEthernet1/0/2
description white wire
switchport trunk encapsulation dot1q
switchport trunk native vlan 40
switchport trunk allowed vlan 30,40,50
switchport mode trunk
!
</nowiki>
In the above config it is necessary to have the "native" vlan (the equivalent of an access vlan, "switchport access vlan 40") also an allowed vlan for the trunk port.

Latest revision as of 16:29, 6 September 2023

Generally it is better to use Cisco switches as the interface is familier, works better than the web-driven rivals, they are more reliable and familiarity is worth money, unlike any other switch or router (with the exception of Juniper).

Goals

Broadly, create the VLAN, add and IP address to VLANs where needed, and move ports into the vlan.

Fix idle timeout

Looking at sh line vty 0 around other details I can see the idle timeout is only ten minutes. I like to change it to thirty minutes to give me more thinking time and to make the notes on this page without it logging me out.

switch>sh line vty 0   
   Tty Typ     Tx/Rx    A Modem  Roty AccO AccI   Uses   Noise  Overruns   Int
*    1 VTY              -    -      -    -    -      8       0     0/0       -

Line 1, Location: "", Type: "xterm-256color"
Length: 24 lines, Width: 80 columns
Baud rate (TX/RX) is 9600/9600
Status: PSI Enabled, Ready, Active, No Exit Banner, Ctrl-c Enabled
  Automore On, Notify Process
Capabilities: none
Modem state: Ready
Special Chars: Escape  Hold  Stop  Start  Disconnect  Activation
                ^^x    none   -     -       none         
Timeouts:      Idle EXEC    Idle Session   Modem Answer  Session   Dispatch
               00:10:00        never                        none     not set

This is how I change it to thirty minutes

switch>en
Password: 
switch#conf t         
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)#line vty 0 15    
switch(config-line)#exec-timeout 30 0
switch(config-line)#exit
switch(config)#exit
switch#disa
switch>

Now the timeout is thirty minutes.

switch>sh line vty 0
   Tty Typ     Tx/Rx    A Modem  Roty AccO AccI   Uses   Noise  Overruns   Int
*    1 VTY              -    -      -    -    -      8       0     0/0       -

Line 1, Location: "", Type: "xterm-256color"
Length: 24 lines, Width: 80 columns
Baud rate (TX/RX) is 9600/9600
Status: PSI Enabled, Ready, Active, No Exit Banner, Ctrl-c Enabled
  Automore On, Notify Process
Capabilities: none
Modem state: Ready
Special Chars: Escape  Hold  Stop  Start  Disconnect  Activation
                ^^x    none   -     -       none         
Timeouts:      Idle EXEC    Idle Session   Modem Answer  Session   Dispatch
               00:30:00        never                        none     not set

Set IP address

So as to be able to telnet or SSH on (if supported) instead of using the serial console

switch#conf t                                                              
Enter configuration commands, one per line.  End with CNTL/Z.             
switch(config)#int vlan1                                                   
switch(config-if)#ip address 192.168.1.2 255.255.255.0                    
switch(config-if)#exit                                                                                                                  
switch(config)#ip default-gateway 192.168.1.1                                     
switch(config)#exit                                                              
switch#                                   
                             

Create VLANs

Looking at the vlan setup doesn't require enable but changing it does.

switch>sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/1, Gi1/0/2, Gi1/0/3
                                                Gi1/0/4, Gi1/0/5, Gi1/0/6
                                                Gi1/0/7, Gi1/0/8, Gi1/0/9
                                                Gi1/0/10, Gi1/0/11, Gi1/0/12
                                                Gi1/0/13, Gi1/0/14, Gi1/0/15
                                                Gi1/0/16, Gi1/0/17, Gi1/0/18
                                                Gi1/0/19, Gi1/0/20, Gi1/0/21
                                                Gi1/0/22, Gi1/0/23, Gi1/0/24
                                                Gi1/0/25, Gi1/0/26, Gi1/0/27
                                                Gi1/0/28, Gi1/0/29, Gi1/0/30
                                                Gi1/0/31, Gi1/0/32, Gi1/0/33
                                                Gi1/0/34, Gi1/0/35, Gi1/0/36
                                                Gi1/0/37, Gi1/0/38, Gi1/0/39
                                                Gi1/0/40, Gi1/0/41, Gi1/0/42
                                                Gi1/0/43, Gi1/0/44, Gi1/0/45
                                                Gi1/0/46, Gi1/0/47, Gi1/0/48
                                                Gi1/0/49, Gi1/0/50, Gi1/0/51
                                                Gi1/0/52   
1002 fddi-default                     act/unsup 
1003 trcrf-default                    act/unsup 
1004 fddinet-default                  act/unsup 
1005 trbrf-default                    act/unsup

At this point everything is in VLAN1, which is the default configuration. However our goal here is to put ports into a relevant VLAN and turn off VLAN1. First we need to create some VLANs. Go into enable mode and conf t.

switch>en  
Password: 
switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)#vlan 30
switch(config-vlan)#name servers
switch(config-vlan)#exit
switch(config)#exit
switch#

Setup trunk to Switch 2

switch#conf t    
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)#int gi1/0/4
switch(config-if)#switchport trunk encapsulation dot1q
switch(config-if)#switchport mode trunk
switch(config-if)#switchport trunk allowed vlan remove 1-4094
switch(config-if)#switchport trunk allowed vlan add 30,40
switch(config-if)#exit
switch(config)#exit
switch#

Setup trunk to Switch 1

switch2#conf t   
Enter configuration commands, one per line.  End with CNTL/Z.
switch2(config)#int gi1/0/6
switch2(config-if)#switchport trunk encapsulation dot1q
switch2(config-if)#switchport mode trunk
switch2(config-if)#switchport trunk allowed vlan remove 1-4094
switch2(config-if)#switchport trunk allowed vlan add 30,40
switch2(config-if)#exit
switch2(config)#exit

This config can now be seen with sh run (only pasting the relevant section)

switch2#sh run
!
interface GigabitEthernet1/0/1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 30,40
 switchport mode trunk
!

Port with untagged and tagged traffic

This is when a port is used as an access port and also has vlans available. Typically necessary for setting up something with a single interface.

!
interface GigabitEthernet1/0/2
 description white wire
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 40
 switchport trunk allowed vlan 30,40,50
 switchport mode trunk
!

In the above config it is necessary to have the "native" vlan (the equivalent of an access vlan, "switchport access vlan 40") also an allowed vlan for the trunk port.