Practice Exams  
  - CCNA -  
  - CCSP -  
  - CCIE -  
  Search the Web  
  Certification Kits
  Subnet Calculator  
  Online Degrees  
  Exam Vouchers  
  Free Magazines  

CCNA TechLab: Switch Configuration Basics

In this CCNA TechLab we will cover several basic switch configuration tasks on a Cisco Catalyst 2950 switch. This includes configuring passwords, password encryption, assigning a host name and IP address configuration to the switch, and saving the configuration. This lab comes in three different versions, the one you are looking at, a printer-friendly version with the commands, and a printer-friendly version without the commands that can be used as an assessment. The printer-friendly versions are for registered users only. Also note the commands in this lab often include the switch command prompt and never use the abbreviated form.

Lab equipment requirements

To perform this lab you need 1 Cisco Catalyst 2950 Switch and at least 1 PC. However, most of the commands will work on other switch models as well. We are going to use two different PCs but they can be one and the same physical PC. You will need to connect them as depicted in the following the network diagram:

Connect the console cable to the to the console port on the switch and the other end to the serial port of PC1. Connect PC2 to first FastEthernet port (i.e. FA0/1) using an UTP/STP cable. PC1 must have a terminal client (i.e. Windows HyperTerminal) installed, and PC2 must be able to setup a telnet connection. For more information on how to setup the terminal client, please read the Hardware TechLab.

Configuring the Switch

Before you start with the configuration of the switch, clear the switch configuration by using the erase startup-config command or the erase nvram: command in Privileged EXEC mode, and then use the reload command to reboot the switch. After the switch rebooted, the following message will be displayed:

% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no

Type no and press ENTER.

Press ENTER when the message Press RETURN to get started appears. Type enable at the Switch> command prompt to enter Privileged Exec mode, notice the prompt chances to Switch#.

STEP 1. Change the switch's host name to TEswitch1

Enter configuration mode using the following command:
Switch#configure terminal

Change the host name of the switch to "TEswitch1" using the following command:
Switch(config)#hostname TEswitch1
Notice how the prompt changes to TEswitch1(config)# to reflect the hostname.

STEP 2. Configure passwords

First set the enable secret to cisco123 using the following command:
TEswitch1(config)#enable secret cisco123

Next, set the password for all telnet lines to 'cisco456' using the following commands:
TEswitch1(config)#line vty 0 15
TEswitch1(config-line)#password cisco456

Although the enable secret is encrypted, other passwords stored in the switch's configuration are still in clear text. You can see this by returning to Privileged EXEC mode and running the show running-config:
TEswitch1(config)#end (or press CTRL-Z)
TEswitch1#show running-config

Notice the enable secret is replaced by a hashed version, for example:
enable secret 5 $1$iUjJ$cDZ03KKGh7mHfX2RSbDq

When you log on with the enable secret, the switch calculates the hash value again and compares it with the hash value stored in the configuration. If they match, you typed in the correct secret and will enter Privileged EXEC mode. You can configure a password by using the enable password command instead, but in contrary to the enable secret, the enable password is not encrypted by default. If an enable password and an enable secret are configured, you will need to enter the enable secret to logon. In other words, there’s no need to configure an enable password if you configured an enable secret.

Near the end of the configuration, you will notice the vty password you just configured, and that it is stored in plain text format. To ensure this password, as well as others such as the console password are also encrypted, use the service password-encryption command in Global configuration mode:
TEswitch1#configure terminal
TEswitch1(config)#service password-encryption

If you would run the show running-config command in Privileged EXEC mode again, you will notice the vty password is now also encrypted. For example: 1511021F07257F717E

You can also set a password on the aux or console connection, for example to set the password to cisco789:
TEswitch1(config)#line con 0
TEswitch1(config-line)#password cisco789

STEP 3. Configure an IP address for the switch

To be able to manage the switch using telnet, you will need to configure it with an IP address. Instead of assigning an IP address to one of the switch ports, we are going to assign an IP address to the Management VLAN.

Use the following commands to assign the IP address to interface VLAN 1, which is the management VLAN by default:
TEswitch1(config)#interface vlan 1
TEswitch1(config-if)#ip address

If you need to be able to connect to the switch from other networks, you will also need to configure a default gateway address. For example, if the switch is connected to a router with the IP address, use the following command, in Global Configuration mode, to use it as the default gateway:
TEswitch1(config)#ip default-gateway

STEP 4. Establish a Telnet connection to the switch

Configure PC2 (or PC1 if you are using only one PC) with an IP address from the same class C network as the switch, for example: with subnet mask

Open your favorite Telnet client and connect to the IP address you assigned to the switch. Instead of using a third-party client, you can just type the following on the command prompt:

If you completed the steps above successfully, you should now be able to configure the switch through telnet in a similar manner as through the console terminal session. When the connection is established, you will first be prompted for the Telnet password. When you enter the correct password you will still have to use the enable command and enter the enable secret before you can change the configuration of the switch. Also note an enable secret (or enable password) must be configured or else the switch will not allow you to log on to Privileged Exec mode through telnet.

STEP 5. Saving the configuration

Saving the configuration on a modern Cisco Catalyst switch running IOS software works the same as on Cisco routers. This means you have to copy the running configuration (in RAM) to the startup configuration (in NVRAM) by using the following command in Privileged EXEC mode:
TEswitch1#copy running-config startup-config

If you run the show startup-config command, you should get the same output as the show running-config command. The dir nvram: command should show the startup-config file with a size greater than zero. The configuration is also stored in the config.text file in flash, which content you can see by using the show flash command.

STEP 6. Display switch hardware and firmware information

The show version command allows you to display information about the switch’s hardware and IOS. The first half shows information about the IOS in flash, the boot loader on ROM, the uptime, what caused the switched to reboot, and the IOS edition it runs. The second half shows information about the hardware, including the interfaces, the memory and serial numbers.

TEswitch1#show version

Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(9)EA1
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Wed 24-Apr-02 06:57 by antonino
Image text-base: 0x80010000, data-base: 0x804E8000

ROM: Bootstrap program is CALHOUN boot loader

Switch uptime is 2 hours, 40 minutes
System returned to ROM by power-on
System restarted at 06:43:48 UTC Tue Aug 8 2006
System image file is "flash:/c2950-i6q4l2-mz.121-9.EA1.bin"

cisco WS-C2950-12 (RC32300) processor (revision F0) with 20815K bytes of memory.
Processor board ID FHK0637X0AV
Last reset from system-reset
Running Standard Image
12 FastEthernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:0A:F4:67:C1:80
Motherboard assembly number: 73-5782-11
Power supply part number: 34-0965-01
Motherboard serial number: FOC06360ZK2
Power supply serial number: PHI063403L1
Model revision number: F0
Motherboard revision number: A0
Model number: WS-C2950-12
System serial number: FHK0637X0AV
Configuration register is 0xF


Cisco CCNA Labs – Are you looking for additional Cisco Labs? We have Cisco CCNA Labs, Cisco CCNP Labs and Cisco Video Training that you will bring your Cisco routing & switching skills to the next level. Click Here for more Cisco Training!

Ciscokits.com – Experience the real thing, build your own lab. Free study labs and documents, command lists, router/switch procedures, lab suggestions, and more.

Discuss this Lab here
Back to the list of CCNA TechNotes & Labs
Author: Johan Hiemstra


All images and text are copyright protected, violations of these rights will be prosecuted to the full extent of the law.
2002-2015 TechExams.Net | Advertise | Disclaimer

IT Showcase