In this CCNA TechLab we will cover several basic switch configuration tasks on a Cisco Catalyst 2950 switch. This includes configuring passwords, password encryption, assigning a host name and IP address configuration to the switch, and saving the configuration. This lab comes in three different versions, the one you are looking at, a printer-friendly version with the commands, and a printer-friendly version without the commands that can be used as an assessment. The printer-friendly versions are for registered users only. Also note the commands in this lab often include the switch command prompt and never use the abbreviated form.
Lab equipment requirements
To perform this lab you need 1 Cisco Catalyst 2950 Switch and at least 1 PC. However, most of the commands will work on other switch models as well. We are going to use two different PCs but they can be one and the same physical PC. You will need to connect them as depicted in the following the network diagram:
Connect the console cable to the to the console port on the switch and the other end to the serial port of PC1. Connect PC2 to
first FastEthernet port
(i.e. FA0/1) using an UTP/STP cable. PC1 must have a terminal client (i.e. Windows HyperTerminal) installed, and PC2 must be able to setup a telnet connection. For more information on how to setup the terminal client, please read the Hardware TechLab.
Configuring the Switch
Before you start with the configuration of the switch, clear the switch configuration by using the erase startup-config command or the erase nvram: command in Privileged EXEC mode, and then use the reload command to reboot the switch. After the switch rebooted, the following message will be displayed:
% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]
Type no and press ENTER.
Press ENTER when the message Press RETURN to get started appears. Type enable at the Switch> command prompt to enter Privileged Exec mode, notice the prompt chances to Switch#.
STEP 1. Change the switch's host name to TEswitch1
Enter configuration mode using the following command:
Change the host name of the switch to "TEswitch1" using the following command:
Notice how the prompt changes to TEswitch1(config)# to reflect the hostname.
STEP 2. Configure passwords
First set the enable secret to cisco123 using the following command:
TEswitch1(config)#enable secret cisco123
Next, set the password for all telnet lines to 'cisco456' using the following commands:
TEswitch1(config)#line vty 0 15
Although the enable secret is encrypted, other passwords stored in the switch's configuration are still in clear text. You can see this by returning to Privileged EXEC mode and running the show running-config:
TEswitch1(config)#end (or press CTRL-Z)
Notice the enable secret is replaced by a hashed version, for example:
enable secret 5 $1$iUjJ$cDZ03KKGh7mHfX2RSbDq
When you log on with the enable secret, the switch calculates the hash value again and compares it with the hash value stored in the configuration. If they match, you typed in the correct secret and will enter Privileged EXEC mode. You can configure a password by using the enable password command instead, but in contrary to the enable secret, the enable password is not encrypted by default. If an enable password and an enable secret are configured, you will need to enter the enable secret to logon. In other words, there’s no need to configure an enable password if you configured an enable secret.
Near the end of the configuration, you will notice the vty password you just configured, and that it is stored in plain text format. To ensure this password, as well as others such as the console password are also encrypted, use the service password-encryption command in Global configuration mode:
If you would run the show running-config command in Privileged EXEC mode again, you will notice the vty password is now also encrypted. For example:
You can also set a password on the aux or console connection, for example to set the password to cisco789:
TEswitch1(config)#line con 0
STEP 3. Configure an IP address for the switch
To be able to manage the switch using telnet, you will need to configure it with an IP address. Instead of assigning an IP address to one of the switch ports, we are going to assign an IP address to the Management VLAN.
Use the following commands to assign the IP address 192.168.0.9 to interface VLAN 1, which is the management VLAN by default:
TEswitch1(config)#interface vlan 1
TEswitch1(config-if)#ip address 192.168.0.9 255.255.255.0
If you need to be able to connect to the switch from other networks, you will also need to configure a default gateway address. For example, if the switch is connected to a router with the IP address 192.168.0.254, use the following command, in Global Configuration mode, to use it as the default gateway:
TEswitch1(config)#ip default-gateway 192.168.0.254
STEP 4. Establish a Telnet connection to the switch
Configure PC2 (or PC1 if you are using only one PC) with an IP address from the same class C network as the switch, for example: 192.168.0.20 with subnet mask 255.255.255.0.
Open your favorite Telnet client and connect to the IP address you assigned to the switch. Instead of using a third-party client, you can just type the following on the command prompt:
If you completed the steps above successfully, you should now be able to configure the switch through telnet in a similar manner as through the console terminal session. When the connection is established, you will first be prompted for the Telnet password. When you enter the correct password you will still have to use the enable command and enter the enable secret before you can change the configuration of the switch. Also note an enable secret (or enable password) must be configured or else the switch will not allow you to log on to
Privileged Exec mode
STEP 5. Saving the configuration
Saving the configuration on a modern Cisco Catalyst switch running IOS software works the same as on Cisco routers. This means you have to copy the running configuration (in RAM) to the startup configuration (in NVRAM) by using the following command in Privileged EXEC mode:
TEswitch1#copy running-config startup-config
If you run the show startup-config command, you should get the same output as the show running-config command. The dir nvram: command should show the startup-config file with a size greater than zero. The configuration is also stored in the config.text file in flash, which content you can see by using the show flash command.
STEP 6. Display switch hardware and firmware information
The show version command allows you to display information about the switch’s hardware and IOS. The first half shows information about the IOS in flash, the boot loader on ROM, the uptime, what caused the switched to reboot, and the IOS edition it runs. The second half shows information about the hardware, including the interfaces, the memory and serial numbers.
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(9)EA1
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Wed 24-Apr-02 06:57 by antonino
Image text-base: 0x80010000, data-base: 0x804E8000
ROM: Bootstrap program is CALHOUN boot loader
Switch uptime is 2 hours, 40 minutes
System returned to ROM by power-on
System restarted at 06:43:48 UTC Tue Aug 8 2006
System image file is "flash:/c2950-i6q4l2-mz.121-9.EA1.bin"
cisco WS-C2950-12 (RC32300) processor (revision F0) with 20815K bytes of memory.
Processor board ID FHK0637X0AV
Last reset from system-reset
Running Standard Image
12 FastEthernet/IEEE 802.3 interface(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:0A:F4:67:C1:80
Motherboard assembly number: 73-5782-11
Power supply part number: 34-0965-01
Motherboard serial number: FOC06360ZK2
Power supply serial number: PHI063403L1
Model revision number: F0
Motherboard revision number: A0
Model number: WS-C2950-12
System serial number: FHK0637X0AV
Configuration register is 0xF