Upon completion of this chapter, you will be able to answer the following questions:
- How do you configure initial settings on a Cisco switch?
- How do you configure initial settings on a router?
- How do you configure devices for secure remote management?
- How do you build a network that includes a switch and router?
Key Term
This chapter uses the following key term. You can find the definition in the Glossary.
switch virtual interface (SVI) page 394
Introduction (19.0.1)
Now that you have the knowledge and skills, it‛s time to build a small Cisco network. But what if you don‛t have a closet full of Cisco routers and switches in your home? No worries. Cisco Packet Tracer is your go-to simulation tool for just such an occasion.
Basic Switch Configuration (19.1)
The Cisco switch comes preconfigured and only needs to be assigned basic security information before being connected to the network. Elements that are usually configured on a LAN switch include host name, management IP address information, passwords, and descriptive information.
Basic Switch Configuration Steps (19.1.1)
The switch host name is the configured name of the device. Just like each computer or printer is assigned a name, networking equipment should be configured with a descriptive name. It is helpful if the device name includes the location where the switch will be installed. An example might be SW_Bldg_R-Room_216.
A management IP address is necessary only if you plan to configure and manage the switch through an in-band connection on the network. A management address enables you to reach the device through Telnet, SSH, or HTTP clients. The IP address information that must be configured on a switch is essentially the same as you configure on a PC: IP address, subnet mask, and default gateway.
To secure a Cisco LAN switch, you need to configure passwords on each of the various methods of access to the command line. The minimum requirements include assigning passwords to remote-access methods, such as Telnet, SSH, and the console connection. You must also assign a password to the privileged mode in which configuration changes can be made.
Note
Telnet sends the username and password in plaintext and is not considered secure. SSH encrypts the username and password and is therefore a more secure method.
Before configuring a switch, review the following initial switch configuration tasks:
Configure the device name:
- hostname name
Secure user EXEC mode:
- line console 0
- password password
- login
Secure remote Telnet/SSH access:
- line vty 0 15
- password password
- login
Secure privileged EXEC mode:
- enable secret password
Secure all passwords in the config file:
- service password-encryption
Provide legal notification:
- banner motd delimiter message delimiter
Configure the management SVI:
- interface vlan 1
- ip address ip-address subnet-mask
- no shutdown
Save the configuration:
- copy running-config startup-config
Example 19-1 shows a sample switch configuration using the preceding commands.
Example 19-1 Sample Switch Configuration
Switch>
enable
Switch#
configure terminal
Switch(config)#
hostname S1
S1(config)#
enable secret class
S1(config)#
line console 0
S1(config-line)#
password cisco
S1(config-line)#
login
S1(config-line)#
line vty 0 15
S1(config-line)#
password cisco
S1(config-line)#
login
S1(config-line)#
exit
S1(config)#
service password-encryption
S1(config)#
banner motd #No unauthorized access allowed!#
S1(config)#
interface vlan1
S1(config-if)#
ip address 192.168.1.20 255.255.255.0
S1(config-if)#
no shutdown
S1(config-if)#
end
S1#
copy running-config startup-config
Destination filename [startup-config]?
Building configuration…
[OK]
S1#