Lab Report Example 2

From ITCwiki
Revision as of 19:25, 23 June 2012 by BenFranske (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Example Lab Report Lab 2.5.1: Basic Switch Configuration

What we did

In this lab we practiced a very basic switch configuration consisting of one switch, and two PC’s. The first PC was connected to the switch with a Ethernet patch cable, or a straight through copper cable, and a console cable, or a rollover cable. The second PC was left unconnected to the switch. It was used later in the lab for testing purposes. Once the lab topology was properly cabled, we established a console session to configure the switch. The first thing we did was to erase the existing configuration and verify the switch had returned to the default settings by viewing the output of the “show running-config” and “show startup-config” exec commands. Next we investigated the vlan1 interface by issuing the “show interface vlan1” and “show ip interface vlan1” commands. We continued investigating the configuration of the switch with the “show version” command to display information about the Cisco IOS operating system. We then used the “show interface fastethernet 0/18” command to examine the properties of the port connected to PC1. Then we issued the “show vlan” and “show flash” commands to verify the default vlan settings and the view the contents of the flash directory.

After we investigated the default switch settings, using the various “show” commands, we created a basic configuration on the switch. This procedure was familiar to us, since it is very similar to the steps we used for configuring a router. We first entered into global config mode to assign a name to the switch with the “hostname” command. Then we assigned a password to the console connection and the vty lines 0-15. It was important to remember the “login” command to enable the console and line connections for use. The next step was to create vlan 99 and assign it an IP address and a range of ports. Once again it was important to enter the “no shutdown” command to enable the vlan interface, even if the ports status remains down, because nothing is physically connected to it. We also assign the switch a default gateway IP address, even though it was not necessary in this lab procedure. The PC was configured with an IP address and a default gateway as well. The port speed and duplex settings were configured for the fast ethernet interface on the switch. After we finished entering the basic switch configuration, we saved it to NVRAM by using the “copy run start” command. We continued to use the “show” command to investigate the MAC address table. We were able to see how it gets populated with IP addresses statically by manualy entering in an address with the “mac-address-table static [mac address] interface fastethernet 0/18 vlan 99,” and dynamically when PC1 was connected.

The next step of the lab was to configure the port security settings. We configured PC2 with an IP address and a default gateway, but left it unconnected to the switch. Then we examined the various port security settings with the “switchport port-security ?” command. In the configuration interface prompt for fast ethernet 0/18 we set the maximum number of computers that can be connected to the switch to two. We told the switch to learn the mac address of devices connected to it dynamically, to block traffic from an invalid host connection, and later to shutdown if a violation occurs. We connected PC2, as a rogue host and determined the security settings did shut down the interface. Finally, we reactivated the port cleared the switch configuration and cleaned up our cabling.

Problems

This was a very basic lab setup with one switch and one PC. There were no problems in the initial cabling and configurations, as this was mostly review. The only issue was getting familiar with new commands, such as the lengthy command to add an entry into the mac address table “mac-address-table static [mac address] interface fastethernet 0/18 vlan 99” or the lengthy commands used to configure the port security settings such as, “switchport port-security violation protect.”

Test and results

Once we cleared the switch configuration and returned the default settings, we used the “show startup-config” command to verify that it didn’t exist and there was no configuration saved to NVRAM yet. We also used the “show startup-config” command to verify that our new switch configuration had indeed been saved. Also the “show running-config” command was used to verify changes made to the switch configuration as we progressed through the lab procedure. We used the “show interface vlan 99” command to determine the interface did not change its status to “up” until PC1 was physically connected to the port. Also this command gave us all kinds of information about the speed and duplex settings that we modified. Once again, our old friend the ping command was used to verify connectivity between the switch and PC. We used the “show mac-address-table” command to see how entries are added when devices make a connection to the switch or when an address is statically added. The most fun we had in this lab was testing the port security configuration by adding a rogue computer to our network and using the “show port-security” command. We could see once we added rogue computer PC2, the interface status was changed to down and a warning message was issued, confirming our security settings had worked as planned.

What we learned

Much of the basic switch configuration was review, as the commands are very similar to configuring a router. However, we did learn some new commands that are specific to switches. We learned that a vlan1 has a “no shutdown” default setting and it will not reach an “up” status until a port is assigned to it. We learned how to investigate the flash memory with the “show flash” command, and further investigate the directories located there by issuing the “dir [directory name] command. Controlling the speed and the duplex mode of a switch interface was new to us. We also learned how to manage the MAC address table with the “show” and “clear” commands and how to manually enter a static address with the “mac-address-table static [mac address] interface fastethernet [#} vlan [#]” command. Lastly we learned to configure switch port security. We can remember the command “switchport port-security ?” in the future to use the help utility to list all of the various options.