Dan DiNicolo – Page 2 – 2000Trainers.com

Viewing and Saving Configuration Settings on a Catalyst 1900 or 2820 Switch

The commands to view and save the configuration settings on a Cisco 1900 switch are similar to those on a Cisco router, with a few small exceptions. To view general information about the switch itself, including its software version, hardware platform, MAC address, memory configuration, and so forth, use the show version command.

Cisco1912#show version Cisco Catalyst 1900/2820 Enterprise Edition Software Version V9.00.00 Copyright (c) Cisco Systems, Inc. 1993-1999 Cisco1912 uptime is 0day(s) 11hour(s) 04minute(s) 33second(s) cisco Catalyst 1900 (486sxl) processor with 2048K/1024K bytes of memory Hardware board revision is 5 Upgrade Status: No upgrade currently in progress. Config File Status: No configuration upload/download is in progress 15 Fixed Ethernet/IEEE 802.3 interface(s) Base Ethernet Address: 00-50-F0-5F-25-00

The startup configuration of a Catalyst 1900 switch is stored in NVRAM. However, you do not need to copy the running configuration on a switch to the startup configuration – the switch does this automatically as you make changes to the configuration. Because of this, you cannot view the startup configuration of a switch. However, you can view the switch configuration using the show run command, as shown below.

Cisco1912#show run Building configuration... Current configuration: ! hostname "Cisco1912" ! ip address 192.168.1.100 255.255.255.0 ip default-gateway 192.168.1.1 ip name-server 192.168.1.31 ! ! enable secret 5 $1$FMFQ$rUgP9HDSIlsHrXwg2kX7o0 enable password level 1 "CISCO" enable password level 15 "CISCO99" ! interface Ethernet 0/1 ! [output truncated] ! interface Ethernet 0/11 ! interface Ethernet 0/12 ! interface Ethernet 0/25 ! interface FastEthernet 0/26 ! interface FastEthernet 0/27 ! line console end Cisco1912#

In cases where you want to erase the configuration of a switch, the command is delete nvram. It is worth noting that while this command deletes the majority of configuration settings, it does not delete any VTP settings that may exist. Deleting VTP settings is covered in another article.

Cisco1912#delete nvram

This command resets the switch with factory defaults. All system
parameters will revert to their default factory settings. All static
and dynamic addresses will be removed.

Reset system with factory defaults, [Y]es or [N]o?

To reboot a Cisco 1900 series switch, issue the reload command, and confirm.

Cisco1912#reload This command resets the switch. All configured system parameters and static addresses will be retained. All dynamic addresses will be removed.

Reset system, [Y]es or [N]o?

Configuring IP Address Settings on a Catalyst 1900 or 2820

By default, a Cisco 1900 switch will not have any IP address settings configured. When you do configure an IP address, subnet mask, and default gateway on a switch, you are not configuring a specific port, but rather a management address for the entire switch. This will ultimately allow you to access the switch via telnet, or one of the various web-based applications mentioned earlier. IP address settings are configured from global configuration mode using the ip address and ip default-gateway commands. I have also added the address of a DNS server, using the ip name-server command.

Cisco1912#config t Enter configuration commands, one per line. End with CNTL/Z Cisco1912(config)#ip address 192.168.1.100 255.255.255.0 Cisco1912(config)#ip default-gateway 192.168.1.1 Cisco1912(config)#ip name-server 192.168.1.31

To view the IP address configuration of the switch, use the show ip command from the privileged mode prompt. To get back to that prompt from global configuration mode, use either the exit command, or press Ctrl+Z. When entered on our Cisco 1900 switch, the Ctrl+Z command will not display ^Z.

Cisco1912(config)#exit Cisco1912#show ip IP Address: 192.168.1.100 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.1.1 Management VLAN: 1 Domain name: Name server 1: 192.168.1.31 Name server 2: 0.0.0.0 HTTP server : Enabled HTTP port : 80 RIP : Enabled Cisco1912#

From the configuration shown above, notice that the switch is running an HTTP server for the purpose of allowing configuration via a web browser. The port number on which the HTTP server responds can be changed using the ip http port command, while the no ip http server command will disable the HTTP server completely.

Cisco1912(config)#ip http ? port port server Enable HTTP server Cisco1912(config)#ip http port ? <0-65535> HTTP port Cisco1912(config)#no ip http server

Configuring Switch Passwords on a Catalyst 1900 or 2820

The commands to configure user and privileged mode passwords on a Cisco 1900 switch are slightly different than those learned earlier. To configure a user-mode password on a Cisco 1900, use the enable password command, followed by a level number and password. Level numbers range from 1 to 15. User-mode passwords fall into the numeric range 1-14, while a privileged-mode password uses level 15. The commands to add both a user-mode and privileged-mode password to a Cisco 1900 switch are shown below. It should be noted that these passwords are not encrypted, nor case sensitive, but must be between 4 and 8 characters in length.

Cisco1912(config)#enable password level 1 cisco Cisco1912(config)#enable password level 15 cisco99

Much like on a Cisco router, a Cisco 1900 switch also allows you to apply a more secure enable secret password that supercedes any other privileged mode password that may have been configured. This password is set using the enable secret command, followed by the password of your choice. Enable secret passwords are encrypted, case sensitive, and can be up to 25 characters in length.

Cisco1912(config)#enable secret CiScO9999

Cisco Catalyst 1900 and 2820 Initial Switch Configuration

Much like the initial configuration of a Cisco router, the initial configuration of a Cisco Catalyst 1900 switch is handled via a connection to the switch’s console port. Located on the back of the switch, the RJ-45 console port uses the same connection parameters as on the Cisco routers we looked at earlier – 9600 baud, 8 data bits, no parity, 1 stop bit and no flow control. Remember that connecting to a console port requires you to use a rollover cable.

In most cases, you will connect to the console port only long enough to configure passwords, an IP address, and perhaps a hostname. After this initial configuration is complete, it is much more common (and convenient) to access the switch via a telnet session.

Once connected to the console port, you’ll be presented with the initial system configuration menu, as shown below. The menu-driven system is presented by default, and is the only console-configuration option on switches running Standard Edition software. While the menu-driven configuration may be easier in that you won’t need to remember specific commands, it can also be somewhat confusing, in that you will need to remember (or search) for specific configurable elements within the many menu options. Using the command line is generally a much quicker option, as long as you know the specific commands to enter.

PCA Number: 73-3122-01
PCA Serial Number: FAB03103IYN
Model Number: WS-C1912-A
System Serial Number: FAB0312S041
Power Supply S/N: APQ0252023A
PCB Serial Number: FAB03103IYN,73-3122-01
————————————————-

1 user(s) now active on Management Console.

User Interface Menu

[M] Menus
[K] Command Line
[I] IP Configuration
[P] Console Password

Enter Selection:

From the main menu, press K to access the command line interface (CLI). This will bring you to the user mode command prompt, distinguished by a simple flex bracket, as shown below. Think of this prompt as being similar to the user mode prompt on a Cisco router – although it allows you to view basic switch information, to do anything useful you’ll need to access privileged mode. The command to access privileged mode is one that you are already familiar with – enable.

Enter Selection: K

CLI session with the switch is open.
To end the CLI session, enter [Exit].

>enable
#

Notice that the enable command brings you directly to the enable mode prompt, the pound sign. Like with our routers, to change the configuration of the switch we will need to enter global configuration mode, using the configure terminal command.

#config t Enter configuration commands, one per line. End with CNTL/Z (config)#

The help system also works from the command line on a Cisco 1900 switch. Use ? to access a list of available commands. To view all commands starting with the letter S, use s?. Remember to leave a space following a single command to find any follow-up commands, for example show ?. Partial commands can also be completed using the tab key.

It’s generally a good idea to give the switch a hostname to make it easier to identify. From global configuration mode, issue the hostname command, followed by the name you wish to use.

(config)#hostname Cisco1912 Cisco1912(config)#

If you ever want to get back to the menu-based configuration system from the command line, enter the menu command.

Cisco1912#menu

Catalyst 1900 – Main Menu

[C] Console Settings
[S] System
[N] Network Management
[P] Port Configuration
[A] Port Addressing
[D] Port Statistics Detail
[M] Monitoring
[V] Virtual LAN
[R] Multicast Registration
[F] Firmware
[I] RS-232 Interface
[U] Usage Summaries
[H] Help
[K] Command Line

[X] Exit Management Console

Enter Selection:

Network Design Step 4: Planning the Network Implementation

In order to help ensure the success of any network design project, the implementation process for the network needs to be carefully planned. The main element of this step involves the creation of documentation that includes detailed instructions to be followed by the engineers that will ultimately handle the implementation process.

The methods used to document a network implementation plan are often different based on the preferences of both the customer and the network designer. In some cases, documents are created for specific purposes and use tables or stepped instructions that will ultimately walk the engineer through every step of a certain process. Another method involves the creation of a master document that contains cross-references that engineers can refer to for more information. For example, if a design project involves the implementation of three PIX firewalls with different configurations, the implementation plan might include one set of generic configuration settings to be applied to each system, and then specific sub-sections that provide the unique settings for each individual system. Regardless of the specific task to be carried out, it is essential that the network designer not assume anything about what the engineers should be familiar with; good implementation documentation provides instructions that even the most junior engineer should be able to follow.

In order to ensure that the implementation plan includes adequate levels of detail, the following information should always be included in the documentation:

Detailed descriptions of each step, in order to reduce any issues associated with misinterpretation on the part of engineers.
References to other parts of the design document for more information as required.
Implementation guidelines that outline issues such as any other configuration settings that a particular step is dependent upon. For example, the details of configuring OSPF on a router might depend upon basic router settings having been already completed.
Estimated time required for each step, so that the implementation can be scheduled effectively.
Detailed fallback instructions that can be carried out in cases where the steps result in a serious network problem or failure.

Network Design Step 3: Defining Network Topologies and Services

After the individual modules of the new or upgraded network are defined, the specific topologies, technologies, protocols, and network services should be designed. Examples of these elements include:

Network topology design. The design of the new network topology needs to consider both the LANs to be implemented in any offices, as well as the WAN links interconnecting locations. Both the physical and logical elements of the proposed network should be documented, with appropriate diagrams for each. For equipment, a physical diagram would show the interconnection of network elements, while a logical diagram would display the layout of elements like VLANs, network modules, and so on.

Network technology design. The technologies associated with the new network also need to be planned at diagrams. For example, the design may specify that Fast Ethernet is to be used for client connection at the access layer, while the links connecting different layers use redundant fiber-optic Gigabit Ethernet in a redundant design. For WAN links, the technologies to be used should be specified, along with information about key elements such as link speeds.

Network protocol design. The network protocols to be implemented on the new network needs to be specified, along with their scope. For example, the entire network may run TCP/IP as its primary protocol, but certain portions of the network may require the use of other protocols such as IPX/SPX or NetBEUI.

Logical addressing design. The network design needs to include information about the design of logical addressing on the network. For example, a network may use public or private IP addresses internally, along with different hierarchical addressing schemes like VLSM or CIDR. In the case of private IP addressing, connectivity through the use of services like network address translation (NAT) or proxy servers must also be addressed.

Routing infrastructure and protocol design. The routing infrastructure of the network also needs to be considered when developing the network design. For example, will the network use traditional routers only, or some combination that includes Layer 3 switching? Outside of the physical equipment to be implemented, the routing protocols to be used needs to be specified and documented. In a network design using OSPF as its only routing protocol, information about elements such as areas and autonomous systems need to be included. Similarly, the proposed hardware that will be used to implement the design, such as specific switch and router models and specifications, must be fully documented

Security design. The security design of the network can encompass a variety of hardware and software features. The need for and placement of elements like firewalls and intrusion detection systems much be documented, as should the particular hardware and software that will carry out these functions.

Advanced features design. Any advanced features to be implemented on the new or upgraded network need to be carefully documented, ensuring that any proposed equipment provides the capabilities that these features require. For example, a new network might require QoS features for a VoIP implementation, or need to include IP Multicasting capabilities in order to support a streaming media application.

Although most of the network applications, features, and equipment required in a network design fall into one of the categories listed above, these are not the only possibilities that exist. The general rule of thumb to be followed is to be sure that any new or upgraded network element that falls into the scope of the project should be fully documented and diagrammed as appropriate. This information will ultimately be provided to the customer as part of the network design document that will be developed as part of step 6 in the structured network design process.

Network Design Step 3: Designing Network Topologies and Services

Once the customer requirement have been finalized, all goals and constraints defined, and the state of the current network assessed, it’s time to begin designing the new or upgraded network. Earlier in this chapter the two major approaches to network design were discussed, and you should already be aware that the top-down approach is preferable in almost all circumstances. Using this method, a network is designed with the specific application and service requirements of the customer, as well as a very high-level concept of the network infrastructure that will be needed. In particular, the top-down approach should begin by considering the following general requirements:

Functionality. The new design must meet all of the functional requirements for different applications and services as defined by the customer, and augmented by your analysis. All of the functional requirements of the network, such as the need to support VoIP or IP Multicasting, should be defined and well understood at this point.

Performance. The performance requirements for the new or upgraded network must also be defined and understood as part of the design process. All of the proposed applications and services must be understood with respect to the impact that they will have both individually and together on the new network. Other examples of factors that will influence the performance of a network include the number of users that the network needs to support, the speed of the network, and so forth.

Scalability. Although current needs usually have the biggest impact on network design, it is imperative that planned future expansion also be considered. For example, a company may be planning to implement new applications or services in the next 12 months, or be planning to merge with another organization. The design must factor in these elements, including how the new design will allow the network to scale to meet these needs as necessary.

Availability. The availability requirements of a network also have a tremendous impact on any network design project. If a customer’s network or certain applications and services are considered to be mission-critical in nature, the new design must take factors like redundancy into consideration. This may ultimately involve connections to multiple ISPs, the need for redundant switching paths, and so forth. At this stage in the process, a designer is not usually worried about the specific technologies or methods to be used to ensure this availability, but instead concentrates on defining where redundancy needs to be considered.

Security. The security of a new network is a critical component of any design. In the top-down approach, the security needs of an organization should be considered at the beginning of the design process rather than as an afterthought. Again, elements like specific firewalls or intrusion detection systems are not the focus at this point. Instead, the network designer should be focused on the specific network applications and services that need to be secured, and how these requirements will impact the rest of the design process.

Budget. As mentioned in the business constraints section earlier, any network design project needs to consider any budgetary limitations that exist. The designer must be aware of and consider these limitations at each stage of designing an appropriate solution, based on the importance that the customer has associated with various planned applications and services. Ultimately, the budget associated with the project will impact everything from the equipment chosen through to project staffing.

After considering the general network requirements listed above, a network designer using the top-down approach would continue by organizing the network into what are referred to as “modules”. A module is a distinct portion of a network that is responsible for a specific and particular role. For example, the WAN module would be concerned with the equipment and links that would make communication with other locations possible. The network management module would be focused on the applications and equipment required to manage and monitor a network, such as a network management system (NMS) like CiscoWorks.

The model used by Cisco to segment a network into distinct modules is known as the Enterprise Composite Model. This model, along with the functional areas and modules it is comprised of, will be looked at in more detail in future articles.

Network Design Step 2: Creating an Existing Network Summary Report

Once information about the existing network has been gathered using the various methods and tools outlined in the section, it is typically compiled into a document that summarizes the health of the existing network. This document includes information about the status of current network equipment, links, and applications, while also documenting key elements like the physical and logical topology of the network.

The main purpose of this summary report is to provide the customer with a frame of reference that identifies some of the key issues that need to be considered as part of the network design project. For example, the summary report may provide information about some of the limitations of existing hardware, such as routers that will require an IOS upgrade, more resources (like RAM), or even outright replacement. Along the same lines, this document is used to pinpoint and ultimately address the limitations of the current network, ensuring that the customer has the information necessary to make critical decisions about the scope of the project and how it will ultimately move forward.

Network Design Step 2: Network Traffic Analysis Features and Tools

A variety of different tools and utilities exist for the purpose of network traffic analysis. While some of these tools were developed by Cisco, others are popular third-party alternatives. Each of the bullet points listed below outlines a particular tool or utility, along with examples of the types of information that the tool provides.

Network-Based Application Recognition (NBAR). NBAR is a network traffic classification engine that is able to recognize the traffic flows associated with a wide variety of popular network applications. NBAR is not a separate network utility, but instead a feature found in versions of Cisco’s IOS software.
Cisco IOS NetFlow. NetFlow is one of the switching methods available on Cisco routers and switches that allows data to be gathered about the specific traffic flows that traverse the device. This information can be viewed locally on the router, or collected centrally by an application like Cisco FlowCollector and Data Analyzer. Ultimately, NetFlow data can be used to identify network applications, as well as network utilization information.
Third-party tools. Third-party hardware and software tools are also commonly used to analyze network traffic. Examples include protocol analyzers like Sniffer, EtherPeek, Ethereal, and Microsoft’s Network Monitor utility. Another tool commonly used to analyze network traffic patterns and utilization is MRTG, which was mentioned in the network auditing section.

Network Design Step 2: Analyzing Existing Applications and Network Traffic

Aside from auditing a customer’s current network using various network management tools, utilities, and Cisco IOS commands, analyzing existing applications and network traffic also provides accurate sources of information to characterize a network.

As part of most network design projects, the customer will usually provide a list of existing network-related applications, either verbally or through various forms of documentation. In order to ensure that all applications are properly accounted for and their impact on the network understood, a network designer must perform a careful analysis that includes a combination of documentation, prioritization, and traffic analysis. Each of these elements is looked at in more detail below:

Documentation. Although a customer will generally provide a network designer with a list of the network-related applications in use on the current network, it is important to investigate whether this list is complete and current. One effective way to summarize information about the current applications in use is through the use of a decision matrix, similar to the one looked at earlier in Table 12-2.
Prioritization and features. After the application decision matrix has been developed, it should be provided to the customer in order to determine the priority or level of importance associated with each application. Similarly, any particular features associated with the application should be documented. For example, certain application may have very specific security requirements.
Traffic analysis. In order to determine the impact of various applications on the network, and to be sure that the documented list of applications is complete, a network designer should typically conduct network traffic analysis. In a manner similar to auditing a network, various tools and utilities can be used to gather accurate traffic analysis information.

The following article takes a look at some of the network traffic analysis tools, utilities, and IOS commands typically used to gather accurate information about the current network.