LAN Switching and Configuring 2950 Switches
From Proprofs
You are here: Home > Schools > Cisco > CCNA Certification > Wiki Home >CCNA Wiki
|
|
By Cbrzana |
LAN Switching and Configuring 2950 Switches
LAN Switch Logic Summary:
1. A frame is received.
2. If the destination is a broadcast/multicast, forward on all ports except the port the frame was received.
3. If the destination is Unicast, and address not in table, forward on all ports expect the received port.
4. If the destination is Unicast, address is in the table, and if associated interface is not the interface the frame arrived, forward frame out correct port.
5. Otherwise, filter the frame.
Basic Configuration/Operation Commands
| Command | Description |
| Interface vlan 1 | Global command, config interface for VLAN interface |
| ip address [address][subnet mask] | Interface configuration, set ip-address |
| ip default-gateway [address] | Global command that sets default gateway |
| interface fastethernet 0/x | Puts user into user configuration mode |
| duplex {auto|full|half} | Set duplex mode for interface |
| speed {10|100|1000|auto|nonegotiate} | Sets the speed of the interface |
| switchport port-security mac-address | Statically add MAC address as allowed address on that port |
| switchport port-security mac-address sticky | Tells switch to learn MAC addresses on the interface, and add to config as secure MACs |
| switchport port-security maximum [value] | Max of static secure MAC allowed on the interface |
| switchport port-security violation {protect|restrict|shutdown} | Tells switch what to do if inappropriate MAC tries to access network through secure switch port. |
| hostname [name] | Assign hostname to switch |
| line con 0 | Enter console configuration mode |
| line vty 0 15 | Enter vty configuration mode |
| login | Tells switch to ask for password |
| password [password] | Sets the password |
| enable secret [password] | Sets encrypted password |
| enable password [password] | Sets password to enter privileged mode |
| configure terminal | Enter configuration mode |
| show interfaces fastethernet 0/x | Display interface status |
| show interfaces vlan 1 | Displays the ip address configuration |
| show interfaces | Display info about specific interfaces |
| show {running|startup}-config | Display RAM/NVRAM settings |
| show-mac-address-table | Displays the MAC address table |
| show port-security [interface][address] | Show security options on interface |
| erase startup-config | Erases startup configuration |
show interfaces status reveals port, status, vlan, duplex, speed, and type.
*By default, switches work out-of-the-box, all ports on VLAN1*
When changing speed/duplex, interface will temporarily go down.
[edit section] Configuring the IP Address
- interface vlan 1 IP address of switch configured on this interface
- ip address [address][mask]
- ip default-gateway [address]
[edit section] Port Security Configuration
Restrict the interface so that only expected devices can use it.
1. switchport port-security -> enable port security
a. allowed only on ports not connected to other switches
2. switchport mode access -> designate interface as not connecting to another switch
3. switchport port-security mac-address [mac address]-> statically configure allowed mac address
By default, only one mac address per interface, and shuts down violation
- -> change using switchport port-security maximum [1-132]
- -> To change violation type, switchport port-security violation
Note: To automatically add the mac of the first frame sent on the port, use:
- switchport port-security mac-address sticky
Top 5 Contributors to this article
|
|||||
