Next
Configuration Task List
| Washignton School District | Back Next
|
|
Configuration Task List | |
SECTION 1 - Accessing the CLI through the Console
Port
SECTION 2 - Configure the IP Address and Default
Gateway
SECTION 3 - Configuring Default Gateway
SECTION 4 - Configure the Switch as a VTP
Server
SECTION 5 - Configure the Switch as a VTP
Client
SECTION 6 - Configure VLAN Trunks
SECTION 7 - Create VLANs
SECTION 8 - Defining the Allowed VLANs on a
Trunk
SECTION 9 - Assign Switch Ports to VLAN
SECTION 10 - Configuring Spanning Tree
SECTION 11 - Configuring a Primary Root Switch
SECTION 12 - Configuring a Secondary Root
Switch
SECTION 13 - Configuring PortFast
SECTION 14 - Configuring CDP
SECTION 15 - Configuring DNS
SECTION 16 - Configuring NTP in Broadcast-Client
Mode
SECTION 17 - Configuring SNMP from the CLI
SECTION 18 - Configuring IP InterVLAN Routing on
the MSFC
SECTION 19 - Configuring IPX InterVLAN Routing on
the MSFC
SECTION 20 -
Configuring Redundancy with HSRP
The followings are BASIC INGREDIENTS of how to configure our Cisco equipment to make this project at least a functional network based on the design requirements. More details are provided in each configuration of each device.
Accessing the CLI through the Console Port
To access the switch through the console port, perform this task:
| Task |
Command |
|
Step 1 Initiate a connection from the terminal to the switch console prompt and press Return. |
|
|
Step 2 At the prompt, enter the system password. The Console> prompt appears, indicating that you have accessed the CLI in normal mode. |
|
|
Step 3 If necessary, enter privileged mode (you must enter privileged mode to change the switch configuration). |
enable |
|
Step 4 Enter the necessary commands to complete the desired tasks. |
|
|
Step 5 When finished, exit the session. |
exit |
Before you can Telnet to the switch or use SNMP to manage the switch, you must assign an IP address to the in-band (sc0) logical interface.
You can specify the subnet mask (netmask) using the number of subnet bits or using the subnet mask in dotted decimal format.
To set the IP address and VLAN membership of the in-band (sc0) management interface, perform this task in privileged mode:
| Task |
Command |
|
Step 1 Assign an IP address, subnet mask (or number of subnet bits), and (optional) broadcast address to the in-band (sc0) interface. |
set interface sc0 [ip_addr[/netmask] [broadcast]] |
|
Step 2 Assign the in-band interface to the proper VLAN (make sure the VLAN is associated with the network to which the IP address belongs). |
set interface sc0 [vlan] |
|
Step 3 If necessary, bring the interface up. |
set interface sc0 up |
|
Step 4 Verify the interface configuration. |
show interface |
The supervisor engine sends IP packets destined for other IP subnets to the default gateway (typically a router interface in the same network or subnet as the switch IP address). The switch does not use the IP routing table to forward traffic from connected devices, only IP traffic generated by the switch itself (for example, Telnet, TFTP, and ping).To specify one or more default gateways, perform this task in privileged mode:
| Task |
Command |
|
Step 1 Configure a default IP gateway address for the switch. |
set ip route default gateway [metric] [primary] |
|
Step 2 (Optional) Configure additional default gateways for the switch. |
set ip route default gateway [metric] [primary] |
|
Step 3 Verify that the default gateways appear correctly in the IP routing table. |
show ip route |
Configure the Catalyst 6509s as a VTP SERVER
When you configure a switch as a VTP server, you must define a VTP domain before you can create VLANs.
To configure a switch as a VTP server, perform these steps in privileged mode:
| Task |
Command |
|
Step 1 Assign a name to the VTP management domain. |
set vtp domain name |
|
Step 2 Set the VTP mode. |
set vtp mode server |
|
Step 3 Verify the VTP configuration. |
show vtp domain |
Configure the Catalyst 2928Gs and Catalyst 1924s as VTP Clients.
When you configure a switch as a VTP client, you cannot configure VLANs on the switch; instead, you configure VLANs on a VTP server in the same VTP domain as the client. The VTP client synchronizes its VLAN configuration to the configuration of the server.
To configure a switch as a VTP client, perform these steps in privileged mode:
| Task |
Command |
|
Step 1 Assign a name to the VTP management domain. |
set vtp domain name |
|
Step 2 Set the VTP mode. |
set vtp mode client |
|
Step 3 Verify the VTP configuration. (It might take a few minutes before a VTP client learns the VTP and VLAN configuration information from neighboring switches.) |
show vtp domain |
Perform these steps for all 8 ports Gigabit modules on the Catalyst 6509s and Gigabit uplink of the Catalyst 2924Gs
VLAN trunks are point-to-point links that carry the traffic of multiple VLANs. Trunk ports are useful in the network backbone, where traffic from many VLANs is handled. All Ethernet ports can use Inter-Switch Link (ISL) or IEEE 802.1Q encapsulation for trunking.By default, all Ethernet ports are set to negotiate and attempt to use ISL encapsulation.
To configure an Ethernet port as a trunk, perform these steps in privileged mode:
| Task |
Command |
|
Step 1 Configure a port as a trunk. A message appears on the console indicating that the port has become a trunk. |
set trunk mod_num/port_num {on | desirable | auto} {isl | dot1q | negotiate} |
|
Step 2 Verify that the trunk configuration is correct. |
show trunk |
Create two VLANs: Vlan 2 (Administration) and Vlan 3 (Student) at the Catalyst 6509
To configure an Ethernet VLAN in a VTP domain, perform these steps in privileged mode:
| Task |
Command |
|
Step 1 Create a VLAN by assigning it a VLAN number and, if desired, a VLAN name. |
set vlan vlan_num [name name] |
|
Step 2 Verify the VLAN configuration. |
show vlan vlan_num |
Define Vlan 1, Vlan 2 and Vlan 3 are only Vlans allowed on a Trunk
When you configure a trunk port, all VLANs are added to the allowed VLANs list for that trunk. However, you can remove VLANs from the allowed list to prevent traffic for those VLANs from passing over the trunk. You cannot remove VLAN 1, the default VLAN, from the allowed list.
To define the allowed VLAN list for a trunk port, perform this task in privileged mode:
| Task |
Command |
|
Step 1 Remove VLANs from the allowed VLANs list for a trunk. |
clear trunk mod_num/port_num vlans |
|
Step 2 (Optional) Add specific VLANs to the allowed VLANs list for a trunk. |
set trunk mod_num/port_num vlans |
|
Step 3 Verify the allowed VLAN list for the trunk. |
show trunk [mod_num/port_num] |
After you create a VLAN, you can assign one or more switch ports to the VLAN. Devices connected to those ports will belong to that VLAN. Make sure the connected device is properly configured with an IP address, subnet mask, and default gateway in the subnet used for the VLAN.
To add a switch port to a VLAN, perform these steps in privileged mode:
| Task |
Command |
|
Step 1 Add one or more switch ports to a VLAN. |
set vlan vlan_num mod_num/port_num |
|
Step 2 Verify that the ports are properly assigned to the VLAN. |
show vlan vlan_num |
|
Step 3 Check to which VLAN a particular port belongs. |
show port [mod_num/port_num] |
To enable STP, perform this task in privileged mode:
| Task |
Command |
|
Step 1 Enable spanning tree on the desired VLAN. |
set spantree enable [vlan] |
|
Step 2 Verify that spanning tree is enabled. |
show spantree [vlan] |
Configure the first Catalyst 6509 as a primary root switch and the second Catalyst 6509 as a secondary root switch
.The set spantree root command reduces the bridge priority (the value associated with the switch) from the default (32,768) to a significantly lower value, which allows the switch to become the root switch.
When you specify a switch as the primary root, the default bridge priority is modified so that it becomes the root for the specified VLANs. Set the bridge priority to 8192. If this setting does not result in the switch becoming a root, modify the bridge priority to be 100 less than the bridge priority of the current root switch. Since different VLANs could potentially have different root switches, the bridge VLAN-priority chosen makes this switch the root for all the VLANs specified. If reducing the bridge priority as low as 1 still does not make the switch the root switch, the system displays a message.
To configure a switch as the primary root switch, perform this task in privileged mode:
| Task |
Command |
|
Configure a switch as the primary root switch. |
set spantree root vlans [dia network_diameter] [hello hello_time] |
The set spantree root secondary command reduces the bridge priority to 16,384, making it the probable candidate to become the root switch if the primary root switch fails. You can run this command on more than one switch to create multiple backup switches in case the primary root switch fails.
To configure a switch as the secondary root switch, perform this task in privileged mode:
| Task |
Command |
|
Configure a switch as the secondary root switch. |
set spantree root [secondary] vlans [dia network_diameter] [hello hello_time] |
To enable PortFast on a switch port, perform this task in privileged mode:
| Task |
Command |
|
Step 1 Enable PortFast on a switch port connected to a single workstation or server. |
set spantree portfast mod_num/port_num enable |
|
Step 2 Verify the PortFast setting. |
show spantree mod_num/port_num |
Perform these steps on all Catalyst switches
To set the CDP global enable state, perform this task in privileged mode:
| Task |
Command |
|
Step 1 Set the CDP global enable state on the switch. |
set cdp {enable | disable} |
|
Step 2 Verify the CDP configuration. |
show cdp |
To set up and enable DNS on the switch, perform this task in privileged mode:
| Task |
Command |
|
Step 1 Specify the IP address of one or more DNS servers. |
set ip dns server ip_addr [primary] |
|
Step 2 Set the domain name. |
set ip dns domain name |
|
Step 3 Enable DNS. |
set ip dns enable |
|
Step 4 Verify the DNS configuration. |
show ip dns [noalias] |
Configure the switch in NTP broadcast-client mode if an NTP broadcast server, such as a router, regularly broadcasts time-of-day information on the network. To compensate for any server-to-client packet latency, you can specify an NTP broadcast delay (a time adjustment factor for the receiving of broadcast packets by the switch).
To enable NTP broadcast-client mode on the switch, perform this task in privileged mode:
| Task |
Command |
|
Step 1 Enable NTP broadcast-client mode. |
set ntp broadcastclient enable |
|
Step 2 (Optional) Set the estimated NTP broadcast packet delay. |
set ntp broadcast delay microseconds |
|
Step 3 Verify the NTP configuration. |
show ntp [noalias] |
To configure SNMP from the command-line interface (CLI), perform this task in privileged mode:
| Task |
Command |
|
Step 1 Define the SNMP community strings for each access type. |
set snmp community read-only community_stringset snmp community read-write community_string set snmp community read-write-all community_string |
|
Step 2 Assign a trap receiver and community. You can specify up to ten trap receivers. |
set snmp trap rcvr_address rcvr_community |
|
Step 3 Specify the SNMP traps to send to the trap receiver. |
set snmp trap enable [all | module | chassis | bridge | repeater | auth | vtp | ippermit | vmps | config | entity | stpx] |
|
Step 4 Verify the SNMP configuration. |
show snmp |
We use IGRP as routing protocol in our design
To configure interVLAN routing for IP, perform this task:
| Task |
Command |
|
Step 1 (Optional) Enable IP routing on the router1. |
Router(config)# ip routing |
|
Step 2 (Optional) Specify an IP routing protocol2. |
Router(config)# router ip_routing_protocol |
|
Step 3 Specify a VLAN interface on the MSFC. |
Router(config)# interface vlan-id |
|
Step 4 Assign an IP address to the VLAN. |
Router(config-if)# ip address n.n.n.n mask |
|
Step 5 Exit configuration mode. |
Router(config-if)# Ctrl-Z |
To configure interVLAN routing for Internetwork Packet Exchange (IPX), perform this task:
| Task |
Command |
|
Step 1 (Optional) Enable IPX routing on the router1. |
Router(config)# ipx routing |
|
Step 2 (Optional) Specify an IPX routing protocol2. |
Router(config)# ipx router ipx_routing_protocol |
|
Step 3 Specify a VLAN interface on the MSFC. |
Router(config)# interface vlan-id |
|
Step 4 Assign a network number to the VLAN3. |
Router(config-if)# ipx network [network | unnumbered] encapsulation encapsulation-type |
|
Step 5 Exit configuration mode. |
Router(config-if)# Ctrl-Z |
You can configure one or more Hot Standby Routing Protocol (HSRP) groups on MSFC VLAN interfaces to provide automatic routing backup for your network. Each VLAN interface in an HSRP group shares a virtual IP address and MAC address. You can configure end stations and other devices to use the HSRP address as the default gateway so that if one router interface fails, service is not interrupted to those devices.
The interface with the highest HSRP priority is the active interface for that HSRP group.
To configure HSRP on an MSFC VLAN interface, perform this task in interface configuration mode:
| Task |
Command |
|
Step 1 Enable HSRP and specify the HSRP IP address. If you do not specify a group-number, group 0 is used. |
Router(config-if)# standby [group-number] ip [ip-address] |
|
Step 2 Specify the priority for the HSRP interface. Increase the priority of at least one interface in the HSRP group (the default is 100). The interface with the highest priority becomes active for that HSRP group. |
Router(config-if)# standby [group-number] priority priority |
|
Step 3 (Optional) Configure the interface to preempt the current active HSRP interface and become active if the interface priority is higher than the priority of the current active interface. |
Router(config-if)# standby [group-number] preempt [delay delay] |
|
Step 4 (Optional) Set the HSRP hello timer and holdtime timer for the interface. The default values are 3 (hello) and 10 (holdtime). All interfaces in the HSRP group should use the same timer values. |
Router(config-if)# standby [group-number] timers hellotime holdtime |
|
Step 5 (Optional) Specify a clear-text HSRP authentication string for the interface. All interfaces in the HSRP group should use the same authentication string. |
Router(config-if)# standby [group-number] authentication string |