Starting off where we had left it from last post..As we have already covered the first three points, we are going to look into management of the swtich:
MANAGEMENT
We are going to enable the remote management features of the switch/router, so we don’t have to stand in those cold IT rooms while configuring or monitoring our devices.
To start we will look from a perspective of a configuring a Cisco switch. Ethernet allow devices to exchange packets (aka communicate) inter-network with the aid of IP addressing and our case being no exception, we will start by allocating an IP address to our switch.. hmm.. Well some of might be confused by the fact that as switches are layer 2 devices and work with MAC addresses. So what on Earth make us allocate an IP address that is a Layer 3 (refer OSI model) to a layer 2 device like switch.
Well it is done solely for remote management purpose. Sounds Alright.. but hey if all the ports on a Switch are layer 2, where are we going to provide the IP address?
All the cisco switches comes with a pre-configured management interface VLAN 1 which inherit all the physical ports and other manageable features of the whole switch thus giving us full control to the switch by logging in remotely using the vlan 1 interface as such.
(config)# interface vlan 1
(config-if)# ip address x.x.x.x subnet
(config-if)#no shutdown (keep in mind VLAN 1 interface is administratively down by default)
This allow to access switch from within it's native network but if you want to access the switch from outside follow it with one more command of default gateway on global config mode
(config)#default-gateway x.x.x.x
In case of a router replace VLAN 1 with interface type.
As we have already configured the telnet (vty lines) in part 1 under security section, so theoretically we should be able to remotely manage our switch/router by using telnet but (Ohh yes there's always a but) using telnet to manage routers or switch is insecure as it transmit every command including username and password in clear text, basically publicising it to any attackers out there listening.
The standard alternate to Telnet's lack of security is SSH (secure shell) but we will cover that later for good reasons.
INTERFACES
Manually configuring interfaces are not must, as most of the time auto negotiation will work just fine, but it's a good practice to hard code at least the important ones. This will save you from troubleshooting any form of duplex mismatch.
At the interface mode duplex and speed of the interface can be hardcoded as below:
(config-if)#duplex (half/full/auto)
99.99% you may want it to keep it as FULL
Similarly, speed can be configured as below:
(config-if)#speed (10/100/1000/auto)
It depend on the type of interface, the above is an example of a standard Ethernet gigabit port but using a ? is always helpful before you configure this.
And at last,
(config-if)#description xxxx
This is an equivalent as hostname for device. It can be used to describe what that interface is used for like "uplink to campus B" etc.
VERIFY & BACKUP
Use of SHOW commands are always good to verify what has been done. SHOW commands are used on the privilege mode but it can be used on config mode as well by using DO SHOW instead.
Here I will cover some of the important ones:
To check the running config
# show running config
To check detailed interface config
# show interface
This will show a detailed report of each interface, I find it too overwhelming at times, so a summarised version as below can be used
# show int description
OR
# show ip int brief
Although there is a SHOW command for most of the configs, we will cover them along with relevant topics.
And now it's time to backup our work. One easy way is to just copy the output of the "show run" command and paste it on notepad. And if there is any need to backup, just copy the stuff from the notepad and go the global config mode on the device and paste it.. Yepp it works..
Other way is to use a tftp service, we can make any given host a tftp server by installing one of the many packages out on Internet.. The one I use is a freeware tftpd32 (just search for it.. I bet you won't miss it)
It takes seconds to install and off you go, you have just made a tftp server of yours.
To backup running config on to the tftp server use the below commands
#copy running-config tftp
This is start a small wizard that will start by asking the address of the tftp server and then the name of the destination file (it shows the default option in square brackets just in case if you don't wanna change it for what ever reasons.
Another way of doing this is
#copy running-config tftp://192.168.1.21/sw2-config.txt
Where 192.168.1.21 is IP of my tftp server and sw2-config.txt is name of the destination backup file.
Two things that I will like to mention here is always ping your tftp server before processing with these commands otherwise it may hang there forever, secondly it's a good proactive to use the .txt at the end of the file to ease to viewing on the end OS.
Similarly, if you want to copy from tftp use as follows:
# copy tftp startup-config
Again, it will take you through a small wizard or just use to other format as mentioned above.. Of course stating the tftp section first.
That's it .. You have successfully configured and backed up your device.
MANAGEMENT
We are going to enable the remote management features of the switch/router, so we don’t have to stand in those cold IT rooms while configuring or monitoring our devices.
To start we will look from a perspective of a configuring a Cisco switch. Ethernet allow devices to exchange packets (aka communicate) inter-network with the aid of IP addressing and our case being no exception, we will start by allocating an IP address to our switch.. hmm.. Well some of might be confused by the fact that as switches are layer 2 devices and work with MAC addresses. So what on Earth make us allocate an IP address that is a Layer 3 (refer OSI model) to a layer 2 device like switch.
Well it is done solely for remote management purpose. Sounds Alright.. but hey if all the ports on a Switch are layer 2, where are we going to provide the IP address?
All the cisco switches comes with a pre-configured management interface VLAN 1 which inherit all the physical ports and other manageable features of the whole switch thus giving us full control to the switch by logging in remotely using the vlan 1 interface as such.
(config)# interface vlan 1
(config-if)# ip address x.x.x.x subnet
(config-if)#no shutdown (keep in mind VLAN 1 interface is administratively down by default)
This allow to access switch from within it's native network but if you want to access the switch from outside follow it with one more command of default gateway on global config mode
(config)#default-gateway x.x.x.x
In case of a router replace VLAN 1 with interface type.
As we have already configured the telnet (vty lines) in part 1 under security section, so theoretically we should be able to remotely manage our switch/router by using telnet but (Ohh yes there's always a but) using telnet to manage routers or switch is insecure as it transmit every command including username and password in clear text, basically publicising it to any attackers out there listening.
The standard alternate to Telnet's lack of security is SSH (secure shell) but we will cover that later for good reasons.
INTERFACES
Manually configuring interfaces are not must, as most of the time auto negotiation will work just fine, but it's a good practice to hard code at least the important ones. This will save you from troubleshooting any form of duplex mismatch.
At the interface mode duplex and speed of the interface can be hardcoded as below:
(config-if)#duplex (half/full/auto)
99.99% you may want it to keep it as FULL
Similarly, speed can be configured as below:
(config-if)#speed (10/100/1000/auto)
It depend on the type of interface, the above is an example of a standard Ethernet gigabit port but using a ? is always helpful before you configure this.
And at last,
(config-if)#description xxxx
This is an equivalent as hostname for device. It can be used to describe what that interface is used for like "uplink to campus B" etc.
VERIFY & BACKUP
Use of SHOW commands are always good to verify what has been done. SHOW commands are used on the privilege mode but it can be used on config mode as well by using DO SHOW instead.
Here I will cover some of the important ones:
To check the running config
# show running config
To check detailed interface config
# show interface
This will show a detailed report of each interface, I find it too overwhelming at times, so a summarised version as below can be used
# show int description
OR
# show ip int brief
Although there is a SHOW command for most of the configs, we will cover them along with relevant topics.
And now it's time to backup our work. One easy way is to just copy the output of the "show run" command and paste it on notepad. And if there is any need to backup, just copy the stuff from the notepad and go the global config mode on the device and paste it.. Yepp it works..
Other way is to use a tftp service, we can make any given host a tftp server by installing one of the many packages out on Internet.. The one I use is a freeware tftpd32 (just search for it.. I bet you won't miss it)
It takes seconds to install and off you go, you have just made a tftp server of yours.
To backup running config on to the tftp server use the below commands
#copy running-config tftp
This is start a small wizard that will start by asking the address of the tftp server and then the name of the destination file (it shows the default option in square brackets just in case if you don't wanna change it for what ever reasons.
Another way of doing this is
#copy running-config tftp://192.168.1.21/sw2-config.txt
Where 192.168.1.21 is IP of my tftp server and sw2-config.txt is name of the destination backup file.
Two things that I will like to mention here is always ping your tftp server before processing with these commands otherwise it may hang there forever, secondly it's a good proactive to use the .txt at the end of the file to ease to viewing on the end OS.
Similarly, if you want to copy from tftp use as follows:
# copy tftp startup-config
Again, it will take you through a small wizard or just use to other format as mentioned above.. Of course stating the tftp section first.
That's it .. You have successfully configured and backed up your device.
Location:Winter Ave,Stratford,United Kingdom
Comments
Post a Comment