Starting a Switch
A Cisco Catalyst switch goes through its startup routine when the switch is turned on. When the startup is complete, the initial software settings can be configured. Recognizing that the switch startup has completed without error is the first step in deploying a Catalyst switch. The switch must start successfully and have a default configuration to operate on the network. The following sections describe how the switch starts up and how to verify its initial operation.
Physical Startup of the Catalyst Switch
The startup of a Catalyst switch requires verifying the physical installation, powering up the switch, and viewing the Cisco IOS Software output on the console. The initial startup of a Catalyst switch requires completion of the following steps:
Step 1 Before starting the switch, verify the following:
- All network cable connections are secure.
- Your terminal is connected to the console port.
- Your console terminal application, such as HyperTerminal, is selected.
Step 2 Attach the power cable plug to the switch power supply socket. The switch starts. There is no On/Off switch on some Catalyst switches, including the Cisco Catalyst 2960 series.
Step 3 Observe the boot sequence as follows:
- Look at the light emitting diodes (LED) on the switch chassis.
- Observe the Cisco IOS Software output text on the console.
NOTE This course describes the Catalyst 2960 series switch only. Switch information and configuration commands presented are specific to the Catalyst 2960 series. Your switch might differ.
Switch LED Indicators
The Catalyst switches have several status LEDs that are generally lit in green when the switch functions normally but that turn amber when there is a malfunction. Figure 2-18 shows the locations of the LEDs on a Catalyst 2960 series switch.
Figure 2-18 Catalyst 2960 LEDs
The LED locations on the Catalyst 2960-12 and 2960-24 are shown in the figure, and their functions are explained in Table 2-4.
Table 2-4 Switch LEDs
The port LED display modes are indicated in Table 2-5, with information about the various LED colors or lighting.
Table 2-5 Port LED Modes
Viewing Initial Bootup Output from the Switch
During initial startup, if POST failures are detected, they are reported to the console. If POST completes successfully, you can configure the switch.
After POST completes successfully on a Catalyst 2960 switch, assuming that this is the first time you have powered on the switch, there is a prompt to enter the initial configuration setup mode for the switch. An automatic setup program can be used to assign the switch with basic IP information, host and cluster names, and passwords, and to create a default configuration for continued basic operation. Later, the CLI can be used to customize and secure the configuration. To run the setup program, access the switch from the PC terminal that was connected to the console port.
Complete the initial configuration by answering each question as it appears, as shown here:
--- System Configuration Dialog --- Would you like to enter the initial configuration dialog? [yes/no]: y At any point you may enter a question mark '?' for help. Use ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets ''. Basic management setup configures only enough connectivity for management of the system, extended setup will ask you to configure each interface on the system Would you like to enter basic management setup? [yes/no]: no First, would you like to see the current interface summary? [yes]: no Configuring global parameters: Enter host name [Switch]: SwitchX The enable secret is a password used to protect access to privileged EXEC and configuration modes. This password, after entered, becomes encrypted in the configuration. Enter enable secret: secret_password The enable password is used when you do not specify an enable secret password, with some older software versions, and some boot images. Enter enable password: enable_password The virtual terminal password is used to protect access to the router over a network interface. Enter virtual terminal password: vty_password Configure SNMP Network Management? [no]: no Configuring interface parameters: Do you want to configure Vlan1 interface? [yes]: yes Configure IP on this interface? [yes]: yes IP address for this interface: 1 0. 1 . 1 . 1 40 Subnet mask for this interface [255.0.0.0] : 255. 255. 255. 0 Class A network is 10.0.0.0, 24 subnet bits; mask is /24 Do you want to configure FastEthernet0/1 interface? [yes]: n ..text omitted .. Do you want to configure FastEthernet0/24 interface? [yes]: n Would you like to enable as a cluster command switch? [yes/no]: n After the required settings are entered, the setup program displays the configuration to be confirmed, as follows. The following configuration command script was created: hostname SwitchX enable secret 5 $1$oV63$8z7cBuveTibpCn1Rf5uI01 enable password enable_password line vty 0 15 password vty_password no snmp-server ! interface Vlan1 ip address 10.1.1.140 255.255.255.0 ! interface FastEthernet0/1 ..text omitted.. interface FastEthernet0/24 ! end  Go to the IOS command prompt without saving this config.  Return back to the setup without saving this config.  Save this configuration to nvram and exit. Enter your selection : 2 Building configuration... [OK] Use the enabled mode 'configure' command to modify this configuration. Enter 2 to complete the initial configuration.
Logging In to the Switch
When Catalyst switches are configured from the CLI that runs on the console or a remote terminal, the Cisco IOS Software provides a CLI called the EXEC. The EXEC interprets the commands that are entered and carries out the corresponding operations. Figure 2-19 shows the different EXEC modes and prompts of IOS.
Figure 2-19 OS EXEC Modes
For security purposes, the EXEC has the following two levels of access to commands:
- User mode: Typical tasks include those that check the status of the switch, such as some basic show commands.
- Privileged mode: Typical tasks include those that change the configuration of the switch. This mode is also known as enable mode. If you have the password that gets you to this privileged enable mode, you basically will have access to all possible device configuration commands.
To change from user EXEC mode to privileged EXEC mode, enter the enable command. The switch then prompts for the enable password if one is configured. Enter the correct enable password. By default, the enable password is not configured.
NOTE For security reasons, the network device will not echo (not show on the screen) the password that you enter. However, if you are configuring a network device over a modem link or using Telnet, the password is sent over the network connection in plain text. Telnet does not offer a method to secure packets. Secure Shell (SSH) Protocol should be used for remote access.
Configuring a Switch from the Command Line
The Catalyst switch IOS software has different configuration modes, including global configuration mode and interface configuration mode.
To configure global switch parameters such as the switch host name or the switch IP address used for switch management purposes, use global configuration mode. To configure a particular port (interface), use interface configuration mode.
NOTE More switch configuration details are provided throughout this course. This section provides an overview of switch configuration so that you can perform an initial configuration on your switch.
One of the first tasks in configuring a switch is to name it. Naming the switch provides a means to better manage the network by being able to uniquely identify each switch within the network. The name of the switch is considered to be the host name and is the name displayed at the system prompt. The switch name is assigned in global configuration mode. In the following, the switch name is set to SwitchX:
>enable Enter Password: #config t (config)#hostname SwitchX SwitchX(config)#end SwitchX#
The switch’s management interface operates as a virtual Layer 3 host within the Layer 2 switch. Remote access to the switch’s management interface is accomplished using the Layer 3 protocol and network applications of TCP/IP. Because of this, a Layer 3 address must be assigned to the switch. The management interface resides in VLAN 1. Therefore, the IP address is assigned to what is effectively a virtual interface, one that works just like a physical interface, but with one IP for the entire device, and it is called interface VLAN 1.
To configure an IP address and subnet mask for the switch, you must be in VLAN 1 interface configuration mode and then use the ip address configuration command. An IP address is required on the switch for remote management purposes. For example, an IP address must be assigned if a Telnet connection is to be used or if the Simple Network Management Protocol (SNMP) will be used to manage the switch.
In addition, just as you would for any interface, you must use the no shutdown interface configuration command to make the VLAN 1 interface operational.
To communicate off your network or subnet, you need a default gateway. To configure a default gateway for the switch, use the ip default-gateway command. Enter the IP address of the next-hop router interface that is directly connected to the switch where a default gateway is being configured. The default gateway, shown in Figure 2-20, receives IP packets with unresolved destination IP addresses from the switch EXEC processes.
Figure 2-20 Default Gateway
After the default gateway is configured, the switch has connectivity to the remote networks that it needs to communicate with.
After the commands to configure the router have been entered, you must save the running configuration to NVRAM with the copy running-config startup-config command. If the configuration is not saved to NVRAM and the router is reloaded, the configuration will be lost and the router will revert to the last configuration saved in NVRAM.
Showing the Switch Initial Startup Status
After logging in to a Catalyst switch, the switch initial startup status can be verified using the following switch status commands: show version, show running-config, and show interfaces. This topic describes the switch status commands that can be used to verify the initial switch operation.
Switch status commands are as follows:
- show version: Displays the configuration of the system hardware and the currently loaded IOS software version information.
- show running-config: Displays the current active running configuration of the switch.
This command requires privileged EXEC mode access. The IP address, subnet mask, and default gateway settings are displayed here, as well as all other current running configuration settings.
- show interfaces: Displays statistics and status information of all the interfaces on the switch. Both the switch trunks and the switch line ports are considered interfaces. The resulting output varies, depending on the network for which an interface has been configured. Usually this command is entered with the options type and slot/number, where type allows values such as Ethernet and Fast Ethernet, and slot/number indicates slot 0 and the port number on the selected interface (for example, E0/1).
Use the show version EXEC command to display the configuration of the system hardware and the software version information. Example 2-1 shows the output for the show version command.
Example 2-1 show version Command Output ------------------------------------------ Switch# show version Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2006 by Cisco Systems, Inc. Compiled Fri 28-Jul-06 11:57 by yenanh Image text-base: 0x00003000, data-base: 0x00BB7944 ROM: Bootstrap program is C2960 boot loader BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)SEE1, RELEASE SOFTWARE (fc1) Switch uptime is 24 minutes System returned to ROM by power-on System image file is “flash:c2960-lanbasek9-mz.122-25.SEE2/c2960-lanbasek9-mz.122-25 .SEE2.bin” cisco WS-C2960-24TT-L (PowerPC405) processor (revision B0) with 61440K/4088K bytes of memory. Processor board ID FOC1052W3XC Last reset from power-on 1 Virtual Ethernet interface 24 FastEthernet interfaces 2 Gigabit Ethernet interfaces The password-recovery mechanism is enabled. ! Text omitted Switch#
Table 2-6 describes the highlighted output fields from the show version command.
Table 2-6 show version Output Fields
The show interfaces command, shown in Example 2-2, displays status and statistics information on the network interfaces of the switch.
Example 2-2 show interfaces Command
SwitchX# show interfaces FastEthernet0/2 FastEthernet0/2 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 0008.a445.ce82 (bia 0008.a445.ce82) MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Half-duplex, 10Mb/s input flow-control is unsupported output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 4w6d, output 00:00:01, output hang never Last clearing of “show interface” counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 182979 packets input, 16802150 bytes, 0 no buffer Received 49954 broadcasts (0 multicast) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 8 ignored 0 watchdog, 20115 multicast, 0 pause input 0 input packets with dribble condition detected 3747473 packets output, 353656347 bytes, 0 underruns
Table 2-7 shows some fields in the display that are useful for checking on fundamental switch details.
Table 2-7 show interfaces Output Details
The show interfaces command is used frequently while configuring and monitoring network devices.
MAC Address Table Management
Switches use the MAC address tables to forward traffic between ports. These MAC tables include dynamic, permanent, and static addresses. To view the MAC address table, use the show mac-address-table command, as shown in Example 2-3.
Example 2-3 show mac-address-table Command
SwitchX# show mac- address- table Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- All 0008.a445.9b40 STATIC CPU All 0100.0ccc.cccc STATIC CPU All 0100.0ccc.cccd STATIC CPU All 0100.0cdd.dddd STATIC CPU 1 0008.e3e8.0440 DYNAMIC Fa0/2 Total Mac Addresses for this criterion: 5
SwitchX#Dynamic addresses are source MAC addresses that are learned by the switch by reading the source MAC address in a frame as it is received by the switch port, and then dropped if they are not refreshed and aged out. The switch provides dynamic addressing by learning the source MAC address of each frame that it receives on each port, and then adding the source MAC address and its associated port number to the MAC address table.
As stations are added or removed from the network, the switch updates the MAC address table, adding new entries and aging out those that are currently not in use.
An administrator can specifically assign permanent addresses to certain ports. Unlike dynamic addresses, permanent addresses are not aged out.
The maximum size of the MAC address table varies with different switches. For example, the Catalyst 2960 series switch can store up to 8192 MAC addresses (while less sophisticated switches might not support that many). When the MAC address table is full, traffic for all new unknown addresses is flooded out all ports except for the source port, which is the port that the frame originally came in on.