The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic security information before being connected to a network. To use an IP-based management product or Telnet with a Cisco switch, you must configure a management IP address. Now, let’s share the basic configuration of the Cisco 2960 switch using Cisco IOS commands.
The following resources are required:
• Cisco 2960 switch or other comparable switch
• Router with Ethernet interface to connect to switch
• Three Windows-based PCs, one with a terminal emulation program
• RJ-45-to-DB-9 connector console cable
• Three straight-through Ethernet cables
• Access to the PC command prompt
• Access to a PC network TCP/IP configuration
Then, the following points are details of Cisco 2960 switch configuration
1. Connect the hosts to the switch and configure them. Configure the hosts to use the same IP subnet for the address and mask as on the switch. Do not connect host H3 to the switch yet.
2. Connect the router to the switch and configure the router. Connect the router to switch port Fa0/5. And then configure the router with the host name Customer Router, the console access and password, vty access and password, and enable secret password.
3. Configure the switch. Configure the switch with the host name Customer Switch as prompts, such as set the privilege exec mode password to cisco; configure the console line to require a password at login and so on.
4. Configure the management interface on VLAN 1. Enter global configuration mode (Remember to use the new password) and the interface configuration mode for VLAN 1. After that, set the IP address, subnet mask, and default gateway for the management interface. (The IP address must be valid for the local network where the switch is installed.)
5. Verify the configuration of the switch. Verify that the IP address of the management interface on the switch VLAN 1 and the IP address of host H1 are on the same local network. Use the show running-configuration command to check the IP address configuration of the switch; save the configuration.
6. Verify connectivity using ping and Telnet. To verify that the switch and router are correctly configured, ping the router Fa0/1 interface (default gateway) IP address from the switch CLI.
7. Determine which MAC addresses that the switch has learned. From the Windows command prompt, get the Layer 2 addresses of the PC network interface card for each host by using the ipconfig /all command.
8. Configure basic port security. Determine the options for setting port security on Fast Ethernet interface 0/4, and to allow the switch port Fast Ethernet 0/4 to accept only one device, configure port security.
9. Connect a different PC to the secure switch port. Disconnect host H2 from Fast Ethernet 0/18, and connect host H3 (has not yet been attached to the switch) to the port; From H3, pings the switch address 192.168.1.5 to generate some traffic; Record any observations at the PC and the switch terminal session. If you do not have a third PC (host H3) and you are working with a remote lab setup and cannot physically disconnect H2, you may be able to use another optional method. (Refer to http://dld.bz/bZ8N9)
10. Reactivate the port. Clear the sticky address entry for port Fa0/18 using the clear port-security command and return the interface from error disable to administratively up, enter the shutdown command followed by the no shutdown command.
11. Set speed and duplex options for the ports. Switch port settings default to auto-duplex and auto-speed. If a computer with a 100 Mbps NIC is attached to the port, it automatically goes into full-duplex 100 Mbps mode. If a hub is attached to the switch port, it normally goes into half-duplex 10 Mbps mode.
12. Exit the switch. Type exit to leave the switch and return to the welcome screen, when the steps are completed, turn off all the devices. Remove and store the cables and adapter.
13. Reflection. You should make clear that which password needs to be entered to switch from user mode to privilege exec mode on the Cisco switch, and why?
Which symbol is used to show a successful ping in the Cisco IOS software?
What is the benefit of using port security?
What other port-related security steps could be taken to further improve switch security?
This is original from: http://web.nmsu.edu/