We cannot configure a switch if it is not initialized. In this lesson, we are going to describe the startup of a Cisco IOS switch and help you identify the steps by looking at LANs and initial boot output. We will then log into the switch, configure it via the command-line interface, and then verify the initial operation by using the appropriate show commands.
Initial Startup of the Catalyst Switch
Cisco access layer switches are ready to go on providing connectivity on layer 2 functions at startup. The initialization process includes a series of system startup routines that initiate the software and make these functions available. Default configuration parameters include a switch prompt, a basic definition on the interfaces, including having all of them enabled. If you want to observe the process, you should verify that the cabling is consistent, that you have a console connection, and that you have a terminal client running on that console, for example, HyperTerminal or PuTTY.
In lower-end switches, simply attaching the power cable plug to the switch will start up and initiate the process. In these lower-end switches you do not have an “on” and “off” button like those you find in higher end distribution layer and core layer switches. You can then observe the boot sequence physically and from the outside by looking at the LEDs on the switch chassis and also through your console connection by looking at the IOS software output text, which displays some of the output of the diagnostics and the overall process of initiation. It is important to understand that this course is based on the Catalyst 2960 switch and that both the output and some of the commands may be different from other switches.
Catalyst 2960 Switch LED Indicators
This figure shows the LEDs on a Catalyst 2960. The different LEDs will display valuable information in terms of the status and the capacity of the switch. The system LED will be green if the system is powered on and operational but amber if there are errors in the power-on self-test or if there is system malfunction. The redundant power supply LED will show flashing amber if the internal power supply failed and a redundant power supply is helping the switch. The port mode LEDs will display what the port LEDs mean at any given point in time.
The mode button will help you switch to different modes and the different modes will give you different meaning for the port LEDs right there. For example, selecting the stat or status mode will show port LEDs in flashing green if there is a link and activity, but amber if the port has been shut down by the administrator or has been blocked by spanning tree, for example. If you switch to say a utilization mode there, then the different ports will be green, displaying the approximate overall utilization of the switch in terms of throughput. So depending on the model, for example, showing all port LEDs in green, 100% of them will mean that the switches are 50% capacity and different combinations will show different percentages.
Initial Bootup Output
The IOS software output will show more specific information, among other things, the MAC address of the switch and the various stages of the initialization process. It also shows the location of the image of the operating system, where is it being loaded from, and the status of the loading process. After initialization has been completed, then you can get access to the command-line interface; however, if the switch configuration files are empty, then the switch will go straight into setup mode and will start prompting you and asking you questions for basic configuration. You could actually also invoke the setup mode by typing the setup command.
Loggin in to the Switch and Entering the Privileged EXEC Mode
Once at the command-line interface, you will be located in EXEC mode. Again, EXEC mode allows you to monitor, view, and maintain the switch, but it depends on the role that you have assigned. The roles are user mode or privilege mode and again, user mode will have limited access to simply monitoring tools, whereas privilege mode will allow you to do monitoring and maintenance of the switch. For example, you can copy configuration files from the network in privilege mode or you can simply erase configuration files and actually also erase the IOS image.
So, it is a more dangerous mode and more powerful mode for the more power you said that will be managing and maintaining the switch. In order to go from user mode to privilege mode, you will have to use the enable command. You will be then prompted for password if there is one, default is that there is no password, and then go into privilege mode and you can tell you are there because of the change in prompts.
User Access Verification
User mode will again have a greater than sign as a prompt, whereas the privilege mode will have the pound sign. For security purposes, the password is not echoed back to you; however, if you are doing this via a Telnet session, then passwords are exchanged in clear text, so that is why it is highly recommended to use encrypted protocols like SSH that provide confidentiality and integrity of the transaction.
Configuring the Switch
Once in privilege mode, you can use monitoring commands and also maintenance commands like the copy example. If you want to configure the switch, you would have to go into configuration mode. There are many and multiple levels of configuration modes and more global ones; the more generic one is the global configuration mode, which you can enter by typing the commands configure terminal. You will then see the prompt changing while maintaining the pound sign, telling you that you are in privilege mode. It will go into config mode in parentheses, and those parentheses will tell you about the level of configuration mode that you have accomplished. In global configuration, all settings and parameters pertain or are related to the switch as a unit as a device.
Enter configuration commands, one per line. End with CNTL/Z.
So for example, you can change the prompt, you can give the device an enable password or change the enable password, create banners for display to users logging into the switch, and/or change the order of the booting process. If you want to configure specific components, then at global configuration you would have to go into each one of those components. For example, if you want to configure interfaces, you will type the interface command, followed by the interface reference, in this case, we are entering the fast Ethernet interface on slot 0, port 1. This is a typical example of a fixed configuration device like the 2960; at that point, you go into interface configuration mode and you can tell you are there because the prompt changes to display the word config-if.
Switch(config)#interface FastEthernet 0/1
There are multiple such configuration modes for routing protocols in the case of a multilayer switch; you will from global configuration enter a routing protocol configuration mode. The console line and VTY lines for Telnet access can also be configured or entered from the global configuration mode. If you want to go back to the previous mode, you would press click or enter the command exit. So exit takes you, for example, from interface configuration back into global configuration. If you want to go back straight into privilege mode at the EXEC level, then you can do Ctrl+Z or end and that will take you back to the first level, which is EXEC mode.
One of the first tasks in global configuration mode is to name the switch. The host name command allows you to give the switch a name and that will change the prompt because the switch host name will be part of the prompt. This host name is also used for management to simply visually identify the switch and quickly identify it by looking at the prompt and for other identification purposes, including enabling DNS on the switch.
Enter configuration commands, one per line. End with CNTL/Z.
You can also provide IP addresses to the switch by going into particular interfaces with the interface command from global configuration mode and then using the IP address command as shown in the figure to define the IP address and the subnet mask. In this case, we are talking about a layer 2 switch in the 2960 and so the layer 3 interfaces that we have available are VLAN interfaces for management purposes.
You can also see the use of the shutdown command. We can use the command with the keyword “no” and this will be common to most Cisco commands. In other words, issuing the shutdown command will disable the interface administratively but issuing the no shutdown command will enable it again. Using the same commands if you set the IP address, you can also remove it by using the no IP address command.
% Applying VLAN changes may take few minutes. Please wait…
DSTR2(config)#int vlan 10
DSTR2(config-if)#ip address 192.168.0.10 255.255.255.0
Configuring the Switch Default Gateway
The IP default gateway would complete the IP configuration on layer 2 switches like the 2960. The switch will not really have a routing table and so it requires the IP default gateway, just like any other endpoint on the network. With this command in global configuration mode, you specify the IP address of the default gateway; now the switch is ready to access remote destinations. This is again mostly for administrative purposes to be able to ping Telnet and SNMP into other destinations or remote destinations.
DSTR2(config)#ip default-gateway 192.168.0.1
We have to remember that all of these commands are active and functioning on the switch. They represent the current configuration or running configuration; however, they have not been saved into startup configuration, which is the one the switch will read in the next bootup. Saving configurations is a manual process and the commands are: copy, running config, to start up config. It will prompt you for destination file name, which is set by default. You simply save into an existing configuration file called startup config located in NVRAM. This will guarantee that the configuration is ready and available for the next switch bootup. If you do not do this, then the running configuration in RAM will be lost if the switch loses power or if you reboot the switch.
Show Switch Initial Startup Status
You can verify your configurations and overall status and capacities of the switch with the commands listed here. Show running configuration, as we have mentioned, displays the current active config on the switch, whereas show startup configuration will show the saved configuration in NVRAM; show version displays the overall settings and capacity of the switch including hardware, software version, and configuration files and boot images. Other commands allow you to see the status of interfaces like the show interfaces command, which will display not only the status but also statistics related to specific interfaces.
Here is an example of show version; it again displays the IOS software characteristics including version numbers and feature sets. It also displays the mini IOS located in ROM, the boot loader, which will have a different version eventually. Switch uptime is important to identify possible reboots of the switch recently. Next up is the image of IOS that was loaded; this time we are loading from flash, which is a default, but the switch may have loaded an image from the network in the case of fallback options and in that case it will be displayed here.
Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 15.0(1)SE1, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 01-Dec-11 14:53 by prod_rel_team
ROM: Bootstrap program is Alpha board boot loader
BOOTLDR: C2960S Boot Loader (C2960S-HBOOT-M) Version 12.2(55r)SE, RELEASE SOFTWARE (fc1)
Switch uptime is 28 weeks, 2 days, 6 hours, 15 minutes
System returned to ROM by power-on
System restarted at 18:16:59 EET Wed Dec 14 2011
System image file is “flash:/c2960s-universalk9-mz.150-1.SE1.bin”
cisco WS-C2960S-48TS-L (PowerPC) processor (revision F0) with 131072K bytes of memory.
Processor board ID XXXXXXXXXXX
Last reset from power-on
2 Virtual Ethernet interfaces
1 FastEthernet interface
104 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
Next up, the overall hardware settings, including the amount of RAM, which displays two numbers: shared memory and memory available for the rest of the system. If you add up those two numbers, you will obtain the total RAM on the switch. It also displays the total number of physical interfaces, and additional pieces of this output not displayed here include the amount of flash and the value of the configuration register.
The show interfaces command is typically used for very fine configurations but also for monitoring and troubleshooting. You can use the show interfaces command only and that will display all interfaces, or you can specify a particular interface to display. It shows the layer 2 and layer 1 status up there; first up relates to layer 1, the second up there relates to layer 2 and shows the hardware settings in terms of the MAC address, duplex status, and speed that you set on the interface, followed by a series of statistics including the last clearing of the counters, the queuing strategy, very important 5-minute input and output rates in bits per second and packets per second, and then statistics related to total packets and errors that belong to multiple categories.
Switch#sh int gi 1/0/2
GigabitEthernet1/0/2 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is d4d7.48ef.9e82 (bia d4d7.48ef.9e82)
MTU 9000 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:00, output hang never
Last clearing of “show interface” counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
59814322 packets input, 25857763788 bytes, 0 no buffer
Received 7326867 broadcasts (7172259 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 7172259 multicast, 0 pause input
0 input packets with dribble condition detected
98618698 packets output, 90904769164 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
As a layer 2 device, switches will maintain a MAC address table. Again, they will learn MAC addresses by dynamically looking at frame headers and then be able to locate MAC addresses as related to ports to then do intelligent switching of packets or frames. You can display the MAC address table with show mac address-table command. This will display not only the MAC address and type, but also the port where the switch determines this MAC address is located. Some MAC addresses may be static, some of them related to internal use of the Catalyst 2960, in this example. Remember some of these entries will time out, be removed, and relearned during the switching process.
Our Recommended Premium CCNA Training Resources
These are the best CCNA training resources online:
Click Here to get the Cisco CCNA Gold Bootcamp, the most comprehensive and highest rated CCNA course online with a 4.8 star rating from over 30,000 public reviews. I recommend this as your primary study source to learn all the topics on the exam.
Want to take your practice tests to the next level? AlphaPreps purpose-built Cisco test engine has the largest question bank, adaptive questions, and advanced reporting which tells you exactly when you are ready to pass the real exam. Click here for your free trial.