Laboratorio CCNA: Realizar y verificar tareas de configuración inicial de switch, incluyendo la gestión de acceso remoto.
Exam: 640-802
Exam Objective: Perform and verify initial switch configuration tasks including remote access managementContents
- Introduction
- Technology Background
- Lab Scenario
- Lab Objectives
- Lab Solution
Introduction
Like any IOS device, Cisco Switches allow some basic configuration for administrative ease and security etc. The commands are similar to those of a router but there are some basic differences due to the fact that Switch is a Layer 2 device.Technology Background
For the CCNA the following basic configuration on Cisco Switches should be known:
Hostname: This name identifies the switch. You see this name on the command prompt, on cdp neighbors etc. Every device should have a unique name for the basic fact that you would want to ensure that you are making changes to the correct device. The global configuration command hostname <name> can be used for this.
Enable password/secret: The privilege mode of IOS is the most powerful mode. This mode provides access to all the commands on the device along with access to the configuration mode. Access to this mode should be secured using a password to prevent unauthorized changes to the device. There are two methods to secure this access - enable password and enable secret. Password is the old method which configures a password which can be seen in clear text when the configuration is viewed. Secret is the new method which configured an encrypted password so that the password cannot be seen in the configuration. The command to configure enable password is enable password <password>. The command to configure the enable secret is enable secret <password>. Both of these commands are global configuration mode command.
Banner: Banner is a text message displayed to anyone who logins or tries to login to the device. The following type of banners can be configured:
- exec : This banner is displayed after login
- login : This banner is displayed before the username and/or password prompt
- motd : Message of The Day. This is displayed before the login banner.
banner login # Unauthorized Access Prohibited #
Description: This is a text which can be added to an interface so that the administrator can identify the connection when looking at the configuration. This can be done using the description <text> interface command
Remote Access Management: There are three basic ways to connect to a Switch to manage the device - console, vty (telnet) and auxillary. Console is a special interface on the device which can be connected to using a Rollover cable and a terminal emulator such as hyperterminal. You need to be physically close to the device to use the console port. To remotely manage the device either IP based telnet can be used or a modem can be attached to the auxillary port. All the three methods can be secure using a password or even allow unauthenticated access.
To do this the respective lines (console, vty and auxillary) need to be configured with password and login needs to be enabled on them. Example :
line vty 0 4
password cisco
login
It should be noted here that there are 5 telnet lines available in most IOS devices - 0 to 4. This means that only 5 simultaneous connections are allowed to the Switch at any time.
Since the switches are layer 2 devices, their interfaces cannot have IP address. Switches have VLAN. Each VLAN has a Switch Virtual Interface (SVI) which is a layer 3 logical interface having the same identification number as the VLAN. These interfaces can have IP address and hosts belonging to that VLAN can connect to the switch using this IP address. SVIs are configured as shown below:
Switch(config)#interface vlan 1
Switch(config-if)#ip address <address> <mask>
Lab Scenario
For this lab you will need 3 Cisco switches. Your task is to configure the following:
- Hostnames as shown in Figure 1.
- Encrypted password for secure access to the privilege mode
- A message asking unauthorized access to the device before the login prompt
- ‘switchlab' as password for telnet connections to the device
Figure 1
Lab Objectives
- Configure Hostname, enable secret and banner login on all devices
- Configure line vty 0 4 with password
- Configure Interface Vlan 1 with IP Address
Lab Solution
Let's configure the switches with hostname, enable secret and banner login:
Switch(config)#hostname SwitchA
SwitchA(config)#enable secret switchlab
SwitchA(config)#banner login # Unauthorized access to this device is prohibited #
Switch(config)#hostname SwitchB
SwitchB(config)#enable secret switchlab
SwitchB(config)#banner login # Unauthorized access to this device is prohibited #
Switch(config)#hostname SwitchC
SwitchC(config)#enable secret switchlab
SwitchC(config)#banner login # Unauthorized access to this device is prohibited #
The vty lines need to be configured with a password and to allow login:
SwitchA(config)#line vty 0 4
SwitchA(config-line)#password switchlab
SwitchA(config-line)#login
SwitchB(config)#line vty 0 4
SwitchB(config-line)#password switchlab
SwitchB(config-line)#login
SwitchC(config)#line vty 0 4
SwitchC(config-line)#password switchlab
SwitchC(config-line)#login
Finally the SVI needs to be configured with an IP Address to allow users in VLAN 1 to telnet to the switch:
SwitchA(config)#interface vlan 1
SwitchA(config-if)#ip address 192.168.1.1 255.255.255.0
SwitchA(config-if)#no shut
SwitchB(config)#interface vlan 1
SwitchB(config-if)#ip address 192.168.1.2 255.255.255.0
SwitchB(config-if)#no shut
SwitchC(config)#interface vlan 1
SwitchC(config-if)#ip address 192.168.1.3 255.255.255.0
SwitchC(config-if)#no shut
The configuration can be verified by initiating a telnet to the Switch. The output will be similar to the following:
Unauthorized access to this device is prohibited
User Access Verification
Password:
References:
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide - Administering the Switch
http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea5/configuration/guide/swadmin.html
No hay comentarios.:
Publicar un comentario