Switching Essentials

Abstract

In every introductory Cisco class we teach, we get students who are either puzzled about router essentials, or switching essentials, or both. This switching essentials white paper will give you the basics you need to make learning about switching a little easier when you sit in a course like ICND1, ICND2, CCNA Boot Camp, or BCMSN.

Sample

In this white paper, we will address the basics of this Layer 2 technology and help you get your switch up and running. For our examples, we will use Cisco's 2950 switch.

In the past, some switches, such as the Cisco 1900 series gave us the ability to configure the basics of switching using menus. I prefer to have more control over my switches, so I like the current switches that allow me to configure various components using the Cisco commands.

The same as a router, the switch allows us to configure some of the basic things using a setup script. This setup script is simply a yes/no interactive questionnaire that allows any novice to get the switch up and running. We will not be using the setup script for our discussion.

When we say "no" to the setup script, we're left in a basic mode (user EXEC mode, discussed in previous router white papers).

Switch>

At this mode, we don't have much power to do anything. In order to be able to configure anything, we need to be in privilege EXEC mode (a.k.a. enable mode) first. The command that takes us to the privilege exec mode is enable:

Switch>enable
Switch#

You may remember (from previous articles or papers about routers) that the user EXEC mode is also known as privilege level 1, and the enable mode is known as privilege level 15. At privilege level 15, since we're allowed to do basically anything we wish, it's important to be careful of the commands we type. You don't want to accidentally type commands like reload!

We can determine the mode we're in by the prompts we see, or we can type the command show privilege to see what our privilege level is.

One of the basic things to configure is the switch hostname. The command to do that is hostname followed by the name that we wish to assign to the switch:

Switch#configure terminal
Switch(config)#hostname AccessSwitch
AccessSwitch(config)#

Note that changing a switch's name is a global task, so in order to do that, we need to be in the global configuration mode. We used the configure terminal command to get there. Note, also, the change in the prompt. The prompt [Switch(config)#] tells us we're in global configuration mode, meaning that whatever we configure here will have a global impact. So, we have changed the switch's name to AccessSwitch.

Unlike a router, which is a Layer 3 device and has many interfaces that we put IP addresses on, the switch we are using here is a Layer 2 device that doesn't really need any IP addresses. The only reason to assign an IP address on the switch would be to manage it remotely using telnet or Secure Shell (SSH).

In fact, you could take a brand new 2950 switch out of the box, start plugging users into it, and the users would be able to communicate with each other and on the network (providing we haven't messed up the IP addresses on the PCs). Cisco's 2950 Catalyst switch assumes that all ports out of the box are part of one logical Layer 2 grouping called VLAN 1.

Let's say we want to be able to manage this switch - meaning we want to be able to ping this switch from remote systems, telnet to and from it, ping from it, and possibly access it via http or any other GUI management method. The IP address we are about to assign will be used as a destination IP if we are connecting to the switch remotely. If we are pinging from the switch, then this IP address will be the source address.

In a switch, the IP address is assigned to a management VLAN. A VLAN interface is a logical interface, unlike a router, which is a physical interface. The default management VLAN is VLAN 1. Let's configure this VLAN 1 with an IP address and ensure that remote systems can ping us:

AccessSwitch(config)#interface vlan 1
AccessSwitch(config-if)#ip address 10.1.1.100 255.255.255.0
AccessSwitch(config-if)#no shutdown
AccessSwitch(config-if)#exit
AccessSwitch(config)#ip default-gateway 10.1.1.1
AccessSwitch(config)#end
AccessSwitch#copy run start

What have we done here? First, we went to the interface configuration mode prompt for the interface we wanted to configure, VLAN 1, and then we assigned the IP address on it while we were in the interface configuration mode (IP address 10.1.1.100 with a subnet mask of 255.255.255.0). Then, we brought up the interface using the no shutdown command. Next, the exit command takes us one step back to the global configuration mode where we assigned a default gateway of 10.1.1.1 for all remote communications from this switch's IP network (10.1.1.0 subnetwork).

Now we can ping all local systems, and we can go to our default gateway (Layer 3 device - router) for all remote communications, providing that remote router has a route for those destinations.

Wait. we rushed and gave other administrators in our organization the IP address of our switch. They are able to ping us, but unfortunately the telnet is not working. That needs to be fixed. Stay tuned.