Switching - Basic configurationIn this post I will show you some basic switch configuration commands. We will talk about the differences between hubs and switches and why networks evolved from hub-based to switch-based. You may probably know that switches and hubs use the Ethernet protocol. You know from a previous post that hubs use half-duplex connections and CSMA/CD technology. CSMA/CD (Carrier Sense Multiple Access with Collision Detection) is used where there are multiple devices communicating on the same channel. A device first listens if another device is already transmitting, if the channel is free, then the device starts transmitting. Switches were introduced because they separate collision domains, each port uses a point-to-point connection with another device. Switch connections use full-duplex communications, this means that both ends of communication can receive and send information at the same time. Because there are collision-free connections, the CSMA/CD is not used in switched networks.
Switch ports can use different speeds and in some switch types you can even configure what type of communicating channel is using (full/half duplex). If you want to configure a switch connection type, you can select one of the following options: full - select full-duplex connection, half - select half duplex connection and auto - the switch selects automatically what type of connection it will use. You already know that switch-to-switch connections usually use crossover cables. Some switches have the mdix auto function which can enable them to automatically use what type of cable is connected (it can be a straight-through and a crossover cable).
Switches use three types of communication messages, unicast, broadcast and multicast. You already know about these messages from a previous post. The functionality of a switch can be easily described. As the name says, a switch receives a message from a port and then chooses the exit port. Communications between switches are made using MAC addresses. Switches use mac address tables to keep in track of devices that communicate throughout a network. Upon startup, a switch will have it's mac table empty. When a message is received from a device, the switch adds it's MAC address in the mac address table. Because there are no other entries in the table, the switch floods the message on all ports, except the port that the message came through. The destination device will respond with a unicast replay message. The switch will add the mac address of the host. Remember that switches divide collision domains but do not segment broadcast domains. Only a layer 3 device such as a router can segment collision and broadcast domains. Each device in a switched network adds latency to the overall transfer process (each device must process data).
Based on the port speeds, a switched network can be either asymmetric or symmetric. If all ports in the network have the same speed, the network is a symmetric one, if the ports have different speed, then the network is called a asymmetric network.
I've told you that switches are mainly used to forward packets inside a network. There are two main forwarding mechanisms used: store-and forward switching and cut-through switching. In the store-and forward switching mechanism, a switch will wait until it receives the entire packet. It will then calculate the CRC and then it will compare this value with the frame's length. If everything is in order, the switch will forward the packet to the corresponding port. The cut-through switching method is a little faster because the switch will not wait for the entire packet to be received. Once it reads the destination address, the switch will start transmitting the packet. Switches store packets, for processing, using one of the following types of memory buffers:
port-based memory - each port has it's own dedicated memory used to store packets in queues.
shared memory - all switch ports share the same memory
When configuring a switch, we will use almost the same commands as with routers. There are four configuration modes: user mode, privileged more, global configuration mode and special configuration mode (the same as with routers). The following image will display something that we are already familiar with, how the prompt changes when you enter in different configuration modes:
Switches work with layer 2 addresses (MAC). You are probably wondering how you can remote configure a switch? Well, on a Cisco switch you can configure a management interface from which you can configure the device. To configure the management interface, enter the following commands:
We will discuss about VLANs in a future article, for now I've just showed you how to configure the management interface. In order to forward packets outside the network for remote configurations, you will have to configure the default gateway. To do this, simply enter the ip default-gateway [ip] command from the global configuration mode:
You can also configure a switch for remote administration, by enabling the http service (not all switches have this feature enabled). To enable this service, type the ip http server command from the global configuration mode. There are two ways you can remote connect to a switch:
telnet - by using this method, all commands will be sent across the network in clear text. To configure telnet, use the transport input telnet command from the VTY line configuration mode:
ssh - sends all information encrypted across the network. To configure ssh use the following commands:
First you will have to create a domain name then you'll generate a rsa key, set the ssh version and then set the ssh input method from the vty line configuration mode.
Cisco devices have the ability to remember a command history. This practically means that a switch can record all commands that were entered in a session. You can configure the history size by using the terminal history size [number] command. To display the commands that you've entered, type show history:
The basic configuration commands are the same as with routers. Here is an example of a basic switch configuration:
This is what I usually configure: clock, hostname, banner, secret password, disable the IP Domain Name System hostname translation, secure the vty and console lines, encrypt everything, enable cdp, create a username and password. To verify your configuration use the show running-config command:
To save your configuration use the copy running-config startup-config command or simply wr:
To view the router's mac address table use the show mac-address-table command. We will use this command a lot in the following articles.
We have already used these commands in previous articles. Now we will talk about some distinct switch commands. I've told you in the last post that the access switches are used for connecting end devices to the network. Switches have some security measures in order to secure ports from unauthorized access. To secure a port, you will first have to set it in the access mode, to do this enter switchport mode access. By using this command, you are telling the switch that the port will be used for connecting devices to the network. Then, by using the switchport port-security, you can enable different port security features:
By using the sticky method, the switch will learn MAC addresses as they are received by the device. You can set the maximum address number to be stored and the violation method. There are three violation methods: protect, restrict and shutdown. Use the show port-security command to see the configured security rules.
I think this is about all for this post. Please add a comment for every question that you have or if you just want to add something else. Have a nice day and enjoy IT training day.