Cisco IOS 6 - Initial Switch Configuration

This part of the Cisco IOS series is just a list of basic features that I think are good to set up on a new switch. Most of the features have been covered in previous episodes, so they are only briefly listed here.

displayed: 98 717x (98 110 CZ, 607 EN) | Comments [8]

Start of Configuration

We connect the switch to the power supply.

We connect via a serial cable to the console port.

If there is no startup-config on the switch, the express setup wizard will start, which is better to disable and set everything under supervision.

On a clean switch, there are no passwords, so we can immediately access the configuration.

SWITCH>enable                         // switch to privileged mode
SWITCH#configure terminal             // switch to global configuration
SWITCH(config)#hostname DS1-3750      // set the switch name

Time Setting

We set the correct time (for logs, etc.), we can do this manually

SWITCH#clock set 16:26:00 29 nov 2006    // set the time

or better automatically using an NTP server, for this configuration there are a number of commands, but the main one is this

SWITCH(config)#ntp server 10.0.0.50      // specify the NTP server

It is also necessary to set the correct time zone

SWITCH(config)#clock timezone GMT 1      // set the time zone

Time for Logs and Debug

By default, time data for logs and debug are displayed as the time since the switch started, which is usually not convenient, so it is better to switch the display to normal time and date.

SWITCH(config)#service timestamps debug datetime
SWITCH(config)#service timestamps log datetime

Setting Passwords for Access to Privileged Mode

SWITCH(config)#enable secret c \t\t\t// password (here c) stored using MD5 hash

Setting the Switch IP Address (for VLAN 1)

For more convenient switch management, we will probably want to access it via IP (whether via web, telnet, or SSH), so it is necessary to set its IP address. In the optimal case, we create VLANs, set trunks and ports, and set the switch's IP address in the management VLAN. In the simpler case, where we do not use VLANs or for initial setup, we use the default VLAN 1, to which all ports belong.

SWITCH(config)#interface vlan 1                            // switch to VLAN1 interface configuration
SWITCH(config-if)#ip address 192.168.190.2 255.255.255.0   // set the IP address and subnet
SWITCH(config-if)#no shutdown                              // enable the interface

If we want to access the switch from another subnet, we need to set the gateway address (so it knows where to send responses).

SWITCH(config)#ip default-gateway 192.168.190.1            // gateway address

Setting Access via Telnet, SSH, SNMP

Following the previous step, we enable access via telnet or SSH and, if we use it, set up SNMP. This was described in the article Cisco IOS 5 - communication with a switch.

Disabling Unused Services

From a security perspective, it is good to disable various services that run by default on the switch but we do not want to use. These services may include HTTP (web server), CDP (Cisco Discovery Protocol), VTP (VLAN Trunking Protocol), and others. More about services on the switch sometime next time.

Finally - Saving the Configuration

Again, I repeat an important warning. At the end of the configuration, it is necessary to save the changes made to the startup configuration so that we do not lose them upon restart.

SWITCH#copy running-config startup-config   // save
Destination filename [startup-config]?      // prompt for name, press ENTER
Building configuration...
[OK]

Related articles:

A large series about the operating system of Cisco's active elements. It contains some of the most read articles on this site. The articles describe the configuration of switches and routers, primarily with Cisco IOS. Things about ports, VLANs, STP, ACLs, QoS, etc.

Comments

[1] Muf

Diky za super serial nejen o IOS. Ukladani konfigurace je mozen i prikazem wri
Mam jeden dotaz. Jak se vypina http sluzba v konfiguraci?
Diky a jen tak dal!!! :-)
- comment responded to by [2]Samuraj
Thursday, 15.11.2007 14:34 | answer
[2] Samuraj

respond to [1]Muf: Díky :-).
HTTP služba (tedy webové rozhraní na switchi) se dá vypnout pomocí příkazu
SWITCH(config)#no ip http server

Thursday, 15.11.2007 15:08 | answer
[3] kuda

jj, taky diky, obcas zabrousim ohledne nakyho infa o sitich, je to tu vyborne popsany, takze se to necha pekne pochopit! pohodovej den!

Saturday, 23.02.2008 23:45 | answer
[4] Karel

Ahoj
jsem uplna lama co se týč cisca... tvé články jsou perfektní! bez toho bych se nikam nedostal. no konfiguruji si svuj prvni catalyst 2950 a potřebuji se přihlašovat přes telnet nebo ssh. ale nějak se mě to nedaří. ssh jse mě nepodařilo nakonf, vůbec, tady to začalo protestovat )#ip ssh time-out 60 do te doby dobre. a přes telnet se to nastavilo bez zadrhele ale když to spustim přes putty, spustím a požádá mě to o heslo nastavil jsem si tam na zkoušku heslo jedno písmeno a to pismeno c. Proběhne přihlášení a svítí namě nově nastavený hostname.když zadam enable tak mě to napíše No password set! co mám špatně? dík moc

Monday, 07.03.2011 21:24 | answer
[5] Pavel

musíš nastavit heslo pro přihlášení ke konzoli viz kap.5
SWITCH(config)#line vty 0 1 // konfiguruji telnetová spojení s ID 0 až 1
SWITCH(config-line)#password c // heslo (zde c) pro přístup přes telnet

Tuesday, 16.04.2013 08:56 | answer
[6] Petr

Cisco routery mají jinou správu vlan než Cisco switche? V configure terminal tam nelze zadat to "interface vlan"... Díky :)

Monday, 15.12.2014 11:50 | answer
[7] ratata

<script>alert("ahoj samuraj")</script>

Monday, 01.06.2015 22:16 | answer
[8] Bílos

;-);-);-);-);-)Chlapi dikec, se spoluzakem jste nam timto clankem moc pomohli. takže 3IT z SPSSOU Pelhřimov vám moc děkuje.;-)

Tuesday, 28.03.2023 12:20 | answer