M1

Module 1: Basic Device Configuration

Overview

Focuses on Switching, Routing, and Wireless Essentials (SRWE) v7.0.

Module Objectives

Objective: Configure devices using security best practices.
- 1.1 Configure a Switch with Initial Settings
- 1.2 Configure Switch Ports
- 1.3 Secure Remote Access
- 1.4 Basic Router Configuration
- 1.5 Verify Directly Connected Networks

1.1 Configure a Switch with Initial Settings

Switch Boot Sequence

Five-step boot sequence after powering on a switch:
1. Loads POST (Power-On Self-Test) from ROM to check the CPU subsystem (CPU, RAM, and flash).
2. Loads the boot loader software from ROM post-POST completion.
3. Initializes CPU registers and memory mapping/quantity.
4. Initializes the flash file system on the system board.
5. Locates and loads the default IOS operating system.

The Boot System Command

Switch resumes automatically using the BOOT environment variable.
If variable is not set, first executable file is loaded.
IOS will initialize interfaces using the startup-config file located in flash.
Command:
- show boot to check current IOS boot file.
- Example IOS file: c2960-lanbasek9-mz.150-2.SE.bin

Switch Management Access

Configure IP address and subnet mask for remote management.
Use Switch Virtual Interface (SVI) (not a physical port).
Default gateway configuration allows communication with non-directly connected networks.

Setting Up Default Gateway

Required for communication with networks beyond the switch.
Example configuration:
- ip address 192.168.10.5 255.255.255.0
- ip default-gateway 192.168.10.1

SVI Configuration Best Practices

Change default management VLAN (VLAN1) to a different VLAN for security reasons.
Use appropriate commands to configure the SVI, e.g.:
- interface vlan 99
- ip address 172.17.99.11 255.255.255.0
- no shutdown

1.2 Configure Switch Ports

Duplex Communication

Full-duplex: Both ends can send/receive simultaneously, no collisions.
Half-duplex: Unidirectional data flow; results in collisions, performance issues.
Gigabit Ethernet: Requires full-duplex mode for operation.

Physical Layer Configurations

Switch ports can be manually set for duplex and speed settings (default is auto).
Auto-negotiation useful in dynamic environments, manual configuration for known devices.
Important to match settings to avoid connectivity issues.

Commands for Duplex and Speed Settings

Configure interface:
- Enter interface FastEthernet 0/1
- Set duplex full
- Set speed 100

Auto-MDIX

Automatically detects cable type required for connection (straight-through or crossover).
Enable by mdix auto command; requires speed and duplex set to auto.

1.3 Secure Remote Access

Telnet vs. SSH

Telnet: Uses TCP port 23, insecure, plaintext transmission.
SSH: Uses TCP port 22, secure, data encrypted during transmission.

Enabling SSH

Ensure IOS supports encryption features with show version command.
Use show ip ssh to confirm SSH version and configurations.

SSH Operational Verification

Use SSH client (e.g., PuTTY) to connect from PC to switch SVI IP address.
Proper user authentication required (username, password).

1.4 Basic Router Configuration

Initial Configuration Steps

Similar command structures between routers and switches.
Basic tasks include naming the device, setting passwords, etc.

Interface Configuration

Interfaces require IP configuration and activation (use no shutdown).
Useful for testing internal routing processes; configurable loopback interfaces.

1.5 Verify Directly Connected Networks

Verification Commands

Use show ip interface brief to check summary and status of interfaces.
Use show running-config interface for interface command displays.
Routing table displayed using show ip route. Relevant codes: ‘C’ for connected.

Status Verification

Ensures interfaces are operational (both status and protocol should be "up").
Link-local addresses automatically assigned for IPv6 interfaces.

Module Summary

Configured settings and secured access essential for efficient network operation.