CCNA Switching, Routing, and Wireless Essentials: Basic Device Configuration

Basic Device Configuration Introduction

Purpose of Module: This module, the first in CCNA Switching, Routing, and Wireless Essentials, addresses the need for detailed control over network devices beyond their built-in configurations. Just as a model train enthusiast reconfigures a simple oval track into a complex figure-eight with independent trains, network administrators must precisely configure switches and routers to achieve desired network functionality.
Skills Development: The module incorporates numerous Syntax Checker and Packet Tracer activities to help students develop practical configuration skills.
Module Objective: The primary objective is to configure devices using security best practices.

Configure a Switch with Initial Settings

Switch Boot Sequence

Before a switch can be configured, it must be powered on and complete a five-step boot sequence:

Power-On Self-Test (POST) Loading: The switch first loads the POST program, which is stored in ROM. This program checks the CPU subsystem, including the CPU, DRAM, and the portion of the flash device that constitutes the flash file system.
Boot Loader Software Loading: After POST completes successfully, the switch loads the boot loader software, a small program also stored in ROM.
Low-Level CPU Initialization: The boot loader then performs low-level CPU initialization, configuring CPU registers that control physical memory mapping, memory quantity, and speed.
Flash File System Initialization: The boot loader initializes the flash file system located on the system board.
IOS Loading and Control Transfer: Finally, the boot loader locates and loads a default IOS (Internetwork Operating System) software image into memory and transfers control of the switch to the IOS.

The `boot system` Command

Automatic Boot Process: The switch attempts to boot automatically by using information stored in the BOOT environment variable. If this variable is not set, the switch will try to load and execute the first executable file it can find.
IOS Image Location: On Catalyst $2960$ Series switches, the IOS image file is typically located in a directory that has the same name as the image file (excluding the .bin file extension).
Startup Configuration: The IOS operating system initializes interfaces using the Cisco IOS commands found in the startup-config file. This file is named config.text and is stored in flash memory.
Setting the BOOT Variable: The boot system global configuration mode command is used to set the BOOT environment variable, specifically directing the switch to the location of the IOS image, often in a distinct folder with its path specified.
Verification: To view the currently configured IOS boot file, use the show boot command.

Switch LED Indicators

Cisco Catalyst switches feature various status LED indicator lights that allow for quick monitoring of switch activity and performance. The specific LEDs and their placement can vary depending on the switch model and feature set.

Mode Button (usually labeled with a number, e.g., $7$ on a Cisco Catalyst $2960$ ): This button is used to toggle through various modes for the port LEDs, including Port Status, Port Duplex, Port Speed, and, if supported, Power over Ethernet (PoE) Status.
System LED:
- Off: The system is not powered on.
- Green: The system is operating normally.
- Amber: The system is receiving power but is not functioning properly.
Redundant Power System (RPS) LED:
- Off: The RPS is off or not properly connected.
- Green: The RPS is connected and ready to provide backup power.
- Blinking Green: The RPS is connected but is currently unavailable because it is providing power to another device.
- Amber: The RPS is in standby mode or a fault condition.
- Blinking Amber: The internal power supply in the switch has failed, and the RPS is currently providing power.
Port Status LED (Default Mode - green when selected): The individual port LEDs display different colors with specific meanings.
- Off: No link is present, or the port has been administratively shut down.
- Green: A link is present.
- Blinking Green: There is network activity; the port is sending or receiving data.
- Alternating Green-Amber: Indicates a link fault.
- Amber: The port is blocked (e.g., by Spanning Tree Protocol) to prevent network loops and is not forwarding data. Ports typically remain in this state for the first $30$ seconds after activation.
- Blinking Amber: The port is blocked to prevent a possible loop in the forwarding domain.
Port Duplex LED (Green when selected):
- Off: The port is operating in half-duplex mode.
- Green: The port is operating in full-duplex mode.
Port Speed LED (Displays colors when selected):
- Off: The port is operating at $10 ext{ Mbps}$ .
- Green: The port is operating at $100 ext{ Mbps}$ .
- Blinking Green: The port is operating at $1000 ext{ Mbps}$ .
Power over Ethernet (PoE) Mode LED (If PoE is supported):
- Off: PoE mode is not selected, and no ports have been denied power or are in a fault condition.
- Blinking Amber: PoE mode is not selected, but at least one port has been denied power or has a PoE fault.
- Green (when PoE mode is selected): Port LEDs display specific PoE status:
  - Off: PoE is off for that port.
  - Green: PoE is on for that port.
  - Alternating Green-Amber: PoE is denied because providing power to the connected powered device would exceed the switch's overall power capacity.
  - Blinking Amber: PoE is off due to a fault condition on the port.
  - Amber: PoE for the port has been explicitly disabled.

Recovering from a System Crash

The boot loader provides critical access to the switch if the operating system cannot be used due to missing or damaged system files. It offers a command-line interface to access files stored in flash memory.

Steps to Access the Boot Loader:

Connect a PC to the switch's console port using a console cable. Configure terminal emulation software on the PC to connect to the switch.
Unplug the switch's power cord.
Reconnect the power cord. Within $15$ seconds, press and hold down the Mode button while the System LED is still flashing green.
Continue pressing the Mode button until the System LED briefly turns amber and then becomes solid green. Release the Mode button.
The switch: prompt (boot loader prompt) will appear in the PC's terminal emulation software.

Boot Loader Commands and Usage:

Type help or ? at the switch: prompt to view a list of available commands.
To view the current path of the switch's BOOT environment variable, type the set command.
Initialize the flash file system using the flash_init command.
After flash initialization, use dir flash: to view directories and files in flash memory.
To change the BOOT environment variable path to load a new IOS, use the BOOT=flash: <IOS_FOLDER_NAME>/<IOS_FILENAME.bin> command. (The transcript implies BOOT=flash can be used as a basic example, but a full path is typically required).
Verify the new BOOT environment variable path by issuing the set command again.
To load the new IOS, type the boot command without any arguments.
The boot loader supports various functions: initializing and formatting flash, installing a new IOS, changing the BOOT environment variable, and recovering lost or forgotten passwords.

Switch Management Access

For remote management, a switch requires a Switch Virtual Interface (SVI). This is a logical, not physical, interface configured with an IPv4 address and subnet mask, or an IPv6 address and prefix length. Crucially, if the switch is to be managed remotely from a different network, it must also be configured with a default gateway, similar to how host devices are configured for IP addresses.

Switch SVI Configuration Example

By default, switches are configured for management through VLAN $1$ , with all ports assigned to it. However, for security best practices, it's recommended to use a VLAN other than VLAN $1$ for management (e.g., VLAN $99$ ).

Configuration Steps:

Configure the Management Interface:
- Enter global configuration mode (config t).
- Enter interface configuration mode for the SVI: interface vlan 99.
- Assign an IPv4 address and subnet mask: ip address 172.17.99.11 255.255.255.0.
- Assign an IPv6 address and prefix length: ipv6 address 2001:db8:acad:99::1/64.
- Activate the SVI: no shutdown.
- Note: The SVI for VLAN $99$ will only show as