Cisco Switch details required to troubleshoot PPT.pptx

GurdarshanSingh45 27 views 60 slides Jun 26, 2024
Slide 1
Slide 1 of 60
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24
Slide 25
25
Slide 26
26
Slide 27
27
Slide 28
28
Slide 29
29
Slide 30
30
Slide 31
31
Slide 32
32
Slide 33
33
Slide 34
34
Slide 35
35
Slide 36
36
Slide 37
37
Slide 38
38
Slide 39
39
Slide 40
40
Slide 41
41
Slide 42
42
Slide 43
43
Slide 44
44
Slide 45
45
Slide 46
46
Slide 47
47
Slide 48
48
Slide 49
49
Slide 50
50
Slide 51
51
Slide 52
52
Slide 53
53
Slide 54
54
Slide 55
55
Slide 56
56
Slide 57
57
Slide 58
58
Slide 59
59
Slide 60
60

About This Presentation

Detailas

Size: 5.12 MB
Language: en
Added: Jun 26, 2024
Slides: 60 pages

Slide Content

Cisco Switch Configuration document

Accessing Cisco Switch First Time with Console Basic Configuration Enable SSH Managing MAC address table Troubleshoot Err-disable recovery CDP (Cisco Discover Protocol) VLAN 8.a Extended VLAN 9. Switchport Mode Access or Trunk 10. Create or Delete VLAN 11. Switchport Configuration Access or Trunk 12. VTP (Virtual Trunk Protocol) 12.a VTP (Virtual Trunk Protocol) Ver3 12.b VTP Pruning 13. Native VLAN 14. Verify Interfaces Status 15. NTP Configuration 16. SNMP Configuration 17. IP & Gateway Configuration 18. Spanning Tree Protocol 18.a Spanning Tree Protocol Modification 18.b STP Enhancements ( PortFast , BPDUguard , BPDUfilter,rootguard , loopgyard ) 19. MST 20. SPAN (Switch port Analyzer) 21. RSPAN (Remote Switch port Analyzer) 22. Speed & Duplex 23. Manually Disable/Enable Interface 24. Ether Channel Configuration 24.a LACP 24.b PAgP 25. Ether-Channel misconfiguration guard 27. DHCP Snooping 28. IP Source Guard 28. Dynamic ARP Inspection (DAI) 29. Port Security 31. Strom Control 32. HSRP/VRRP Configuration 33. Backup & Restore Configuration

Accessing Cisco Switch First Time with Console Connect a console terminal to the console interface of your supervisor engine.

Accessing Cisco Switch First Time with Console After a few seconds, you see the user EXEC prompt ( Switch>). Now, you may want to enter privileged EXEC mode, also known as enable mode. Type enable to enter enable mode: Switch> enable

Basic Configuration Go to Config Mode Set username and password Set Enable Password Set Hostname

Enable SSH Set IP Domain Name for SSH key Enable SSH in vty Generate RSA key

Managing MAC address table The MAC address table contains address information that the switch uses to forward traffic between ports Dynamic address : A source MAC address that the switch learns and then remove when it is not in use . Clear Dynamic MAC address

Delete Static MAC address switch#  show mac-address-table static Configure Static MAC address Managing MAC address table

switch#   show mac-address-table aging-time switch#  show mac-address-table interface Aging Time : The  seconds  range is from 0 to 1000000. The value 0 disables the MAC aging. Managing MAC address table

Error Disable Recovery is the act of a switch detecting an error condition and then automatically turns the err-disabled interface back on after a default time. You can specify reasons for an interface to become re-enabled. When a port goes into err-disabled it will shut down and stop sending and receiving traffic. Some of the causes for err-disable : Troubleshoot Err-disable recovery Bad cable Bad network interface card Port duplex mismatch Port channel misconfiguration BPDU guard violation UDLD condition Late-collision detection Link-flap detection Security violation Security violation PAgP flap L2TP guard DHCP snooping rate-limit Incorrect GBIC/SFP module or cable ARP Inspection Inline power

Show the current setting of Err-Disable Display the Err-Disable reason Display any interface currently in Err-Disable State To automatically recover err-disabled port time in Sec To enable Auto recovery cause Troubleshoot Err-disable recovery

Disable err-disabled cause To manually enabled a err-disabled port Shutdown the port and issue a no shut Troubleshoot Err-disable recovery

CDP (Cisco Discover Protocol) CDP runs on Cisco devices to learn about directly connected devices. It runs on Layer 2 and sends to multicast address 01:00:0C:CC:CC:CC . Embedded within CDP advertisements are TLVs, or type-length-value. The advertisements contain time-to-live information and are sent every 60 seconds .   Additional information is inside an advertisement: Cisco IOS Version, Hardware platform, IP addresses of interfaces, Active interfaces, Hostname, Duplex setting, VTP domain, Native VLAN Enable CDP Disable CDP Globally and Enabled on Interface

Display Information About Specific Neighbor CDP (Cisco Discover Protocol)

VLAN A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2). LAN is an abbreviation for local area network. To subdivide a network into virtual LANs, one configures network equipment.

Extended VLAN Extended VLANs are VLANs within the range of 1006 to 4094. They are mainly used in service provider networks to allow the provisioning of number of customers. Extended VLANs must be configured on Switches that are in VTP Transparent mode only. Extended VLANs must be configured on Switches that are in VTP Transparent mode only. Extended VLANs are saved in the configuration file Create Extended VLAN Verify created Extended VLAN

Switchport Mode Access or Trunk Access Port Trunk Port An access port can have only one VLAN configured on the interface; it can carry traffic for only one VLAN. A trunk port can have two or more VLANs configured on the interface; it can carry traffic for several VLANs simultaneously.

Create or Delete VLAN Create VLAN Verify created VLAN Delete VLAN

Switchport Configuration Access or Trunk Access Port Trunk Port & allowed VLAN Interface Description Exit & Save Configuration

Server Client Transparent VTP (Virtual Trunk Protocol) VTP allow to configure a switch so that it will propagate VLAN configuration to other switches in the network. VTP Modes Creates, modify ,deletes VLANS Sends and Forward Advertisements Synchronize VLANS configuration Save configuration in NVRAM Cannot create, change OR delete VLANS Forward Advertisements Synchronize VLAN configuration Does not save in NVRAM Creates, modify ,deletes VLANS Locally only Forward advertisement Does not Synchronize VLAN configuration Save configuration in NVRAM

VTP Server Configuration VTP Transparent Configuration VTP Client Configuration VTP (Virtual Trunk Protocol)

Verify VTP Verify created VLAN on Client Switch Created VLAN on Server switch VTP (Virtual Trunk Protocol)

VTP (Virtual Trunk Protocol) Ver3 VTP is a more stable and secure. Extended VLANS are supported in only in VTP version 3. VTPv3 splits the server role in two group – Primary and Secondary server. Authentication improvements:  VTPv3 has more secure methods for authentication RSPAN VLANs:  remote SPAN VLANs can now be synchronized MST Support : With VTPv3, MST configurations are synchronized VTP Ver3 Configuration

Verify VTP Ver3 VTP (Virtual Trunk Protocol) Ver3

VTP Pruning VTP Pruning makes more efficient use of trunk bandwidth by reducing unnecessary flooded traffic. Broadcast and unknown unicast frames on a VLAN are forwarded over a link only if the switch on receiving end of the trunk has ports in that VLAN. By Default Disabled. Configure VTP Pruning manually specify which VLANs are pruning eligible on a trunk

Native VLAN The native VLAN determines the VLAN that untagged traffic belongs to. By default on all Trunking ports, the native VLAN is VLAN 1. The native VLAN can be changed on a per trunk port basis. Configure native VLAN Verify native VLAN

Verify Interfaces Status Interfaces Status Interface Details

NTP Configuration NTP Configuration Verify NTP Configuration

SNMP Configuration SNMP Configuration Verify SNMP Configuration

IP & Gateway Configuration Interface IP Configuration (Only for Layer3 Switch) VLAN IP Configuration IP Gateway Configuration

Spanning Tree Protocol Spanning Tree Protocol (STP) is a Layer 2 protocol that runs on bridges and switches. The specification for STP is IEEE 802.1D. The main purpose of STP is to ensure that you do not create loops when you have redundant paths in your network. Loops are deadly to a network. By Spanning Tree Protocol is enabled in Cisco Switches.

Spanning Tree Protocol All decisions in STP are made from the perspective of Root Bridge . Switch with the lowest switch ID is selected as Root Bridge . BPDU contains Switch ID . Switch ID is made from priority of the switch and MAC address of switch itself. Default priority is set to 32768. Switch with the lowest MAC address will be selected as the root switch, if you don’t change the default priority value. You can override root selection process by changing the priority value. If you want one switch to be Root Bridge, change its priority value to less than 32768. Root Bridge Root Port Designated Port Root port is a port that is directly connected with the Root Bridge, or has the shortest path to the Root Bridge. Shortest path is path that has lowest path cost value. Remember that switch can go through many other switches to get the root. So it’s not always the shortest path but it is the fastest path that will be used. Designated port is the port that is selected as having the lowest port cost. Designated port would be marked as forwarding port. Blocking Port Blocking port remains disable to remove loops.

Spanning Tree Protocol Modification Manual Root-Bridge Selection Change STP Priority Change Root Path Cost

STP Enhancements Port Fast Excludes ports which are not connected to bridges or switches. Reduces the STP data size. Ports do not go through blocking, listening, learning and forwarding phases, but go straight to forwarding.

BPDU Guard Shuts down the port when it receives a BPDU, and goes into an error disable state STP Enhancements

STP Enhancements BPDU Filter Filters BPDU packets on a port of a switch. If it receives more than 10 BPDU packets is disables Port Fast, and returns to normal

STP Enhancements Root Guard interface is placed into “root inconsistent” mode if superior BPDU is detected. Root guard Configuration Verify Root guard Configuration

STP Enhancements Loop Guard bridging loop happens when an STP blocking port in a redundant topology erroneously transitions to the forwarding state . Because SW3 is not receiving anymore BPDUs on its alternate port it will go into forwarding mode. We now have a  one way loop  as indicated by the green arrow When a switch is sending but not receiving BPDUs on the interface, LoopGuard will place the interface in the  loop-inconsistent state  and block all traffic

Loop guard Configuration what will happen when BPDU not received STP Enhancements

Multiple Spanning Tree (MST) are used to provide rapid convergence of the spanning-tree protocol. MSTP is used to group VLANs into a single spanning-tree instance. It allows multiple instances of STP, and reduce overhead time for PVST. MST defines regions, and each switch has the same region name, the same revision number and the same VLAN table content. MST

SPAN (Switch port Analyzer) A SPAN port mirrors traffic to another port where a monitoring device is connected. Source and destination on the same switch or switch stack. SPAN Configuration

Verify SPAN SPAN (Switch port Analyzer)

RSPAN (Remote Switch port Analyzer) Remote SPAN (RSPAN) allows the SPAN source and destination to exist on different switches. This involves configuring a RSPAN VLAN – the mirrored traffic will be carried across this VLAN from switch to switch. RSPAN Configuration

Speed & Duplex Change Interface Speed Manually Change Interface Duplex Manually

Manually Disable/Enable Interface Disable/shutdown Enable/no shutdown

Ether Channel Configuration Configure Ether Channel Verify Ether Channel

Link Aggregation Control Protocol (LACP) LACP can be configured in either  Passive or Active mode . In active mode, the port actively tries to bring up LACP. In passive mode, it does not initiate the negotiation of LACP. Configure LACP Verify LACP

Port Aggregation Protocol ( PAgP ) PAgP protocol data units (PDUs) are sent and received on the lowest numbered VLAN of the trunk link. Auto  – This is the passive negotiating state which responds to PAgP packets. Desirable  – Places interface into an active negotiating state. Configure PAgP Verify PAgP

Ether-Channel misconfiguration guard Ether-Channel Guard is a way of finding out if one end of the Ether-Channel is not configured properly. When there is a misconfiguration found, the switch will place the interfaces in error-disabled state and an error will be displayed. Enable Ether-Channel Guard Verify Ether-Channel Guard

DHCP Snooping DHCP snooping is a security feature that acts like a firewall between untrusted hosts and trusted DHCP servers. Validates DHCP messages received from untrusted sources and filters out invalid messages Rate-limits DHCP traffic from trusted and untrusted sources DHCP snooping is enabled on a per-VLAN basis If untrusted port exceed the limit interface sent to err-disable

Configure DHCP Snooping Verify DHCP Snooping DHCP Snooping

IP Source Guard IPSG uses the DHCP Snooping database, or static IP binding entries, to dynamically create ACLs on a per-port basis. Any traffic which doesn’t match the binding entries is dropped in hardware. However, the port won’t go into the err-disable state – it won’t even display a violation message at the console. IPSG is supported on layer two ports and cannot be used on layer 3 ports or SVIs. Configuring IPSG   V erify IPSG

 In order to use the MAC address check , first enable port security on access interface fa0/24   Verify IPSG with MAC-Add IPSP static bindings   Verify Static IPSG IP Source Guard

Dynamic ARP Inspection (DAI) DAI is used to prevent ARP poisoning attacks. These attacks, commonly known as Man-in-the-Middle (MITM) attacks. When the switch receives an ARP packet on an untrusted port, it compares the IP-to-MAC address binding with entries from the DHCP Snooping database or ARP access-lists. If there is no match, the ARP packet is dropped. DAI only inspects ARP packets from untrusted ports Enable DAI To create a manual MAC-to-IP database for DAI Trusted interface doesn’t inspected for DAI

Port Security Enable Port security on interface Maximum number of secure MAC addresses for the interface Sets the violation mode, the action to be taken when a security violation is detected Port Security aging Statically map the allowed MAC addresses on interface To view Port Security

Strom Control Enable Storm Control Verify Storm control Prevent Large number of broad/unicast/multicast packets receives on port. Can be turn off or send trap if limit exceed on port.

HSRP/VRRP Configuration Configure HSRP on Switch-01 Verification of HSRP on Switch-01 Configure HSRP on Switch-02 Verification of HSRP on Switch-01

Backup & Restore Configuration Backup Restore Show running Backup Take output of “#show running-config” command

Switch configuration checklist and HA document

Thanks
Tags
Categories
Technology Design
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 27
  • Slides 60
  • Age 523 days
Related Slideshows
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx 11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx 10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
44 views
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx 13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx 11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
Know for Certain 21
Know for Certain
DaveSinNM
19 views
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx 17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views
View More in This Category