On the test I will configure Cisco Catalyst WS-C2960-24TT-L with firmware 12.2(25)FX
Connect to the switch with a console cable.
From Windows, you can use the Putty program for this, from Linux you can use Minicom.
At the first connection, if questions are asked, we answer no.
Let’s go into configuration mode:
enable configure terminal
Set the password to enable:
enable password PASSWORD
Enable password storage in encrypted form:
service password-encryption
If you need to cancel a command, type it again by adding no in front of it, for example:
no service password-encryption
Optionally, you can specify a name for the device:
hostname IXNFO
Set up the interface for managing the switch in a separate VLAN (I use 207), well, or in VLAN 1 if you have one switch and not a large network:
vlan 207 interface vlan 207 ip address 192.168.1.2 255.255.255.0 exit
If necessary, you can specify a gateway so that the switch can be seen from other networks (for example, on a network 192.168.1.0/24 it can be seen even without a gateway since it is assigned an IP address 192.168.1.2):
ip default-gateway 192.168.1.1
Configure 25 incoming Uplink port (vlan 207 for control with tag, and vlan 226 for users with tag too):
interface gigabitEthernet 0/1 switchport trunk allowed vlan 207,226 switchport mode trunk no shutdown exit
Specify vlan 226 without a tag for client ports:
interface range fastEthernet 0/1-24 switchport access vlan 226 switchport mode access no shutdown exit
Disable automatic port switching to access or trunk mode:
interface range fastEthernet 0/1-24 switchport nonegotiate exit
Port 26 is also configured for clients:
interface gigabitEthernet 0/2 switchport access vlan 226 switchport mode access no shutdown exit
I also described how to configure ports in this article:
Configuring ports in Cisco switches
Configure an access-list with a list of IP addresses from which it will be allowed to control the switch:
ip access-list standard 11 permit 192.168.1.1 permit 192.168.1.50 exit
Set the password for logging in via telnet, specify the timeout of the session and specify the created access-list to allow only the IP addresses specified in it to be managed:
line vty 0 4 login password PASSWORD exec-timeout 5 0 access-class 11 in exit line vty 0 15 password PASSWORD login exec-timeout 5 0 access-class 11 in exit
Configure SNMP (11 means access-list number, public – password for SNMP access, RO (read-only access)):
snmp-server community public RO 11
Set up the time synchronization with the NTP server and the update period in seconds:
ntp server 192.168.1.1 version 2 source vlan 207 ntp clock-period 36028811 ntp max-associations 1 service timestamps log datetime localtime
Optionally, you can disable the web interface:
no ip http server
Any of the commands will save the configuration:
copy running-config startup-config write
An example of viewing the current configuration and saved:
show running-config show running-config interface gigabitEthernet 0/1 show configuration