Configuring Cisco Catalyst 2960

On the test I will configure Cisco Catalyst WS-C2960-24TT-L with firmware 12.2(25)FX

Connect to the switch with a console cable.
From Windows, you can use the Putty program for this, from Linux you can use Minicom.

At the first connection, if questions are asked, we answer no.

Let’s go into configuration mode:

enable
configure terminal

Set the password to enable:

enable password PASSWORD

Enable password storage in encrypted form:

service password-encryption

If you need to cancel a command, type it again by adding no in front of it, for example:

no service password-encryption

Optionally, you can specify a name for the device:

hostname IXNFO

Set up the interface for managing the switch in a separate VLAN (I use 207), well, or in VLAN 1 if you have one switch and not a large network:

vlan 207
interface vlan 207
ip address 192.168.1.2 255.255.255.0
exit

If necessary, you can specify a gateway so that the switch can be seen from other networks (for example, on a network 192.168.1.0/24 it can be seen even without a gateway since it is assigned an IP address 192.168.1.2):

ip default-gateway 192.168.1.1

Configure 25 incoming Uplink port (vlan 207 for control with tag, and vlan 226 for users with tag too):

interface gigabitEthernet 0/1
switchport trunk allowed vlan 207,226
switchport mode trunk
no shutdown
exit

Specify vlan 226 without a tag for client ports:

interface range fastEthernet 0/1-24
switchport access vlan 226
switchport mode access
no shutdown
exit

Disable automatic port switching to access or trunk mode:

interface range fastEthernet 0/1-24
switchport nonegotiate
exit

Port 26 is also configured for clients:

interface gigabitEthernet 0/2
switchport access vlan 226
switchport mode access
no shutdown
exit

I also described how to configure ports in this article:
Configuring ports in Cisco switches

Configure an access-list with a list of IP addresses from which it will be allowed to control the switch:

ip access-list standard 11
permit 192.168.1.1
permit 192.168.1.50
exit

Set the password for logging in via telnet, specify the timeout of the session and specify the created access-list to allow only the IP addresses specified in it to be managed:

line vty 0 4
login
password PASSWORD
exec-timeout 5 0
access-class 11 in
exit
line vty 0 15
password PASSWORD
login
exec-timeout 5 0
access-class 11 in
exit

Configure SNMP (11 means access-list number, public – password for SNMP access, RO (read-only access)):

snmp-server community public RO 11

Set up the time synchronization with the NTP server and the update period in seconds:

ntp server 192.168.1.1 version 2 source vlan 207
ntp clock-period 36028811
ntp max-associations 1
service timestamps log datetime localtime

Optionally, you can disable the web interface:

no ip http server

Any of the commands will save the configuration:

copy running-config startup-config
write

An example of viewing the current configuration and saved:

show running-config
show running-config interface gigabitEthernet 0/1
show configuration

Leave a comment

Leave a Reply