On the test I will configure Cisco Catalyst WS-C2960-24TT-L with firmware 12.2(25)FX
Connect to the switch with a console cable.
From Windows, you can use the Putty program for this, from Linux you can use Minicom.
At the first connection, if questions are asked, we answer no.
Let’s go into configuration mode:
enable
configure terminal
Set the password to enable:
enable password PASSWORD
Enable password storage in encrypted form:
service password-encryption
If you need to cancel a command, type it again by adding no in front of it, for example:
no service password-encryption
Optionally, you can specify a name for the device:
hostname IXNFO
Set up the interface for managing the switch in a separate VLAN (I use 207), well, or in VLAN 1 if you have one switch and not a large network:
vlan 207
interface vlan 207
ip address 192.168.1.2 255.255.255.0
exit
If necessary, you can specify a gateway so that the switch can be seen from other networks (for example, on a network 192.168.1.0/24 it can be seen even without a gateway since it is assigned an IP address 192.168.1.2):
ip default-gateway 192.168.1.1
Configure 25 incoming Uplink port (vlan 207 for control with tag, and vlan 226 for users with tag too):
interface gigabitEthernet 0/1
switchport trunk allowed vlan 207,226
switchport mode trunk
no shutdown
exit
Specify vlan 226 without a tag for client ports:
interface range fastEthernet 0/1-24
switchport access vlan 226
switchport mode access
no shutdown
exit
Disable automatic port switching to access or trunk mode:
interface range fastEthernet 0/1-24
switchport nonegotiate
exit
Port 26 is also configured for clients:
interface gigabitEthernet 0/2
switchport access vlan 226
switchport mode access
no shutdown
exit
I also described how to configure ports in this article:
Configuring ports in Cisco switches
Configure an access-list with a list of IP addresses from which it will be allowed to control the switch:
ip access-list standard 11
permit 192.168.1.1
permit 192.168.1.50
exit
Set the password for logging in via telnet, specify the timeout of the session and specify the created access-list to allow only the IP addresses specified in it to be managed:
line vty 0 4
login
password PASSWORD
exec-timeout 5 0
access-class 11 in
exit
line vty 0 15
password PASSWORD
login
exec-timeout 5 0
access-class 11 in
exit
Configure SNMP (11 means access-list number, public – password for SNMP access, RO (read-only access)):
snmp-server community public RO 11
Set up the time synchronization with the NTP server and the update period in seconds:
ntp server 192.168.1.1 version 2 source vlan 207
ntp clock-period 36028811
ntp max-associations 1
service timestamps log datetime localtime
Optionally, you can disable the web interface:
no ip http server
Any of the commands will save the configuration:
copy running-config startup-config
write
An example of viewing the current configuration and saved:
show running-config
show running-config interface gigabitEthernet 0/1
show configuration
You can see the device uptime with the command:
show version