On the test I will configure Cisco Catalyst WS-C3750-48TS-S with firmware 12.2(55)SE3.
Connect to the switch using the console cable.
From Windows, you can use the Putty program, from Linux, you can use Minicom.
When you first connect if you ask questions – answer “no”.
Go to configuration mode:
enable
configure terminal
Set the password to “enable”:
enable password TEXT
Enable storage of passwords in encrypted form:
service password-encryption
If you need to cancel any command, type it again by adding “no” before it, for example:
no service password-encryption
Optionally, you can specify the name of the device:
hostname TEXT
We configure the interface to manage the switch in a separate VLAN (I use 207), or in VLAN 1 if you have one switch, and not a large network:
vlan 207
interface vlan 207
ip address 192.168.1.2 255.255.255.0
exit
If necessary, you can specify the gateway so that the switch can be seen from other networks (for example, on the 192.168.1.0/24 network, you can see it without specifying the gateway):
ip default-gateway 192.168.1.1
Let’s configure the incoming Uplink port, it will be SFP first gigabit (vlan 207 with a tag for management and vlan 226 with a tag for users):
interface GigabitEthernet1/0/1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 207,226
switchport mode trunk
no shutdown
exit
Specify vlan 226 without a tag for client ports:
vlan 226
interface range FastEthernet1/0/1-48
switchport access vlan 226
switchport mode access
no shutdown
exit
We prohibit automatic switching of the port to access or trunk mode:
interface range FastEthernet1/0/1-48
switchport nonegotiate
exit
The remaining three gigabit SFP ports will also be configured for clients:
interface range GigabitEthernet1/0/2-4
switchport access vlan 226
switchport mode access
no shutdown
exit
I also described how to configure ports in this article:
Configuring ports in Cisco switches
Set up an access-list with a list of IP addresses from which the device will be allowed to manage:
ip access-list standard 11
permit 192.168.1.1
permit 192.168.1.50
exit
Set a password to log in via telnet, specify the timeout session and specify the created access-list to allow only the IP addresses specified in it to be managed:
line vty 0 4
password TEXT
login
exec-timeout 5 0
access-class 11 in
line vty 5 15
password TEXT
login
exec-timeout 5 0
access-class 11 in
exit
Configure SNMP (11 means access-list number):
snmp-server community TEXT ro 11
Set up the time synchronization with the NTP server and the update period in seconds:
ntp server 192.168.1.1 version 2 source vlan 207
ntp clock-period 36028811
ntp max-associations 1
service timestamps log datetime localtime
Optionally, you can disable the web interface:
no ip http server
Exit configuration mode and save the configuration:
exit
copy running-config startup-config
write
An example of viewing the current configuration and saved:
show running-config
show running-config interface gigabitEthernet 0/1
show configuration